Comando Switch 3com 4200 PDF

3Com® Switch 4200G Family
Command Reference Guide

Switch 4200G 12-Port
www.3Com.com
Part Number: 10014916 Rev. AD
Published: April, 2007
3Com Corporation Copyright © 2006-2007, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any
350 Campus Drive form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without
written permission from 3Com Corporation.
Marlborough, MA
3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time
USA 01752-3064 without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or
expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality,
and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s)
described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license agreement
included with the product as a separate document, in the hard copy documentation, or on the removable media in a
directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will
be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are provided to
you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense. Software is
delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item”
as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Com’s standard commercial
license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or
FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided
on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered
in other countries.
3Com and the 3Com logo are registered trademarks of 3Com Corporation.
Cisco is a registered trademark of Cisco Systems, Inc.
Funk RADIUS is a registered trademark of Funk Software, Inc.
Aegis is a registered trademark of Aegis Group PLC.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are
registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a
registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd.
IEEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers, Inc.
All other company and product names may be trademarks of the respective companies with which they are associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed
to:
Establishing environmental performance standards that comply with national legislation and regulations.
Conserving energy, materials and natural resources in all operations.
Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards.
Maximizing the recyclable and reusable content of all products.
Ensuring that all products can be recycled, reused and disposed of safely.
Ensuring that all products are labelled according to recognized environmental standards.
Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
CONTENTS
ABOUT THIS GUIDE

About This Software Version 3
Organization of the Manual 3
Intended Readership 3
Conventions 3
Related Manuals 4
Alphebetical Listing of Commands 5
ALPHABETICAL LISTING OF COMMANDS
COMMANDS
Commands 13
NUMERICSCOMMANDS BY FUNCTION
Commands by Function 845
2 CONTENTS
ABOUT THIS GUIDE
This guide describes the command line interface (CLI) configuration commands
used to control the 3Com Switch 4200G Family of switches.
About This Software The software in the 3Com Switch 4200G Family is a subset of that used in some
Version other 3Com products. Depending on the capabilities of your hardware platform,
some commands described in this guide may not be available on your Switch,
although the unavailable commands may still display on the command line
interface (CLI). If you try to use an unavailable command, an error message
displays.
CAUTION: Any command that displays on the CLI, but is not described in this
guide, is not supported in Version #.# software. 3Com only supports the
commands described in this guide. Other commands may result in the loss of data,
and are entered at the user’s risk.
Organization of the The 3Com Switch 4200G Family Command Reference Guide list all commands in
Manual alphabetical order. A index of commands organized by function is provided at the
end of this document.
Intended Readership The manual is intended for the following readers:

■ Network administrators
■ Network engineers
■ Users who are familiar with the basics of networking
Conventions This manual uses the following conventions:

Table 1 Icons
Icon Notice Type Description

Information note Information that describes important features or instructions.
Caution Information that alerts you to potential loss of data or

potential damage to an application, system, or device.
Warning Information that alerts you to potential personal injury.
4● 3Com Switch 4200G Family
Command Reference
Table 2 Text conventions
Convention Description
Screen displays This typeface represents text as it appears on the screen.
Keyboard key names If you must press two or more keys simultaneously, the key names are
linked with a plus sign (+), for example:
Press Ctrl+Alt+Del
The words “enter” When you see the word “enter” in this guide, you must type something,
and “type” and then press Return or Enter. Do not press Return or Enter when an
instruction simply says “type.”
Fixed command This typeface indicates the fixed part of a command text. You must type
text the command, or this part of the command, exactly as shown, and press
Return or Enter when you are ready to enter the command.
Example: The command display history-command must be entered
exactly as shown.
Variable This typeface indicates the variable part of a command text. You must type
command text a value here, and press Return or Enter when you are ready to enter the
command.
Example: in the command super level, a value in the range 0 to 3 must
be entered in the position indicated by level
{ x | y | ... } Alternative items, one of which must be entered, are grouped in braces
and separated by vertical bars. You must select and enter one of the items.
Example: in the command flow-control {hardware | none |
software}, the braces and the vertical bars combined indicate that you
must enter one of the parameters. Enter either hardware, or none, or
software.
[] Items shown in square brackets [ ] are optional.
Example 1: in the command display users [all], the square brackets
indicate that the parameter all is optional. You can enter the command
with or without this parameter.
Example 2: in the command user-interface [type] first-number
[last-number] the square brackets indicate that the parameters [type]
and [last-number] are both optional. You can enter a value in place of
one, both or neither of these parameters.
Alternative items, one of which can optionally be entered, are grouped in
square brackets and separated by vertical bars.
Example 3: in the command header [shell | incoming | login]

text, the square brackets indicate that the parameters shell,
incoming and login are all optional. The vertical bars indicate that only
one of the parameters is allowed.
Related Manuals The 3Com Switch 4200G Family Getting Started Guide provides information about
installation.
The 3Com Switch 4200G Family Configuration Guide provides information about
configuring your network using the commands described in this guide.
ALPHABETICAL LISTING OF
COMMANDS
Alphebetical Listing of This section lists all commands in alphabetical order.

Commands
access-limit 14 cd 60
accounting 15 cdup 61
accounting domain 16 cdup 62
accounting-on enable 17 check region-configuration 63
accounting optional 19 clock datetime 65
acl 21 clock summer-time 66
acl 22 clock timezone 68
active region-configuration 24 close 69
add-member 25 cluster 70
address-check 26 cluster enable 71
administrator-address 27 cluster-local-user 72
am user-bind 28 cluster-mac 73
apply qos-profile 29 cluster-mac syn-interval 74
apply qos-profile interface 30 cluster-snmp-agent community 75
arp check enable 31 cluster-snmp-agent group v3 77
arp static 32 cluster-snmp-agent mib-view in-
arp timer aging 34 cluded 79
ascii 35 cluster-snmp-agent usm-user v3 81
attribute 36 cluster switch-to 83
authentication 38 cluster switch-to sysname 84
authentication-mode 40 command-privilege level 86
authorization 42 copy 87
auto-build 43 copy configuration 88
auto-execute command 44 cut connection 89
binary 45 data-flow-format 91
black-list add-mac 46 databits 93
black-list delete-mac 47 debugging 94
boot attribute-switch 48 debugging 95
boot boot-loader 49 debugging arp packet 96
boot boot-loader 50 debugging dhcp client 97
boot boot-loader backup-attribute 51 debugging dhcp-relay 98
boot bootrom 52 debugging DLDP 100
boot web-package 53 debugging ntp-service 101
broadcast-suppression 54 debugging radius 102
build 55 debugging snmp-agent 103
bye 56 debugging udp-helper 104
bye 57 delete 105
cd 58 delete 107
cd 59 delete 108
6 ● Alphebetical Listing of Commands 3Com Switch 4200G Family
Command Reference
delete-member 109 display domain 169
delete static-routes all 110 display dot1x 171
description 111 display fib 175
description 112 display ftp-server 176
description 113 display ftp-user 177
description 114 display garp statistics 178
dhcp relay information enable 115 display garp timer 179
dhcp relay information strategy 116 display gvrp statistics 180
dhcp-security static 117 display gvrp status 181
dhcp-server 118 display habp 182
dhcp-server ip 119 display habp table 183
dir 120 display habp traffic 184
dir 122 display history-command 185
dir 124 display icmp statistics 186
disconnect 125 display igmp-snooping configura-
display acl 126 tion 188
display am user-bind 127 display igmp-snooping group 189
display arp 128 display igmp-snooping statistics 190
display arp count 130 display info-center 191
display arp timer aging 131 display interface 193
display boot-loader 132 display interface VLAN-interface
display boot-loader 133 196
display bootp client 134 display ip host 197
display brief interface 135 display ip interface vlan-interface
display channel 137 198
display clock 138 display ip routing-table 200
display cluster 139 display ip routing-table acl 201
display cluster base-topology 141 display ip routing-table ip-address
display cluster black-list 142 204
display cluster candidates 143 display ip routing-table ip-address1
display cluster current-topology 145 ip-address2 208
display cluster members 147 display ip routing-table ip-prefix
display connection 149 210
display cpu 151 display ip routing-table protocol 213
display current-configuration 152 display ip routing-table radix 215
display debugging 156 display ip routing-table statistics
display debugging habp 157 216
display device 158 display ip routing-table verbose 217
display dhcp client 159 display ip socket 218
display dhcp-security 160 display ip statistics 220
display dhcp-server 161 display isolate port 222
display dhcp-server interface display lacp system-id 223
vlan-interface 163 display link-aggregation interface
display dhcp-snooping 164 224
display dhcp-snooping 165 display link-aggregation summary
display dhcp-snooping trust 166 226
display dhcp-snooping trust 167 display link-aggregation verbose
display diagnostic-information 168 227
3Com Switch 4200G Family Alphebetical Listing of Commands ● 7
Command Reference
display local-server statistics 229 display radius 278
display local-user 230 display radius statistics 280
display logbuffer 232 display rmon alarm 282
display logbuffer summary 234 display rmon event 283
display-loopback-detection 235 display rmon eventlog 284
display mac-address 236 display rmon history 285
display mac-address aging-time 238 display rmon prialarm 286
display mac-address multicast static display rmon statistics 287
239 display rsa local-key-pair public 288
display mac-address security 240 display rsa peer-public-key 289
display mac-authentication 241 display saved-configuration 290
display memory 243 display schedule reboot 292
display mirroring-group 244 display snmp-agent 293
display ndp 246 display snmp-agent community 294
display ntdp 249 display snmp-agent group 295
display ntdp device-list 250 display snmp-agent mib-view 296
display ntdp single-device mac-ad- display snmp-agent statistics 298
dress 251 display snmp-agent sys-info 300
display ntp-service sessions 253 display snmp-agent trap-list 301
display ntp-service status 255 display snmp-agent usm-user 302
display ntp-service trace 256 display ssh server 303
display packet-filter 257 display ssh server-info 304
display port 258 display ssh user-information 305
display port-security 259 display startup 306
display port vlan-vpn 261 display stop-accounting-buffer 307
display protocol-priority 262 display stp 309
display qos cos-drop-prece- display stp region-configuration 311
dence-map 263 display tcp statistics 312
display qos cos-dscp-map 264 display tcp status 314
display qos cos-local-prece- display this 315
dence-map 265 display time-range 316
display qos dscp-cos-map 266 display trapbuffer 318
display qos dscp-drop-prece- display udp-helper server 319
dence-map 267 display user-interface 320
display qos dscp-dscp-map 268 display users 322
display qos dscp-local-prece- display users 323
dence-map 269 display version 324
display qos-interface all 270 display vlan 325
display qos-interface priority-trust display vlan 326
272 display voice vlan oui 328
display qos-interface traffic-limit display voice vlan status 329
273 domain 330
display qos-interface traffic-shape dot1x 332
274 dot1x authentication-method 334
display qos-interface traffic-statistic dot1x dhcp-launch 335
275 dot1x guest-vlan 336
display qos-profile 276 dot1x max-user 338
display queue-scheduler 277 dot1x port-control 340
Command Reference
dot1x port-method 342 info-center console channel 394
dot1x quiet-period 344 info-center enable 395
dot1x retry 345 info-center logbuffer 396
dot1x retry-version-max 346 info-center monitor channel 397
dot1x timer 347 info-center snmp channel 398
dot1x version-check 349 info-center source 399
duplex 351 info-center synchronous 403
enable snmp trap updown 352 info-center timestamp 404
end-station polling ip-address 353 info-center trapbuffer 405
execute 354 instance 406
exit 355 interface 408
file prompt 356 interface VLAN-interface 409
flow-control 357 ip address 410
format 358 ip address bootp-alloc 411
free user-interface 359 ip address dhcp-alloc 412
free web-users 360 ip host 413
ftp 361 ip http acl 414
ftp cluster 362 ip-pool 415
ftp server 363 ip route-static 416
ftp server enable 364 ip route-static 418
ftp timeout 365 jumboframe enable 420
garp timer 366 key 421
garp timer leaveall 368 lacp enable 423
get 369 lacp port-priority 424
get 370 lacp system-priority 425
gratuitous-arp learning enable 371 language-mode 426
gvrp 372 lcd 427
gvrp registration 373 level 428
habp enable 374 link-aggregation group description
habp server vlan 375 429
habp timer 376 link-aggregation group mode 430
header 377 local-server 431
help 379 local-user 433
history-command max-size 380 local-user password-display mode
holdtime 381 435
idle-cut 382 lock 436
idle-timeout 383 logging-host 437
igmp host-join vlan 384 loopback-detection control enable
igmp-snooping 385 438
igmp-snooping fast-leave 386 loopback-detection enable 439
igmp-snooping group-limit 387 loopback-detection interval-time
igmp-snooping group-policy 388 441
igmp-snooping host-aging-time 390 loopback-detection per-vlan enable
igmp-snooping max-response-time 442
391 ls 443
igmp-snooping router-aging-time ls 444
392 mac-address 445
info-center channel name 393 mac-address max-mac-count 447
Command Reference
mac-address max-mac-count 0 448 491
mac-address multicast interface vlan ntp-service broadcast-client 492
449 ntp-service broadcast-server 493
mac-address multicast vlan 450 ntp-service in-interface disable 494
mac-address security 451 ntp-service max-dynamic sessions
mac-address timer 452 495
mac-authentication 453 ntp-service multicast-client 496
mac-authentication authmode 455 ntp-service multicast-server 497
mac-authentication authpassword ntp-service reliable authentica-
456 tion-keyid 498
mac-authentication authusername ntp-service source-interface 499
457 ntp-service unicast-peer 500
mac-authentication domain 458 ntp-service unicast-server 502
mac-authentication timer 459 open 504
management-vlan 460 packet-filter 505
management-vlan synchronization packet-filter 506
enable 461 parity 507
mdi 462 passive 508
messenger 463 password 509
mirroring group 464 password 510
mirroring-group mirroring-port 465 peer-public-key end 511
mirroring-group reflector-port 466 ping 512
mirroring-group remote-probe vlan port 515
467 port access vlan 516
mirroring-port 468 port hybrid pvid vlan 517
mkdir 469 port hybrid vlan 518
mkdir 470 port isolate 519
mkdir 471 port link-aggregation group 520
monitor-port 472 port link-type 521
more 473 port-security enable 522
move 474 port-security intrusion-mode 523
name 475 port-security max-mac-count 525
name 476 port-security ntk-mode 527
nas-ip 477 port-security OUI 529
ndp enable 478 port-security port-mode 530
ndp timer aging 479 port-security timer disableport 533
ndp timer hello 480 port-security trap 534
nm-interface vlan-interface 481 port trunk pvid vlan 536
ntdp enable 482 port trunk permit vlan 537
ntdp explore 483 primary accounting 538
ntdp hop 484 primary authentication 540
ntdp timer 485 priority 542
ntdp timer hop-delay 486 priority trust 543
ntdp timer port-delay 487 protocol inbound 545
ntp-service access 488 protocol inbound 546
ntp-service authentication enable protocol-priority protocol-type 547
490 public-key-code begin 548
ntp-service authentication-keyid public-key-code begin 549
Command Reference
public-key-code end 550 reset traffic-limit 609
public-key-code end 551 reset traffic-statistic 610
put 552 reset trapbuffer 611
put 553 retry 612
pwd 554 retry realtime-accounting 613
pwd 555 retry stop-accounting 615
pwd 556 return 616
qos cos-drop-precedence-map 557 revision-level 617
qos cos-dscp-map 559 rmdir 618
qos cos-local-precedence-map 561 rmdir 619
qos dscp-cos-map 563 rmdir 620
qos dscp-drop-precedence-map 565 rmon alarm 621
qos dscp-dscp-map 567 rmon event 623
qos dscp-local-precedence-map 569 rmon history 624
qos-profile 571 rmon prialarm 625
qos-profile port-based 572 rmon statistics 628
queue-scheduler 573 rsa local-key-pair create 629
quit 575 rsa local-key-pair destroy 631
quit 576 rsa peer-public-key 632
quit 577 rsa peer-public-key 633
quit 578 rule (Advanced ACL) 634
radius nas-ip 579 rule (Basic ACL) 638
radius-scheme 580 rule comment 640
radius scheme 581 rule (Layer 2 ACL) 641
radius trap 583 save 643
reboot 584 schedule reboot at 645
reboot member 585 schedule reboot delay 647
region-name 586 scheme 648
remote-probe vlan 587 screen-length 650
remotehelp 588 secondary accounting 651
remove 589 secondary authentication 652
rename 590 security-policy-server 653
rename 591 self-service-url 654
rename 592 send 656
reset arp 593 server-type 657
reset counters interface 594 service-type 658
reset dot1x statistics 595 service-type 660
reset garp statistics 596 service-type multicast 662
reset igmp-snooping statistics 597 set authentication password 663
reset ip statistics 598 sftp 664
reset logbuffer 599 sftp server enable 666
reset ndp statistics 600 sftp time-out 667
reset radius statistics 601 shell 668
reset recycle-bin 602 shutdown 669
reset saved-configuration 603 shutdown 670
reset stop-accounting-buffer 605 smarton 671
reset stp 607 smarton password 672
reset tcp statistics 608 smarton switchid 673
Command Reference
smarton timer 674 stp interface loop protection 740
snmp-agent 675 stp interface mcheck 742
snmp-agent community 676 stp interface no-agreement-check
snmp-agent community 677 743
snmp-agent group 678 stp interface point-to-point 744
snmp-agent group 680 stp interface port priority 746
snmp-agent local-engineid 682 stp interface root-protection 748
snmp-agent log 683 stp interface transmit-limit 750
snmp-agent mib-view 684 stp loop-protection 752
snmp-agent packet max-size 685 stp max-hops 753
snmp-agent sys-info 686 stp mcheck 754
snmp-agent target-host 687 stp mode 755
snmp-agent trap enable 689 stp no-agreement-check 756
snmp-agent trap life 691 stp pathcost-standard 757
snmp-agent trap queue-size 692 stp point-to-point 759
snmp-agent trap source 693 stp port priority 761
snmp-agent usm-user 694 stp priority 762
snmp-agent usm-user 696 stp region-configuration 763
snmp-agent usm-user 698 stp root primary 764
snmp-agent usm-user 700 stp root-protection 766
snmp-host 702 stp root secondary 767
speed 703 stp tc-protection 769
speed 704 stp timer-factor 770
ssh client assign rsa-key 705 stp timer forward-delay 771
ssh client first-time enable 706 stp timer hello 773
ssh server authentication-retries 707 stp timer max-age 774
ssh server timeout 708 stp transmit-limit 775
ssh user assign rsa-key 709 super 776
ssh user authentication-type 710 super password 778
ssh user service-type 712 sysname 780
ssh2 713 sysname 781
startup bootrom-access enable 715 system-view 782
startup saved-configuration 716 tcp timer fin-timeout 783
state 717 tcp timer syn-timeout 784
state 720 tcp window 785
stop-accounting-buffer enable 722 telnet 786
stopbits 723 terminal debugging 787
stp 724 terminal debugging 788
stp bpdu-protection 725 terminal logging 789
stp bridge-diameter 726 terminal monitor 790
stp config-digest-snooping 727 terminal trapping 791
stp cost 729 tftp 792
stp edged-port 730 tftp cluster get 793
stp interface 732 tftp cluster put 794
stp interface config-digest-snooping tftp get 795
734 tftp put 796
stp interface cost 736 tftp-server 797
stp interface edged-port 738 tftp-server acl 798
Command Reference
time-range 799 user-interface 822
timer 801 user-name-format 823
timer 802 user privilege level 824
timer quiet 803 verbose 825
timer realtime-accounting 804 virtual-cable-test 826
timer response-timeout 806 vlan 828
topology accept 807 vlan-assignment-mode 830
topology restore-from 808 vlan-mapping modulo 832
topology save-to 809 vlan-vpn enable 834
tracemac 810 vlan-vpn tpid 835
tracert 811 vlan-vpn tunnel 836
traffic-limit 813 vlan-vpn uplink enable 837
traffic shape 815 voice vlan 838
traffic-statistic 816 voice vlan aging 839
udp-helper enable 817 voice vlan enable 840
udp-helper port 818 voice vlan mac-address 841
udp-helper server 819 voice vlan mode 842
undelete 820 voice vlan security enable 843
user 821
COMMANDS
Commands The commands in this document are listed in alphabetical order.

14 ● access-limit 3Com Switch 4200G Family
Command Reference
access-limit
Purpose Use the access-limit command to set the maximum number of access users that
can be contained in current ISP domain.
Use the undo access-limit command to restore the default maximum number.
Syntax access-limit { disable | enable max-user-number }
undo access-limit
Parameters disable Specifies not to limit the number of access users that
can be contained in current ISP domain.
If not specified, disable is selected by default.
enable max-user-number Specifies the maximum number of access users that
can be contained in current ISP domain. Valid values
are 1 to 1048.
Example To allow ISP domain aabbc.net to contain at most 500 access users, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G]domain aabbc.net
New Domain added.
[S4200G-isp-aabbcc.net] access-limit enable 500
View This command can be used in the following views:
■ ISP Domain view
Description This command limits the amount of supplicants contained in the current ISP domain.
Because resource contention may occur between access users, there is a need to
properly limit the number of access users in an ISP domain to provide reliable
performance to the users in the ISP domain.
3Com Switch 4200G Family accounting ● 15
Command Reference
accounting
Purpose Use the accounting command to configure an accounting scheme for the current
ISP domain.
Use the undo accounting command to cancel the accounting scheme

configuration of the current ISP domain.
Syntax accounting { none | radius-scheme radius-scheme-name }
undo accounting
Parameters none Specifies not to perform accounting.

radius-scheme-name Name of a RADIUS scheme, consisting of a character
string no more than 32 characters long.
Default By default, no accounting scheme is configured for the ISP domain.
Example To specify “radius” as the RADIUS accounting scheme that will be referenced by
current ISP domain, enter the following:
[S4200G] domain aabbcc.net
New Domain added.
■ ISP Domain view
Description When you use the accounting command to specify a RADIUS scheme for the
current ISP domain, the RADIUS scheme must already be defined.
If the accounting command is used in an ISP domain view, the system uses the
scheme specified in this command to charge the users. Otherwise, the system uses
the scheme specified in the scheme command to charge the users.
Related Command ■ scheme

■ radius scheme
16 ● accounting domain 3Com Switch 4200G Family
Command Reference
accounting domain
Purpose Use the accounting domain command to enable the DHCP accounting function.
Use the undo accounting domain command to disable the DHCP accounting
function.
Syntax accounting domain domain-name
undo accounting domain
Parameters domain-name Name of a domain, consisting of a string from 1 to 24

characters long. (You can use the domain command to
create a domain.)
Example Enter system view.
Enter DHCP address pool view.
[S4200G] dhcp server ip-pool test
Enable the DHCP accounting function (assuming that domain 123 already exists).
[S4200G-dhcp-pool-test] accounting domain 123
■ DHCP Address Pool view

3Com Switch 4200G Family accounting-on enable ● 17
Command Reference
accounting-on enable
Purpose Use the accounting-on enable command to enable user re-authentication upon
device restart function.
Use the undo accounting-on enable command to disable user

re-authentication upon device restart function and restore the default interval and the
number of attempts to transmit the Accounting-On packet.
Use the undo accounting-on send command to restore the default maximum
number of attempts to transmit the Accounting-On packet.
Use the undo accounting-on interval command to restore the default

transmit of the Accounting-On packet.
Syntax accounting-on enable [ send times | interval interval ]
undo accounting-on { enable | send | interval }
Parameters times Specifies the number of times to attempt sending the

Accounting-On packet, ranging from 1 to 256. If not
specified, the default is 15 times.
interval Specifies the interval at which to send the
Accounting-On packet, ranging from 1 to 30 seconds.
If not specified, the default is 3 seconds.
Default By default, this feature is disabled.
Example To enable the user re-authentication upon device restart function for the RADIUS
scheme named CAMS, enter the following:
[S4200G] radius scheme CAMS
[S4200G-radius-CAMS] accounting-on enable
■ RADIUS Scheme view
Description The purpose of this feature is to resolve the following problem: users cannot re-log
onto the network after the switch reboots because they are already online. After this
feature is enabled, every time the switch reboots:
■ The switch generates an Accounting-On packet, which mainly contains the

following information: NAS-ID, NAS-IP (source IP address), and session ID.
■ The switch sends the Accounting-On packet to the CAMS at regular intervals.
18 ● accounting-on enable 3Com Switch 4200G Family
Command Reference
■ Once the CAMS receives the Accounting-On packet, it sends a response to the
switch. At the same time it finds and deletes the existing online information of the
user who was accessing the network through the switch before the reboot based
on the NAS-ID, NAS-IP and session ID contained in the Accounting-On packet, and
ends the charging of the user according to the last accounting update packet.
■ Once the switch receives the response from the CAMS, it stops sending other
Accounting-On packets.
■ If the switch has tried the set maximum times to transmit the Accounting-On
packet but still does not receive any response from the CAMS, it stops the sending
of the Accounting-On packet.
Note: The switch can automatically generate the main attributes (NAS-ID, NAS-IP and
session ID) of the Accounting-On packets. However, you can also manually configure
the NAS-IP attribute with the nas-ip command. When doing this, be sure to
configure a correct and valid IP address. If this attribute is not configured manually,
the switch will automatically select the IP address of the VLAN interface as the NAS-IP
address.
Related Command nas-ip

3Com Switch 4200G Family accounting optional ● 19
Command Reference
accounting optional
Purpose Use the accounting optional command to open the accounting-optional switch.
Use the undo accounting optional command to close the accounting-optional

switch.
Syntax accounting optional
undo accounting optional
Parameters None
Default By default, the accounting-optional switch is closed.
Example To open the accounting-optional switch for the ISP domain named aabbcc.net, enter
the following:
New Domain added.
[S4200G-isp-aabbcc.net] accounting optional
To open the accounting-optional switch for the RADIUS scheme radius1, enter the
following:
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] accounting optional
■ ISP Domain view

Description Note:
■ When the system charges an online user but it does not find any available RADIUS
accounting server or fails to communicate with any RADIUS accounting server, the
user can continue the access to network resources if the accounting
optional command has been used, otherwise the user is disconnected from the
system. The accounting optional command is often used in the cases
where only authentication is needed and no accounting is needed.
20 ● accounting optional 3Com Switch 4200G Family
Command Reference
■ After the accounting optional command is used for a RADIUS scheme, the
system will no longer send real-time accounting update packets and
stop-accounting packets for any user in an ISP domain referencing the RADIUS
scheme.
■ This configuration takes effect only on the accounting using this RADIUS scheme.
3Com Switch 4200G Family acl ● 21
Command Reference
acl
Purpose Use the acl command to reference ACL and implement the ACL control to the
TELNET users.
Use the undo acl command to remove the control from the TELNET users.
Syntax acl acl-number { inbound | outbound }
undo acl { inbound | outbound }
Parameters acl-number The number identifier of basic and advanced

number-based ACLs. Valid values are 2000 to 3999.
inbound Performs ACL control to the users who access the local
Switch using TELNET.
outbound Performs ACL control to the users who access other
Switches from the local Switch using TELNET.
Example Apply ACL 2000 to filter users Telneting to the current switch (assuming that ACL
2,000 already exists.).
[S4200G] user-interface vty 0 4
[S4200G-ui-vty0-4] acl 2000 inbound
■ User Interface view

22 ● acl 3Com Switch 4200G Family
Command Reference
acl
Purpose Use the acl command to define an ACL identified by a number, and enter the
corresponding ACL View.
Use the undo acl command to delete all entries of an ACL or to delete all ACLs.
Syntax acl number acl-number [ match-order { config | auto } ]
undo acl { number acl-number | all }
Parameters number acl-number Specifies the number of an access control list (ACL) in
the range of:
2,000 to 2,999: identifies basic ACLs.
3,000 to 3,999: identifies advanced ACLs.
4,000 to 4,999: identifies layer 2 ACLs.
match-order Specifies the match order for the ACL rules. The
match-order keyword is not available for the definition
of a Layer 2 ACL. Match orders include config and
auto.
config Specifies to match ACL rules according to the
user-defined order.
auto Specifies to match ACL rules according to the
"depth-first" order.
all Specifies to delete all ACLs.
Default By default, the ACLs are matched in config order.
Example Define rules for ACL 2000, and specify "depth-first" order as the rule match order.
[S4200G] acl number 2000 match-order auto
[S4200G-acl-basic-2000]
■ System view
Description After entering the corresponding ACL view, you can use the rule command to add
entries to the ACL.
An ACL supports the following types of match orders:

3Com Switch 4200G Family acl ● 23
Command Reference
■ Configured order: ACL rules are matched according to the configured order.
■ Automatic ordering: ACL rules are matched according to the "depth-first" order
The "depth-first" ordering of rules in IP ACLs (basic and advanced ACLs) is

implemented based on the lengths of the source IP address masks and the destination
IP address masks. The rule with the longest masks is first matched, and then comes
the rule with the second longest masks, and so on. In the ordering, the lengths of the
source IP address masks are compared first; if the source IP address masks have the
same length, the lengths of the destination IP address masks are compared. For
example, the rule of which the source IP address mask is 255.255.255.0 precedes the
rule of which the source IP address mask is 255.255.0.0 in the match order.
You can use the match-order keyword to specify whether to use the configured order
or "depth-first" order (rules with smaller ranges are matched first) to match rules. If
neither match orders are specified, the configured match order will be adopted.
You cannot modify the match order for an ACL once you have specified it, unless you
delete all the entries of the ACL.
The ACL match order feature is effective only when the ACL is referenced by software
for data filtering and traffic classification.
Related Command rule

24 ● active region-configuration 3Com Switch 4200G Family
Command Reference
active region-configuration
Purpose Use the active region-configuration command to activate the settings of

an MST (multiple spanning tree) region.
Syntax active region-configuration
Parameters None
Example To activate the MST region settings, enter the following:
[S4200G] stp region-configuration
[S4200G-mst-region] active region-configuration
■ MST Region view
Description This command causes the switch to operate with the new MST region settings, when
spanning trees are regenerated.
Changes of MST region parameters, especially those of the VLAN mapping tables, can
cause MSTP to recalculate the spanning trees, creating network topology jitters across
the network. To reduce network topology jitters caused by configuration changes,
MSTP does not recalculate the spanning trees immediately in response to region
configuration changes. Rather, MSTP brings the configurations into effect only after
you activate the new MST region settings or enable MSTP.
Related Commands ■ check region-configuration

■ instance
■ region-name
■ revision-level
■ vlan-mapping modulo
3Com Switch 4200G Family add-member ● 25
Command Reference
add-member
Purpose Use the add-member command to add a candidate device to a cluster.
Syntax add-member [ member-number] mac-address H-H-H [ password password ]
Parameters member-number Member number assigned to the candidate device to

be added to a cluster. This argument ranges from 1 to
256.
H-H-H MAC address of the candidate device (in hexadecimal).
password Password of the candidate device, a string comprising
1 to 256 characters. The password is required when
you add a candidate device to a cluster. However, this
argument is not needed if the candidate device is not
configured with a password.
Example Add a candidate device to the cluster, setting the member number to 6. (Assume that
the MAC address and user password of the candidate device are 00E0-fc00-35e7 and
123456.)
<aaa_0.S4200G>system-view
[aaa_0.S4200G-cluster]
[aaa_0.S4200G-cluster] add-member 6 mac-address 00E0-fc00-35e7 password
123456
■ Cluster view
Description Use the add-member command to add a candidate device to a cluster.
You can add a candidate device to a cluster on the management device only.
If you do not specify the member number when adding a cluster member, the
management device assigns the least available member number to it.
After a candidate device is added to a cluster, its device password becomes the
management device password.
26 ● address-check 3Com Switch 4200G Family
Command Reference
address-check
Purpose Use the address-check command to enable or disable DHCP relay security on a
VLAN interface, so as to start or stop the validity check on user addresses under the
VLAN interface.
Syntax address-check enable
address-check disable
Parameters None
Default By default, DHCP relay security is disabled on a VLAN interface.
Enter VLAN 1 interface view.
[S4200G] interface vlan-interface 1
Enable DHCP relay security on VLAN 1 interface.
[S4200G-Vlan-interface1] address-check enable
■ VLAN Interface view

3Com Switch 4200G Family administrator-address ● 27
Command Reference
administrator-address
Purpose Use the administrator-address command to store the MAC address of the
management device on a member device.
Use the undo administrator-address command to remove a member from

the cluster, usually for debugging or restoration.
Syntax administrator-address mac-address name name
undo administrator-address
Parameters mac-address MAC address of the management device.

name name Name of an existing cluster consisting of no more than
8 characters, including only alphanumeric characters,
subtraction sign “-” and/or underline “_”
Default By default, a switch is not in any cluster.
Example Remove a member device from the cluster.
<S4200G>system-view
System View: return to User View with Ctrl+Z
[S4200G] cluster
[S4200G-cluster] undo administrator-address
■ Cluster view
Description A cluster contains one (and only one) management device. After rebooting, a
member device identifies the management device by the MAC address of the
management device.
The recommended way to remove a cluster member from a cluster is to execute the
delete-member command on the management device.
28 ● am user-bind 3Com Switch 4200G Family
Command Reference
am user-bind
Purpose Use the am user-bind command to bind the MAC and IP addresses of a legal user
to a specified port.
Use the undo am user-bind command to cancel the binding.
Syntax am user-bind mac-addr mac-address ip-addr ip-address

[ interface interface-type interface-number ]
undo am user-bind mac-addr mac-address ip-addr ip-address

[ interface interface-type interface-number ]
Parameters mac-address MAC address to be bound.

ip-address IP address to be bound.
interface-type Type of the port to be bound to.
interface-number Number of the port to be bound to.
Example Bind the legal user whose MAC address is 00e0-fc00-3900 and IP address is
10.153.1.1 to GigabitEthernet1/0/2 port.
[S4200G] am user-bind mac-addr 00e0-fc00-5100 ip-addr 10.153.1.1
interface GigabitEthernet1/0/2
■ System view
■ Ethernet Port view
Description After a binding operation, only the valid user's packets can pass through the port.
■ You need to specify the bound port if you use this command in system view.
■ You do not need to specify the bound port if you use this command in Ethernet
port view, because the MAC and IP address will be bound to the current port.
You can bind up to 128 pairs of MAC and IP addresses on a unit. The system allows
only one binding operation for the same MAC address.
3Com Switch 4200G Family apply qos-profile ● 29
Command Reference
apply qos-profile
Purpose Use the apply qos-profile command to manually apply the QoS profile to the
current port.
Use the undo apply qos-profile command to manually remove the QoS profile
from a port.
Syntax apply qos-profile profile-name
undo apply qos-profile profile-name
Parameters profile-name Specifies the QoS profile name, consisting of a string 1

to 32 characters long, starting with letters [a-z, A-Z]
and excluding the reserved keywords (for example; all,
interface, user, undo, user-based, and port-based)
Example To apply the qos-profile named h3c on the current port manually, enter the following:
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] apply qos-profile h3c
Description You cannot delete a QoS profile which has been applied to a port. Likewise a profile
has to be created before it can be assigned to a port.
30 ● apply qos-profile interface 3Com Switch 4200G Family
Command Reference
apply qos-profile interface
Purpose Use the apply qos-profile interface command to manually apply a QoS profile
to one or more consecutive ports.
Use the undo apply qos-profile command to manually remove the configuration
from one or more consecutive ports.
Syntax apply qos-profile profile-name interface interface-type interface-num

[ to interface interface-type interface-num ]
undo apply qos-profile profile-name interface interface-type

interface-num [ to interface interface-type interface-num ]
Parameters profile-name Specifies the QoS profile name, consisting of a string 1

to 32 characters long, starting with letters [a-z, A-Z]
and excluding the reserved keywords (for example; all,
interface, user, undo, user-based, and port-based).
interface interface-type
interface-num [ to
interface-num ] Specifies the range of ports. The beginning interface
interface-type interface-num specifies the beginning
port and the one in the end specifies the end port.
Example To apply profile named h3c on GigabitEthernet1/0/1 to GigabitEthernet1/0/4

manually, enter the following:
[S4200G] apply qos-profile h3c interface gigabitethernet1/0/1 to
gigabitethernet1/0/4
■ System view
Description You cannot delete the specific QoS profile that has been applied to the port.
3Com Switch 4200G Family arp check enable ● 31
Command Reference
arp check enable
Purpose Use the arp check enable command to enable the ARP entry checking function,
that is, to disable a switch from creating multicast MAC address ARP entries for MAC
addresses learned.
Use the undo arp check enable command to disable the ARP entry checking
function. In this case, a switch creates multicast MAC address ARP entries for MAC
addresses learned.
Syntax arp check enable
undo arp check enable
Parameters None
Default By default, the checking of ARP entry is enabled and the device does not learn the
ARP entry where the MAC address is a multicast MAC address.
Example To configure to create multicast MAC address ARP entries for MAC addresses learned,
enter the following:
[S4200G] undo arp check enable
■ System view
32 ● arp static 3Com Switch 4200G Family
Command Reference
arp static
Purpose Use the arp static command to configure the static ARP mapping entries in the ARP
mapping table.
Use the undo arp ip_address command to remove a ARP mapping entry from the
ARP table.
Syntax arp static ip_address mac_address [ vlan_id interface_type

interface_number }]
undo arp ip_address
Parameters ip_address Specifies the IP address of the ARP mapping entry.

mac_address Specifies the MAC address of the ARP mapping entry,
in the format H-H-H, where H indicates a four digit
hexadecimal number, for example 00e0-fc01-0000.
vlan_id Specifies the ID number of the local VLAN that you
want to use to associate with the ARP mapping entry.
Valid values for the VLAN ID are 1 to 4094.
interface_type Specifies the type of the port that you want to use to
send frames to this address. This parameter be entered
if a VLAN ID is specified.
interface_number Specifies the number of the port that you want to use
to send frames to this address. This parameter must be
entered if a VLAN ID is specified.
Default By default, the ARP mapping table is empty, and the Switch uses dynamic ARP to
maintain its address mapping.
Example To Create a static ARP mapping entry, with the IP address of 202.38.10.2, the MAC
address of 00e0-fc01-0000. The ARP mapping entry belongs to GigabitEthernet1/0/1
port (assuming that GigabitEthernet1/0/1 port belongs to VLAN1), enter following:
[S4200G] arp static 202.38.10.2 00e0-fc01-0000 1 GigabitEthernet1/0/1
■ System view
3Com Switch 4200G Family arp static ● 33
Command Reference
Description The system ARP mapping table is empty when a switch is just started. And the
dynamic address mapping entries are generated by ARP.
Note:
■ Static ARP mapping entries are valid as long as the Ethernet switch operates.
However, an ARP mapping entry is removed if the corresponding VLAN is
removed. By default, a dynamic ARP mapping entry remains valid for 20 minutes.
■ As for the arp static command, the value of the vlan-id argument must be
the ID of an existing VLAN, and the port identified by the interface-type and
interface-number arguments must belong to the VLAN.
Related Commands ■ reset arp

■ display arp
■ debugging arp packet
34 ● arp timer aging 3Com Switch 4200G Family
Command Reference
arp timer aging
Purpose Use the arp timer aging command to configure the aging time for dynamic ARP
mapping entries.
Use the undo arp timer aging command to restore the default aging time.
Syntax arp timer aging aging-time
undo arp timer aging
Parameters aging-time Specifies the aging time (in minutes) of the dynamic
ARP mapping entries. Valid values are from 1 to 1,440.
Default The defaults is 20 minutes.
Example To Configure the aging time to be 10 minutes, enter the following:
[S4200G] arp timer aging 10
■ System view
Related Command arp timer aging

3Com Switch 4200G Family ascii ● 35
Command Reference
ascii
Purpose Use the ascii command to configure data transmission mode as ASCII mode.
Syntax ascii
Parameters None
Default By default, the file transmission mode is ASCII mode.
Example Enter FTP client view.
<S4200G> ftp 2.2.2.2

Trying ...
Press CTRL+K to abort
Connected.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(none):switch
331 Give me your password, please
Password:*****
230 Logged in successfully
[ftp]
Specify to transfer files in ASCII mode.
[ftp] ascii
200 Type set to A.
■ FTP Client view
Description Perform this command if the user needs to change the file transmission mode to
default mode.
36 ● attribute 3Com Switch 4200G Family
Command Reference
attribute
Purpose Use the attribute command to configure attributes of a user whose service type is
lan-access.
Use the undo attribute command to cancel the attributes that have been defined
for this user.
Syntax attribute { ip ip-address | mac mac-address | idle-cut second |

access-limit max-user-number | vlan vlan-id |
location { nas-ip ip-address port port-number | port port-number }
undo attribute { ip | mac | idle-cut | access-limit | vlan | location }
Parameters ip ip-address Specifies the IP address of a user.

mac mac-address Specifies the MAC address of a user. Where,
mac-address takes on the hexadecimal format of
HHHH-HHHH-HHHH-HHHH.
idle-cut second Allows the local users to enable the idle-cut function.
The argument second defines the idle time before
cutting down. Valid values are 60 to 7200 seconds.
access-limit
max-user-number Specifies the maximum number of users who access
the switch using the current user name. Valid values
for max-user-number are 1 to 1024.
vlan vlan-id Sets the VLAN attribute of user, in other words, the
VLAN to which a user belongs. Valid values for
vlan-id are 1 to 4094.
location Sets the port binding attribute of user.
nas-ip ip-address Sets the IP address of the access server to which the
user is bound. ip-address is an IP address in dotted
decimal format and defaults to 127.0.0.1. nas-ip
must be defined for a user bound with a remote port.
port port-number Sets the port to which a user is bound. port-number
is specified in the following format:
device ID/slot number/port number
The device ID ranges from 1 to 8. The slot number
ranges from 0 to 15 (if the bound port has no slot
number, input 0). The port number ranges from 1 to
255.
If any of these three items is absent, the value 0 will be
used to replace it.
3Com Switch 4200G Family attribute ● 37
Command Reference
Example To set the IP address of user1 to 10.110.50.1, enter the following:
[S4200G] local-user user1
New local user added.
[S4200G-luser-user1] attribute ip 10.110.50.1
■ Local User view
Related Command display local-user

38 ● authentication 3Com Switch 4200G Family
Command Reference
authentication
Purpose Use the authentication command to configure an authentication scheme for the
current ISP domain.
Use the undo authentication command to restore the default authentication

scheme of the current ISP domain.
Syntax authentication { radius-scheme radius-scheme-name [ local ] | local |

none }
undo authentication
Parameters radius-scheme
radius-scheme-name Specifies a RADIUS authentication scheme.
local Specifies to use local authentication scheme.
none Specifies not to perform authentication.
Default By default, no separate authentication scheme is configured.
Example To Specify “radius” as the RADIUS authentication scheme to be referenced by the ISP
domain aabbcc.net, enter the following:
New Domain added.
[S4200G-isp-aabbcc.net] authentication radius-scheme radius
To specify “rd” as the RADIUS authentication scheme to be referenced by the ISP

domain aabbcc, and the local scheme as the secondary authentication scheme, enter
the following:
[S4200G] domain aabbcc
New Domain added.
[S4200G-isp-aabbcc] authentication radius-scheme rd local
■ ISP Domain view

3Com Switch 4200G Family authentication ● 39
Command Reference
Description Before you use the authentication command to specify a RADIUS scheme to be
referenced by the current ISP domain, the specified RADIUS scheme must has already
been defined.
■ After the authentication radius-scheme radius-scheme-name

local command is executed, the local scheme is used as the secondary
authentication scheme in case the RADIUS server does not respond normally. That
is, if the communication between the switch and the RADIUS server is normal, no
local authentication is performed; otherwise, local authentication is performed.
■ After the authentication local command is executed, the local scheme is
used as the primary scheme. In this case, only local authentication is performed.
After the authentication none command is executed, no authentication is
performed.
■ After the authentication command is executed in an ISP domain view, the
system uses the authentication scheme specified in the command to authenticate
the users in the domain. Otherwise the system uses the scheme specified in the
scheme command to authenticate the users.

■ radius scheme
40 ● authentication-mode 3Com Switch 4200G Family
Command Reference
authentication-mode
Purpose Use the command authentication-mode to specify the authentication mode.
Use the command authentication-mode password to prompt a user for local

password authentication at login.
To set the password, use set authentication password.
Use the command authentication-mode scheme to prompt a user to provide local

or remote user name and password authentication at login.
Use the command authentication-mode none to allow a user to log in without

username or password authentication.
Syntax authentication-mode { password | scheme | none }
Parameters password Authenticates users using the local password.

scheme Authenticates users locally or remotely using
usernames and passwords.
none Does not authenticate users.
Default By default, users logging in through the Console port are not authenticated, whereas
modem users and Telnet users are authenticated.
Example Configure to authenticate users using the local password.
[S4200G] user-interface aux0
[S4200G-ui-aux0] authentication-mode password
Description This command configures the authentication method for a user at log in.
■ If you specify the password keyword to authenticate users using the local
password, remember to set the local password using the set authentication
password { cipher | simple } password command.
■ If you specify the scheme keyword to authenticate users locally or remotely using
usernames and passwords, the actual authentication mode depends on other
related configuration. Refer to the Security module of this manual for more.
3Com Switch 4200G Family authentication-mode ● 41
Command Reference
The type of the authentication depends on your network configuration. For further
information, see “AAA and RADIUS”.
42 ● authorization 3Com Switch 4200G Family
Command Reference
authorization
Purpose Use the authorization none command to allow users in the current ISP domain
to use network services without being authorized.
Use the undo authorization command to restore the default authorization

scheme of the ISP domain.
Syntax authorization none
undo authorization
Parameters None
Default By default, no separate authorization scheme is configured.
Example Allow users in current ISP domain to access the network services without being
authorized.
New Domain added.
[S4200G-isp-aabbcc.net] authorization none
■ ISP Domain view

■ radius scheme
3Com Switch 4200G Family auto-build ● 43
Command Reference
auto-build
Purpose Use the auto-build command to create a cluster automatically.
Syntax auto-build [ recover ]
Parameters recover Establishes communication with all the member

devices again.
Example Set up a cluster automatically.
<S4200G>system-view
[S4200G] cluster
[S4200G-cluster] auto-build
■ Cluster view
Description This command can be executed on a candidate device or a management device.
When you use this command on a candidate device, you are required to input a
cluster name to create a cluster. Then the cluster collects candidates through NTDP
and adds them to the cluster upon your confirmation.
When you use this command on a management device, the system will collect
candidates directly.
Argument recover is used to recover a cluster. Using the auto-build recover

command, you can find the members that left the member list and add them to the
cluster again.
Note:
Ensure that NTDP is enabled, because it is the basis of candidate and member
collection. The collection range is also decided through NTDP. You can use the hop
command to modify the collection range.
If a member is configured with an enable-password different from the password of

the management device, it cannot be added to a cluster automatically.
44 ● auto-execute command 3Com Switch 4200G Family
Command Reference
auto-execute command
Purpose Use the auto-execute command command to set the command that is executed
automatically after a user logs in.
Use the undo auto-execute command command to disable the specified

command from being automatically executed
Syntax auto-execute command text
undo auto-execute command
Parameters text Specifies that the command be run automatically.
Default By default, auto-execute is disabled.
Example Configure the telnet 10.110.100.1 command to be executed automatically after users
log into VTY 0.
[S4200G] user-interface vty0
[S4200G-ui-vty0] auto-execute command telnet 10.110.100.1
Description Normally, the telnet command is specified to be executed automatically to enable the
user to Telnet to a specific network device automatically.
CAUTION:
■ The auto-execute command command may cause you unable to perform
common configuration in the user interface, so use it with caution.
■ Before executing the auto-execute command command and save your
configuration, make sure you can log into the switch in other modes and cancel
the configuration.
3Com Switch 4200G Family binary ● 45
Command Reference
binary
Purpose Use the binary command to specify that files be transferred in binary mode. That is,
data is transferred in binary streams.
Syntax binary
Parameters None
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Specify to transfer files in binary mode.
[ftp] binary
200 Type set to I.
■ FTP Client view

46 ● black-list add-mac 3Com Switch 4200G Family
Command Reference
black-list add-mac
Purpose Use the black-list add-mac command to add a device into the blacklist.
Syntax black-list add-mac mac-address
Parameters mac-address The MAC address of the device that will be added into
the blacklist, in the format of H-H-H.
Example Add a device into the blacklist.
<S4200G>system-view
[S4200G] cluster
[S4200G-cluster] black-list add-mac 0ec0-fc00-0001
■ Cluster view
Description This command can be executed only on the management device.

3Com Switch 4200G Family black-list delete-mac ● 47
Command Reference
black-list delete-mac
Purpose Use the black-list delete-mac command to delete a device from the blacklist.
Syntax black-list delete-mac { all | mac-address }
Parameters mac-address The MAC address of the device that will be deleted
from the blacklist, in the format of H-H-H.
Example Delete a device from the blacklist.
<S4200G>system-view
[S4200G] cluster
[S4200G-cluster] black-list delete-mac 0ec0-fc00-0001
Delete all the devices from the blacklist.
[S4200G-cluster] black-list delete-mac all
■ Cluster view

48 ● boot attribute-switch 3Com Switch 4200G Family
Command Reference
boot attribute-switch
Purpose Use the boot attribute-switch command to switch between the main and
backup attribute for all the files or a specified type of files. This changes a file with the
main attribute to one with the backup attribute, or vice versa.
Syntax boot attribute-switch { all | app | configuration | web }
Parameters all Specifies all files, including App, configuration, and

Web files.
app Specifies App files.
configuration Specifies configuration files.
web Specifies Web files.
Example Switch the attributes of all the files on the switch.
<S4200G>boot attribute-switch all

The boot, web and configuration file's backup-attribute and
main-attribute will exchange.
Are you sure? [Y/N]
Before pressing ENTER you must choose 'YES' or 'NO'[Y/N]:y
The boot, web and configuration file's backup-attribute and
main-attribute exchanged successfully on unit 1!
■ User view
Description This command changes a file with the main attribute to one with the backup
attribute, or vice versa.
Note:
■ An app file is an executable file, with bin as the extension.
■ A configuration file is used to store and restore configuration, with cfg as the
extension.
■ A Web files is used for Web-based network management, with web as the
extension.
3Com Switch 4200G Family boot boot-loader ● 49
Command Reference
boot boot-loader
Purpose Use the boot boot-loader command to configure an app file to be of the main
attribute. The app file specified by this command becomes the main startup file when
the device starts the next time.
Syntax boot boot-loader file-url
Parameters file-url Path name or file name of an App file in the flash
memory, consisting of a character string from 1 to 64
characters long.
Example Configure the file named boot.bin to be of the main attribute.
<S4200G>boot boot-loader boot.bin

The specified file will be booted next time on unit 1!
■ User view
Description The app file specified by this command becomes the main startup file when the
device starts the next time.
CAUTION:
Make sure the app file to be specified as the most preferred startup file exists before
executing this command.
50 ● boot boot-loader 3Com Switch 4200G Family
Command Reference
boot boot-loader
Purpose Use the boot boot-loader command to specify the host software that will be
adopted when the current switch or a specified switch in the fabric reboots next time.
Syntax boot boot-loader [ backup-attribute ] { file-url | device-name }
Parameters backup-attribute Sets the specified file to a backup file.

file-url Path name or file name of an App file in the flash
characters long.
device-name File name, beginning with a device name in the form
of unit[NO.]>flash, used to save the specified file to the
Flash memory of a specified switch.
Example Specify the host software that will be adopted when the current switch reboots next
time.
<S4200G> boot boot-loader PLATV100R002B09D002.bin

The specified file will be booted next time on unit 1!
<S4200G>
■ User view
Description You can use this command to specify a .bin file in the Flash memory as the host
software to be adopted at reboot.
3Com Switch 4200G Family boot boot-loader backup-attribute ● 51
Command Reference
boot boot-loader backup-attribute
Purpose Use the boot boot-loader backup-attribute command to configure an app

file to be of the backup attribute.
Syntax boot boot-loader backup-attribute file-url
Parameters file-url Path name or file name of an App file in the flash
characters long.
Example Configure the file named backup.bin to be of the backup attribute.
<S4200G>boot boot-loader backup-attribute backup.bin

Set boot file backup-attribute successfully on unit 1!
■ User view
Description The app file specified by this command becomes the backup startup file when the
device starts up the next time. When the main startup file is unavailable, the backup
startup file is used to start the switch.
CAUTION:
Make sure the app file to be specified as the backup startup file exists before
52 ● boot bootrom 3Com Switch 4200G Family
Command Reference
boot bootrom
Purpose Use the boot bootrom command to update the BootROM.
Syntax boot bootrom { file-url | device-name }
Parameters file-path File path and file name of Bootrom. This is a .btm file in
the Flash memory.
device-name File name, beginning with a device name in the form
of unit[NO.]>flash, used to save the specified file to the
Flash memory of a specified switch.
Example Update the BootROM of the switch.
<S4200G> boot bootrom S4200G.btm
■ User view
3Com Switch 4200G Family boot web-package ● 53
Command Reference
boot web-package
Purpose Use the boot web-package command to configure a Web file to be of the main or
backup attribute.
Syntax boot web-package webfile { backup | main }
Parameters webfile Name of a Web file, consisting of a character string

from 5 to 127 characters long.
main Specifies the file to be of the main attribute.
backup Specifies the file to be of the backup attribute.
Example Configure the Web file named boot.web to be of the main attribute.
<S4200G>boot web-package http.web main
■ User view
Description CAUTION:
■ Make sure the Web file which the webfile argument identifies exists before
■ The configuration of the main or backup attribute of a Web file takes effect
immediately without restarting the device.
54 ● broadcast-suppression 3Com Switch 4200G Family
Command Reference
broadcast-suppression
Purpose Use the broadcast-suppression command to define the broadcast traffic ratio
allowed on one port or each of the ports.
Use the undo broadcast-suppression command to restore the default ratio.
Syntax broadcast-suppression { ratio | pps max-pps }
undo broadcast-suppression
Parameters ratio Specifies the allowed maximum ratio of the broadcast

traffic to the total bandwidth on one or each port.
Valid values for this argument are 1 to 100 (in
increments of 1). The smaller the value of this
argument, the smaller the allowed-to-pass broadcast
traffic is.
If not specified, the default is 100.
max-pps Maximum number of broadcast packets allowed to
pass through each Ethernet port per second. Valid
values are 200 to 14881000 in pps.
Default By default, broadcast suppression is disabled.
Example Allow the broadcast traffic passing through the Ethernet1/0/1 port to occupy at most
20% of the bandwidth.
[S4200G] interface ethernet1/0/1
[S4200G-Ethernet1/0/1] broadcast-suppression 20
■ System view
Description Once broadcast traffic exceeds the value set by the user, the system maintains an
appropriate broadcast traffic ratio by discarding the overflow traffic, so as to suppress
broadcast storm, avoid network congestion, and ensure normal network services.
3Com Switch 4200G Family build ● 55
Command Reference
build
Purpose Use the build command to configure a cluster with the current switch as the
management device. Argument name specifies the name of the cluster.
Use the undo build command to configure the current management device as a
candidate.
Syntax build name
undo build
Parameters name Cluster name with no more than 8 characters,

including only alphanumeric characters, subtraction
sign “-” and/or underline “_”.
Default By default, a switch is not a management device.
Example Configure the current switch to be a management device and specify the cluster
name to be 3COM.
<S4200G>system-view
[S4200G] cluster
[S4200G-cluster] build 3COM
■ Cluster view
Description After a cluster is created, the device on which the command is executed becomes the
management device and is assigned a member number of 0.
Executed this command on a management-capable device that does not belong to

any clusters. Running this command on a cluster member will fail. If the current
switch is already the management device of a cluster, whose name is different from
that specified in the command, the command will only set the name of the cluster to
the new one.
The member number of a management device is 0.

56 ● bye 3Com Switch 4200G Family
Command Reference
bye
Purpose Use the bye command to terminate the connection to the remote SFTP server and
return to system view.
Syntax bye
Parameters None
Example Terminate the connection to the remote SFTP server (assume that the server IP address
is 10.1.1.2).
[S4200G] sftp 10.1.1.2
sftp-client> bye
[S4200G]
■ SFTP Client view
Description This command has the same function as the exit and quit commands.
3Com Switch 4200G Family bye ● 57
Command Reference
bye
Purpose Use the bye command to terminate the control connection and data connection
with the remote FTP server and quit to user view.
Syntax bye
Parameters None
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Terminate the connections with the remote FTP server and quit to user view.
[ftp] bye
<S4200G>
■ FTP Client view
Description This command has the same effect as that of the quit command.
58 ● cd 3Com Switch 4200G Family
Command Reference
cd
Purpose Use the cd command to change the current path on the remote SFTP server.
Syntax cd [ remote-path ]
Parameters remote-path Name of a path on the server. If you do not specify the
remote-path argument, the current path is
displayed.
Example Change current path to new1.
sftp-client> cd new1
Current Directory is:
flash:/new1
Description You can use the cd.. command to return to the upper level directory.
You can use the cd / command to return to the root directory of the system (that is,
flash:/).
3Com Switch 4200G Family cd ● 59
Command Reference
cd
Purpose Use the cd command to enter a specified directory on the Ethernet switch.
Syntax cd directory
Parameters directory The target directory, comprised of a string from 1 to

142 characters long.
Default The default directory is the root directory of Flash.
Example Enter the directory named flash.
<S4200G> cd flash:
<S4200G> pwd
flash:
■ User view
60 ● cd 3Com Switch 4200G Family
Command Reference
cd
Purpose Use the cd command to change the work path on the remote FTP server.
Syntax cd pathname
Parameters pathname The path name.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Change the work directory to flash:/temp.
[ftp] cd flash:/temp
■ FTP Client view
Description You can only use this command to enter authorized directories.
3Com Switch 4200G Family cdup ● 61
Command Reference
cdup
Purpose Use the cdup command to return to the upper directory.
Syntax cdup
Parameters None
Example Return to the upper directory.
sftp-client> cdup

62 ● cdup 3Com Switch 4200G Family
Command Reference
cdup
Purpose Use the cdup command to enter the parent directory.
Syntax cdup
Parameters None
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Enter the parent directory.
[ftp] cdup
■ FTP Client view

3Com Switch 4200G Family check region-configuration ● 63
Command Reference
check region-configuration
Purpose Use the check region-configuration command to display the configurations

of the MST regions that are not activated.
Some of the region names included are:
■ revision level
■ VLAN mapping table
Syntax check region-configuration
Parameters None
Example To display the configuration of an MST region, enter the following:
[S4200G-mst-region] check region-configuration
Admin Configuration
Format selector :0
Region name :00e0fc005100-EI
Revision level :0
Instance Vlans Mapped

0 1 to 9, 11 to 4094
16 10
Table 3 Description on the fields of the check region-configuration command
Field Description
Format selector Selector specified by MSTP
Region name Name of the MST region
Revision level Revision level of the MST region
Instance Vlans Mapped Spanning tree instance-to-VLAN mappings in the MST region
■ MST Region view
Description You can use this command to find the MST region the switch currently belongs to or
check to see whether or not the MST region-related configuration is correct.
MSTP-enabled switches are in the same region only when they have the same MST
region-related configuration. A switch cannot be in a respected region if any one of
the above three MST region-related settings does not be consistent with that of
another switch in the region.
64 ● check region-configuration 3Com Switch 4200G Family
Command Reference
Related Commands ■ instance

■ region-name
■ revision-level
■ active region-configuration
3Com Switch 4200G Family clock datetime ● 65
Command Reference
clock datetime
Purpose Use the clock datetime command to set the current system time and date.
Syntax clock datetime time date
Parameters time Specifies the current time in HH:MM:SS format. Valid

values for HH are 0 to 23. Valid values for MM and SS
are 0 to 59.
If not specified, the default is 23:55:52.
date Specifies the current year in MM/DD/YYYY or
YYYY/MM/DD format. Valid values for YYYY are 2000
to 2099. Valid values for MM are 1 to 12. Valid values
for DD are 1 to 31.
If not specified, the default is 2000/4/1.
Example Set the current date and time of the Ethernet switch to 0:0:0 2001/01/01.
<S4200G> clock datetime 0:0:0 2001/01/01
■ User view
Related Command display clock

66 ● clock summer-time 3Com Switch 4200G Family
Command Reference
clock summer-time
Purpose Use the clock summer-time command to set the name, time range, and offset of
the daylight saving time.
Use the undo clock summer-time command to cancel the setting.
Syntax clock summer-time zone-name { one-off | repeating } start-time

start-date end-time end-date offset-time
undo clock summer-time
Parameters zone-name Name of the daylight saving time, consisting of a

character string 1 to 32 characters long.
one-off Sets the daylight saving time for only one year (the
specified year).
repeating Sets the daylight saving time for every year starting
from the specified year.
start-time Start time of the daylight saving time, in the format of
HH:MM:SS.
start-date Start date of the daylight saving time, in the format of
YYYY/MM/DD or MM/DD/YYYY.
end-time End time of the daylight saving time, in the format of
HH:MM:SS.
end-date End date of the daylight saving time, in the format of
YYYY/MM/DD or MM/DD/YYYY.
offset-time Offset of the daylight saving time relative to (ahead of)
the standard time, in the format of HH:MM:SS.
Example Set the summer time named abc1, which starts from 06:00:00 2005/08/01, ends until
06:00:00 2005/09/01, and is one hour ahead of the standard time.
<S4200G> clock summer-time abc1 one-off 06:00:00 08/01/2005 06:00:00

09/01/2005 01:00:00
Set the summer time named abc2, which starts from 06:00:00 08/01, ends until
06:00:00 09/01, and is one hour ahead of the standard time every year from 2005
on.
<S4200G> clock summer-time abc2 repeating 06:00:00 08/01/2005 06:00:00

09/01/2005 01:00:00
■ User view
3Com Switch 4200G Family clock summer-time ● 67
Command Reference
Description After the setting, you can use the display clock command to check the result.
68 ● clock timezone 3Com Switch 4200G Family
Command Reference
clock timezone
Purpose Use the clock timezone command to set local time zone information.
Use the undo clock timezone command to return to the default, which is
Universal Time Coordinated (UTC).
Syntax clock timezone zone_name { add | minus } HH:MM:SS
undo clock timezone
Parameters zone_name Specifies the name of the time zone, which may be up
to 32 characters long.
add Specifies that time is ahead of UTC.
minus Specifies that time is behind UTC.
HH:MM:SS Specifies the time difference between the time zone
and UTC.
Example To set the local time zone as zone 5, and configure the local time to be 5 hours ahead
of UTC, enter the following:
<S4200G>clock timezone z5 add 05:00:00
■ User view
Description Use the display clock command to check the summer time settings.
Related Command clock summer-time

3Com Switch 4200G Family close ● 69
Command Reference
close
Purpose Use the close command to terminate an FTP connection without quitting FTP client
view.
Syntax close
Parameters None
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Terminate the FTP connection without quitting FTP client view.
[ftp] close
221 Server closing.
[ftp]
■ FTP Client view
Description The close command has the same effect as that of the disconnect command.
70 ● cluster 3Com Switch 4200G Family
Command Reference
cluster
Purpose Use the cluster command to enter cluster view.
Syntax cluster
Parameters None
Example Enter cluster view.
<S4200G>system-view
[S4200G] cluster
[S4200G-cluster]
■ System view
3Com Switch 4200G Family cluster enable ● 71
Command Reference
cluster enable
Purpose Use the cluster enable command to enable the cluster function on a switch.
Use the undo cluster enable command to disable the cluster function on a
switch.
Syntax cluster enable
undo cluster enable
Parameters None
Default By default, the cluster function is enabled on all the devices supporting cluster.
Example Enable the cluster function on a switch.
<S4200G>system-view
[S4200G] cluster enable
■ System view
Description You need to create a cluster with the build command before using the cluster enable
command on the management device.
These two commands can be used on any device supporting the cluster function.
When you execute the undo cluster enable command on a management device, the
cluster is removed, and the switch stops operating as a management device. When
you execute this command on a member device, the cluster function is disabled on
the switch, and the switch quit the cluster. When you execute this command on a
switch that belongs to no cluster, the cluster function is disabled on the switch.
72 ● cluster-local-user 3Com Switch 4200G Family
Command Reference
cluster-local-user
Purpose Use the cluster-local-user command to configure a Web username and

password for all cluster members.
Use the undo cluster-local-user command to remove the Web user

configuration configured for all cluster members.
Syntax cluster-local-user username passward { cipher | simple } passwordstring
undo cluster-local-user username
Parameters username Specifies the username of a WEB user, consisting of a

string from 1 to 55 characters long.
passwordstring Specifies the password of the WEB user, consisting of a
Default By default, no Web user is configured.
Example Configure a Web user on the master switch.
[3Com_0.S4200G-cluster]cluster-local-user WEB0001 passward cipher

123456
Remove a Web user on the master switch.
[3Com_0.S4200G-cluster]undo cluster-local-user WEB0001
■ Cluster view
Description ■ This command can be executed only on master switches. The

cluster-local-user command synchronizes the settings specified in it to all
authenticated members, including those passing the authentication after the
command is executed. The configuration applies to all the authenticated cluster
members. You can configure only one such command.
■ This command is used to simplify user configuration. The Web username and
password are configured for all the member devices of a cluster. This enables all
the member switches in a cluster to login using the same Web username and
password.
■ The configuration remains valid on a member device even if the latter quits the
cluster.
3Com Switch 4200G Family cluster-mac ● 73
Command Reference
cluster-mac
Purpose Use the cluster-mac command to configure a multicast MAC address for cluster
management. Run this command only on the management device only.
Syntax cluster-mac H-H-H
Parameters H-H-H Hexadecimal multicast MAC address, ranging

0180-C200-0000, 0180-C200-000A and
0180-C200-0020 to 0180-C200-002F.
Default By default, the cluster multicast MAC address is 0180-C200-000A.
Example Configure the multicast MAC address of the management device as

0180-C200-0028.
<aaa_0.S4200G> system-view
[aaa_0.S4200G] cluster
[aaa_0.S4200G-cluster] cluster-mac 0180-C200-0028
■ Cluster view
Description Multicast MAC addresses enable the member devices of a cluster to receive multicast
information delivered by the management device, and thus multicast information
sending function is implemented on the management device.
74 ● cluster-mac syn-interval 3Com Switch 4200G Family
Command Reference
cluster-mac syn-interval
Purpose Use the cluster-mac syn-interval command to set the interval for the
management device to send multicast packets. This command can be executed on
the management device only.
Syntax cluster-mac syn-interval time-interval
Parameters time-interval Interval (in minutes) to send multicast packets.
Example Set the interval to send multicast packets to 1 minute.
[aaa_0.S4200G-cluster] cluster-mac syn-interval 1
■ Cluster view
Description When the interval is set as 0, the management device does not send multicast packets
to member devices.
3Com Switch 4200G Family cluster-snmp-agent community ● 75
Command Reference
cluster-snmp-agent community
Purpose Use the cluster-snmp-agent community command to configure a SNMP

community for a cluster to enable SNMP access.
Use the undo cluster-snmp-agent community command to cancel the

community name configuration
Syntax cluster-snmp-agent community { read | write } community-name [ mib-view

view-name ]
undo cluster-snmp-agent community community-name
Parameters read Specifies that the SNMP community is a read-only

community.
write Specifies that the SNMP community is a
write-community.
community-name Community name, a string containing 1 to 27
characters.
view-name MIB view name, a string containing 1 to 32 characters.
It is the MIB view that you can view. By default, the
ViewDefault view is used.
Example In the cluster view of the master switch, set the community name to comaccess and
set the community to be read-only.
[3Com_0.S4200G-cluster] cluster-snmp-agent community read comaccess
Set the community name to comacceswr and set the community as a

write-community.
[3Com_0.S4200G-cluster]cluster-snmp-agent community write comacceswr
Remove the community name comaccess.
[3Com_0.S4200G-cluster]undo cluster-snmp-agent community comaccess
■ Cluster view
Description If you have configured a community name the same as the one configured by this
command, the current one replaces the one originally configured on a member
switch.
By default, no SNMP community is set for a cluster

76 ● cluster-snmp-agent community 3Com Switch 4200G Family
Command Reference
■ Use cluster-snmp-agent community and undo cluster-snmp-agent

community commands in the cluster view of the master switch. You can configure
only one SNMP community for a cluster.
■ The cluster-snmp-agent community command synchronizes the settings
specified in it to all authenticated members, including those passing the
authentication after the command is executed. The configuration applies to all the
authenticated cluster members.
cluster.
3Com Switch 4200G Family cluster-snmp-agent group v3 ● 77
Command Reference
cluster-snmp-agent group v3
Purpose Use the cluster-snmp-agent group command to configure a SNMP group for a
cluster to map SNMP users to the SNMP view.
Use the undo cluster-snmp-agent group command to remove the SNMP

group configured for a cluster.
Syntax cluster-snmp-agent group v3 group-name [ authentication | privacy ] [

read-view read-view ] [ write-view write-view ] [notify-view
notify-view ]
undo cluster-snmp-agent group v3 group-name [ authentication | privacy

]
Parameters v3 Uses SNMPV3 security mode.

group-name Specifies the group name, consisting of a string from 1
authentication Authenticates packets without encrypting.
privacy Authenticates and encrypts packets.
read-view Sets the read-only view.
read-view Specifies the read-only view name, consisting of a
write-view Sets the write view.
write-view Specifies the write view name, consisting of a string
notify-view Sets the notify view.
notify-view Specifies the notify view name, consisting of a string
Default By default, no SNMP group is configured for a cluster.
Example Create an SNMP group named snmpgroup.
[3Com_0.S4200G-cluster]cluster-snmp-agent group v3 snmpgroup
■ Cluster view
Description Use this command in the cluster view of the master switch. You can configure only
one SNMP group for a cluster.
78 ● cluster-snmp-agent group v3 3Com Switch 4200G Family
Command Reference
This command applies to all the authenticated cluster members.
■ Use this command in the cluster view of the master switch. You can configure only
one SNMP group for a cluster.
■ The cluster-snmp-agent group command synchronizes the settings
authenticated cluster members. If you have configured a group name the same as
the one configured by this command, the current one replaces the one originally
configured on a member switch.
cluster.
Related Command snmp-agent group v3

3Com Switch 4200G Family cluster-snmp-agent mib-view included ● 79
Command Reference
cluster-snmp-agent mib-view included
Purpose Use the cluster-snmp-agent mib-view command to create or update the

information about the MIB view configured for a cluster.
Use the undo cluster-snmp-agent mib-view command to remove the

information about the MIB view configured for a cluster.
Syntax cluster-snmp-agent mib-view included view-name oid-tree
undo cluster-snmp-agent mib-view view-name
Parameters view-name Specifies the view name, consisting of a string from 1

to 32 characters long. The default view name is
ViewDefault.
oid-tree Specifies the MIB object sub-tree. It can be OID or a
variable name, containing 1 to 255 characters.
included Displays the MIB view containing SNMP attribute.
Default The default MIB view of a cluster is ViewDefault, in which the sub-tree with OID being
1 (that is, iso) can be accessed.
Example Create a view named "mib2" that contains all objects of mib-2.
[3Com_0.S4200G-cluster]cluster-snmp-agent mib-view included mib2

1.3.6.1.2.1
Remove mib-view named mib2.
[3Com_0.S4200G-cluster]undo cluster-snmp-agent mib-view mib2
■ Cluster view
Description ■ Use this command in the cluster view of a master switch. You must configure this
command manually. By default, this command is not configured. You can
configure only one such command.
■ The cluster-snmp-agent mib-view command synchronizes the settings
authenticated cluster members.
cluster.
80 ● cluster-snmp-agent mib-view included 3Com Switch 4200G Family
Command Reference
■ At present, for the cluster-snmp-agent mib-view included and undo

cluster-snmp-agent mib-view commands, both OID and node name are
supported.
Related Command snmp-agent mib-view included

3Com Switch 4200G Family cluster-snmp-agent usm-user v3 ● 81
Command Reference
cluster-snmp-agent usm-user v3
Purpose Use the cluster-snmp-agent usm-user v3 command to add an account to

the SNMPV3 group configured for a cluster.
Use the undo cluster-snmp-agent usm-user v3 command to remove an

account from the SNMPV3 group configured for a cluster.
Syntax cluster-snmp-agent usm-user v3 username groupname [ authentication-mode

{ md5 | sha } authpassstring [ privacy-mode { des56 privpassstring } ] ]
undo cluster-snmp-agent usm-user v3 username groupname
Parameters v3 Uses V3 security mode.

username Specifies the username, consisting of a string from 1 to
32 characters long.
groupname Specifies the name of the SNMP group the user
corresponds to, consisting of a string from 1 to 32
characters long.
authentication-mode Performs authentication.
md5 Uses MD5 authentication. The key used in MD5 is 128
bits in length. MD5 is faster than SHA.
sha Uses SHA authentication. The key used in SHA is 160
bits in length. SHA is slower than MD5 but is more
secure.
authpassstring Authentication password consisting of a string from 1
to 16 characters long for a plain-text password or a
string consisting of 1 to 24 characters for a ciphertext
password.
privacy-mode Adopts encryption mode.
des56 Uses DES encryption protocol.
privpassstring Encryption password consisting of a string from 1 to
16 characters long for a plain-text password or a string
consisting of 1 to 24 characters for a ciphertext
password.
Default By default, no SNMPV3 account is configured for a cluster.
Example Add a user named "wang" to the SNMP group named "3Com", with authentication
enabled, authentication protocol set to MD5, and authentication password set to
"pass".
[3Com_0.S4200G-cluster] cluster-snmp-agent usm-user v3 wang 3Com

authentication-mode md5 pass
82 ● cluster-snmp-agent usm-user v3 3Com Switch 4200G Family
Command Reference
■ Cluster view
Description ■ Use the cluster-snmp-agent usm-user v3 and undo

cluster-snmp-agent usm-user v3 commands in the cluster view of a
master switch. You can configure only one such command.
■ The cluster-snmp-agent usm-user v3 command synchronizes the
settings specified in it to all authenticated members, including those passing the
authenticated cluster members. If you have configured a user name the same as
the one configured by this command, the original name is changed.
cluster.
3Com Switch 4200G Family cluster switch-to ● 83
Command Reference
cluster switch-to
Purpose Use the cluster switch-to command to switch between the management
device and member devices for configuration and management.
Syntax cluster switch-to { member-number | mac-address H-H-H | administrator }
Parameters member-number Member number of a switch in a cluster, ranging from

0 to 255.
mac-address H-H-H MAC address of a member device.
administrator Redirects from a member device to the management
device.
Example Switch from the management device to the member device numbered 6 and then
switch back to the management device.
<aaa_0.S4200G> cluster switch-to 6

<aaa_6.S4200G> quit
<aaa_0.S4200G>
■ User view
Description You can manage member devices in a cluster through the management device, on
which you can switch to member view to configure or manage specified member
devices, and then switch back to the management device.
Authentication is required when you switch from the management device to a

member device. Upon passing the member device authentication, the switchover is
allowed. If the password of the member device is different from that of the
management device, the switchover is rejected.
The view is inherited from the management device when you switch to a member
device from the management device. For example, the user view remains unchanged
after you switch from the management device to a member device.
Authentication is also required when you switch from a member device to the
management device. After passing the authentication, the system will enter user view
automatically.
When you execute this command on the management device, if the specified
member number n does not exist, an error message appears. Enter quit to stop the
switchover operation.
84 ● cluster switch-to sysname 3Com Switch 4200G Family
Command Reference
cluster switch-to sysname
Purpose Use the cluster switch-to sysname command to switch between the master
device and a member device.
Syntax cluster switch-to sysname membersysname
Parameters membersysname System name of a member device, consisting of a

Example Switch to the member switch with the system name being abc (assuming that the
member number of the switch is 6) and then switch back to the master device by
executing the quit command.
<3Com_0.S4200G>cluster switch-to sysname abc

<3Com_6.S4200G>quit
<3Com_0.S4200G>
Enter the member switch with the member number of 5 (assuming that member
devices numbered 5 and 6 share the system name of switch).
<Cluster_0.S4200-3rd>dis cluster members

SN Device MAC Address Status Name
0 Switch4200G 12-Port 0016-e01f-7100 Admin Cluster_1.4200-3rd
1 Switch4200G 12-Port 0016-e01f-7180 UP Cluster_1.4200-2nd
To connect to a member:
<Cluster_0.S4200-3rd>cluster switch-to-sysname 4200-2nd
Trying ...
Press CTRL +K to abort
Connected ...
.
.
.
<Cluster_1.4200-2nd>
■ User view
Description This command can be executed only on master switches.
■ You can manage member devices through the master device. You can switch to a
specific member device from the master device to manage the member device and
then switch back to the master device.
■ When you execute this command, an error occurs if the member device to switch
to does not exist. Enter “quit” to stop switching.
■ Authentication is performed when you switch to a member device. If the
authentication succeeds, you can switch to the member device; otherwise, the
switch fails.
3Com Switch 4200G Family cluster switch-to sysname ● 85
Command Reference
■ When you switch to a member device, the user level remains the same. For
example, if you are in user view when switching to a member device, you are in
user view after switching to the member device.
■ Authentication is also performed when you switch back to the master device.
Once the authentication succeeds, you are in user view of the master device
automatically.
86 ● command-privilege level 3Com Switch 4200G Family
Command Reference
command-privilege level
Purpose Use the command-privilege level command to set the level of the specified
command in a specified view.
Use the undo command-privilege view command to restore the level of the
specified command in the specified view to the default.
Syntax command-privilege level level view view command
undo command-privilege view view command
Parameters level Command Level. Valid values are 0 to 3.

view Command view. This argument can be any command
view the switch supports.
command The command to be specified.
Default By default, the ping, tracert, and telnet commands are at the visit level (level
0); the display and debugging commands are at the monitor level (level 1); all
configuration commands are at the system level (level 2); and FTP/TFTP/XModem and
file system related commands are at the manage level (level 3).
Example Specify the interface command in system view to be of level 0.
[S4200G] command-privilege level 0 view system interface
■ System view
Description Commands fall into four command levels: visit, monitor, system, and manage, which
are identified as 0, 1, 2, and 3, respectively. The administrator can change the level of
a command to enable users of specific level to utilize the command.
3Com Switch 4200G Family copy ● 87
Command Reference
copy
Purpose Use the copy command to copy a file.
Syntax copy fileurl-source fileurl-dest
Parameters fileurl-source Path name or file name of the source file in the Flash, a
string comprising 1 to 142 characters.
fileurl-dest Path name or file name of the destination file in the
Flash, a string comprising 1 to 142 characters.
Example Copy the file named test.txt as the file named test.bak.
<S4200G> copy test.txt test.bak

Copy flash:/test/test.txt to flash:/test/test.bak ?[confirm]:y
% Copyed file flash:/test/test.txt flash:/test/test.bak
Copy the file from flash:/vrpcfg.cfg into flash:/test/1.cfg.
<S4200G> copy flash:/vrpcfg.cfg flash:/test/1.cfg

Copy unit1>flash:/vrpcfg.cfg to unit1>flash:/test/1.cfg?[Y/N]:y
..
%Copy file unit1>flash:/vrpcfg.cfg to unit1>flash:/test/1.cfg...Done.
■ User view
Description If the fileurl-dest argument identifies an existing file, the system prompts you for the
confirmation to overwrite the existing file.
88 ● copy configuration 3Com Switch 4200G Family
Command Reference
copy configuration
Purpose Use the copy configuration command to copy the configuration of a specific port
to other ports, to ensure consistent configuration.
Syntax copy configuration source { interface-type interface-number |

aggregation-group source-agg-id } destination { interface-list [
aggregation-group destination-agg-id ] | aggregation-group
destination-agg-id }
Parameters interface-type Source port type.

interface-number Source port number.
source-agg-id Source aggregation group number. Valid values are 1
to 208. The port with the smallest port number in the
aggregation group is used as the source port.
interface-list Destination port list, interface-list1 = {
interface-type interface-number } [ to
interface-type interface-number ] &<1-10>.
&<1-10> indicates that the former parameter can be
input 10 times repeatedly at most.
destinatin-agg-id Destination aggregation group number. Valid values
are 1 to 208.
Note:
■ If you specify the source aggregation group ID, the system uses the port with the
smallest port number in the aggregation group as the source.
■ If you specify the destination aggregation ID, the configuration of the source port
will be copied to all ports in the aggregation group.
■ The port that is in an aggregation group will be removed from the destination
ports, that is, copy configuration cannot take effect on this port. If you need the
port to keep consistent configuration with the source port, you should configure
the aggregation group to which the port belongs as destination parameter.
■ The port that is enabled Voice VLAN feature will be removed from the destination
ports, that is, copy configuration cannot take effect on this port.
Example Copy the configuration of aggregation group 1 to all ports in aggregation group 2.
<S4200G>system-view
[S4200G] copy configuration source aggregation-group 1 destination
aggregation-group
■ System view
3Com Switch 4200G Family cut connection ● 89
Command Reference
cut connection
Purpose Use the cut connection command to cut the connection a user or a category of
users by force.
This command cannot cut the connections of Telnet and FTP users.
Syntax cut connection { all | access-type { dot1x | mac-authentication } |

domain isp-name | interface interface-type interface-number |
ip ip-address | mac mac-address | radius-scheme radius-scheme-name |
vlan vlan-id | ucibindex ucib-index | user-name user-name }
Parameters all Cuts down all connection.

access-type{ dot1x |
mac authentication } Configures to cut a category of connections according
to logon type.
■ dot1x specifies the 802.1x users.
■ mac authentication specifies the centralized MAC
address authentication users.
domain isp-name Specifies the user connections to cut using the ISP
domain. isp-name specifies the ISP domain name.
The isp-name is a character string up to 24
characters inlength. The specified ISP domain must
exist.
mac mac-address Specifies to the connections to cut using the MAC
address. mac-address is specifies in the hexadecimal
format (H-H-H).
radius-scheme
radius-scheme-name Specifies the connections to cut according to RADIUS
server name. radius-scheme-name specifies the
RADIUS server name with a character string up to 32
characters in length.
interface-number Specifies the connections to cut according to the port.
interface-type is the port type and
interface-number is the port number.
ip ip-address Specifies the connections to cut according to IP
address. ip-address is in the hexadecimal format
(ip-address).
vlan vlan-id Specifies the connection to cut according to VLAN ID.
vlan-id ranges from 1 to 4094.
ucibindex ucib-index Specifies the connections to cut according to
ucib-index. Theucib-index ranges from 0 to 1047.
user-name user-name Specifies the connections to cut according to user
name. user-name is a character string up to
90 ● cut connection 3Com Switch 4200G Family
Command Reference
80 characters in length. The string cannot include the

following characters:
■ /
■ :
■ *
■ ?
■ <
■ >
The @ character can only be used once in one
username. The pure username (the characters before
the @, namely the user ID) cannot exceed 55
characters and the domain name (the characters
behind the @) cannot be longer than 24 characters.
Example To cut all user connections in the ISP domain named aabbcc.net.
[S4200G] cut connection domain aabbcc.net
■ System view
Related Command display connection

3Com Switch 4200G Family data-flow-format ● 91
Command Reference
data-flow-format
Purpose Use the data-flow-format command to set the units of measure for the data flow
sent to the RADIUS Server.
Use the undo data-flow format command to restore the default unit of measure.
Syntax data-flow-format data { byte | giga-byte | kilo-byte | mega-byte }

packet { giga-packet | kilo-byte | mega-byte | one-packet }
undo data-flow format
Parameters data Sets the unit of measure for data.

byte Specifies to measure data in bytes.
giga-byte Specifies to measure data in gigabytes.
kilo-byte Specifies to measure data in kilobytes.
mega-byte Specifies to measure data in megabytes.
packet Sets the unit of measure for packets.
giga-packet Specifies to measure packets in giga-packets.
kilo-packet Specifies to measure packets in kilo-packets.
mega-packet Specifies to measure packets in mega-packets.
one-packet Specifies to measure packets in packets.
Default By default, the unit of measure for data is byte and that for packets is one-packet.
Example To specify to measure data and packets in data flows sent to RADIUS server in
kilobytes and kilo-packets respectively. enter the following:
New Radius scheme
[S4200G-radius-radius1] data-flow-format data kilo-byte packet
kilo-packet
Description By default, the data unit is byte and the data packet unit is one-packet.
92 ● data-flow-format 3Com Switch 4200G Family
Command Reference
Related Command display radius

3Com Switch 4200G Family databits ● 93
Command Reference
databits
Purpose Use the databits command to set the databits for the user interface.
Use the undo databits command to revert to the default data bits.
Syntax databits { 7 | 8 }
undo databits
Parameters 7 Sets the data bits to 7.

8 Sets the data bits to 8.
If no value is specified, 8 is the default.
Example Set the data bits to 7.
[S4200G-ui-aux0] databits 7
Description This command can only be performed in the AUX user interface view.
94 ● debugging 3Com Switch 4200G Family
Command Reference
debugging
Purpose Use the debugging command to enable the system debugging.
Use the undo debugging command to disable the system debugging.
Syntax debugging
undo debugging
Parameters None
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Enable system debugging.
[ftp] debugging
Debug is on.
■ User view
3Com Switch 4200G Family debugging ● 95
Command Reference
debugging
Purpose Use the debugging command to enable the system debugging.
Use the undo debugging command to disable the system debugging.
Syntax debugging module-name [ debugging-option ]
undo debugging { all | module-name [ debugging-option ] }
Parameters all Disables all the debugging.

module-name Specifies the module name.
debugging-option Debugging option.
Default By default, all the debugging processes are disabled.
Example Enable IP Packet debugging.
<S4200G> debugging ip packet

IP packet debugging switch is on.
The above command output indicates that the IP packet debugging is
enabled.
■ User view
Description Enabling debugging will generate a great deal of debugging information and thus
will affect the efficiency of the system. Therefore, it is recommended not to enable
debugging for multiple functional modules at the same time. The undo debugging all
command brings great convenience for you to disable all debugging at a time instead
of disabling them one by one.
Related Command display debugging

96 ● debugging arp packet 3Com Switch 4200G Family
Command Reference
debugging arp packet
Purpose Use the debugging arp packet command to enable ARP debugging.
Use the undo debugging arp packet command to disable the corresponding ARP
debugging.
Syntax debugging arp packet
undo debugging arp packet
Parameters error Specifies to enable ARP error debugging.

info Specifies to enable ARP mapping table and
information management debugging.
packet Specifies to enable ARP packet debugging.
Description By default, undo ARP debugging is disabled.
Example To enable ARP packet debugging, enter the following:
<S4200G> debugging arp packet

*0.946169229 5100_5 ARP/8/arp_send:- 1 -Send an ARP Packet, operation :
1, sender_eth_addr : 000f-e20f-c415, sender_ip_addr : 31.31.31.5,
target_eth_addr : 0000-0000-0000, target_ip_addr : 31.31.31.1
*0.946169473 5100_5 ARP/8/arp_rcv:- 1 -Receive an ARP Packet, operation
: 2, sender_eth_addr : 00e0-fc00-1751, sender_ip_addr : 31.31.31.1,
target_eth_addr : 000f-e20f-c415, target_ip_addr : 31.31.31.5
Table 4 Output description of the debugging arp packet command
Field Description
operation Type of ARP packets:
■ 1 ARP request packet
■ 2 ARP reply packet
sender_eth_addr Source MAC address
sender_ip_addr Source IP address
target_eth_addr MAC address of the target. For an ARP request packets, it is all zeros. This
field is set to the target MAC address in the ARP reply packets.
target_ip_addr Target IP address
■ User view
Related Commands ■ arp static

■ display arp
3Com Switch 4200G Family debugging dhcp client ● 97
Command Reference
debugging dhcp client
Purpose Use the debugging dhcp client command to enable debugging for the DHCP
client/BOOTP client.
Use the undo debugging dhcp client command to disable debugging output.
Syntax debugging dhcp client { all | error | event | packet }
undo debugging dhcp client { all | error | event | packet }
Parameters all Enables all types of debugging for dynamic host

configuration protocol (DHCP) client.
error Enables debugging for DHCP client error messages
(including the information about unidentified packets).
event Enables debugging for DHCP client events (including
address allocation and data update).
packet Enables debugging for packets received/transmitted by
a DHCP client.
Default By default, all DHCP client debugging is disabled.
Example Enable debugging for DHCP client events.
<S4200G> debugging dhcp client event
■ User view
98 ● debugging dhcp-relay 3Com Switch 4200G Family
Command Reference
debugging dhcp-relay
Purpose Use the debugging dhcp-relay command to enable DHCP relay debugging.
Use the undo debugging dhcp-relay command to disable DHCP relay

debugging.
Syntax debugging dhcp-relay
undo debugging dhcp-relay
Parameters None
Default By default, DHCP relay debugging is disabled.
Example Enable DHCP relay debugging.
<S4200G> debugging dhcp-relay

*0.7200205-DHCP-8-dhcp_debug:
From client to server:
Interface: VLAN-Interface 1
ServerGroupNo: 0
Type: dhcp-request
ClientHardAddress: 0010-dc19-695d
ServerIpAddress: 192.168.1.2
*0.7200230-DHCP-8-dhcp_debug:
From server to client:
Interface: VLAN-Interface 1
ServerGroupNo: 0
Type: dhcp-ack
ClientHardAddress: 0010-dc19-695d
AllocatedIpAddress: 10.1.1.1
*0.7200580-DHCP-8-largehop:
Discard DHCP request packet because of too large hop count!
*0.7200725-DHCP-8-invalidpkt:
Wrong DHCP packet!
Table 5 Description on the fields of the debugging dhcp-relay command
Field Description
Interface VLAN interface carrying the DHCP
relay function
ServerGroupNo DHCP server group number of the
DHCP relay
Type DHCP packet type of the DHCP relay
ClientHardAddress MAC address of the DHCP client
ServerIpAddress IP address of the DHCP server
AllocatedIpAddress IP address assigned to the DHCP client
3Com Switch 4200G Family debugging dhcp-relay ● 99
Command Reference
■ User view
Related Commands ■ dhcp-server ip

■ dhcp-server
■ display dhcp-server
■ display dhcp-server interface vlan-interface
100 ● debugging DLDP 3Com Switch 4200G Family
Command Reference
debugging DLDP
Purpose Use the debugging dldp command to enable specific debugging for DLDP on all
ports with DLDP enabled.
Use the undo debugging dldp command to disable debugging for DLDP on all
ports with DLDP enabled.
Syntax debugging dldp { error | neighbor | packet | state } }
undo debugging dldp { error | neighbor | packet | state }
Parameters error Debugging for DLDP error.

neighbor Debugging for DLDP neighbor.
packet Debugging for DLDP packets.
state Debugging for the DLDP status on ports.
Default By default, DLDP debugging is disabled.
Example Enable debugging for DLDP error.
<S4200G> debugging dldp error
■ User view
3Com Switch 4200G Family debugging ntp-service ● 101
Command Reference
debugging ntp-service
Purpose Use the debugging ntp-service command to debug different NTP (network time
protocol) services.
Use the undo debugging ntp-service command to disable corresponding

debugging function.
Syntax debugging ntp-service { access | adjustment | all | authentication |

event | filter | packet | parameter | refclock | selection |
synchronization | validity }
undo debugging ntp-service { access | adjustment | all | authentication

| event | filter | packet | parameter | refclock | selection |
synchronization | validity }
Parameters access NTP access control debugging.

adjustment NTP clock adjustment debugging.
all All NTP debugging functions.
authentication NTP authentication debugging.
event NTP event debugging.
filter NTP filter information debugging.
packet NTP packet debugging.
parameter NTP clock parameter debugging.
refclock NTP reference clock debugging.
selection NTP clock selection information debugging.
synchronization NTP clock synchronization information debugging.
validity NTP remote host validity debugging
Default By default, no debugging function is enabled.
Example Enable NTP access control debugging.
<S4200G>debugging ntp-service access
■ User view
102 ● debugging radius 3Com Switch 4200G Family
Command Reference
debugging radius
Purpose Use the debugging radius command to enable the debugging for RADIUS
protocol.
Use the undo debugging radius command to disable the debugging for RADIUS
protocol.
Syntax debugging radius packet
undo debugging radius packet
Parameters packet Enables packet debugging.
Default By default, the debugging for RADIUS protocol is disabled.
Example To enable the debugging for RADIUS protocol, enter the following:
<S4200G> debugging radius packet
■ User view
3Com Switch 4200G Family debugging snmp-agent ● 103
Command Reference
debugging snmp-agent
Purpose Use the debugging snmp-agent command to enable SNMP Agent debugging.
Use the undo debugging snmp-agent command to cancel the current setting.
Syntax debugging snmp-agent { header | packet | process | trap }
undo debugging snmp-agent { header | packet | process | trap }
Parameters header Configures SNMP packet header debugging.

packet Configures SNMP packet debugging.
process Configures SNMP packet process debugging.
trap Configures Trap packet debugging.
Default By default, SNMP Agent debugging is disabled.
Example Enable SNMP packet header debugging.

<S4200G> debugging snmp-agent header
■ User view
Description This command enables or disables SNMP Agent debugging.

104 ● debugging udp-helper 3Com Switch 4200G Family
Command Reference
debugging udp-helper
Purpose Use the debugging udp-helper command to enable UDP Helper debugging.
Use the undo debugging udp-helper command to disable UDP Helper debugging.
Syntax debugging udp-helper { event | packet [ receive | send ] }
undo debugging udp-helper { event | packet [ receive | send ] }
Parameters event UDP Helper event debugging.

packet UDP Helper packet debugging.
receive UDP Helper inbound packet debugging.
send UDP Helper outbound packet debugging.
Default By default, UDP Helper debugging is disabled.
Example To enable UDP Helper packet debugging, enter the following:
<SW4200G>debugging udp-helper packet
■ User view
3Com Switch 4200G Family delete ● 105
Command Reference
delete
Purpose Use the delete command to delete a specified file stored on a switch.
Syntax delete [ /unreserved ] file-url
delete { running-files | standby-files } [ /unreserved ]
Parameters /unreserved Deletes a file completely.

file-url Path or the file name of a file in the Flash, a string
comprising 1 to 142 characters. You can use the "*"
character in this argument as a wildcard. For example,
the delete *.txt command deletes all the files
with txt as their extensions.
running-files Specifies all the files with the main attribute.
standby-files Specifies all the files with the backup attribute.
Example Delete the file test/test.txt in the local unit.
<S4200G>delete test/test.txt
Delete unit1>flash:/test/test.txt?[Y/N]:y
.
%Delete file unit1>flash:/test/test.txt...Done.
Delete the files that are of the main attribute.
<S4200G>delete running-files
Delete the running files ? [Y/N]:y
Start deleting ..........
Unit1 delete success!
%Apr 4 11:25:40:973 2000 S4200G VFS/6/OPLOG:- 1 - Unit1 delete
success!
Deleting ... done
■ User view
Description Use the delete command to delete a specified file stored on a switch.
If you execute the delete command with the /unreserved keyword specified, the
specified file is completely deleted. (That is, the file cannot be restored.)
If you execute the delete command with the /unreserved keyword not specified, the
specified file is moved to the recycle bin. Following are the notes on deleted files:
■ The dir command cannot display the information about deleted files.
■ To display the information about deleted files, use the dir /all command.
106 ● delete 3Com Switch 4200G Family
Command Reference
■ To restore a deleted file, use the undelete command.

■ To delete the files in the recycle bin, use the reset recycle-bin command.
You can also use the delete command to delete files by file attribute. The delete
running-file command deletes all the files with the main attribute, and the delete
standby-file command deletes all the files with the backup attribute.
CAUTION:
For deleted files whose names are the same, only the latest deleted file can be
restored.
3Com Switch 4200G Family delete ● 107
Command Reference
delete
Purpose Use the delete command to delete the specified file from the server.
Syntax delete remote-file
Parameters remote-file Name of a file on the server.
Example Delete file temp from the server.
sftp-client> delete temp.c
Description This command has the same function as the remove command.
108 ● delete 3Com Switch 4200G Family
Command Reference
delete
Purpose Use the delete command to delete the specified remote file.
Syntax delete remotefile
Parameters remotefile File name.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Delete the file named temp.c.
[ftp] delete temp.c

250 DELE command successful.
■ FTP Client view

3Com Switch 4200G Family delete-member ● 109
Command Reference
delete-member
Purpose Use the delete-member command to remove a member device from the cluster.
Syntax delete-member member-number

0 to 255.
Example Remove the member device numbered 2 from the cluster.
[aaa_0.S4200G-cluster] delete-member 2
■ Cluster view
Description This command can be performed on the management device only. Otherwise, an
error message will appear.
110 ● delete static-routes all 3Com Switch 4200G Family
Command Reference
delete static-routes all
Purpose Use the delete static-routes all command to delete all the static routes.
Syntax delete static-routes all
Parameters None
Example Delete all the static routes in the router.
<SW4200G>system-view
[SW4200G]delete static-routes all
Are you sure to delete all the static routes?[Y/N]
■ System view
Description The system requests your confirmation before it deletes all the configured static
routes.
Related Commands ■ ip route-static

■ display ip routing-table
3Com Switch 4200G Family description ● 111
Command Reference
description
Purpose Use the description command to enter a description of an Ethernet port.
Use the undo description command to cancel the description.
Syntax description text
undo description
Parameters text Specifies a description of the Ethernet port. The

description may be up to 80 characters long.
Default By default, an Ethernet port does not have a description.
Example Set the description of port Ethernet1/0/1 to be lanswitch-interface.
<S4200G>system-view
[S4200G]interface ethernet 1/0/1
[S4200G-Ethernet1/0/1]description lanswitch-interface
[S4200G-Ethernet1/0/1]

112 ● description 3Com Switch 4200G Family
Command Reference
description
Purpose Use the description command to assign a description string for the VLAN.
Use the undo description command to restore the default description string.
Syntax description string
undo description
Parameters string Description string to be assigned to a VLAN. This value

is a string comprising 1 to 32 characters. The default
description string of a VLAN is its VLAN ID, such as
"VLAN 0001".
Example To give VLAN 1 the description “RESEARCH”, enter the following:
[S4200G] vlan 1
[S4200G-vlan1] description research
■ VLAN view
3Com Switch 4200G Family description ● 113
Command Reference
description
Purpose Use the description command to assign a description string to a VLAN or a VLAN
interface.
Syntax description string
undo description
Parameters string Specifies a description of the current VLAN or VLAN

interface.
■ The description of a VLAN may be up to 32
characters and defaults to the ID of the VLAN
(for example, VLAN 0001).
■ The description of a VLAN interface may be up to
80 characters and defaults to the name of the
VLAN interface (for example, Vlan-interface1
Interface).
Example To configure VLAN 2 to be the management VLAN and give of the description
“RESEARCH” to the VLAN 2 interface, enter the following:
[S4200G] vlan 2
[S4200G-vlan2] quit
[S4200G] management-vlan 2
[S4200G-Vlan-interface2] description RESEARCH
■ VLAN view
114 ● description 3Com Switch 4200G Family
Command Reference
description
Purpose Use the description command to define the description information of an ACL to
describe the specific purpose of the ACL.
Use the undo description to delete the description information of an ACL.
Syntax description text

undo description
Parameters text Description information of the ACL, a string of up to

127 characters.
Example Define the description information of ACL 3100.
[S4200G] acl number 3100
[S4200G-acl-adv-3100] description This acl is used in eth 0
Delete the description information of ACL 3100.
[S4200G-acl-adv-3100] undo description
■ Basic ACL view

■ Advanced ACL view
■ Layer 2 ACL view
3Com Switch 4200G Family dhcp relay information enable ● 115
Command Reference
dhcp relay information enable
Purpose Use the dhcp relay information enable command to enable option 82
supporting on a DHCP relay, through which you can enable the DHCP relay to insert
option 82 into DHCP request packets sent to a DHCP server.
Use the undo dhcp relay information enable command to disable option 82
supporting on a DHCP relay, through which you can disable the DHCP relay from
inserting option 82 into DHCP request packets sent to a DHCP server.
Syntax dhcp relay information enable
undo dhcp relay information enable
Parameters None
Default By default, this function is disabled.
Enable option 82 supporting on a DHCP relay.
[S4200G] dhcp relay information enable
Disable option 82 supporting on a DHCP relay.
[S4200G] undo dhcp relay information enable
■ System view
Related Command dhcp relay information strategy

116 ● dhcp relay information strategy 3Com Switch 4200G Family
Command Reference
dhcp relay information strategy
Purpose Use the dhcp relay information strategy command to instruct a DHCP
relay to perform specified operations to DHCP request packets that carry option 82.
Use the undo dhcp relay information strategy command to instruct a

DHCP relay to perform the default operations to DHCP request packets that carry
option 82.
Syntax dhcp relay information strategy { drop | keep | replace }
undo dhcp relay information strategy
Parameters drop Specifies to discard the DHCP request packets that

carry option 82.
keep Specifies to remain the DHCP request packets that
carry option 82 unchanged.
replace Specifies to replace the option 82 carried by a DHCP
request packet with that of the DHCP relay.
Default By default, the DHCP relay replaces the option 82 carried by a DHCP request packet
with its own option 82.
Instruct the DHCP relay to discard the DHCP request packets that carry option 82.
[S4200G] dhcp relay information strategy drop
Instruct the DHCP relay to perform the default operations to DHCP request packets
that carry option 82.
[S4200G] undo dhcp relay information strategy
■ System view
Related Command dhcp relay information enable

3Com Switch 4200G Family dhcp-security static ● 117
Command Reference
dhcp-security static
Purpose Use the dhcp-security static command to configure a static user address
entry.
Use the undo dhcp-security command to remove one or all user address entries,
or all user address entries of a specified type.
Syntax dhcp-security static ip-address mac-address
undo dhcp-security { ip-address | all | dynamic | static }
Parameters ip-address User IP address.

mac-address User MAC address.
all Removes all user address entries.
dynamic Removes dynamic user address entries.
static Removes static user address entries.
Configure a user address entry for the DHCP server group, with the user IP address
being 1.1.1.1 and the user MAC address being 0005-5D02-F2B3.
[S4200G] dhcp-security static 1.1.1.1 0005-5D02-F2B3
■ System view
Related Command display dhcp-security

118 ● dhcp-server 3Com Switch 4200G Family
Command Reference
dhcp-server
Purpose Use the dhcp-server command to map the current VLAN interface to a DHCP
server group.
Use the undo dhcp-server command to cancel the mapping.
Syntax dhcp-server groupNo
undo dhcp-server
Parameters groupNo DHCP server group number. Valid values for this
argument are 0 to 19.
Examples Enter system view.
Enter VLAN 1 interface view.
Specify that VLAN 1 interface corresponds to DHCP server group 1.
[S4200G-Vlan-interface1] dhcp-server 1
Related Commands ■ dhcp-server ip

■ debugging dhcp-relay
3Com Switch 4200G Family dhcp-server ip ● 119
Command Reference
dhcp-server ip
Purpose Use the dhcp-server ip command to configure the DHCP server IP address(es) in
a specified DHCP server group.
Use the undo dhcp-server command to remove all DHCP server IP addresses in a
DHCP server group.
Syntax dhcp-server groupNo ip ip-address1 [ ipaddress-list ]
undo dhcp-server groupNo
Parameters groupNo DHCP server group number. Valid values are 0 to 19.
ipaddress-1 IP address of DHCP server 1 in the DHCP server group.
ipaddress-list IP addresses of other DHCP servers in the DHCP server
group. You can provide up to seven other DHCP sever
IP addresses.
Examples Enter system view.
Configure three DHCP server IP addresses 1.1.1.1, 2.2.2.2, and 3.3.3.3 for DHCP
server group 1, so that this group contains three DHCP servers (server 1, server 2 and
server 3).
[S4200G] dhcp-server 1 ip 1.1.1.1 2.2.2.2 3.3.3.3
■ System view
Related Commands ■ dhcp-server

■ debugging dhcp-relay
120 ● dir 3Com Switch 4200G Family
Command Reference
dir
Purpose Use the dir command to display the information about the specified files or
directories on a switch.
Syntax dir [ /all ] [ file-url ]
Parameters /all Displays the information about all the files, including
those in the recycle bin.
file-url Path name or the name of a file in the Flash, a string
comprising 1 to 142 characters. You can specify
multiple files by inserting the "*" character as
wildcards in this argument. For example, the dir *.txt
command displays the information about all the files
with the extension of txt in the current directory.
Example Display the information about all the normal files in the root directory of the file
system on the local unit.
<S4200G> dir
Directory of unit1>flash:/
1 (*) -rw- 5792495 Apr 02 2000 00:06:50 s5100.bin
2 (*) -rw- 1965 Apr 01 2000 23:59:13 3comoscfg.cfg
3 -rw- 5841301 Apr 02 2000 21:42:13 s5100d8.bin
4 -rw- 224 Apr 02 2000 01:36:30 s5100d9.bin
5 -rw- 279296 Apr 02 2000 00:22:01 test.abc
15367 KB total (3720 KB free)
(*) -with main attribute (b) -with backup attribute
(*b) -with both main and backup attribute
Display the information about all the files in the root directory of the file system,
including the files in the recycle bin.
<S4200G> dir /all

1 (*) -rw- 5792495 Apr 02 2000 00:06:50 s5100.bin
2 -rwh 4 Apr 01 2000 23:55:26 snmpboots
3 -rwh 151 Apr 02 2000 00:05:53 private-data.txt
5 -rw- 5841301 Apr 02 2000 21:42:13 s5100d8.bin
6 -rw- 224 Apr 02 2000 01:36:30 s5100d9.bin
7 -rw- 279296 Apr 02 2000 00:22:01 test.abc
8 -rw- 2370 Apr 02 2000 02:49:12 [1.cfg]
0 -rwh 4 Apr 01 2000 23:55:24 snmpboots
1 (*) -rw- 4724347 Apr 01 2000 23:59:45 s5100.bin
3 -rw- 1737 Apr 02 2000 00:46:21 cfg.cfg
4 -rw- 279296 Apr 02 2000 00:21:55 love.rar
5 -rw- 428 Apr 02 2000 13:07:11 hostkey
6 -rwh 151 Apr 01 2000 23:58:39 private-data.txt
3Com Switch 4200G Family dir ● 121
Command Reference
7 -rw- 572 Apr 02 2000 13:07:20 serverkey

8 -rw- 1589 Apr 02 2000 00:58:20 1.cfg
Display the information about all the files whose names begin with the character t
(including those in the recycle bin) in the local directory unit1>flash:/test/.
<S4200G>dir /all test/t*

Directory of unit1>flash:/test/
0 -rw- 279296 Apr 04 2000 14:45:19 test.txt
■ User view
Description In the output information, files with the main, backup or main/backup attribute are
tagged. This command supports the wildcard of "*".
Note: In the output information of the dir /all command, deleted files (that is,
those in the recycle bin) are embraced in brackets.
Command Reference
dir
Purpose Use the dir command to query specified files.
Syntax dir [ filename [ localfile ] ]
Parameters filename Name of the file to be queried.

localfile Name of the local file where the query result is to be
saved.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Display the information about all the files in the current directory.
[ftp] dir
200 PORT command okay
7 File Listing Follows in ASCII mode
-rwxrwxrwx 1 noone nogroup 430585 Dec 21 2004 4.bin
-rwxrwxrwx 1 noone nogroup 430585 Dec 21 2004 5.bin
-rwxrwxrwx 1 noone nogroup 430585 Dec 23 2004 6. bin
-rwxrwxrwx 1 noone nogroup 430585 Dec 21 2004 6. bin.bak
-rwxrwxrwx 1 noone nogroup 638912 Nov 15 2004 abc.BTM
drwxrwxrwx 1 noone nogroup 0 Dec 15 2004 TEST
-rwxrwxrwx 1 noone nogroup 3212176 Jul 14 2004 21.bin
226 Transfer finished successfully.
FTP: 5346 byte(s) received in 6.782 second(s) 788.00 byte(s)/sec.
Display the information about the file named 4.app and save the output information
in the file named temp1.
[ftp] dir 4.app temp1

-rwxrwxrwx 1 noone nogroup 430585 Dec 21 2004 4. bin
FTP: 70 byte(s) received in 0.122 second(s) 573.00 byte(s)/sec.
■ FTP Client view

3Com Switch 4200G Family dir ● 123
Command Reference
Description The output information includes the name, size and creation time of a file in the
current directory.
If you do not specify the filename argument, the information about all the files in the
current directory is displayed.
Command Reference
dir
Purpose Use the dir command to display the files in the specified directory.
Syntax dir [ remote-path ]
Parameters remote-path Name of the intended directory.

If the remote-path argument is not specified, the
files in the current directory are displayed.
Example Display the files in directory flash:/.
sftp-client> dir flash:/

-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 vrpcfg.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1
Description This command has the same function as the ls command.

3Com Switch 4200G Family disconnect ● 125
Command Reference
disconnect
Purpose Use the disconnect command to terminate a FTP connection without quitting FTP
client view.
Syntax disconnect
Parameters None
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:
[ftp]
Terminate the FTP connection without quitting FTP Client view.
[ftp] disconnect
221 Server closing.
[ftp]
■ FTP Client view
Description The disconnect command has the same effect as that of the close command.
126 ● display acl 3Com Switch 4200G Family
Command Reference
display acl
Purpose Use the display acl command to view the detailed configuration information of an
ACL, including each rule and its number as well as the number and size in bytes of
the data packets that match the statement.
Syntax display acl { all | acl-number }
Parameters all Displays all ACLs.

acl-number Specifies the number of the ACL to be displayed. Valid
values are 2000 to 4999.
Example Display the contents of all ACLs.
<S4200G> display acl all

Basic ACL 2000, 0 rule, match-order is auto
Acl's step is 1
Advanced ACL 3000, 1 rule

Acl's step is 1
rule 1 permit ip (0 times matched)
■ Any view
Description The matched times displayed by this command are software matched times, namely,
the matched times of the ACL to be processed by the Switch CPU. You can use the
traffic-statistic command to calculate the matched times of hardware during
packet-forwarding
3Com Switch 4200G Family display am user-bind ● 127
Command Reference
display am user-bind
Purpose Use the display am command to view whether address management is enabled
and to display IP address pool configuration.
Syntax display am user-bind [ interface interface-type interface-number |

mac-addr ip-addr]
Parameters interface Displays the binding information of a specified

interface.
interface-type Specifies the interface type.
interface-number Specifies the interface number.
mac-addr Displays the binding information of the MAC address
ip-addr Displays the binding information of the IP address.
Example Display the information about port binding.
<S4200G> display am user-bind

Following User address bind have been configured:
Mac IP Port
0001-0001-0001 1.2.3.4 GigabitEthernet1/0/1
Unit 1:Total 1 found, 1 listed.
Total: 1 found.
■ Any view
Description By checking the output of this command, you can verify the current configuration.
128 ● display arp 3Com Switch 4200G Family
Command Reference
display arp
Purpose Use the display arp command to display the ARP mapping table entries by entry
type, or by a specified IP address.
Syntax display arp [ ip-address | [ dynamic | static ] | { begin | include |

exclude } text
Parameters ip-address Specifies the IP address. The ARP mapping entries

containing the IP address are to be displayed.
dynamic Displays the dynamic ARP entries in the ARP mapping
table.
static Displays the static ARP entries in the ARP mapping
table.
begin Specifies to start displaying from the first ARP entry
that contains the specified character string text.
include Displays only the ARP entries that contain the specified
character string text.
exclude Displays only the ARP entries that do not contain the
specified character string text.
text Displays the ARP entries that contain this user-defined
character string.
Example To display the ARP entries from the first ARP mapping entry that contains the string 1,
<S4200G> display arp | begin 1

Type: S-Static D-Dynamic
IP Address MAC Address VLAN ID Port Name / AL ID Aging Type
1.1.1.9 0010-5ce1-1ae6 1 GigabitEthernet1/0/12 17 D
1.1.1.11 000f-1f9b-8ab2 1 GigabitEthernet1/0/1 18 D
--- 2 entries found ---
Example2 To display all ARP entries in the mapping table, enter the following:
<S4200G> display arp

IP Address MAC Address VLAN ID Port Name/AL ID Aging Type
10.1.1.2 00e0-fc01-0102 N/A N/A N/A Static
10.110.91.175 0050-ba22-6fd7 1 GigabitEthernet1/0/1 20 Dynamic
--- 2 entries found ---
■ Any view
3Com Switch 4200G Family display arp ● 129
Command Reference
Related Commands ■ arp static

■ reset arp
130 ● display arp count 3Com Switch 4200G Family
Command Reference
display arp count
Purpose Use the display arp count command to display the number of the specified
type of ARP mapping entries.
Syntax display arp count [ [ dynamic | static ] | { begin | include | exclude

} text | ip-address ]
Parameters dynamic Counts the dynamic ARP mapping entries.

static Counts the static ARP mapping entries.
begin Counts the ARP mapping entries from the first ARP
entry that contains the string given by the text
argument.
Include Counts the ARP mapping entries that contain the
string given by the text argument.
exclude Counts the ARP mapping entries that do not contain
the string given by the text argument.
text Specifies the string used to filtered ARP mapping
entries.
ip-address Specifies the IP address. The ARP mapping entries
containing the IP address are to be counted in.
Default If no optional parameter is specified, the number of all types of ARP mapping entries
is displayed.
Example To display the number of all types of ARP mapping entries, enter the following:
<S4200G> display arp count

1 entry found
■ Any view
Related Command ■ arp static

■ reset arp
3Com Switch 4200G Family display arp timer aging ● 131
Command Reference
display arp timer aging
Purpose Use the display arp timer aging command to view the current setting of the
dynamic ARP aging timer.
Syntax display arp timer aging
Parameters None
Example To display the current setting of the ARP aging timer, enter the following:
<S4200G> display arp timer aging

Current ARP aging time is 20 minute(s)(default)
■ Any view
Related Command arp timer aging

132 ● display boot-loader 3Com Switch 4200G Family
Command Reference
display boot-loader
Purpose Use the display boot-loader command to display the information about the
app startup files of a switch, including the current app startup file name, the main
and backup app startup files to be used when the switch starts the next time.
Syntax display boot-loader [ unit unit-id ]
Parameters unit unit-id Unit ID of a switch.
Example Display the information about the app startup files of unit 1.
[S4200G]display boot-loader unit 1

Unit 1
The current boot app is: S4200G.bin
The main boot app is: S4200G.bin
The backup boot app is: S4200G.bin
■ Any view
3Com Switch 4200G Family display boot-loader ● 133
Command Reference
display boot-loader
Purpose Use the display boot-loader command to display the host software (.bin file)
that will be adopted when the switch reboots.
Syntax display boot-loader
Parameters None
Example Display the host software that will be adopted when the switch reboots.
<S4200G>display boot-loader
Unit 1:
The current boot app is: S4200G.bin
The main boot app is: S4200G.bin
The backup boot app is:

Table 6 Description on the fields of the display boot-loader command
Field Description
The current boot app is Current boot file of the system
The main boot app is Main boot file of the system
The backup boot app is Backup boot file of the system
■ Any view
134 ● display bootp client 3Com Switch 4200G Family
Command Reference
display bootp client
Purpose Use the display bootp client command to display BOOTP client-related
information, including the MAC address of the BOOTP client and the IP address
obtained.
Syntax display bootp client [ interface vlan-interface vlan-id ]
Parameters vlan-id VLAN interface ID.
Example Display the BOOTP client-related information.
<S4200G> display bootp client interface vlan-interface 1

Vlan-interface1:
Allocated IP: 169.254.0.2 255.255.0.0
Transaction ID = 0x3d8a7431
Mac Address 00e0-fc0a-c3ef
Table 7 Description on the fields of the display bootp client command
Field Description
Vlan-interface1 VLAN interface 1 is configured to obtain an IP address
through BOOTP.
Allocated IP IP address allocated to VLAN interface 1
Transaction ID Value of the XID field in BOOTP packets
Mac Address MAC address of the BOOTP client
■ Any view
3Com Switch 4200G Family display brief interface ● 135
Command Reference
display brief interface
Purpose Use the display brief interface command to display the configuration
information about one specific or all ports in brief, including the port type,
connection state, connection rate, duplex attribute, link type and default VLAN ID.
Syntax display brief interface [ interface-type interface-number ] [ | { begin

| include | exclude } string ]
Parameters interface-type Port type.

interface-number Port number.
| Uses regular expression to specify the details in the
port configuration information fields, so as to specify
which port information entries will be displayed.
begin There is a port information field beginning with the
specified character (string).
include There is a port information field containing the
exclude There is no port information field containing the
string A character string from 1 to 256 characters long.
Example Display the brief configuration information about the Ethernet1/0/3 port.
<S4200G> display brief interface ethernet 1/0/3

Interface Link Speed Duplex Link-type PVID
Ethernet1/0/3 DOWN auto auto access 1
Table 8 Description on the fields of the display brief interface command
Field Description
Interface Port type
Link Link state UP or DOWN
Speed Link rate
Duplex Duplex attribute
Link-type Link type access, hybrid or trunk
PVID Default VLAN ID
■ Any view
136 ● display brief interface 3Com Switch 4200G Family
Command Reference
Description This command functions similarly to the display interface command but
displays the port information in brief.
Currently, for a non-Ethernet port, the system only displays its connection state and
displays "--" in other configuration information fields.
Related Command display interface

3Com Switch 4200G Family display channel ● 137
Command Reference
display channel
Purpose Use the display channel command to display the details about the information
channel.
Syntax display channel [ channel-number | channel-name ]
Parameters channel-number Channel number, ranging from 0 to 9, corresponding

to the 10 channels of the system.
channel-name Channel name, which can be channel6, channel7,
channel8, channel9, console, logbuffer, loghost,
monitor, snmpagent or trapbuffer.
Example Display the settings of information channel 0.
<S4200G> display channel 0

channel number:0, channel name:console
MODU_IDNAME ENABLE LOG LEVEL ENABLE TRAP LEVELENABLEDEBUGGING LEVEL
ffff0000all Y warning Y debuggingYdebugging
■ Any view
Description Without a parameter, the display channel command shows the configurations of
all the channels.
138 ● display clock 3Com Switch 4200G Family
Command Reference
display clock
Purpose Use the display clock command to display the current date and time of the system,
so that you can adjust them if they are wrong.
Syntax display clock
Parameters None
Example View the current system date and time.
<S4200G> display clock

18:36:31 beijing Sat 2002/02/02
Time Zone : beijing add 01:00:00
Summer-Time : bj one-off 01:00:00 2003/01/01 01:00:00 2003/08/08
01:00:00
Field Description
18:36:31 beijing Sat Current date and time of the system
2002/02/02
Time Zone Configured time zone information
Summer-Time Configured summer time information
■ Any view
Related Commands ■ clock datetime

■ clock summer-time
■ clock timezone
3Com Switch 4200G Family display cluster ● 139
Command Reference
display cluster
Purpose Use the display cluster command to display the state and basic configuration
information of the cluster that contains the current switch.
Syntax display cluster
Parameters None
Example Display cluster information (assuming that the current switch is a management
device).
<S4200G> display cluster

Cluster name:"123"
Role:Administrator
Management-vlan:1(default vlan)
Handshake timer:10 sec

Handshake hold-time:60 sec
IP-Pool:33.33.33.1/29
cluster-mac:0180-c200-000a
No logging host configured
No SNMP host configured
No FTP server configured
No TFTP server configured
5 member(s) in the cluster, and 0 of them down.
Display cluster information (assuming that the current switch is a member device).
<S4200G> display cluster

Cluster name:"123"
Role:Member
Member number:4
Management-vlan:1(default vlan)
cluster-mac:0180-c200-000a
Handshake timer:10 sec
Handshake hold-time:60 sec
Administrator device mac address:00e0-fc00-1751

Administrator status:Up
Table 9 Description of cluster status and statistics
Field Description
Cluster name Name of the cluster
Role Cluster role of the switch
Member number Member number of the switch
Handshake timer Value of handshake timer
Handshake hold-time Value of handshake hold-time
140 ● display cluster 3Com Switch 4200G Family
Command Reference
Table 9 Description of cluster status and statistics (continued)
Field Description
Administrator device MAC address of management device
mac address
Administrator status State of the management device
■ Any view
Description When being executed on a member device, this command displays the information
such as cluster name, member number of the current switch, the MAC address and
state of the management device, holdtime, and the interval to send packets.
When being executed on a management device, this command displays the

information such as cluster name, the number of the member devices in the cluster,
cluster state, holdtime and the interval to send packets.
Errors occur if you execute this command on a switch that does not belong to any
cluster.
3Com Switch 4200G Family display cluster base-topology ● 141
Command Reference
display cluster base-topology
Purpose Use the display cluster topology command to display the standard topology
view of the cluster.
Syntax display cluster base-topology [ mac-address mac-address | member-id

member-number ]
Parameters mac-address Specifies a node according to a MAC address.

member-number Specifies the starting member number in the topology
display.
Example Display the standard topology information of the cluster.
<S4200G> display cluster base-topology
■ Any view
Description You can create a standard topology view by using the build or auto-build
command or save the current topology view as a standard topology view by using the
topology accept command. This command can be executed only on the
management device.
142 ● display cluster black-list 3Com Switch 4200G Family
Command Reference
display cluster black-list
Purpose Use the display cluster black-list command to display the current
blacklist of the cluster.
Syntax display cluster black-list
Parameters None
Example Display the current blacklist of the cluster.
<S4200G Sysname> display cluster black-list

Device ID Access Device ID Access port
00e0-fc00-0010 00e0-fc00-3550 Ethernet1/0/1
Table 10 Description on the fields of the display cluster black-list command
Field Description
Device ID ID of a device
Access Device ID ID of an access device
Access port Access port
■ Any view
Description You can create a standard topology view by using the build or auto-build
command or save the current topology view as a standard topology view by using the
topology accept command. This command can be executed only on the
management device.
3Com Switch 4200G Family display cluster candidates ● 143
Command Reference
display cluster candidates
Purpose Use the display cluster candidates command to display candidate devices
of a cluster.
Syntax display cluster candidates [ mac-address H-H-H | verbose ]
Parameters mac-address H-H-H MAC address of the candidate device.

verbose Displays the detailed information about the candidate
device.
Example Display the information about all the candidate devices.
<aaa_0.S4200G> display cluster candidates

MAC HOP IP PLATFORM
000f-cbb8-9528 1 31.31.31.56/24 S5126C
00e0-fc00-3199 3 S5150C
Table 11 Description of candidate list information
Field Description
MAC MAC address of a candidate device
Hop Hops from a candidate device to the management device
IP IP address of a candidate device
Platform Platform of a candidate device
Display the information about a specified candidate device.
<aaa_0.S4200G> display cluster candidates mac-address 00e0-fc61-c4c0

Hostname : LSW1
MAC : 00e0-fc61-c4c0
Hop : 1
Platform : Switch 4200G
IP: 1.5.6.9/16
Display the detailed information about all the candidate devices.
<aaa_0.S4200G> display cluster candidates verbose

Hostname : 5100-EI_4
MAC : 00e0-fc00-3199
Hop : 3
Platform : S5100-EI
IP :
Hostname : S4200G
MAC : 000f-cbb8-9528
Hop : 1
Platform : S5100-EI
IP : 31.31.31.56/24
144 ● display cluster candidates 3Com Switch 4200G Family
Command Reference
Table 12 Description of detailed candidate list information
Field Description
Hostname Name of the candidate device
MAC MAC address of a candidate device
Hop Hops from a candidate device to the management device
IP IP address of a candidate device
Platform Platform of a candidate device
■ Any view
Description This command can only be performed on the management device.

3Com Switch 4200G Family display cluster current-topology ● 145
Command Reference
display cluster current-topology
Purpose Use the display cluster current topology command to display the current
topology view or the topology path between two points.
Syntax display cluster current-topology [ mac-address mac-address [

to-mac-address mac-address ] | member-id member-number [ to-member-id
member-number ]]
Parameters member-number Specifies the starting member number in the topology

display or the member numbers a the starting point
and ending point of a path.
mac-address Specifies a node according to a MAC address.
Example Display the current topology information of the cluster.
<123.Sysname> display cluster current-topology

--------------------------------------------------------------------
(PeerPort) ConnectFlag (NativePort) [SysName:DeviceMac]
--------------------------------------------------------------------
ConnectFlag:
<--> normal connect ---> odd connect **** in blacklist
???? lost device ++++ new device -||- STP discarding
--------------------------------------------------------------------
[123.abc:00e0-fc50-4200G]
|
|--(P_1/4)<-->(P_1/4)[123.abc1:00e0-fc00-3580]
| |
| |--(P_1/8)????(P_1/8)[00e0-fc00-5150]
|
|--(P_1/6)????(P_1/6)[00e0-fc00-5700]
Table 13 Description on the fields of the display cluster current-topology

command
Field Description
PeerPort Port of the peer device
ConnectFlag Connection flag
NativePort Local port
SysName System name of the device
normal connect Normal connection
odd connect Unidirectional connection
in blacklist in the blacklist
lost device Lost device
new device Newly added device
STP discarding STP block
146 ● display cluster current-topology 3Com Switch 4200G Family
Command Reference
■ Any view

3Com Switch 4200G Family display cluster members ● 147
Command Reference
display cluster members
Purpose Use the display cluster members command to display the information about
cluster members.
Syntax display cluster members [ member-number | verbose ]
Parameters member-number Member number in the cluster, ranging from 0 to 255.

verbose Displays the detailed information about all the devices
in a cluster.
Example Display the information about all the devices in the cluster.
<123_0.5100-EI_1> display cluster members

SN Device MAC Address Status Name
0 S5100-EI 00e0-fc00-1751 Admin 123_0.5100-EI_1
2 S5100-EI 00e0-fc00-3199 Up 123_2.5100-EI_4
3 3Com S3528P 00e0-fd00-0043 Up 123_3.QX-S3528P
4 S5100-EI 00e0-fc00-2579 Up 123_4.5100-EI_2
5 S5100-EI 000f-e20f-c415 Up 123_5.5100-EI_5
Table 14 Description of displayed information
Field Description
SN Member number
Device Device type
MAC Address MAC address of the device
Status State of a device
Name Name of a device
Display the detailed information about the management device and all member
devices.
<123_0.5100-EI_1> display cluster members verbose

Member number:0
Name:123_0.5100-EI_1
Device:S5100-EI
MAC Address:00e0-fc00-1751
Member status:Admin
Hops to administrator device:0
IP: 31.31.31.1/24
Version:
3Com Versatile Routing Platform Software
VRP (tm) Software, Version 3.10
Copyright (c) 2002-2005 By 3Com
S5100-EI 5100-EI-001
Member number:2
Name:123_2.5100-EI_4
Device:S5100-EI
MAC Address:00e0-fc00-3199
Member status:Up
Hops to administrator device:3
148 ● display cluster members 3Com Switch 4200G Family
Command Reference
IP: 31.31.31.4/24
Version:
VRP (tm) Software, Version 3.10
Copyright (c) 2002-2005 By 3Com
S5100-EI 5100-EI-001
Description of displayed information

Table 15 Description of detailed displayed information
Field Description
Member number Device member number
Name Name of a device
Device Device type
MAC Address MAC address of a device
Member status State of a device
Hops to administrator Hops from the current device to the management device
device
IP IP address of a device
Version Software version of the current device
■ Any view
Description This command can only be performed on the management device.

3Com Switch 4200G Family display connection ● 149
Command Reference
display connection
Purpose Use the display connection command to view the information for a specified
connection type.
Syntax display connection [ access-type { dot1x | mac-authentication } |

domain isp-name | interface interface-type interface-number |
ip ip-address | mac mac-address | radius-scheme radius-scheme-name |
vlan vlan-id | ucibindex ucib-index | user-name user-name ]
Parameters access-type { dot1x |

mac-authentication } Specifies the connections to display based on logon
type.
■ dot1x means the 802.1x users.
■ mac-authentication means the centralized mac
address authentication users.
domain isp-name Specifies the connections to display according to ISP
domain. isp-name specifies the ISP domain name
with a character string up to 24 characters in length.
The specified ISP domain must exist.
interface-number Specifies the connections to display according the port.
ip ip-address Specifies the connections to display according to IP
address. ip-address is in the hexadecimal format
(ip-address).
mac mac-address Specifies the connections to display according to MAC
address. mac-address is in the hexadecimal format
(H-H-H).
radius-scheme
radius-scheme-name Specifies the connections to display according to
RADIUS scheme. radius-scheme-name specifies
the RADIUS scheme with a character string up to
32 characters in length.
vlan vlan-id Specifies the connections to display using the VLAN ID.
vlan-id ranges from 1 to 4094.
ucibindex ucib-index Specifies the connections to display using the
ucib-index. The ucib-index ranges from 0 to
1047.
user-name user-name Specifies the connections to display using the
user-name. The user-name is a character string up
to 32 characters in length. The string cannot contain
the following characters:
■ /
■ :
■ *
150 ● display connection 3Com Switch 4200G Family
Command Reference
■ ?
■ <
■ >
Example Display information about all user connections.
<S4200G>display connection
------------------unit 1------------------------
On Unit 1: Total 0 connections matched, 0 listed.
Total 1 connections matched, 1 listed.
Display information about the user connection with index 0.
[S4200G]dis connection ucibindex 0

Index=0 , Username=user1@system
MAC=000f-3d80-4ce5 , IP=192.168.0.3
Access=8021X ,Auth=CHAP ,Port=Ether ,Port NO=0x10003001
Initial VLAN=1, Authorization VLAN=1
ACL Group=Disable
CAR=Disable
Priority=Disable
Start=2000-04-03 02:51:53 ,Current=2000-04-03 02:52:22
,Online=00h00m29s
On Unit 1:Total 1 connections matched, 1 listed.
Total 1 connections matched, 1 listed.
Here, Port NO=0x10003001 means (by the binary bits):

Table 16 Description of the Port NO field
31 to 28 27 to 24 23 to 20 19 to 12 11 to 0
UNIT ID Slot number Subslot number Port number VLAN ID
■ Any view
Description The output can help with user connection diagnosis and troubleshooting.
If no parameter is specified, this command displays the related information about all
connected users.
This command cannot display information about the connections of the FTP users.
Related Command cut connection

3Com Switch 4200G Family display cpu ● 151
Command Reference
display cpu
Purpose Use the display cpu command to display CPU usage of a specified switch.
Syntax display cpu [ unit unit-id ]
Parameters unit unit-id: Specify the Unit ID of the switch.
Example Display the CPU usage of this switch.
<S4200G>display cpu
Unit 1
Board 0 CPU busy status:
12% in last 5 seconds
12% in last 1 minute
12% in last 5 minutes
Table 17 Display information
Field Description
12% in last 5 seconds The CPU occupancy rate is 12% at last 5 seconds
12% in last 1 minute The CPU occupancy rate is 12% at last 1 minute
12% in last 5 minutes The CPU occupancy rate is 12% at last 5 minutes
■ Any view
152 ● display current-configuration 3Com Switch 4200G Family
Command Reference
display current-configuration
Purpose Use the display current-configuration command to display the current

configuration of a switch.
Syntax display current-configuration [ configuration [ configuration-type ] |

interface [ interface-type ] [ interface-number ] | vlan [ vlan-id ] ]
[ by-linenum ] [ | { begin | include | exclude } regular-expression ]
Parameters configuration Displays the specified type of configurations.

configuration-type Configuration type. You can select one of the
following types:
■ isp: specifies the configuration of the internet
service provider (ISP)
■ radius-template: specifies RADIUS template
configuration
■ system: specifies the system configuration
■ user-interface: specifies user interface configuration
interface Displays the port configuration.
interface-type Interface type, which can be AUX, Ethernet,
GigabitEthernet, or NULL.
vlan Displays the VLAN configuration.
vlan-id VLAN ID.
by-linenum Displays the number of each line.
| Uses a regular expression to filter the configurations of
the device to be displayed.
begin Displays the configurations starting with the specified
text (regular-expression).
include Displays the configurations that contain the specified
text (regular-expression).
exclude Displays the configurations that do not contain the
specified text (regular-expression).
regular-expression A Regular expression.
3Com Switch 4200G Family display current-configuration ● 153
Command Reference
Table 18 Special characters used in a regular expression
Special Character Meaning Use

_ Underline. It is similar to a If the first character of the expression
wildcard and can is not underline, the number of the
represent the following
characters: (^|$|[,(){}]), underlines is not limited in theory (but
space, start symbol and is limited by the length of the com-
end symbol. mand line in practice).
If the first character of the expression
is underline, there can be four suc-
cessive underlines at most at the
beginning of the expression.
If the underlines are not successive,
only the first group of successive
underlines is matched. The
subsequent groups of underlines are
ignored.
( Left parenthesis. It It is recommended not to use this
represents the in-stack character in regular expression.
flag in programs.
. Period. It is a wildcard -
which matches any
character, including
space.
* Asterisk. It means that the zo* can be matched by “z” and “zoo”.
preceding sub-expression
can be matched for zero
or multiple times.
+ Plus sign. It means that zo+ can be matched by "zo" and
the preceding “zoo” but not "z".
sub-expression can be
matched for one or
multiple times.
Display the currently valid configuration parameters on the Ethernet switch.
<S4200G> display current-configuration

#
sysname S4200G
#
radius scheme system
#
domain system
#
vlan 1
#
vlan 2
#
interface Vlan-interface2
#
interface Aux1/0/0
#
#
#
#
154 ● display current-configuration 3Com Switch 4200G Family
Command Reference
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
interface NULL0
#
management-vlan 2
#
user-interface aux 0 7
user-interface vty 0 4
#
return
Display the lines that include 10* in the configuration information. “*” means that
the zero before it may not appear or appear multiple times continuously.
<S4200G> display current-configuration | include 10*

primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
local-server nas-ip 127.0.0.1 key easyKey
vlan 1
ip address 10.1.1.2 255.255.255.0
speed 1000
3Com Switch 4200G Family display current-configuration ● 155
Command Reference
network 10.1.1.0 0.0.0.255
Display the configuration information starting with “user”.
<S4200G> display current-configuration | include ^user

user-interface aux 0
■ Any view
Description This command will not display those configuration parameters that have the same
values with the corresponding default parameters.
After performing a group of configurations, you can use the display

current-configuration command to verify the configuration results by
checking the currently valid parameters in the display output. This command will not
display the parameters whose corresponding functions do not take effect even
though these parameters have been configured.
For example, although you can perform PPP-related configurations on an interface

encapsulated with X.25, the display current-configuration command does
not display the PPP configuration information.
Related Commands ■ display saved-configuration

■ reset saved-configuration
■ save
156 ● display debugging 3Com Switch 4200G Family
Command Reference
display debugging
Purpose Use the display debugging command to display the enabled debugging on a
specified device.
Syntax display debugging [ unit unit-id ] [ interface interface-type

interface-number | module-name ]
Parameters unit-id Unit ID of a switch.

interface-type Specify the Ethernet port type.
interface-num Specify the Ethernet port number.
module-name Specify the functional module name.
Example Show all the enabled debugging.
<S4200G> display debugging unit 1

IP icmp debugging is on
Rip packet debugging switch is on
Rip receive debugging switch is on
Rip send debugging switch is on
■ Any view
Description Executing this command without any parameter will display all enabled debugging.
Related Command debugging

3Com Switch 4200G Family display debugging habp ● 157
Command Reference
display debugging habp
Purpose Use the display debugging habp command to display the state of HABP
debugging.
Syntax display debugging habp
Parameters None
Example To display the state of HABP debugging.
<S4200G> display debugging habp

HABP Debugging switch is on
The information displayed indicates that HABP debugging is enabled.
■ Any view
158 ● display device 3Com Switch 4200G Family
Command Reference
display device
Purpose Use the display device command to display the information, such as the module
type and operating status, about each board (main board and sub-board) of a
specified switch.
Syntax display device [ manuinfo [ unit unit-id ] | unit unit-id ]
Parameters manuinfo Displays the manufacture information of the specified

switch.
unit unit-id Specifies the Unit ID of the switch.
Example Show device information.
<SW4200G>display device
Unit 1
SlotNo SubSNo PortNum PCBVer FPGAVer CPLDVer BootRomVer AddrLM Type
State
0 0 24 REV.A NULL 000 200 IVLMAIN Norma
■ Any view
Description Displayed information can include slot number, sub-slot number, number of ports,
versions of PCB, FPGA, CPLD and BootROM software, address learning mode,
and interface board type.
3Com Switch 4200G Family display dhcp client ● 159
Command Reference
display dhcp client
Purpose Use the display dhcp client command to display the DHCP client-related
information.
Syntax display dhcp client [ verbose ]
Parameters verbose Displays the detailed the DHCP client information

about address allocation.
Example Display the DHCP client information about address allocation.
<S4200G> display dhcp client verbose

DHCP client statistic information:
Vlan-interface1:
Current machine state: BOUND
Alloced IP: 169.254.0.2 255.255.0.0
Alloced lease: 86400 seconds, T1: 43200 seconds, T2: 75600 seconds
Lease from 2002.09.20 01:05:03 to 2002.09.21 01:05:03
Server IP: 169.254.0.1
Transaction ID = 0x3d8a7431
Default router: 2.2.2.2
DNS server: 1.1.1.1
Domain name: 3Com-3com.com
Client ID: 00e0-fc0a-c3ef
Next timeout will happen after 0 days 11 hours 56 minutes 1 seconds
Table 19 Description on the fields of the display dhcp client command
Field Description
Vlan-interface1 VLAN interface operating as a DHCP client to obtain an
IP address dynamically
Current machine state The state of the client state machine
Alloced IP IP address allocated to the DHCP client
lease Lease period
T1 Renewal timer readout
T2 Rebinding timer readout
Lease from….to…. The starting and end time of the lease period
Server IP IP address of the DHCP server
Transaction ID Transaction ID
Default router Gateway address
■ Any view
160 ● display dhcp-security 3Com Switch 4200G Family
Command Reference
display dhcp-security
Purpose Use the display dhcp-security command to display one or all user address
entries, or a specified type of user address entries in the valid user address table of a
DHCP server group.
Syntax display dhcp-security [ ip-address | dynamic | static | tracker ]
Parameters ip-address IP address. This argument is used to display the user

address entry with the specified IP address.
dynamic Displays the dynamic user address entries.
static Displays the static user address entries.
tracker Displays the interval to update the user address entries
of a DHCP-security table.
Example Display all user address entries contained in the valid user address table of the DHCP
server group.
<S4200G> display dhcp-security

IP Address MAC Address IP Address Type
2.2.2.3 0005-5d02-f2b2 Static
3.3.3.3 0005-5d02-f2b3 Dynamic
--- 2 dhcp-security item(s) found ---
Table 20 Description on the fields of the display dhcp-security command
Field Description
IP Address IP address of a user of the DHCP server
group
MAC Address MAC address of the user of the DHCP
server group
IP Address Type Type of the user address entry
(static/dynamic)
■ Any view
3Com Switch 4200G Family display dhcp-server ● 161
Command Reference
display dhcp-server
Purpose Use the display dhcp-server command to display information about a specified
DHCP server group.
Syntax display dhcp-server groupNo
Parameters groupNo DHCP server group number. Valid values are 0 to 19.
Example Display information about DHCP server group 0.
<S4200G> display dhcp-server 0

IP address of DHCP server group 0: 1.1.1.1
Messages from this server group: 0
Messages to this server group: 0
Messages from clients to this server group: 0
Messages from this server group to clients: 0
DHCP_OFFER messages: 0
DHCP_ACK messages: 0
DHCP_NAK messages: 0
DHCP_DECLINE messages: 0
DHCP_DISCOVER messages: 0
DHCP_REQUEST messages: 0
DHCP_INFORM messages: 0
DHCP_RELEASE messages: 0
BOOTP_REQUEST messages: 0
BOOTP_REPLY messages: 0
Table 21 Description on the fields of the display dhcp-server command
Field Description
IP address of DHCP server group 0: DHCP server IP addresses of DHCP
server group 0
Messages from this server group Number of the packets received from
the DHCP server group
Messages to this server group Number of the packets sent to the
DHCP server group
Messages from clients to this server group Number of the packets received from
the DHCP clients
Messages from this server group to clients Number of the packets sent to the
DHCP clients
DHCP_OFFER messages Number of the received DHCP-OFFER
packets
DHCP_ACK messages Number of the received DHCP-ACK
packets
162 ● display dhcp-server 3Com Switch 4200G Family
Command Reference
Table 21 Description on the fields of the display dhcp-server command
Field Description
DHCP_NAK messages Number of the received DHCP-NAK
packets
DHCP_DECLINE messages Number of the received
DHCP-DECLINE packets
DHCP_DISCOVER messages Number of the received
DHCP-DISCOVER packets
DHCP_REQUEST messages Number of the received
DHCP-REQUEST packets
DHCP_INFORM messages Number of the received DHCP-INFORM
packets
DHCP_RELEASE messages Number of the received
DHCP-RELEASE packets
BOOTP_REQUEST messages Number of the BOOTP request packets
BOOTP_REPLY messages Number of the BOOTP response
packets
■ Any view
Related Commands ■ debugging dhcp-relay

■ dhcp-server
■ dhcp-server ip
3Com Switch 4200G Family display dhcp-server interface vlan-interface ● 163
Command Reference
display dhcp-server interface vlan-interface
Purpose Use the display dhcp-server interface vlan-interface command to

display information about the DHCP server group to which a VLAN interface is
mapped.
Syntax display dhcp-server interface vlan-interface vlan-id
Parameters vlan-id VLAN ID.
Examples Display information about the DHCP server group to which VLAN 2 interface is
mapped.
<S4200G> display dhcp-server interface vlan-interface 2.

The DHCP server group of this interface is 0.
The above display information indicates the VLAN 2 interface is mapped
to DHCP server group 0.
■ Any view
Related Commands ■ debugging dhcp-relay

■ dhcp-server
164 ● display dhcp-snooping 3Com Switch 4200G Family
Command Reference
display dhcp-snooping
Purpose Use the display dhcp-snooping command to display the user IP-MAC address
mapping entries recorded by the DHCP snooping function.
Syntax display dhcp-snooping [ unit unit-id ]
Parameters unit-id ID of a unit in a fabric.
Example Display the user IP-MAC address mapping entries recorded by the DHCP snooping
function.
<S4200G> display dhcp-snooping

DHCP-Snooping is enabled.
Type : D--Dynamic , S--Static
Unit ID : 1
Type IP Address MAC Address Lease VLAN Interface
==== =============== =============== ========= ==== =================
--- 0 dhcp-snooping item(s) of unit 1 found ---
■ Any view
3Com Switch 4200G Family display dhcp-snooping ● 165
Command Reference
Purpose Use the display dhcp-snooping command to display the correspondence

between user IP addresses and MAC addresses recorded by the DHCP snooping
function.
Syntax display dhcp-snooping
Parameters None.
Example Display the correspondence between user IP addresses and MAC addresses recorded
by the DHCP snooping function..
<S4200G> display dhcp-snooping

DHCP-Snooping is enabled.
The client binding table for all untrusted ports.
Type : D--Dynamic , S--Static
Unit ID : 1
Type IP Address MAC Address Lease VLAN Interface
==== =============== =============== ========= ==== =================
--- 0 dhcp-snooping item(s) of unit 1 found ---
■ Any view
166 ● display dhcp-snooping trust 3Com Switch 4200G Family
Command Reference
display dhcp-snooping trust
Purpose Use the display dhcp-snooping trust command to display the

(enabled/disabled) state of the DHCP snooping function and the trusted ports.
Syntax display dhcp-snooping trust
Parameters None
Example Display the state of the DHCP snooping function and the trusted ports.
<S4200G> display dhcp-snooping trust

dhcp-snooping is enabled
dhcp-snooping trust become effective
Interface Trusted
=================================
Ethernet1/0/1 Trusted
The above display information indicates that the DHCP snooping function is enabled,
and the Ethernet1/0/1 port is a trusted port.
■ Any view
3Com Switch 4200G Family display dhcp-snooping trust ● 167
Command Reference
Purpose Use the display dhcp-snooping trust command to display the

DHCP-Snooping state and information on trusted ports.
Syntax display dhcp-snooping trust
Parameters None
Example Display DHCP-Snooping trust state and information on trusted ports.
<S4200G> display dhcp-snooping trust

dhcp-snooping is enabled
dhcp-snooping trust become effective
Interface Trusted
=================================
GigabitEthernet1/0/1 Trusted
The above display indicates that DHCP-Snooping is enabled and that the rust function
is effective with GigabitEthernet1/0/1 being the trusted port.
■ Any view
168 ● display diagnostic-information 3Com Switch 4200G Family
Command Reference
display diagnostic-information
Purpose Use the display diagnostic-information command to display the system

diagnostic information, or save the system diagnostic information to a file (with a
suffix of "diag") in the flash memory.
Syntax display diagnostic-information
Parameters None
Example Save the system diagnostic information to the default.diag file.
<S4200G> display diagnostic-information

This operation may take a few minutes, continue?[Y/N]y
Diagnostic-information is saved to Flash or displayed(Y=save
N=display)?[Y/N]y
Please input the file name(*.diag)[flash:/default.diag]:
The file is already existing, overwrite it? [Y/N]y
% Output information to file: flash:/default.diag.

Please wait......
■ Any view
3Com Switch 4200G Family display domain ● 169
Command Reference
display domain
Purpose Use the display domain command to view the configuration information of a
specified ISP domain or display the summary information of all ISP domains.
Syntax display domain [ isp-name ]
Parameters isp-name Specifies the ISP domain name with a character string
up to 24 characters in length. The specified ISP domain
must exist.
Example To display the configuration information about all ISP domains.
<S4200G> display domain

0 Domain = system
State = Active
Scheme = LOCAL
Access-limit = Disable
Vlan-assignment-mode = Integer
Domain User Template:
Idle-cut = Disable
Self-service = Disable
Messenger Time = Disable
Default Domain Name: system

Total 1 domain(s).1 listed.
Table 22 Description on the fields of the display domain command
Field Description
Domain Domain name
State State
Scheme AAA scheme
Access-Limit Limit on the number of access users
Vlan-assignment-mode VLAN assignment mode
Domain User Template Domain user template
Idle-Cut State of the idle-cut function
Self-service State of the self service
Messenger Time State of the messenger time service
■ Any view
170 ● display domain 3Com Switch 4200G Family
Command Reference
Description This command is used to output the configuration of a specified ISP domain or display
the summary information of all ISP domains. If an ISP domain is specified, the
configuration information (content and format) will be displayed exactly the same as
the displayed information of the display domain command. The output information
can help with ISP domain diagnosis and troubleshooting. Note that the accounting
scheme to be displayed should have been created.
Related Commands ■ access-limit

■ domain
■ radius-scheme
■ state
3Com Switch 4200G Family display dot1x ● 171
Command Reference
display dot1x
Purpose Use the display dot1x command to view the relevant information of 802.1x.
Displayed information includes:
■ Configuration information
■ Operation information (session information)
■ Relevant statistics
Syntax display dot1x [ sessions | statistics ] [ interface interface-list ]
Parameters sessions Displays the session connection information of 802.1x.

statistics Displays the relevant statistics information of 802.1x.
interface Displays the 802.1x information about a specific port.
interface-list Ethernet port list. You can specify multiple Ethernet
ports by providing this argument in the for:
interface-list = { interface-name
[ to interface- name] & < 1-10 >
interface-name is the port index of an Ethernet
port and can be specified in this form:
interface-name = { interface-type
interface-num }
interface-type specifies the type of an Ethernet
port and interface-num identifies the number of the
port. Note that the interface name after the keyword
to must have an interface-num that is greater than or
equal to that of the interface-name before the
keyword to. "&<1-10>" means that up to 10 port
indexes/port index lists can be provided.
Default By default, all the relevant 802.1x information about each interface will be displayed.
Example To display 802.1x-related configuration information, enter the following:
<S4200G> display dot1x

Equipment 802.1X protocol is enabled
CHAP authentication is enabled
DHCP-launch is enabled
Proxy trap checker is disabled
Proxy logoff checker is disabled
Configuration: Transmit Period 30 s, Handshake Period 15 s

Quiet Period 60 s, Quiet Period Timer is disabled
Supp Timeout 30 s, Server Timeout 100 s
172 ● display dot1x 3Com Switch 4200G Family
Command Reference
Interval between version requests is 30s

Maximal request times for version information is 3
The maximal retransmitting times 2
Total maximum 802.1x user resource number is 1024

Total current used 802.1x resource number is 1
GigabitEthernet1/0/1 is link-down
802.1X protocol is disabled
Version-Check is disabled
The port is an authenticator
Authentication Mode is Auto
Port Control Type is Mac-based
Max number of on-line users is 256
Authentication Success: 0, Failed: 0

EAPOL Packets: Tx 0, Rx 0
Sent EAP Request/Identity Packets : 0
EAP Request/Challenge Packets: 0
Received EAPOL Start Packets : 0
EAPOL LogOff Packets: 0
EAP Response/Identity Packets : 0
EAP Response/Challenge Packets: 0
Error Packets: 0
Controlled User(s) amount to 0
GigabitEthernet1/0/2 is link-down
802.1X protocol is disabled
Version-Check is disabled
The port is an authenticator
Authentication Mode is Auto
Port Control Type is Mac-based
Max number of on-line users is 256
Authentication Success: 0, Failed: 0

EAPOL Packets: Tx 0, Rx 0
Sent EAP Request/Identity Packets : 0
EAP Request/Challenge Packets: 0
Received EAPOL Start Packets : 0
EAPOL LogOff Packets: 0
EAP Response/Identity Packets : 0
EAP Response/Challenge Packets: 0
Error Packets: 0
Controlled User(s) amount to 0
GigabitEthernet1/0/3
……
Table 23 Description on the fields of the display dot1x command
Field Description
Equipment 802.1X protocol is 802.1x protocol (802.1x for short) is enabled on the switch.
enabled
CHAP authentication is enabled CHAP authentication is enabled.
DHCP-launch is enabled DHCP-triggered.802.1x authentication is disabled.
3Com Switch 4200G Family display dot1x ● 173
Command Reference
Table 23 Description on the fields of the display dot1x command (continued)
Field Description
Proxy trap checker is disabled The proxy trap checker is disabled here, which means the switch
does not send Trap packets when it detects that a supplicant
system logs in through a proxy. It can also be configured as
enabled, in which case the switch sends Trap packets when it
detects that a supplicant system logs in through a proxy.
Proxy logoff checker is disabled The proxy logoff checker is disabled here, which means that a
switch does not disconnect a supplicant system when it detects
that the latter logs in through a proxy. It can also be configured
as enabled, in which case the switch disconnects a supplicant
system when it detects that the latter logs in through a proxy.
Transmit Period Setting of the Transmission period timer (the tx-period)
Handshake Period Setting of the handshake period timer (the handshake-period)
Quiet Period Setting of the quiet period timer (the quiet-period)
Quiet Period Timer is disabled The quiet period timer is disabled here. It can also be configured
as enabled when necessary.
Supp Timeout Setting of the supplicant timeout timer (supp-timeout)
Server Timeout Setting of the server-timeout timer (server-timeout)
The maximal retransmitting The maximum number of times that a switch can send
times authentication request packets to a supplicant system
Total maximum 802.1x user The maximum number of 802.1x users that a switch can
resource number accommodate
Total current used 802.1x The number of online supplicant systems
resource number
GigabitEthernet1/0/1 is GigabitEthernet1/0/1 port is in down state.
link-down
802.1X protocol is disabled 802.1x is disabled on the port
Proxy trap checker is disabled The proxy trap checker is disabled here. It can also be configured
as enabled, in which case the switch sends Trap packets when it
detects that a supplicant system logs in through a proxy.
Proxy logoff checker is disabled The proxy logoff checker is disabled here. It can also be
configured as enabled, in which case the switch disconnects a
supplicant system when it detects that the latter logs in through
a proxy.
Version-Check is disabled The client version checking function is disabled here. It can also
be configured as enabled, in which case the switch checks client
version.
The port is an authenticator The port acts as an authenticator system.
Authentication Mode is Auto The port access control mode is Auto.
Port Control Type is Mac-based The port access control method is MAC-based. That is,
supplicant systems are authenticated based on their MAC
addresses.
Max number of on-line users The maximum number of online users that the port can
accommodate
… Information omitted here
■ Any view
Description When the interface-list argument is not provided, this command displays
802.1x-related information on all ports. The output information can be used to verify
802.1 x-related configurations and to troubleshoot.
174 ● display dot1x 3Com Switch 4200G Family
Command Reference
Related Commands ■ dot1x

■ dot1x max-user
■ dot1x port-control
■ dot1x port-method
■ dot1x retry
■ reset dot1x statistics
■ dot1x timer
3Com Switch 4200G Family display fib ● 175
Command Reference
display fib
Purpose Use the display fib command to view the summary of the forwarding information
base.
Syntax display fib
Parameters None
Example To display the summary of the Forwarding Information Base, enter the following:
<S4200G> display fib

Flag:
U:Usable G:Gateway H:Host B:Blackhole D:Dynamic
S:Static
R:Reject E:Equal cost multi-path L:Generated by ARP or ESIS
Destination/Mask Nexthop Flag TimeStamp Interface
127.0.0.1/32 127.0.0.1 GHU t[50] InLoopBack0
127.0.0.0/8 127.0.0.1 U t[50] InLoopBack0
Table 24 Description of the output information of the display fib command
Field Description
Destination/Mask Destination address/mask length
Nexthop Forward address of the next hop
Flag
The flag options include:
B indicates this is a blacklist route.
D indicates this is a dynamic route.
E indicates this is an equal-cost route.
G indicates this is a gateway route.
H indicates this is a host route.
S indicates this is a static route.
U indicates this route is up and available.
R indicates this route is rejected and unavailable.
L indicates this route is generated by ARP or ESIS.
Interface Interface
■ Any view
Description The information includes: the destination address/mask length, next hop address,
current flag, and forward interface
176 ● display ftp-server 3Com Switch 4200G Family
Command Reference
display ftp-server
Purpose Use the display ftp-server command to display the FTP server-related settings of a
switch when it operates as an FTP server.
You can use this command to verify FTP server-related configurations.
Syntax display ftp-server
Parameters None
Example Display the FTP server-related settings of the switch (assuming that the switch is
operating as an FTP server).
<S4200G> display ftp-server

FTP server is running
Max user number 1
User count 0
Timeout value (in minute) 30
Table 25 Description on the fields of the display ftp-server command
Field Description
FTP server is running The FTP server is started
Max user number 1 The FTP server can accommodate up to one user.
User count 0 The current login user number is 0.
Timeout value ( in minutes ) The connection idle time is 30 minutes.
30
■ Any view
3Com Switch 4200G Family display ftp-user ● 177
Command Reference
display ftp-user
Purpose Use the display ftp-user command to display the settings of the current FTP
user, including the user name, host IP address, port number, connection idle time,
and authorized directory.
Syntax display ftp-user
Parameters None
Example Display FTP user settings.
<S4200G> display ftp-user

UsernameHost IPPortIdleHomedir
S4200G10.110.3.510742flash:/S4200G
■ Any view
178 ● display garp statistics 3Com Switch 4200G Family
Command Reference
display garp statistics
Purpose Use the display garp statistics command to display the GARP statistics on
specified (or all) ports.
Syntax display garp statistics [ interface interface-list ]
Parameters interface-list Ethernet port list, in the format of interface-list

= { interface-type interface-number [ to
interface-type interface-number ]
}&<1-10>. Where, interface-type is the port type,
interface-number is the port number (refer to the
parameter description of the port part in this
document for the meanings and ranges of the two
parameter), and &<1-10> means you can specify
totally 1 to 10 ports and port ranges.
Example Display the GARP statistics on the port GigabitEthernet1/0/1.
<S4200G> display garp statistics interface GigabitEthernet1/0/1

GARP statistics on port GigabitEthernet1/0/1
Number Of GMRP Frames Received : 0
Number Of GVRP Frames Received : 0
Number Of GMRP Frames Transmitted : 0
Number Of GVRP Frames Transmitted : 0
Number Of Frames Discarded : 0
■ Any view
Description The displayed information includes:
■ Number of GMRP packets the port received

■ Number of GVRP packets the port received
■ Number of GMRP packets the port received
■ Number of GVRP packets the port received
■ Number of packets the port discarded
3Com Switch 4200G Family display garp timer ● 179
Command Reference
display garp timer
Purpose Use the display garp timer command to display the values of the GARP timers
on specified or all ports.
Syntax display garp timer [ interface interface-list ]

Example Display the values of GARP timers of the port GigabitEthernet1/0/1.
<S4200G> display garp timer interface GigabitEthernet1/0/1

GARP timers on port GigabitEthernet1/0/1
Garp Join Time : 20 centiseconds

Garp Leave Time : 60 centiseconds
Garp LeaveAll Time : 1000 centiseconds
Garp Hold Time : 10 centiseconds
■ Any view
■ Value of the Join timer

■ Value of the Leave timer
■ Value of the LeaveAll timer
■ Value of the Hold timer
Related Commands ■ garp timer

■ garp timer leaveall
180 ● display gvrp statistics 3Com Switch 4200G Family
Command Reference
display gvrp statistics
Purpose Use the display gvrp statistics command to display the GVRP statistics
about specified (or all) Trunk ports.
Syntax display gvrp statistics [ interface interface-list ]

Example Display the GVRP statistics about the port GigabitEthernet1/0/1.
<S4200G> display gvrp statistics interface ethernet1/0/1

GVRP statistics on port Ethernet1/0/1
GVRP Status : Enabled

GVRP Running : YES
GVRP Failed Registrations : 0
GVRP Last Pdu Origin : 0000-0000-0000
GVRP Registration Type : Normal
■ Any view
■ GVRP status
■ Whether GVRP is running
■ Number of the failed GVRP registrations
■ The source MAC address of the last GVRP PDU
■ GVRP registration type of the port
3Com Switch 4200G Family display gvrp status ● 181
Command Reference
display gvrp status
Purpose Use the display gvrp status command to display the enable/disable status of
global GVRP.
Syntax display gvrp status
Parameters None
Example Display the enable/disable status of global GVRP.
<S4200G> display gvrp status

GVRP is enabled
The above information indicates GVRP is enabled globally.
■ Any view
182 ● display habp 3Com Switch 4200G Family
Command Reference
display habp
Purpose Use the display habp command to display HABP configuration and status
information.
Syntax display habp
Parameters None
Example To display HABP configuration and status information, enter the following:
<S4200>system-view
[S4200] display habp
Global HABP information:
HABP Mode: Server
Sending HABP request packets every 20 seconds
Bypass VLAN: 2
Table 26 Description on the fields of the display habp command
Field Description
HABP Mode Indicates the HABP mode of the switch.
A switch can operate as an HABP server
(displayed as Server) or an HABP client
(displayed as Client).
Sending HABP request packets every 20 seconds HABP request packets are sent once in
every 20 seconds.
Bypass VLAN Indicates the ID(s) of the VALN(s) to
which HABP request packets are sent
■ Any view
3Com Switch 4200G Family display habp table ● 183
Command Reference
display habp table
Purpose Use the display habp table command to display the MAC address table
maintained by HABP.
Syntax display habp table
Parameters None
Default body
Example To display the MAC address table maintained by HABP, enter the following:
[S4200G] display habp table
MAC Holdtime Receive Port
001f-3c00-0030 53 GigabitEthernet1/0/1
Table 27 Description on the fields of the display habp table command
Field Description
MAC MAC addresses listed in the HABP MAC address table.
Holdtime Hold time of the entries in the HABP MAC address table. An
address will be removed from the table if it has not been updated
during the hold time.
Receive Port The port from which a MAC address is learned
■ Any view
184 ● display habp traffic 3Com Switch 4200G Family
Command Reference
display habp traffic
Purpose Use the display habp traffic command to display statistics on HABP packets.
Syntax display habp traffic
Parameters None
Example To display statistics on HABP packets, enter the following:
<S4200G>system-view
[S4200G] display habp traffic
HABP counters :
Packets output: 0, Input: 0
ID error: 0, Type error: 0, Version error: 0
Sent failed: 0
Table 28 Description on the fields of the display habp traffic command
Field Description
Packets output Number of the HABP packets sent
Input Number of the HABP packets received
ID error Number of HABP packets with ID errors
Type error Number of HABP packets with type errors
Version error Number of HABP packets with version errors
Sent failed Number of HABP packets that failed to be sent
■ Any view
3Com Switch 4200G Family display history-command ● 185
Command Reference
display history-command
Purpose Use the display history-command command to display history commands.
Syntax display history-command
Parameters None
Example Display history commands.
<S4200G> display history-command

sys
quit
display his
■ Any view
Related Command history-command max-size

186 ● display icmp statistics 3Com Switch 4200G Family
Command Reference
display icmp statistics
Purpose Use the display icmp statistics command to view the statistics information
about ICMP packets.
Syntax display icmp statistics
Parameters None
Example To view statistics about ICMP packets, enter the following:
<S4200G> display icmp statistics

Input: bad formats 0 bad checksum 0
echo 5 destination unreachable 0
source quench 0 redirects 0
echo reply 10 parameter problem 0
timestamp 0 information request 0
mask requests 0 mask replies 0
time exceeded 0
Output:echo 10 destination unreachable 0
source quench 0 redirects 0
echo reply 5 parameter problem 0
timestamp 0 information reply 0
mask requests 0 mask replies 0
time exceeded 0
Table 29 Output Description of the display icmp statistics command
Field Description
bad formats Number of input packets in bad format
bad checksum Number of input packets with wrong checksum
echo Number of input/output echo request packets
destination unreachable Number of input/output packets with unreachable destination
source quench Number of input/output source quench packets
redirects Number of input/output redirected packets
echo reply Number of input/output echo reply packets
parameter problem Number of input/output packets with parameter problem
timestamp Number of input/output timestamp packets
information request Number of input information request packets
mask requests Number of input/output mask request packets
mask replies Number of input/output mask reply packets
information reply Number of output information reply packets
time exceeded Number of time exceeded packets
■ Any view
3Com Switch 4200G Family display icmp statistics ● 187
Command Reference
Related Commands ■ display interface VLAN-interface

■ reset ip statistics
188 ● display igmp-snooping configuration 3Com Switch 4200G Family
Command Reference
display igmp-snooping configuration
Purpose Use the display igmp-snooping configuration command to display the

configuration information about IGMP Snooping.
Syntax display igmp-snooping configuration
Parameters None
Example Display the configuration information about IGMP Snooping on the switch.
<S4200G> display igmp-snooping configuration

Enable IGMP-Snooping.
The router port timeout is 105 second(s).
The max response timeout is 1 second(s).
The host port timeout is 260 second(s).
The above information shows: IGMP Snooping has already been enabled, the aging
time of the router port is 105 seconds, the maximum query response time is one
second, and the aging time of multicast member ports is 260 seconds.
■ Any view
Description When IGMP Snooping is enabled on the switch, this command displays the following
information: IGMP Snooping status, aging time of the router port, query response
timeout time, and aging time of multicast member ports.
Related Command igmp-snooping

3Com Switch 4200G Family display igmp-snooping group ● 189
Command Reference
display igmp-snooping group
Purpose Use the display igmp-snooping group command to display information about
the IP and MAC multicast groups under one VLAN (with vlan vlan-id) or all
VLANs (without vlan vlan-id).
Syntax display igmp-snooping group [ vlan vlan-id ]
Parameters vlan vlan-id Specifies a VLAN ID.
Example Display information about the multicast groups under VLAN 2.
<S4200G> display igmp-snooping group vlan 2

***************Multicast group table***************
Vlan(id):2.
Router port(s):GigabitEthernet1/0/1
IP group(s):the following ip group(s) match to one mac group.
IP group address:230.45.45.1
Member port(s):GigabitEthernet1/0/2
MAC group(s):
MAC group address:01-00-5e-2d-2d-01
Member port(s):GigabitEthernet1/0/2
The above information shows:
■ There exist multicast groups under VLAN 2.

■ GigabitEthernet 1/0/1 is the router port.
■ The IP multicast group address is 230.45.45.1.
■ GigabitEthernet 1/0/2 is a member port of the IP multicast group.
■ The MAC multicast group address is 0100-5e2d-2d01.
■ GigabitEthernet 1/0/2 is a member port of the MAC multicast group.
■ Any view
Description This command displays the following information: VLAN ID, router port, IP multicast
group address, member ports included in IP multicast group, MAC multicast group,
MAC multicast group address, member ports included in MAC multicast group.
190 ● display igmp-snooping statistics 3Com Switch 4200G Family
Command Reference
display igmp-snooping statistics
Purpose Use the display igmp-snooping statistics command to display the

message statistics about IGMP Snooping.
Syntax display igmp-snooping statistics
Parameters None
Example Display the message statistics about IGMP Snooping.
<4200G> display igmp-snooping statistics

Received IGMP general query packet(s) number:0.
Received IGMP specific query packet(s) number:0.
Received IGMP V1 report packet(s) number:0.
Received IGMP V2 report packet(s) number:0.
Received IGMP leave packet(s) number:0.
Received error IGMP packet(s) number:0.
Sent IGMP specific query packet(s) number:0.
The above information shows that IGMP Snooping has received:
■ Zero IGMP general query message

■ Zero IGMP group-specific query message
■ Zero IGMP V1 report message
■ Zero IGMP V2 report message
■ Zero IGMP leave message
■ Zero IGMP error message
And IGMP Snooping has sent:
■ Zero IGMP group-specific query message
■ Any view
Description This command displays the following information: the numbers of the IGMP general
query messages, IGMP group-specific query messages, IGMP V1 report messages,
IGMP V2 report messages, IGMP leave messages and error IGMP messages received,
and the number of the IGMP group-specific query messages sent.

3Com Switch 4200G Family display info-center ● 191
Command Reference
display info-center
Purpose Use the display info-center command to display system log settings and memory
buffer record statistics.
Syntax display info-center [ unit unit-id ]
Parameters unit-id Unit identification
Example Display system log settings.
<S4200G> display info-center

Information Center:enabled
Log host:
Console:
channel number:0, channel name:console
Monitor:
channel number:1, channel name:monitor
SNMP Agent:
channel number:5, channel name:snmpagent
Log buffer:
enabled, max buffer size:1024, current buffer size:256
current messages:2, channel number:4, channel name:logbuffer
dropped messages:0, overwrote messages:0
Trap buffer:
enabled, max buffer size:1024, current buffer size:256
current messages:0, channel number:3, channel name:trapbuffer
dropped messages:0, overwrote messages:0
Information timestamp setting:
log - date, trap - date, debug - boot
SWITCH OF Device--Unit>1: LOG = disable; TRAP = disable; DEBUG = enable
Table 30 Description on the fields of the display info-center command
Field Description
Information Center: Whether the information center is enabled.
Log host: Status of the log host, including its IP address, used
channel numbers, channel names, language and level.
Console: Usage status of the control port, including the channel
number and channel name it uses.
Monitor: Usage status of the monitor port, including the channel
number and channel name it uses.
SNMP Agent: Usage status of the network proxy, including the
channel number and channel name it uses.
Log buffer: Usage status of the log buffer, including whether it is
enabled, the utmost capacity, the current capacity, the
current item number, channel name, channel number,
discarded item number and covered item number.
Trap buffer: Usage status of the trap buffer, including whether it is
enabled, the utmost capacity, the current capacity, the
current item number, channel name, channel number,
discarded item number and cover item number.
192 ● display info-center 3Com Switch 4200G Family
Command Reference
Table 30 Description on the fields of the display info-center command (continued)
Field Description
Information timestamp setting Time stamp settings, describing the time stamp types of
log information, trap information and debug
information.
SWITCH OF Device--Unit>1 Device switch status, describing the switch status of log,
trap and debug information.
■ Any view
Description If the information in the current log/trap buffer is less than the specified sizeval,
display the actual log/trap information.
Related Commands ■ info-center enable

■ info-center logbuffer
■ info-center console channel
■ info-center monitor channel
3Com Switch 4200G Family display interface ● 193
Command Reference
display interface
Purpose Use the display interface command to view the configuration information on the
selected interface.
Syntax display interface [ interface-type |
Parameters interface-type Specifies the port (interface) type. This can be either
Aux, Ethernet, GigabitEthernet, NULL, Vlan-interface.
interface-number Specifies the port (interface) number in the format
unit-number/0/port-number.
Valid values for the port number are 1 to 16, 1 to 28,
or 1 to 52, depending on the number of ports you
have on your unit.
You can use the interface_name at this command. This consists of the
interface_type and the interface_number combined as a single parameter. For
example, Ethernet1/0/1.
Example To display configuration information on Ethernet port 1/0/1, enter the following:
<S4200G>display interface GigabitEthernet 1/0/1
The information displays in the following format:
GigabitEthernet1/0/1 current state : ADMINISTRATIVELY DOWN

IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-
fc00-5104
Media type is twisted pair, loopback not set
Port hardware type is 1000_BASE_T
1000Mbps-speed mode, full-duplex mode
Link speed type is force link, link duplex type is force link
Flow-control is not enabled
The Maximum Frame Length is 9216
Broadcast-suppression ratio(%): 100%
Unknown Multicast Packet drop: Disable
Unknown Unicast Packet drop: Disable
Allow jumbo frame to pass
PVID: 1
Mdi type: auto
Port link-type: access
Tagged VLAN ID : none
Untagged VLAN ID : 1
Last 300 seconds input: 0 packets/sec 0 bytes/sec
Last 300 seconds output: 0 packets/sec 0 bytes/sec
Input(total): - packets, - bytes
- broadcasts, - multicasts, - pauses
Input(normal): 0 packets, 0 bytes
0 broadcasts, 0 multicasts, - pauses
Input: 0 input errors, 0 runts, 0 giants, 0 throttles, 0 CRC
194 ● display interface 3Com Switch 4200G Family
Command Reference
0 frame, 0 overruns, 0 aborts, - ignored, - parity errors

Output(total): - packets, - bytes
Output(normal): 0 packets, 0 bytes
0 broadcasts, 0 multicasts, 0 pauses
Output: 0 output errors, - underruns, - buffer failures
0 aborts, 0 deferred, 0 collisions, 0 late collisions
- lost carrier, - no carrier
Output: 0 output errors, - underruns, - buffer failures
- aborts, 0 deferred, 0 collisions, 0 late collisions
■ Any view
Description Along with others, this interface could be a specific port's interface (for example,
Ethernet1/0/1) or a specific VLAN interface (for example, vlan-interface 1).
Table 31 Output Description of the display interface command
Field Description
GigabitEthernet1/0/1 current state Indicates the current state of the Ethernet port (up
or down)
IP Sending frames’ format Displays the Ethernet frame format
Hardware address Displays the port hardware address
The Maximum Transmit Unit Indicates the maximum transmit unit
Media type Indicates the type of media
loopback not set Displays the port loopback test state
Port hardware type Displays the port hardware type
1000Mbps-speed mode, full-duplex 1000Mbps-speed mode, full-duplex mode
mode
Link speed type is force link, link duplex Link speed type is force link, link duplex type is force
type is force link link
Flow control is not enabled Port flow control state
The Maximum Frame Length Indicates the maximum length of the Ethernet
frames that can pass through the port
Broadcast MAX ratio Port broadcast storm suppression ratio
Unknown Multicast Packet drop: Disable The unknown multicast packet dropping function is
disabled
Unknown Unicast Packet drop: Disable The unknown multicast packet dropping function is
disabled
Allow jumbo frame to pass Indicates that jumbo frame are allowed to pass
through the port
PVID Indicates the port default VLAN ID.
Mdi type Indicates the cable type
Port link-type Indicates the port link type
3Com Switch 4200G Family display interface ● 195
Command Reference
Table 31 Output Description of the display interface command (continued)
Field Description
Tagged VLAN ID Indicates the VLANs with packets tagged
Untagged VLAN ID Indicates the VLANs with packets untagged
Last 300 minutes input rate: Displays the input/output rate and the number of
0 packets/sec, 0 bytes/sec packets that were passed on this port in the last
300 seconds
Last 300 minutes output rate:
0 packets/sec, 0 bytes/sec
Input(total): 0 packets, 0 bytes The statistics information of input/output packets
and errors on this port. A “-” indicates that the
- broadcasts, - multicasts
item isn't supported by the switch.
Input(normal): 0 packets, 0 bytes
0 broadcasts, 0 multicasts
Input: 0 input errors, 0 runts, 0 giants,
0 throttles, 0 CRC
0 frame, - overruns, - aborts, -
ignored, - parity errors
Output(total): 0 packets, 0 bytes
Output(normal): 0 packets, 0 bytes
Output: 0 output errors, - underruns, -
buffer failures
- aborts, 0 deferred, 0 collisions, 0
late collisions
Description Use the display interface command to display port configuration.
■ If you specify neither port type nor port number, the command displays
information about all ports.
■ If you specify only port type, the command displays information about all ports of
this type.
■ If you specify both port type and port number, the command displays information
about the specified port.
196 ● display interface VLAN-interface 3Com Switch 4200G Family
Command Reference
display interface VLAN-interface
Purpose Use the display interface vlan-interface command to display the

information about the management VLAN interface, including the physical and link
status, the format of the sent frames, the MAC address, IP address (and subnet
mask), description string and MTU (maximum transmit unit) of the management
VLAN.
Syntax display interface vlan-interface [ vlan_id ]
Parameters vlan_id Specifies the ID of the management VLAN interface.
Example To display information about the management VLAN interface (assume that VLAN 1 is
the management VLAN) type the following:
<S4200G> display interface vlan-interface 1

Vlan-interface1 current state : DOWN
Line protocol current state : DOWN
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is
00e0-fc07-4101
Internet protocol processing : disabled
Description : 3COM, S4200G Series, Vlan-interface1 Interface
The Maximum Transmit Unit is 1500
■ Any view
Description The information displayed about the management VLAN interface includes:
■ Physical and link status
■ Format of the sent frames
■ MAC hardware address
■ IP address and subnet mask
■ Description string
■ Maximum Transmit Unit (MTU)
Related Command interface VLAN-interface

3Com Switch 4200G Family display ip host ● 197
Command Reference
display ip host
Purpose Use the display ip host command to display all host names and their
corresponding IP addresses.
Syntax display ip host
Parameters None.
Example To display all host names and their corresponding IP addresses, type the following:
<S4200G> display ip host

Host Age Flags Address(es)
My 0 static 1.1.1.1
Aa 0 static 2.2.2.4
Table 32 Description on the fields of the display ip host command
Field Description
Host Host name
Age Valid duration of the host address
Flags Flag
Address(es) Host IP address
■ Any view
198 ● display ip interface vlan-interface 3Com Switch 4200G Family
Command Reference
display ip interface vlan-interface
Purpose Use the display ip interface vlan-interface command to view information on

the specified interface.
Syntax display ip interface [ brief ] interface-type interface-number
Parameters brief Displays the configuration information about the

specified interface in brief.
interface-type Specifies the interface type. The interface type can be
either Aux, Ethernet, GigabitEthernet, NULL,
Vlan-interface.
interface-number Specifies the interface number in the format
Specifies the unit number. Valid values are 1 to 8.
Specifies the port number. Valid values are 1 to 28 or 1
to 52, depending on the number of ports you have on
your unit.
Example Display the information about VLAN 1 interface.
<S4200G> display ip interface vlan-interface 1

Vlan-interface1 current state : DOWN
Line protocol current state : DOWN
Internet Address is 1.1.1.1/8 Primary
Broadcast address : 1.255.255.255
The Maximum Transmit Unit : 1500 bytes
input packets : 0, bytes : 0, multicasts : 0
output packets : 0, bytes : 0, multicasts : 0
TTL invalid packet number: 0
ICMP packet input number: 0
Echo reply: 0
Unreachable: 0
Source quench: 0
Routing redirect: 0
Echo request: 0
Router advert: 0
Router solicit: 0
Time exceed: 0
IP header bad: 0
Timestamp request: 0
Timestamp reply: 0
Information request: 0
Information reply: 0
Netmask request: 0
Netmask reply: 0
Unknown type: 0
3Com Switch 4200G Family display ip interface vlan-interface ● 199
Command Reference
■ Any view
200 ● display ip routing-table 3Com Switch 4200G Family
Command Reference
display ip routing-table
Purpose Use the display ip routing-table command to display the summary information
about the routing table.
Syntax display ip routing-table
Parameters None
Example Display the summary information about the routing table.
<S4200G> display ip routing-table

Routing Table: public net
Destination/Mask Protocol Pre Cost Nexthop Interface
1.1.1.0/24 DIRECT 0 0 1.1.1.1 Vlan-interface1
1.1.1.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0
Table 33 Description of the fields for the display ip routing-table command
Field Description
Destination/Mask Destination IP address/Mask length
Protocol Routing protocol that discovers the route
Pre Routing preference
Cost Route cost
Nexthop Next hop IP address of the route
Interface Output interface, through which packets destined for the destination
network segment are to be transmitted
Each line in the table represents one route. The displayed information includes
destination address/mask length, protocol, preference, cost, next hop and output
interface.
■ Any view
Description This command displays the summary information about a routing table, with the
items of a routing entry contained in one line. The information displayed includes
destination IP address/mask length, protocol, preference, cost, next hop and
outbound interface.
The display ip routing-table command only displays the routes currently in use, that is,
the optimal routes
3Com Switch 4200G Family display ip routing-table acl ● 201
Command Reference
display ip routing-table acl
Purpose Use the display ip routing-table acl command to display the routes permitted
by the specified basic ACL.
Syntax display ip routing-table acl acl_number [ verbose ]
Parameters acl-number Specifies the number of the basic access control list
(ACL). Valid values are 2000 to 2999.
verbose Displays the detailed information about the active and
inactive routes filtered by the specified ACL. If you do
not specify this keyword, the summary information
about the active routes filtered by the specified ACL is
displayed.
Example Display the summary information about the active routes permitted by ACL 2000.
[S4200G-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255
[S4200G-acl-basic-2000] rule deny source any
[S4200G-acl-basic-2000] display ip routing-table acl 2000
Routes matched by access-list 2000:
Summary count: 2
The output information shown above is described in the following table.

Field Description
Cost Route cost
Display the detailed information about the active and inactive routes permitted by
ACL 2000.
<S4200G> display ip routing-table acl 2000 verbose

Routes matched by access-list 2000:
+ = Active Route, - = Last Active, # = Both * = Next hop in use
Summary count: 2
202 ● display ip routing-table acl 3Com Switch 4200G Family
Command Reference
**Destination: 10.1.1.0 Mask: 255.255.255.0

Protocol: #DIRECT Preference: 0
*NextHop: 10.1.1.2 Interface: 10.1.1.2(Vlan-interface1)
Vlinkindex: 0
State: <Int ActiveU Retain Unicast>
Age: 7:24 Cost: 0/0

*NextHop: 127.0.0.1 Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Gateway Unicast>
Age: 7:24 Cost: 0/0
Table 35 Output description of the ip routing-table acl verbose command
Field Description
Destination Destination address
Mask Mask
Preference Routing preference
Nexthop Next hop IP address
Interface Outbound interface, through which the data packets destined for the
destination network segment are to be transmitted
Vlinkindex Virtual link index
State Descriptions on the route state are as follows:
ActiveU — Valid unicast route. "U" stands for unicast.
Blackhole — Blackhole route is the same as reject route except that a
router drops a packet traveling along a blackhole route without
sending ICMP unreachable messages to the source of the packets.
Delete — The route is deleted.
Gateway — The route is not a direct route.
Hidden — The route is a hidden route. For routes that are temporarily
unavailable for some reasons (such as the policy configured or the
interface is down), you can hide them for later use.
Holddown — The route is held down. Holddown is a kind of route
advertisement policy used in some D-V (distance vector) routing
protocols (such as RIP) to avoid the propagation of some incorrect
routes and improve the transmission speed of route-unreachable
information. For details, refer to corresponding routing protocols.
Int — The route is discovered by the internal gateway protocol (IGP).
NoAdvise — The route is not advertised when the router advertises
routes based on policies.
NotInstall — The route are not loaded to the core routing table but
can be advertised. Normally, the routes with the highest preference in
the routing table are loaded to the core routing table and are
advertised.
Reject — The packets travel along the route will be dropped. Besides,
the router sends ICMP unreachable messages to the source of the
dropped packets. The Reject routes are usually used for network
testing.
Retain — The route is not deleted when the routes read from the core
routing table are deleted. You can enable static routes to remain in
the core routing table by configure them to be in retain state.
Static — The route is not lost when you perform the save operation
and then restart the router. Routes marked as Static are configured
manually.
Unicast — The route is a unicast route.
3Com Switch 4200G Family display ip routing-table acl ● 203
Command Reference
Table 35 Output description of the ip routing-table acl verbose command
Field Description
Age The time period during which the route is allowed in the routing
table, in the form of hh:mm:ss.
Cost Cost of the route
■ Any view.
Description This command is used to display the routes that passed the filtering rules in the
specified ACL.
The command only displays routes that passed basic ACL filtering rules.
204 ● display ip routing-table ip-address 3Com Switch 4200G Family
Command Reference
display ip routing-table ip-address
Purpose Use the display ip routing-table ip-address command to display the

information about the routes leading to the destination.
Syntax display ip routing-table ip-address [ mask ] [ longer-match ] [ verbose

]
Parameters ip-address Specifies the destination IP address, in dotted decimal

notation.
mask Specifies either the mask of the destination IP address,
which can be in dotted decimal notation or be an
integer ranging from 0 to 32.
longer-match Displays all the routes leading to the destination
coupled with the default mask.
inactive routes leading to the destination. If this
keyword is not specified, only the summary
information about the active routes is displayed.
Example Display the summary information of the corresponding routes with destination
addresses matched within the natural mask range.
<S4200G> display ip routing-table 169.0.0.0

169.0.0.0/16 Static 60 0 2.1.1.1 LoopBack1
For the explanations of the displayed information, see Table 36.
Field Description
Cost Route cost
Display the summary information the longest matched routes.
<S4200G> display ip routing-table 169.253.0.0

Destination/MaskProtocolPreCost NexthopInterface
169.0.0.0/8Static6002.1.1.1LoopBack1
Display the detailed information of the routes with destination addresses matched
within the natural mask range.
3Com Switch 4200G Family display ip routing-table ip-address ● 205
Command Reference
<S4200G> display ip routing-table 169.0.0.0 verbose

Routing Tables:
Generate Default: no
+ = Active Route, - = Last Active, # = Both* = Next hop in use
Summary count:2
**Destination: 169.0.0.0Mask: 255.0.0.0
Protocol: #StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Cost: 0/0Tag: 0
Protocol: #StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
Display the detailed information of the longest matched routes.
<S4200G> display ip routing-table 169.253.0.0 verbose

Routing Tables:
Generate Default: no
+ = Active Route, - = Last Active, # = Both* = Next hop in use
Summary count:1
Protocol: #StaticPreference: -60
*NextHop: 2.1.1.1
Vlinkindex: 0
Refer to Table 37 for the description on the output fields.
Table 37 Output Description of the ip routing-table acl verbose command
Field Description
Mask Mask
206 ● display ip routing-table ip-address 3Com Switch 4200G Family
Command Reference
Field Description
advertised.
testing.
manually.
■ Any view
Description The output information of this command differs with the arguments/keywords
specified as follows:
■ display ip routing-table ip-address
For the destination address ip-address, if there are some routes matched within the
natural mask range, all subnet routes will be displayed. Otherwise, only the active
routes which match ip-address longest will be displayed.
■ display ip routing-table ip-address mask

3Com Switch 4200G Family display ip routing-table ip-address ● 207
Command Reference
Only the routes that match exactly the specified destination address and mask are
displayed.
■ display ip routing-table ip-address longer-match
All routes with destination addresses matched within the natural mask range will be
displayed.
If the destination address, ip_address, has a corresponding route in natural mask

range, this command will display all subnet routes or only the route best matching the
destination address, ip_address, is displayed. And only the active matching route is
displayed.
208 ● display ip routing-table ip-address1 ip-address2 3Com Switch 4200G Family
Command Reference
display ip routing-table ip-address1

ip-address2
Purpose Use the display ip routing-table ip-address1 ip-address2 command to

display the information about the routes with their destinations within the specified
destination IP address range.
Syntax display ip routing-table ip-address1 mask1 ip-address2 mask2
[ verbose ]
Parameters ip-address1 ip-address2 Specifies the destination IP addresses in dotted decimal

notation.
ip-address1 and mask1 Together with ip-address2 and mask2 determine an
IP address range. The starting address of the IP address
range is obtained by performing an AND operation
between the ip-address1 and mask1 arguments, and
the end address of the IP address range is obtained by
permorming an AND operation between the
ip-address2 and mask2 arguments.
ip-address2 and mask2 Specifies the IP address masks. These two arguments
can be in dotted decimal notation or two integers
ranging from 0 to 32.
inactive routes. If you do not specify this keyword, only
the summary information about the active routes is
displayed.
Example Display the information about the routes with their destinations within the range of
1.1.1.0 to 2.2.2.0.
<S4200G> display ip routing-table 1.1.1.0 24 2.2.2.0 24

Routing tables:
Summary count: 3
For detailed description of output information, refer to Table 33.
Field Description
Cost Route cost
3Com Switch 4200G Family display ip routing-table ip-address1 ip-address2 ● 209
Command Reference
Field Description
■ Any view
210 ● display ip routing-table ip-prefix 3Com Switch 4200G Family
Command Reference
display ip routing-table ip-prefix
Purpose Use the display ip routing-table ip-prefix command to display the

information about the routes matching a specified IP prefix list.
Syntax display ip routing-table ip-prefix ip-prefix-name [ verbose ]
Parameters ip-prefix-name Specifies the name of an ip prefix list, consisting of a

inactive routes matching a specified IP prefix list. If you
do not specify this keyword, only the summary
information about the active routes matching the IP
prefix list is displayed.
Example Display the summary information about the active routes matching the IP prefix list
named abc2 (assuming that the IP prefix list permits the routes with their prefix being
10.1.1.0 and the mask length in the range of 24 to 32).
[S4200G] ip ip-prefix abc2 permit 10.1.1.0 24 less-equal 32
[S4200G] display ip routing-table ip-prefix abc2
Routes matched by ip-prefix abc2:
Summary count: 2
10.1.1.0/24 DIRECT 0 0 10.1.1.2
Vlan-interface1
10.1.1.2/32 DIRECT 0 0 127.0.0.1
InLoopBack0
Field Description
Cost Route cost
Display the detailed information about the active and inactive routes matching the IP
prefix list named abc2.
<S4200G> display ip routing-table ip-prefix abc2 verbose

Routes matched by ip-prefix abc2:
3Com Switch 4200G Family display ip routing-table ip-prefix ● 211
Command Reference
Summary count: 2

*NextHop: 10.1.1.2 Interface: 10.1.1.2(Vlan-interface1)
Vlinkindex: 0
State: <Int ActiveU Retain Unicast>
Age: 3:23:44 Cost: 0/0 Tag: 0

Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Gateway Unicast>
Age: 3:23:44 Cost: 0/0 Tag: 0
Field Description
Mask Mask
212 ● display ip routing-table ip-prefix 3Com Switch 4200G Family
Command Reference
Field Description
advertised.
testing.
manually.
■ Any view
Description You can use this command to trace routing policies and display the routes matching a
specified IP prefix list.
If the specified IP prefix list does not exist, the detailed information about all the active
and inactive routes is displayed when you execute this command with the verbose
keyword specified, and only the summary information about all the active routes is
displayed if you execute this command with the verbose keyword not specified.
Without the verbose parameter, this command displays the summary of the active
routes that passed filtering rules.
3Com Switch 4200G Family display ip routing-table protocol ● 213
Command Reference
display ip routing-table protocol
Purpose Use the display ip routing-table protocol command to display the information
about specific routes.
Syntax display ip routing-table protocol protocol [ inactive | verbose ]
Parameters protocol Enter one of the following:

■ direct: Displays the direct connection route
information
■ static: Displays the static route information.
inactive Displays inactive route information. If you do not
specify this keyword, the information about both
active and inactive routes is displayed.
verbose Displays the detailed route information. If you do not
specify this keyword, only the summary route
information is displayed.
Example To display a summary of all direct connection routes, enter the following:
Display the summary information about all the direct routes.

<S4200G> display ip routing-table protocol direct
DIRECT Routing tables:
Summary count: 4
DIRECT Routing tables status:<active>:
Summary count: 3
Destination/MaskProtocol Pre Cost Nexthop Interface
DIRECT Routing tables status:<inactive>:
Summary count: 1
Display the information about the static routs.
<S4200G> display ip routing-table protocol static

STATIC Routing tables:
Summary count: 1
STATIC Routing tables status:<active>:
Summary count: 0
STATIC Routing tables status:<inactive>:
Summary count: 1
1.2.3.0/24 STATIC 60 0 1.2.4.5 Vlan-interface1
For detailed description of output information, refer to Table 33.

214 ● display ip routing-table protocol 3Com Switch 4200G Family
Command Reference
Field Description
Cost Route cost
■ Any view
3Com Switch 4200G Family display ip routing-table radix ● 215
Command Reference
display ip routing-table radix
Purpose Use the display ip routing-table radix command to view the route information
in a hierarchical (tree) structure.
Syntax display ip routing-table radix
Parameters None
Example To display the route information, enter the following:
<S4200G> display ip routing-table radix

Radix tree for INET (2) inodes 2 routes 2:
+--8+--{127.0.0.0
+-32+--{127.0.0.1
Table 42 Output description of the display ip routing-table radix command
Field Description
INET Address family
Inodes Number of nodes
Routes Number of routes
■ Any view
216 ● display ip routing-table statistics 3Com Switch 4200G Family
Command Reference
display ip routing-table statistics
Purpose Use the display ip routing-table statistics command to display the statistics
of a routing table.
Syntax display ip routing-table statistics
Parameters None
Example Display the statistics information about the routing table.
<S4200G> display ip routing-table statistics

Routing tables:
Proto route active added deleted
DIRECT 2 2 2 0
STATIC 0 0 0 0
Total 2 2 2 0
Table 43 Output description of the display ip routing-table statistics
command
Field Description
Proto Routing protocol: O_ASE indicates OSPF_ASE routes, O_NSSA
indicates OSPF NSSA routes, and AGGRE indicates the aggregated
routes.
route Total number of routes .
active Number of active routes that are in currently in use.
added Number of the routes that are added to the routing table after the
switch starts or the routing table is cleared last time.
deleted Number of the routes with deleted flags (this type of routes will be
freed after a period of time).
Total Total of different types of routes.
■ Any view
Description The statistics information displayed by this command includes:
■ The total number of routes

■ The number of the routes added/removed through protocols
■ The number of the routes with deleted flags
■ The number of the active/inactive routes
3Com Switch 4200G Family display ip routing-table verbose ● 217
Command Reference
display ip routing-table verbose
Purpose Use the display ip routing-table verbose command to display the detailed
information about a routing table.
Syntax display ip routing-table verbose
Parameters None
Example Display the detailed information about the routing table.
<S4200G> display ip routing-table verbose

Routing Tables:
Destinations: 2 Routes: 2
Holddown: 0 Delete: 0 Hidden: 0

State: <NoAdvise Int ActiveU Retain Unicast>
Age: 57:12 Cost: 0/0

State: <NotInstall NoAdvise Int ActiveU Retain Gateway Unicast>
Age: 57:12 Cost: 0/0
The statistics of the routing table are displayed first, and then the detailed
descriptions of each route. Other generated information is described in Table 44.
Table 44 Output description of the display ip routing-table verbose command
Descriptor Meaning
Holddown The number of the routes that are held down.
Delete The number of deleted routes.
Hidden The number of hidden routes.
■ Any view
Description This command displays the detailed information about the routing table, in the order
of route state, statistics of the routing table, and the information about each route.
You can use this command to display all the routes, including the inactive and invalid
routes
218 ● display ip socket 3Com Switch 4200G Family
Command Reference
display ip socket
Purpose Use the display ip socket command to display the information about the sockets
in the current system.
Syntax display ip socket [ socktype sock-type ] [ task-id socket-id ]
Parameters sock-type Specifies the type of a socket. The value can be 1, 2,

and 3 corresponding to TCP, UDP, and raw IP
respectively.
task-id Specifies the ID of a task, with the value ranging from
1 to 100.
socket-id Specifies the ID of a socket, with the value ranging
from 0 to 3072.
Example To display the information about the socket of TCP type, enter the following:
<S4200G>display ip socket socktype 1

SOCK_STREAM:
Task = VTYD(18), socketid = 1, Proto = 6,
LA = 0.0.0.0:23, FA = 0.0.0.0:0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_SENDVPNID
SO_SETKEEPALIVE,
socket state = SS_PRIV SS_ASYNC

LA = 10.153.17.99:23, FA = 10.153.17.56:1161,
socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE,
socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC

LA = 10.153.17.99:23, FA = 10.153.17.82:1121,
socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE,
socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC
Table 45 Output description of the display ip socket command
Field Description
SOCK_STREAM The socket type
Task The ID of a task
socketid The ID of a socket
Proto The protocol number used by the socket
sndbuf The sending buffer size of the socket
rcvbuf The receiving buffer size of the socket
sb_cc The current data size in the sending buffer. The value makes sense
only for the socket of TCP type, because only TCP is able to cache
data
rb_cc The current data size in the receiving buffer
3Com Switch 4200G Family display ip socket ● 219
Command Reference
Table 45 Output description of the display ip socket command (continued)
Field Description
socket option The option of the socket
socket state The state of the socket
■ Any view
220 ● display ip statistics 3Com Switch 4200G Family
Command Reference
display ip statistics
Purpose Use the display ip statistics command to view the statistics information about
IP packets.
Syntax display ip statistics
Parameters None
Example To view statistics about IP packets, enter the following:
<S4200G>display ip statistics
Input: sum 7120 local 112
bad protocol 0 bad format 0
bad checksum 0 bad options 0
Output: forwarding 0 local 27
dropped 0 no route 2
compress fails 0
Fragment:input 0 output 0
dropped 0
fragmented 0 couldn't fragment 0
Reassembling:sum 0 timeouts 0
Table 46 Output Description of the display ip statistics command
Field Description
Input: sum Sum of input packets
local Number of received packets whose destination is
the local device
bad protocol Number of packets with wrong protocol number
bad format Number of packets in bad format
bad checksum Number of packets with wrong checksum
bad options Number of packets that has wrong options
Output: forwarding Number of forwarded packets
local Number of packets that are sent by the local device
dropped Number of dropped packets during transmission
no route Number of packets that cannot be routed
compress fails Number of packets that cannot be compressed
Fragment: input Number of input fragments
output Number of output fragments
dropped Number of dropped fragments
fragmented Number of packets that are fragmented
couldn't fragment Number of packets that cannot be fragmented
Reassembling: sum Number of packets that are reassembled
timeouts Number of packets that time out
3Com Switch 4200G Family display ip statistics ● 221
Command Reference
■ Any view
Related Commands ■ display ip interface vlan-interface

■ reset ip statistics
222 ● display isolate port 3Com Switch 4200G Family
Command Reference
display isolate port
Purpose Use the display isolate port command to display the information about the
Ethernet ports added to an isolation group.
Syntax display isolate port
Parameters None
Example Display the information about the Ethernet ports added to the isolation group.
<S4200G>display isolate port

Isolated port(s) on UNIT 1:
GigabitEthernet1/0/2, GigabitEthernet1/0/3, GigabitEthernet1/0/4
■ Any view
3Com Switch 4200G Family display lacp system-id ● 223
Command Reference
display lacp system-id
Purpose Use the display lacp system-id command to view actor system ID, including
system priority and system MAC address.
Syntax display lacp system-id
Parameters None
Example To display the local system ID.
<S4200G> display lacp system-id

Actor System ID: 0x8000, 00e0-fc00-0100
■ Any view
Related Commands ■ link-aggregation group description

■ link-aggregation group mode
224 ● display link-aggregation interface 3Com Switch 4200G Family
Command Reference
display link-aggregation interface
Purpose Use the display link-aggregation interface command to display the link
aggregation details about a specified port or port range.
Syntax display link-aggregation interface { interface-type interface-number [

to { interface-type interface-number ]
Parameters interface-type Specifies the port type. You can specify multiple
sequential ports with the to parameter, instead of
specifying only one port.
interface-name Specifies the port name
to Specifies a port range.
Example Display the link aggregation details on the GigabitEthernet1/0/1 port.
<S4200G> display link-aggregation interface GigabitEthernet1/0/1

GigabitEthernet1/0/1:
Selected AggID: 1
Local:
Port-Priority: 32768, Oper key: 2, Flag: 0x45
Remote:
System ID: 0x8000, 0000-0000-0000
Port Number: 0, Port-Priority: 32768 , Oper-key: 0, Flag: 0x38
Received LACP Packets: 0 packet(s), Illegal: 0 packet(s)
Sent LACP Packets: 0 packet(s)
Table 47 Description on the fields of the display link-aggregation interface
command
Field Description
Selected AggID ID of the aggregation group to which
the specified port belongs
Local: Port priority, operation key and status
flag of the local end
Port-Priority: 32768, Oper key: 1, Flag: 0x00
Remote: Device ID, MAC address, port number,
port priority, operation key and status
System ID: 0x0, 0000-0000-0000
flag of the remote end
Port Number: 0, Port-Priority: 0, Oper-key: 0,
Flag: 0x00
■ Any view
3Com Switch 4200G Family display link-aggregation interface ● 225
Command Reference
Description Use the display link-aggregation interface command to display the link
aggregation details about a specified port or port range, including:
■ Link aggregation group ID, port priority, operation key and protocol status flag of
the port at the local end,
■ Device ID, port number, port priority, operation key and protocol status flag at the
remote end, and,
■ LACP protocol packet statistics
For a manual aggregation group, value 0 is displayed for all the above items of the
remote end (which does not indicate the real information of the remote end), since
information about the remote end cannot be obtained for a manual aggregation
group.
Related Command display link-aggregation verbose

226 ● display link-aggregation summary 3Com Switch 4200G Family
Command Reference
display link-aggregation summary
Purpose Use the display link-aggregation summary command to display summary

information of all aggregation groups, including device ID of the local end,
aggregation group ID, aggregation group type, device ID of the remote end, number
of the selected ports, number of the unselected ports, load sharing type and master
port number.
Syntax display link-aggregation summary
Parameters None
Example To display summary information of all aggregation information, enter the following:
<S4200G> display link-aggregation summary
Aggregation Group Type:D -- Dynamic, S -- Static , M -- Manual

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Actor ID: 0x8000, 00e0-fc00-5104
AL AL Partner ID Select Unselect Share Master

ID Type Ports Ports Type Port
-------------------------------------------------------------------------------
1 S 0x8000,0000-0000-0000 0 1 NonS GigabitEthernet1/0/2
2 M none 0 1 NonS GigabitEthernet1/0/3
Table 48 Description of the fields of the display link -aggregation summary
command
Field Description
Actor ID Device ID and MAC address of the local end
AL ID Aggregation group ID
AL Type Aggregation group type: D (dynamic), S (static), or M
(manual)
Partner ID Device ID and MAC address of the remote end
Select Ports Number of the selected ports
Unselect Ports Number of the unselected ports
Share Type Load sharing type: Shar (load-sharing), or NonS
(non-load-sharing)
Master Port Number of the master port
■ Any view
3Com Switch 4200G Family display link-aggregation verbose ● 227
Command Reference
display link-aggregation verbose
Purpose Use the display link-aggregation verbose command to display the details about
a specified aggregation group.
Syntax display link-aggregation verbose [ agg-id ]
Parameters agg-id Aggregation group ID, which must be the valid ID of

an existing aggregation group. Valid values are 1 to 50.
Example To display detailed information about aggregation group 1, enter the following:
<S4200G> display link-aggregation verbose 1

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Flags: A -- LACP_Activity, B -- LACP_timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregation ID: 1, AggregationType: Static, Loadsharing Type: NonS

Aggregation Description:
System ID: 0x8000, 00e0-fc00-5104
Port Status: S -- Selected, U -- Unselected
Local:
Port Status Priority Key Flag
------------------------------------------------------------------------------
GigabitEthernet1/0/2 U 32768 2 {ACG}
GigabitEthernet1/0/5 U 1 2 {ACG}
Remote:
Actor Partner Priority Key SystemID Flag
------------------------------------------------------------------------------
GigabitEthernet1/0/2 0 32768 0 0x8000,0000-0000-0000 {DEF}
GigabitEthernet1/0/5 0 32768 0 0x8000,0000-0000-0000 {DEF}
■ Any view
Description Use the display link-aggregation verbose command to display the details
about a specified aggregation group, including:
■ Aggregation group ID, aggregation group type, load sharing type, aggregation
group description,
■ Local end details: device ID, member port, port status, port priority, operation key
and protocol status flag, and
■ Remote end details: local end port, and corresponding port index, port priority,
operation key, device ID and protocol status flag of the remote end.
For a manual aggregation group, value 0 is displayed for all the above items of the
remote end (which does not indicate the real information of the remote end), since
228 ● display link-aggregation verbose 3Com Switch 4200G Family
Command Reference
information about the remote end cannot be obtained for a manual aggregation
group.
3Com Switch 4200G Family display local-server statistics ● 229
Command Reference
display local-server statistics
Purpose Use the display local-server statistics command to view the statistics of all
local RADIUS authentication server.
Syntax display local-server statistics
Parameters None
Example To display the statistics about local RADIUS authentication server, enter the following:
<S4200G> display local-server statistics

The localserver packet statistics:
Receive: 30 Send: 30
Discard: 0 Receive Packet Error: 0
Auth Receive: 10 Auth Send: 10
Acct Receive: 20 Acct Send: 20
■ Any view
Related Command local-server

230 ● display local-user 3Com Switch 4200G Family
Command Reference
display local-user
Purpose Use the display local-user command to view information about all the local
users or the specified one(s).
Syntax display local-user [ domain isp-name | idle-cut { enable | disable } |

vlan vlanid | service-type { ftp | lan-access | ssh | telnet |
terminal } | state { active | block } | user-name user-name ]
Parameters domain isp-name Specifies that all the local users in the specified ISP
domain are displayed.isp-name specifies the ISP
domain name with a character string up to
24 characters in length. The specified ISP domain must
exist.
idle-cut Displays the local users who are inhibited from
enabling the idle-cut function, or the local users who
are allowed to enable the idle-cut function.
■ enable displays local users that are allowed.
■ disable displays local users that are prohibited.
vlan vlan-id Displays the local users belonging to the specified
VLAN. vlan-id is an integer ranging from 1 to 4094.
service-type Displays the local users of a specified type. One of the
following user types can be specified:
■ ftp
■ lan-access (Ethernet accessing users, 802.1x
application for example)
■ ssh
■ telnet
■ terminal (users who log into the switch through the
Console port)
state Displays the local users in the specified state.
■ active means that the system allows the user
requesting network service
■ block means the system does not allow the user
requesting network service.
user-name user-name Specifies the connections to display using the
■ /
■ :
■ *
3Com Switch 4200G Family display local-user ● 231
Command Reference
■ ?
■ <
■ >
Example Display information about all local users.
<S4200G> display local-user

The contents of local user user1:
State: Active ServiceType Mask: None
Idle-cut: Disable
Access-limit: Disable Current AccessNum: 0
Bind location: Disable
Vlan ID: Disable
IP address: Disable
MAC address: Disable
Total 1 local user(s) Matched, 1 listed.

ServiceType Mask Meaning: C--Terminal F--FTP L--LanAccess S--SSH
T-Telnet
The following table describes the fields in the display output.

Table 49 Description on the fields of the display local-user command
Field Description
State State of the local user
ServiceType Mask Service type mark
Idle-Cut State of the idle-cut function
Access-Limit Limit on the number of access users
Current AccessNum Number of current access users
Bind location Whether or not bound to a port
Vlan ID VLAN of the user
IP address IP address of the user
MAC address MAC address of the user
■ Any view
Description This command displays the relevant information about a specified or all the local
users. The output can help you with the fault diagnosis and troubleshooting related
to local user.
Related Command local-user

232 ● display logbuffer 3Com Switch 4200G Family
Command Reference
display logbuffer
Purpose Use the display logbuffer command to display the status of the log buffer and
the records in the log buffer.
Syntax display logbuffer [ unit unit-id ] [ level severity | size buffersize

]* [ | { begin | exclude | include } regular-expression ]
Parameters unit-id Unit identification

level Specifies an information severity level.
severity Information severity, ranging from 1 to 8.
Table 50 Severity definitions made on the information center
Severity Value Description

emergencies 1 Emergent errors
alerts 2 Errors that need to be corrected immediately
critical 3 Critical errors
errors 4 Errors that need to be considered but are not critical
warnings 5 Warnings that prompt possible errors
notifications 6 Information that needs to be noticed
informational 7 Normal prompting information
debugging 8 Debug information
size Specifies the size of the memory buffer you want to

display.
buffersize Size of the memory buffer, represented by the number
of messages it holds. It ranges from 1 to 1024 and
defaults to 256.
| Filters output configuration information with a regular
expression.
begin Displays configurations with the specified starting
characters.
exclude Displays configurations excluding the specified
characters.
include Displays configurations including the specified
characters.
regular-expression Regular expression.
Example Display the status of the log buffer and the records in the log buffer.
screen display
<S4200G> display logbuffer

Logging buffer configuration and contents:enabled
Allowed max buffer size : 1024
3Com Switch 4200G Family display logbuffer ● 233
Command Reference
Actual buffer size : 512

Channel number : 4 , Channel name : logbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 91
■ Any view
234 ● display logbuffer summary 3Com Switch 4200G Family
Command Reference
display logbuffer summary
Purpose Use the display logbuffer summary command to display the summary of the
log buffer.
Syntax display logbuffer summary [ level severity ]
Parameters Level severity Specifies an information severity level. Valid values are
1 to 8.
Example Display the summary of the log buffer.
<S4200G> display logbuffer summary

EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG
0 0 0 0 94 0 1 0
■ Any view
3Com Switch 4200G Family display-loopback-detection ● 235
Command Reference
display-loopback-detection
Purpose Use the display loopback-detection command to display the loopback

detection status on the port.
Syntax display loopback-detection
Parameters None
Example Display whether loopback detection function is enabled or not.
<S4200G> display loopback-detection

Port GigabitEthernet1/0/1 loopback-detection is running
System Loopback-detection is running
Detection interval time is 30 seconds
There is no port existing loopback link
Table 51 Explanation of fields involved in loopback detection function
Fields Explanation
Port GigabitEthernet1/0/1 Loopback detection function for
loopback-detection is running. GigabitEthernet1/0/1 is enabled.
System Loopback-detection is running. System loopback detection function is enabled.
Detection interval time is 30 seconds. Detection time interval is set to be 30 seconds.
There is no port existing loopback link. Currently no port is detected with loopback.
■ Any view
Description If loopback detection is enabled, the time interval for loopback detection and the
loopback ports will also be displayed.
236 ● display mac-address 3Com Switch 4200G Family
Command Reference
display mac-address
Purpose Use the display mac-address command to display MAC address table information.
Syntax display mac-address [ display-option ]
Parameters display-option Option used to display specific MAC address table

information, as described in Table 52.
Table 52 Descriptions for the display-option argument
Value Description
mac-address [ vlan vlan-id ] Displays information about a specified MAC
address entry.
{ static | dynamic | blackhole } [ interface Displays information about dynamic, static, or
interface-type interface-number ] [ blackhole MAC address entries.
vlan vlan-id ] [ count ]
interface interface-type Displays information about the MAC address
interface-number [ vlan vlan-id ] [ count entries concerning a specified port.
]
vlan vlan-id [ count ] Displays information about the MAC address
entries concerning a specified VLAN.
count Displays the total number of the MAC address
entries of the switch.
statistics Displays the statistics on the MAC address
entries.
mac-addr Specifies the MAC address.

static Displays static MAC address entries. (A static MAC
address entry does not age.)
dynamic Displays dynamic MAC address entries. (A dynamic
MAC address entry ages with time.)
blackhole Displays blackhole MAC address entries. (A blackhole
MAC address entry does not age.)
interface-type Specifies the port type.
interface-number Specifies the port number.
vlan-id Specifies the VLAN ID. Valid values are 1 to 4094.
count Displays only the total number of MAC address entries.
in the MAC address table if the user enters this
parameter when using this command.
statistics Displays the statistics on the MAC address entries.
Example Display the MAC address table information about the MAC address of
00e0-fc01-0101.
<S4200G> display mac-address 00e0-fc01-0101

MAC ADDR VLAN ID STATEPORT INDEX AGING TIME(s)
00
3Com Switch 4200G Family display mac-address ● 237
Command Reference
Table 53 Description of the fields for the display mac-address command
Field Description
MAC ADDR MAC address
VLAN ID ID of the VLAN to which the network device identified by the MAC
address belongs
STATE The state of the MAC address. The value of this field can be "Static",
"Learned", and so on.
PORT INDEX Port index (including port type and port number)
AGING TIME(s) Aging time
■ Any view
Description Use the display mac-address command to display information about MAC address
entries in a MAC address table, including: MAC address, VLAN and port
corresponding to the MAC address, the type (static or dynamic) of a MAC address
entry, aging time and so on.
Related Commands ■ mac-address

■ mac-address timer
238 ● display mac-address aging-time 3Com Switch 4200G Family
Command Reference
display mac-address aging-time
Purpose Use the display mac-address aging-time command to display the aging time of
the dynamic entry in the MAC address table.
Syntax display mac-address aging-time
Parameters None
Example Display the aging time of the dynamic MAC address entries.
<S4200G> display mac-address aging-time

MAC address aging time:300s.
The output information indicates that the aging time of the dynamic MAC address
entries is 300 second.
■ Any view
Related Commands ■ display mac-address

■ mac-address
■ mac-address timer
3Com Switch 4200G Family display mac-address multicast static ● 239
Command Reference
display mac-address multicast static
Purpose Use the display mac-address multicast static command to display the
multicast MAC address entries manually configured on the switch, with each entry
containing the following information: multicast MAC address, VLAN ID, MAC address
state, port number(s), and aging time of each port.
Syntax display mac-address multicast static [ count | mac-address vlan vlan-id

| vlan vlan-id ]
Parameters mac-address vlan vlan-id Multicast MAC address entry in a specified VLAN.
Example Display all the multicast MAC address entries manually configured in VLAN 1.
<S4200G>display mac-address multicast static vlan 1

MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
0100-0000-0001 1 Config static GigabitEthernet1/0/1 NOAGED
000f-e207-f2e0 1 Learned GigabitEthernet1/0/28 AGING
--- 2 mac address(es) found ---
■ Any view
Description ■ Executing this command with neither mac-address vlan vlan-id nor vlan
vlan-id will display all the multicast MAC address entries added on the switch.
■ Executing this command with vlan vlan-id but without mac-address will
display all the multicast MAC address entries manually added in the specified
VLAN.
■ Executing this command with both mac-address and vlan vlan-id will display
the multicast MAC address entry manually added in the specified VLAN with the
specified multicast MAC address.
240 ● display mac-address security 3Com Switch 4200G Family
Command Reference
display mac-address security
Purpose Use the display mac-address security command to display the information
about Security MAC address.
Syntax display mac-address security [ interface interface-type

interface-number ] [ vlan ] [ count ]
Parameters interface-type Specifies the interface type.

vlan-id Specifies the VLAN ID.
count Displays the number of the Security MAC address.
Example Display the Security MAC address configuration on GigabitEthernet1/0/1 port.
<S4200G> display mac-address security interface GigabitEthernet1/0/1

MAC ADDR VLAN ID STATE PORT INDEX AGING
TIME(s)
0001-0001-0001 1 Security GigabitEthernet1/0/2 NOAGED
--- 1 mac address(es) found on port GigabitEthernet1/0/1 ---
■ Any view
Description By checking the output of this command, you can verify the current configuration.
3Com Switch 4200G Family display mac-authentication ● 241
Command Reference
display mac-authentication
Purpose Use the display mac-authentication command to display global information

about centralized MAC address authentication
The information shown includes:
■ The state of centralized MAC address authentication (enabled/disabled)

■ Timer settings
■ The number of online users
■ The MAC addresses in quiet period
■ MAC authentication information about each port
Syntax display mac-authentication [ interface interface-list ]
Parameters interface-list Specifies the list of Ethernet ports. You can specify
multiple Ethernet ports by providing this argument in
the form of interface-list = { interface-type
interface-number [ to interface-type interface-number
] } where <1–10 means that you can provide up to 10
port indexes/port index lists for this argument.
Example To display the global information about centralized MAC address authentication,
<S4200G> display mac-authentication

mac address authentication is Enabled.
authentication mode is UsernameAsMacAddress
Fixed username:mac
Fixed password:not configured
offline detect period is 300s
quiet period is 1 minute(s).
server response timeout value is 100s
max allowed user number is 1024
current user number amounts to 0
current domain: not configured, use default domain
Silent Mac User info:
MAC ADDR From Port Port Index
GigabitEthernet1/0/1 is link-up
MAC address authentication is Enabled
Authenticate success: 0, failed: 0
Current online user number is 1
MAC ADDR Authenticate state AuthIndex
000d-88f8-4e71 MAC_AUTHENTICATOR_SUCCESS 0
……
242 ● display mac-authentication 3Com Switch 4200G Family
Command Reference
Table 54 Description on the fields of the display mac-authentication command
Field Description
mac address authentication is Centralized MAC address authentication is enabled.
Enabled
authentication mode Centralized MAC address authentication mode. The default
is the MAC address mode.
the Fixed username User name used in the fixed mode, which defaults to mac.
the Fixed password Password used in the fixed mode, which is not configured by
default.
offline detect period Setting of the offline detect timer, which sets the time
interval to check whether a user goes offline and defaults to
300 seconds.
quiet period Setting of the quiet timer, which sets the quiet period. A
switch goes through a quiet period if a user fails to pass the
MAC address authentication. The default value is 1 minute.
server response timeout value Setting of the server timeout timer, which sets the timeout
time for the connection between a switch and the RADIUS
server. By default, it is 100 seconds.
max allowed user number The maximum number of users supported by the switch. It is
1,024 by default.
current user number amounts to The current number of users
current domain The current domain. It is not configured by default.
Silent Mac User info The information about the silent user. When the user fails to
pass MAC address authentication because of inputting error
user name and password, the switch sets the user to be in
quiet state. During quiet period, the switch does not
authenticate this user.
GigabitEthernet1/0/1 is link-up The link connected to GigabitEthernet1/0/1 port is up.
MAC address authentication is MAC address authentication is enabled for
Enabled GigabitEthernet1/0/1 port.
Authenticate success: 0, failed: 0 Statistics of the MAC address authentications performed on
the port, including the numbers of successful and failed
authentication operations.
Current online user number The number of the users current access the network through
the port
Authenticate state The state of the users accessing the network through the
port, which can be:
■ CONNECTING: Connecting
■ SUCCESS: Authentication passed
■ FAILURE: Fail to pass authentication
■ LOGOFF: Offline
MAC ADDR Peer MAC address
Authenticate state State of the current MAC address authentication
AuthIndex Index of the current MAC address with regard to the
authentication port
■ Any view
3Com Switch 4200G Family display memory ● 243
Command Reference
display memory
Purpose Use the display memory command to display the memory usage of a specified
switch.
Syntax display memory [ unit unit-id ]
Parameters unit-id Specifies the unit ID.
Example Display the memory usage of this switch.
<S4200G>display memory
Unit 1
System Available Memory(bytes): 37238784
System Used Memory(bytes): 8201352
Used Rate: 22%
The displayed information is defined in Table 55.

Table 55 Memory status
Field Description
System Available Memory(bytes) Available memory size of the system, in unit of bytes.
System Used Memory(bytes) Used memory size of the system, in unit of bytes.
Used Rate Percentage of the used memory.
■ Any view
244 ● display mirroring-group 3Com Switch 4200G Family
Command Reference
display mirroring-group
Purpose Use the display mirroring-group command to display the parameter settings
of a port mirroring group.
Syntax display mirroring-group { group-id | all | local | remote-destination |

remote-source }
Parameters group-id The group number of a port mirroring group. Valid

values are 1 to 20.
local Signifies that the specified mirroring group is a local
port mirroring group.
remote-destination Signifies that the specified mirroring group is the
destination group for remote mirroring.
remote-source Signifies that the specified mirroring group is the
source group for remote mirroring.
all All mirroring groups.
Example Display the parameter settings of the port mirroring group.
<S4200G> display mirroring-group all

mirroring-group 2: type: local status: active mirroring
port: GigabitEthernet1/0/20 both mirroring mac:
mirroring vlan: monitor port: GigabitEthernet1/0/22
■ Any view
Description Local mirroring group information includes:
■ Group number
■ Group type: local
■ Group status
■ Information of the monitored port
■ Information of the monitored MAC address
■ Information of the monitored VLAN
■ Information of the monitoring port
Information displayed on the destination mirroring group of remote mirroring

includes:
■ Group number
■ Group type: remote-destination
3Com Switch 4200G Family display mirroring-group ● 245
Command Reference
■ Group status
■ Information of the destination port
■ Remote-probe vlan information
Information displayed on the source mirroring group of remote mirroring includes:
■ Group number
■ Group type: remote-source
■ Group status
■ Information of the source port
■ Information of the monitored MAC address
■ Information of the monitored VLAN
■ Information of the reflector port
■ Remote-probe vlan information
246 ● display ndp 3Com Switch 4200G Family
Command Reference
display ndp
Purpose Use the display ndp command to display global NDP configuration information,
including the interval to send NDP packets, the holdtime of NDP information, and the
information about the neighbors of all the ports.
Syntax display ndp [ interface port-list ]
Parameters interface port-list Specifies a list of ports. The list can contain consecutive
or separated ports, or the combination of the both.
You need to provide the port-list argument in the form
of { interface-type interface-number | interface-name }
[ to { interface-type interface-number | interface-name
} ] } &<1-10>, where interface-type specifies the port
type, and interface-number specifies the port number
(in the form of slot number/port number).
Example Display NDP configuration information.
<S4200G> display ndp

Neighbor Discovery Protocol is enabled.
Neighbor Discovery Protocol Ver: 1, Hello Timer: 60(s), Aging Timer:
180(s)
Interface: GigabitEthernet1/0/1
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Neighbor 1: Aging Time: 122(s)
MAC Address : 00e0-fc00-2579
Port Name : GigabitEthernet1/0/4
Software Ver: V200R001B01D015
Device Name : S5126C
Port Duplex : AUTO
Product Ver : 5100-EI-001
MAC Address : 00e0-fc00-3133
3Com Switch 4200G Family display ndp ● 247
Command Reference

Device Name : S5126C
Port Duplex : AUTO
MAC Address : 000f-cbb8-9528
Device Name : Switch 4200G 24-Port
Port Duplex : AUTO
Table 56 Description on the fields of the display ndp command

Field Description
Neighbor Discovery The system NDP is enabled globally on the switch.
Protocol is enabled
Neighbor Discovery The NDP version 1 is running.
Protocol Ver: 1
Hello Timer: The interval to send NDP packets is 60 seconds.
Aging Timer: The holdtime of the NDP information sent by the local switch is 180
seconds.
Interface: Port number that specifies a port.
Status: Enabled NDP is enabled on the port.
Pkts Snd: Number of NDP packets transmitted from a port.
Pkts Rvd: Number of NDP packets received by a port.
Pkts Err: Number of error NDP packets received by a port.
Neighbor 1: Aging The holdtime of the NDP information received from the neighbors
Time: connected to the port.
MAC Address MAC address of a neighbor device.
Port Name Port name of a neighbor device.
248 ● display ndp 3Com Switch 4200G Family
Command Reference
Table 56 Description on the fields of the display ndp command (continued)

Field Description
Software Ver Software version of a neighbor device.
Device Name Device name of a neighbor device.
Port Duplex Port duplex mode of a neighbor device.
Product Ver Product version of a neighbor device.
■ Any view
3Com Switch 4200G Family display ntdp ● 249
Command Reference
display ntdp
Purpose Use the display ntdp command to display the global NTDP information. The
information includes the range (in hop count) within which topology information is
collected, the interval to collect topology information (the NTDP timer), the delay time
for a device to forward topology-collection requests, the delay time for a
topology-collection request to be forwarded through a port, and the time cost during
the last topology collection.
Syntax display ntdp
Parameters None
Example Display the global NTDP information.
<S4200G>display ntdp
NTDP is running.
Hops : 3
Timer : 1 min (disable)
Hop Delay : 200 ms
Port Delay: 20 ms
Last collection total time: 3473ms
Table 57 Description of global NTDP configuration information
Field Description
NTDP is running. The global NTDP is enabled on the local device.
Hops Hops for topology collection.
Timer Interval of periodic topology collection.
Hop Delay Delay that the device forwards topology collection request.
Port Delay Delay that the port forwards topology collection request.
Last collection total time Time taken by last collection.
■ Any view
250 ● display ntdp device-list 3Com Switch 4200G Family
Command Reference
display ntdp device-list
Purpose Use the display ntdp device-list command to display the device information
collected through NTDP.
Syntax display ntdp device-list [ verbose ]
Parameters verbose Displays the detailed information about the device.
Example Display the device list collected through NTDP.
<S4200G> display ntdp device-list

MAC HOP IP PLATFORM
00e0-fc00-3133 2 S5100-EI
000f-e20f-c415 2 31.31.31.5/24 S5100-EI
00e0-fc00-2579 1 S5100-EI
00e0-fc00-1751 0 31.31.31.1/24 S5100-EI
00e0-fd00-0043 2 3Com S3528P
00e0-fc00-3199 3 S5100-EI
Table 58 Description of device list information collected through NTD
Field Description
MAC MAC address of the device
HOP Hops to the collecting device
PLATFORM Platform information about device
IP IP address and mask length of the management VLAN interface on
the device
■ Any view
3Com Switch 4200G Family display ntdp single-device mac-address ● 251
Command Reference
display ntdp single-device mac-address
Purpose Use the display ntdp single-device mac-address h-h-h command to

display the information about a specific device in detail.
Syntax display ntdp single-device mac-address h-h-h
Parameters h-h-h MAC address of the device to be displayed.
Example Display the information about the switch whose MAC address is 00e0-fc00-5111 in
detail.
[aaa_0.42-4]dis ntdp single-device mac-address 00e0-fc00-5111
Hostname : aaa_1.42-com2
MAC : 00e0-fc00-5111
Hop : 1
Platform : Switch 4200G
IP : 16.168.1.2/24
Version :
VRP (R) Software, Version V3.01.00s168c03
Copyright (c) Reserved.
4200G 24-Port 4200G
Cluster : Member switch of cluster aaa , Administrator MAC:

00e0-fc00-5175
Stack : Independent switch
Peer MAC Peer Port ID Native Port ID Speed

Duplex
00e0-fc00-5175 TenGigabitEthernet1/2/1 TenGigabitEthernet1/1/1 10000
FULL
00e0-fc00-5175 GigabitEthernet1/0/5 GigabitEthernet1/0/7 1000
FULL
Table 59 Description on the fields of the display ntdp single-device command
Field Description
Hostname System name of the device
MAC MAC address of the device
Hop Number of hops away from the collector
Platform Platform information of the device
IP IP address and mask length of VLAN 1 interface on the device
Version Version information
Cluster Cluster information
Administrator MAC MAC address of the master switch
Stack Stack information
Peer MAC MAC address of the neighboring devices
Peer Port ID ID of the neighboring device port to which the device is connected
Native Port ID ID of the local port used to connect to the neighboring device
252 ● display ntdp single-device mac-address 3Com Switch 4200G Family
Command Reference
Table 59 Description on the fields of the display ntdp single-device command

Field Description
Speed Speed of the local port used to connect to the neighboring device
Duplex Operation state of the local port used to connect to the neighboring
■ Cluster view
3Com Switch 4200G Family display ntp-service sessions ● 253
Command Reference
display ntp-service sessions
Purpose Use the display ntp-service sessions command to display the status of all the
sessions maintained by NTP (Network Time Protocol) service provided by the local
equipment.
Syntax display ntp-service sessions [ verbose ]
Parameters verbose Displays detailed information about the NTP sessions.
Default By default, the status of all the sessions maintained by NTP service provided by the
local equipment will be displayed.
Example Display the status of all the sessions maintained by NTP service.
<S4200G> display ntp-service sessions

source reference stra reach pollnowoffsetdelay disper
********************************************************************
[12345]1.1.1.1LOCAL(0)3 377 512 178 0.040.1 22.8
note: 1 source(master),2 source(peer),3 selected,4 candidate,5
configured
Description The following table describes the outputs.

Table 60 Description on the fields of the display ntp-service sessions command
Field Description
source IP address of the synchronization source (device to be synchronized)
reference Reference clock ID of the synchronization source
stra Stratum of the clock of the synchronization source
reach Indicates whether or not the synchronization source is reachable.
poll Polling interval in seconds, that is, the maximum interval between two
successive messages
now The time elapsed since the latest NTP packet is sent
offset Clock offset
delay Network delay
disper The maximum offset of the local clock with regard to the reference clock
■ Any view
Description When you configure this command without the verbose parameter, the Switch will
only display brief information about all the sessions it maintains.
254 ● display ntp-service sessions 3Com Switch 4200G Family
Command Reference
With the verbose parameter configured, the Switch will display detailed information
about all the sessions it maintains.
3Com Switch 4200G Family display ntp-service status ● 255
Command Reference
display ntp-service status
Purpose Use the command display ntp-service status to display the NTP service status.
Syntax display ntp-service status
Parameters None
Example Display NTP service status:
<S4200G> display ntp-service status

Clock status: unsynchronized
Clock stratum: 16
Reference clock ID: none
Nominal frequency: 100.0000 Hz
Actual frequency: 100.0000 Hz
Clock precision: 2^17
Clock offset: 0.0000 ms
■ Any view.
Description The following table describes the outputs:

Table 61 NTP service status information
Output Meaning
clock status:unsynchronized Local clock status: do not synchronize to any remote NTP
server.
clock stratum: 16 Indicates the NTP stratum of local clock
reference clock ID Address of the remote server or the ID of the reference
clock after the local system is synchronized to a remote NTP
server or a reference clock
nominal frequency Nominal frequency of the local system hardware clock.
actual frequency Actual frequency of the local system hardware clock.
clock precision Precision of local system clock
clock offset Offsets of the local clock to the NTP server clock.
root delay Roundtrip delay between the local system and the server
that serves as the primary reference clock
root dispersion The maximum dispersion of the local clock with regard to
the primary reference clock
peer dispersion The maximum dispersion of the remote NTP server
reference time Reference timestamp.
256 ● display ntp-service trace 3Com Switch 4200G Family
Command Reference
display ntp-service trace
Purpose Use the display ntp-service trace command to display the brief information of
each NTP time server along the time synchronization chain from the local device to
the reference clock source.
Syntax display ntp-service trace
Parameters None
Example Display the brief information of each NTP time server
<S4200G> display ntp-service trace

server4: stratum 4, offset 0.0019529, synch distance 0.144135
server1: stratum 1, offset 0.0019298, synch distance 0.011993 refid
'GPS Receiver'
The above information displays the time synchronization chain of

server4: serve4 is synchronized to server3, server3 is synchronized to
server2, server2 is synchronized to server1, and server1 is
synchronized to the reference clock source GPS Receiver.
■ Any view
3Com Switch 4200G Family display packet-filter ● 257
Command Reference
display packet-filter
Purpose Use the display packet-filter command to view the application information of
packet filtering, including the ACL name, rule names, and application status.
Syntax display packet-filter { interface interface-type interface-num | unitid

unit-id }
Parameters interface-type
interface-num } Port of the switch.
unit-id Unit ID, used to specify to display the information of a
specific unit.
Example Display the application information of packet filtering on Unit 1.
<S4200G> display packet-filter unitid 1
■ Any view
258 ● display port 3Com Switch 4200G Family
Command Reference
display port
Purpose Use the display port command to display all current ports with their type indicated.
Syntax display port { hybrid | trunk | combo | vlan-vpn }
Parameters hybrid Displays the current hybrid ports.

trunk Displays the current trunked ports.
combo Displays the current combo ports.
vlan-vpn Displays all ports that have VLAN VPN enabled.
Example To display the currently configured hybrid ports, enter the following:
<S4200G>display port hybrid

The following hybrid ports exist:
GigabitEthernet1/0/1 Ethernet1/0/2
The example above indicates that the current configuration has two hybrid ports,
Ethernet1/0/1 and Ethernet1/0/2.
■ Any view
3Com Switch 4200G Family display port-security ● 259
Command Reference
display port-security
Purpose Use the display port-security command to display the information about
port security configuration (including global configuration and all or specific port
configuration).
Syntax display port-security [ interface interface-list ]
Parameters interface interface-list Specifies an Ethernet port list, which can contain
multiple Ethernet ports. The interface-list
argument is in the format of { interface-type
interface-number [ to interface-type
interface-number ] } & < 1-10 >, where
interface-type represents a port type,
interface-number represents a port number, and
& < 1-10 > means you can specify up to 10 ports or
port ranges.
Example Display the security configuration on GigabitEthernet1/0/1 port.
<S4200G> display port-security interface GigabitEthernet1/0/1

Equipment port-security is enabled
AddressLearn trap is Enabled
Intrusion trap is Enabled
Dot1x logon trap is Enabled
Dot1x logoff trap is Enabled
Dot1x logfailure trap is Enabled
RALM logon trap is Enabled
RALM logoff trap is Enabled
RALM logfailure trap is Enabled
Vlan id assigned is NULL
Disableport Timeout: 20 s
OUI value:
GigabitEthernet1/0/1 is link-up
Port mode is Userlogin
NeedtoKnow mode is disabled
Intrusion mode is disableportTemporarily
max mac-address num is not configured
Stored mac-address num is 0
260 ● display port-security 3Com Switch 4200G Family
Command Reference
Table 62 Description of the output displayed above
Field Description
Equipment port security is enabled The port security function is enabled on the switch.
addressLearn trap is Enabled Enable the sending of address-learning trap information.
Intrusion trap is Enabled Enable the sending of intrusion-detection trap information.
Dot1x logon trap is Enabled Enable the sending of 802.1x user logon (authentication
success) trap information.
Dot1x logoff trap is Enabled Enable the sending of 802.1x user logoff trap information.
Dot1x logfailure trap is Enabled Enable the sending of 802.1x user authentication failure trap
information.
RALM logon trap is Enabled Enable the sending of RALM logon trap information.
RALM logoff trap is Enabled Enable the sending of RALM logoff trap information.
RALM logfailure trap is Enabled Enable the sending of RALM logfailure trap information.
Vlan id assigned is NULL The delivered VLAN ID is Null.
Disableport Timeout: 20 s The temporary port-disabling time is 20 seconds.
OUI value The OUI value
GigabitEthernet1/0/1 is link-up The link state of port GigabitEthernet 1/0/1 is link-up.
Port mode is Userlogin The security mode of the port is Userlogin.
NeedtoKnow mode is disabled The NTK mode is disabled.
Intrusion mode is The intrusion detection mode is disableportTemporarily.
disableportTemporarily
Max mac-address num is not The maximum number of MAC addresses allowed to access
configured the port is not configured here.
Stored mac-address num is 0 The number of current users is zero.
■ Any view
Description Use the display port-security command to display the information about
port security configuration (including global configuration and all or specific port
configuration).
By checking the output of this command, you can verify the current configuration.
CAUTION:
■ This command will display global and all ports' security configuration information
if the interface-list argument is not specified.
■ This command will display global and particular port's security configuration
information if the interface-list argument is specified.
3Com Switch 4200G Family display port vlan-vpn ● 261
Command Reference
display port vlan-vpn
Purpose Use the display port vlan-vpn command to display the information about the
VLAN VPN configuration of the current system, including current TPID value,
VLAN-VPN ports, and VLAN-VPN uplink ports.
Syntax display port vlan-vpn
Parameters None
Example Display the VLAN-VPN configuration of the system.
<S4200G> display port vlan-vpn

VLAN-VPN TPID: 8100
VLAN-VPN status: enabled
VLAN-VPN VLAN: 1
VLAN-VPN VLAN: 1
VLAN-VPN VLAN: 1
…………………………(Omitted)
■ Any view
262 ● display protocol-priority 3Com Switch 4200G Family
Command Reference
display protocol-priority
Purpose Use the display protocol-priority command to display the priority of

protocol packets.
Syntax display protocol-priority
Parameters None
Example To display the priority of protocol packets, enter the following:
<S4200G> display protocol-priority
■ Any view
3Com Switch 4200G Family display qos cos-drop-precedence-map ● 263
Command Reference
display qos cos-drop-precedence-map
Purpose Use the display qos cos-drop-precedence-map command to display the

"COS->Drop-precedence" mapping relationship.
Syntax display qos cos-drop-precedence-map
Parameters None
Example To display the "COS->Drop-precedence" mapping relationship, enter the following:
<S4200G> display qos cos-drop-precedence-map

cos-drop-precedence-map:
cos : 0 1 2 3 4 5 6 7
-------------------------------------------------------------------
drop-precedence : 2 2 1 1 1 1 0 0
■ Any view
264 ● display qos cos-dscp-map 3Com Switch 4200G Family
Command Reference
display qos cos-dscp-map
Purpose Use the display qos cos-dscp-map command to display the "COS->DSCP"
mapping relationship.
Syntax display qos cos-drop-precedence-map
Parameters None
Example To display the "COS->DSCP" mapping relationship, enter the following:
<S4200G> display qos cos-dscp-map:

cos : 0 1 2 3 4 5 6 7
-------------------------------------------------------------------
dscp : 16 0 8 24 32 40 48 56
■ Any view
3Com Switch 4200G Family display qos cos-local-precedence-map ● 265
Command Reference
display qos cos-local-precedence-map
Purpose Use the display qos cos-local-precedence-map command to view the

COS–>Local-precedence map.
Syntax display qos cos-local-precedence-map
Parameters None
Example To display COS and Local-precedence map, enter the following:

<S4200G> display qos cos-local-precedence-map
cos-local-precedence-map:
802.1p & local precedence : 0 1 2 3 4 5 6 7
--------------------------------------------------------------------
queue: 2 0 1 3 4 5 6 7
■ Any view
266 ● display qos dscp-cos-map 3Com Switch 4200G Family
Command Reference
display qos dscp-cos-map
Purpose Use the display qos dscp-cos-map command to display the "DSCP->802.1
priority" mapping relationship.
Syntax display qos dscp-cos-map
Parameters None
Example To display the "DSCP->801.1p priority" mapping relationship, enter the following:
<S4200G> display qos dscp-cos-map

dscp-cos-map:
dscp : cos
----------------------------------------------
0 : 1
1 : 1
2 : 1
3 : 1
4 : 1
5 : 1
6 : 1
7 : 1
8 : 2
9 : 2
10 : 2
11 : 2
12 : 2
13 : 2
14 : 2
15 : 2
16 : 0
17 : 0
18 : 0
19 : 0
20 : 0
---- More ----
■ Any view
3Com Switch 4200G Family display qos dscp-drop-precedence-map ● 267
Command Reference
display qos dscp-drop-precedence-map
Purpose Use the display qos dscp-drop-precedence-map command to display the

"DSCP->Drop-precedence" mapping relationship.
Syntax display qos dscp-drop-precedence-map
Parameters None
Example Display the "DSCP->Drop-precedence" mapping relationship.
<S4200G> display qos dscp-drop-precedence-map

dscp-drop-precedence-map
dscp : drop-precedence
----------------------------------------------
0 : 1
1 : 1
2 : 1
3 : 1
4 : 1
5 : 1
6 : 1
7 : 1
8 : 1
9 : 1
10 : 1
11 : 1
12 : 1
13 : 1
14 : 1
15 : 1
16 : 1
17 : 1
18 : 1
19 : 1
20 : 1
---- More ----
■ Any view
268 ● display qos dscp-dscp-map 3Com Switch 4200G Family
Command Reference
display qos dscp-dscp-map
Purpose Use the display qos dscp-cos-map command to display the "DSCP->DSCP"
Syntax display qos dscp-dscp-map
Parameters None
Example To display the "DSCP->DSCP" mapping relationship, enter the following:
<S4200G> display qos dscp-dscp-map

dscp-dscp-map
dscp : dscp
----------------------------------------------
0 : 0
1 : 1
2 : 2
3 : 3
4 : 4
5 : 5
6 : 6
7 : 7
8 : 8
9 : 9
10 : 10
11 : 11
12 : 12
13 : 13
14 : 14
15 : 15
16 : 16
17 : 17
18 : 18
19 : 19
20 : 20
---- More ----
■ Any view
3Com Switch 4200G Family display qos dscp-local-precedence-map ● 269
Command Reference
display qos dscp-local-precedence-map
Purpose Use the display qos dscp-local-precedence-map command to display the

"DSCP->Local-precedence" mapping relationship.
Syntax display qos dscp-local-precedence-map
Parameters None
Example To display the "DSCP->Local-precedence" mapping relationship, enter the following:
<S4200G> display qos dscp-local-precedence-map

dscp-local-precedence-map
dscp : local-precedence(queue)
----------------------------------------------
0 : 0
1 : 0
2 : 0
3 : 0
4 : 0
5 : 0
6 : 0
7 : 0
8 : 1
9 : 1
10 : 1
11 : 1
12 : 1
13 : 1
14 : 1
15 : 1
16 : 2
17 : 2
18 : 2
19 : 2
20 : 2
---- More ----
■ Any view
270 ● display qos-interface all 3Com Switch 4200G Family
Command Reference
display qos-interface all
Purpose Use the display qos-interface all command to display all the QoS settings
of the port.
Syntax display qos-interface { interface-name | interface-type interface-num |

unit-id } all
Parameters interface-name |
interface-type
interface-num Specifies the port of the switch. Specify this parameter
and the switch will display the parameter
configurations of the specified port.
unit-id Specifies the unit ID. Specify this parameter and the
switch will display the parameter configurations of the
specified unit. If the unit ID parameter is specified, the
QoS parameter settings of all the ports on the specified
switch will be displayed.
Example To display all the QoS settings on Gigabitethernt1/0/1, enter the following:
<S4200G> display qos-interface gigabitethernet1/0/1 all
GigabitEthernet1/0/1: priority-trust port
GigabitEthernet1/0/1 Port Shaping: Disable

0 kbps, 0 burst
QID: status max-rate(kbps) burst-size(byte)
----------------------------------------------------
0 : Disable 0 0
1 : Disable 0 0
2 : Disable 0 0
3 : Disable 0 0
4 : Disable 0 0
5 : Disable 0 0
6 : Disable 0 0
7 : Disable 0 0
■ Any view
Description The switch displays the following information according to its configurations:
■ Traffic policing configurations

■ Priority remark configurations
■ Redirect configurations
■ Traffic statistics configurations
3Com Switch 4200G Family display qos-interface all ● 271
Command Reference
■ Traffic mirroring configurations

■ Precedence mapping configurations
■ Traffic shaping configurations
■ VLAN tag remark configurations
Related Commands ■ port

■ traffic-limit
272 ● display qos-interface priority-trust 3Com Switch 4200G Family
Command Reference
display qos-interface priority-trust
Purpose Use the display qos-interface priority-trust command to display the

precedence mapping mode of the switch.
Syntax display qos-interface { interface-type interface-num | unit-id }

priority-trust
interface-num Specifies the port of the switch. Input this parameter
unit-id Specifies the unit ID. Input this parameter and the
specified unit.
Example To display the precedence mapping mode configuration on Gigabitethernt1/0/1,

<S4200G> display qos-interface gigabitethernet 1/0/1 priority-trust

GigabitEthernet1/0/1: priority-trust port
■ Any view
Description This command displays the name and priority-trust mode of the port.
Related Command priority trust

3Com Switch 4200G Family display qos-interface traffic-limit ● 273
Command Reference
display qos-interface traffic-limit
Purpose Use the display qos-interface traffic-limit command to view the traffic limit
settings.
Syntax display qos-interface { interface-name | interface-type interface-num |

unit-id } traffic-limit
interface-type
specified unit.
Example To display the parameter configurations of traffic policing on Gigabitethernt1/0/1,

<S4200G> display qos-interface gigabitethernet1/0/1 traffic-limit

GigabitEthernet1/0/1: traffic-limit
Inbound:
Matches: Acl 2000 rule 0 running
Target rate: 1 Kbps
■ Any view
Description Use this command to display:
■ The name of the port and the name of the traffic policing action
■ The application direction of the function on the port
■ Referenced ACL
■ Committed average rate
■ Settings for related policing actions
■ The running state of traffic policing statistics

274 ● display qos-interface traffic-shape 3Com Switch 4200G Family
Command Reference
display qos-interface traffic-shape
Purpose Use the display qos-interface traffic-shape command to view the

parameter configurations of traffic shaping on the port.
Syntax display qos-interface { interface-type interface-num | unit-id }

traffic-shape
specified unit.
Example To display the parameter configurations of traffic limit on the port, enter the
following:
<S4200G> display qos-interface gigabitethernet1/0/1 traffic-shape
GigabitEthernet1/0/1 Port Shaping: Enable

20 kbps, 4 burst
QID: status max-rate(kbps) burst-size(byte)
----------------------------------------------------
0 : Disable 0 0
1 : Disable 0 0
2 : Disable 0 0
3 : Disable 0 0
4 : Disable 0 0
5 : Disable 0 0
6 : Disable 0 0
7 : Disable 0 0
■ Any view
■ Whether traffic shaping is enabled

■ Parameter configurations of the port-based traffic shaping: maximum traffic rate
and burst size (in kbyte)
■ Parameter configurations of the queue-based traffic shaping: queue ID, status,
maximum rate and burst size
Related Command traffic shape

3Com Switch 4200G Family display qos-interface traffic-statistic ● 275
Command Reference
display qos-interface traffic-statistic
Purpose Use the display qos-interface traffic-statistic command to view the traffic
statistics.
Syntax display qos-interface { interface-name |interface-type interface-num |

unit-id } traffic-statistic
interface-type
specified unit.
Example To display the traffic statistics, enter the following:
<S4200G> display qos-interface gigabitethernet1/0/1 traffic-statistic

GigabitEthernet1/0/1: traffic-statistic
Inbound:
Matches: Acl 2000 rule 0 running
0 packet
■ Any view

■ The name of the port and the name of the traffic statistics
■ The application direction of the function on the port
■ Referenced ACL
■ The number of packets matching with the ACL rules

■ traffic-statistic
276 ● display qos-profile 3Com Switch 4200G Family
Command Reference
display qos-profile
Purpose Use the display qos-profile command to view the configurations of the QoS
profile.
Syntax display qos-profile { all | name profile-name | interface {

interface-name | interface-type interface-num } | user user-name }
Parameters all Displays all QoS profiles.

name profile-name Displays the QoS profile with the specified name. The
name is a string in the range of 1 to 32 characters and
it cannot be reserved key words, such as all, interface,
user, undo, user-based, port-based and so on.
interface { interface-name
| interface-type
interface-num } Displays QoS profiles applied on the specified port.
user user-name Displays QoS profiles corresponding to the specified
user.user-name is the user name in the range of 1 to
80 characters.
Example To display the configurations of all the QoS profiles, enter the following:
<S4200G> display qos-profile all

qos-profile: test, 2 actions
packet-filter inbound ip-group 2000 rule 0
traffic-limit inbound ip-group 2000 rule 0 1
■ Any view
■ The name of the QoS profile and the number of configured actions
■ The definition of each action
3Com Switch 4200G Family display queue-scheduler ● 277
Command Reference
display queue-scheduler
Purpose Use the display queue-scheduler command to view queue scheduling mode and
corresponding parameters.
Syntax display queue-scheduler
Parameters None
Default The default is Weighted Round Robin.
Example To display the queue-scheduling mode and the related parameters, enter the
following:
<S4200G> display queue-scheduler

QID: scheduling-group weight
-----------------------------------
0 : sp 0
1 : sp 0
2 : sp 0
3 : sp 0
4 : sp 0
5 : sp 0
6 : sp 0
7 : sp 0
■ Any view
■ Queue ID
■ The scheduling group of the queue
■ The weight of the queue
Related Command queue-scheduler

278 ● display radius 3Com Switch 4200G Family
Command Reference
display radius
Purpose Use the display radius command to view the configuration information about all
RADIUS schemes or a specified scheme.
Syntax display radius [ radius-scheme-name ]
Parameters radius-scheme-name Specifies the RADIUS scheme name with a character

string up to 32 characters in length. If not specified, all
RADIUS schemes are displayed by default.
Example To display the configuration information about all RADIUS schemes, enter the
following:
<S4200G> display radius

------------------------------------------------------------------
SchemeName =system Index=0 Type=3Com
Primary Auth IP =127.0.0.1 Port=1645
Primary Acct IP =127.0.0.1 Port=1646
Second Auth IP =0.0.0.0 Port=1812
Second Acct IP =0.0.0.0 Port=1813
Auth Server Encryption Key= 3Com
Acct Server Encryption Key= 3Com
Accounting method = required
Accounting-On packet enable, send times = 15 , interval = 3s
TimeOutValue(in second)=3 RetryTimes=3 RealtimeACCT(in minute)=12
Permitted send realtime PKT failed counts =5
Retry sending times of noresponse acct-stop-PKT =500
Quiet-interval(min) =5
Username format =without-domain
Data flow unit =Byte
Packet unit =1
unit 1 :
Primary Auth State=active, Second Auth State=block
Primary Acc State=active, Second Acc State=block
------------------------------------------------------------------
Total 1 RADIUS scheme(s). 1 listed
Table 63 Description on the fields of the display radius command
Field Description
SchemeName Name of the RADIUS scheme
Index Index number of the RADIUS scheme
Type Type of the RADIUS servers
Primary Auth IP/ Port IP address/access port number of the primary authentication
server
Primary Acct IP/ Port IP address/access port number of the primary accounting server
Second Auth IP/ Port IP address/access port number of the secondary authentication
server
Second Acct IP/ Port IP address/access port number of the secondary accounting
server
3Com Switch 4200G Family display radius ● 279
Command Reference
Table 63 Description on the fields of the display radius command (continued)
Field Description
Auth Server Encryption Key Shared key of the authentication servers
Acct Server Encryption Key Shared key of the accounting servers
Accounting method Accounting method
Accounting-On packet enable, The system sends up to 15 Accounting-on packets at intervals
send times = 15 , interval = 3s of 3 seconds after restarting.
TimeOutValue (seconds) RADIUS server response timeout time
RetryTimes Maximum number of transmission attempts
RealtimeACCT(in minute) Real-time accounting interval in minutes
Permitted send realtime PKT Maximum allowed number of continuous no-response
failed counts real-time accounting requests
Retry sending times of Maximum number of transmission attempts of the buffered
nonresponse acct-stop-PKT stop-accounting requests
Quiet-interval(min) Wait time for the primary servers to restore the active state
Username format User name format
Data flow unit Unit of measure for data in data flows
Packet unit Unit of measure for packets
Primary Auth State Status of the primary authentication server
Second Auth State Status of the secondary authentication server
Primary Acc State Status of the primary accounting server
Second Acc State Status of the secondary accounting server
■ Any view
Related Command radius-scheme

280 ● display radius statistics 3Com Switch 4200G Family
Command Reference
display radius statistics
Purpose Use the display radius statistics command to view the statistics information
about RADIUS packet.
Syntax display radius statistics
Parameters None
Example To display the statistics about RADIUS packets, enter the following:
<S4200G> display radius statistics

state statistic(total=1048):
DEAD=1048 AuthProc=0 AuthSucc=0
AcctStart=0 RLTSend=0 RLTWait=0
AcctStop=0 OnLine=0 Stop=0
StateErr=0
Received and Sent packets statistic:

Unit 1........................................
Sent PKT total :0 Received PKT total:0
RADIUS received packets statistic:
Code= 2,Num=0 ,Err=0
Code=11,Num=0 ,Err=0
Running statistic:
RADIUS received messages statistic:
Normal auth request , Num=0 , Err=0 , Succ=0
EAP auth request , Num=0 , Err=0 , Succ=0
Account request , Num=0 , Err=0 , Succ=0
Account off request , Num=0 , Err=0 , Succ=0
PKT auth timeout , Num=0 , Err=0 , Succ=0
PKT acct_timeout , Num=0 , Err=0 , Succ=0
Realtime Account timer , Num=0 , Err=0 , Succ=0
PKT response , Num=0 , Err=0 , Succ=0
EAP reauth_request , Num=0 , Err=0 , Succ=0
PORTAL access , Num=0 , Err=0 , Succ=0
Update ack , Num=0 , Err=0 , Succ=0
PORTAL access ack , Num=0 , Err=0 , Succ=0
Session ctrl pkt , Num=0 , Err=0 , Succ=0
Set policy result , Num=0 , Err=0 , Succ=0
RADIUS sent messages statistic:
Auth accept , Num=0
Auth reject , Num=0
EAP auth replying , Num=0
Account success , Num=0
Account failure , Num=0
Cut req , Num=0
Set policy result , Num=0
RecError_MSG_sum:0 SndMSG_Fail_sum :0
Timer_Err :0 Alloc_Mem_Err :0
State Mismatch :0 Other_Error :0
3Com Switch 4200G Family display radius statistics ● 281
Command Reference
No-response-acct-stop packet =0
Discarded No-response-acct-stop packet for buffer overflow =0
0
■ Any view

282 ● display rmon alarm 3Com Switch 4200G Family
Command Reference
display rmon alarm
Purpose Use the display rmon alarm command to display the configuration of a specified
alarm entry or all the alarm entries.
Syntax display rmon alarm [ entry-number ]
Parameters alarm-table-entry Alarm entry index, in the range of 1 to 65535. If you

do not specify this argument, the configuration of all
alarm entries is displayed.
Example Display the configuration of all the alarm entries.
<S4200G> display rmon alarm

Alarm table 1 owned by user1 is Valid.
Samples type : absolute
Variable formula :
1.3.6.1.2.1.2.2.1.10.4228009<ifInOctets.4228009>
Sampling interval : 6(sec)
Rising threshold : 10000(linked with event 1)
Falling threshold : 2000(linked with event 1)
When startup enables : risingOrFallingAlarm
Latest value : 0
Table 64 Description on the fields of the display rmon alarm command
Field Description
Samples type Indicates the type of a sample. This field can be delta, which
indicates the sample is an increment, or absolute, which
indicates the sample is an absolute value.
When startup enables Indicates the condition to trigger the alarm.
■ Any view
Related Command rmon alarm

3Com Switch 4200G Family display rmon event ● 283
Command Reference
display rmon event
Purpose Use the display rmon event command to display the configuration of a specified
event entry or all the event entries.
Syntax display rmon event [ event-entry ]
Parameters event-entry Event entry index, in the range of 1 to 65535. If you do

not specify this argument, the configuration of all the
event entries is displayed.
Example Display the configuration of all the event entries.
<S4200G> display rmon event

Event table 1 owned by user1 is VALID.
Description: null.
Will cause log-trap when triggered, last triggered at 0days
00h:02m:27s.
Table 65 Output information of the display rmon event command
Field Description
Event table 1 Event entry with index 1
VALID The state of the entry is valid
cause log-trap when triggered Logging and trapping triggered by events
Description Event description
last triggered at 0days 00h:02m:27s Time when the last event is triggered
■ Any view
Description The displayed information includes: event entry index, event entry owner, event
description, the action triggered by the event (log or alarm messages), and the time
(in seconds) when the latest event is triggered (in terms of the time elapsed since the
system is started/initialized).
Related Command rmon event

284 ● display rmon eventlog 3Com Switch 4200G Family
Command Reference
display rmon eventlog
Purpose Use the display rmon eventlog command to display the log of a specified event
entry or all the event entries.
Syntax display rmon eventlog [ event-entry ]
Parameters event-entry Event entry index, in the range of 1 to 65535. If you do

not specify this argument, the log of all the event
entries is displayed.
Example Display the log generated by the event entry numbered 1.
<S4200G> display rmon eventlog 1

Event table 1 owned by user1 is VALID.
Generates eventLog 1.1 at 0days 00h:01m:39s.
Description: The 1.3.6.1.2.1.16.1.1.1.4.1 defined in alarm table 1,
less than(or =) 100 with alarm value 0. Alarm sample type is absolute.
Generates eventLog 1.2 at 0days 00h:02m:27s.
Description: The alarm formula defined in private alarm table 1,
less than(or =) 100 with alarm value 0. Alarm sample type is absolute.
■ Any view
Description The displayed information includes: the indexes and status of the event entries in the
event table, the time (in seconds) when an event log is generated (in terms of the
time elapsed since the system is started or initialized), and the event description.
3Com Switch 4200G Family display rmon history ● 285
Command Reference
display rmon history
Purpose Use the display rmon history command to display the RMON history information
about a specified port. The information about the latest sample, including utilization,
the number of errors, the total number of packets and so on, is also displayed.
Syntax display rmon history [ interface-type interface-number | unit

unit-number ]
Parameters interface-type Interface type, refers to GigabitEthernet here.

interface-number Interface number
unit unit-number Specifies a unit number.
Example Display the RMON history information about GigabitEthernet1/0/1.
<S4200G> display rmon history GigabitEthernet 1/0/1

History control entry 1 owned by user1 is VALID
Samples interface : GigabitEthernet1/0/1<ifIndex.4227817>
Sampling interval : 5(sec) with 10 buckets max
Latest sampled values :
dropevents : 0 , octets : 0
packets : 0 , broadcast packets : 0
multicast packets : 0 , CRC alignment errors : 0
undersize packets : 0 , oversize packets : 0
fragments : 0 , jabbers : 0
collisions : 0 , utilization : 0
■ Any view
Related Command rmon history

286 ● display rmon prialarm 3Com Switch 4200G Family
Command Reference
display rmon prialarm
Purpose Use the display rmon prialarm command to display the configuration of a
specified extended alarm entry or all the extended alarm entries.
Syntax display rmon prialarm [ prialarm-entry-number]
Parameters prialarm-entry-number Extended alarm entry Index, in the range of 1 to

65535. If you do not specify this argument, the
configuration of all the extended alarm entries is
displayed.
Example Display the configuration of all the extended RMON alarm entries.
<S4200G> display rmon prialarm

Prialarm table 1 owned by user1 is VALID.
Samples type : absolute
Variable formula : .1.3.6.1.2.1.16.1.1.1.4.1
Description :
Sampling interval : 10(sec)
Rising threshold : 10000(linked with event 1)
Falling threshold : 2000(linked with event 1)
When startup enables : risingOrFallingAlarm
This entry will exist : forever.
Latest value : 0
■ Any view
Related Command rmon prialarm

3Com Switch 4200G Family display rmon statistics ● 287
Command Reference
display rmon statistics
Purpose Use the display rmon statistics command to display the RMON statistics of a
specified port.
Syntax display rmon statistics [ interface-type interface-number | unit

unit-number ]
Parameters interface-type Interface type.

interface-number Interface number.
unit unit-number Specifies a unit number.
Example Display the RMON statistics information about GigabitEthernet1/0/1
<S4200G> display rmon statistics GigabitEthernet 1/0/1

Statistics entry 1 owned by user1-rmon is VALID.
Interface : GigabitEthernet1/0/1<ifIndex.4227817>
etherStatsOctets : 0 , etherStatsPkts : 0
etherStatsBroadcastPkts : 0 , etherStatsMulticastPkts : 0
etherStatsUndersizePkts : 0 , etherStatsOversizePkts : 0
etherStatsFragments : 0 , etherStatsJabbers : 0
etherStatsCRCAlignErrors : 0 , etherStatsCollisions : 0
etherStatsDropEvents (insufficient resources): 0
Packets received according to length:
64 : 0 , 65-127 : 0 , 128-255 : 0
256-511: 0 , 512-1023: 0 , 1024-1518: 0
■ Any view
Description The displayed information include the number of the following items: collisions,
packets with CRC errors, undersize or oversize packets, broadcast packets, multicast
packets, received bytes, and received packets.
Related Command rmon statistics

288 ● display rsa local-key-pair public 3Com Switch 4200G Family
Command Reference
display rsa local-key-pair public
Purpose Use the display rsa local-key-pair public command to display the public
key of the server host key pair. If no key pair is generated, the system prompts “%RSA
keys not found”.
Syntax display rsa local-key-pair public
Parameters None
Example Display the public key of the server host key pair:
<S4200G> display rsa local-key-pair public

=====================================================
Time of Key pair created: 02:15:56 2000/04/02
Key name: S4200G_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
C968B224 D3DD880B 65758B4F AD281531 8BC8A915
48D30D34 F29B9BE3 4F35DFD6 C8AB3135 0727590B
80700BA1 6D62CF05 DF9960A4 59466486 E0A36F95
A76B28C7
0203
010001
Host public key for PEM format code:

---- BEGIN SSH2 PUBLIC KEY ----
AAAAB3NzaC1yc2EAAAADAQABAAAAhADX9/Nk0pXI2n9A58Yt9+IGbssAdzN28FGk
tfHKrzw6MU8a57DYhETGhFmaVrqVG9COBn3Kk0RI2GsUUuI/ujN6tM1lzf0h/eZs
CaZfB6BnaTHH9X1A/Qc+WCa5jmWyB5u3V1CpTUWVd8smXZg8wHuOsd4DK6zcp48H
l1KgSYCK69A87Q==
---- END SSH2 PUBLIC KEY ----
Public key code for pasting into OpenSSH authorized_keys file:

ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAAAhADX9/Nk0pXI2n9A58Yt9+IGbssAdzN28FGktfHKrz
w6
MU8a57DYhETGhFmaVrqVG9COBn3Kk0RI2GsUUuI/ujN6tM1lzf0h/eZsCaZfB6BnaTHH9X
1A/Qc+WCa5
jmWyB5u3V1CpTUWVd8smXZg8wHuOsd4DK6zcp48Hl1KgSYCK69A87Q== rsa-key
■ Any view
Related Command rsa local-key-pair create

3Com Switch 4200G Family display rsa peer-public-key ● 289
Command Reference
display rsa peer-public-key
Purpose Use the display rsa peer-public-key command to display the client public
key of the specified RSA key pair. If no key name is specified, the command displays
all public keys of the client
Syntax display rsa peer-public-key [ brief | name keyname ]
Parameters brief Displays brief information about all public keys on the
client.
keyname Name of the client public key, consisting of a string 1
Example Display all public keys on the client.
<S4200G> display rsa peer-public-key brief

Address Bits Name
---------------------------
1023 abcd
1024 hq
Display the public key of the client key pair abcd.
<S4200G> display rsa peer-public-key name abcd

=====================================
Key name: abcd
Key address:
=====================================
Key Code:
308186
028180
739A291A BDA704F5 D93DC8FD F84C4274 631991C1 64B0DF17 8C55FA83
3591C7D4
7D5381D0 9CE82913 D7EDF9C0 8511D83C A4ED2B30 B809808E B0D1F52D
045DE408
61B74A0E 135523CC D74CAC61 F8E58C45 2B2F3F2D A0DCC48E 3306367F
E187BDD9
44018B3B 69F3CBB0 A573202C 16BB2FC1 ACF3EC8F 828D55A3 6F1CDDC4
BB45504F
0201
25
■ Any view
290 ● display saved-configuration 3Com Switch 4200G Family
Command Reference
display saved-configuration
Purpose Use the display saved-configuration command to display the content of the
main configuration file in the flash memory of a switch.
Syntax display saved-configuration [ unit unit-id ] [ by-linenum ]
Parameters unit unit-id Specifies the unit ID of a switch.

by-linenum Displays the number of each line.
Example Display the content of the main configuration file in the Flash.
<S4200G> display current-configuration

#
sysname S4200G
#
radius scheme system
#
domain system
#
vlan 1
#
vlan 2
#
#
interface Aux1/0/0
#
interface Ethernet1/0/1
#
#
#
#
#
#
#
#
#
#
#
#
3Com Switch 4200G Family display saved-configuration ● 291
Command Reference
#
#
#
#
#
#
#
#
#
#
#
#
#
#
interface NULL0
#
management-vlan 2
#
user-interface aux 0 7
#
return
The configurations above are listed in the following order: global, port configuration,
and user interface configurations.
■ Any view
Description If an Ethernet switch does not work normally after it is powered on, you can use the
display saved-configuration command to view the startup configurations
of the switch.
292 ● display schedule reboot 3Com Switch 4200G Family
Command Reference
display schedule reboot
Purpose Use the display schedule reboot command to display information about
scheduled reboot.
Syntax display schedule reboot
Parameters None
Example Display the information about scheduled reboot.
<S4200G> display schedule reboot

System will reboot at 16:00:00 2002/11/1 (in 2 hours and 5 minutes).
■ Any view
Related Command ■ reboot

■ schedule reboot at
3Com Switch 4200G Family display snmp-agent ● 293
Command Reference
display snmp-agent
Purpose Use the display snmp-agent command to view engine ID of the local or remote
SNMP entity.
Syntax display snmp-agent { local-engineid | remote-engineid }
Parameters local-engineid Engine ID of a local SNMP entity.

remote-engineid Engine ID of a remote SNMP entity.
Example Display the engine ID of a local device.
<S4200G>display snmp-agent local-engineid

SNMP Local EngineID: 800007DB00E0FC0031006877
SNMP local EngineID in the above information represents the engine ID

of the local SNMP entity.
■ Any view
Description The SNMP engine is a unique identifier of an SNMP entity in the SNMP domain. It
performs the function of sending, receiving and authenticating SNMP messages,
extracting PDUs, packet encapsulations, and communication with SNMP applications.
294 ● display snmp-agent community 3Com Switch 4200G Family
Command Reference
display snmp-agent community
Purpose Use the display snmp-agent community command to view the information about
the currently configured community names for SNMPv1 or SNMPv2c.
display snmp-agent community [ read | write ]
Parameters read Displays read-only community information.

write Displays read-write community information.
Example Display the currently configured community names.
<S4200G>display snmp-agent community

community name:public
group name:public
storage-type: nonVolatile
community name:private
group name:private
storage-type: nonVolatile
The following table describes the output fields

Table 66 Description on the fields of the display snmp-agent community command
Field Description
community name community name
Group name Group name
storage-type Storage type, including volatile, nonVolatile, permanent, readOnly and
other.
■ Any view
3Com Switch 4200G Family display snmp-agent group ● 295
Command Reference
display snmp-agent group
Purpose Use the display snmp-agent group command to view group name, security model,
state of various views and storage models.
Syntax display snmp-agent group [ group-name ]
Parameters groupname Group name. Valid values are 1 to 32 bytes.
Example Display SNMP group name and security model.
<S4200G>display snmp-agent group

Group name: v3r2
Security model: v3 noAuthnoPriv
Readview: ViewDefault
Writeview: <no specified>
Notifyview :<no specified>
Storage-type: nonvolatile
The following table describes the output fields.

Table 67 Output description of the display snmp-agent group command
Field Description
groupname SNMP Group name of the user
Security model Security model of that group, including authorization and encryption,
authorization and no encryption, no authorization and no encryption.
readview Read-only MIB view name corresponding to that group
writeview Writable MIB view corresponding to that group
notifyview The name of the notify MIB view corresponding to that group
storage-type Storage type, including volatile, nonVolatile, permanent, readOnly and
other.
■ Any view
296 ● display snmp-agent mib-view 3Com Switch 4200G Family
Command Reference
display snmp-agent mib-view
Purpose The display snmp-agent mib-view command is used to view the MIB view
configuration information of the current Ethernet switch.
Syntax display snmp-agent mib-view [ exclude | include | viewname view-name]
Parameters exclude Displays the SNMP mib view excluded.

include Displays the SNMP mib view included.
viewname Displays the SNMP mib view according to the view
name.
view-name Specifies the mib view name.
Example Display the information about the currently configured MIB view.
<S4200G>display snmp-agent mib-view

View name:ViewDefault
MIB Subtree:internet
Subtree mask:
Storage-type: nonVolatile
View Type:included
View status:active
MIB Subtree:snmpUsmMIB
Subtree mask:
View Type:excluded
View status:active
MIB Subtree:snmpVacmMIB
Subtree mask:
View Type:excluded
View status:active
MIB Subtree:snmpModules.18
Subtree mask:
View Type:excluded
View status:active
3Com Switch 4200G Family display snmp-agent mib-view ● 297
Command Reference

Table 68 Output description of the display snmp-agent group command
Field Description
View name View name
MIB Subtree MIB Subtree
Storage-type Storage type
ViewType: included/excluded Permit or forbid access to an MIB object
View status Indicate the line state in the table
■ Any view
Description The display snmp-agent mib-view command is used to view the MIB view
configuration information of the Switch.
If the SNMP Agent is disabled, "SNMP Agent disabled" will be displayed after you
execute the above display commands.
298 ● display snmp-agent statistics 3Com Switch 4200G Family
Command Reference
display snmp-agent statistics
Purpose Use the display snmp-agent statistics command to view the statistics
information about SNMP packets.
Syntax display snmp-agent statistics
Parameters None
Example Display the statistics information about SNMP packets.
<S4200G> display snmp-agent statistics

1276 Messages delivered to the SNMP entity
0 Messages which were for an unsupported version
0 Messages which used a SNMP community name not known
0 Messages which represented an illegal operation for the community
supplied
0 ASN.1 or BER errors in the process of decoding
1291 Messages passed from the SNMP entity
0 SNMP PDUs which had badValue error-status
0 SNMP PDUs which had genErr error-status
7 SNMP PDUs which had noSuchName error-status
0 SNMP PDUs which had tooBig error-status (Maximum packet size 1500)
3669 MIB objects retrieved successfully
26 MIB objects altered successfully
420 GetRequest-PDU accepted and processed
832 GetNextRequest-PDU accepted and processed
0 GetBulkRequest-PDU accepted and processed
1276 GetResponse-PDU accepted and processed
24 SetRequest-PDU accepted and processed
15 Trap PDUs accepted and processed
0 Alternate Response Class PDUs droped silently
0 Forwarded Confirmed Class PDUs droped silently
Table 69 Output description of the display snmp-agent statistics command
Field Description
0 Messages delivered to the SNMP entity Total number of the input SNMP packets
0 Messages which were for an Number of packets with version information error
unsupported version
0 Messages which used a SNMP Number of packets with community name error
community name not known
0 Messages which represented an illegal Number of packets with authority error
operation for the community supplied corresponding to the community name
0 ASN.1 or BER errors in the process of Number of SNMP packets with encoding error
decoding
0 Messages passed from the SNMP Total number of the output SNMP packets
entity
0 SNMP PDUs which had a badValue Number of SNMP packets with Bad_values error
error
3Com Switch 4200G Family display snmp-agent statistics ● 299
Command Reference
Table 69 Output description of the display snmp-agent statistics command
Field Description
0 SNMP PDUs which had a general error Number of SNMP packets with General_errors
0 SNMP PDUs which had a noSuchName Number of the packets requesting nonexistent MIB
error objects
0 SNMP PDUs which had a tooBig error Number SNMP packet with too_big error
(Maximum packet size 1500)
0 MIB objects retrieved successfully Number of variables requested by NMS
0 MIB objects altered successfully The number of variables set by NMS
0 Get-request PDUs accepted and Number of the received packets requested by get
processed
0 Get-next request PDUs accepted and Number of the received packets requested by
processed get-next
0 GetBulkRequest-PDU accepted and Number of PDUs requested by GetBulk.
processed
0 GetResponse-PDU accepted and Number of PDUs requested by GetResponse.
processed
0 Set-request PDUs accepted and Number of the received packets requested by set
processed
3 Trap PDUs accepted and processed Number of the sent Trap packets
0 Alternate Response Class PDUs droped Number of dropped PDUs.
silently
0 Forwarded Confirmed Class PDUs Number of dropped forwarded PDUs.
droped silently
■ Any view
Description This command provides a counter for SNMP operations.

300 ● display snmp-agent sys-info 3Com Switch 4200G Family
Command Reference
display snmp-agent sys-info
Purpose Use the display snmp-agent sys-info command to view the system information
of SNMP configuration.
Syntax display snmp-agent sys-info [ contact | location | version ]*
Parameters contact Displays the contact information of the current device.

location Displays the physical location of the current device.
version Displays the version information about the SNMP
running in the system.
Example Display the system information about the SNMP device.
<S4200G> display snmp-agent sys-info

The contact person for this managed node:
R&D 3Com Corporation
The physical location of this node:
Beijing China
SNMP version running in the system:
SNMPv1 SNMPv2c SNMPv3
This command can be used in the following views:
■ Any view
Description The information includes the character string sysContact (system contact), the
character string describing the system location, the version information about the
running SNMP in the system.
3Com Switch 4200G Family display snmp-agent trap-list ● 301
Command Reference
display snmp-agent trap-list
Purpose Use the display snmp-agent trap-list command to display trap list
information.
Syntax display snmp-agent trap-list
Parameters None
Example Display trap list information.
<S4200G> display snmp-agent trap-list

configuration trap enable
flash trap enable
standard trap enable
system trap enable
Enable traps :4; Disable traps 0
■ Any view
Related Command snmp-agent trap enable

302 ● display snmp-agent usm-user 3Com Switch 4200G Family
Command Reference
display snmp-agent usm-user
Purpose Use the display snmp-agent usm-user command to view SNMP user
information.
Syntax display snmp-agent usm-user [ engineid engineid | group groupname |

username username ]
Parameters engineid Displays the SNMPv3 user information of the specified

engine ID, which ranges from 10 to 64 hexadecimal
numerals.
username Displays information about the specified SNMPv3 user,
which ranges from 1 to 32 bytes.
groupname Displays information about users in the specified group
name, which ranges from 1 to 32 bytes.
Example Display all user information.
<S4200G>display snmp-agent usm-user

User name: usm-user
Group name: usm-group
Engine ID: 800007DB00E0FC0031006877
UserStatus: active
Table 70 Description on the fields of the display snmp-agent usm-user command
Field Description
User name SNMP user name
Group name The group name which the SNMP user name belongs to
Engine ID The character string identifying the SNMP device
Storage type Storage type, including volatile, nonVolatile, permanent, readOnly and
other.
userStatus SNMP user status
■ Any view
3Com Switch 4200G Family display ssh server ● 303
Command Reference
display ssh server
Purpose Use the display ssh server command to display the status or session
information about the SSH server
Syntax display ssh server { status | session }
Parameters status Displays SSH status information.

session Displays SSH session information.
Example Display the status information about the SSH server.
<S4200G> display ssh server status

SSH version : 1.99
SSH connection timeout : 60 seconds
SSH Authentication retries : 3 times
SFTP Server: Enable
Display the session information about the SSH server.
<S4200G> display ssh server session

Conn Ver Encry State Retry Username
VTY 0 2.0 AES started 0 1
■ Any view
Related Commands ■ ssh server authentication-retries

■ ssh server timeout
304 ● display ssh server-info 3Com Switch 4200G Family
Command Reference
display ssh server-info
Purpose Use the display ssh server-info command to display the association
between the server public keys configured on the client and the servers.
Syntax display ssh server-info
Parameters None
Example Display the association between the server public keys and the servers.
<S4200G> display ssh server-info

Server Name(IP) Server public key name
______________________________________________________
192.168.0.1 abc_key01
192.168.0.2 abc_key02
■ Any view
3Com Switch 4200G Family display ssh user-information ● 305
Command Reference
display ssh user-information
Purpose Use the display ssh user-information command to display information

about the current SSH users, including user name, authentication mode, key name
and authorized service types. If the username is specified, the command displays
information about the specified user.
Syntax display ssh user-information [ username ]
Parameters username SSH user name, consisting of a string 1 to 80

characters long.
Example Display information about the current user.
<S4200G> display ssh user-information

Username Authentication-type User-public-key-name
Service-type
kj rsa null stelnet|sftp
■ Any view
Related Commands ■ ssh user assign rsa-key

■ ssh user service-type
■ ssh user authentication-type
306 ● display startup 3Com Switch 4200G Family
Command Reference
display startup
Purpose Use the display startup command to display the startup configuration of a
switch, including the name of the current startup configuration file, the names of the
main startup configuration file, and backup startup configuration file to be used
when the switch starts the next time, and so on.
Syntax display startup [ unit unit-id ]
Parameters unit unit-id Unit ID of a switch.
Example Display the startup configuration of unit 1.
<S4300G> display startup unit 1

MainBoard:
Current Startup saved-configuration file: NULL
Next main startup saved-configuration file: flash:/123.cfg
Next backup startup saved-configuration file: flash:/back.cfg
Bootrom-access enable state: enabled
■ Any view
Related Command startup saved-configuration

3Com Switch 4200G Family display stop-accounting-buffer ● 307
Command Reference
display stop-accounting-buffer
Purpose Use the display stop-accounting-buffer command to view the no-response

stop-accounting request packets buffered in the device.
Syntax display stop-accounting-buffer { radius-scheme radius-scheme-name |

session-id session-id | time-range start-time stop-time |
user-name user-name }
radius-scheme-name Displays the buffered stop-accounting requests of the
specified RADIUS scheme. radius-scheme-name is
a character up to 32 characters in length.
session-id session-id Displays the buffered stop-accounting requests of the
specified session ID. session-id is a character string
up to 50 characters in length.
time-range start-time
stop-time Displays the buffered stop-accounting requests in the
specified time range.
■ start-time specifies the beginning time of the
request time range.
■ stop-time specifies the end time of the saving
time range.
The time is expressed in the format
hh:mm:ss-yyyy/mm/dd or hh:mm:ss-yyyy/mm/dd.
user-name user-name Displays the buffered stop-accounting requests for the
specified username. user-name specifies the
username, a character string up to 32 characters in
length. This string cannot contain the following
characters:
■ /
■ *
■ <
■ >
username. The pure username (the part before @,
namely the user ID) cannot exceed 24 characters.
Example To Display the buffered stop-accounting requests from 0:0:0 08/31/2002 to 23:59:59
08/31/2002, enter the following:
308 ● display stop-accounting-buffer 3Com Switch 4200G Family
Command Reference
<S4200G> display stop-accounting-buffer time-range 0:0:0-08/31/2002

23:59:59-08/31/2002
Total find 0 record
■ Any views
Description You can choose to display the buffered stop-accounting packets of a specified
RADIUS scheme, session ID, or user name. You can also specify a time range to display
those which are sent within the specified time range. The displayed packet
information helps you to diagnose and resolve problems relevant to RADIUS.
When the switch sends out a stop-accounting packet but gets no response from the
RADIUS server, it first buffers the packet and then retransmits it until the maximum
number of retransmission attempts (set by the retry stop-accounting
command) is reached.
Related Command ■ reset stop-accounting-buffer

■ stop-accounting-buffer enable
■ retry stop-accounting
3Com Switch 4200G Family display stp ● 309
Command Reference
display stp
Purpose Use the display stp command to display the state and statistical information
about one or all spanning trees.
Syntax display stp [ instance instance-id ] [ interface interface-list |

slot slot-number ] [ brief ]
Parameters instance-id ID of the spanning tree instance. Valid values are 0 to

16. A value of 0 specifies the common and internal
spanning tree (CIST).
interface-list Specifies the Ethernet port list. You can specify
multiple ports by providing this argument in the form:
[ to interface-name] & < 1-10 >.
The interface-name is the port index of a port and
can be specified in this form:
interface-num }
■ interface-type specifies the type of a port
■ interface-num identifies the port number.
Note that the interface name after the keyword to
must have an interface-num that is greater than or
equal to that of the interface-name before to.
■ &<1-10>means that up to 10 port indexes/port
index lists can be provided.
slot slot-number Specifies the slot number whose spanning tree
protocol (STP) information is to be displayed.
brief Displays only port status and protection measures
taken for the ports.
Example To display the state and statistical information about a spanning tree, enter the
following:
<S4200G> display stp instance 0 interface GigabitEthernet 1/0/1 to

GigabitEthernet 1/0/4 brief
MSTID Port Role STP State Protection
0 GigabitEthernet1/0/1 ALTE DISCARDING LOOP
0 GigabitEthernet1/0/2 DESI FORWARDING NONE
310 ● display stp 3Com Switch 4200G Family
Command Reference
Table 71 Description on the fields of the display stp command
Field Description
MSTID The ID of a spanning tree instance in the MST region
Port Port number corresponding to the spanning tree instance
Role Port role
STP State STP state of the port, which can be forwarding or discarding.
Protection Protection type of the port
■ Any view
Description The state and statistical information about MSTP can be used to analyze and maintain
the topology of a network. It also can be used to make MSTP operating properly.
■ If neither spanning tree instance nor port list is specified, the command displays
spanning tree information about all spanning tree instances on all ports in order of
port number.
■ If only a spanning tree instance is specified, the command displays information
about the specified spanning tree instance on all ports in order of port number.
■ If only a port list is specified, the command displays information about all spanning
tree instances on these ports in order of port number.
■ If both a spanning tree instance and a port list are specified, the command displays
spanning tree information about the specified spanning tree instance and the
specified ports in order of spanning tree instance ID.
MSTP status information includes the following:
■ Global CIST parameters: Protocol operation mode, switch priority in the CIST
instance, MAC address, Hello time, Max Age, Forward delay, Max hop count, the
common root bridge of the CIST, the external path cost for the switch to reach the
CIST common root bridge, the region root, the internal path cost for the switch to
reach the region root, CIST root port of the switch, and the status of the BPDU
protection function (enabled or disabled).
■ CIST port parameters: Port protocol, port role, port priority, path cost, the
designated bridge, the designated port, edge port/non-edge port, connected/not
connected to a point-to-point link, the maximum transmission speed, the type of
the root protection feature, VLAN mappings, Hello time, Max age, Forward delay,
Message-age time, and Remaining-hops.
■ Global MSTI parameters: MSTI ID, bridge priority of the instance, region root,
internal path cost, MSTI root port, and Master bridge.
■ MSTI port parameters: Port status, role, priority, path cost, the designated bridge,
the designated port, and Remaining Hops.
The statistics includes the number of the TCN BPDUs, the configuration BPDUs, the
RST BPDUs, and the MST BPDUs transmitted/received by the port.
Related Command reset stp

3Com Switch 4200G Family display stp region-configuration ● 311
Command Reference
display stp region-configuration
Purpose Use the display stp region-configuration command to display the MST
region configuration.
Information displayed includes:
■ the region name

■ region revision level
■ spanning tree instance-to-VLAN mappings configured for the switch
Syntax display stp region-configuration
Parameters None
Example To display the configurations of the MST regions, enter the following:
<S4200G> display stp region-configuration

Oper Configuration
Format selector :0
Region name :hello
Revision level :0
Instance Vlans Mapped

0 21 to 4094
1 1 to 10
2 11 to 20
Table 72 Description on the fields of the display stp region-configuration
command
Field Description
Format selector Selector specified by MSTP
Region name Name of the MST region
Revision level Revision level of the MST region
Instance Vlans Mapped Spanning tree instance-to-VLAN mappings in the MST region
■ Any view
Related Command stp region-configuration

312 ● display tcp statistics 3Com Switch 4200G Family
Command Reference
display tcp statistics
Purpose Use the display tcp statistics command to view the statistics information about
TCP packets.
Syntax display tcp statistics
Parameters None
Example To view statistics about TCP packets, enter the following:
<S4200G> display tcp statistics

Received packets:
Total: 753
packets in sequence: 412 (11032 bytes)
window probe packets: 0, window update packets: 0
checksum error: 0, offset error: 0, short error: 0
duplicate packets: 4 (88 bytes), partially duplicate packets: 5 (7
bytes)
out-of-order packets: 0 (0 bytes)
packets of data after window: 0 (0 bytes)
packets received after close: 0
ACK packets: 481 (8776 bytes)
duplicate ACK packets: 7, too much ACK packets: 0
Sent packets:
Total: 665
urgent packets: 0
control packets: 5 (including 1 RST)
window probe packets: 0, window update packets: 2
data packets: 618 (8770 bytes) data packets retransmitted: 0 (0 bytes)
ACK-only packets: 40 (28 delayed)
Retransmitted timeout: 0, connections dropped in retransmitted timeout:

0
Keepalive timeout: 0, keepalive probe: 0, keepalive timeout, so
connections disconnected : 0
Initiated connections: 0, accepted connections: 0, established
connections: Closed connections: 0 (dropped: 0, initiated dropped: 0
Table 73 Description on the fields of the display tcp statistics command
Field Description
Received packets Indicates that the following is the statistics for the received packets.
Total Total number of received packets
packets in sequence Number of packets reached in sequence
window probe packets Number of window probe packets
checksum error Number of checksum error packets
offset error Number of length error packets
short error Number of too short packets
duplicate packets Number of completely duplicate packets
3Com Switch 4200G Family display tcp statistics ● 313
Command Reference
Table 73 Description on the fields of the display tcp statistics command
Field Description
partially duplicate Number of partly duplicate packets
packets
out-of-order packets Number of out-of-order packets
packets of data after Number of after-window packets
window
packets received after Number of packets reached after the connection is closed
close
ACK packets Number of ACK packets
duplicate ACK packets Number of duplicate ACK packets
Sent packets Indicates that the following is the statistics for the sent packets.
Total Total number of sent packets
urgent packets Number of urgent data packets
control packets Number of control packets
window probe packets Number of window probe packets
window update packets Number of window update packets
data packets Number of data packets
ACK-only packets Number of ACK packets
Retransmitted timeout Timeout times of the retransmission timer
connections dropped in Number of connections dropped due to out-of-limit retransmission
retransmitted timeout times
Keepalive timeout Timeout times of the keepalive timer
keepalive probe Number of sent keepalive probe packets
keepalive timeout, so Number of connections torn down due to keepalive probe failure
connections
disconnected
Initiated connections Number of initiated connections
accepted connections Number of accepted connections
established connections Number of established connections
Closed connections Number of closed connections
■ Any view
Description The statistics are mainly divided into two parts: those for received packets, and those
for sent packets. Each part contains information about different types of packets,
such as duplicate packets and checksum error packets in received packets. At the end
of the display output are the statistics relevant to the connections, such as the
accepted connections, the number of the retransmitted packets, and the number of
keepalive probe packets. Most of the above statistics are offered in packets; several
ones are offered in bytes.
Related Commands ■ display tcp status

■ reset tcp statistics
314 ● display tcp status 3Com Switch 4200G Family
Command Reference
display tcp status
Purpose Use the display tcp status command to view the TCP connection state.
Syntax display tcp status
Parameters None
Example To display the state of all TCP connections, enter the following:
<S4200G> display tcp status
TCPCB Local Add:port Foreign Add:port State

03e37dc4 0.0.0.0:4001 0.0.0.0:0 Listening
04217174 100.0.0.204:23 100.0.0.253:65508 Established
Table 74 Description of the display tcp status command
Field Description
Local Add:port Local IP address: local port
Foreign Add:port Remote IP address; remote port
State State of the TCP link
■ Any view
3Com Switch 4200G Family display this ● 315
Command Reference
display this
Purpose Use the display this command to display the current configuration performed in
the current view of the system.
Syntax display this [ by-linenum ]
Parameters by-linenum Displays the number of each line.
Example Display the running configuration parameters in the current view of the system with
each line number.
<S4200G> display this

#
return
■ Any view
Description After performing a group of configurations in a view, you can use the display
this command to verify the configuration results by checking the currently valid
parameters.
■ This command does not display the currently valid configuration parameters which
have the same values with the corresponding default working parameters.
■ This command does not display the parameters whose corresponding functions do
not take effect even though these parameters have been configured.
■ Executing this command in different interface views display the configurations on
the corresponding interfaces.
■ Executing this command in different protocol views display the configurations in
the corresponding protocol views.
■ Executing this command in different protocol sub-views display the configurations
in the corresponding protocol sub-views.
316 ● display time-range 3Com Switch 4200G Family
Command Reference
display time-range
Purpose Use the display time-range command to view the configuration and status of the
current time range. You will see the active or inactive state outputs respectively.
Syntax display time-range { all | name }
Parameters all Specifies to display all time ranges.

name Specifies the name of the time range. Valid values are a
character string that starts with a letter (a-z or A-Z),
and is 1 to 32 characters long.
Example Display all the time ranges.
<S4200G> display time-range all

Current time is 14:36:36 Apr/2/2003 Thursday
Time-range : hhy ( Inactive )

from 08:30 2/5/2005 to 18:00 2/19/2005
Time-range : hhy1 ( Inactive )
from 08:30 2/5/2003 to 18:00 2/19/2003
Table 75 Field Descriptions for All Time Ranges
Field Description
Current time is 14:36:36 Apr/3/2003 The current time of the system.
Thursday
Time-range : hhy ( Inactive ) from 08:30 Time range hhy. "Inactive" indicates that this time
2/5/2005 to 18:00 2-19-2005 range is currently in the inactive state (while "Active"
indicates that the time range is in the active state),
and the time range is from 8:30 February 5, 2005 to
18:00 February 19 2005.
Display the time range named "tm1".
<S4200G> display time-range tm1

Current time is 14:37:31 Apr/3/2003 Thursday
Time-range : tm1 ( Inactive )

from 08:30 2/5/2005 to 18:00 2/19/2005
Table 76 Field Descriptions for Specific Time Range
Field Description
Current time is 14:36:36 Apr/3/2003 The current time of the system
Thursday
Time-range : tm1 ( Inactive ) from 08:30 Time range tm1. "Inactive" indicates that this time
2/5/2005 to 18:00 2/19/2005 range is currently in the inactive state (while "Active"
indicates that the time range is in the active state),
and the time range is from 8:30 February 5, 2005 to
18:00 February 19 2005
3Com Switch 4200G Family display time-range ● 317
Command Reference
■ Any view
Related Command time-range

318 ● display trapbuffer 3Com Switch 4200G Family
Command Reference
display trapbuffer
Purpose Use the display trapbuffer command to display the status of the trap buffer
and the records in the trap buffer.
Syntax display trapbuffer [ unit unit-id ] [ size buffersize ]
Parameters unit-id Unit identification.

size Specifies the size of the trap buffer.
of messages it holds. It ranges from 1 to 1024 and
defaults to 256.
Example Display the status of the trap buffer and the records in the trap buffer.
<S4200G> display trapbuffer

Trapping Buffer Configuration and contents:
enabled
allowed max buffer size : 1024
actual buffer size : 256
channel number : 3 , channel name : trapbuffer
dropped messages : 0
overwrote messages : 0
current messages : 6
#Dec 31 14:01:25 2004 S4200G DEV/2/LOAD FINISHED:

Trap 1.3.6.1.4.1.2011.2.23.1.12.1.20: frameIndex is 0, slotIndex 0.4
#Dec 31 14:01:33 2004 S4200G DEV/2/BOARD STATE CHANGE TO NORMAL:

Trap 1.3.6.1.4.1.2011.2.23.1.12.1.11: frameIndex is 0, slotIndex 0.2
#Dec 31 14:01:40 2004 S4200G DEV/2/BOARD STATE CHANGE TO NORMAL:

Trap 1.3.6.1.4.1.2011.2.23.1.12.1.11: frameIndex is 0, slotIndex 0.
……
■ Any view
Description Executing the command with the size buffersize parameters will display the latest trap
records, with the number of the records being the specified size at most.
3Com Switch 4200G Family display udp-helper server ● 319
Command Reference
display udp-helper server
Purpose Use the display udp-helper server command to view the information of
destination Helper server corresponding to the VLAN interface.
Syntax display udp-helper server [ interface vlan-interface vlan_id ]
Parameters vlan_id VLAN interface ID.
Example To display the information of destination Helper server corresponding to the VLAN
interface 1, enter the following:
<SW4200G>display udp-helper server interface vlan-interface 1

interface name server addresspackets sent
VLAN-interface1 192.1.1.20
■ Any view
320 ● display user-interface 3Com Switch 4200G Family
Command Reference
display user-interface
Purpose Use the display user-interface command to view information on a user

interface.
Syntax display user-interface [ type number | number ] [summary]
Parameters type number Specifies the type and number of the user interface
you want to display details on, for example VTY 3.
number Specifies the index number of the user interface you
want to display details on.
summary Displays the summary of a user interface.
Example Display the information about user interface 0.
<S4200G> display user-interface 0

Idx Type Tx/Rx Modem Privi Auth Int
F 0 AUX 0 9600 - 3 N -
+ : Current user-interface is active.

F : Current user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of user-interface.
Privi: The privilege of user-interface.
Auth : The authentication mode of user-interface.
Int : The physical location of UIs.
A : Authenticate use AAA.
N: Current UI need not authentication.
P: Authenticate use current UI's password.
Table 77 Output description of the display user-interface command
Field Description
+ Indicates that the user interface is in use
F Indicates that the current user interface is in use and working in asynchronous
mode
Idx Displays the absolute index number of the user interface
Type Displays the user interface type and relative index of the user interface
Tx/Rx Displays the transmission speed of the user interface
Modem Indicates whether or not a modem is used
Privi Indicates the command level that can be accessed from this user interface
Auth Indicates the user interface authentication method
Int Indicates the physical location of the user interface
3Com Switch 4200G Family display user-interface ● 321
Command Reference
Display the summary information of user interface 0.
<SW4200G>dis user-interface summary

User interface type : [AUX]
0:U
User interface type : [VTY]
1:XXXX X
1 character mode users. (U)

5 UI never used. (X)
1 total UIs in use.
Table 78 Output Description of the display user-interface summary command
Field Description
0: U User interface type
1 character mode users One type of user interface
1 total UIs in use The total number of user interfaces in use
UI’s name User interface name
■ Any view
Description Use the display user-interface command to display the information about a
specified user interface or all user interfaces, including user interface type,
absolute/relative user interface number, transmission speed, available command level,
authentication mode, and physical position.
You can choose to access this information by user interface type and type number, or
by user interface index number. The information displayed is the same whichever
access method you use.
This command without the summary parameter displays user interface type,
absolute/relative index, transmission speed, priority, authentication methods, and
physical location. This command with the summary parameter displays one user
interface in use with user interface name and other user interface information.
322 ● display users 3Com Switch 4200G Family
Command Reference
display users
Purpose Use the display users command to display the information about user interfaces. If
you do not specify the all keyword, only the information about the current user
interface is displayed.
Syntax display users [ all ]
Parameters all Displays information on all user interfaces.
Example To display information on the current user interface, enter the following
<S4200G> display users

UI Delay Type Ipaddress Username Userlevel
F 0 AUX 0 00:00:00 3
+ : Current operation user.

F : Current operation user work in async mode.F 0 AUX 0 00:00:00
The categories of information displayed are as follows:
Table 79 Output description of the display users command
Field Description
F Indicates that the user interface is in use and is working in asynchronous mode
UI The numbers in the left sub-column are the absolute user interface indexes, and
those in the right sub-column are the relative user interface indexes.
Delay Indicates the interval from the latest input until now, in seconds.
Type Indicates the user interface type.
IPaddress Displays the IP address form which the user logs in.
Username Display the login name of the user who is using this interface
Userlevel Display the level of the user using this user interface
■ Any view
3Com Switch 4200G Family display users ● 323
Command Reference
display users
Purpose Use the display users command to display the status and configuration
information about user terminal interfaces. Use the display users all command to
view the information on all user terminal interfaces.
Syntax display users [ all ]
Parameters all Displays the information about all user terminal

interfaces (including the inactive user terminal
interfaces).
Example To display the status and configuration information about user terminal interfaces.
<S4200G>
[S4200G] display users
UI Delay Type Ipaddress Username Userlevel
F 0 AUX 0 00:00:00 3
+ : Current operation user.

F : Current operation user work in async mode.
■ Any view
324 ● display version 3Com Switch 4200G Family
Command Reference
display version
Purpose Use the display version command to view the software version, issue date and the
basic hardware configuration information.
Syntax display version
Parameters None
Example Display the information about the system version.
<S4200G> display version

Copyright Notice:
All rights reserved (Sep 23 2005).
Without the owner's prior written consent, no decompiling
nor reverse-engineering shall be allowed.
VRP(R) software, Version V2.11, Release 0001
Copyright (c) 2003-2005 3Com Corporation All rights reserved.
Copyright (c) 2000-2003 3Com Corporation All rights reserved.
Switch 4200G 24-Port uptime is 0 week, 0 day, 4 hours, 5 minutes
Switch 4200G 24-Port with 1 MIPS Processor

64M bytes DRAM
8M bytes Flash Memory
Config Register points to FLASH
Hardware Version is VER.A

Bootrom Version is 291
[Subslot 0] 24 GE Hardware Version is VER.A
■ Any view
3Com Switch 4200G Family display vlan ● 325
Command Reference
display vlan
Purpose Use the display vlan command to display the ports operating in the
manual/automatic mode in the current voice VLAN.
Syntax display vlan vlan-id
Parameters vlan-id Voice VLAN ID. Valid values are 1 to 4,094.
Example Display the ports included in the current voice VLAN, assuming that the current voice
VLAN is VLAN 6.
<S4200G> dis vlan 6

VLAN ID: 6
VLAN Type: static
Route Interface: not configured
Description: VLAN 0006
Name: VLAN 0006
Tagged Ports:
Ethernet1/0/5
Untagged Ports:
Ethernet1/0/6
The output indicates that Ethernet1/0/5 and Ethernet1/0/6 ports are in the current
voice VLAN.
■ Any view
Related Command voice vlan enable

326 ● display vlan 3Com Switch 4200G Family
Command Reference
display vlan
Purpose Use the display vlan command to view related information about specified
VLANs or all VLANs.
Syntax display vlan [ vlan-id1 [ to vlan-id2 ] | all | static | dynamic ]
Parameters vlan-id1 Specifies the beginning VLAN ID of the VLAN ID range.

Displays information about the VLANs with their ID
within this range. This value ranges from 1 to 4,094.
to Specifies a VLAN ID range.
vlan-id2 Specifies the ending VLAN ID of the VLAN ID range.
This value ranges from 1 to 4,094 and must be larger
than vlan-id1.
all Displays information on all VLANs.
static Displays information on VLANs created statically by the
system.
dynamic Displays information on VLANs created dynamically by
the system.
Example To display information about VLAN 2:
<S4200G> display vlan 2

VLAN ID: 2
VLAN Type: static
Route interface: not configured
Description: VLAN 0001
Name: VLAN 0003
Tagged Ports: none
Untagged Ports:
GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3
Table 80 Description on the fields of the display vlan command
Field Description
VLAN ID VLAN ID
VLAN Type VLAN type (dynamic or static)
Route interface Whether the routing function is enable for this VLAN
Description Description string
Name VLAN name
Tagged Ports The ports that tag packets
Untagged Ports The ports that do not tag packets
■ Any view
3Com Switch 4200G Family display vlan ● 327
Command Reference
Description The information displayed includes:
■ VLAN ID
■ VLAN type (dynamic or static)
■ Whether the routing function is enabled (If yes, the primary IP address and mask
are displayed.)
■ VLAN description
■ Member ports
If no value or keyword is specified, this command displays the list of all the existing
VLANs. If the dynamic or static keyword is specified, this command displays the list of
the VLANs that are created dynamically or statically.
Related Command vlan

328 ● display voice vlan oui 3Com Switch 4200G Family
Command Reference
display voice vlan oui
Purpose Use the display voice vlan oui command to display the currently supported
OUI addresses and the related information.
Syntax display voice vlan oui
Parameters None
Examples Display the OUI addresses and the related information of the voice VLAN.
<S4200G> display voice vlan oui

Oui Address Mask Description
00e0-bb00-0000 ffff-ff00-0000 3com phone
0003-6b00-0000 ffff-ff00-0000 Cisco phone
00e0-7500-0000 ffff-ff00-0000 Polycom phone
00d0-1e00-0000 ffff-ff00-0000 Pingtel phone
00aa-bb00-0000 ffff-ff00-0000 ABC
■ Any view
Related Command ■ voice vlan enable

3Com Switch 4200G Family display voice vlan status ● 329
Command Reference
display voice vlan status
Purpose Use the display voice vlan status command to display voice VLAN-related
information, including voice VLAN operation mode, port mode (manual mode or
automatic mode), and so on.
Syntax display voice vlan status
Parameters None
Example Display the information about the voice VLAN.
[S4200G] display voice vlan status

Voice Vlan status: ENABLE
Voice Vlan ID: 2
Voice Vlan security mode: Security
Voice Vlan aging time: 100 minutes
Current voice vlan enabled port mode:
PORT MODE
--------------------------------
Ethernet1/0/2 AUTO
Ethernet1/0/3 MANUAL
Table 81 Description on the fields of the display voice vlan status
command
Field Description
Voice Vlan status: ENABLE The voice VLAN function is enabled globally.
Voice Vlan ID: 2 The voice VLAN function is currently enabled on
VLAN 2.
Voice Vlan security mode: Security The voice VLAN security mode is enabled.
Voice Vlan aging time: 100 minutes The voice VLAN aging time is 100 minutes.
Current voice vlan enable port mode The ports with the voice VLAN function enabled
CAUTION: The "Current voice vlan enable port mode" field lists the ports with the
voice VLAN function enabled. Note that a port listed in this field may not currently
operate in a voice VLAN.
■ Any view
Related Commands ■ display vlan

■ voice vlan enable
330 ● domain 3Com Switch 4200G Family
Command Reference
domain
Purpose Use the domain command to create an ISP domain and enter its view, or enter the
view of an existing ISP domain, or configure the default ISP domain.
Use the undo domain command to delete a specified ISP domain.
Syntax domain { isp-name | default { disable | enable isp-name } }
undo domain isp-name
Parameters isp-name Specifies an ISP domain name. The name is character

string up to 24 characters in length, excluding:
■ /
■ :
■ *
■ ?
■ <
■ >
default Configures the default ISP domain, which is system by
default. There is one and only one default ISP domain.
■ enable: Enables the default ISP domain specified by
isp-name.
■ disable: Disables the default ISP domain.
Default By default, a domain named system has been created in the system. The attributes of
system are all default values. There is one and only one default ISP domain.
Example To create a new ISP domain, aabbcc.net, enter the following:
New Domain added.
[S4200G-isp-aabbcc.net]
■ System view
3Com Switch 4200G Family domain ● 331
Command Reference
Description After you execute the domain command, the system creates a new ISP domain if the
specified ISP domain does not exist. Once an ISP domain is created, it is in the active
state. You can manually configure the default domain only when it already exists.
ISP domain is a group of users belonging to the same ISP. Generally, for a username in
the userid@isp-name format, taking gw20010608@3Com163.net as an example, the
isp-name (that is, 3Com163.net) following the @ is the ISP domain name. When
3Com 4200G Series Ethernet Switches control user access, as for an ISP user whose
username is in userid@isp-name format, the system will take userid part as
username for identification and take isp-name part as domain name.
The purpose of introducing ISP domain settings is to support the application

environment with several ISP domains. In this case, an access device may have
supplicants from different ISP domains. Because the attributes of ISP users, such as
username and password structures, service types, may be different, it is necessary to
separate them by setting ISP domains. In ISP Domain View, you can configure a
complete set of exclusive ISP domain attributes for each ISP domain, which includes
AAA schemes (RADIUS scheme applied and so forth.)
For a Switch, each supplicant belongs to an ISP domain. The system supports up to 16
ISP domains. If a user has not reported its ISP domain name, the system will put it into
the default domain.
When this command is used, if the specified ISP domain does not exist, the system
will create a new ISP domain. All the ISP domains are in the active state when they
are created.
Related Commands ■ access-limit

■ display domain
■ radius-scheme
■ state
332 ● dot1x 3Com Switch 4200G Family
Command Reference
dot1x
Purpose Use the dot1x command to enable 802.1x on the specified port or globally, (that is
on the current device).
Use the undo dot1x command to disable the 802.1x on the specified port or
globally.
Syntax dot1x [ interface interface-list ]
undo dot1x [ interface interface-list ]
Parameters interface interface-list Ethernet port list. You can specify multiple Ethernet
ports by providing this argument in the form:
[ to interface- name] & < 1-10 >.
The interface-name argument is the port index of an
Ethernet port and can be specified in this form:
interface-num }
interface-type specifies the type of a port
interface-num identifies the port number. Note
that the interface name after the keyword to must
have an interface-num that is greater than or equal to
that of the interface-name before to.
&<1-10> means that up to 10 port indexes/port index
lists can be provided,
Default By default, 802.1x is disabled on all the ports and globally on the device.
Example To enable 802.1x for GigabitEthernet1/0/1 port, enter the following:
[S4200G] dot1x interface GigabitEthernet 1/0/1
To enable 802.1x globally, enter the following:
<S4200G>system-view
[S4200G] dot1x
■ System view
3Com Switch 4200G Family dot1x ● 333
Command Reference
Description When being executed in system view, the dot1x command enables 802.1x globally if
you do not provide the interface-list argument. And if you specify the interface-list
argument, the command enables 802.1x for the specified Ethernet ports. When
being executed in Ethernet port view, this command enables 802.1x for the current
Ethernet port only. In this case, the interface-list argument is not needed.
You can perform 802.1x-related configurations (globally or on specified ports) either

before or after 802.1x is enabled. If you do not previously perform other
802.1x-related configurations when enabling 802.1x globally, the switch adopts the
default 802.1x settings.
802.1x-related configurations take effect on a port only after 802.1x is enabled both
globally and on the port.
Configurations of 8021.x and the maximum number of MAX addresses that can be
learnt are mutually exclusive. This means that when 802.1x is enabled for a port, it
cannot also have the maximum number of MAX addresses to be learned configured
at the same time. And if you configure the maximum number of MAX addresses that
can be learnt for a port, 802.1x is unavailable to it.
Related Command display dot1x

334 ● dot1x authentication-method 3Com Switch 4200G Family
Command Reference
dot1x authentication-method
Purpose Use the dot1x authentication-method command to set 802.1x authentication

mode.
Use the undo dot1x authentication-method command to revert to the

default 802.1x authentication mode.
Syntax dot1x authentication-method { chap | pap | eap }
undo dot1x authentication-method
Parameters chap Authenticates with the help of challenge handshake

authentication protocol (CHAP). CHAP applies a
three-way handshaking procedure. In this method,
user names are transmitted rather than passwords.
Therefore this method is safer.
pap Authenticates with the help of password
authentication protocol (PAP). PAP applies a two-way
handshaking procedure. In this method, passwords are
transmitted in plain text.
eap Authenticates with the help of extensible
authentication protocol (EAP). In an EAP
authentication method, a switch sends 802.1x
authentication information directly to the RADIUS
server in EAP packets, instead of having to convert
them into RADIUS packets before forwarding to the
RADIUS server. EAP authentication can be realized in
one of the three sub-methods: PEAP, EAP-TLS, and
EAP-MD5.
Default The default 802.1x authentication method is CHAP.
Example To specify the authentication method to be PAP, enter the following:
<S4200G>system-view
[S4200G] dot1x authentication-method pap
■ System view

3Com Switch 4200G Family dot1x dhcp-launch ● 335
Command Reference
dot1x dhcp-launch
Purpose Use the dot1x dhcp-launch command to specify an 802.1x-enabled switch to

launch the process to authenticate a supplicant system when the supplicant system
applies for a dynamic IP address through DHCP.
Use the undo dot1x dhcp-launch command to disable an 802.1x-enabled switch

from authenticating a supplicant system when the supplicant system applies for a
dynamic IP address through DHCP.
Syntax dot1x dhcp-launch
undo dot1x dhcp-launch
Parameters None
Default By default, an 802.1x-enabled switch does not authenticate a supplicant system

when the latter applies for a dynamic IP address through DHCP.
Example To configure to authenticate a supplicant system when it applies for a dynamic IP

address through DHCP, enter the following:
<S4200G>system-view
[S4200G] dot1x dhcp-launch
■ System view
Related Command dot1x

336 ● dot1x guest-vlan 3Com Switch 4200G Family
Command Reference
dot1x guest-vlan
Purpose Use the dot1x guest-vlan command to enable the Guest VLAN function for
specified ports.
Use the undo dot1x guest-vlan command to disable the Guest VLAN function
for specified ports.
Syntax dot1x guest-vlan vlan-id [ interface interface-list ]
undo dot1x guest-vlan vlan-id [ interface interface-list ]
Parameters vlan-id VLAN ID to be assigned to the Guest VLAN. This

argument ranges from 1 to 4,094.
interface-num }
Example To specify the authentication method to be port-based authentication, enter the

following:
<S4200G>system-view
[S4200G] dot1x port-method portbased
To enable the Guest VLAN function for all ports, enter the following:
[S4200G] dot1x guest-vlan 1
■ System view
3Com Switch 4200G Family dot1x guest-vlan ● 337
Command Reference
Description When being executed in system view, these two commands apply to all ports if you
do not provide the interface-list argument. If you provide this argument, these two
commands apply to the specified ports.
When being executed in Ethernet port view, these two commands apply to the
current port and the interface-list argument is not needed.
CAUTION:
The Guest VLAN function is available only when the switch operates in the port-based
authentication mode.
Only one Guest VLAN can be configured for a switch.
Supplicant systems that are not authenticated, fail to pass the authentication, or are
offline belong to Guest VLANs.
Before configuring the Guest VLAN function, make sure the VLAN to be specified as
the Guest VLAN already exists.
Related Command ■ name

■ vlan-assignment-mode
338 ● dot1x max-user 3Com Switch 4200G Family
Command Reference
dot1x max-user
Purpose Use the dot1x max-user command to set the maximum number of systems an
Ethernet port can accommodate.
Use the undo dot1x max-user command to restore the default value.
Syntax dot1x max-user user-number [ interface interface-list ]
undo dot1x max-user [ interface interface-list ]
Parameters user-number Maximum number of users a port can accommodate,

ranging from 1 to 256. The default number is 256.
interface-num }
Example To configure the maximum number of users that GigabitEthernet1/01 can

accommodate to be 32, enter the following;
[S4200G] dot1x max-user 32 interface GigabitEthernet 1/0/1
■ System view
Description When being executed in system view, these two commands apply to all Ethernet
ports of the switch if you do not provide the interface-list argument. And if you
3Com Switch 4200G Family dot1x max-user ● 339
Command Reference
specify the interface-list argument, these commands apply to the specified Ethernet
ports.
current Ethernet port only. In this case, the interface-list argument is not needed.

340 ● dot1x port-control 3Com Switch 4200G Family
Command Reference
dot1x port-control
Purpose Use the dot1x port-control command to specify the access control method for
specified Ethernet ports.
Use the undo dot1x port-control command to revert to the default access control
method.
Syntax dot1x port-control { auto | authorized-force | unauthorized-force }

[ interface interface-list ]
undo dot1x port-control [ interface interface-list ]
Parameters auto Specifies to operate in auto access control mode. In

this mode, a port is initialized to take all users as
unauthorized:
It only allows EAPoL packets to pass through and
grants users no permission to network resources.
Only after the users have passed the authentication
will the port classify them as authorized and allow
them access to the network resources, which is often
the case.
authorized-force Specifies to operate in authorized-force access control
mode.
unauthorized-force Specifies to operate in unauthorized-force access
control mode. Ports in this mode are constantly in
unauthorized state. Supplicant systems connected to
them cannot access the network.
interface-num }
3Com Switch 4200G Family dot1x port-control ● 341
Command Reference
Default The default access control method is auto.
Example To specify GigabitEthernet1/0/1 port to operate in unauthorized-force access control

mode, enter the following:
[S4200G] dot1x port-control unauthorized-force interface
GigabitEthernet 1/0/1
■ System view
Description When being executed in system view, these two commands apply to all Ethernet
ports of the switch if you do not provide the interface-list argument. And if
you specify the interface-list argument, these commands apply to the
current Ethernet port only. In this case, the interface-list argument is not
needed.

342 ● dot1x port-method 3Com Switch 4200G Family
Command Reference
dot1x port-method
Purpose Use the dot1x port-method command to specify the access control method for
Use the undo dot1x port-method command to restore the default access control
base.
Syntax dot1x port-method { macbased | portbased } [ interface interface-list ]
undo dot1x port-method [ interface interface-list ]
Parameters macbased Configures the 802.1x authentication system to

perform authentication on the supplicant based on
MAC address.
portbased Configures the 802.1x authentication system to
perform authentication on the supplicant based on
port number.
interface-num }
Default The default access control method is MAC address-based. That is, the macbased
keyword is specified by default.

3Com Switch 4200G Family dot1x port-method ● 343
Command Reference
Example To specify to authenticate supplicant systems connected to Ethernet1/0/1 port by port

numbers, enter the following:
<S4200G>system-view
[S4200G] dot1x port-method portbased interface Ethernet 1/0/1
Description Note:
■ If you specify to authenticate supplicant systems by MAC addresses (that is, the
macbased keyword is specified), all supplicant systems connected to the specified
Ethernet ports are authenticated separately. And if an online user logs off, others
are not affected.
■ If you specify to authenticate supplicant systems by port numbers (that is, the
portbased keyword is specified), all supplicant systems connected to a specified
Ethernet port are able to access the network without being authenticated if a
supplicant system among them passes the authentication. And when the
supplicant system logs off, the network is inaccessible to all other supplicant
systems either.
■ When being executed in system view, these two commands apply to all Ethernet
ports of the switch if you do not provide the interface-list argument. And if you
specify the interface-list argument, these commands apply to the specified
Ethernet ports.
■ When being executed in Ethernet port view, these two commands apply to the
current Ethernet port only. In this case, the interface-list argument is not needed.

344 ● dot1x quiet-period 3Com Switch 4200G Family
Command Reference
dot1x quiet-period
Purpose Use the dot1x quiet-period command to enable the quiet-period timer.
Use the undo dot1x quiet-period command to disable this timer.
Syntax dot1x quiet-period
undo dot1x quiet-period
Parameters None
Default By default, the quiet-period timer is disabled.
Example To enable the quiet-period timer, enter the following:
<S4200G>system-view
[S4200G] dot1x quiet-period
■ System view
Description When a supplicant system fails to pass the authentication, the authenticator system
(such as a S4200G Ethernet switch) will stay quiet for a period (determined by the
quiet-period timer) before it performs another authentication. During the quiet
period, the authenticator system performs no 802.1x authentication.
Related Commands ■ display dot1x

■ dot1x timer
3Com Switch 4200G Family dot1x retry ● 345
Command Reference
dot1x retry
Purpose Use the dot1x retry command to specify the maximum number of times a switch
can transmit the authentication request frame to supplicant systems.
Use the undo dot1x retry command to restore the default.
Syntax dot1x retry max-retry-value
undo dot1x retry
Parameters max-retry-value Maximum number of times that a switch sends

authentication request packets to online supplicant
systems. This argument ranges from 1 to 10 and
defaults to 2.
Example To specify the maximum number of times that the switch will re-send authentication
request packets to be 9, enter the following:
<S4200G>system-view
[S4200G] dot1x retry 9
■ System view
Description After the Switch has transmitted an authentication request frame to the user for the
first time, if no user response is received during the specified time-range, the Switch
will re-transmit authentication request to the user. This command is used to specify
how many times the Switch can re-transmit the authentication request frame to the
supplicant. When the time is 1, the Switch is configured to transmit the
authentication request frame only once. 2 indicates that the Switch is configured to
transmit authentication request frame once again when no response is received for
the first time and so on. This command has an effect on all the ports after
configuration.

346 ● dot1x retry-version-max 3Com Switch 4200G Family
Command Reference
dot1x retry-version-max
Purpose Use the dot1x retry-version-max command to set the maximum number of
retries for a switch to send version request packets to an online supplicant system.
Use the undo dot1x retry-version-max command to restore the default.
Syntax dot1x retry-version-max max-retry-version-value
undo dot1x retry-version-max
Parameters max-retry-version-value Specifies the maximum number of times that a switch

will send version request packets to a supplicant
system. This argument ranges from 1 to 10.
Default The default is 3.
Example To configure the maximum number of times that the switch will re-send version
request packets to be 6, enter the following:
[S4200G] dot1x retry-version-max 6
■ System view
Description Having sent a version request packet to the supplicant system, the switch will re-send
the packet if within a preset period (as determined by the client version timer) it still
has not received any response from the supplicant system. When the number set by
this command has reached and there is still no response from the supplicant system,
the switch will continue its following authentication without sending further version
requests. This command applies to all ports.
Related Commands ■ display dot1x

■ dot1x timer
3Com Switch 4200G Family dot1x timer ● 347
Command Reference
dot1x timer
Purpose Use the dot1x timer command to set the 802.1x timers.
Use the undo dot1x timer command to restore the default values.
Syntax‘ dot1x timer { handshake-period handshake-period-value |

quiet-period quiet-period-value | tx-period tx-period-value |
supp-timeout supp-timeout-value | server-timeout server-timeout-value
|ver-period ver-period-value }
undo dot1x timer { handshake-period | quiet-period | tx-period |

supp-timeout | server-timeout | ver-period }
Parameters handshake-period Handshake period timer, triggered when the user has
successfully passed the authentication. It sets the time
interval for the switch to re-send handshake request
packets to check whether the user is still online. If after
N times (as specified by the dot1x retry command) of
retries, the switch still has not received any response
packet from the supplicant system, it will assume that
the user is offline.
handshake-period-value Specifies the value of the handshake timer, in seconds.
This value can range from 1 to 1024 with a default
value of 15.
quiet-period Specifies the quiet timer. If an 802.1x user has not
passed the authentication, the Authenticator will keep
quiet for a while (which is specified by quiet-period
timer) before launching the authentication again.
During the quiet period, the Authenticator does not do
anything related to 802.1x authentication.
quiet-period-value Specifies how long the quiet period is. Valid values are
10 to 120 seconds. If not specified, the default is 60
seconds.
server-timeout Specifies the timeout timer of an Authentication
Server. If an Authentication Server has not responded
before the specified period expires, the Authenticator
will re-send the authentication request.
server-timeout-value Specifies how long the duration of a timeout timer of
an Authentication Server is. Valid values are 100 to
300 seconds. If not specified, the default is 100
seconds.
supp-timeout Specifies the authentication timeout timer of a
Supplicant. After the Authenticator sends
Request/Challenge request packet which requests the
MD5 encrypted text, the supp-timeout timer of the
Authenticator begins to run. If the Supplicant does not
respond back successfully within the time range set by
348 ● dot1x timer 3Com Switch 4200G Family
Command Reference
this timer, the Authenticator will re-send the above

packet.
supp-timeout-value Specifies how long the duration of an authentication
timeout timer of a Supplicant is. Valid values are 10 to
120 seconds. If not specified, the default is 30
seconds.
tx-period Specifies the transmission timeout timer. After the
Authenticator sends the Request/Identity request
packet which requests the user name or user name
and password together, timer of the Authenticator
begins to run. If the Supplicant does not respond back
with authentication reply packet successfully, then the
Authenticator will re-send the authentication request
packet.
tx-period-value Specifies how long the duration of the transmission
timeout timer is. Valid values are 10 to 120 seconds. If
not specified, the default is 30 seconds.
ver-period Client-version-checking period timer, if within the
period, no response packet has been sent back from
the supplicant system, the switch will re-send the client
version checking request packet.
ver-period-value Value of the client-version-checking period timer, in
seconds. This value can range from 1 to 30 with a
default value of 30.
Example To set the Authentication Server timeout timer to 150s, enter the following:
<SW4200G> system-view
[SW4200G]dot1x timer server-timeout 150.
■ System view
Description During an 802.1x authentication process, multiple timers are triggered to ensure that
the supplicant systems, the authenticator systems, and the Authenticator servers
interact with each other in an arranged way. To make authentications being
processed in a desired way, you can use the dot1x timer command to set values for
these timers as needed. This may be necessary in certain situations or for some tough
network environments. Normally, the defaults are recommended. (Note that some
timers cannot be adjusted.)

3Com Switch 4200G Family dot1x version-check ● 349
Command Reference
dot1x version-check
Purpose Use the dot1x version-check command to enable 802.1x client version
checking for specified Ethernet ports.
Use the undo dot1x version-check command to disable 802.1x client version
checking for specified Ethernet ports.
Syntax dot1x version-check [ interface interface-list ]
undo dot1x version-check [ interface interface-list ]
Parameters interface-list Specifies the Ethernet port list. You can specify
interface-num }
Default By default, 802.1x client version checking is disabled on all Ethernet ports.
Example To configure GigabitEthernet1/0/1 port to check the version of the 802.1x client upon
receiving authentication packets, enter the following:
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] dot1x version-check
■ System view
350 ● dot1x version-check 3Com Switch 4200G Family
Command Reference
Description In system view, execution of the dot1x version-check command enables the client
version checking function for specified ports if the interface-list argument is specified,
otherwise it enables the function globally. In Ethernet port view, only the current port
can have their client version checking function enabled by executing this command
and the interface-list argument is not needed.
3Com Switch 4200G Family duplex ● 351
Command Reference
duplex
Purpose Use the duplex command to set the port duplex attribute.
Use the undo duplex command to restore the default duplex mode (auto).
Syntax duplex { auto | full | half }
undo duplex
Parameters auto Sets the port to auto-negotiation mode.

If not specified, auto is the default duplex mode.
full Sets the port to full-duplex mode.
half Sets the port to half-duplex mode.
Example SEt the GigabitEthernet 1/0/1 port in auto duplex mode
<S4200G>system-view
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1]duplex auto
Related Command speed

352 ● enable snmp trap updown 3Com Switch 4200G Family
Command Reference
enable snmp trap updown
Purpose Use the enable snmp trap updown command to enable the port to send LINK
UP and LINK DOWN Trap information.
Use the undo enable snmp trap command to disable the port to send LINK UP
and LINK DOWN Trap information.
Syntax enable snmp trap updown
undo enable snmp trap updown
Parameters None
Default By default, the port is enabled to send Trap information.
Example Enable port GigabitEthernet1/0/1 to send LINK UP and LINK DOWN Trap information.
The community name public is used.
[S4200G] snmp-agent trap enable
[S4200G] snmp-agent target-host trap address udp-domain 10.1.1.1 params
securityname public
[S4200G-GigabitEthernet1/0/1] enable snmp trap updown
■ System view
Description The enable snmp trap and snmp-agent target-host commands are used
at the same time. You can use the snmp-agent target-host command to
specify the hosts receiving Trap information. To send Trap information, you must
configure at least one snmp-agent target-host command.
Related Command None

3Com Switch 4200G Family end-station polling ip-address ● 353
Command Reference
end-station polling ip-address
Purpose Use the end-station polling ip-address command to configure the IP address
requiring periodic testing.
Use the undo end-station polling ip-address command to delete the IP address
requiring periodic testing.
Syntax end-station polling ip-address ip-address
undo end-station polling ip-address ip-address
Parameters ip-address Specifies the IP address.
Example Configure 202.38.160.244 requiring periodical testing.
<S4200G>system-view
[S4200G]end-station polling ip-address 202.38.160.244
■ System view
Description The switch can ping an IP address every one minute to test if it is reachable. Three
PING packets can be sent at most for every IP address in every testing with a time
interval of five seconds. If the switch cannot ping successfully the IP address after the
three PING packets, it assumes that the IP address is unreachable.
You can configure up to 50 IP addresses by using the command repeatedly.
Related Commands ■ ping

■ tracert
354 ● execute 3Com Switch 4200G Family
Command Reference
execute
Purpose Use the execute command to execute the specified batch file.
Syntax execute filename
Parameters filename Name of the batch file, consisting of a string up to 256

characters in length, with a suffix of “.bat”.
Example To execute the batch file “test.bat” in the directory of “flash:/”, enter the following:
<S4200G>sys
[S4200G]execute test.bat
■ System view
Description The batch command executes the command lines in the batch file one by one. There
should be no invisible character in the batch file. If invisible characters are found, the
batch command will quit the current execution. The forms and contents of the
commands are not restricted in the batch file.
3Com Switch 4200G Family exit ● 355
Command Reference
exit
Purpose Use the exit command to terminate the connection to the remote SFTP server and
return to system view.
This command has the same function as the bye and quit commands.
Syntax exit
Parameters None
Example Terminate the connection to the remote SFTP server.
sftp-client> exit
[S4200G]

356 ● file prompt 3Com Switch 4200G Family
Command Reference
file prompt
Purpose Use the file prompt command to modify the prompt mode of file operations on the
Switch.
Syntax file prompt { alert | quiet }
Parameters alert Select confirmation on dangerous file operations.

If not specified, the default value is alert.
quiet No confirmation prompt on file operations.
Example Configure the prompt mode of file operation as quiet.
[S4200G] file prompt quiet
■ System view
Description If the prompt mode is set as quiet, so no prompts are shown for file operations,
some non-recoverable operations may lead to system damage.
3Com Switch 4200G Family flow-control ● 357
Command Reference
flow-control
Purpose Use the flow-control command to enable port flow control, to avoid packet loss in
the event of network congestion.
Use the undo flow-control command to disable flow control on the port.
Syntax flow-control
undo flow-control
Parameters None
Default By default, flow control is disabled.
Example Enable flow control on the GigabitEthernet1/0/1 port.
<S4200G>system-view
[S4200G-GigabitEthernet1/0/1]flow-control

358 ● format 3Com Switch 4200G Family
Command Reference
format
Purpose Use the format command to format a storage device.
Syntax format device
Parameters device Device name.
Example Format flash:
<S4200G> format flash:

All data on Flash will be lost , proceed with format ? [Y/N] y
% Now begin to format flash, please wait for a while...
Format winc: completed
■ User view
■ Formatting a storage device causes all the files on the storage device to get lost.
The operation is irretrievable.
■ The format operation on the Flash leads to the loss of the configuration files.
3Com Switch 4200G Family free user-interface ● 359
Command Reference
free user-interface
Purpose Use the free user-interface command to reset a specified user interface to its
default settings. The user interface will be disconnected after the reset.
Use free user-interface type to reset the interface with the specified type and
type number to its default settings.
Use free user-interface number to reset the interface with the specified index
number to its default settings.
Syntax free user-interface [type ] number
Parameters type Specifies the user interface type:

■ aux (auxilliary user terminal interface
■ vty (virtual user terminal interface)
number Specifies the index number of the user interface. This
argument can be an absolute user interface index (if
you do not provide the type argument) or a relative
user interface index (if you provide the type argument).
Example Log into user interface 0 and clear user interface 1.
<S4200G> free user-interface 1
After you execute this command, user interface 1 will be disconnected. The user in it
must log in again to connect to the switch.
■ User view
Description Note that the current user interface can not be cleared.
360 ● free web-users 3Com Switch 4200G Family
Command Reference
free web-users
Purpose Use the free web-users command to disconnect a specified Web user or all Web
users by force.
Syntax free web-users { all | user-id userid | user-name username }
Parameters userid Web user ID.

username User name of the Web user. This argument can contain
1 to 80 characters.
all Specifies all Web users.
Example Disconnect all Web users by force.
<S4200G> free web-users all
■ User view
3Com Switch 4200G Family ftp ● 361
Command Reference
ftp
Purpose Use the ftp command to establish a control connection with an FTP server and enter
FTP client view.
Syntax ftp [ ipaddress [ port-number ] ]
Parameters ipaddress Host name or the IP address of an FTP server. The host
name can be a string comprising 1 to 20 characters.
port-number Port number of the FTP server, ranging from 0 to
65535. The default is 21.
Example Connect to the FTP server whose IP address is 2.2.2.2.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:
[ftp]
■ User view
362 ● ftp cluster 3Com Switch 4200G Family
Command Reference
ftp cluster
Purpose Use the ftp cluster command to establish a control connection with a cluster FTP
server. This command also leads you to FTP client view.
Syntax ftp cluster
Parameters None
Example Connect to the cluster FTP server.
<123_1.S4200G> ftp cluster

Trying ...
Connected.
220 FTP service ready.
User(none):hello
331 Password required for hello.
Password:
230 User logged in.
■ User view
3Com Switch 4200G Family ftp server ● 363
Command Reference
ftp server
Purpose Use the ftp server command to configure an FTP server on the management device
for the member devices in the cluster.
Use the undo ftp server command to remove the FTP server configured for the
member devices in the cluster.
Syntax ftp server ip-address
undo ftp server
Parameters ip-address IP address of the FTP server to be configured for the

cluster.
Default By default, the management device acts as the FTP Server.
Example Configure the IP address of an FTP server on the management device.
[aaa_0.S4200G]cluster
[aaa_0.S4200G-cluster] ftp-server 1.0.0.9
■ System view
Description You need to configure the IP address of an FTP server first for the member
devices in a cluster to access the FTP server through the management device.
364 ● ftp server enable 3Com Switch 4200G Family
Command Reference
ftp server enable
Purpose Use the ftp server enable command to enable FTP server and allow FTP users to
log in.
Use the undo ftp server command to disable FTP server and inhibit FTP users
from logging in.
Syntax ftp sever enable
undo ftp sever
Parameters None
Default By default, FTP server is disabled.
Example Enable the FTP server.
[S4200G] ftp server enable
% Start FTP server
■ System view
3Com Switch 4200G Family ftp timeout ● 365
Command Reference
ftp timeout
Purpose Use the ftp timeout command to configure connection timeout interval.
Use the undo ftp timeout command to restore the default connection timeout
interval.
Syntax ftp timeout minute
undo ftp timeout
Parameters minute Connection idle time (in minutes) ranging from 1 to

35,791. The default connection idle time is 30
minutes.
Example Set the connection idle time to 36 minutes.
[S4200G] ftp timeout 36
■ System view
Description An FTP server considers an FTP connection to be invalid and terminates the FTP
connection if no data exchange occurs between it and the FTP client for a specific
period of time known as connection idle time.
366 ● garp timer 3Com Switch 4200G Family
Command Reference
garp timer
Purpose Use the garp timer command to set the GARP Hold, Join or Leaver timer value on
the current port.
Use the undo garp timer command to restore the default value of the GARP
Hold, Join or Leaver timer on the current port.
Syntax garp timer { hold | join | leave } timer-value
undo garp timer { hold | join | leave }
Parameters hold GARP Hold timer. When a GARP entity receives a piece
of registration information, it does not send out the
Join message immediately. Instead, it starts the Hold
timer, and sends out a Join message after the timer
times out, so that all the registration information
received before the timer times out can be put into the
same frame that will be sent to save the bandwidth
resources.
join To transmit the Join messages reliably to other entities,
a GARP entity sends each Join message two times. The
Join timer is used to define the interval between the
two sending operations of each Join message.
leave GARP Leave timer. When a GARP entity expects to
unregister a piece of attribute information, it sends out
a Leave message. Any GARP entity receives this
message starts its Leave timer, and unregister the
attribute information after the timer times out if it
does not receives a Join message again before the
timeout.
timer-value Value of the specified GARP timer (Hold, Join or Leave)
in centiseconds, with a step size of five.
If no values are specified, the default values are 10, 20,
and 60 for Hold, Join and Leave timers respectively.
Example Set the timeout time of the GARP Join timer on the port GigabitEthernet1/0/1 to 20
centiseconds.
[S4200G-GigabitEthernet1/0/1] garp timer join 20

3Com Switch 4200G Family garp timer ● 367
Command Reference
Description The ranges of the timers vary depending on the values of other timers. You can set a
timer to a value out of the current range by set the associated timer to another value.
The following table describes the relations between the timers:
Table 82 Relations between the timers

Timer Lower threshold Upper threshold
Hold 10 centiseconds This upper threshold is less than or
equal to one-half of the value of the
Join timer. You can change the
threshold by changing the value of
the Join timer.
Join This lower threshold is greater than or This upper threshold is less than
equal to twice the value of the Hold one-half of the value of the Leave
timer. You can change the threshold timer. You can change the
by changing the value of the Hold threshold by changing the value of
timer. the Leave timer.
Leave This lower threshold is greater than This upper threshold is less than the
twice the value of the Join timer. You value of the LeaveAll timer. You can
can change the threshold by changing change the threshold by changing
the value of the Join timer. the value of the LeaveAll timer.
LeaveAll This lower threshold is greater than 32,765 centiseconds
the value of the Leave timer. You can
change threshold by changing the
value of the Leave timer.
Related Command display garp timer

368 ● garp timer leaveall 3Com Switch 4200G Family
Command Reference
garp timer leaveall
Purpose Use the garp timer leaveall command to set the GARP LeaveAll timer to a
specified value.
Use the undo garp timer leaveall command to restore the default value of
the GARP LeaveAll timer.
Syntax garp timer leaveall timer-value
undo garp timer leaveall
Parameters timer-value Value of the GARP LeaveAll timer (in centiseconds).

Valid values are 65 to 32,765 seconds, with a step size
of five. This value must be greater than the value of
the Leave timer.
If not specified, the default is 1,000 centiseconds (that
is, 10 seconds).
Example Set the value of the GARP LeaveAll timer to 100 centiseconds.
[S4200G] garp timer leaveall 100
■ System view
Description Once a GARP entity starts up, it starts the LeaveAll timer, and sends out a LeaveALL
message after the timer times out, so that other GARP entities can re-register all the
attribute information on this entity. After that, the entity restarts the LeaveAll timer to
begin a new cycle.
Related Command display garp timer

3Com Switch 4200G Family get ● 369
Command Reference
get
Purpose Use the get command to download a remote file and save the file to the local device.
Syntax get remotefile [ localfile ]
Parameters localfile Name assigned to the file to be saved at the local end.
remotefile Name of the source file on the remote SFTP server.
Example Download file temp1.c and save it with name temp.c.
sftp-client> get temp1.c temp.c
Description If no local file name is specified, the switch will save the remote file locally with the
same file name as that on the remote FTP server
370 ● get 3Com Switch 4200G Family
Command Reference
get
Purpose Use the get command to download a remote file and save it as a local file.
Syntax get remotefile [ localfile ]
Parameters localfile Local file name.

remotefile File name on the FTP server.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Download the file named temp.c.
[ftp] get temp.c

200 Port command okay.
150 Opening ASCII mode data connection for temp.c.
...............226 Transfer complete.
FTP: 749881 byte(s) received in 17.186 second(s) 43.00K byte(s)/sec.
■ FTP Client view
Description If you do not specify the localfile argument, the downloaded file is saved using its
original name.
3Com Switch 4200G Family gratuitous-arp learning enable ● 371
Command Reference
gratuitous-arp learning enable
Purpose Use the gratuitous-arp-learning enable command to enable the

gratuitous ARP packet learning function.
Use the undo gratuitous-arp-learning enable command to disable the

gratuitous ARP packet learning function.
Syntax gratuitous-arp-learning enable
undo gratuitous-arp-learning enable
Parameters None
Default By default, the gratuitous ARP packet learning function is enabled.
Example To enable the gratuitous ARP packet learning function on the switch named
S4200GA, enter the following:
<S4200GA> system-view
[S4200GA] gratuitous-arp-learning enable
■ System view
Description When the gratuitous ARP packet learning function is enabled on a switch and the
switch receives a gratuitous ARP packet, the switch updates the corresponding ARP
entry (if available in the cache of the switch) using the hardware address of the sender
carried in the gratuitous ARP packet. A switch operates like this whenever it receives a
gratuitous ARP packet.
372 ● gvrp 3Com Switch 4200G Family
Command Reference
gvrp
Purpose Use the gvrp command to enable GVRP globally (in system view) or on a port (in
Ethernet port view).
Use the undo gvrp command to disable GVRP globally (in system view) or on a port
(in Ethernet port view).
Syntax gvrp
undo gvrp
Parameters None
Default By default, GVRP is disabled both globally and on ports.
Example Enable GVRP globally.
[S4200G] gvrp
■ System view
Description Note:
■ Before enabling GVRP on a port, you must first enable GVRP globally.
■ If GVRP is disabled globally, it is also disabled on ports and you are not allowed to
enable it on any port.
■ You can enable/disable GVRP only on Trunk port.
■ After enabling GVRP on the Trunk port, you are not allowed to change the port to
a different type.
Related Command display gvrp status

3Com Switch 4200G Family gvrp registration ● 373
Command Reference
gvrp registration
Purpose Use the gvrp registration command to configure the GVRP registration type on
a port.
Use the undo gvrp registration command to restore the default GVRP
registration type on a port.
Syntax gvrp registration { fixed | forbidden | normal }
undo gvrp registration
Parameters fixed Allows the manual creation and registration of VLAN

on the current port, and inhibits the dynamic
registration and unregistration of VLAN on the current
port.
forbidden Unregisters all the VLANs except VLAN 1 on the
current port, and inhibits the creation and registration
of any other VLAN on the current port.
normal Allows both manual and dynamic creation,
registration, and unregistration of VLANs on the
current port.
Default By default, the registration type is normal.
Example Configure the GVRP registration type on the port Ethernet1/0/1 to fixed.
[S4200G] interface Ethernet1/0/1
[S4200G-Ethernet1/0/1] gvrp registration fixed
Description These commands can be operated only on Trunk port.
Related Command display gvrp statistics

374 ● habp enable 3Com Switch 4200G Family
Command Reference
habp enable
Purpose Use the habp enable command to enable HABP for a switch.
Use the undo habp enable command to disable HABP for a switch.
Syntax habp enable
undo habp enable
Parameters None
Default By default, HABP is enabled on a switch.
Example To enable HABP, enter the following:
<S4200G>system-view
[S4200G] habp enable
■ System view
Description If an 802.1x-enabled switch does not have HABP enabled, it cannot manage the
switches attached to it.
3Com Switch 4200G Family habp server vlan ● 375
Command Reference
habp server vlan
Purpose Use the habp server vlan command to configure a switch to operate as an
HABP server and HABP packets to be broadcast in specified VLAN.
Use the undo habp server vlan command to revert to the default HABP mode.
Syntax habp server vlan vlan-id
undo habp server
Parameters vlan-id VLAN ID, ranging from 1 to 4,094.
Default By default, a switch operates as an HABP client.
Example To specify the switch to operate as an HABP server and the HABP packets to be
broadcast in VLAN 2, enter the following:
<S4200G>system-view
[S4200G] habp server vlan 2
■ System view
Description To specify a switch to operate as an HABP server, you need to enable HABP (using the
habp enable command) for the switch first. Even if HABP is not enabled, the client
can still configure the switch to work as an HABP client, although this has no effect.
376 ● habp timer 3Com Switch 4200G Family
Command Reference
habp timer
Purpose Use the habp timer command to set the interval for a switch to send HABP request
packets.
Use the undo habp timer command to revert to the default interval.
Syntax habp timer interval
undo habp timer
Parameters interval Interval (in seconds) to send HABP request packets.

This argument ranges from 5 to 600 and defaults to
20.
Example To configure the switch to send HABP request packets once in every 50 seconds
(assuming that the switch operates as an HABP server), enter the following:
<S4200G>system-view
[S4200G] habp timer 50
■ System view
Description Use these two commands on switches operating as HABP servers only.
3Com Switch 4200G Family header ● 377
Command Reference
header
Purpose Use the header command to set the banners that are displayed when a user logs
into a switch. The login banner is displayed on the terminal when the connection is
established. And the session banner is displayed on the terminal if a user successfully
logs in.
Use the undo header command to disable displaying a specific banner or all
banners.
Syntax header [ shell | incoming | login ] text
undo header [ shell | incoming | login ]
Parameters login Sets the login banner. The banner set by this keyword
is valid only when users are authenticated before they
log into the switch and appears while the switch
prompts for user name and password.
shell Sets the session banner, which appears after a session
is established. If you specify to authenticate login
users, the banner appears after a user passes the
authentication.
Also sets the login banner for users that log in through
modems. If you specify to authenticate login users, the
banner appears after a user passes the authentication.
(The session does not appear in this case.)
text Banner to be displayed. If no keyword is specified, this
argument is the login banner. You can provide this
argument in two ways. One is to enter the banner in
the same line as the command (A command line can
accept up to 256 characters.) The other is to enter the
banner in multiple lines (you can start a new line by
pressing <Enter>,) where you can enter a banner that
can contain more than 256 characters. Note that the
CLI expects a character the same as the first character
of the banner as the end of the banner. After finishing
entering the banner, you can press <Enter> to exit the
interaction.
Example Set the session banner.
Option 1: Enter the banner in the same line as the command.
[S4200G] header shell %SHELL: Hello! Welcome%(Make sure the beginning
and end characters of the banner are the same.)
When you log in again, the session banner appears on the terminal as the following:
378 ● header 3Com Switch 4200G Family
Command Reference
[S4200G] quit
<S4200G> quit
Please press ENTER
SHELL: Hello! Welcome(The beginning and end characters of the banner
are not displayed.)
<Quidway>
Option 2: Enter the banner in new lines.
[S4200G] header shell %SHELL: (Following appears when you press
<Enter>:)
Input banner text, and quit with the character '%'.
Continue entering the banner and end the banner with the character identical with
the beginning character of the banner.
Hello! Welcome % (Press <Enter>.)

[S4200G]
When you log in again, the session banner appears on the terminal as the following:
[S4200G] quit
<S4200G> quit
Please press ENTER
%SHELL: (Note that the beginning character of the banner appears.)
Hello! Welcome
<S4200G>purpose_body
■ System view
Description Note:
If you specify any one of the three keywords without providing the text argument,
the specified keyword will be regarded as the login banner.
As for the beginning character of a banner, note that:

■ If you only type one character in the first line of a banner, the character is regarded
as the beginning mark and is not displayed.
■ If you type multiple characters in the first line of a banner and the beginning and
the end characters of the banner in this line are not the same, the character is
displayed.
■ If you type multiple characters in the first line for the banner and the beginning
and the end character are the same, the beginning character is not displayed.
3Com Switch 4200G Family help ● 379
Command Reference
help
Purpose Use the help command to get the help information about the specified or all SFTP
client commands.
Syntax help [ command ]
Parameters command Specifies the name of a command.
Example Display the help information about the get command.
sftp-client> help get

get remote-path [local-path] Download file
Default local-path is the same with remote-path
Description If the command argument is not specified, the help information about all commands
is displayed.
380 ● history-command max-size 3Com Switch 4200G Family
Command Reference
history-command max-size
Purpose Use the history-command max-size command to set the size of the history
command buffer.
Use the undo history-command max-size command to revert to the default

history command buffer size.
Syntax history-command max-size value
undo history-command max-size
Parameters value Size of the history command buffer. Valid values for
this argument range from 0 to 256.
If no value is specified, the default to 10. That is, the
history command buffer can store 10 commands by
default.
Example Set the size of the history command buffer to 20 to enable it to store up to 20
commands.
[S4200G-ui-aux0] history-command max-size 20

3Com Switch 4200G Family holdtime ● 381
Command Reference
holdtime
Purpose Use the holdtime command to configure the holdtime of a switch.
Use the undo holdtime command to restore the default holdtime value.
Syntax holdtime seconds
undo holdtime
Parameters seconds Holdtime (in seconds) ranging from 1 to 255.

If not specified, the default holdtime is 60 seconds.
Example Set the holdtime to 30 seconds.
[aaa_0.S4200G-cluster] holdtime 30
■ Cluster view
Description If a switch does not receive any information of a peer device during the holdtime, it
sets the state of the peer device to "down". When the communication between the
two resumes, the corresponding member device is re-added to the cluster
(automatically). If the downtime does not exceed the holdtime, the member device
stays in the normal state and needs not to be added again.
Execute these two commands on management devices only. The member devices in a
cluster acquire the holdtime setting from the management device.
382 ● idle-cut 3Com Switch 4200G Family
Command Reference
idle-cut
Purpose Use the idle-cut command to set the user idle-cut function in current ISP domain.
Syntax idle-cut { disable | enable minute flow }
Parameters disable Inhibits users from enabling the idle-cut function.

enable Allows users to enable the idle-cut function.
minute Specifies the maximum idle time. Valid values are 1 to
120 minutes.
flow Specifies the minimum data flow. Valid values are 1 to
10,240,000 bytes.
Example To allow users in ISP domain aabbcc.net to enable the idle-cut attribute in user
template (that is, allow the user to use the idle-cut function), with the maximum idle
time of 50 minutes and the minimum data flow of 500 bytes, enter the following:
New Domain added.
[S4200G-isp-aabbcc.net] idle-cut enable 50 500
■ ISP Domain view
Description The user template is a set of default user attributes. If a user requesting for the
network service does not have some required attributes, the corresponding attributes
in the template will be endeavored to him as default ones. The user template of the
Switch you are using may only provide user idle-cut settings. After a user is
authenticated, if the idle-cut is configured to enable or disable by neither the user nor
the RADIUS server, the user will adopt the idle-cut state in the template.
Because a user template only works in one ISP domain, it is necessary to configure
user template attributes for users from different ISP domain respectively.
Related Command domain

3Com Switch 4200G Family idle-timeout ● 383
Command Reference
idle-timeout
Purpose Use the idle-timeout command to configure the amount of time you want to allow
a user interface to remain idle before it is disconnected.
Use the undo idle-timeout command to revert to the default timeout time.
Syntax idle-timeout minutes [ seconds ]
undo idle-timeout
Parameters minutes Specifies the number of minutes you want to allow a

user interface to remain idle before it is disconnected.
Valid values are 0 to 35,791.
If not specified, the default is 10 minutes.
seconds Specifies the number of seconds in addition to the
number of minutes. Valid values are 0 to 59. This
parameter is optional.
Example To configure the timeout value to 1 minute on the AUX user interface, enter the
following:
<S4200G>system-view
[S4200G]user-interface aux 0
[S4200G-ui-aux0]idle-timeout 1 0
Description The connection to a user interface is terminated if no operation is performed in the

user interface within the specified period.
You can use the idle-timeout 0 command to disable the timeout function.
384 ● igmp host-join vlan 3Com Switch 4200G Family
Command Reference
igmp host-join vlan
Purpose Use the igmp host-join vlan command to configure a routing port to join to a
multicast group.
Use the undo igmp host-join vlan command to remove the configuration.
Syntax igmp host-join group-address vlan vlan-id
undo igmp host-join group-address vlan vlan-id
Parameters group-address Address of the target multicast group
Default By default, a switch port does not belong to any multicast group.
Example Configure GigabitEthernet 1/0/1 port to join to the multicast group 225.0.0.1.
[S4200G] interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1] port access vlan 10
[S4200G-GigabitEthernet1/0/1] igmp host-join 225.0.0.1 vlan 10
Description Use this command to configure a routing port to join or remove from a multicast
group.
Related Command igmp group-policy

3Com Switch 4200G Family igmp-snooping ● 385
Command Reference
igmp-snooping
Purpose Use the igmp-snooping command to enable or disable the IGMP Snooping.
Syntax igmp-snooping { enable | disable }
Parameters enable Enables IGMP Snooping.

disable Disables IGMP Snooping.
Default By default, IGMP Snooping is disabled on the switch.
Example Enable IGMP Snooping on the switch.
<4200G>system-view
[S4200G] igmp-snooping enable
■ System view
■ VLAN view
386 ● igmp-snooping fast-leave 3Com Switch 4200G Family
Command Reference
igmp-snooping fast-leave
Purpose Use the igmp-snooping fast-leave command to enable IGMP fast leave
processing.
Use the undo igmp-snooping fast-leave command to cancel the

configuration.
Syntax igmp-snooping fast-leave
undo igmp-snooping fast-leave
Parameters None
Default By default, IGMP fast leave processing is disabled.
Example Enable IGMP fast leave processing on the GigabitEthernet1/0/1 port.
<S4200G>system-view
[S4200G-GigabitEthernet1/0/1] igmp-snooping fast-leave
Description Normally, when receiving an IGMP Leave message, IGMP Snooping does not
immediately remove the port from the multicast group, but sends a group-specific
query message. If no response is received in a given period, it then removes the port
from the multicast group.
If this command is executed, when receiving an IGMP Leave message, IGMP Snooping
removes the port from the multicast group immediately. When the port has only one
user, enabling IGMP fast leave processing can save bandwidth.
Note: If the client(s) under the port are IGMP V2–enabled, this feature operates
normally (that is, it functions only when the port has only one user). Otherwise, when
the port has multiple users, the leave of one user may disrupt the multicast to every
other user under the port in the same multicast group.
3Com Switch 4200G Family igmp-snooping group-limit ● 387
Command Reference
igmp-snooping group-limit
Purpose Use the igmp-snooping group-limit command to set the maximum number
of multicast groups the port can join.
Use the undo igmp-snooping group-limit command to restore the default

setting.
Syntax igmp-snooping group-limit [ vlan vlan-list | overflow-replace ]
undo igmp-snooping group-limit [ vlan vlan-list ]
Parameters limit Maximum number of multicast groups the port can

join. Valid values are 1 to 256.
overflow-replace Allows new multicast groups to replace existing
multicast groups in this order: the multicast group with
the least IP address will be replaced first.
vlan-list VLAN list, in the format of { vlan-id [ to vlan-id ]
}&<1-10>, where vlan-id ranges from 1 to 4,094,
and &<1-10> represents you can input at most 10
VLAN IDs/ VLAN ID ranges.
Default By default, there is no limit on the number of multicast groups the port can join.
Example Allow the GigabitEthernet1/0/1 port to join at most 200 multicast groups.
<S4200G>system-view
[S4200G-GigabitEthernet1/0/1] igmp-snooping group-limit 200

388 ● igmp-snooping group-policy 3Com Switch 4200G Family
Command Reference
igmp-snooping group-policy
Purpose Use the igmp-snooping group-policy command to configure an IGMP

Snooping filter ACL.
Use the undo igmp-snooping group-policy command to remove the IGMP

Snooping filter ACL.
Syntax igmp-snooping group-policy acl-number vlan vlan-id
undo igmp-snooping group-policy vlan vlan-id
Parameters acl-number Basic ACL number, in the range of 2000 to 2999.

vlan-id ID of the VLAN for the Ethernet port, in the range of 1
to 4094.
Default By default, no IGMP Snooping filter ACL is configured on the switch.
Example Configure ACL 2000 to allow users under port Ethernet 1/0/1 to access the multicast
streams in groups 225.0.0.0 to 225.255.255.255.
■ Configure ACL 2000.

<S4200G>system-view
[S4200G-acl-basic-2000] rule permit source 225.0.0.0 0.255.255.255
■ Create VLAN 2 and add GigabitEthernet 1/0/1 port to VLAN 2.
[S4200G] vlan 2
[S4200G-vlan2] port GigabitEthernet 1/0/1
■ Configure ACL 2000 on the GigabitEthernet 1/0/1 port to allow this VLAN 2 port
to join only the IGMP multicast groups defined in the rule of ACL 2000.
[S4200G-GigabitEthernet1/0/1] igmp-snooping group-policy 2000 vlan 2
Configure ACL 2001 to allow users under GigabitEthernet 1/0/2 port to access the
multicast streams in any groups except groups 225.0.0.0 to 225.0.0.255.
■ Configure ACL 2001.

[S4200G-acl-basic-2001] rule deny source 225.0.0.0 0.0.0.255
[S4200G-acl-basic-2001] rule permit source any
■ Create VLAN 2 and add GigabitEthernet 1/0/2 port to VLAN 2.
[S4200G] vlan 2
[S4200G-vlan2] port GigabitEthernet 1/0/2
■ Configure ACL 2001 on the GigabitEthernet 1/0/2 port to allow this VLAN 2 port
to join any IGMP multicast groups except those defined in the deny rule of ACL
2001.
3Com Switch 4200G Family igmp-snooping group-policy ● 389
Command Reference

[S4200G-GigabitEthernet1/0/2] igmp-snooping group-policy 2001 vlan 2
■ System view
Description You can configure some multicast filter ACLs globally or on the switch ports
connected to user ends so as to use the IGMP Snooping filter function to limit the
multicast programs that the users can access. With this function, you can treat
different VoD users in different ways by allowing them to access the multicast streams
in different multicast groups.
In practice, when a user orders a multicast program, an IGMP report message is

generated. When the message arrives at the switch, the switch examines the
multicast filter ACL configured on the access port to determine if the port can join the
corresponding multicast group or not. If yes, it adds the port to the forward port list
of the multicast group. If not, it drops the IGMP report message and does not forward
the corresponding data stream to the port. In this way, you can control the multicast
programs that users can access.
An ACL rule defines a multicast address or a multicast address range (for example
224.0.0.1 to 239.255.255.255) and is used to:
■ Allow the port(s) to join only the multicast group(s) defined in the rule by a permit
statement.
■ Inhibit the port(s) from joining the multicast group(s) defined in the rule by a deny
statement.
■ One port can belong to multiple VLANs. But for each VLAN on the port, you can
configure only one ACL.
■ If no ACL rule is configured or the port does not belong to the specified VLAN, the
filter ACL you configured does not take effect on the port.
■ Since most devices broadcast unknown multicast packets, this function is often
used together with the unknown multicast packet drop function to prevent
multicast streams from being broadcasted to a filtered port as unknown multicast.
390 ● igmp-snooping host-aging-time 3Com Switch 4200G Family
Command Reference
igmp-snooping host-aging-time
Purpose Use the igmp-snooping host-aging-time command to set the aging time of
multicast member ports.
Use the undo igmp-snooping host-aging-time command to restore the

default aging time.
Syntax igmp-snooping host-aging-time seconds
undo igmp-snooping host-aging-time
Parameters seconds Aging time of multicast member ports. Valid values are
200 to 1000 (in seconds).
Default By default, the aging time of multicast member ports is 260 seconds.
Example Set the aging time of multicast member ports to 300 seconds.
<S4200G>system-view
[S4200G] igmp-snooping host-aging-time 300
■ System view
Description The aging time of multicast member ports determines the refresh frequency of
multicast group members. In an environment where multicast group members
change frequently, you should set a relatively short aging time, and vice versa.

3Com Switch 4200G Family igmp-snooping max-response-time ● 391
Command Reference
igmp-snooping max-response-time
Purpose Use the igmp-snooping max-response-time command to configure the

maximum query response time.
Use the undo igmp-snooping max-response-time command to restore the

default maximum time.
Syntax igmp-snooping max-response-time seconds
undo igmp-snooping max-response-time
Parameters seconds Maximum query response time. Valid values are 1 to

25 (in seconds).
Default By default, the maximum query response time is 10 seconds.
Example Set the maximum response time to an IGMP Snooping query message to 15 seconds.
<S4200G>system-view
[S4200G] igmp-snooping max-response-time 15
■ System view
Description The maximum response time you configured determines how long the switch can
wait for a response to an IGMP Snooping query message.
Related Commands ■ igmp-snooping

■ igmp-snooping router-aging-time
392 ● igmp-snooping router-aging-time 3Com Switch 4200G Family
Command Reference
igmp-snooping router-aging-time
Purpose Use the igmp-snooping router-aging-time command to configure the aging

time of the router port.
Use the undo igmp-snooping router-aging-time command to restore the

default aging time.
Syntax igmp-snooping router-aging-time seconds
undo igmp-snooping router-aging-time
Parameters seconds Aging time of the router port. Valid values are 1 to
1000 (in seconds).
Default By default, the aging time of the router port is 260 seconds.
Example Set the aging time of the router port to 500 seconds.
<S4200G>system-view
[S4200G] igmp-snooping router-aging-time 500
■ System view
Description The router port here refers to the port connecting the Layer 2 switch to the router.
The Layer 2 switch receives IGMP general query messages from the router through
this port. The aging time of the router port should be a value about 2.5 times of the
general query interval.
Related Commands ■ igmp-snooping

■ igmp-snooping max-response-time
3Com Switch 4200G Family info-center channel name ● 393
Command Reference
info-center channel name
Purpose Use the info-center channel name command to name the channel of the specified
number.
Syntax info-center channel channel-number name channel-name

channel-name Channel name. Valid values are a character string not
exceeding 30 characters, excluding "-", "/" or "\".
Example Rename channel 0 as execconsole.
[S4200G] info-center channel 0 name execconsole
■ System view
Description Note: The channel name cannot be duplicated.

394 ● info-center console channel 3Com Switch 4200G Family
Command Reference
info-center console channel
Purpose Use the info-center console channel command to enable information

output to the console through a specified channel.
Use the undo info-center console channel command to disable the

information output.
Syntax info-center console channel { channel-number | channel-name }
undo info-center console channel

channel-name Channel name. The name can be channel6, channel7,
monitor, snmpagent, or trapbuffer.
Default By default, the switch does not output log information to the console.
Example Configure channel 0 to output log information to the console.
[S4200G] info-center console channel 0
■ System view
Description This command works only when the information center is enabled for the system.
Related Command ■ display info-center

■ info-center enable
3Com Switch 4200G Family info-center enable ● 395
Command Reference
info-center enable
Purpose Use the info-center enable command to enable the information center.
Use the undo info-center enable command to disable the information center.
Syntax info-center enable
undo info-center enable
Parameters None
Default By default, the information center is enabled.
Example Enable the information center.
[S4200G] info-center enable
■ System view
Description The switch can output system log information to the log host, the console, and
other destinations only when the information center is enabled.
Related Commands ■ display info-center

■ info-center console channel
■ info-center logbuffer
■ info-center monitor channel
396 ● info-center logbuffer 3Com Switch 4200G Family
Command Reference
info-center logbuffer
Purpose Use the info-center logbuffer command to enable information output to the
log buffer through the specified channel (you can also set the size of the log buffer in
this command).
Use the undo info-center logbuffer command to disable the information

output.
Syntax info-center logbuffer [ channel { channel-number | channel-name } |

[size buffersize ]
undo info-center logbuffer [ channel | size ]
Parameters channel Sets the channel through which output information

goes to the memory buffer.
channel-number Channel number, ranging from 0 to 9, corresponding
channel-name Channel name, which can be channel6, channel7,
monitor, snmpagent or trapbuffer.
size Configures the size of buffer.
of messages it holds. This argument ranges from 0 to
1024 and defaults to 512.
Default By default, the switch outputs information to the log buffer, which holds 512 records
by default.
Example Configure the switch to output information to the log buffer with the size of 50.
[S4200G] info-center logbuffer size 50
■ System view
Description This command takes effect only after system logging is enabled.
Related Command ■ info-center enable

■ display info-center
3Com Switch 4200G Family info-center monitor channel ● 397
Command Reference
info-center monitor channel
Purpose Use the info-center monitor channel command to enable information output to
terminals through a specified channel.
Use undo info-center monitor channel command to disable the information

output.
Syntax info-center monitor channel { channel-number | channel-name }
undo info-center monitor channel

channel-name Channel name. Valid values are channel6, channel7,
monitor, snmpagent, and trapbuffer.
Default By default, switches do not output log information to user terminal.
Example Set channel 0 to send log information to user terminal.
[S4200G] info-center monitor channel 0
■ System view
Description This command works only when the information center is enabled for the system

398 ● info-center snmp channel 3Com Switch 4200G Family
Command Reference
info-center snmp channel
Purpose Use the info-center snmp channel command to enable information output to the
SNMP through a specified channel.
Use undo info-center snmp channel command to restore the default SNMP
channel, that is, channel 5.
Syntax info-center snmp channel { channel-number | channel-name }
undo info-center snmp channel

channel-name Channel name. Valid values are channel6, channel7,
monitor, snmpagent, and trapbuffer.
Example Set channel 6 as the SNMP information channel.
[S4200G] info-center snmp channel 6
■ System view
Related Command ■ snmp-agent

■ display info-center
3Com Switch 4200G Family info-center source ● 399
Command Reference
info-center source
Purpose Use the info-center source command to add a record (that is, an information
source) to an information channel.
Use the undo info-center source command to delete an information source from
an information channel.
Syntax info-center source { modu-name | default } channel { channel-number |

channel-name } [ debug { level severity | state state }* | log { level
severity | state state }* | trap { level severity | state state } ] *
undo info-center source { modu-name | default } channel {

channel-number | channel-name }
Parameters modu-name Module name. See Table 83.

default All the modules.
log Specifies to output log information.
trap Specifies to output trap information.
debugging Specifies to output debug information.
level Specifies an information severity level.
severity Information severity level. The information with
severity level greater than this level will not be output.
If not specified, the default log information level is
warnings; the default trap information level is
debugging; and the default debugging information
level is debugging.
Note: If you only specify the level for one or two of the three types of information,
the level(s) of the unspecified type(s) return to the default. For example, if you only
define the level of the log information, then the levels of the trap and debugging
information return to the defaults.
You may specify any of the following severity levels:
emergencies
Level 1 information, which cannot be used by the
system.
alerts
Level 2 information, to be reacted immediately.
critical
Level 3 information, critical information.
errors
Level 4 information, error information.
warnings
level 5 information, warning information.
notifications
400 ● info-center source 3Com Switch 4200G Family
Command Reference
Level 6 information, showed normally and

important.
informational
Level 7 information, notice to be recorded.
debugging
Level 8 information, generated during the
debugging progress.
channel-number Channel number to be set.
channel-name Channel name to be set. Valid values are channel6,
channel7, channel8, channel9, console, logbuffer,
loghost, monitor, snmpagent, and trapbuffer.
state Set the state of the information.
state Specify the state as on or off.
By default, the log information level is warnings, the
trap information level is debugging, the debugging
information level is debugging.
Table 83 Module names in logging information
Module name Description

8021X 802.1X module
ACL Access control list module
AM Access management module
ARP Address resolution protocol module
CFAX Configuration proxy module
CFG Configuration management platform module
CFM Configuration file management module
CMD Command line module
COMMONSY Common system MIB module
DEV Device management module
DHCC DHCP Client module
DHCP Dynamic host configuration protocol module
DRV Driver module
DRV_MNT Driver maintenance module
ESP End-station polling module
ETH Ethernet module
FIB Forwarding module
FTM Fabric topology management module
FTMCMD Fabric topology management command line
module
FTPS FTP server module
HA High availability module
HTTPD HTTP server module
IFNET Interface management module
IGSP IGMP snooping module
IP IP module
IPC Inter-process communication module
IPMC IP multicast module
L2INF Interface management module
3Com Switch 4200G Family info-center source ● 401
Command Reference
Table 83 Module names in logging information (continued)
Module name Description

LACL LANswitch ACL module
LQOS LANswitch QoS module
LS Local server module
MPM Multicast port management module
NTP Network time protocol module
PPRDT Protocol packet redirection module
PTVL Driver port, VLAN (Port & VLAN) module
QACL QoS/ACL module
QOSF Qos profile module
RDS Radius module
RM Routing management
RMON Remote monitor module
RSA Revest, shamir and adleman encryption system
RTPRO Routing protocol
SHELL User interface
SNMP Simple network management protocol
SOCKET Socket
SSH Secure shell module
STP Spanning tree protocol module
SYSMIB System MIB module
TELNET Telnet module
UDPH UDP helper module
VFS Virtual file system module
VTY Virtual type terminal module
WCN Web management module
XM XModem module
Example Configure to output the log information of the VLAN module on the snmp channel,
and only output the log information above the "emergencies" severity.
[S4200G] info-center source vlan channel snmpagent log level
emergencies
■ System view
Description This command can be used for filtering of log, trap, or debug information. For
example, it can control log output from the IP module to any direction. You can
configure IP module log information above the "warning" severity to be output to
the log host, and those above the "informational" severity output to the log buffer.
You can also configure IP module trap information to be output to a specific trap
host.
402 ● info-center source 3Com Switch 4200G Family
Command Reference
In addition, you can use this command to specify the filtering channel for each output
direction. Information is sent to the proper direction after being filtered through the
specified channel. Therefore, in this command, you can set the channel to be used for
an output direction and the filter of the channel for information filtering and
redirection.
Each output direction is assigned with a default information channel at present,

shown as follows:
Table 84 Information channel in each output direction by default
Output direction Information channel name

Console console
Monitor terminal monitor
Log buffer logbuffer
Trap buffer trapbuffer
snmp snmpagent
Each information channel is configured with a default record, whose module name is
"all" and module number is 0xffff0000. In the record, the default settings for log,
trap and debug information may differ with channels. If no record is configured for a
channel, this default record is adopted.
3Com Switch 4200G Family info-center synchronous ● 403
Command Reference
info-center synchronous
Purpose Use the info-center synchronous command to enable synchronous terminal

output.
Use the undo info-center synchronous command to disable synchronous

terminal output.
Syntax info-center synchronous
undo info-center synchronous
Parameters None
Default By default, the synchronous terminal output function is disabled.
Example Enable synchronous terminal output.
[S4200G]info-center synchronous
Current IC terminal output sync is on
■ System view
Description Use the info-center synchronous command to enable synchronous terminal

output, so that if system information (such as log information) is output when the
user is inputting, the command prompt and input information are echoed after the
output (note that, the command prompt is echoed in command edit state but is not
echoed in interactive state).
While enabled, the synchronous information output function allows the system to
display command line prompts and users’ input so far after each system output,
helping users continue with their input.
Note:
■ Use the info-center synchronous command to prevent users’ input from
being interrupted by system output and to realize synchronous information
output.
■ It is recommended that you disable this function during debugging, as the
info-center synchronous command produces unnecessary output by
displaying command line prompts after each piece of debugging information.
404 ● info-center timestamp 3Com Switch 4200G Family
Command Reference
info-center timestamp
Purpose Use the info-center timestamp command to set the format of time stamp
included in the log/trap/debug information or specify not to include time stamp in the
information.
Use the undo info-center timestamp command to restore the default time stamp
format.
Syntax info-center timestamp { log | trap | debugging } { boot | date | none }
undo info-center timestamp { log | trap | debugging }
Parameters log Specifies log information.

trap Specifies trap information.
debugging Specifies debug information.
boot Specifies to adopt the time elapsed since system boot,
which is in the format of "xxxxxx.yyyyyy", where
xxxxxx is the high 32 bits and yyyyyy the low 32 bits of
the elapsed milliseconds.
date Specifies to adopt the current system date and time,
which is in format "yyyy/mm/dd-hh:mm:ss" for
Chinese environment and "mm/dd/yyyy-hh:mm:ss" for
English environment.
None Specifies not to include time stamp in specified output
information.
Default By default, the date time stamp is adopted for all types of information.
Example Set the boot time stamp for debug information.
[S4200G] info-center timestamp debugging boot
■ System view
3Com Switch 4200G Family info-center trapbuffer ● 405
Command Reference
info-center trapbuffer
Purpose Use the info-center trapbuffer command to enable information output to the
trap buffer.
Use the undo info-center trapbuffer command to disable information output to

the trap buffer.
Syntax info-center trapbuffer [ size buffersize ][ channel { channel-number |

channel-name } ]
undo info-center trapbuffer [ channel | size ]
Parameters size Sets the size of the trap buffer.

buffersize Size of the trap buffer, represented by the number of
messages it holds, ranging from 0 to 1024 and
defaulting to 256.
channel Sets the channel through which information is sent to
the trap buffer.
channel-number Channel number, ranging from 0 to 9, corresponding
channel-name Channel name.
Example Enable the switch to send information to the trap buffer, whose size is set to 30.
[S4200G] info-center trapbuffer size 30
■ System view
Description This command takes effect only after system logging is enabled.

406 ● instance 3Com Switch 4200G Family
Command Reference
instance
Purpose Use the instance command to map specified VLANs to a specified spanning tree
instance.
Use the undo instance command to remove the mappings from specified VLANs
to a specified spanning tree instance.
Syntax instance instance-id vlan vlan-list
undo instance instance-id [ vlan vlan-list ]
Parameters instance-id Specifies the ID of a spanning tree instance. Valid

values are 0 to 16. A value of 0 specifies the CIST.
vlan-list Specifies the list of VLANs. You must provide this
argument in the form:
vlan-list = { vlan-id [ to vlan-id ] }&<1-10>
&<1-10> means that you can provide up to 10 VLAN
IDs/VLAN ID lists for this argument. Normally, a VLAN
ID can be a number ranging from 1 to 4094. VLANs
with their IDs beyond this range (if the switch supports
this kind VLAN IDs), such as VLAN 4095 and VLAN
4096, can only be mapped to the CIST (spanning tree
instance 0).
Default By default, all VLANs are mapped to the CIST.
Example To map VLAN 2 to spanning tree instance 1, enter the following:
[S4200G-mst-region] instance 1 vlan 2
■ MST Region view
Description VLAN-to-spanning tree instance mappings are recorded in the VLAN mapping table of
an MSTP switch. So these two commands are actually used to manipulate the VLAN
mapping table. You can add/remove a VLAN to/from the VLAN mapping table of a
specific spanning tree instance by using these two commands.
Note that a VLAN cannot be mapped to multiple spanning tree instances at the same
time. A VLAN-to-spanning tree instance mapping is automatically removed if you map
the VLAN to another spanning tree instance.
3Com Switch 4200G Family instance ● 407
Command Reference
Related Commands ■ active region-configuration

■ check region-configuration
■ region-name
■ revision-level
408 ● interface 3Com Switch 4200G Family
Command Reference
interface
Purpose Use the command interface command to enter Ethernet port view. To configure
parameters for a port, you must enter the port view first.
Syntax interface interface-type interface-number
interface-type Specifies the port (interface) type. The interface type

can be either Aux, Ethernet, GigabitEthernet , NULL,
Vlan-interface.
interface-number Specifies the port (interface) number in the format
Specifies the unit number. Valid values are 1 to 8.
Specifies the port number. Valid values are 1 to 28 or 1
to 52, depending on the number of ports you have on
your unit.
Example Enter GigabitEthernet1/0/1 port view.
<S4200G>system-view
[S4200G]interface GigabitEthernet1/0/1
■ System view
3Com Switch 4200G Family interface VLAN-interface ● 409
Command Reference
interface VLAN-interface
Purpose Use the interface vlan-interface command to create a management VLAN

interface and enter management VLAN interface view.
Use the undo interface vlan-interface command to remove the management

VLAN interface.
Syntax interface vlan-interface vlan-id
undo interface vlan-interface vlan-id
Parameters vlan-id The ID of the management VLAN interface you want

to configure. Valid values are 1 to 4094.
If not specified, the default is VLAN1, which cannot be
deleted.
Example Create VLAN 10 and configure it to be the management VLAN. Enter VLAN 10
interface view.
[S4200G] vlan 10
[S4200G-vlan10] quit
[S4200G-Vlan-interface10]
■ System view
Description Before creating a management VLAN interface, make sure the VLAN identified by the
vlan-id argument is created and is configured to be the management VLAN.
Note:
To configure the management VLAN of a switch operating as a cluster management

device to be a cluster management VLAN (using the management-vlan vlan-id
command) successfully, make sure the vlan-id argument provided in the
management-vlan vlan-id command is consistent with that of the management
VLAN.
Related Command display interface VLAN-interface

410 ● ip address 3Com Switch 4200G Family
Command Reference
ip address
Purpose Use the ip address command to assign an IP address (and mask) to a management
VLAN interface.
Use the undo ip address command to remove the IP address assigned to a

management VLAN interface.
Syntax ip address ip-address net-mask
undo ip address [ ip-address netmask ]
Parameters ip-address Specifies the IP address to be assigned to the

management VLAN interface.
If not specified, the default IP address is Null.
net-mask Specifies the mask of the IP address to be assigned to
the management VLAN interface.
Example Assign an IP address (and the mask) to the management VLAN interface. (Assume
that VLAN 1 is the management VLAN.)
[S4200G-Vlan-interface1] ip address 1.1.1.1 255.0.0.0
Description Usually, only one IP address is required for each interface. If you want to connect the
interface to several subnets, you can configure an IP addresses for each subnet.
Before you can cancel the primary IP address of an interface, you must cancel any
secondary IP addresses.
The subnet address of an IP address can be identified by subnet mask. For instance,
the IP address of an interface is 202.38.10.102, and the mask is 255.255.0.0. You can
confirm that the subnet address is 202.38.0.0 by performing the logic operation
“AND” on the IP address and mask.
Note: The VLAN interface cannot be configured with the secondary IP address if its IP
address is set to be allocated by BOOTP or DHCP.
Related Command display interface VLAN-interface

3Com Switch 4200G Family ip address bootp-alloc ● 411
Command Reference
ip address bootp-alloc
Purpose Use the ip address bootp-alloc command to configure VLAN interface to obtain IP
address using BOOTP.
Use the undo ip address bootp-alloc command to cancel the configuration.
Syntax ip address bootp-alloc
undo ip address bootp-alloc
Parameters None
Default By default, the VLAN interface does not use BOOTP to obtain an IP address.
Example Configure the management VLAN interface to obtain an IP address through BOOTP.
(Assume that VLAN 1 is the management VLAN.):
[S4200G-Vlan-interface1] ip address bootp-alloc
Related Command display bootp client

412 ● ip address dhcp-alloc 3Com Switch 4200G Family
Command Reference
ip address dhcp-alloc
Purpose Use the ip address dhcp-alloc command to configure VLAN interface to

obtain an IP address using DHCP.
Use the undo ip address dhcp-alloc command to cancel the configuration.
Syntax ip address dhcp-alloc
undo ip address dhcp-alloc
Parameters None
Default By default, the VLAN interface does not use DHCP to obtain an IP address.
Example Configure the management VLAN interface to obtain an IP address through DHCP.
(Assume that VLAN 1 is the management VLAN.)
[S4200G-Vlan-interface1] ip address dhcp-alloc

3Com Switch 4200G Family ip host ● 413
Command Reference
ip host
Purpose Use the ip host command to configure a host name and the corresponding IP
address for a switch.
Use the undo ip host command to remove the host name and the corresponding IP
address of a switch.
Syntax ip host hostname ip-address
undo ip host hostname [ ip-address ]
Parameters hostname Specifies the host name of the connecting device,

which may be up to 20 characters long. The character
string can include letters, numbers, "_", and ",", and
must contain at least one letter.
If not specified, the default host name is Null.
ip-address Specifies the host’s IP address, in dotted decimal
notation.
If not specified, the default IP address is Null.
Example Configure the host name and the corresponding IP address of a switch to be
Lanswitch2 and 10.110.0.2
[S4200G] ip host Lanswitch2 10.110.0.2
■ System view
Related Command display ip host

414 ● ip http acl 3Com Switch 4200G Family
Command Reference
ip http acl
Purpose Use the ip http acl command to apply an ACL to filter Web users.
Use the undo ip http acl command to disable the switch from filtering Web users
using the ACL.
Syntax ip http acl acl-number
undo ip http acl
Parameters acl-number Specifies a basic ACL. Valid values are a number from
2000 to 2999.
Example Apply ACL 2000 to filter Web users (assuming that ACL 2,000 already exists.)
[S4200G] ip http acl 2000
■ System view
3Com Switch 4200G Family ip-pool ● 415
Command Reference
ip-pool
Purpose Use the ip-pool command to configure a private IP address range for cluster
members on the switch to be set as the management device.
Use the undo ip-pool command to cancel the IP address configurations of the
cluster.
Syntax ip-pool administrator-ip-address { ip-mask | ip-mask-length }
undo ip-pool
Parameters administrator-ip-
address IP address of the management device of a cluster.
ip-mask Mask of the cluster IP address pool.
ip-mask-length Mask length of the cluster IP address pool.
Example Configure the IP address range of a cluster.
<S4200G>system-view
[S4200G]cluster
[S4200G-cluster] ip-pool 10.200.0.1 20
■ Cluster view
Description Before setting up a cluster, the user should configure a private IP address pool for
cluster member devices. When a candidate device is added, the management device
will dynamically assign a private IP address, which can be used for communication
inside the cluster. In this way, the user can use the management device to manage
and maintain the member devices.
The commands can only be executed on a non-cluster-member switch. The IP address

range of an existing cluster cannot be modified.
416 ● ip route-static 3Com Switch 4200G Family
Command Reference
ip route-static
Purpose Use the ip route-static command to configure a static route.
Use the ip route-static command to configure a static route, whose validity

depends on detecting results as follows: valid when the detecting result is reachable
or invalid when the detecting result is unreachable.
Use the undo ip route-static command to remove an existing static route.
Syntax ip route-static ip-address { mask | mask-length } { null

null-interface-number | gateway-address } [ preference preference-value
] [ reject | blackhole ] description text ]
undo ip route-static ip-address { mask | mask-length } { null

null-interface-number | gateway-address } [ preference preference-value
]
Parameters ip-address Destination IP address in dotted decimal notation.

mask IP address mask.
mask-length Mask length, consisting of an integer from 0 to 32.
null null-interface-numberSpecifies a null interface. A null interface is a virtual
interface. Packets destined for a null interface is
discarded. Null interface helps to reduce system load.
gateway-address IP address of the next hop of this route, in dotted
decimal notation.
preference-value Preference value of the route. Valid values are 1 to
255.
reject Specifies the route to be an unreachable route.
blackhole Specifies the route to be a blackhole route.
description text Specifies a descriptive string for the static route. The
text argument is a string comprised of 1 to 60
characters.
Default By default, the system can obtain the routes to the subnets directly connected to a
router.
Example Configure the next hop of the default route to be 129.102.0.2.
[S4200G] ip route-static 0.0.0.0 0.0.0.0 129.102.0.2

3Com Switch 4200G Family ip route-static ● 417
Command Reference
■ System view
Description If you do not specify the preference when configuring a static route, the value
specified by the ip route-static default-preference command (which defaults to 60) is
adopted. Note that routes with the same destinations, the same next hops, but
different preferences are different routes. Among these routes, the one with least
preference (which means the highest preference) is chosen to be the current route. A
route configured using the ip route-static command is a reachable route if neither of
the reject and blackhole keywords is specified.
Note the following when configuring a static route:
■ The next hop address of a static route cannot be the VLAN interface address of the
local switch.
■ A static route with both its destination IP address and mask both being 0.0.0.0 is
the default route. When no matched entry is found in the routing table, a received
packet is forwarded according to the default route.
Related Command ■ display ip routing-table

■ ip route-static default-preference
418 ● ip route-static 3Com Switch 4200G Family
Command Reference
ip route-static
Purpose Use the ip route-static command to configure a static route, whose validity
depends on detecting results as follows: valid when the detecting result is reachable
or invalid when the detecting result is unreachable.
Use the undo ip route-static command to remove the configured static route.
Syntax ip route-static ip-address { mask | mask-length } [ interface-type

interface-number | next-hop [ preference preference-value ] [ reject |
blackhole ]
undo ip route-static ip-address { mask | mask-length }[interface-type

interface-number ] [ next-hop ] [ preference preference-value ][ reject
| blackhole ]
Parameters ip-address Destination IP address in dotted decimal notation.

mask Subnet mask.
mask-length Length of the subnet mask, that is, the number of
successive bits in the subnet mask whose values are 1.
interface-type
interface-number Specifies the interface of the route. The packets that
are sent to a NULL interface, a kind of virtual interface,
will be discarded immediately. This can decrease the
system load.
next-hop Next hop IP address in dotted decimal notation.
preference-value Preference value of the route. This argument ranges
from 1 to 255. The default preference is 60.
reject Specifies the route to be unreachable. If you specify
this keyword when executing this command, any
packet destined for the specified IP address is
discarded, and the system informs the source that the
destination is unreachable.
blackhole Specifies the route to be a black hole. If you specify
this keyword when executing this command, all
outbound interfaces of the static route are the Null 0
interfaces regardless of the next hop. In addition, the
system discards any packet transmitted along this
route without informing the source.
Example Configure the next hop of the default route as 129.102.0.2.
[S4200G] ip route-static 0.0.0.0 0.0.0.0 129.102.0.2
3Com Switch 4200G Family ip route-static ● 419
Command Reference
■ System view
420 ● jumboframe enable 3Com Switch 4200G Family
Command Reference
jumboframe enable
Purpose Use this command to allow jumbo frames to pass through the Ethernet port.
Syntax jumboframe enable
undo jumboframe enable
Example To allow jumbo frames to pass through GigabitEthernet1/0/3.
[4200G] interface GigabitEthernet 1/0/3

[4200G-GigabitEthernet1/0/3]dis this
#
undo jumboframe enable
#
return
[4200G-GigabitEthernet1/0/3]jumboframe enable
[4200G-GigabitEthernet1/0/3]dis this
#
#
return
[4200G-GigabitEthernet1/0/3]q
[4200G]
■ Ethernet port view
Description Use the jumboframe enable command to allow jumbo frames to pass through the
current Ethernet port. The maximum frame size supported is 9216 bytes.
Use the undo jumboframe enable command to inhibit jumbo frames from passing
through the current Ethernet port.
3Com Switch 4200G Family key ● 421
Command Reference
key
Purpose Use the key command to specify a shared key for the RADIUS
authentication/authorization packets or accounting packets.
Use the undo key command to restore the corresponding default shared key.
Syntax key { accounting | authentication } string
undo key { accounting | authentication }
Parameters accounting Specifies the shared key for the RADIUS accounting
packets.
authentication Specifies a shared the encryption key for RADIUS
authentication/authorization packet.
string Specifies the key with a character string not exceeding
16 characters.
If not specified, the default key is “3Com”.
Example To set the shared key for the RADIUS accounting packets in RADIUS scheme radius1
to ok.
New Radius scheme
[S4200G-radius-radius1] key authentication hello
To set the shared key for the RADIUS accounting packets in RADIUS scheme radius1
to ok.
New Radius scheme
[S4200G-radius-radius1] key accounting ok
Description The RADIUS client and server adopt MD5 algorithm to encrypt the RADIUS packets
exchanged with each other. The two parties verify the validity of the exchanged
packets by using the shared keys that have been set on them, and can accept and
respond to the packets sent from each other only if both of them have the same
shared keys. If the authentication/authorization server and the accounting server are
422 ● key 3Com Switch 4200G Family
Command Reference
two separate devices and the two servers have different shared keys, you must set the
shared keys for authentication/authorization packets and accounting packets
respectively on the switch.
Related Commands ■ primary accounting

■ primary authentication
■ radius scheme.
3Com Switch 4200G Family lacp enable ● 423
Command Reference
lacp enable
Purpose Use the lacp enable command to enable the LACP protocol on the current port.
Use the undo lacp enable command to disable the LACP protocol on the current
port.
Syntax lacp enable
undo lacp enable
Parameters None
Example Enable LACP protocol on the port GigabitEthernet1/0/1.
[S4200G-GigabitEthernet1/0/1] lacp enable
Description The Switch will select the lowest port number as the master port for the link
aggregation. This applies to all types of link aggregation. If the aggregation spans a
stack of units and the same ports are used, the unit number will be the tie-breaker.
For example, 1/0/1 and 2/0/1 are in an aggregation. Port 1/0/1 will be the master port.
424 ● lacp port-priority 3Com Switch 4200G Family
Command Reference
lacp port-priority
Purpose Use the lacp port priority command to configure port priority value.
Use the undo lacp port-priority command to restore the default port priority
value.
Syntax lacp port-priority port-priority
undo lacp port-priority
Parameters port-priority Port priority value. Valid values are 0 to 65,535.

If not specified, the default value set is 32,768.
Example Set the priority of the port GigabitEthernet1/0/1 to 64.
[S4200G-GigabitEthernet1/0/1] lacp port-priority 64
Related Commands ■ display link-aggregation interface

■ display link-aggregation verbose
3Com Switch 4200G Family lacp system-priority ● 425
Command Reference
lacp system-priority
Purpose Use the lacp system-priority command to configure system priority value.
Use the undo lacp system-priority command to restore the default system priority
value.
Syntax lacp system-priority system-priority
undo lacp system-priority
Parameters system-priority System priority value. Valid values are 0 to 65,535.

If not specified, the default is 32,768.
Example Set the system priority to 64.
[S4200G] lacp system-priority 64
■ System view
Related Command display lacp system-id

426 ● language-mode 3Com Switch 4200G Family
Command Reference
language-mode
Purpose Use the language-mode command to toggle between the language modes (that is,
language environments) of the command line interface (CLI) to meet your
requirement.
Syntax language-mode { chinese | english }
Parameters chinese Sets the CLI language environment to Chinese.

english Sets the CLI language environment to English.
Default By default, the CLI language mode is english.
Example Toggle from the english mode to the chinese mode.
<S4200G> language-mode chinese
■ User view
3Com Switch 4200G Family lcd ● 427
Command Reference
lcd
Purpose Use the lcd command to display the local work directory on the FTP client.
Syntax lcd
Parameters None
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Display the local work directory.
[ftp] lcd
% Local directory now flash:/temp
■ FTP Client view

428 ● level 3Com Switch 4200G Family
Command Reference
level
Purpose Use the level command to set the priority level of the user.
Use the undo level command to restore the default priority level of the user.
Syntax level level
undo level
Parameters level Specifies the priority level of the user. level is an

integer ranging from 0 to 3.
Default The default user priority level is 0.
Example To set the level of user1 to 3, enter the following:
[S4200G-luser-user1] level 3
■ Local User view
Description The priority level of the user corresponds to the command level of the user. Refer to
the description of the command-privilege level command in the command
line interface module.
If the configured authentication mode is none authentication or password

authentication, the command level that a user can access after login depends on the
priority of user interface. In the case of authentication requiring both username and
password, however, the accessible command level depends on user priority level.
lIf the configured authentication method requires a user name and a password, the
command level that a user can access after login is determined by the priority level of
the user. For SSH users, when they use RSA shared keys for authentication, the
commands they can access are determined by the levels sets on the user interfaces.
Related Command local-user

3Com Switch 4200G Family link-aggregation group description ● 429
Command Reference
link-aggregation group description
Purpose Use the link-aggregation group description command to set a description for
an aggregation group.
Use the undo link-aggregation group agg-id description command to remove

the description of an aggregation group.
Syntax link-aggregation group agg-id description agg-name
undo link-aggregation group agg-id description
Parameters agg-id Aggregation group ID. Valid values are 1 to 50.

agg-name Aggregation group name, consisting of a character
Example Set the description "abc" for aggregation group 22.
[S4200G] link-aggregation group 22 description abc
■ System view
Description If you have saved the current configuration with the save command, after system
reboot, the manual and static aggregation groups and their descriptions still exist, but
the dynamic aggregation groups and their descriptions disappear.

430 ● link-aggregation group mode 3Com Switch 4200G Family
Command Reference
link-aggregation group mode
Purpose Use the link-aggregation group mode command to create a manual or static
aggregation group.
Use the undo link-aggregation group command to delete an aggregation group.
Syntax link-aggregation group agg-id mode { manual | static }
undo link-aggregation group agg-id

manual Creates a manual aggregation group.
static Creates a static aggregation group.
Example To create manual aggregation group 22, enter the following:
[S4200G] link-aggregation group 22 mode manual
■ System view
Description The Switch will select the lowest port number as the master port for the link
aggregation. This applies to all types of link aggregation. If the aggregation spans a
stack of units and the same ports are used, the unit number will be the tie-breaker.
For example, 1/0/1 and 2/0/1 are in an aggregation. Port 1/0/1 will be the master port.
A manual or static aggregation group can have up to eight ports. You can use the
link-aggregation group agg-id mode command to change an existing dynamic
aggregation group into a manual or static one. If the port number in a group exceeds
eight, this operation fails and the system prompts you about the configuration failure.
Related Command display link-aggregation summary

3Com Switch 4200G Family local-server ● 431
Command Reference
local-server
Purpose Use the local-server command to configure the parameters of local RADIUS server.
Use the undo local-server command to cancel a local RADIUS server.
Syntax local-server nas-ip ip-address key password
undo local-server nas-ip ip-address
Parameters nas-ip ip-address Specifies the IP address of the local RADIUS server.
ip-address is expressed in the format of dotted
decimal.
key password Specifies the shared key of the local RADIUS server.
password is a character string up to 16 characters in
length.
Default By default, a local RADIUS authentication server has already been created with the
NAS-IP and key set to 127.0.0.1 and 3Com respectively.
Example To create a local RADIUS authentication server with an IP address of 10.110.1.2 and a
shared key of aabbcc, enter the following:
[S4200G] local-server nas-ip 10.110.1.2 key aabbcc
■ System view
Description Note:
■ The switch not only supports the traditional RADIUS client service to accomplish
user AAA management through foreign authentication/authorization server and
accounting server, but also provides a simple local RADIUS server function for
authentication and authorization. This function is called local RADIUS
authentication server function.
■ When you use the local RADIUS authentication server function, the UDP port
number for the authentication/authorization service must be 1645, the UDP port
number for the accounting service is 1646.
■ The packet encryption key set by the local-server command with the key
password parameter must be identical with the authentication/authorization
packet encryption key set by the key command in RADIUS scheme view.
■ The switch supports at most 16 local RADIUS authentication servers (including the
default local RADIUS authentication server).
432 ● local-server 3Com Switch 4200G Family
Command Reference
Related Commands ■ key

■ radius-scheme
■ state
3Com Switch 4200G Family local-user ● 433
Command Reference
local-user
Purpose Use the local-user command to add a local user and enter local user view.
Use the undo local-user command to delete the specified local users.
Syntax local-user user-name
undo local-user { user-name | all [ service-type { ftp | lan-access |

ssh | telnet | terminal } ] }
Parameters user-name user-name Specifies the connections to display using the

■ /
■ :
■ *
■ ?
■ <
■ >
all Specifies all users.
service-type Specifies local users of a specific type. You can specify
one of the following user types:
■ ftp
■ lan-access (users are mainly Ethernet access users,
for example, 802.1x users)
■ ssh
■ telnet
■ terminal (users can log into the switch through the
Console port)
Example To add a local user named user1, enter the following:
[S4200G-luser-user1]
434 ● local-user 3Com Switch 4200G Family
Command Reference
■ System view
Related Command ■ display local-user

■ service-type
3Com Switch 4200G Family local-user password-display mode ● 435
Command Reference
local-user password-display mode
Purpose Use the local-user password-display-mode command to set the password

display mode of all users.
Use the undo local-user password-display-mode command to restore the

default password display mode.
Syntax local-user password-display-mode { auto | cipher-force }
undo local-user password-display-mode
Parameters auto Adopts the forcible cipher mode so that the passwords
of all the access users must be displayed in cipher text.
cipher-force Adopts the automatic mode so that the passwords of
access users are displayed in the modes set with the
password command.
Default By default, the password display mode of all access users is auto.
Example To display all access user passwords in cipher text forcibly, enter the following:
[S4200G] local-user password-display-mode cipher-force
■ System view
Description When the cipher-force mode is adopted, all passwords will be displayed in cipher text
even through some users have specified to display their passwords in plain text by
using the password command with the simple keyword.
Related Command ■ display local-user

■ password
436 ● lock 3Com Switch 4200G Family
Command Reference
lock
Purpose Use the lock command to lock the current user interface and prevent unauthorized
users from accessing it.
Syntax lock
Parameters None
Example To lock the current user interface, enter the following:
<S4200G>lock
Password: xxxx
Again: xxxx
■ User view
Description An authorized user must enter a valid password to access the interface.
3Com Switch 4200G Family logging-host ● 437
Command Reference
logging-host
Purpose Use the logging-host command to configure a public logging host on the
management device for member devices.
Use the undo logging-host command to cancel the logging host configuration.
Syntax logging-host ip-address
undo logging-host
Parameters ip-address IP address of the logging host configured for the

cluster.
Default By default, no public logging host is configured.
Example Configure the IP address of the logging host on the management device.
[aaa_0.S4200G-cluster] logging-host 10.10.10.9
■ Cluster view
Description Only after you assign an IP address for the logging host of the cluster, member
devices can send log information to the logging host through the management
device.
438 ● loopback-detection control enable 3Com Switch 4200G Family
Command Reference
loopback-detection control enable
Purpose Use the loopback-detection control enable command to enable loopback

detection and control function for Trunk ports and Hybrid ports.
Use the undo loopback-detection control enable command to disable

loopback detection and control function for Trunk ports and Hybrid ports.
Syntax loopback-detection control enable
undo loopback-detection control enable
Parameters None
Default By default, the loopback detection and control function is disabled for both the Trunk
and Hybrid ports.
Example Enable loopback port control on the GigabitEthernet1/0/1 trunk port.
[S4200G] loopback-detection enable
[S4200G-GigabitEthernet1/0/1] loopback-detection enable
[S4200G-GigabitEthernet1/0/1] loopback-detection control enable
Description Note:
■ When the loopback port control function is enabled on the trunk or hybrid port
and loopback is found on the port, the system disables the port, sends a Trap
message to the client and removes the corresponding MAC forwarding entry.
■ When the loopback port control function is disabled, the system sends a Trap
message to the client if a loopback port is found. The port still operates normally.
CAUTION:
This command is invalid for the access port, since the loopback port control function
is always enabled on the access port.
3Com Switch 4200G Family loopback-detection enable ● 439
Command Reference
loopback-detection enable
Purpose Use the loopback-detection enable command to enable the loopback

detection function globally or for a specific port.
Use the undo loopback-detection enable command to disable the loopback

detection function globally or for a specific port.
Syntax loopback-detection enable
undo loopback-detection enable
Parameters None
Default By default, the loopback detection function is disabled.
Example Enable the loopback detection function for Ethernet1/0/1 port.
[S4200G] loopback-detection enable
[S4200G-Ethernet1/0/1] loopback-detection enable
■ System view
■ Loopback detection for a port is enabled only when the loopback-detection
enable command is enabled under both system view and port view.
■ When the undo loopback-detection enable command is used under
system view, the loopback detection function will be disabled for all ports.
Note:
■ For Access port: If system detects loopback for a port, it will shut down that port,
send a Trap message to the terminal, and delete the corresponding MAC address
forwarding entry.
■ For Trunk ports and Hybrid ports: If system detects loopback for a port, it will send
a Trap message to the terminal. If the loopback detection and control function for
that port is enabled at the same time, the system will then shut down the given
port, send a Trap message to the terminal, and delete the corresponding MAC
address forwarding entry.
440 ● loopback-detection enable 3Com Switch 4200G Family
Command Reference
Related Command loopback-detection control enable

3Com Switch 4200G Family loopback-detection interval-time ● 441
Command Reference
loopback-detection interval-time
Purpose Use the loopback-detection interval-time command to set the time

interval for detecting the external loopback for a port.
Use the undo loopback-detection interval-time command to restore the

time interval to default value.
Syntax loopback-detection interval-time time
undo loopback-detection interval-time
Parameters Time Time interval for detecting the external loopback for a
port, in seconds. Valid values are 5 to 300.
Example Set the time interval for regular external loopback detection to 10 seconds.
[S4200G] loopback-detection interval-time 10
■ System view
Related Command display-loopback-detection

442 ● loopback-detection per-vlan enable 3Com Switch 4200G Family
Command Reference
loopback-detection per-vlan enable
Purpose Use the loopback-detection per-vlan enable command to configure the

system to run loopback detection on all VLANs for the Trunk and Hybrid ports.
Use the undo loopback-detection per-vlan enable command to restore

the default setting, that is, to enable loopback detection function only for the default
VLANs with Trunk and Hybrid ports.
Syntax loopback-detection per-vlan enable
undo loopback-detection per-vlan enable
Parameters None
Default By default, system runs loopback detection only on the default VLAN for the trunk
and hybrid ports.
Example Configure the system to run loopback detection on all VLANs for the
GigabitEthernet1/0/1 trunk port.
[S4200G-GigabitEthernet1/0/1] loopback-detection per-vlan enable
This command is invalid for the Access ports.

3Com Switch 4200G Family ls ● 443
Command Reference
ls
Purpose Use the ls command to display the files in the specified directory.
Syntax ls [ remote-path ]
Parameters remote-path Name of the intended directory.
Example Display the files in directory flash:/.
sftp-client> ls flash:/
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 vrpcfg.cfg
Description If the remote-path argument is not specified, the files in the current directory are
displayed.
This command has the same function as the dir command.

444 ● ls 3Com Switch 4200G Family
Command Reference
ls
Purpose Use the ls command to display the information about a specified remote file.
Syntax ls [ remotefile [ localfile ] ]
Parameters remotefile Name of the remote file to be queried.

Localfile Name of the local file where the querying result is to
be saved.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Display the names of all the files in the current directory.
[ftp] ls
4.app
5.app
6.app
6.app.bak
abc.BTM
TEST
21.bin
FTP: 1235 byte(s) received in 1.595 second(s) 774.00byte(s)/sec.
■ FTP Client view
Description If you do not specify the remotefile argument, the names of all the files in the current
directory are displayed.
The ls command only displays file names, while the dir command displays file
information in more detail, including file size, creation date and so on.
3Com Switch 4200G Family mac-address ● 445
Command Reference
mac-address
Purpose Use the mac-address command to add/modify the MAC address table entry.
Use the undo mac-address command to delete MAC address table entry
Syntax In System view:
mac-address { static | dynamic | blackhole } mac-address interface

interface-type interface-number } vlan vlan-id
undo mac-address [ mac-address-attribute ]
In Port view:
mac-address { static | dynamic | blackhole } mac-address vlan vlan-id
undo mac-address [ { static | dynamic | blackhole } mac-address vlan

vlan-id
Parameters static Specifies that the MAC address entry to be

added/updated is of static type.
dynamic Specifies that the MAC address entry to be
added/updated is of dynamic type.
blackhole Specifies the MAC address entry to be added/updated
is of blackhole type.
mac-address Specifies the MAC address.
interface-type Specifies the port type.
vlan-id Specifies the VLAN ID. Valid values are 1 to 4094.
mac-address-attribute Specifies the string used to specify the MAC address
entries to be removed, as described in Table 85
Table 85 Description on the mac-address-attribute argument
Value Description
{ static | dynamic | blackhole } interface Remove the static, dynamic, or blackhole MAC
interface-type address entries concerning a specified port.
interface-number
{ static | dynamic | blackhole } vlan Remove the static, dynamic, or blackhole MAC
vlan-id address entries concerning a specified VLAN.
{ static | dynamic | blackhole } Remove a specified static, dynamic, or blackhole
mac-address [ interface MAC address entry.
interface-type
interface-number ] vlan vlan-id
interface interface-type Remove all the MAC address entries concerning a
interface-number specified port.
vlan vlan-id Remove all the MAC address entries concerning a
specified VLAN.
446 ● mac-address 3Com Switch 4200G Family
Command Reference
Table 85 Description on the mac-address-attribute argument (continued)
Value Description
mac-address [ interface Remove a specified MAC address entry.
interface-type
Example Configure a static MAC address entry with the following settings:
■ MAC address: 00e0-fc01-0101

■ Outbound port: GigabitEthernet1/0/1 port
■ GigabitEthernet1/0/1 port belongs to VLAN 2.
[S4200G] mac-address static 00e0-fc01-0101 interface GigabitEthernet
1/0/1 vlan 2
■ System view
■ Port view
Description If the MAC address you input in the mac-address command already exists in the MAC
address table, the system will modify the attributes of the corresponding MAC
address entry according to your settings in the command.
When being executed in port view, these two commands only apply to the current
port. In this case, the interface keyword is unnecessary.
Related Command display mac-address

3Com Switch 4200G Family mac-address max-mac-count ● 447
Command Reference
mac-address max-mac-count
Purpose Use the mac-address max-mac-count command to configure the maximum number
of MAC addresses an Ethernet port can learn.
Use the undo mac-address-table max-mac-count command to cancel the limitation

on the number of MAC addresses an Ethernet port can learn.
Syntax mac-address max-mac-count count
undo mac-address max-mac-count
Parameters count The maximum number of MAC addresses a port can

learn. Valid values are 0 to 4,096. A value of 0 disables
the port from learning MAC addresses.
If no maximum limit is set, the MAC address table
controls the number of MAC addresses a port can
learn.
Default By default, the number of MAC addresses an Ethernet port can learn is unlimited.
Example Set the maximum number of MAC addresses GgiabitEthernet1/0/3 port can learn to
600.
[S4200G-GigabitEthernet1/0/3] mac-address max-mac-count 600
Description These mac-address max-mac-count and undo mac-address-table max-mac-count

commands are not applicable to upstream ports.
The port stops learning MAC addresses when the specified limit is reached.
448 ● mac-address max-mac-count 0 3Com Switch 4200G Family
Command Reference
mac-address max-mac-count 0
Purpose Use the mac-address max-mac-count0 command to disable a switch from learning
MAC address in a VLAN.
Use the undo mac-address-table max-mac-count0 command to enable a switch to

learn MAC address in a VLAN.
Syntax mac-address max-mac-count 0
undo mac-address max-mac-count
Parameters None
Default By default, a switch learns MAC addresses in any VLAN.
Example Disable the switch from learning MAC address in VLAN 3.
[S4200G] vlan 3
[S4200G-vlan3] mac-address max-mac-count 0
■ VLAN view
3Com Switch 4200G Family mac-address multicast interface vlan ● 449
Command Reference
mac-address multicast interface vlan
Purpose Use the mac-address multicast command to add a multicast MAC address
entry.
Use the undo mac-address multicast command to remove a multicast MAC

address entry.
Syntax mac-address multicast mac-address interface interface-list vlan vlan-id
undo mac-address multicast [ mac-address [ interface interface-list ]

vlan vlan-id ]
Parameters mac-address Multicast MAC address.

interface-list Forward port list, in the format of { {
interface-type interface-num |
interface-name } [ to { interface-type
interface-num | interface-name } ] }&<1-10>.
Where, interface-type and interface-num is
the type and number of a port, interface-name is
the name of a port, and &<1-10> means you can
specify up to 10 ports/port ranges. For the value
ranges of the three arguments, refer to the command
parameter description in the Port Configuration
module of this document.
vlan-id VLAN ID.
Example Add a multicast MAC address entry, with multicast address 0100-5e0a-0805, forward
port GigabitEthernet 1/0/1, and VLAN 1 to which the entry belongs.
[S4200G] mac-address multicast 0100-5e0a-0805 interface GigabitEthernet
1/0/1 vlan 1
■ System view
Description A multicast address entry contains the following information: multicast MAC address,
Forward port, and VLAN ID.
Related Command display mac-address multicast static

450 ● mac-address multicast vlan 3Com Switch 4200G Family
Command Reference
mac-address multicast vlan
Purpose Use the mac-address multicast vlan command to add a multicast MAC
address entry.
Use the undo mac-address multicast vlan command to remove a multicast

MAC address entry.
Syntax mac-address multicast mac-address vlan vlan-id
undo mac-address multicast [ [ mac-address ] vlan vlan-id ]
Parameters mac-address Multicast MAC address.

vlan-id VLAN ID.
Example Add a multicast MAC address entry on the GigabitEthernet1/0/1 port, with multicast
address 0100-1000-1000 and VLAN 1 to which the entry belongs.
[S4200G-GigabitEthernet1/0/1]mac-address multicast 0100-1000-1000 vlan
1
Description A multicast MAC address entry contains a multicast MAC address, a VLAN ID, and
other information.
Related Command display mac-address multicast static

3Com Switch 4200G Family mac-address security ● 451
Command Reference
mac-address security
Purpose Use the mac-address security command to add Security MAC address
manually.
Use the undo mac-address security command to delete Security MAC

address.
Syntax mac-address security mac-address [ interface interface-type


vlan-id Specifies the VLAN ID.
Default By default, no Security MAC address is added.
Enable port-security feature globally.
[S4200G] port-security enable
Configure the maximum number of MAC addresses allowed to access the port to
100.
[S4200G-GigabitEthernet1/0/1] port-security max-mac-count 100
Configure the port mode to autolearn.
[S4200G-GigabitEthernet1/0/1] port-security port-mode autolearn
Add the Security MAC address 0001-0001-0001 to VLAN 1.
[S4200G-GigabitEthernet1/0/1] mac-address security 0001-0001-0001 vlan 1

■ System view
Description You can add Security MAC address only when the port-security is enabled globally
and the port-security port-mode autolearn command is configured on
the port.
452 ● mac-address timer 3Com Switch 4200G Family
Command Reference
mac-address timer
Purpose Use the mac-address timer command to set the aging time for dynamic MAC
address entries.
Use the undo mac-address timer command to revert to the default aging time.
Syntax mac-address timer { aging age-time | no-aging }
undo mac-address timer aging
Parameters aging age-time Specifies the aging time (measured in seconds) for
dynamic MAC address entries. Valid values for
age-time are 10 to 630.
If not specified, the default aging time is 300 seconds.
no-aging Specifies not to age dynamic MAC address entries.
Example Set the aging time of MAC address entries to 500 seconds.
[S4200G] mac-address timer aging 500
■ System view
Description Setting the aging time on the switch to be too long or too short will cause the switch
to broadcast data packets without MAC addresses, this will affect the operational
performance of the switch.
If the aging time is set too long, the switch will store out-of-date MAC address tables.
This will consume MAC address table resources and the switch will not be able to
update MAC address table according to the network change.
If aging time is set too short, the switch may delete valid MAC address table entries.
3Com Switch 4200G Family mac-authentication ● 453
Command Reference
mac-authentication
Purpose Use the mac-authentication command to enable centralized MAC address

authentication globally (current device) or on specified ports.
Use the undo mac-authentication command to disable centralized MAC

address authentication globally or on specified ports.
Syntax mac-authentication [ interface interface-list ]
undo mac-authentication [ interface interface-list ]
Parameters interface-list Specifies the list of Ethernet ports. You can specify
multiple Ethernet ports by providing this argument in
the form of interface-list = { interface-type
interface-number [ to interface-type interface-number
] } where <1–10> means that you can provide up to 10
port indexes/port index lists for this argument.
Default By default, centralized MAC address authentication is disabled both globally and on
any port.
Example To enable centralized MAC address authentication for GigabitEthernet 1/0/1 port,
[S4200G] mac-authentication interface GigabitEthernet 1/0/1
Enable centralized MAC address authentication globally.
[S4200G] mac-authentication
■ System view
Description When being executed in system view, the mac-authentication command

enables centralized MAC address authentication globally if you do not provide the
interface-list argument, otherwise, the command enables centralized MAC address
authentication on the specified ports.
When being executed in Ethernet port view, the command enables centralized MAC
address authentication on the current port only. In this case, the interface-list is
unnecessary.
454 ● mac-authentication 3Com Switch 4200G Family
Command Reference
You can configure centralized MAC address authentication-related parameters no

matter whether or not centralized MAC authentication is enabled. If you do not
configure the parameters before enabling centralized MAC address authentication
globally, the default parameters are adopted.
Note:
■ Centralized MAC address authentication configuration takes effect on a port only
after you enable centralized MAC address authentication globally.
■ The configuration of the maximum number of learned MAC addresses (refer to
the mac-address max-mac-count command) is unavailable for the ports with
centralized MAC address authentication enabled. Similarly, the centralized MAC
address authentication is unavailable for the ports with the maximum number of
learned MAC addresses configured.
3Com Switch 4200G Family mac-authentication authmode ● 455
Command Reference
mac-authentication authmode
Purpose Use the mac-authentication authmode command to set MAC address

authentication mode.
Use the undo mac-authentication authmode command to cancel the

configured MAC address authentication mode.
Syntax mac-authentication authmode { usernameasmacaddress | usernamefixed }
undo mac-authentication authmode
Parameters usernameasmacaddress Authenticates users in MAC address mode. The

usernameasmacaddress keyword specifies to adopt the
MAC address mode, where user the MAC address is
used as both user name and password.
usernamefixed Authenticates users in fixed mode. The usernamefixed
keyword specifies to adopt the fix mode, where user
name and password are configured previously.
Default By default, the MAC address mode is adopted.
Example To specify to perform MAC address authentication in the fixed mode, enter the
following:
[S4200G] mac-authentication authmode usernamefixed
■ System view
456 ● mac-authentication authpassword 3Com Switch 4200G Family
Command Reference
mac-authentication authpassword
Purpose Use the mac-authentication authpassword command to set a password for

MAC address authentication when the fixed mode is adopted.
Use the undo mac-authentication authpassword command to cancel the

configured password.
Syntax mac-authentication authpassword password
undo mac-authentication authpassword
Parameters password Specifies the password used for authentication. The

password consists of a character string from 1 to 63
characters long.
Default By default, no password is configured for the fixed mode of MAC address
authentication.
Example To Set the password to mac, enter the following:
[S4200G] mac-authentication authpassword mac
■ System view
3Com Switch 4200G Family mac-authentication authusername ● 457
Command Reference
mac-authentication authusername
Purpose Use the mac-authentication authusername command to set a user name

when a switch authenticates users in fixed mode.
Use the undo mac-authentication authusername command to restore the

default user name.
Syntax mac-authentication authusername username
undo mac-authentication authusername
Parameters username User name for authentication consisting of a character

string from1 to 55 characters long.
Default By default, the user name used in MAC address authentication (in the fixed mode) is
mac.
Example To set the user name to vipuser for MAC addresses authentication (in the fixed mode),
[S4200G] mac-authentication authusername vipuser
Restore the default user name for fixed mode.
[S4200G] undo mac-authentication authusername
■ System view
458 ● mac-authentication domain 3Com Switch 4200G Family
Command Reference
mac-authentication domain
Purpose Use the mac-authentication domain command to configure an ISP domain for
centralized MAC address authentication users.
Use the undo mac-authentication domain command to restore the default

ISP domain.
Syntax mac-authentication domain isp-name
undo mac-authentication domain
Parameters isp-name ISP domain name consisting of a string up to 24

characters long. Note that this argument cannot
contain “/”, “:”, “*”, “?”, “<”, and “>”.
Default By default, the domain for centralized MAC address authentication users is not
configured.
Example To configure the domain for centralized MAC address authentication to be Cams,
[S4200G] mac-authentication domain Cams
■ System view
3Com Switch 4200G Family mac-authentication timer ● 459
Command Reference
mac-authentication timer
Purpose Use the mac-authentication timer command to configure the timers used in
centralized MAC address authentication.
Use the undo mac-authentication timer command to restore the default

timer setting.
Syntax mac-authentication timer { offline-detect offline-detect-value |

quiet quiet-value | server-timeout server-timeout-value }
undo mac-authentication timer { offline-detect | quiet |

server-timeout }
Parameters offline-detect
offline-detect-value Sets the offline-detect timer (in seconds). This timer
sets the interval for a switch to test whether or not a
user goes offline. Valid values for the
offline-detect-value argument are 1 to 65,535. If not
specified, the default is 300.
quiet quiet-value Sets the quiet timer. If a user fails to pass the
authentication performed by a switch, the switch stops
authenticating users for a period specified by the
quiet-value before it authenticates users again. Valid
values for the quiet-value argument are 1 to 65,535 (in
minutes). If not specified, the default is 1.
server-timeout
server-timeout-value Sets the server-timeout timer. If the connection
between a switch and a RADIUS server times out when
the switch authenticates a user on one of its ports, the
switch turns down the user. Valid values for the
server-timeout-value argument are 1 to 65,535 (in
seconds). If not specified, the default is 100.
Example To set the server timeout timer to 150 seconds, enter the following:
[S4200G] mac-authentication timer server-timeout 150
■ System view
Related Command display mac-authentication

460 ● management-vlan 3Com Switch 4200G Family
Command Reference
management-vlan
Purpose Use the management-vlan command to specify the management VLAN on the
switch.
Use the undo management-vlan command to restore the default management

VLAN.
Syntax management-vlan vlan-id
undo management-vlan
Parameters vlanid ID of the VLAN to be specified as the management

VLAN.
Default By default, VLAN 1 is set as the management VLAN.
Example Specify VLAN 2 as the management VLAN of the current switch.
<S4200G>system-view
■ System view
Description Follow these items when you configure the management VLAN:
■ The management VLAN specified for devices in the same cluster must be the same
VLAN.
■ The management VLAN must be specified before the cluster is set up. You cannot
change the management VLAN of an existing VLAN. If necessary, you can delete
the cluster, re-specify the management VLAN and then re-create the cluster.
3Com Switch 4200G Family management-vlan synchronization enable ● 461
Command Reference
management-vlan synchronization enable
Purpose Use the management-vlan synchronization enable command to enable

the management VLANs of the member devices of a cluster to be synchronized.
Use the undo management-vlan synchronization enable command to

disable the management VLANs of the member devices of a cluster from being
synchronized.
Syntax management-vlan synchronization enable
undo management-vlan synchronization enable
Parameters None
Default By default, the management VLAN of a member device is not synchronized.
Example Enable management VLAN synchronization on the master switch.
[3Com_0.S4200G-cluster]management-vlan synchronization enable
Disable management VLAN synchronization on the master switch.
[3Com_0.S4200G-cluster]undo management-vlan synchronization enable
■ Cluster view
Description This command can be executed only on master switches.
After enabling management VLAN synchronization, the master device advertises

packets synchronizing the management VLANs to the attached switches regularly for
the latter to configure their management VLANs, so that the management VLAN of
the master device and those of the attached switches are synchronized. After the
management VLANs are synchronized, the attached switch can join the cluster.
462 ● mdi 3Com Switch 4200G Family
Command Reference
mdi
Purpose Use the mdi command to set port MDI attribute.
Use the undo mdi command to restore the default type.
Syntax mdi { across | auto | normal }
undo mdi
Parameters across Sets the port to support MDIX.

auto Sets the port to support auto-MDI/MDIX.
If no parameter is specified, the port MDI attribute is
set to auto.
normal Sets the port to support MDI.
Default By default, the network cable type is recognized automatically (the mdi auto
command).
Example Set the port to support auto-MDI/MDIX.
<S4200G>system-view
[SW4200G]interface GigabitEthernet 1/0/1
[SW4200G-GigabitEthernet1/0/1]mdi auto
Description Note: The mdi and undo mdi commands cannot be configured on the combo
ports.
3Com Switch 4200G Family messenger ● 463
Command Reference
messenger
Purpose Use the messenger time command to enable or disable the messenger alert and
configure the related parameters.
Use the undo messenger time command to restore messenger alert to default
settings.
Syntax messenger time { enable limit interval | disable }
undo messenger time
Parameters limit Remaining-online-time threshold in minutes. Valid

values are 1 to 60. When the remaining online time of
a user is equal to this threshold, the Switch begins to
send alert messages to the client.
interval Specifies the sending interval of prompts in minutes.
Valid values are of 5 to 60 and must be specifies in
intervals of 5.
Default By default, the messenger alert is disabled on the Switch.
Example To enable the switch to send prompt messages at intervals of 5 minutes to the users
in the ISP domain system after the remaining online time is less than 30 minutes.
[S4200G] domain system
[S4200G-isp-system] messenger time enable 30 5
■ ISP Domain view
Description This function allows the clients to inform the online users about their remaining
online time through a message dialog.
You can use messenger time enable command to set a remaining online time
limit and the interval to send prompt messages. After that, the switch regularly sends
prompt messages at the set interval to the clients of the users whose remaining online
time is less than the set limit, and the clients inform the users of their remaining
online time in the form of message dialog.
464 ● mirroring group 3Com Switch 4200G Family
Command Reference
mirroring group
Purpose Use the mirroring-group command to configure the port mirroring group.
Use the undo mirroring-group command to delete the port mirroring group.
Syntax mirroring-group group-id { local | remote-destination | remote-source }
undo mirroring-group { group-id | all | local | remote-destination |

remote-source }
Parameters group-id Group number of a port mirroring group. Valid values

are 1 to 20.
local Specifies the mirroring group as a local port mirroring
group.
remote-destination Specifies the mirroring group as the destination
mirroring group for remote port mirroring.
remote-source Specifies the mirroring group as the source mirroring
group for remote mirroring.
all Deletes all mirroring groups.
Example Configure the mirroring group on the local switch.
[S4200G] mirroring-group 1 local
■ System view
3Com Switch 4200G Family mirroring-group mirroring-port ● 465
Command Reference
mirroring-group mirroring-port
Purpose Use the mirroring-group mirroring-port command to configure the

monitored port.
Use the undo mirroring-group mirroring-port command to remove the

configuration of the monitored port.
Syntax mirroring-group group-id mirroring-port mirroring-port-list { both |

inbound | outbound }
undo mirroring-group group-id mirroring-port mirroring-port-list { both

| inbound | outbound }

are 1 to 20.
mirroring-port
mirroring-port-list Specifies a list of mirrored ports.
mirroring-port-list is available in System view
only, but not in Ethernet Port view.
both Mirrors packets both received and sent via the port.
inbound Mirrors only packets received via the port.
outbound Mirrors only packets sent via the port.
Example Configure GigabitEthernet1/0/1 as the source port and monitor all packets received
via this port.
[S4200G] mirroring-group 1 mirroring-port Gigabitethernet1/0/1 inbound
■ System view
466 ● mirroring-group reflector-port 3Com Switch 4200G Family
Command Reference
mirroring-group reflector-port
Purpose Use the mirroring-group reflector-port command to configure a reflector

port.
Use the undo mirroring-group reflector-port command to remove the

configuration of a reflector port.
Syntax mirroring-group group-id reflector-port reflector-port
undo mirroring-group group-id reflector-port reflector-port

are 1 to 20.
reflector-port
reflector-port Specifies a reflector port. reflector-port is
available in System view only, but not in Ethernet Port
view.
Example Configure GigabitEthernet1/0/1 as a reflector port and monitor all packets received and
sent via this port.
[S4200G] mirroring-group 1 reflector-port Ethernet1/0/1
■ System view
3Com Switch 4200G Family mirroring-group remote-probe vlan ● 467
Command Reference
mirroring-group remote-probe vlan
Purpose Use the mirroring-group remote-probe vlan command to specify the

remote-probe VLAN for a given mirroring group.
Use the undo mirroring-group remote-probe vlan command to delete the

remote-probe VLAN configuration for a given mirroring group.
Syntax mirroring-group group-id remote-probe vlan remote-probe-vlan-id
undo mirroring-group group-id remote-probe vlan remote-probe-vlan-id
Parameters group-id The group number of a mirroring group. Valid values

are 1 to 20.
remote-probe vlan
remote-probe-vlan-id Specifies a remote-probe VLAN for a specified
mirroring group.
Example Configure the remote-probe VLAN of mirroring group to be VLAN 100.
[S4200G] mirroring-group 1 remote-probe vlan 100
■ System view
468 ● mirroring-port 3Com Switch 4200G Family
Command Reference
mirroring-port
Purpose Use the mirroring-port command to configure a mirroring port.
Use the undo mirroring-port command to remove the configuration of a source

port.
Syntax mirroring-port { inbound | outbound | both }
undo mirroring-port
Parameters inbound| outbound | both Direction of mirrored packets:
■ inbound; only mirrors the packets received via the

port
■ outbound; only mirrors the packets sent by the port
■ both; mirrors all packets received and sent by the
port
Example Configure GigabitEthernet1/0/1 as the source port and mirror all packets received and
sent and via this port.
[S4200G-GigabitEthernet1/0/1] mirroring-port both
Description The Switch supports one monitor port and one mirroring port. If several Switches
form a Fabric, only one monitor port and one mirroring port can be configured in the
Fabric. You need to configure the monitor port before configuring the monitored
port.
Related Command display mirroring-group

3Com Switch 4200G Family mkdir ● 469
Command Reference
mkdir
Purpose Use the mkdir command to create a directory on the remote SFTP server.
Syntax mkdir remote-path
Parameters remote-path Name of a directory on the remote SFTP server.
Example Create directory test on the remote SFTP server.
sftp-client> mkdir test

470 ● mkdir 3Com Switch 4200G Family
Command Reference
mkdir
Purpose Use the mkdir command to create a directory in a specified directory of a specified
storage device.
Syntax mkdir directory
Parameters directory Name of the directory, comprised of a string from 1 to

142 characters longS.
Example Create a directory in the current directory, with the name being dd.
<S4200G> mkdir dd
% Created dir flash:/dd
■ User view
Description When using the mkdir command to create a directory, the names of the directories
and files in the same directory must be unique.
3Com Switch 4200G Family mkdir ● 471
Command Reference
mkdir
Purpose Use the mkdir command to create a directory on the remote SFTP server.
Syntax mkdir pathname
Parameters Pathname Path name.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Create the directory flash:/lanswitch on the FTP server.
[ftp] mkdir flash:/lanswitch

257 "flash:/ lanswitch" new directory created.
■ FTP Client view
Description The mkdir command is only available to the FTP clients that are assigned the
permission to create directories on FTP servers.
472 ● monitor-port 3Com Switch 4200G Family
Command Reference
monitor-port
Purpose Use the monitor-port command to configure the destination monitor port.
Use the undo monitor-port command to remove the configuration of a destination

port monitor.
Syntax monitor-port
undo monitor-port
Parameters None
Example Configure GigabitEthernet1/0/1 as the destination port.
[S4200G-GigabitEthernet1/0/1] monitor-port
Description You can configure only one destination port on the switch; all mirrored packets will
be sent to the destination port.
The Switch supports one monitor port and one mirroring port. If several Switches
form a Fabric, only one monitor port and one mirroring port can be configured in the
Fabric. You need to configure monitor port before configuring monitored port.
Related Command display mirroring-group

3Com Switch 4200G Family more ● 473
Command Reference
more
Purpose Use the more command to display the content of a specified file.
Syntax more file-url
Parameters file-url The path name or file name of a file in the Flash,
comprised of a string from 1 to 142 characters long.
Example Display contents of file test.txt.
<S4200G> more test.txt

AppWizard has created this test application for you.
This file contains a summary of what you will find in each of the files
that make up your test application.
Test.dsp
This file (the project file) contains information at the project level
and is used to build a single project or subproject. Other users can
share the project (.dsp) file, but they should export the makefiles
locally.
■ User view
Description Currently, the content of a file can only be displayed in text.

474 ● move 3Com Switch 4200G Family
Command Reference
move
Purpose Use the move command to move a file to a specified directory. You can also assign a
new name for the file.
Syntax move fileirl-source fileurl-dest
Parameters fileurl-source Path name or file name of the source file in the
Flash, a string comprising 1 to 142 characters.
fileurl-dest Path name or file name of the target file in the Flash,
a string comprising 1 to 142 characters.
Example Move the file named sample.txt from flash:/test/ to flash:/, with the name not
changed.
<S4200G> move flash:/test/sample.txt flash:/sample.txt

Move flash:/test/sample.txt to flash:/sample.txt ?[Y/N]:y
% Moved file flash:/test/sample.txt to flash:/sample.txt
■ User view
Description When the destination filename is the same as that of an existing file, the system will
ask whether to overwrite the existing file.
3Com Switch 4200G Family name ● 475
Command Reference
name
Purpose Use the name command to set a name for the assigned VLAN.
Use the undo name command to restore to the default VLAN name.
Syntax name string
undo name
Parameters string Name of the assigned VLAN, consisting of a character

Default By default, the VLAN ID (like VLAN 0001) is used as the name of the assigned VLAN.
Example Set the name of VLAN 2 to abc.
[S4200G] vlan 2
[S4200G-vlan2] name abc
■ VLAN view
476 ● name 3Com Switch 4200G Family
Command Reference
name
Purpose Use the name command to set a name for the assigned VLAN.
Use the undo name command to delete the name of the assigned VLAN.
Syntax name string
undo name
Parameters string Name of the assigned VLAN. string is a character

Default By default, a VLAn uses its VLAN ID (like VLAN 0001) as its name.
Example To set the name of VLAN 100 to test, enter the following:
[S4200G] vlan 100
[S4200G-vlan100] name test
■ VLAN view
Description This command is used for the dynamic VLAN assignment function. For details about
this function, refer to the vlan-assignment-mode command.
Related Commands ■ dot1x guest-vlan

■ vlan-assignment-mode
3Com Switch 4200G Family nas-ip ● 477
Command Reference
nas-ip
Purpose Use the nas-ip command to set the source IP address used by the switch to send
RADIUS packets.
Use the undo nas-ip command to remove the source IP address setting.
Syntax nas-ip ip-address
undo nas-ip
Parameters ip-address Specifies the source IP address for RADIUS packets.

This address cannot be the all zero address or the
Class-D address.
Default By default, the IP address of the outbound interface is used as the source IP address of
the packet.
Example To set the source IP address used by the switch to send the RADIUS packets to
10.1.1.1, enter the following:
New Radius scheme
[S4200G-radius-radius1] nas-ip 10.1.1.1
Description You can specify the source IP address used to send RADIUS packets to prevent the
unreachability of the packets returned from the server due to physical interface
trouble. It is recommended to use the loopback interface address as the source IP
address.
Related Commands ■ display radius

■ radius nas-ip
478 ● ndp enable 3Com Switch 4200G Family
Command Reference
ndp enable
Purpose Use the ndp enable command in system view to enable NDP globally on the
switch. When being executed in Ethernet port view, this command enables NDP for
an Ethernet port.
Use the undo ndp enable command in system view to disable NDP globally on the
switch. When being executed in Ethernet port view, this command disables NDP for
an Ethernet port.
Syntax ndp enable [ interface port-list ]
undo ndp enable [ interface port-list ]
Parameters port-list Specifies a list of ports. The list can contain consecutive
or separated ports, or the combination of the both.
You need to provide the port-list argument in the form
of { interface-type interface-number | interface-name }
[ to { interface-type interface-number | interface-name
} ] } &<1-10>, where interface-type specifies the port
type, and interface-number specifies the port number
(in the form of slot number/port number). Using “to”
specifies a range of ports.
Default By default, NDP is enabled both globally on the switch and on an Ethernet port.
Example Enable NDP globally on the system.
<S4200G>system-view
[S4200G] ndp enable
■ System view
3Com Switch 4200G Family ndp timer aging ● 479
Command Reference
ndp timer aging
Purpose Use the ndp timer aging command to set how long a device will hold the NDP
packets received from the local device. After the aging timer expires, the device will
discard the received NDP neighbor node information.
Use the undo timer aging command to restore the default NDP information
aging time (180 seconds).
Syntax ndp timer aging aging-in-seconds
undo ndp timer aging
Parameters aging-in-seconds Time to hold the NDP information on the neighbor

node in seconds. Valid values are 5 to 255 seconds
If not specified, the NDP is aged in 180 seconds, by
default.
Example Configure the holdtime of the NDP information sent by the local switch to be 60
seconds.
<S4200G>system-view
[S4200G] ndp timer aging 60
■ System view
Description A user can specify how long an adjacent device will hold the NDP information sent by
the local device. An adjacent device holds the NDP information of the local switch
according to the holdtime carried in the NDP packets received from the local switch
and removes the NDP information when the aging timer expires.
Normally, NDP information holdtime is longer than the interval to send NDP packets.
Otherwise, the neighbor information table of an NDP port becomes unstable.
480 ● ndp timer hello 3Com Switch 4200G Family
Command Reference
ndp timer hello
Purpose Use the ndp timer hello command to define how often to transmit the NDP
packets.
Use the undo ndp timer hello command to restore the default NDP packet
interval (60 seconds).
Syntax ndp timer hello timer-in-seconds
undo ndp timer hello
Parameters timer-in-seconds Interval (in seconds) to send NDP packets ranging from
5 to 254. If not specified, NDP packets are transmitted
every 60 seconds, by default.
Default By default, NDP packets are transmitted every 60 seconds.
Example Configure the interval to send NDP packets to be 80 seconds.
<S4200G>system-view
[S4200G] ndp timer hello 80
■ System view
Description NDP information in a neighbor information table is updated regularly. This enables
neighbor information table to contain the actual network topology information. You
can use these two commands to adjust the updating frequency of NDP information.
3Com Switch 4200G Family nm-interface vlan-interface ● 481
Command Reference
nm-interface vlan-interface
Purpose Use the nm-interface vlan-interface command to configure an NMS

interface of the management device.
Syntax nm-interface vlan-interface vlan-id
Parameters vlan-id ID of a VLAN. It is an existing virtual interface ID.
Example Configure VLAN-interface 2 as an NMS interface.
<123> system-view
[123] cluster
[123-cluster] nm-interface Vlan-interface 2
■ Cluster view
Description Note:
■ In an NAT-enabled cluster network, the NAT server is configured on the
management VLAN interface of the management device by default. The NAT
server can perform address translation between an internal IP address and a public
IP address. NMS devices outside the cluster network can use SNMP, FTP, and HTTP
to manage the devices inside the cluster through NAT.
■ If the VLAN where the port connected with the NMS device resides is not a
management VLAN, since no NAT server is configured on this interface by default,
IP addresses cannot be translated. In this case, the network administrator of the
external network is unable to access the management device, so he cannot
manage internal devices of the cluster.
■ By specifying an NMS interface on the management device, you can enable the
NAT server configuration on the NMS interface instead of the management VLAN
interface. In this case, the network administrator can access the management
device through the NMS interface to manage internal devices of this cluster.
482 ● ntdp enable 3Com Switch 4200G Family
Command Reference
ntdp enable
Purpose Use the ntdp enable command in system view to enable NTDP globally. When
being executed in Ethernet port view, this command enables NTDP for an Ethernet
port.
Use the undo ntdp enable command in system view to disable NTDP globally.
When being executed in Ethernet port view, this command disables NTDP for an
Ethernet port.
Syntax ntdp enable
undo ntdp enable
Parameters None
Default By default, NTDP is enabled globally on the switch and the ports supporting NDP. For
a port that does not support NDP, NTDP cannot operate even if NTDP is enabled on it.
Example Enable NTDP globally on the switch.
<S4200G>system-view
[S4200G] ntdp enable
■ System view
3Com Switch 4200G Family ntdp explore ● 483
Command Reference
ntdp explore
Purpose Use the ntdp explore command to start topology information collection manually.
Syntax ntdp explore
Parameters None
Example Start the topology collection.
<S4200G> ntdp explore
■ User view
Description Normally, NTDP collects network topology information periodically. You can also start
topology information collection manually whenever needed by executing this
command. When you execute this command, NTDP collects the NDP information of
every device and the information about the connections between the local switch and
all of its neighbor switches in the specified network scope. The information is useful
for the management device or network management system to acquire the network
topology and to manage and monitor the devices.
484 ● ntdp hop 3Com Switch 4200G Family
Command Reference
ntdp hop
Purpose Use the ntdp hop command to set a range (in terms of hop count) for topology
information collection.
Use the undo ntdp hop command to restore the default range for topology
information collection.
Syntax ntdp hop hop-value
undo ntdp hop
Parameters hop-value Maximum hops for collecting topology information,

ranging from 1 to 16. By default, the value is 3.
Example Set the hop count for topology information collection to 5.
[aaa_0.S4200G] ntdp hop 5
■ System view
Description With the ntdp hop command, you can specify to collect the topology information of
the devices within a specified range to avoid infinitive collection. The limit is
performed by controlling the permitted hops from collection origination. For example,
if you set the hop number limit to 2, only the switches less than 2 hops away from the
switch starting the topology collection are collected.
This command is only applicable to the topology-collecting device. A broader

collection scope requires more memory of the topology-collecting device.
3Com Switch 4200G Family ntdp timer ● 485
Command Reference
ntdp timer
Purpose Use the ntdp timer command to configure the interval to collect topology
information.
Use the undo ntdp timer command to restore the default topology collection
interval.
Syntax ntdp timer interval-in- minutes
undo ntdp timer
Parameters Interval-in-minutes Interval (in minutes) to collect topology information,

ranging from 0 to 65,535. This argument defaults to 0,
which specifies not to collect topology information.
Example Set the interval to collect topology information to 30 minutes.
<S4200G>system-view
[S4200G] ntdp timer 30
■ System view
Description A switch collects topology information once in each period set by the ntdp timer
command.
486 ● ntdp timer hop-delay 3Com Switch 4200G Family
Command Reference
ntdp timer hop-delay
Purpose Use the ntdp timer hop-delay command to set the delay time for a switch to
forward topology-collection request packets.
Use the undo ntdp timer hop-delay command to restore the default delay
value.
Syntax ntdp timer hop-delay time
undo ntdp timer hop-delay
Parameters time Delay time (in milliseconds) for a switch to forward

topology-collection request packets. This argument
ranges from 1 to 1,000 and defaults to 200.
Example Set the delay time for the switch to forward topology-collection request packets
through the first port to 300 ms.
[aaa_0.S4200G] ntdp timer hop-delay 300
■ System view
Description To avoid network congestion caused by large amount of topology response packets
received in short periods, a switch delays for specific period before it forwards a
received topology-collection request packet through its first ports. You can use the
ntdp timer hop-delay command to set the delay time.
These two commands are intended for switches that collect topology information.
They actually set the hop-delay value for topology-collection request packets sent by
these switches. The hop-delay value determines the delay time for a switch receiving
topology-collection request packets to forward them through its first port.
3Com Switch 4200G Family ntdp timer port-delay ● 487
Command Reference
ntdp timer port-delay
Purpose Use the ntdp timer port-delay command to set the delay time for a switch to
forward a received topology-collection request packet through its successive ports.
Use the undo ntdp timer port-delay command to restore the default delay
time.
Syntax ntdp timer port-delay time
undo ntdp timer port-delay
Parameters time Delay time (in milliseconds) for a switch to forward a

topology-collection request packet through its
successive ports. This argument ranges from 1 to 100
and defaults to 20.
Example Set the delay time for the switch to forward topology-collection request packets
through the successive ports to 40 ms.
[aaa_0.S4200G] ntdp timer port-delay 40
■ System view
Description Use the ntdp timer port-delay command to set the delay time for a switch to
forward a received topology-collection request packet through its successive ports. A
switch forwards received topology request packets to all its ports in turn. After
forwarding a received topology-collection request packet through one port, the
switch delays for specific period before it forwards the packet through the next port.
To avoid network congestion caused by large amount of topology response packets

received in short periods, a switch delays for specific period before it forwards a
received topology-collection request packet through the next port. You can use the
ntdp timer port-delay command to set the delay time.
These two commands are intended for switches that collect topology information.
They actually set the port-delay value for topology-collection request packets sent by
these switches. The port-delay value determines the delay time for a switch receiving
topology-collection request packets to forward them through the next port.
488 ● ntp-service access 3Com Switch 4200G Family
Command Reference
ntp-service access
Purpose Use the ntp-service access command to set the authority to access the local
equipment.
Use the undo ntp-service access command to cancel the access authority
settings.
Syntax ntp-service access { peer | server | synchronization | query }

acl-number
undo ntp-service access { peer | server | synchronization | query }
Parameters peer Allows time request and query on the local NTP server.
The local clock can also be synchronized to the remote
server.
server Allows time request and query on the local NTP server.
The local clock cannot be synchronized to the remote
server.
synchronization Allows only time request on the local NTP server.
query Allows only query on the local NTP server.
acl-number Basic access control list (ACL) number, in the range of
2000 to 2999.
Default By default, the access permission to the local NTP server is peer.
Example Configure the access permission of the peer defined in ACL 2076 to be peer.
[S4200G] ntp-service access peer 2076
Configure the access permission of the peer defined in ACL 2028 to be server.
[S4200G] ntp-service access server 2028
■ System view
Description Configuring access control permission to the NTP server only provides a least security
measure. Performing authentication is a more reliable way to improve security.
A received access is matched in this order: peer, server, synchronization, and query.
3Com Switch 4200G Family ntp-service access ● 489
Command Reference
490 ● ntp-service authentication enable 3Com Switch 4200G Family
Command Reference
ntp-service authentication enable
Purpose Use the ntp-service authentication enable command to enable the NTP-service
authentication function.
Use the undo ntp-service authentication enable command to disable this

function.
Syntax ntp-service authentication enable
undo ntp-service authentication enable
Parameters None
Default By default, the authentication is disabled.
Example Enable NTP authentication function.
[S4200G] ntp-service authentication enable
■ System view
3Com Switch 4200G Family ntp-service authentication-keyid ● 491
Command Reference
ntp-service authentication-keyid
Purpose Use the ntp-service authentication-keyid command to configure an NTP

authentication key.
Use the undo ntp-service authentication-keyid command to remove an NTP

authentication key.
Syntax ntp-service authentication-keyid keyid authentication-mode md5 value
undo ntp-service authentication-keyid keyid
Parameters keyid Authentication key ID, in the range of 1 to

4294967295.
value Authentication key, a string comprising 1 to 32
characters. Up to 1024 keys can be configured.
Default By default, no NTP authentication key is configured.
For the encryption algorithm, only message digest 5 (MD5) is currently supported.
Example Configure an MD5 authentication key, with the key ID being 10 and the key being
BetterKey.
[S4200G] ntp-service authentication-keyid 10 authentication-mode md5
BetterKey
■ System view
492 ● ntp-service broadcast-client 3Com Switch 4200G Family
Command Reference
ntp-service broadcast-client
Purpose Use the ntp-service broadcast-client command to configure an Ethernet switch

to operate in NTP broadcast client mode.
Use the undo ntp-service broadcast-client command to disable the NTP

broadcast client mode.
Syntax ntp-service broadcast-client
undo ntp-service broadcast-client
Parameters None
Default By default, the NTP broadcast client mode is disabled.
Example Configure to receive NTP broadcast packets via Vlan-Interface1.
[S4200G] interface vlan-interface1
[S4200G-Vlan-Interface1] ntp-service broadcast-client
Description Designate an interface on the local Switch to receive NTP broadcast messages and
operate in broadcast client mode. The local Switch listens to the broadcast from the
server. When it receives the first broadcast packet, it starts a brief client/server mode
to switch messages with a remote server for estimating the network delay. Thereafter,
the local Switch enters broadcast client mode and continues listening to the
broadcast and synchronizes the local clock according to the arrived broadcast
message.
3Com Switch 4200G Family ntp-service broadcast-server ● 493
Command Reference
ntp-service broadcast-server
Purpose Use the ntp-service broadcast-server command to configure NTP broadcast

server mode.
Use the undo ntp-service broadcast-server command to disable the NTP

broadcast server mode.
Syntax ntp-service broadcast-server [ authentication-keyid keyid ] [ version

number ]
undo ntp-service broadcast-server
Parameters authentication-keyid Specifies the authentication key.

keyid Specifies the Key ID used in broadcast. Valid values are
1 to 4294967295.
version Defines the NTP version.
number Defines the NTP version number. Valid values are 1
to 3.
Default By default, the broadcast service is disabled.
Example Configure to send NTP broadcast packets through VLAN interface 1, using the key
numbered 4 for encryption and setting the NTP version number to 3.
[S4200G-Vlan-Interface1] ntp-service broadcast-server
authentication-key 4 version 3
Description Designate an interface on the local equipment to broadcast NTP packets. The local
equipment runs in broadcast-server mode and regularly broadcasts packets to its
clients.
494 ● ntp-service in-interface disable 3Com Switch 4200G Family
Command Reference
ntp-service in-interface disable
Purpose Use the ntp-service in-interface disable command to disable an interface to

receive NTP message.
Use the undo ntp-service in-interface disable command to enable an interface

to receive NTP message.
Syntax ntp-service in-interface disable
undo ntp-service in-interface disable
Parameters None
Default By default, an interface is enabled to receive NTP message.
Example Disable Vlan-Interface1 to receive NTP message.
[S4200G-Vlan-Interface1] ntp-service in-interface disable

3Com Switch 4200G Family ntp-service max-dynamic sessions ● 495
Command Reference
ntp-service max-dynamic sessions
Purpose Use the ntp-service max-dynamic-sessions command to set how many sessions
can be created locally.
Use the undo ntp-service max-dynamic-sessions command to resume the

default maximum session number
Syntax ntp-service max-dynamic-sessions number
undo ntp-service max-dynamic-sessions
Parameters number The maximum of the NTP sessions that can be created
locally. Valid values are 0 to 100.
Example Set the local equipment to allow up to 50 sessions.
[S4200G] ntp-service max-dynamic-sessions 50
■ System view
496 ● ntp-service multicast-client 3Com Switch 4200G Family
Command Reference
ntp-service multicast-client
Purpose Use the ntp-service multicast-client command to configure an Ethernet switch

to operate in NTP multicast client mode.
Use the undo ntp-service multicast-client command to disable the NTP

multicast client mode.
Syntax ntp-service multicast-client [ ip-address ]
undo ntp-service multicast-client [ ip-address ]
Parameters ip-address Multicast IP address. If not specified, it defaults to

224.0.1.1.
Default By default, the multicast client service is disabled.
Example Configure to receive NTP multicast packets through VLAN interface 1, with the
corresponding multicast group address being 224.0.1.1.
[S4200G-Vlan-Interface1] ntp-service multicast-client 224.0.1.1
Description Designate an interface on the local Switch to receive NTP multicast messages and
operate in multicast client mode. The local Switch listens to the multicast from the
server. When it receives the first multicast packet, it starts a brief client/server mode to
switch messages with a remote server for estimating the network delay. Thereafter,
the local Switch enters multicast client mode and continues listening to the multicast
and synchronizes the local clock according to the arrived multicast message.
3Com Switch 4200G Family ntp-service multicast-server ● 497
Command Reference
ntp-service multicast-server
Purpose Use the ntp-service multicast-server command to configure an Ethernet switch

to operate in NTP multicast server mode.
Use the undo ntp-service multicast-server command to disable NTP multicast

server mode.
Syntax ntp-service multicast-server [ ip-address ] [ authentication-keyid

keyid ] [ ttl ttl-number ] [ version number ]*
undo ntp-service multicast-server [ ip-address ]
Parameters ip-address Multicast IP address, which defaults to 224.0.1.1.

authentication-keyid Specifies authentication key.
keyid Specifies Key ID used in multicast. Valid values are 1 to
4294967295.
ttl Defines the time to live of a multicast packet.
ttl-number Specifies the ttl of a multicast packet. Valid values are 1
to 255 and defaults to 16.
version Defines the NTP version.
number Specifies the NTP version number. Valid values are 1 to
3. If not specified, the default is 3.
Default By default, an Ethernet switch does not operate in multicast server mode.
Example Configure to send NTP multicast packets through VLAN interface 1, with the
multicast group address being 224.0.1.1, the key numbered 4 used for encryption,
and the NTP version number set to 3.
[S4200G-Vlan-Interface1]ntp-service multicast-server 224.0.1.1
authentication-keyid 4 version 3
Description Designate an interface on the local equipment to transmit NTP multicast packet. The
local equipment operates in multicast-server mode and multicasts packets regularly to
its clients.
498 ● ntp-service reliable authentication-keyid 3Com Switch 4200G Family
Command Reference
ntp-service reliable authentication-keyid
Purpose Use the ntp-service reliable authentication-keyid command to

specify an authentication key to be a trusted key.
Use the undo ntp-service reliable authentication-keyid command

to cancel the configuration.
Syntax ntp-service reliable authentication-keyid key-id

undo ntp-service reliable authentication-keyid key-id
Parameters key-id Authentication key ID. Valid values are 1 to

4294967295.
Default By default, an authentication key is not a trusted key.
Example Enable NTP authentication, with MD5 algorithm adopted, key ID being 37, the key of
BetterKey and being a trusted key.
[S4200G] ntp-service authentication enable
[S4200G] ntp-service authentication-keyid 37 authentication-mode md5
BetterKey
[S4200G] ntp-service reliable authentication-keyid 37
■ System view
Description If authentication is enabled, a client can only be synchronized to a server that can
provide a trusted key.
3Com Switch 4200G Family ntp-service source-interface ● 499
Command Reference
ntp-service source-interface
Purpose Use the ntp-service source-interface command to designate an interface to

transmit NTP message.
Use the undo ntp-service source-interface command to cancel the current

setting.
Syntax ntp-service source-interface { interface-name | interface-type

interface-number }
undo ntp-service source-interface
Parameters vlan-interface VLAN interface through which NTP packets are to be

sent.
Example Specify the source IP addresses of all the NTP packets sent to be the IP address of
VLAN interface 1.
[S4200G] ntp-service source-interface Vlan-Interface 1
■ System view
Description The source address specifies where the packets are transmitted from.
You can use this command to designate an interface to transmit all the NTP packets
and take the source address of these packets from its IP address. If you do not want
any other interface to receive the acknowledgement packets, use this command to
specify one interface to send all the NTP packets.
500 ● ntp-service unicast-peer 3Com Switch 4200G Family
Command Reference
ntp-service unicast-peer
Purpose Use the ntp-service unicast-peer command to be an active NTP peer.
Use the undo ntp-service unicast-peer command to cancel NTP peer mode.
Syntax ntp-service unicast-peer { remote-ip | string } [ authentication-keyid

key-id | priority | source-interface Vlan-interface
vlan-interface-number | version number ]
undo ntp-service unicast-peer { remote-ip | string }
Parameters remote-ip IP address of the peer. This argument can only

be a host address instead of a broadcast
address, a multicast address or the IP address
of a reference clock.
string Peer name, a string comprising 1 to 20
characters.
version number Defines the NTP version number. Valid values
are 1 to 3.
authentication-keyid Defines authentication key. By default, the
authentication is not enabled.
keyid Defines the key ID used for transmitting
messages to a remote server. Valid values are 1
to 4294967295.
source-interface
Vlan-interface Specifies an interface whose IP address is to be
used as the IP addresses of the NTP packets
sent to the peer.
vlan-interface-number Number of the VLAN interface.
priority Specified the peer identified by the remote-ip
argument to be the preferred peer for
synchronization. By default, a peer is not a
preferred peer.
Default By default, an Ethernet switch is not an active NTP peer.
Example Configure the switch to obtain time information from the peer with the IP of
128.108.22.44. The local peer can also provide time information to the remote peer.
Set the NTP version number to 3. The source IP addresses of NTP packets sent are that
of VLAN interface 1.
3Com Switch 4200G Family ntp-service unicast-peer ● 501
Command Reference
[S4200G] ntp-service unicast-peer 128.108.22.44 version 3

source-interface Vlan-Interface 1
■ System view
Description This command sets the remote server at ip-address as a peer of the local
equipment, which operates in symmetric active mode. ip-address specifies a host
address other than an IP address of broadcast, multicast, or reference clock. By
operating in this mode, a local device can synchronize and be synchronized by a
remote server.
Note:
If you specify a remote server to be the peer of the local Ethernet switch by providing
the remote-ip argument in the ntp-service unicast-peer command, the local switch
operates in the active peer mode. In this case, the local switch and the remote server
can be synchronized to each other.
502 ● ntp-service unicast-server 3Com Switch 4200G Family
Command Reference
ntp-service unicast-server
Purpose Use the ntp-service unicast-server command to configure an Ethernet switch to

operate in NTP server mode.
Use the undo ntp-service unicast-server command to disable NTP server mode.
Syntax ntp-service unicast-server { remote-ip | string } [

authentication-keyid key-id | priority | source-interface Vlan-
interface vlaninterface-number | version number ]
undo ntp-service unicast-server { remote-ip | string }
Parameters remote-ip IP address of an NTP server. This argument can only be

a host address instead of a broadcast address,
multicast group address or the IP address of a
reference clock.
string Peer host name, a string comprising 1 to 20 characters.
number Defines the NTP version number. Valid values are 1
to 3.
authentication-keyid Specifies the key ID used when sending messages to
the NTP server
keyid The key-id argument ranges from 1 to 4294967295.
By default, the authentication is enabled.
priority Specifies the server identified by the remote-ip
argument is the preferred server. By default, a server is
not preferred.
source-interface Specifies an interface whose IP address is to be used as
the source IP addresses of the NTP packets sent by the
local device to the server.
vlan-interface-number Interface number.
version Specifies the NTP version.
number The version number argument ranges from 1 to 3 and
defaults to 3.
Default By default, an Ethernet switch does not operate in NTP server mode.
Example Configure the local device to be synchronized to the NTP server using the IP address
of 128.108.22.44, with the version number set to 3.
[S4200G] ntp-service unicast-server 128.108.22.44 version 3
3Com Switch 4200G Family ntp-service unicast-server ● 503
Command Reference
■ System view
Description An Ethernet can operate as a client and be synchronized to the remote NTP server
identified by the remote-ip argument. Note that an NTP server will not be
synchronized to the local switch.
504 ● open 3Com Switch 4200G Family
Command Reference
open
Purpose Use the open command to establish a control connection with an FTP server.
Syntax open { ip-address | server-name } [ port ]
Parameters ip-address IP address of an FTP server

server-name Host name of the FTP server, a string comprising 1 to
20 characters
port Port number on the remote FTP server, ranging from 0
to 65535. The default value is 21.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Establish a control connection with the FTP server whose IP address is 1.1.1.1.
[ftp]open 1.1.1.1
Trying ...
Connected.
220-
User(none):abc
Password:
■ FTP Client view
Related Command close

3Com Switch 4200G Family packet-filter ● 505
Command Reference
packet-filter
Purpose Use the packet-filter command to define the packet filter function in the QoS
profile.
Use the undo packet-filter command to disable the definition of the packet
filter function in the QoS profile.
Syntax packet-filter inbound acl-rule
undo packet-filter inbound acl-rule
Parameters inbound Indicates that filter is performed on the packets

received on the port.
acl-rule Specifies the issued ACL rules which can be the
combination of various ACL rules. The way of
combination is described in the following table:
Table 86 The ways of issuing combined ACLs
The way of combination The form of acl-rule

Issue all the rules in an IP ACL separately ip-group acl-number
Issue a rule in an IP ACL separately ip-group acl-number rule rule
Issue all the rules in a Link ACL separately link-group acl-number
Issue a rule in a Link ACL separately link-group acl-number rule rule
Issue a rule in an IP ACL and a rule in a Link ACL at ip-group acl-number rule rule
the same time link-group acl-number rule rule
Example To add the packet filter function in the QoS profile named h3c to filter the received
packets matching with ACL 4000 rules, enter the following:
[S4200G] qos-profile h3c
[S4200G-qos-profile-h3c] packet-filter inbound link-group 4000
■ QoS Profile view

506 ● packet-filter 3Com Switch 4200G Family
Command Reference
packet-filter
Purpose Use the packet-filter command to apply ACL rules on the port to filter packets.
Use the undo packet-filter command to remove the ACL rules applied on the
port.
Syntax packet-filter inbound acl-rule
undo packet-filter inbound acl-rule
Parameters inbound Applied ACL rules, which can be the combination of

different types of ACL
acl-rule The following table describes the ACL combinations.
Table 87 Combined Application of ACLs
Combination mode Form of acl-rule

Apply all rules in an IP type ACL separately ip-group acl-number
Apply one rule in an IP type ACL separately ip-group acl-number rule rule
Apply all rules in a Link type ACL separately link-group acl-number
Apply one rule in a Link type ACL separately link-group acl-number rule rule
Apply one rule in an IP type ACL and one rule in a Link ip-group acl-number rule rule link-group
type ACL simultaneously acl-number rule rule
Example Apply ACL 2100 on GigabitEthernet 1/0/1 to filter packets.
[S4200G-GigabitEthernet1/0/1] packet-filter inbound ip-group 2000

3Com Switch 4200G Family parity ● 507
Command Reference
parity
Purpose Use the parity command to set the check mode of the user interface.
Use the undo parity command to revert to the default check mode.
Syntax parity { even | mark | none | odd | space }
undo parity
Parameters even Performs even checks.

mark Performs mark checks.
none Does not check.
odd Performs odd checks.
space Performs space checks.
Default By default, no check is performed.
Example Set to perform mark checks.
[S4200G-ui-aux0] parity mark
Description The parity and undo parity commands can only be used in AUX User
Interface view.
508 ● passive 3Com Switch 4200G Family
Command Reference
passive
Purpose Use the passive command to set the data transmission mode to be passive mode.
Use the undo passive command to set the data transmission mode to be active
mode.
Syntax passive
undo passive
Parameters None
Default By default, the data transmission mode is passive mode
Example Set the data transmission to passive mode.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp] passive
% Passive is on
■ FTP Client view

3Com Switch 4200G Family password ● 509
Command Reference
password
Purpose Use the password command to configure or change the system login password
for a user.
Syntax password
Parameters None.
Example Configure the system login password for the user test to 9876543210.
S4200G<S4200G> system-view
S4200G[S4200G] local-user test
[S4200G-luser-test] password
Password:**********
confirm:**********
Change the system login password for the user test to 0123456789.
[S4200G-luser-test]password
Password:**********
Confirm :**********
Updating the password file ,please wait ...
n Local User view

510 ● password 3Com Switch 4200G Family
Command Reference
password
Purpose Use the password command to set a password for the local users.
Use the undo password command to cancel the specified password display mode.
Syntax password { simple | cipher } password
undo password
Parameters simple Specifies to display passwords in simple text.

cipher Specifies to display passwords in cipher text
password ■ For simple mode, the password must be in plain
text. A password in plain text can be a string with
no more than 63 consecutive characters, for
example, aabbcc.
■ For cipher mode, the password can be either in
cipher text or in plain text, which it is depends on
your input. A password in cipher text can be a
string with 1 to 63 characters, or 88 characters, for
example, _(TT8F]Y\5SQ=^Q`MAF4<1!!.
Example To set the password of user1 to 20030422 and to specify that the password be
displayed in plain text, enter the following:
[S4200G-luser-user1] password simple 20030422
22
■ Local User View
Description After the local-user password-display-mode cipher-force command is

executed, the password will be displayed in cipher text even though you use the
password command to set the display mode of the password to simple.
Related Command display local-user

3Com Switch 4200G Family peer-public-key end ● 511
Command Reference
peer-public-key end
Purpose Use the peer-public-key end command to return to system view from public key
view.
Syntax peer-public-key end
Parameters None
Example Exit from public key view.
[S4200G] rsa peer-public-key S4200G003
[S4200G-rsa-public-key] peer-public-key end
[S4200G]
■ Public Key view
Related Commands ■ public-key-code begin

■ rsa peer-public-key
512 ● ping 3Com Switch 4200G Family
Command Reference
ping
Purpose Use the ping command to check the IP network connection and the reachability of
the host.
Syntax ping [ -a ip-address ] [-c count ] [ -d ] [ -f ] [ -h ttl ] [ -i [ null

null-interface-number ] | [ Vlan-interface vlan-interface-number ] ] [
ip ] [ -n ] [ - p pattern ] [ -q ] [ -r ] [ -s packetsize ] [ -t timeout
] [ -tos tos ] [ -v ] host
Parameters -a ip-address Specifies the source IP address to transmit ICMP

ECHO-REQUEST.
-c: count Specifies how many times the ICMP ECHO-REQUEST
packet will be transmitted, ranging from 1 to
4294967295.
-d Configures the socket to be in DEBUGGING mode. By
default, it is non-DEBUGGING mode.
-f Specifies to discard a packet directly instead of
fragmenting it if its length is greater than the MTU
(maximum transmission unit) of the interface.
-h ttl Configures TTL value for echo requests to be sent,
range from 1 to 255. By default, the TTL value is 255.
-i Selects the port to send the packets.
null-interface-
number Null interface number.
vlan-interface-
number VLAN interface number.
interface-name Specifies the interface name.
ip Chooses IP ICMP packet.
-n Specifies to regard the host argument as an IP
address without performing domain name resolution.
By default, the host argument is first regarded as an
IP address. If it is not an IP address, domain name
resolution is performed.
-p Pattern - Specifies the padding byte pattern of the
ICMP ECHO-REQUEST packets. The pattern
argument is a byte in hexadecimal. For example, -p ff
fills a packet with only ff. By default, the system fills a
packet with 0x01, 0x02, and so on, until 0x09; then it
repeats this procedure from 0x01 again.
-q Specifies to display only the statistics and not to
display the details. By default, all the information
including the details and statistics will be displayed.
-r Specifies to record the routes. By default, the system
does not record any routes.
3Com Switch 4200G Family ping ● 513
Command Reference
-s packetsize Specifies the size (in bytes) of each ICMP

ECHO-REQUEST packet (excluding the IP and
ICMP headers). The packetsize argument ranges
from 20 to 32,000 and defaults to 56 bytes.
-t timeout Sets the timeout time (in ms) waiting for an ICMP
ECHO-REPLY packet after an ICMP
ECHO-REQUEST packet is sent. The timeout
argument ranges from 0 to 65535 and defaults to
2,000 ms.
-tos tos Sets the ToS value of the ICMP ECHO-REQUEST
packets in the range of 0 to 255. By default, this value
is 0.
-v Specifies to display other ICMP packets received
(that is, non-ECHO-REPLY packets) as well as the
ECHO-REPLY packets. By default, except for the
ECHO-REPLY packets, other ICMP packets are not
displayed.
host Destination host domain name or IP address.
Default By default, when the parameters are not specified:
■ the ECHO-REQUEST message will be sent for 5 times

■ socket is not in DEBUGGING mode
■ the TTL value for echo requests is 255
■ host will be treated as IP address first. If it is not an IP address, perform domain
name resolution
■ the default padding operation starts from 0x01 and ends on 0x09 (progressively),
then performs again,
■ show all the information including statistics
■ routes are not recorded
■ send ECHO-REQUEST according to route selection
■ default length of ECHO-REQUEST is 56 bytes
■ default timeout of ECHO-RESPONSE is 2000 ms
■ do not display other ICMP packets (non ECHO-RESPONSE)
■ the TOS value of echo requests is 0
Example Check whether the host 202.38.160.244 is reachable.
<S4200G>ping 202.38.160.244
ping 202.38.160.244 : 56 data bytes
Reply from 202.38.160.244 : bytes=56 sequence=1 ttl=255 time = 1ms
--202.38.160.244 ping statistics--
5 packets transmitted
5 packets received
514 ● ping 3Com Switch 4200G Family
Command Reference
0% packet loss
round-trip min/avg/max = 1/2/3 ms
■ Any view
Description By default, when the parameters are not specified:
■ the ECHO-REQUEST message will be sent for 5 times

■ socket is not in DEBUGGING mode
■ the TTL value for echo requests is 255
■ host will be treated as IP address first. If it is not an IP address, perform domain
name resolution
■ the default padding operation starts from 0x01 and ends on 0x09 (progressively),
then performs again,
■ show all the information including statistics
■ routes are not recorded
■ send ECHO-REQUEST according to route selection
■ default length of ECHO-REQUEST is 56 bytes
■ default timeout of ECHO-RESPONSE is 2000 ms
■ do not display other ICMP packets (non ECHO-RESPONSE)
■ the TOS value of echo requests is 0
Description The executing procedure of the ping command is as follows: First, the source host
sends an ICMP ECHO-REQUEST packet to the destination host. If the connection
to the destination network is normal, the destination host receives this packet and
responds with an ICMP ECHO-REPLY packet.
You can use the ping command to check the network connectivity and the quality
of a network line. This command can output the following information:
■ Response status of the destination to each ICMP ECHO-REQUEST packet. If

no response packet is received within the timeout time, including the number of
bytes, packet sequence number, TTL and response time of the response
packet. If no response packet is received within the timeout time, the message
"Request time out" is displayed instead.
■ Final statistics, including the numbers of sent packets and received response
packets, the irresponsive packet percentage, and the minimum, average and
maximum values of response time.
You can set a relatively long timeout time waiting for response packet if the
network transmission is slow.
Related Command tracert

3Com Switch 4200G Family port ● 515
Command Reference
port
Purpose Using the port command, you can add one port or one group of ports to a VLAN.
Using the undo port command, you can cancel one port or one group of ports from
a VLAN.
Syntax port interface-list
undo port interface-list
Parameters interface-list List of Ethernet ports to be added to or deleted from a

certain VLAN, expressed as interface-list =
{ interface-type interface-num
[ to interface-type interface-num ]
}&<1-10>.
■ interface-type is the port type.
■ interface-num is the port number
■ to is the keyword that specifies a group of
successive ports. The port number to the right of
the to keyword must be larger than or equal to
the one to the left of the keyword.
&<1-10> Represents the repeatable times of parameters. A
value of 1 is the minimum and 10 is the maximum.
CAUTION: The port command is only applicable to access ports. To add trunk ports
and hybrid ports to a VLAN, use the port trunk permit vlan and port
hybrid vlan commands in Ethernet port view.
Default By default, all the ports belong to the default VLAN.
Example Add GigabitEthernet1/0/1 through GigabitEthernet1/0/4 ports to VLAN 2.
[S4200G] vlan 2
[S4200G-vlan2] port GigabitEthernet1/0/1 to GigabitEthernet1/0/4
■ VLAN view
516 ● port access vlan 3Com Switch 4200G Family
Command Reference
port access vlan
Purpose Use the port access vlan command to assign the access port to a specified VLAN.
Use the undo port access vlan command to remove the access port from the
specified VLAN.
Syntax port access vlan vlan_id
undo port access vlan
Parameters vlan_id Specifies a VLAN ID. Valid values are 1 to 4094. (You
must specify the ID of an existing VLAN.)
Example Add the GigabitEthernet port 1/0/1 to VLAN3.
<S4200G>system-view
[S4200G]vlan 3
[S4200G-vlan3]quit
[S4200G-GigabitEthernet1/0/1]port access vlan 3

3Com Switch 4200G Family port hybrid pvid vlan ● 517
Command Reference
port hybrid pvid vlan
Purpose Use the port hybrid pvid vlan command to configure the default VLAN ID of the
hybrid port.
Use the undo port hybrid pvid command to restore the default VLAN ID of the
hybrid port.
Syntax port hybrid pvid vlan vlan_id
undo port hybrid pvid
Parameters vlan_id Specifies a VLAN ID. Valid values are 1 to 4094.

If not specified, the default value is 1.
Default To guarantee the proper packet transmission, the default VLAN ID of the local hybrid
port should be identical with that of the hybrid port on the peer switch.
Example Set the default VLAN ID for the GigabitEthernet1/0/1 hybrid port as 100.
<S4200G>system-view
[S4200G-GigabitEthernet1/0/1]port hybrid pvid vlan 100
Related Command port link-type

518 ● port hybrid vlan 3Com Switch 4200G Family
Command Reference
port hybrid vlan
Purpose Use the port hybrid vlan command to add the port to the specified VLAN(s). The
port needs to have been made a hybrid port before you can do this. See the related
command below.
Use the undo port hybrid vlan command to remove the port from the specified
VLAN(s).
Syntax port hybrid vlan vlan-id-list { tagged | untagged }
undo port hybrid vlan vlan-id-list
Parameters vlan-id-list vlan-id-list = [ vlan-id1 [ to vlan-id2 ]

]&<1-10>, specifies the VLAN range to which the
hybrid ports are added. vlan-id is in the range of 1
to 4094 and can be discrete. &<1-10> means you can
enter the parameter for ten times, at most.
You can enter up to ten vlan_id parameters in one
port hybrid vlan command.
tagged Specifies to tag the port for the specified VLAN.

untagged Specifies to leave the port untagged for the specified
VLAN.
Example Add the GigabitEthernet1/0/1 hybrid port to VLAN 2, VLAN 5 and VLAN 50 through
VLAN 100, with tags assigned to their packets.
<S4200G>system-view
[S4200G-GigabitEthernet1/0/1]port hybrid vlan 2 4 50 to 100 tagged
Description A hybrid port can belong to multiple VLANs. A port can only be added to a VLAN if
the VLAN has already been created. When you use the command several times, all
VLANs specified in the commands will be allowed to pass the port.

3Com Switch 4200G Family port isolate ● 519
Command Reference
port isolate
Purpose Use the port isolate command to add an Ethernet port to the isolation group.
Use the undo port isolate command to remove an Ethernet port from an isolation
group.
Syntax port isolate
undo port isolate
Parameters None
Default By default, a port is not in an isolation group, namely Layer 2 forwarding is achievable
between this port and other ports.
Example Add GigabitEthernet1/0/1 port to the isolation group.
<S4200G>system-view
[S4200G-GigabitEthernet1/0/1] port isolate
Remove GigabitEthernet1/0/1 port from the isolation group.
[S4200G-GigabitEthernet1/0/1] undo port isolate

520 ● port link-aggregation group 3Com Switch 4200G Family
Command Reference
port link-aggregation group
Purpose Use the port link-aggregation group agg_id command to add an Ethernet port
to a manual or static aggregation group.
Use the undo port link-aggregation group command to delete an Ethernet port
from a manual or static aggregation group
Syntax port link-aggregation group agg-id
undo port link-aggregation group
Example Add the port GigabitEthernet 1/0/1 to aggregation group 22.
[S4200G-GigabitEthernet1/0/1] port link-aggregation group 22

3Com Switch 4200G Family port link-type ● 521
Command Reference
port link-type
Purpose Use the port link-type command to configure the link type of the Ethernet port.
Use the undo port link-type command to restore the default link type, that is,
access.
Syntax port link-type { access | hybrid | trunk }
undo port link-type
Parameters access Specifies to configure the port as an access port.

hybrid Specifies to configure the port as a hybrid port
trunk Specifies to configure the port as a trunk port.
Default By default, the link type for all ports is access.
Example To configure the Ethernet port Ethernet1/0/1 as a trunk port, enter the following:
<S4200G>system-view
[S4200G-Ethernet1/0/1]port link-type trunk
Description You can configure the three types of ports on the same device. However, note that
you cannot directly switch a port between trunk and hybrid and you must set the port
as access before the switching. For example, to change a trunk port to hybrid, you
must first set it as access and then hybrid.
522 ● port-security enable 3Com Switch 4200G Family
Command Reference
port-security enable
Purpose Use the port-security enable command to enable port security.
Use the undo port-security enable command to disable port security.
Syntax port-security enable
undo port-security enable
Parameters None
Default By default, port security is disabled.
Enable port security.

Notice: the port-control of 802.1x will be restricted to auto when
port-security enabled.
Please wait... Done.
■ System view
Description CAUTION: To avoid confliction, the following limitation on the 802.1x and the MAC
address authentication will be taken after port security is enabled:
■ The access control mode (set by the dot1x port-control command) automatically
changes to auto.
■ The dot1x port-method command can be successfully executed only when no user
is online.
■ The dot1x, dot1x port-method, dot1x port-control and mac-authentication
commands cannot be used.
3Com Switch 4200G Family port-security intrusion-mode ● 523
Command Reference
port-security intrusion-mode
Purpose Use the port-security intrusion-mode command to set the action mode of
the Intrusion Protection feature.
Use the undo port-security intrusion-mode command to cancel the set

action mode.
Syntax port-security intrusion-mode { disableport | disableport-temporarily |

blockmac }
undo port-security intrusion-mode
Parameters disableport Represents permanently disabling the port and

sending trap message.
disableport-temporarily Represents temporarily disabling the port, re-enabling
the port after a prescribed period, and sending trap
message.
blockmac Represents discarding the packets with illegal source
MAC addresses, and sending trap messages.
Default By default, no security mode is configured.
Enter GigabitEthernet1/0/1 port view.
[[S4200G] interface GigabitEthernet1/0/1
Set the action mode of the Intrusion Protection feature on GigabitEthernet1/0/1 port
to disableport.
[S4200G-GigabitEthernet1/0/1] port-security intrusion-mode disableport
Description In the disableport-temporarily mode, users can configure a temporary port by

disconnecting time with the port-security timer disableport command.
524 ● port-security intrusion-mode 3Com Switch 4200G Family
Command Reference
By way of checking the source MAC addresses of the data frames received on a port,
the Intrusion Protection feature discovers illegal packets and takes appropriate action
(temporarily/permanently disabling the port, or filtering out the packets with these
source MAC addresses) to guarantees the security on the port.
The illegal packets include:
■ Packets with unknown source MAC addresses received when MAC address
learning is disabled on the port
■ Packets with unknown source MAC addresses received when the number of MAC
addresses on the port has reached the set maximum number of MAC addresses
allowed to access the port.
■ Packets received from users who fail the authentication.
The action mode of the Intrusion Protection feature can be set to disableport,
disableport-temporarily or blockmac. For the
disableport-temporarily mode, you can set the time during which the system
temporarily disables a port by using the port-security timer disableport
command.
Related Command port-security timer disableport

3Com Switch 4200G Family port-security max-mac-count ● 525
Command Reference
port-security max-mac-count
Purpose Use the port-security max-mac-count command to set the maximum

number of MAC addresses allowed to access the port.
Use the undo port-security max-mac-count command to cancel this limit.
Syntax port-security max-mac-count count-value
undo port-security max-mac-count
Parameters count-value Maximum number of MAC addresses.

This argument is 0 by default, which represents there is
no limit on the number of MAC addresses.
Default By default, there is no limit on the number of MAC addresses allowed to access the
port.
Example Enter system view
Set the maximum number of MAC addresses allowed to access the port to 100.
[S4200G-GigabitEthernet1/0/1] port-security max-mac-count 100
Description Use the port-security max-mac-count command to set the maximum number of MAC
addresses allowed to access the port. The number is the sum of the following:
■ The MAC address which pass the 802.1x authentication

■ The MAC address which pass the MAC address authentication
■ Security MAC address
CAUTION: The maximum number of MAC addresses set by this command does not
include the number of the static MAC address entries set manually.
526 ● port-security max-mac-count 3Com Switch 4200G Family
Command Reference
Related Commands ■ port-security enable

■ port-security port-mode
3Com Switch 4200G Family port-security ntk-mode ● 527
Command Reference
port-security ntk-mode
Purpose Use the port-security ntk-mode command to set the packet transmission
mode of the Need to Know (NTK) feature.
Use the undo port-security ntk-mode command to cancel the setting.
Syntax port-security ntk-mode { ntkonly | ntk-withbroadcasts |

ntk-withmulticasts }
undo port-security ntk-mode
Parameters ntkonly Allows the system to transmit only unicast packets

with successfully authenticated destination MAC
addresses.
ntk-withbroadcasts Allows the system to transmit the broadcast packets
and the unicast packets with successfully
authenticated destination MAC addresses.
ntk-withmulticasts Allows the system to transmit the multicast packets,
broadcast packets and the unicast packets with
successfully authenticated destination MAC addresses.
Default By default, no packet transmission mode of the NTK feature is set on the port.
Set the packet transmission mode of the NTK feature to ntkonly on the current port.
[S4200G-GigabitEthernet1/0/1] port-security ntk-mode ntkonly
Description By way of checking the destination MAC addresses of the data frames to be sent
from a port, this feature ensures that only successfully authenticated devices can
528 ● port-security ntk-mode 3Com Switch 4200G Family
Command Reference
obtain data frames from the port so as to prevent illegal devices from filching
network data.
The packet transmission mode of the NTK feature can be set to ntkonly,
ntk-withbroadcasts or ntk-withmulticasts.
CAUTION: The port-security ntk-mode command and the unknown-multicast drop

enable command (which enables the unknown multicast packet drop function),
cannot be used together. Or else, the system prompts a failure.
3Com Switch 4200G Family port-security OUI ● 529
Command Reference
port-security OUI
Purpose Use the port-security OUI command to set an OUI value for authentication.
Use the undo port-security OUI command to cancel an OUI value setting.
Syntax port-security OUI OUI-value index index-value
undo port-security OUI index id-value
Parameters OUI-value OUI value. You can input a complete MAC address (in
hexadecimal) for this argument and the system will
calculate the OUI value from your input.
index-value OUI index. Valid values are 1 to 16.
The organizationally unique identifiers (OUIs) are assigned by IEEE to different

equipment providers. Each OUI uniquely identifies an equipment provider in the
world and is the higher 24 bits of MAC address.
You need only to input a complete hexadecimal MAC address in this command, and
the system will automatically convert the address to binary format and then take the
higher 24 bits of the resulting binary data as the OUI value.
Set an OUI value by specifying the MAC address 00ef-ec00-0000, and set the OUI
index to five.
[S4200G] port-security oui 00ef-ec00-0000 index 5
■ System view
Description CAUTION: The OUI value set by this command takes effect only when the security
mode of the port is set to userlogin-withoui (by the port-security port-mode
command).
Related Command port-security port-mode

530 ● port-security port-mode 3Com Switch 4200G Family
Command Reference
port-security port-mode
Purpose Use the port-security port-mode command to set the security mode of the
port.
Use the undo port-security port-mode command to restore the normal

operating mode of the port.
Syntax port-security port-mode mode
undo port-security port-mode
Parameters mode Security mode of the port. See Table 88for the values
of this argument.
Default By default, no security mode is set on the port.
Set the security mode on GigabitEthernet1/0/1 port to userlogin.
[S4200G-GigabitEthernet1/0/1] port-security port-mode userlogin
Description Table 88describes the available security modes in details:

3Com Switch 4200G Family port-security port-mode ● 531
Command Reference
Table 88 Description of the port security modes
Security mode Description Feature

autolearn the learned MAC addresses will be In this mode, only
changed to Security MAC addresses. the NTK and
Intrusion Protection
This security mode will automatically
features take effect.
change to the secure mode after the
system has learned the maximum number
of Security MAC from this port, and new
Security MAC cannot be added.
The packets whose original MAC
addresses are not the current Security
MAC addresses cannot pass the port.
secure In this mode, the system is disabled from
learning MAC addresses from this port.
Only the packets whose original MAC
addresses are the configured static MAC
addresses can pass the port.
userlogin In this mode, port-based 802.1x In this mode, the
authentication is performed for connected NTK and Intrusion
users. Protection features
do not take effect.
userlogin-secure The port opens only after the access user In these modes, only
passes the 802.1x authentication. Even the NTK and
after the port opens, only the packets of Intrusion Protection
the successfully authenticated user can features take effect.
pass through the port.
In this mode, only one
802.1x-authenticated user is allowed to
access the port.
When the port changes from the normal
mode to this security mode, the system
automatically removes the already existing
dynamic MAC address entries and
authenticated MAC address entries on the
port.
userlogin-withoui This mode is similar to the userlogin-secure
mode, except that there can be one
OUI-carried MAC address being
successfully authenticated in addition to
the single 802.1x-authenticated user who
is allowed to access the port.
When the port changes from the normal
mode to this security mode, the system
automatically removes the already existing
dynamic/authenticated MAC address
entries on the port.
mac-authentication In this mode, MAC address–based
authentication is performed for access
users.
userlogin-secure-or-mac In this mode, the two kinds of
authentication in mac-authentication and
userlogin-secure modes can be performed
simultaneously. If both kinds of
authentication succeed, the
userlogin-secure mode takes precedence
over the mac-authentication mode.
userlogin-secure-else-mac In this mode, first the MAC-based
authentication is performed. If this
authentication succeeds, the
mac-authentication mode is adopted, or
else, the authentication in userlogin-secure
mode is performed.
532 ● port-security port-mode 3Com Switch 4200G Family
Command Reference
Table 88 Description of the port security modes (continued)
Security mode Description Feature

userlogin-secure-ext This mode is similar to the userlogin-secure
mode, except that there can be more than
one 802.1x-authenticated user on the
port.
userlogin-secure-or-mac-ext This mode is similar to the
userlogin-secure-or-mac mode, except
that there can be more than one
802.1x-authenticated user on the port.
userlogin-secure-else-mac-ext This mode is similar to the
userlogin-secure-else-mac mode, except
that there can be more than one
802.1x-authenticated user on the port.
3Com Switch 4200G Family port-security timer disableport ● 533
Command Reference
port-security timer disableport
Purpose Use the port-security timer disableport command to set the time during
which the system temporarily disables a port.
Use undo port-security timer disableport command restore the default

time.
Syntax port-security timer disableport timer
undo port-security timer disableport
Parameters timer Valid values for this argument are 20 to 300.

Example Set the time during which the system temporarily disables a port to 50 seconds.
[S4200G] port-security timer disableport 50
■ System view
Description The time set by the port-security timer disableport command takes effect when the
disableport-temporarily mode is set by the port-security intrusion-mode command.
534 ● port-security trap 3Com Switch 4200G Family
Command Reference
port-security trap
Purpose Use the port-security trap command to enable the sending of the specified
type(s) of trap messages.
Use the undo port-security trap command to disable the sending of the
specified type(s) of trap messages.
Syntax port-security trap { addresslearned | intrusion | dot1xlogon |

dot1xlogoff | dot1xlogfailure | ralmlogon | ralmlogoff | ralmlogfailure
}*
undo port-security trap { addresslearned | intrusion | dot1xlogon |

dot1xlogoff | dot1xlogfailure | ralmlogon | ralmlogoff | ralmlogfailure
}*
Parameters addresslearned Enables/disables the sending of MAC address learning

trap messages.
intrusion Enables/disables the sending of intrusion packet
discovery trap messages.
dot1xlogon Enables/disables the sending of 802.1x user logon trap
messages.
dot1xlogoff Enables/disables the sending of 802.1x user logoff trap
messages.
dot1xlogfailure Enables/disables the sending of 802.1x user
authentication failure trap messages.
ralmlogon Enables/disables the sending of RALM user logon trap
messages.
ralmlogoff Enables/disables the sending of RALM user logoff trap
messages.
ralmlogfailure Enables/disables the sending of RALM user
authentication failure trap messages.
RADIUS authenticated login using MAC-address (RALM) refers to MAC address-based

RADIUS authentication.
Default By default, the system disables the sending of any types of trap messages.
Allow the sending of the intrusion packet discovery trap messages.
[S4200G] port-security trap intrusion

3Com Switch 4200G Family port-security trap ● 535
Command Reference
■ System view
Description This command is designed based on the Device Tracking feature. The Device Tracking
feature enables the switch to send trap messages in case special data packets
(generated by special actions such as illegal intrusion, and abnormal user
logon/logoff) pass through a port for the convenience of network administrator to
monitor these special actions.
536 ● port trunk pvid vlan 3Com Switch 4200G Family
Command Reference
port trunk pvid vlan
Purpose Use the port trunk pvid vlan command to configure the default VLAN ID for a
trunk port.
Use the undo port trunk pvid command to restore the default VLAN ID for a trunk
port.
Syntax port trunk pvid vlan vlan_id
undo port trunk pvid
Parameters vlan_id Specifies a VLAN ID. Valid values are 1 to 4094.

Default The default VLAN ID of local trunk port should be consistent with that of the trunk
port on the peer switch, otherwise packets cannot be properly transmitted.
Example To configure the trunk port Ethernet1/0/1 to the default VLAN of 100, enter the
following:
<S4200G>system-view
[SW4200G]interface GigabitEthernet 1/0/1
[SW4200G-GigabitEthernet1/0/1]port trunk pvid vlan 100

3Com Switch 4200G Family port trunk permit vlan ● 537
Command Reference
port trunk permit vlan
Purpose Use the port trunk permit vlan command to add a trunk port to one VLAN, a
selection of VLANs, or all VLANs.
Use the undo port trunk permit vlan command to remove the hybrid port from
one VLAN, a selection of VLANs or all VLANs.
Syntax port trunk permit vlan {vlan-id-list | all}
undo port trunk permit vlan {vlan-id-list| all}
Parameters vlan-id vlan-id-list = [ vlan-id1 [ to vlan-id2 ]

]&,1-10., specifies the VLAN range to which the trunk
ports are added. vlan-id is in the range of 1 to 4094
and can be discrete &,1-10. means you can enter the
parameter for ten times at most.
all Adds the trunk port to all VLANs.
Example Add the GigabitEthernet1/0/1 trunk port to VLAN 2, VLAN 5 and VLAN 50 through
VLAN 100.
<S4200G>system-view
[SW4200G-GigabitEthernet1/0/1]port trunk permit vlan 2 4 50 to 100
Please wait...
Done.
Description A trunk port can belong to multiple VLANs. If the port trunk permit vlan
command is used many times, then the VLAN enabled to pass on trunk port is the set
of these vlan_id_list.

538 ● primary accounting 3Com Switch 4200G Family
Command Reference
primary accounting
Purpose Use the primary accounting command to set the IP address and port number for
the primary accounting server.
Use the undo primary accounting command to restore the default IP address and
port number of the primary RADIUS accounting server.
Syntax primary accounting ip-address [ port-number ]
undo primary accounting
Parameters ip-address Specifies the IP address in dotted decimal format.

port-number Specifies the UDP port number. ranging from 1 to
65535.
Default By default, the IP address of the primary accounting server is 0.0.0.0 and the UDP
port number of the primary accounting service is 1813.
The IP address and UDP port number of the primary accounting server used by the
default RADIUS scheme system are 127.0.0.1 and 1646.
Example To set the IP address and UDP port number of the primary accounting server of the
RADIUS scheme radius1 to 10.110.1.2 and 1813, enter the following:
New Radius scheme
[S4200G-radius-radius1] primary accounting 10.110.1.2 1813
Description After creating a RADIUS scheme, you are supposed to set IP addresses and UDP port
numbers for the RADIUS servers, including primary/second
authentication/authorization servers and accounting servers. In real networking
environments, the above parameters shall be set according to the specific
requirements. However, you must set at least one authentication/authorization server
and an accounting server. Besides, ensure that the RADIUS service port settings on the
Switch is consistent with the port settings on the RADIUS server.
3Com Switch 4200G Family primary accounting ● 539
Command Reference

■ radius scheme
■ state
540 ● primary authentication 3Com Switch 4200G Family
Command Reference
primary authentication
Purpose Use the primary authentication command to configure the IP address and port
number for the primary RADIUS authentication/authorization server.
Use the undo primary authentication command to restore the default IP address
and port number of the primary RADIUS authentication/authorization server.
Syntax primary authentication ip-address [ port-number ]
undo primary authentication

port-number Specifies UDP port number ranging from 1 to 65535.
Default By default, the IP addresses of the primary authentication/authorization is at 0.0.0.0

and the UDP port for authentication/authorization service is 1812.
Example To set the IP address and UDP port number of the primary
authentication/authorization server used by the RADIUS scheme radius1 to
10.110.1.1 and 1812, enter the following:
New Radius scheme
[S4200G-radius-radius1] primary authentication 10.110.1.1 1812
■ RADIUS Server Group view
Description Note:
■ After creating a new RADIUS scheme, you should configure the IP address and
UDP port number of each RADIUS server you want to use in this scheme. These
RADIUS servers fall into two types: authentication/authorization, and accounting.
And for each kind of server, you can configure two servers in a RADIUS scheme:
primary and secondary servers. A RADIUS scheme has the following attributes: IP
addresses of the primary and secondary servers, shared keys, and types of the
RADIUS servers.
■ In an actual network environment, you can configure the above parameters as
required. But you should configure at least one authentication/authorization server
and one accounting server, and at the same time, you should keep the RADIUS
service port settings on the switch consistent with those on the RADIUS servers.
3Com Switch 4200G Family primary authentication ● 541
Command Reference

■ radius scheme
■ state
542 ● priority 3Com Switch 4200G Family
Command Reference
priority
Purpose Use the priority command to set the priority of Ethernet port.
Use the undo priority command to restore the default value.
Syntax priority priority-level
undo priority
Parameters priority-level Specifies the priority level of the port. Valid values are
0 to 7.
Default The default priority level of a port is 0.
Example To set the priority of the GigabitEthernet1/0/1 port to 7, enter the following:
[S4200G-GigabitEthernet1/0/1] priority 7
Description This command is used to set the priority of Ethernet ports. After the command is
configured, the switch replaces the 802.1p priority carried in the packet with the
priority of the port receiving the packet. Then the switch places the packet in the
corresponding port output queue according to the new priority of the packet.
3Com Switch 4200G Family priority trust ● 543
Command Reference
priority trust
Purpose Use the priority trust command to configure the precedence mapping mode on
the port of the switch.
Syntax priority trust { cos [ automap ] | dscp [ automap | remap ] }
Parameters cos [ automap ] The mapping is performed based on 802.1p priority

and the mapping modes are as follows:
■ If automap is not input, it is the default mode in
which the switch does not replace the priority
carried in the packet with the mapped priority.
■ If automap is input, it is the automap mode in
which the switch replaces the priority carried in the
packet with the mapped priority.
dscp [ automap | remap]
The mapping is performed based on DSCP precedence,
and the mapping modes are as follows:
■ If keywords are not input after DSCP, it is the
default mode in which the switch does not replace
the priority carried in the packet with the mapped
priority.
■ If automap is input, it is the automap mode in
which the switch replaces the priority carried in the
packet with the mapped priority.
■ If remap is input, it is the remap mode. In this
mode, the switch firstly gets new DSCP precedence
by the "DSCP-> DSCP" mapping relationship, and
then searches "DSCP->other precedence" mapping
relationship through the new DSCP precedence,
and replaces the precedence carried in the packet
with the mapped precedence.
Default By default, the switch trusts the port priority.
Example To configure to map in remap mode on GigabitEthernet1/0/1 according to DSCP

precedence, enter the following:
[S4200G-GigabitEthernet1/0/1] priority-trust dscp remap

544 ● priority trust 3Com Switch 4200G Family
Command Reference
Related Command priority

3Com Switch 4200G Family protocol inbound ● 545
Command Reference
protocol inbound
Purpose Use the protocol inbound command to configure the protocols supported in the
current user interface.
Syntax protocol inbound { all | ssh | telnet }
Parameters all Supports all protocols, including Telnet and SSH.

ssh Supports only SSH.
telnet Supports only Telnet.
Default By default, both SSH and Telnet are supported.
Example Configure vty0 through vty4 to support SSH only.
[S4200G] user-interface vty 0 4
[S4200G-ui-vty0-4] protocol inbound ssh
■ VTY User Interface view
Description After you use this command with SSH enabled, your configuration cannot take effect
till next login if no RSA key pair is configured.
CAUTION:
■ When SSH protocol is specified, to ensure a successful login, you must configure
the AAA authentication using the authentication-mode scheme command.
■ The protocol inbound ssh configuration fails if you configured
authentication-mode password and authentication-mode none.
When you configured SSH protocol successfully for the user interface, then you
cannot configure authentication-mode password and authentication-mode none
any more.
546 ● protocol inbound 3Com Switch 4200G Family
Command Reference
protocol inbound
Purpose Use the protocol inbound command to specify the protocols supported by the
user interface.
Syntax protocol inbound { all | ssh | telnet }
Parameters all Supports all protocols, including Telnet and SSH.

ssh Supports SSH protocol.
telnet Supports Telnet protocol.
Default Both Telnet protocol and SSH protocol are supported by default.
Example Configure that only SSH protocol is supported in VTY 0.
[S4200G-ui-vty0] protocol inbound ssh
Description Use the protocol inbound command in VTY User Interface view only.
Related Command user-interface vty

3Com Switch 4200G Family protocol-priority protocol-type ● 547
Command Reference
protocol-priority protocol-type
Purpose Use the protocol-priority command to set the global traffic priority that
applies to a given protocol.
Use the undo protocol-priority command to remove such a configuration.
Syntax protocol-priority protocol-type protocol-type { ip-precedence

ip-precedence | dscp dscp-value }
undo protocol-priority protocol-type protocol-type
Parameters protocol-type
protocol-type Specifies the type of the protocol. Only TELNET, SNMP,
and ICMP are supported currently.
ip-precedence
ip-precedence Specifies the value of IP precedence. Valid values are 0
to 7.
dscp dscp-value Specifies the value of DSCP precedence. Valid values
are 0 to 63.
Example To set the IP precedence of SNMP protocols to 3, enter the following:
[S4200G] protocol-priority protocol-type snmp ip-precedence 3
■ System view
548 ● public-key-code begin 3Com Switch 4200G Family
Command Reference
public-key-code begin
Purpose Use the public-key-code begin command to enter public key edit view and
input the client public key.
Syntax public-key-code begin
Parameters None
Example Enter public key edit view and input client public keys.
[S4200G-rsa-public-key] public-key-code begin
[S4200G-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[S4200G-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[S4200G-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[S4200G-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[S4200G-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[S4200G-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[S4200G-key-code] public-key-code end
[S4200G-rsa-public-key]
■ Public Key view
Description You can key in a blank space between characters (since the system can remove the
blank space automatically), or press <Enter> to continue your input at the next line.
But the public key, which is generated randomly by the SSH 2.0-supported client
software, should be composed of hexadecimal characters.
Related Commands ■ public-key-code end

3Com Switch 4200G Family public-key-code begin ● 549
Command Reference
Purpose Use the public-key-code begin command to enter public key edit view and set
server public keys.
Syntax public-key-code begin
Parameters None
Example Enter public key edit view and set server public keys.
[S4200G-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[S4200G-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[S4200G-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[S4200G-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[S4200G-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[S4200G-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[S4200G-key-code] public-key-code end
■ Public Key view
Description You can key in a blank space between characters (since the system can remove the
blank space automatically), or press <Enter> to continue your input at the next line.
But the public key, which are generated randomly after you use the rsa
local-key-pair create command on the server, should be composed of
hexadecimal characters.
Related Commands ■ public-key-code end

■ rsa local-key-pair create
550 ● public-key-code end 3Com Switch 4200G Family
Command Reference
public-key-code end
Purpose Use the public-key-code end command to return from public key edit view to
public key view and save the public keys you set.
Syntax public-key-code end
Parameters None
Example Exit from public key edit view and save the public keys.
[S4200G]rsa peer-public-key zhangshan
[S4200G-rsa-public-key]public-key-code begin
[S4200G-rsa-key-code] public-key-code end
■ Public Key Edit view
Description After you use this command to terminate the public key editing, public key validity
will be checked before the keys are saved. If there are illegal characters in the keys,
the prompt will be given and the keys will be discarded. Your configuration this time
fails. If the keys are valid, they will be saved in the public key list of the client.
Related Command ■ public-key-code begin

3Com Switch 4200G Family public-key-code end ● 551
Command Reference
public-key-code end
Purpose Use the public-key-code end command to return from public key edit view to
public key view and save the public keys you set.
Syntax public-key-code end
Parameters None
Example Exit from public key edit view and save the public keys.
[S4200G-rsa-key-code] public-key-code end
■ Public Key Edit view
Description After you use this command to terminate the public key editing, public key validity
will be checked before the keys are saved. If there are illegal characters in the keys,
the prompt will be given and the keys will be discarded. Your configuration this time
fails. If the keys are valid, they will be saved in the public key list of the client.

552 ● put 3Com Switch 4200G Family
Command Reference
put
Purpose Use the put command to upload a local file to the remote SFTP server.
Syntax put local-file [ remote-file ]
Parameters local-file Name of the source file at the local end.

remote-file Name assigned to the file to be saved on the remote
SFTP server.
Example Upload local file temp.c to the remote SFTP server and save it with the name temp1.c.
sftp-client> put temp.c temp1.c
Description If no name is specified for the file to be saved on the remote SFTP server, the name of
the source file is used.
3Com Switch 4200G Family put ● 553
Command Reference
put
Purpose Use the put command to upload a local file to the remote FTP server.
Syntax put localfile [ remotefile ]
Parameters local-file Name of the source file at the local end.

remote-file Name assigned to the file to be saved on the remote
FTP server.
Example Upload local file temp.c to the remote STP server and save it with the name temp1.c.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Upload the local file named temp.c to the FTP server.
[ftp] put temp.c temp1.c

200 Port command okay.
150 Opening ASCII mode data connection for temp.c.
226 Transfer complete.
FTP: 749881 byte(s) sent in 17.691 second(s) 42.00Kbyte(s)/sec.
■ FTP Client view
Description If no name is specified for the file to be saved on the remote FTP server, the name of
the source file is used.
554 ● pwd 3Com Switch 4200G Family
Command Reference
pwd
Purpose Use the pwd command to display the current directory on the SFTP server.
Syntax pwd
Parameters None
Example Display the current directory on the SFTP server.
sftp-client> pwd
flash:/

3Com Switch 4200G Family pwd ● 555
Command Reference
pwd
Purpose Use the pwd command to display the current path. If the current path is not
configured, an error occurs when you execute this command.
Syntax pwd
Parameters None
Example Display the current path.
<S4200G> pwd
unit1>flash:
■ User view
556 ● pwd 3Com Switch 4200G Family
Command Reference
pwd
Purpose Use the pwd command to display the current directory on the remote FTP Server.
Syntax pwd
Parameters None
Example Show the current directory on the remote FTP Server.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp] pwd
257 "flash:/temp" is current directory.
■ FTP Client view

3Com Switch 4200G Family qos cos-drop-precedence-map ● 557
Command Reference
qos cos-drop-precedence-map
Purpose Use the qos cos-drop-precedence-map command to configure the

"COS->Drop-precedence" mapping relationship.
Use the undo qos cos-drop-precedence-map command to restore the

"COS->Drop-precedence" mapping relationship to the default value.
Syntax qos cos-drop-precedence-map cos0-map-drop-prec cos1-map-drop-prec

cos2-map-drop-prec cos3-map-drop-prec cos4-map-drop-prec
cos5-map-drop-prec cos6-map-drop-prec cos7-map-drop-prec
undo qos cos-drop-precedence-map
Parameters cos0-map-drop-prec Specifies the mapped value from COS 0 to the drop
precedence. Valid values are 0 to 1.
cos0-map-drop-prec Specifies the mapped value from COS 1 to the drop
Default By default, the system provides the default "COS->Drop-precedence" mapping

relationship.
Table 89 The default "COS->Drop-precedence" mapping relationship
COS Value Drop-precedence

0 0
1 0
2 0
3 0
4 0
5 0
6 0
7 0
558 ● qos cos-drop-precedence-map 3Com Switch 4200G Family
Command Reference
Example The configuration of the "COS->Drop-precedence" mapping relationship is described

in the following table.
Table 90 The "COS->Drop-precedence" mapping relationship
COS Value Drop-precedence

0 1
1 1
2 1
3 1
4 1
5 0
6 0
7 0
The configuration procedure is as follows:
[S4200G] qos cos-drop-precedence-map 1 1 1 1 1 0 0 0
■ System view
Description The switch will assign a set of service parameters to one packet according to a certain
rule when it receives the packet. Service parameters include CoS value, local
precedence and drop precedence. Service parameters are assigned according to the
802.1p priority of the packet. COS value is the 802.1p priority of the packet, and local
precedence and drop precedence are obtained through the "COS
->Local-precedence" mapping relationship and the "COS ->Drop-precedence"
mapping relationship respectively. You can use this command to modify the
"COS->Drop-precedence" mapping relationship as required.
3Com Switch 4200G Family qos cos-dscp-map ● 559
Command Reference
qos cos-dscp-map
Purpose Use the qos cos-dscp-map command to configure the "COS->DSCP" mapping
relationship.
Use the undo qos cos-dscp-map command to restore the "COS->DSCP"

mapping relationship to the default value.
Syntax qos cos-dscp-map cos0-map-dscp cos1-map-dscp cos2-map-dscp

cos3-map-dscp cos4-map-dscp cos5-map-dscp cos6-map-dscp cos7-map-dscp
undo qos cos-dscp-map
Parameters cos0-map-dscp Sets the mapped value from COS 0 to DSCP. Valid
values are 0 to 63.
cos0-map-dscp Sets the mapped value from COS 1 to DSCP. Valid
values are 0 to 63.
values are 0 to 63.
values are 0 to 63.
values are 0 to 63.
values are 0 to 63.
values are 0 to 63.
values are 0 to 63.
Default By default, the system provides the default "COS->DSCP" mapping relationship.
Table 91 The default "COS->DSCP" mapping relationship
COS Value DSCP

0 16
1 0
2 8
3 24
4 32
5 40
6 48
7 56
560 ● qos cos-dscp-map 3Com Switch 4200G Family
Command Reference
Example The configuration of "COS->DSCP" mapping relationship is described in the

following table.
Table 92 The "COS->DSCP" mapping relationship
COS Value DSCP

0 0
1 1
2 2
3 3
4 4
5 5
6 6
7 7
[S4200G] qos cos-dscp-map 0 1 2 3 4 5 6 7
■ System view
3Com Switch 4200G Family qos cos-local-precedence-map ● 561
Command Reference
qos cos-local-precedence-map
Purpose Use the qos cos-local-precedence-map command to configure the

"COS->Local-precedence" mapping relationship.
Use the undo qos cos-local-precedence-map command to restore the

"COS->Local-precedence" mapping relationship to the default value.
Syntax qos cos-local-precedence-map cos0-map-local-prec cos1-map-local-prec

cos2-map-local-prec cos3-map-local-prec cos4-map-local-prec
cos5-map-local-prec cos6-map-local-prec cos7-map-local-prec
undo qos cos-local-precedence-map
Parameters cos0-map-local-prec Sets the mapped value from COS 0 to

local-precedence. Valid values are 0 to 7.
cos1-map-local-prec Sets the mapped value from COS 1 to
Default By default, the system provides the default "COS->Local-precedence" mapping

relationship.
Table 93 The default "COS->Local-precedence" mapping relationship
COS Value DSCP

0 2
1 0
2 1
3 3
4 4
5 5
6 6
7 7
562 ● qos cos-local-precedence-map 3Com Switch 4200G Family
Command Reference
Example The configuration of "COS->Local-precedence" mapping relationship is described in

the following table.
Table 94 The default "COS->Local-precedence" mapping relationship
COS Value DSCP

0 0
1 1
2 2
3 3
4 4
5 5
6 6
7 7
[S4200G] qos cos-local-precedence-map 0 1 2 3 4 5 6 7
■ System view
3Com Switch 4200G Family qos dscp-cos-map ● 563
Command Reference
qos dscp-cos-map
Purpose Use the qos dscp-cos-map command to configure the "COS->802.1p priority"
Use the undo qos dscp-cos-map command to restore the "DSCP->802.1p

priority" mapping relationship to the default value.
Syntax qos dscp-cos-map dscp-list : cos-value
undo qos dscp-cos-map [ dscp-list ]
Parameters dscp-list Specifies the list of DSCP values. It can include only
one DSCP value or many DSCP values. DSCP values are
separated by space. dscp-list is connected with
cos-value by the ":" after it to indicate the mapping
relationship between them. Valid values for the
dscp-list are 0 to 63.
cos-value Specifies the 802.1p priority corresponding to the
DSCP list. Valid values for the cos-value are 0 to 7.
Default By default, the system provides the default "DSCP->802.1p priority" mapping
relationship.
Table 95 The default "COS->801.1p precedence" mapping relationship
DSCP 802.1p priority

0 to 7 1
8 to 15 2
16 to 23 0
24 to 31 3
32 to 39 4
40 to 47 5
48 to 55 6
56 to 63 7
564 ● qos dscp-cos-map 3Com Switch 4200G Family
Command Reference
Example Modify the "DSCP->802.1p priority" mapping relationship according to the following
table.
Table 96 The "DSCP->802.1p priority" mapping relationship
DSCP 802.1p priority

0 1
1 1
2 1
3 1
4 1
5 1
6 1
7 1
[S4200G] qos dscp-cos-map 0 1 2 3 4 5 6 7 : 1
■ System view
3Com Switch 4200G Family qos dscp-drop-precedence-map ● 565
Command Reference
qos dscp-drop-precedence-map
Purpose Use the qos dscp-drop-precedence-map command to configure the

"DSCP->Drop-precedence" mapping relationship.
Use the undo qos dscp-drop-precedence-map command to restore the

"DSCP->Drop-precedence" mapping relationship to the default value.
Syntax qos dscp-drop-precedence-map dscp-list : drop-precedence
undo qos dscp-drop-precedence-map [ dscp-list ]
cos-value by the ":" after it to indicate the mapping
drop-precedence Specifies the drop precedence corresponding to the
DSCP list. Valid values for the drop-precedence are 0 to
1.
Default By default, the system provides the default "DSCP->Drop-precedence" mapping

relationship.
Table 97 The default "DSCP->Drop-precedence" mapping relationship
DSCP Drop Precedence

0 to 7 1
8 to 15 1
16 to 23 1
24 to 31 1
32 to 39 0
40 to 47 0
48 to 55 0
56 to 63 0
566 ● qos dscp-drop-precedence-map 3Com Switch 4200G Family
Command Reference
Example Modify the "DSCP->Drop-precedence" mapping relationship according to the

following table.
Table 98 The "DSCP->Drop-precedence" mapping relationship
DSCP Drop Precedence

0 1
1 1
2 1
3 1
4 1
5 1
6 1
7 1
[S4200G] qos dscp-drop-precedence-map 0 1 2 3 4 5 6 7 : 1
■ System view
3Com Switch 4200G Family qos dscp-dscp-map ● 567
Command Reference
qos dscp-dscp-map
Purpose Use the qos dscp-dscp-map command to configure the "DSCP->DSCP" mapping
relationship.
Use the undo qos dscp-dscp-map command to restore the "DSCP->DSCP"

mapping relationship to the default value.
Syntax qos dscp-dscp-map dscp-list : dscp-value
undo qos dscp-dscp-map [ dscp-list ]
dscp-value by the ":" after it to indicate the mapping
dscp-value Specifies the DSCP precedence corresponding to the
DSCP list. Valid values for the dscp-value are 0 to 63.
Default By default, the system provides the default "DSCP->DSCP" mapping relationship.
Table 99 The "DSCP->DSCP" mapping relationship and its default value
DSCP New DSCP

0 0
1 1
… …
61 61
62 62
63 63
Example Modify the "DSCP->DSCP" mapping relationship according to the following table.
Table 100 The "DSCP->DSCP" mapping relationship
DSCP New DSCP

0 1
1 1
2 1
3 1
4 1
5 1
6 1
7 1
568 ● qos dscp-dscp-map 3Com Switch 4200G Family
Command Reference
[S4200G] qos dscp-dscp-map 0 1 2 3 4 5 6 7 : 1
■ System view
3Com Switch 4200G Family qos dscp-local-precedence-map ● 569
Command Reference
qos dscp-local-precedence-map
Purpose Use the qos dscp-local-precedence-map command to configure the

"DSCP->Local-precedence" mapping relationship.
Use the undo qos dscp-local-precedence-map command to restore the

"DSCP->Local-precedence" mapping relationship to the default value.
Syntax qos dscp-local-precedence-map dscp-list : local-precedence
undo qos dscp-local-precedence-map [dscp-list ]
local-precedence by the ":" after it to indicate the
mapping relationship between them. Valid values for
the dscp-list are 0 to 63.
local-precedence Specifies the local precedence corresponding to the
DSCP list. Valid values for the local-precedence are 0 to
7.
Default By default, the system provides the default "DSCP->Local-precedence" mapping

relationship.
Table 101 The default "DSCP->Local-precedence" mapping relationship
DSCP Local Precedence

0 to 7 0
8 to 15 1
16 to 23 2
24 to 31 3
32 to 39 4
40 to 47 5
48 to 55 6
56 to 63 7
570 ● qos dscp-local-precedence-map 3Com Switch 4200G Family
Command Reference
Example Modify the "DSCP->Local-precedence" mapping relationship according to the

following table.
Table 102 The "DSCP->Local-precedence" mapping relationship
DSCP Local Precedence

0 1
1 1
2 1
3 1
4 1
5 1
6 1
7 1
[S4200G] qos dscp-local-precedence-map 0 1 2 3 4 5 6 7 : 1
■ System view
3Com Switch 4200G Family qos-profile ● 571
Command Reference
qos-profile
Purpose Use the qos-profile command to create a QoS profile and enter the corresponding
view.
If this profile has existed, use the qos-profile command to enter view of this
profile.
Use the undo qos-profile command to delete a specific QoS profile or all QoS
profiles.
Syntax qos-profile profile-name
undo qos-profile { profile-name | all }
Parameters profile-name Specifies the QoS profile name, consisting of a string

of one to 32 characters, starting with letters [a-z, A-Z]
and excluding all, interface, and user which are
reserved as keywords.
all Deletes all the QoS profiles.
Example To create a profile named h3c, enter the following:
[S4200G] qos-profile h3c
[S4200G-qos-profile-h3c]
■ System view
Description The switch does not allow your deletion of QoS profiles applied to ports.
572 ● qos-profile port-based 3Com Switch 4200G Family
Command Reference
qos-profile port-based
Purpose Use the qos-profile port-based command to configure the port-based

application mode of QoS profiles on ports.
Use the undo qos-profile port-based command to restore the default

application mode of QoS profiles on ports.
Syntax qos-profile port-based
undo qos-profile port-based
Parameters None
Default By default, the application mode of QoS profiles is user-based.
■ If MAC-address-based authentication mode is configured in 802.1x, the

application mode of QoS profiles must be user-based.
■ If port-based authentication mode is configured in 802.1x, the application mode
of QoS profiles must be port-based.
Example To configure the port-based application mode of QoS profiles on ports, enter the
following:
[S4200G-GigabitEthernet1/0/1] qos-profile port-based
Description After the QoS profile function is configured, the switch will apply the QoS profiles
corresponding to you to your access port when you pass the authentication. The
processing procedures of the switches of different application modes are as follows
respectively:
■ User-based mode: If the source information (source MAC, source IP, or source
MAC + source IP) is defined in the traffic rule adopted by the QoS profile, the QoS
profile cannot be applied dynamically successfully. If the source information is not
defined, the switch will create a new traffic rule by adding the source MAC and
source IP information of the user into the former rule, and then apply all the traffic
actions in the QoS profile to the user access port.
■ Port-based mode: The switch will apply all the actions in the QoS profile to the
user access port directly. When the mode is used, all the users with the same
access port must use the same QoS profile.
3Com Switch 4200G Family queue-scheduler ● 573
Command Reference
queue-scheduler
Purpose Use the queue-scheduler command to set the queue-scheduling algorithm and
parameters.
Use the undo queue-scheduler command to restore the default values.
Syntax queue-scheduler wrr { group1 { queue-id queue-weight } &<1-8> |

group2 { queue-id queue-weight } &<1-8> }*
undo queue-scheduler [ queue-id ] &<1-8>
Parameters wrr Indicates SDWRR scheduling algorithm is adopted in

the queue.
group1 Adds the queue into WRR scheduling group1.
group2 Adds the queue into WRR scheduling group2.
queue-id ID of the output queue on the port, in the range of 0
to 7.
queue-weight Weight of the queue, in the range of 1 to 255.
&<1-8> Indicates that the queue-id and queue-weight
arguments can be input up to 8 times.
Default By default, all the output queues on the ports of the switch adopt SP
queue-scheduling algorith.
Example To:
■ Set the scheduling mode of queue0 through queue5 to SDWRR scheduling

■ Add queue3, queue4, and queue5 into WRR scheduling group1 and their weights
are 20, 20, and 30 respectively.
■ Add queue0, queue1, and queue2 into WRR scheduling group2, and their weights
are 20, 20, and 40 respectively.
■ Queue6 and queue7 are scheduled according the default strict priority.
[S4200G] queue-scheduler wrr group1 3 20 4 20 5 30 group2 0 20 1 20 2 40
■ System view
Description One port of the switch supports 8 output queues. Different queues can adopt
different queue-scheduling algorithms in the switch. You can respectively set the
574 ● queue-scheduler 3Com Switch 4200G Family
Command Reference
queue-scheduling group that each queue belongs to as required: SP group, WRR

group1, and WRR group2. During the queue scheduling, the scheduling sequence is:
1. Each scheduling group is scheduled according to its strict priority, and the
scheduling group with the highest queue priority is scheduled firstly.
2. The scheduling group with the second highest priority is scheduled after the
scheduling group with the highest priority is scheduled.
Note: The 8 output queues are divided into groups in the following principle:
■ The queues in each group must be consecutive. For example, queue3, queue4,
and queue5 are consecutive queues.
■ Each can be allocated to the same queue-scheduling group, while queue3,
queue4, and queue7 cannot be allocated to the same queue-scheduling group.
Related Command display queue-scheduler

3Com Switch 4200G Family quit ● 575
Command Reference
quit
Purpose Use the quit command to terminate the connection to the remote SSH server.
Syntax quit
Parameters None
Example Terminate the connection to the remote SSH server.
<S4200G> quit
■ User view
576 ● quit 3Com Switch 4200G Family
Command Reference
quit
Purpose Use the quit command to terminate the connection to the remote SFTP server and
exit to system view.
Syntax quit
Parameters None
Example Terminate the connection to the remote SFTP server.
sftp-client> quit
[S4200G]
Description This command has the same function as the bye and exit commands.
3Com Switch 4200G Family quit ● 577
Command Reference
quit
Purpose Use the quit command to terminate FTP control connection and FTP data connection
and quit to user view. This command has the same effect as that of the bye
command.
Syntax quit
Parameters None.
Example Terminate the FTP control connection and FTP data connection and quit to user view.
[ftp] quit
<S4200G>
■ FTP Client view

578 ● quit 3Com Switch 4200G Family
Command Reference
quit
Purpose Use the quit command to return from current view to lower level view, or exit the
system if current view is user view.
Syntax quit
Parameters None.
Example Return from system view to user view.
[S4200G] quit
<S4200G>
■ Any view
Description The following lists the three levels of views available (from lower level to higher level):
■ User view
■ System view
■ VLAN view, Ethernet port view, and so on
Related Command return and system-view

3Com Switch 4200G Family radius nas-ip ● 579
Command Reference
radius nas-ip
Purpose Use the radius nas-ip command to set the source IP address used by the switch to
send RADIUS packets.
Use the undo radius nas-ip command to restore the default setting.
Syntax radius nas-ip ip-address
undo radius nas-ip
Parameters ip-address IP address in dotted decimal format.
Default By default, no source IP address is specified, and the IP address of the outbound
interface is used as the source IP address of the packet.
Example To set the source IP address used by the switch to send the RADIUS packets to
129.10.10.1, enter the following:
[S4200G] radius nas-ip 129.10.10.1
■ System view
Description Note:
■ By specifying the source address of the RADIUS packet, you can avoid unreachable
packets as returned from the server upon interface failure. The source address is
normally recommended to be a loopback interface address.
■ This command specifies only one source address; therefore, the newly configured
source address may overwrite the original one.
Related Command nas-ip

580 ● radius-scheme 3Com Switch 4200G Family
Command Reference
radius-scheme
Purpose Use the radius-scheme command to specify the RADIUS scheme to be used by the
current ISP domain.
Syntax radius-scheme radius-scheme-name
Parameters radius-scheme-name Specifies a RADIUS scheme, consisting of a character

string up to 32 characters in length.
Example To specify the scheme 3Com as the RADIUS scheme to be used by current ISP domain
3Com163.net, enter the following.
[S4200G-isp-3Com163.net] radius-scheme 3Com
■ ISP Domain view
Description The RADIUS scheme specified in the radius-scheme command must exist. This
command is equivalent to the scheme radius-scheme command.
Related Commands ■ display radius

■ radius scheme
■ scheme
3Com Switch 4200G Family radius scheme ● 581
Command Reference
radius scheme
Purpose Use the radius scheme command to create a RADIUS scheme and enter its view.
Use the undo radius scheme command to delete the specified RADIUS scheme.
Syntax radius scheme radius-scheme-name
undo radius scheme radius-scheme-name
Parameters radius-scheme-name Specifies the Radius scheme name with a character

string up to 32 characters in length.
Default By default, a RADIUS scheme named system exists in the system.
Example To create a RADIUS scheme named radius1 and enter its view, enter the following:
New Radius scheme
[S4200G-radius-radius1]
■ System view
Description Note:
■ A default RADIUS scheme named system has been created in the system. The
attributes of system are all default values.
■ RADIUS protocol configuration is performed on a per-RADIUS-scheme basis. Every
RADIUS scheme shall at least have the specified IP address and UDP port number
of the RADIUS authentication/authorization/accounting server and some necessary
parameters exchanged with the RADIUS client end (Switch). It is necessary to
create the RADIUS scheme and enter its view before performing other RADIUS
protocol configurations.
■ A RADIUS scheme can be used by multiple ISP domains simultaneously. You can
configure up to 16 RADIUS schemes, including the default RADIUS scheme named
as System.
■ Although undo radius scheme can remove a specified RADIUS scheme, the
default one cannot be removed. Note that a scheme currently in use by the online
user cannot be removed.
582 ● radius scheme 3Com Switch 4200G Family
Command Reference

■ retry realtime-accounting
■ radius-scheme
■ timer realtime-accounting
■ stop-accounting-buffer enable
■ server-type
■ state
■ user-name-format
■ retry
■ display radius
■ display radius statistics.
3Com Switch 4200G Family radius trap ● 583
Command Reference
radius trap
Purpose Use the radius trap command to enable the switch to send trap messages when
its RADIUS authentication or accounting server turns down.
Use the undo radius trap command to disable the switch from sending trap
messages when its RADIUS authentication or accounting server turns down.
Syntax radius trap { authentication-server-down | accounting-server-down }
undo radius trap { authentication-server-down |

accounting-server-down }
Parameters authentication-server-downSends trap message when the RADIUS authentication

server turns down.
accounting-server-down Sends trap message when the RADIUS accounting
server turns down.
Example To enable the switch to send trap messages when its RADIUS authentication server
turns down, enter the following:
[S4200G]radius trap authentication-server-down
■ System view
Description This configuration effects all RADIUS schemes.
A device considers its RADIUS server as being down if it has tried the configured
maximum times to send packets to the RADIUS server but does not receive any
response.
584 ● reboot 3Com Switch 4200G Family
Command Reference
reboot
Purpose Use the reboot command to restart an Ethernet switch.
Syntax reboot [ unit unit-id ]
Parameters unit-id Unit ID of a switch.
Example Directly restart the switch without saving the current configuration.
<S4200G> reboot
This will reboot device. Continue? [Y/N] y
Start to check configuration with next startup configuration file,
please wait......
This command will reboot the device. Current configuration may be lost
in next
startup if you continue. Continue? [Y/N] y
<S4200G>
%Apr 2 00:06:01:148 2000 S4200G DEV/5/DEV_LOG:- 1 -
Switch is rebooted.
Starting......
Description The system will check whether there is any configuration change before it restarts,
and will ask whether you want to proceed or not if there is any change, to prevent
you from losing your original configuration due to forgetting after the restart.
■ User view
3Com Switch 4200G Family reboot member ● 585
Command Reference
reboot member
Purpose Use the reboot member command to reboot a specified member device on the
management device.
Syntax reboot member { member-number | mac-address H-H-H } [ eraseflash ]

0 to 255.
mac-address H-H-H MAC address of the member device to be rebooted.
eraseflash Deletes the configuration file when the member device
reboots.
Example Reboot the member device numbered 2.
[aaa_0.S4200G-cluster] reboot member 2
■ Cluster view
Description Communication between the management and member devices may be interrupted
due to some configuration errors. Through the remote control function of member
devices, you can control them remotely on the management device. For example, you
can reboot a member device that operates improperly and specify to delete the
booting configuration file when the member device reboots, and thus restore normal
communication between the management and member devices.
The eraseflash keyword specifies to delete the booting configuration file when the
member device reboots.
586 ● region-name 3Com Switch 4200G Family
Command Reference
region-name
Purpose Use the region-name command to set an MST region name to a switch.
Use the undo region-name command to restore the default MST region name.
Syntax region-name name
undo region-name
Parameters name Specifies the MST region name for a switch with a
string that is 1 to 32 characters in length.
Default The default MST region name of a switch is its MAC address.
Example To set the MST region name of the switch to hello, enter the following:
[S4200G-mst-region] region-name hello
■ MST Region view
Description The MST region name, along with MST region VLAN mapping table and MSTP
revision level, determines the MST region to which a switch belongs.

■ instance
■ revision-level
3Com Switch 4200G Family remote-probe vlan ● 587
Command Reference
remote-probe vlan
Purpose Use the remote-probe vlan enable command to enable the remote-probe port
mirror port feature on the VLAN of the switch.
Use the undo remote-probe vlan enable command to disable the

remote-probe port mirror port feature on the VLAN of the switch.
Syntax remote-probe vlan enable
undo remote-probe vlan enable
Parameters None
Example Configure VLAN 5 to be remote-probe VLAN.
[S4200G] vlan 5
[S4200G-vlan5] remote-probe vlan enable
■ VLAN view
Description After setting a VLAN as remote-probe VLAN, you cannot add any more access port to
the VLAN.
588 ● remotehelp 3Com Switch 4200G Family
Command Reference
remotehelp
Purpose Use the remotehelp command to display help information about the FTP protocol
command.
Syntax remotehelp [ protocol-command ]
Parameters protocol-command FTP protocol command.
Example Show the syntax of the protocol command user.
<SW4200G>ftp 1.1.1.1
Trying ...
Connected.
220 FTP service ready.
User(none):hello
331 Password required for hello.
Password:
230 User logged in
[ftp]remotehelp user
214 Syntax: USER <sp> <username>
[ftp]
Description This command works only when the FTP server provides the help information about
FTP protocol commands.
CAUTION:
■ This command is always valid when a S4200G series switch operates as the FTP
server.
■ Common FTP software does not support this command.
■ FTP Client view

3Com Switch 4200G Family remove ● 589
Command Reference
remove
Purpose Use the remove command to delete the specified file from the server.
Syntax remove remote-file
Parameters remote-file Name of a file on the server.
Example Delete file temp.c from the server.
sftp-client> remove temp.c
Description This command has the same function as the delete command.
590 ● rename 3Com Switch 4200G Family
Command Reference
rename
Purpose Use the rename command to change the name of the specified file on the SFTP
server.
Syntax rename old name new name
Parameters old name Original file name.

new name New file name.
Example Change the name of file temp1 on the SFTP server to temp2.
sftp-client> rename temp1 temp2

3Com Switch 4200G Family rename ● 591
Command Reference
rename
Purpose Use the rename command to rename a file or a directory. If the target file name or
directory name is the same with any existing file name or directory name, you will fail
to rename a file.
Syntax rename fileurl-source fileurl-dest
Parameters fileurl-source Path name or file name of a file in the Flash, comprised
of a string from 1 to 142 characters long.
fileurl-dest Path name or a file name, comprised of a string from 1
Example Rename the file named sample.txt as sample.bak.
<S4200G> rename sample.txt sample.bak

Rename flash:/sample.txt to flash:/sample.bak ?[Y/N]:y
■ User view
592 ● rename 3Com Switch 4200G Family
Command Reference
rename
Purpose Use the rename command to rename a file on a remote host.
Syntax rename remote-source remote-dest
Parameters remote-source Name of a file on a remote host.

remote-dest Destination file name.
Example Rename the file named temp.c as forever.c.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
[ftp] rename temp.c forever.c
350 Enter the name to rename it to...
250 File renamed successfully
■ FTP Client view
Description If when renaming a file the destination file name conflicts with the name of an
existing file or directory, you will fail to rename the file.
3Com Switch 4200G Family reset arp ● 593
Command Reference
reset arp
Purpose Use the reset arp command to remove information that is no longer required from
the ARP mapping table.
Syntax reset arp [ dynamic | static | interface interface_name interface_type

interface_num ]
Parameters dynamic Clears the dynamic ARP mapping entries.

static Clears the static ARP mapping entries. Note that static
ARP entries are deleted permanently.
interface_name Specifies the interface name.
interface_type Specifies the interface type.
interface_num Specifies the interface number.
Example To clear static ARP entries, enter the following:
<S4200G> reset arp static
■ User view
Related Command ■ arp static

■ display arp
594 ● reset counters interface 3Com Switch 4200G Family
Command Reference
reset counters interface
Purpose Use the reset counters interface command to clear the statistics of the port,
preparing for a new statistics collection.
Syntax reset counters interface [ interface-type | interface-type

interface-number ]
Parameters interface-type Specifies the port type.

Example Clear the statistics of the GigabitEthernet1/0/1 port.
<4200G>reset counters interface GigabitEthernet1/0/1
■ User view
Description ■ If you specify neither port type nor port number, the command clears statistics of
all ports.
■ If specify only port type, the command clears statistics of all ports of this type.
■ If specify both port type and port number, the command clears statistics of the
specified port
3Com Switch 4200G Family reset dot1x statistics ● 595
Command Reference
reset dot1x statistics
Purpose Use the reset dot1x statistics command to clear the statistics of 802.1x.
Syntax reset dot1x statistics [ interface interface-list ]
interface-num }
Example Clear the 802.1x statistics on Ethernet 1/0/2.
<SW4200G>reset dot1x statistics interface ethernet 1/0/2
■ User view
Description Execution of the reset dot1x statistics command clears statistics globally and on all
ports if the interface-list argument is not provided, otherwise only resets statistics on
ports specified by the interface-list argument.

596 ● reset garp statistics 3Com Switch 4200G Family
Command Reference
reset garp statistics
Purpose Use the reset garp statistics command to clear the GARP statistics (such as
the information about the packets received/sent/discarded by GVRP/GMRP) on
specified (or all) ports.
Use the reset garp statistics command without parameters to clear the
GARP statistics on specified (or all) ports.
Syntax reset garp statistics [ interface interface-list ]

parameters), and &<1-10> means you can specify
Example Clear GARP statistics about all ports.
<S4200G> reset garp statistics
■ User view
Related Command display garp statistics

3Com Switch 4200G Family reset igmp-snooping statistics ● 597
Command Reference
reset igmp-snooping statistics
Purpose Use the reset igmp-snooping statistics command to clear the IGMP
Snooping statistics.
Syntax reset igmp-snooping statistics
Parameters None
Example Clear the IGMP Snooping statistics.
<S4200G> reset igmp-snooping statistics
■ User view

598 ● reset ip statistics 3Com Switch 4200G Family
Command Reference
reset ip statistics
Purpose Use the reset ip statistics command to clear the IP statistics information.
Syntax reset ip statistics
Parameters None
Example To clear the IP statistics information, enter the following:
<S4200G>reset ip statistics
■ User view
Related Commands ■ display ip interface vlan-interface

■ display ip statistics
3Com Switch 4200G Family reset logbuffer ● 599
Command Reference
reset logbuffer
Purpose Use the reset logbuffer command to clear information in the log buffer.
Syntax reset logbuffer [ unit unit-id ]
Parameters unit-id Unit ID
Example Clear information in log buffer.
<S4200G>reset logbuffer
■ User view
600 ● reset ndp statistics 3Com Switch 4200G Family
Command Reference
reset ndp statistics
Purpose Use the reset ndp statistics command to reset the NDP counters to clear the
NDP statistics.
Syntax reset ndp statistics [ interface port-list ]
Parameters interface port-list Specifies a list of ports connected with the specified
port. A list may contain consecutive or separated ports,
or the combination of consecutive and separated
ports. The argument is expressed as
{interface-type interface-number |
interface-name } [ to { interface-type
interface-number | interface-name } ] }
&<1-10>, where interface-type specifies the
port type, and interface-number specifies the
port number, expressed as slot number/port number.
Example Clear NDP statistics.
<S4200G> reset ndp statistics
■ User view
3Com Switch 4200G Family reset radius statistics ● 601
Command Reference
reset radius statistics
Purpose Use the reset radius statistics command to clear the statistics information
about the RADIUS protocol.
Syntax reset radius statistics
Parameters None
Example To clear the RADIUS protocol statistics, enter the following:
<S4200G> reset radius statistics
■ User view

602 ● reset recycle-bin 3Com Switch 4200G Family
Command Reference
reset recycle-bin
Purpose Use the reset recycle-bin command to completely delete file(s) in the recycle
bin in the Flash.
Syntax reset recycle-bin [ file-url ] [ /force ]
Parameters file-url Path name or file name of a file in the Flash, a string
comprising 1 to 142 characters. This argument
supports the wildcard "*".
/force Gives no prompt for the delete operation.
Example Clear the recycle bin.
<S4200G> reset recycle-bin

Clear flash:/sunday.diag ?[Y/N]:
Before pressing ENTER you must choose 'YES' or 'NO'[Y/N]:y
Clearing files from flash may take a long time. Please wait...
...
%Cleared file unit1>flash:/~/sunday.diag.
■ User view
Description The files that are deleted using the delete command are still stored in the recycle
bin. To delete them completely, use the reset recycle-bin command.
3Com Switch 4200G Family reset saved-configuration ● 603
Command Reference
reset saved-configuration
Purpose Use the reset saved-configuration command to delete the configuration file
that is of the specified attribute from the Flash, including the main and backup
configuration files to be used when the switch starts the next startup.
Syntax reset saved-configuration [ backup | main ]
Parameters main Main backup configuration file.

backup Backup configuration file.
Example Delete the main configuration file to be used for next startup.
<S4200G>reset saved-configuration main

The saved configuration will be erased.
Are you sure?[Y/N]y
Configuration in flash is being cleared.
Please wait ...
...
Configuration in flash is cleared.
■ User view
Description Executing the reset saved-configuration command with neither backup

nor main keyword deletes the main configuration file in the Flash.
Generally, the reset saved-configuration command is used in the following

cases:
■ The configuration files in the Flash are not compatible with the system software.
(This may occur after you upgrade the software of the switch.)
■ The network where the switch operates changes. In this case, the existing
configuration files may conflict with the new network. You need to delete the
existing configuration files and configure the switch again.
CAUTION:
■ Use the reset saved-configuration command with caution. You are
recommended to use this command under the guidance of technical support
personnel.
■ Upon powered on, a switch initiates using the default parameters if the Flash
contains no configuration file.
Related Command save

604 ● reset saved-configuration 3Com Switch 4200G Family
Command Reference
3Com Switch 4200G Family reset stop-accounting-buffer ● 605
Command Reference
reset stop-accounting-buffer
Purpose Use the reset stop-accounting-buffer command to delete the buffered

no-response stop-accounting request packets.
Syntax reset stop-accounting-buffer { radius-scheme radius-scheme-name |

session-id session-id | time-range start-time stop-time |
user-name user-name }
radius-scheme-name Specifies the buffered stop-accounting requests to
delete based on the specified RADIUS scheme.
radius-scheme-name is the name of a RADIUS
scheme. This name is a character string up to 32
session-id session-id Specifies the buffered stop-accounting requests to
delete based on the specified session ID. session-id
is a character string up to 50 characters in length.
time-range start-time
stop-time Specifies the buffered stop-accounting requests to
delete based on the time of the stop-accounting
request. Where, start-time is the start time of the
request period, the stop-time is the end time of the
request period, and both are in the format
hh:mm:ss-mm/dd/yyyy or hh:mm:ss-yyyy/mm/dd.
user-name user-name
user-name user-name Specifies the buffered stop-accounting request packets
to delete based on the specified user name.
user-name is a character string up to 80 characters
in length. The string cannot include the following
characters:
■ /
■ :
■ *
■ ?
■ <
■ >
606 ● reset stop-accounting-buffer 3Com Switch 4200G Family
Command Reference
Example To delete the stop-accounting request packets buffered in the system for the user
user0001@aabbcc.net, enter the following:
<S4200G> reset stop-accounting-buffer user-name user0001@aabbcc.net
Delete the stop-accounting request packets buffered from 0:0:0 08/31/2002 to

23:59:59 08/31/2002 in the system.
<S4200G> reset stop-accounting-buffer time-range 0:0:0-08/31/2002

23:59:59-08/31/2002
■ User view
Example By default, after transmitting the stopping accounting requests, if there is no response
from the RADIUS server, the Switch will save the packet in the buffer and retransmit it
several times, which is set through the retry realtime-accounting command.
You can select to delete the packets transmitted to a specified RADIUS server, or
according to the session-id or username, or delete the packets transmitted during the
specified time-range.
Related Commands ■ stop-accounting-buffer enable

■ display stop-accounting-buffer
3Com Switch 4200G Family reset stp ● 607
Command Reference
reset stp
Purpose Use the reset stp command to clear the STP statistics of specified Ethernet ports.
Syntax reset stp [ interface interface-list ]
interface-num }
Example To clear the spanning tree-related statistics on ports GigabitEthernet1/0/1 through

GigabitEthernet1/0/3, enter the following:
<S4200G> reset stp interface GigabitEthernet 1/0/1 to GigabitEthernet

1/0/3
■ User view
Description The spanning tree statistics include the numbers of the TCN BPDUs, configuration
BPDUs, RST BPDUs, and MST BPDUs sent/received through one or more specified
ports or all ports (note that STP BPDUs and TCN BPDUs are counted only for CISTs.)
This command clears the spanning tree-related statistics on specified ports if you
specify the interface-list argument. If you do not specify the interface-list argument,
this command clears the spanning tree-related statistics on all ports.
Related Command display stp

608 ● reset tcp statistics 3Com Switch 4200G Family
Command Reference
reset tcp statistics
Purpose Use the reset tcp statistics command to clear the TCP statistics information.
Syntax reset tcp statistics
Parameters None
Example To clear the TCP statistics information, enter the following:
<S4200G>reset tcp statistics
■ User view
Related Command display tcp statistics

3Com Switch 4200G Family reset traffic-limit ● 609
Command Reference
reset traffic-limit
Purpose Use the reset traffic-limit command to clear the statistics of the traffic
policing matching with the specified ACL rules.
Syntax reset traffic-limit inbound acl-rule
Parameters inbound Indicates that statistics of the packets received on the

port is cleared.
acl-rule Specifies the ACL rules which can be the combination
of various ACL rules. The way of combination is
described in the following table:

Issue a rule in an IP ACL and a rule in a Link ACL at the ip-group acl-number rule rule
same time link-group acl-number rule rule
Example To clear the statistics of the traffic policing matching with ACL 2000, enter the
following:
[S4200G-GigabitEthernet1/0/1] reset traffic-limit inbound ip-group 2000

610 ● reset traffic-statistic 3Com Switch 4200G Family
Command Reference
reset traffic-statistic
Purpose Use the reset traffic-statistic command to clear the traffic statistics of the
packets matching with the specified ACL rules.
Syntax reset traffic-statistic inbound acl-rule
Parameters inbound Indicates that statistics of the packets received on the

port is cleared.

Issue a rule in an IP ACL and a rule in a Link ACL at the ip-group acl-number rule rule
same time link-group acl-number rule rule
Example To clear the traffic statistics of the packets matching with ACL 2000 rules, enter the
following:
[S4200G-GigabitEthernet1/0/1] reset traffic-statistic inbound ip-group
2000

3Com Switch 4200G Family reset trapbuffer ● 611
Command Reference
reset trapbuffer
Purpose Use the reset trapbuffer command to clear information in the trap buffer.
Syntax reset trapbuffer [ unit unit-id ]
Parameters unit-id Unit ID
Example Clear information in the trap buffer.
<S4200G>reset trapbuffer
■ User view
612 ● retry 3Com Switch 4200G Family
Command Reference
retry
Purpose Use the retry command to set the maximum number of transmission attempts of
RADIUS requests.
Use the undo retry command to restore the default maximum number of
transmission attempts.
Syntax retry retry-times
Parameters retry-times Retry times during a detect operation. Valid values are
1 to 20.
If not specified, the default number of retries is 3.
Example To set the maximum transmission times of RADIUS requests in the RADIUS scheme
radius1 to five, enter the following:
New Radius scheme
[S4200G-radius-radius1] retry 5
■ Detecting Group view
Description Note:
■ The communication in RADIUS is unreliable because this protocol adopts UDP
packets to carry data. Therefore, it is necessary for the switch to retransmit a
RADIUS request if it gets no response from the RADIUS server after the response
timeout timer expires. If the maximum number of transmission attempts is reached
but the switch still receives no response, the switch considers that the request fails.
■ Appropriately set this maximum number of transmission attempts according to the
network situation can improve the reacting speed of the system.
Related Command radius scheme

3Com Switch 4200G Family retry realtime-accounting ● 613
Command Reference
retry realtime-accounting
Purpose Use the retry realtime-accounting command to set the maximum allowed
number of continuous no-response real-time accounting requests.
Use the undo retry realtime-accounting command to restore the default

maximum allowed number of continuous no-response real-time accounting requests.
Syntax retry realtime-accounting retry-times
undo retry realtime-accounting
Parameters retry-times Specifies the maximum number of continuous

no-response real-time accounting requests. Valid
Default This function defaults 5.
Example To allow the switch to continuously send at most 10 real-time accounting requests if it
gets no response for the RADIUS scheme radius1, enter the following:
New Radius scheme
[S4200G-radius-radius1] retry realtime-accounting 10
Description Note:
■ Generally, the RADIUS server uses the connection timeout timer to determine
whether a user is online or not. If the RADIUS server receives no real-time
accounting packet for a specified period of time, it will consider that the line or the
switch is in trouble and stop the accounting of the user. To make the switch
cooperate with this feature on the RADIUS server, it is necessary to cut down the
user connection on the switch as soon as possible after the RADIUS server
terminates the charging and connection of the user in the case of unforeseen
trouble. For this purpose, you can limit the number of continuous real-time
no-response accounting requests, and the switch will cut down the user
connection if it sends out the maximum number of real-time accounting requests
but does not receive any response.
■ Suppose that the response timeout time of the RADIUS server is T (three seconds
for example), the real-time accounting interval is t (12 minutes for example), and
the maximum number of continuous no-response real-time accounting requests is
retry-times (five for example). In this case, the switch sends an accounting request
614 ● retry realtime-accounting 3Com Switch 4200G Family
Command Reference
every 12 minutes; if the switch does not receive a response within 3 seconds after
it sends out an accounting request, it re-sends the request; If the switch
continuously sends five accounting requests but does not receive any response, it
considers this real-time accounting a failure. Generally, T x retry-times should be
less than t.
timer realtime-accounting
3Com Switch 4200G Family retry stop-accounting ● 615
Command Reference
retry stop-accounting
Purpose Use the retry stop-accounting command to set the maximum number of
transmission attempts of the stop-accounting requests buffered due to no response.
Use the undo retry stop-accounting command to restore the default maximum
number of transmission attempts of the buffered stop-accounting requests.
Syntax retry stop-accounting retry-times
undo retry stop-accounting
Parameters retry-times Specifies the number of transmission attempts of the

buffered stop-accounting requests. Valid values are 10
to 65535.
Default The default is 500.
Example To indicate that, when stopping accounting request for the server “3Com” in the
RADIUS server group, the Switch will retransmit the packets for up to 1000 times,
To specify that the switch can transmit a buffered stop-accounting request at most
1000 times in RADIUS scheme radius1, enter the following:
New Radius scheme
[S4200G-radius-radius1] retry stop-accounting 1000
Description Stop-accounting requests are critical to billing and will eventually affect the charges of
the users; they are important for both the users and the ISP. Therefore, the switch
should do its best to transmit them to the RADIUS accounting server. If the RADIUS
server does not respond to such a request, the switch should first buffer the request
on itself, and then retransmit the request to the RADIUS accounting server until it gets
a response, or the maximum number of transmission attempts is reached (in this case,
it discards the request).
Related Commands ■ display stop-accounting-buffer

■ radius-scheme
■ reset stop-accounting-buffer
616 ● return 3Com Switch 4200G Family
Command Reference
return
Purpose Use the return command to return to user view from any other view.
Syntax return
Parameters None
Example To return to user view from any other view (the example below shows the command
entered from the system view), enter the following.
[S4200G] return
<S4200G>
Description Performs the same function as Ctrl+Z.
To return to the next highest level of view, use quit.
■ System view or higher level views

3Com Switch 4200G Family revision-level ● 617
Command Reference
revision-level
Purpose Use the revision-level command to set the MSTP revision level for a switch.
Use the undo revision-level command to restore the default revision level.
Syntax revision-level level
undo revision-level
Parameters level MSTP revision level for the switch. Valid values are 0 to
65535.
Default By default, the MSTP revision level of a switch is 0.
Example To set the MSTP revision level of the MST region to 5, enter the following:
[S4200G-mst-region] revision-level 5
■ MST Region view
Description MSTP revision level, along with MST region name and VLAN mapping table,
determines the MST region to which a switch belongs.

■ instance
■ region-name
618 ● rmdir 3Com Switch 4200G Family
Command Reference
rmdir
Purpose Use the rmdir command to delete the specified directory from the remote SFTP
server.
Syntax rmdir remote-path
Parameters remote-path Name of a directory on the remote SFTP server.
Example Delete directory D:/temp1 from the remote SFTP server.
sftp-client> rmdir D:/temp1

3Com Switch 4200G Family rmdir ● 619
Command Reference
rmdir
Purpose Use the rmdir command to delete a directory.
Syntax rmdir directory
Parameters directory Name of a directory, a string comprising 1 to 142

characters.
Example Delete the directory named MyDoc.
<S4200G> rmdir MyDoc

Rmdir MyDoc?[Y/N]:y
% Removed directory MyDoc
■ User view
Description Because only empty directories can be deleted, you need to delete the files in a
directory before deleting it.
620 ● rmdir 3Com Switch 4200G Family
Command Reference
rmdir
Purpose Use the rmdir command to delete the specified directory from the remote FTP
server.
Syntax rmdir pathname
Parameters pathname Name of a directory on an FTP server.
Example Remove the directory flash:/temp1 on the FTP server. (Assume that the
directory is empty.)
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp] rmdir flash:/temp1
200 RMD command successful.
■ FTP Client view
Description You can only use this command to remove directories that are empty.
3Com Switch 4200G Family rmon alarm ● 621
Command Reference
rmon alarm
Purpose Use the rmon alarm command to add an entry to the alarm table.
Use the undo rmon alarm command to delete an entry from this table.
Syntax rmon alarm entry-number alarm-variable sampling-time { delta | absolute

} rising-threshold threshold-value1 event-entry1 falling-threshold
threshold-value2 event-entry2 [ owner text ]
undo rmon alarm entry-number
Parameters entry-number Number of the entry to be added/deleted. Valid values

are 1 to 65535.
alarm-variable Alarm variable, a string comprising 1 to 256 characters
in dotted node OID format (such as
1.3.6.1.2.1.2.1.10.1). Only the variables that can be
resolved to ASN.1 INTEGER data type (that is, INTEGER,
Counter, Gauge, or TimeTicks) can be used as alarm
variables.
sampling-time Specifies the sampling interval. Valid values are 5 to
65535 (measured in seconds).
delta Specifies to sample increments (that is, the current
increment with regard to the latest sample)
absolute Specifies to sample absolute values.
rising-threshold
threshold-value1
Specifies the upper threshold. The threshold-value1
argument ranges from 0 to 2,147,483,647.
event-entry1 Index of the event entry corresponding to the upper
threshold, in the range of 0 to 65535.
falling-threshold
threshold-value2 Specifies the lower threshold. The threshold-value2
argument ranges from 0 to 2,147,483,647.
event-entry2 Index of the event entry corresponding to the lower
threshold, in the range of 0 to 65535.
owner text Specifies the owner of the entry. The text argument is
a string comprising 1 to 127 characters.
Example Add the alarm entry numbered 1 as follows:
■ The node to be monitored: 1.3.6.1.2.1.16.1.1.1.4.1

■ Sampling interval: 10 seconds
■ Upper threshold: 50
■ The event-entry1 argument identifies event 1.
■ Lower threshold: 5
622 ● rmon alarm 3Com Switch 4200G Family
Command Reference
■ The event-entry2 argument identifies event 2

■ Owner: user1.
[S4200G] rmon event 1 log
[S4200G] rmon event 2 none
[S4200G]rmon alarm 1 1.3.6.1.2.1.16.1.1.1.4.1 10 absolute
rising_threshold 50 1 falling_threshold 5 2 owner user1
Delete the alarm entry numbered 15 from the alarm table.
[S4200G] undo rmon alarm 15
■ System view
Description You can use the rmon alarm command to define an alarm entry so that a specific
alarm event can be triggered under specific circumstances. The act (such as logging
and sending trap messages to NMS) taken after an alarm event occurs is determined
by the corresponding alarm entry.
With an alarm entry is defined in an alarm group, a network device performs the
following operations accordingly:
■ Sample the defined alarm variables (alarm-variable) once in each specified period,
which is specified by the sampling-time argument.
■ Comparing the sampled value with the set threshold and performing the
corresponding operations, as described in “Error! Reference source not found”.
Table 105 Sample value and the corresponding operation
Comparison Operation
The sample value is larger than or equal to the set Triggering the event identified by the
upper threshold (threshold-value1) event-entry1 argument
The sample value is smaller than the set lower threshold Triggering the event identified by the
(threshold-value2) event-entry2 argument
Note:
■ Before adding an alarm entry, you need to use the rmon event command to define
the events to be referenced by the alarm entry.
■ Make sure the node to be monitored exists before executing the rmon alarm
command.
3Com Switch 4200G Family rmon event ● 623
Command Reference
rmon event
Purpose Use the rmon event command to add an entry to the event table.
Use the undo rmon event command to delete an entry from this table.
Syntax rmon event event-entry [ description string ] { log | trap

trap-community | log-trap log-trapcommunity | none } [ owner text ]
undo rmon event event-entry
Parameters event-entry Number of the entry to be added/deleted. Valid values

are 1 to 65535.
description string Specifies the event description, consisting of a string
from1 to 127 characters long.
log Logs events.
trap Sends trap message to the NMS.
trap-community Community name of the NMS that receives the trap
messages, comprised of a string from 1 to 127
characters long.
log-trap Logs the event and sends trap messages to NMS.
log-trapcommunity Community name of the NMS that receives the log
messages, comprised of a character string from 1 to
127 characters long.
none Specifies that the event triggers no action.
owner rmon-station Specifies the owner of the event entry. The argument
may be any text string from 1 to 127 characters long.
Example Add the event entry numbered 10 to the event table and configure it to be a log
event.
[S4200G] rmon event 10 log
■ System view
Description When adding an event entry to an event table, you need to specify the event index.
You need also to specify the corresponding actions, including logging the event,
sending trap messages to the NMS, or both, for the network device to perform
corresponding operation when an alarm referencing the event is triggered.
624 ● rmon history 3Com Switch 4200G Family
Command Reference
rmon history
Purpose Use the rmon history command to add an entry to the history control table.
Use the undo rmon history command to delete an entry from history control table.
Syntax rmon history entry-number buckets number interval sampling-interval

[owner text ]
undo rmon history entry-number

are from 1 to 65535.
buckets number Capacity of the history table corresponding to the
control line.
interval sampling-intervalSampling interval. Valid values are from 5 to 3600
(measured in seconds).
owner text Specifies the owner of the entry, a string comprising 1
to 127 characters in length.
Example Create the history entry numbered 1 for Ethernet1/0/1 port, with the table size being
10, the sampling interval being 5 seconds, and the owner being user1.
[S4200G-GigabitEthernet1/0/1]rmon history 1 buckets 10 interval 5 owner
user1
Remove the history entry numbered 15.
[S4200G-GigabitEthernet1/0/1] undo rmon history 15
Description You can use the rmon history command to sample a specific port. You can also
set the sampling interval and the number of the samples that can be saved. After you
execute this command, the RMON system samples the port periodically and stores the
samples for later retrieval. The sampled information includes utilization, the number
of errors, and total number of packets.
You can use the display rmon history command to display the statistics of the
history control table.
3Com Switch 4200G Family rmon prialarm ● 625
Command Reference
rmon prialarm
Purpose Use the rmon prialarm command to add an entry to the extended RMON alarm
table.
Use the undo rmon prialarm command to delete an entry from the extended RMON
alarm table.
Syntax rmon prialarm entry-number prialarm-formula prialarm-des sampling-timer

{ delta | absolute | changeratio } rising_threshold threshold-value1
event-entry1 falling_threshold threshold-value2 event-entry2 entrytype
{ forever | cycle cycle-period } [ owner text ]
undo rmon prialarm entry-number
Parameters entry-number Extended alarm entry index. Valid values are 1 to

65535.
prialarm-formula Expression used to perform operations on the alarm
variables, a string comprising 1 to 256 characters. The
alarm variables in the expression must be represented
by OIDs, for example, (.1.3.6.1.2.1.2.1.10.1)*8. The
operations available are addition, subtraction,
multiplication and division operations. The operation
results are rounded to values that are of long integer
type. To prevent invalid operation results, make sure
the operation results of each step are valid long
integers.
prialarm-des Alarm description, comprised of a string from 1 to 256
characters long.
sampling-timer Sets the sampling interval (in seconds). Valid values are
10 to 65535 seconds.
delta | absolute |
changeratio Specifies sample type, which can be deltas, absolute
values, or change ratios.
threshold-value1 Upper threshold. Valid values are 0 to 4,294,967,295.
event-entry1 Index of the event entry that corresponds to the upper
threshold. Valid values are 0 to 65535.
threshold-value2 Lower threshold. Valid values are 0 to 4,294,967,295.
event-entry2 Index of the event entry that corresponds to the lower
threshold. Valid values are 0 to 65535.
forever Specifies the alarm entry is valid indefinitely.
| cycle cycle-period
Specifies the type of the alarm instance line.
cycle-period specifies the functional cycle of the
instance.
626 ● rmon prialarm 3Com Switch 4200G Family
Command Reference
cycle Specifies the alarm entry is valid periodically.

cycle-period Cycle period (in seconds). Valid values are 0 to
2,147,483,647.
owner text Specifies the owner of the alarm entry, consisting of a
Example Add the extended alarm entry numbered 2 as follows:
■ Perform operations on the corresponding alarm variables using the expression

((1.3.6.1.2.1.16.1.1.1.4.1)*100).
■ Sampling interval: 10 seconds
■ Upper threshold: 50
■ Lower threshold: 5
■ Event 1 is triggered when the change ratio is larger than the upper threshold.
■ Event 2 is triggered when the change ratio is less than the lower threshold.
■ The alarm entry is valid forever.
■ Entry owner: user1
[S4200G-GigabitEthernet1/0/1] rmon statistics 1
[S4200G-GigabitEthernet1/0/1] quit
[S4200G] rmon prialarm 2 ((.1.3.6.1.2.1.16.1.1.1.4.1)*100) test 10
changeratio rising_threshold 50 1 falling_threshold 5 2 entrytype
forever owner user1
Remove the extended alarm entry numbered 2 from the extended alarm table.
[S4200G] undo rmon prialarm 2
■ System view
Description With an extended alarm entry defined in an extended alarm group, the network
devices perform the following operations accordingly:
■ Sampling the alarm variables referenced in the defined extended alarm expressions
(prialarm-formula) once in each period specified by the sampling-timer argument.
■ Performing operations on sampled values according to the defined extended
alarm expressions (prialarm-formula)
■ Comparing the operation result with the set thresholds and perform
corresponding operations, as described in the following Table.
Table 106 Operation result and corresponding operation
Comparison Operation
The operation result is larger than or equal to the set Triggering the event identified by the
upper threshold (threshold-value1) event-entry1 argument
The operation result is smaller than or equal to the set Triggering the event identified by the
lower threshold (threshold-value2) event-entry2 argument
3Com Switch 4200G Family rmon prialarm ● 627
Command Reference
Note:
■ Before adding an extended alarm entry, you need to use the rmon event
command to define the events to be referenced by the entry.
■ Make sure the node to be monitored exists before executing the rmon event
command.
■ You can define up to 50 extended alarm entries.
628 ● rmon statistics 3Com Switch 4200G Family
Command Reference
rmon statistics
Purpose Use the rmon statistics command to add an entry to the statistic table.
Use the undo rmon statistics command to delete an entry from statistic table.
Syntax rmon statistics entry-number [ owner text ]
undo rmon statistics entry-number

are 1 to 65535.
owner text Creator of the entry. The length of the character string
can be from 1 to127 characters.
Example Add the statistics entry numbered 20 to take statistics of GigabitEthernet1/0/1 port.
[S4200G-GigabitEthernet1/0/1] rmon statistics 20
Description The RMON statistics management function is used to take statistics of the usage of
the monitored ports and errors occurred to them. The statistics include the number of
the following items: collisions, packet with CRC errors, undersize (or oversize)
packets, broadcast and multicast packets, received packets and bytes.
You can use the display rmon statistics command to display the statistics entries.
Note:
For each port, only one rmon alarm table entry can be created, that is to say, if one
RMON alarm table entry was already created for a given port, creation of another
entry with a different index number for the same port will not succeed.
3Com Switch 4200G Family rsa local-key-pair create ● 629
Command Reference
rsa local-key-pair create
Purpose Use the rsa local-key-pair create command to generate RSA key pairs,
whose names are in the format of switch name plus _host, for example,
S4200G_host.
Syntax rsa local-key-pair create
Parameters None
Example Generate a local RSA key pair.
[S4200G] rsa local-key-pair create
The key name will be: S4200G_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
...............++++++++++++
...............++++++++++++
.................................++++++++
.......................++++++++
....
■ System view
Description After you use the command, the system prompts you to define the key length.
■ In SSH1.x, the key length is in the range of 512 to 2,048 (bits).

■ In SSH 2.0, the key length is in the range of 1024 to 2048 (bits). To make SSH 1.x
compatible, 512- to 2,048-bit keys are allowed on clients, but the length of server
keys must be more than 1,024 bits. Otherwise, clients cannot be authenticated.
CAUTION:
■ If you use this command to generate an RSA key provided an old one exits, the
system will prompt you to replace the previous one or not.
For a successful SSH login, you must generate the local RSA key pairs first. You just
need to execute the command once, with no further action required even after the
system is rebooted.
Related Commands ■ display rsa local-key-pair public

630 ● rsa local-key-pair create 3Com Switch 4200G Family
Command Reference
■ rsa local-key-pair destroy

3Com Switch 4200G Family rsa local-key-pair destroy ● 631
Command Reference
rsa local-key-pair destroy
Purpose Use the rsa local-key-pair destroy command to destroy all existing RSA key
pairs at the server end.
Syntax rsa local-key-pair destroy
Parameters None
Example Destroy all existing RSA key pairs at the server end.
[S4200G] rsa local-key-pair destroy
% The name for the keys which will be destroyed is S4200G_Host .
% Confirm to destroy these keys? [Y/N]:y
............
■ System view
Related Command rsa local-key-pair create

632 ● rsa peer-public-key 3Com Switch 4200G Family
Command Reference
rsa peer-public-key
Purpose Use the rsa peer-public-key command to enter public key view.
Syntax rsa peer-public-key key-name
Parameters key-name Client public key name, consisting of a string from 1 to

64 characters long.
Examples Enter S4200G002 public key view.
■ System view
Description You can use this command along with the public-key-code begin command
to configure on the server client public keys, which are generated randomly by the
SSH 2.0-supported client software.

■ public-key-code end
3Com Switch 4200G Family rsa peer-public-key ● 633
Command Reference
rsa peer-public-key
Purpose Use the rsa peer-public-key command to enter public key view.
Syntax rsa peer-public-key key-name
Parameters key-name Server public key name, consisting of a string from 1 to

64 characters long.
Examples Enter S4200G002 public key view.
■ System view
Description You can use this command along with the public-key-code begin command
to configure on the client the server public keys, which are generated randomly after
you use the rsa local-key-pair create command.

■ public-key-code end
■ rsa local-key-pair create
634 ● rule (Advanced ACL) 3Com Switch 4200G Family
Command Reference
rule (Advanced ACL)
Purpose Use the rule command to define an ACL rule.
Use the undo rule command to delete an ACL rule or the attribute information of
an ACL rule.
Syntax rule [ rule-id ] { permit | deny } rule-string
undo rule rule-id [ destination ] [ destination-port ] [ dscp ] [

fragment ] [ icmp-type ] [ precedence ] [ source ] [ source-port ] [
time-range ] [ tos ]
Parameters Parameters of the rule command:
rule-id The ACL rule ID. Valid values are 0 to 65,534.

deny Drops packets that satisfy the condition.
permit Permits packets that satisfy the condition to pass.
rule-string Rule information, which can be combination of the
parameters given in the table below. The following
table describes the specific parameters. You must
configure the protocol argument in the rule
information before you can configure other
arguments.
Table 107 Rule information
Parameter Type Function Description

protocol Protocol type Type of protocol When expressed in numerals, the
over IP value range is 1 to 255. When
expressed with a name, the value
can be GRE, ICMP, IGMP, IP, IPinIP,
OSPF, TCP, and UDP
source { sour-addr Source address Specifies the sour-addr sour-wildcard is used to
sour-wildcard | any } information source address specify the source address of the
information in the packet, expressed in dotted
rule decimal notation. any represents
any source address.
destination { Destination Specifies the dest-addr dest-wildcard is used to
dest-addr address destination specify the destination address of
dest-wildcard | any } information address the packet, expressed in dotted
information in the decimal notation. any represents
rule any destination address
precedence Packet Packet priority Value range: 0 to 7
precedence precedence
tos tos Packet ToS priority Value range: 0 to 15
precedence
dscp dscp Packet DSCP priority Value range: 0 to 63
precedence
fragment Fragment Specifies that the -
information rule is effective
for non-initial
fragment packets
3Com Switch 4200G Family rule (Advanced ACL) ● 635
Command Reference
Table 107 Rule information (continued)

time-range Time range Specifies the time -
time-name information range in which
the rule is active
If the protocol type is TCP or UDP, you can also define the following information:
Table 108 TCP/UDP-specific rule information

source-port operator Source port(s) Defines the source The value of operator can be
port1 [ port2 ] port information of lt (less than), gt (greater
UDP/TCP packets than), eq (equal to), neq (not
equal to), or range (within
the range of). Only the range
requires two port numbers
as the operands, and other
operators require only one
port number as the operand
port1 and port2: TCP/UDP
port number(s), expressed
with name(s) or numerals;
when expressed with
numerals, the value range is
0 to 65,535.
destination-port Destination Defines the
operator port1 [ port2 ] port(s) destination port
information of
UDP/TCP packets
established "TCP connection Specifies that the rule TCP-specific argument
established" flag will match TCP
connection packets
with the ack or rst
flag
If the protocol type is ICMP, you can also define the following information:
Table 109 ICMP-Specific Rule Information

icmp-type icmp-type Type and Specifies the type and icmp-type: ICMP
icmp-code message code message code information of message type, ranging
information of ICMP packets in the rule 0 to 255.
ICMP packets
icmp-code: ICMP
message code, ranging
0 to 255.
If the protocol type is ICMP, you can also directly input the ICMP message name after
the icmp-type argument. The following table describes some common ICMP
messages.
Table 110 ICMP messages
Name ICMP TYPE ICMP CODE

echo Type=8 Code=0
echo-reply Type=0 Code=0
fragmentneed-DFset Type=3 Code=4
host-redirect Type=5 Code=1
host-tos-redirect Type=5 Code=3
host-unreachable Type=3 Code=1
information-reply Type=16 Code=0
636 ● rule (Advanced ACL) 3Com Switch 4200G Family
Command Reference
Table 110 ICMP messages (continued)
Name ICMP TYPE ICMP CODE

information-request Type=15 Code=0
net-redirect Type=5 Code=0
net-tos-redirect Type=5 Code=2
net-unreachable Type=3 Code=0
parameter-problem Type=12 Code=0
port-unreachable Type=3 Code=3
protocol-unreachable Type=3 Code=2
reassembly-timeout Type=11 Code=1
source-quench Type=4 Code=0
source-route-failed Type=3 Code=5
timestamp-reply Type=14 Code=0
timestamp-request Type=13 Code=0
ttl-exceeded Type=11 Code=0
II. Parameters of the undo rule command:
source Deletes the settings of the source address part in the

rule corresponding to the rule ID
source-port Deletes the settings of the source port part in the rule
corresponding to the rule ID. This keyword is available
only when TCP or UDP is defined in the rule.
destination Deletes the settings of the destination address part in
the rule corresponding to the rule ID.
destination-port Deletes the settings of the destination port part in the
rule corresponding to the rule ID. This keyword is
available only when TCP or UDP is defined in the rule.
icmp-type Deletes the settings of the ICMP type and message
code part in the rule corresponding to the rule ID. This
keyword is available only when ICMP is defined in the
rule.
precedence Deletes the precedence-related settings in the rule
corresponding to the rule ID.
tos Deletes the ToS-related settings in the rule
dscp Deletes the DSCP-related settings in the rule
time-range Deletes the time range settings in the rule
fragment Deletes the settings effective for non-initial fragment
packets in the rule corresponding to the rule ID.
Example Define a rule to permit packets from hosts in the network segment of 129.9.0.0 to
hosts in the network of 202.38.160.0 and with the port number of 80 to pass.
3Com Switch 4200G Family rule (Advanced ACL) ● 637
Command Reference
[S4200G-acl-adv-3101] rule permit tcp source 129.9.0.0 0.0.255.255
destination 202.38.160.0 0.0.0.255 destination-port eq 80
■ Advanced ACL view
Description Before you can delete a rule, you must specify the rule ID. If you do not know the rule
ID, you can view it by using the display acl command.
In the case that you specify the rule ID when defining a rule:
■ If the rule corresponding to the specified rule ID already exists, you will edit the
rule, and the modified part in the rule will replace the original content, while other
parts remain unchanged.
■ If the rule corresponding to the specified rule ID does not exists, you will create
and define a new rule.
■ The content of a modified or created rule must not be identical with the content
of any existing rule; otherwise the rule modification or creation will fail, and the
system will prompt that the rule already exists.
If you do not specify a rule ID, you will create and define a new rule, and the system
will assign an ID for the rule automatically.
638 ● rule (Basic ACL) 3Com Switch 4200G Family
Command Reference
rule (Basic ACL)
Use the undo rule command to delete an ACL rule or the attribute information of
an ACL rule.
Syntax rule [ rule-id ] { permit | deny } [ fragment ] [ source { sour-addr

sour-wildcard | any } ] [ time-range time-name ]
undo rule rule-id [ fragment ] [ source ] [ time-range ]
Parameters I. Parameters of the rule command:

fragment Specifies that the rule is effective for non-initial
fragment packets.
source { sour-addr
sour-wildcard | any } { sour-addr sour-wildcard | any }: Specifies the source
address information in the rule. If the source keyword
is not included in the command, any source address of
packets will be matched. sour-addr sour-wildcard is
used to specify the source address of the packet,
expressed in dotted decimal notation. The any
parameter refers to any address.
time-range time-name Specifies that this ACL rule is effective only in this time
range.
rule-id Rule ID, which must the ID of an existing ACL rule. If

no other arguments are specified, the system will
completely delete this ACL rule. If any argument is
given, the system will delete only the specified
information of the ACL rule.
fragment Deletes the settings effective for non-initial fragment
packets in the rule corresponding to the rule ID.
source Deletes the settings of the source address part in the
rule corresponding to the rule ID.
time-range Deletes the time range settings in the rule
3Com Switch 4200G Family rule (Basic ACL) ● 639
Command Reference
Example Define a rule to deny packets whose source IP address is 1.1.1.1.
[S4200G-acl-basic-2000] rule deny source 1.1.1.1 0
■ Basic ACL view
Description Use the undo rule command to delete an ACL rule or the attribute information of
an ACL rule.
Before you can delete a rule, you must specify the rule ID. If you do not know the rule
640 ● rule comment 3Com Switch 4200G Family
Command Reference
rule comment
Purpose Use the rule comment command to define the comment string for an ACL rule.
Use the undo rule comment command to delete the comment string for an ACL
rule.
Syntax rule rule-id comment text
undo rule rule-id comment
Parameters comment text Specifies the comment string for an ACL rule, which
must a string of up to 127 characters.
Example Define the comment string of Rule 0 of ACL 3000 as "test".
[S4200G-acl-adv-3000] rule 0 comment test
■ Advanced ACL view / Layer 2 ACL view
Description Before defining the comment string for an ACL rule, make sure that this ACL rule
exists.
3Com Switch 4200G Family rule (Layer 2 ACL) ● 641
Command Reference
rule (Layer 2 ACL)
Use the undo rule command to delete an ACL rule.
Syntax rule [ rule-id ] { permit | deny } [ rule-string ]
undo rule rule-id
Parameters I. Parameters of the rule command:

rule-string Rule information, which can be combination of the
parameters given in the table below. The following
table describes the specific parameters.
Table 111 Rule information

format-type Link layer Defines the link format-type: the value can be
encapsulation layer encapsulation 802.3/802.2, 802.3, ether_ii,
type type in the rule or snap
lsap lsap-code lsap field Defines the lsap lsap-code: the encapsulation
lsap-wildcard field in the rule format of data frames, a 16-bit
hexadecimal number
lsap-wildcard: mask of the lsap
value, a 16-bit hexadecimal
number used to specify the
mask bit
source { source-addr Source MAC Specifies the source source-addr: source MAC
source-mask | vlan-id }* address MAC address range address, in the format of
information in the rule H-H-Hsource- mask: source
MAC address mask, in the
format of H-H-Hvlan-id: source
VLAN ID, in the range of 1 to
4,094
dest dest-addr Destination MAC Specifies the dest-addr: destination MAC
dest-mask address destination MAC address, in the format of
information address range in the H-H-H dest- mask: destination
rule MAC address mask, in the
format of H-H-H
cos vlan-pri Priority Defines the 802.1p vlan-pri: VLAN priority, in the
priority of the rule range of 0 to 7
time-range time-name Time range Specifies the time time-name: specifies the name
information range in which the of the time range in which the
rule is active rule is active; a string of 1 to 32
characters
type protocol-type Protocol type of Defines the protocol protocol-type: protocol type
protocol-mask Ethernet frames type of Ethernet protocol-mask: protocol type
frames mask
642 ● rule (Layer 2 ACL) 3Com Switch 4200G Family
Command Reference
rule-id The Rule ID, which must the ID of an existing ACL rule.
Example Define a rule to deny packets whose 802.1p priority is 3.
[S4200G-acl-ethernetframe-4000] rule deny cos 3
■ Layer 2 ACL view
Description Before you can delete a rule, you must specify the rule ID. If you do not know the rule
3Com Switch 4200G Family save ● 643
Command Reference
save
Purpose Use the save command to save the current configuration to a configuration file in
the flash memory.
Syntax save [ cfgfile | [ safely ] [ backup | main ] ]
Parameters cfgfile Path name or file name of the configuration file in the
flash memory to which the current configurations will
be saved. Valid values are a character string from 5 to
56 characters long.
safely Safe mode. Saving the current configuration in this
mode is relatively slow, but the configuration file still
remains in the flash without being lost even if the
switch restarts or powers down during the saving.
backup Assigns the backup attribute to the configuration file.
main Assigns the main attribute to the configuration file.
Example Save the current configuration to the main configuration file.
<S4200G>save main
The configuration will be written to the device.
Are you sure?[Y/N]y
Please input the file name(*.cfg)(To leave the existing filename
unchanged press the enter key):123.cfg
Now saving current configuration to the device.

Saving configuration. Please wait...
............
Unit1 save configuration flash:/123.cfg successfully
Unit2 save configuration flash:/123.cfg successfully
%Apr 2 02:58:01:682 2000 S4200G CFM/3/CFM_LOG:- 1 -Unit1 save

configuration successfully.
%Apr 2 02:58:01:783 2000 S4200G CFM/3/CFM_LOG:- 1 -Unit2 save
Save the current configuration to the configuration file 234.cfg on unit 1.
<S4200G> save unit1>flash:/234.cfg

The current configuration will be saved to unit1>flash:/234.cfg [Y/N]:y
Now saving current configuration to the device.
Saving configuration. Please wait...
...........
Unit1 save configuration unit1>flash:/234.cfg successfully
<S4200G>
%Apr 2 04:07:21:805 2000 4200G-EI CFM/3/CFM_LOG:- 1 -Unit1 save
644 ● save 3Com Switch 4200G Family
Command Reference
■ Any view
Description Executing the save command with neither backup nor main assigns the main
attribute to the file to which the current configurations are saved.
The system provides two methods to save the current configurations.
■ If the safely keyword is not used, the system saves the current configurations in
fast mode. This mode is fast, but the configuration file may be lost if the switch
restarts or powers down.
■ If the safely keyword is used, the system saves the current configurations in safe
mode. This mode is relatively slow, but the configuration file still remains in the
flash memory without being lost even if the switch restarts or powers down during
the saving.
The fast mode is recommended under the circumstances with stable power system,
while the safe mode is recommended under the circumstances with bad power
system or in the case of remote maintenance.
■ If the cfgfile argument is not specified, the system saves the current configuration
to the configuration file used in this startup, or saves the current configuration
with the default configuration file name if the default configuration is used in this
startup.
■ To make a switch to adopt the current configuration when it starts the next time,
save the current configuration using the save command before restarting the
switch.
3Com Switch 4200G Family schedule reboot at ● 645
Command Reference
schedule reboot at
Purpose Use the schedule reboot at command to schedule a reboot on the current
switch and set the reboot date and time.
Use the undo schedule reboot command to cancel the scheduled reboot.
Syntax schedule reboot at hh:mm [ mm/dd/yyyy | yyyy/mm/dd ]
undo schedule reboot
Parameters hh:mm Reboot time, where hh (hour) ranges from 0 to 23,

and mm (minute) ranges from 0 to 59.
mm/dd/yyyy or yyyy/mm/dd Reboot date, where yyyy (year) ranges from 2,000 to
2,099, mm (month) ranges from 1 to 12, and the
range of dd (day) depends on the specific month.
Default By default, no scheduled reboot is set on the switch.
Example Suppose the current time is 05:06, schedule a reboot so that the switch reboots at
22:00 on the current day.
<S4200G> schedule reboot at 22:00

Reboot system at 22:00 2000/04/02(in 16 hours and 53 minutes)
confirm?[Y/N]:y
<S4200G>
■ User view
Description After you execute the schedule reboot at command with a future date specified, the
switch will reboot at the specified time with at most one minute delay.
After you execute the schedule reboot at command without specifying a date, the
switch will:
lReboot at the specified time on the current day if the specified time is later than the
current time.
lReboot at the specified time on the next day if the specified time is earlier than the
current time.
After you execute the command, the system will prompt you to confirm. Enter "Y" or
"y" for your setting to take effect, and your setting will overwrite the old one (if
available).
646 ● schedule reboot at 3Com Switch 4200G Family
Command Reference
If you adjust the system time by the clock command after executing the schedule
reboot at command, the schedule reboot at command will be invalid and the
scheduled reboot will not happen.
Related Command ■ reboot

■ display schedule reboot
3Com Switch 4200G Family schedule reboot delay ● 647
Command Reference
schedule reboot delay
Purpose Use the schedule reboot delay command to schedule a reboot on the switch,
and set the reboot waiting delay.
Use the undo schedule reboot command to cancel the scheduled reboot.
Syntax schedule reboot delay { hhh:mm | mmm }
undo schedule reboot
Parameters hhh:mmm Reboot waiting delay, where hhh ranges from 0 to

720, and mm ranges from 0 to 59.
mmm Reboot waiting delay (in minutes). Valid values are 0
to 43,200 minutes.
Default By default, no scheduled reboot is set on the switch.
Example Suppose the current time is 05:02, schedule a reboot so that the switch reboots after
70 minutes.
<S4200G> schedule reboot delay 70

Reboot system at 06:12 2000/04/02(in 1 hours and 10 minutes)
confirm?[Y/N]:y
<S4200G>
■ User view
Description After you execute the schedule reboot at command with a future date specified, the
switch will reboot at the specified time with at most one minute delay.
You can set the reboot waiting delay in two formats: hhh:mm and mmm. The former
is hours:minutes, the latter is the absolute minutes, and both must be less than or
equal to 30×24×60 (that is, 30 days).
After you execute the command, the system will prompt you to confirm. Enter "Y" or
"y" for your setting to take effect. Your setting will overwrite the old one (if
available).
If you adjust the system time by the clock command after executing the schedule
reboot delay command, the schedule reboot delay command will be invalid and the
scheduled reboot will not happen.
Related command: reboot, schedule reboot at, undo schedule reboot, and display
schedule reboot.
648 ● scheme 3Com Switch 4200G Family
Command Reference
scheme
Purpose Use the scheme command to configure the AAA scheme to used by the current ISP
domain.
Use the undo scheme command to restore the default AAA scheme used by the ISP
domain.
Syntax scheme { local | none | radius-scheme radius-scheme-name [ local ] }
undo scheme { radius-scheme | none }
Parameters radius-scheme-name Specifies the name of the RADIUS scheme. This name
is a character string from 1 to 32 characters long.
local Specifies to use local authentication.
none Specifies not to perform authentication.
Default By default, the ISP domain uses the local AAA scheme.
Example To specify the RADIUS scheme radius1 as the primary AAA scheme referenced by the
ISP domain aabbcc.net and specify the local scheme as the secondary authentication
scheme, enter the following:
New Domain added.
[S4200G-isp-aabbcc.net] scheme radius-scheme raduis1 local
■ ISP Domain view
Description When the scheme command is used to specify the RADIUS scheme to be referenced
by current ISP domain, the specified RADIUS scheme must has already been
configured.
If you execute the scheme radius-scheme radius-scheme-name local command, the

local scheme becomes the secondary scheme in case the RADIUS server does not
response normally. That is, if the communication between the switch and the RADIUS
server is normal, no local authentication is performed; otherwise, local authentication
is performed.
3Com Switch 4200G Family scheme ● 649
Command Reference
If you execute the scheme local command, the local scheme is adopted as the primary
scheme. In this case, only local authentication is performed, no RADIUS
authentication is performed. If you execute the scheme none command, no
authentication is performed.

650 ● screen-length 3Com Switch 4200G Family
Command Reference
screen-length
Purpose Use the screen-length command to set the number of lines the terminal screen
can contain.
Use the undo screen-length command to revert to the default number of lines.
Syntax screen-length screen-length
undo screen-length
Parameters screen-length The maximum number of information lines that you

can display on a terminal screen. Valid values are 0 to
512.
Set the number of lines the terminal screen can contain to 20.
[S4200G-ui-aux0] screen-length 20
Description You can use the screen-length 0 command to disable the function to display
information in pages.
3Com Switch 4200G Family secondary accounting ● 651
Command Reference
secondary accounting
Purpose Use the secondary accounting command to set the IP address and port number of
the secondary RADIUS accounting server.
Use the undo secondary accounting command to restore the default IP address and
port number of the secondary RADIUS accounting server.
Syntax secondary accounting ip-address [ port-number ]
undo secondary accounting

port-number Specifies the UDP port number. Valid values are 1 to
65535.
Default By default, the IP addresses of secondary accounting server is at 0.0.0.0 and the port
number is 1813.
Example To set the IP address and UDP port number of the secondary accounting server of the
RADIUS scheme radius1 to 10.110.1.1 and 1813, enter the following:
New Radius scheme
[S4200G-radius-radius1] secondary accounting 10.110.1.1 1813

■ radius scheme
■ state
652 ● secondary authentication 3Com Switch 4200G Family
Command Reference
secondary authentication
Purpose Use the secondary authentication command to set the IP address and port
number of the secondary RADIUS authentication/authorization server.
Use the undo secondary authentication command to restore the default IP

address and port number of the secondary RADIUS authentication/authorization
server.
Syntax secondary authentication ip-address [ port-number ]
undo secondary authentication
Parameters ip-address Specifies the IP address in dotted decimal notation.

port-number Specifies the UDP port number. Valid values are 1 to
65535.
Default By default, the IP addresses of secondary authentication/authorization server is

0.0.0.0 and the port number is 1812.
Example To set the IP address of the second authentication/authorization server of RADIUS

scheme, “3Com”, to 10.110.1.2 and the UDP port 1812 to provide RADIUS
authentication/authorization service, enter the following:
To set the IP address and UDP port number of the secondary

authentication/authorization server used by the RADIUS scheme radius1 to
10.110.1.2 and 1812, enter the following:
New Radius scheme
[S4200G-radius-radius1] secondary authentication 10.110.1.2 1812

■ radius scheme
■ state
3Com Switch 4200G Family security-policy-server ● 653
Command Reference
security-policy-server
Purpose Use the security-policy-server command to set the IP address of a security

policy server.
Use the undo security-policy-server command to remove the IP address

configuration of a security policy server.
Syntax security-policy-server ip-address
undo security-policy-server [ ip-address | all ]
Parameters ip-address The IP address of security policy server.

all The IP addresses of all the security policy servers.
Example Configure the IP address of the security policy server to be 192.168.0.1.
<S4200G>system-view
[S4200G] radius scheme S4200G
[S4200G-radius-S4200G] security-policy-server 192.168.0.1
[S4200G-radius-S4200G] display current-configuration
…
radius scheme S4200G
primary authentication 1.1.11.29 1812
secondary authentication 127.0.0.1 1645
Description For each RADIUS scheme, a maximum of eight security policy servers with different IP
addresses can be configured. While users are surfing the Internet, the switch will only
respond to the session control packets sent from the authentication server and the
security policy server.
654 ● self-service-url 3Com Switch 4200G Family
Command Reference
self-service-url
Purpose Use the self-service-url command to either enable or disable the self-service
server location function.
Use the undo self-service-url command to restore the default state of this
function.
Syntax self-service-url { disable | enable url-string }
undo self-service-url
Parameters url-string Specifies the URL address of the page used to modify
the user password on the self-service server.
url-string is a string that is 1 to 64 characters
long. The string cannot contain the ? character. If the ?
is contained in the URL address, replace it with a |
when inputting the URL address in the command line.
Example Using the default ISP domain system, set the URL of the web page used to modify
user password on the self-service server to
http://10.153.89.94/selfservice/modPasswd1x.jsp|userName, by entering the
following:
[S4200G] domain system
[S4200G-isp-system] self-service-url enable
http://10.153.89.94/selfservice/modPasswd1x.jsp|userName
■ ISP Domain view
Description Note: 3Com's CAMS Server is a service management system used to manage
networks and secure networks and user information. Cooperating with other
network devices (such as switches) in a network, the CAMS Server accomplishes the
AAA (authentication, authorization and accounting) services and rights management.
This command must be used with the cooperation of a self-service-supported RADIUS

server (such as CAMS). Through self-service, users can manage and control their
accounts or card numbers by themselves. A server installed with the self-service
software is called a self-service server.
After this command is executed on the switch, users can locate the self-service server
through the following operation: choose [change user password] on the 802.1x
3Com Switch 4200G Family self-service-url ● 655
Command Reference
client, the client opens the default browser (for example, IE or NetScape) and locates
the specified URL page used to change user password on the self-service server. Then,
the user can change the password.
A user can choose the [change user password] option on the client only after passing
the authentication. If the user fails the authentication, this option is in grey and is
unavailable.
656 ● send 3Com Switch 4200G Family
Command Reference
send
Purpose Use the send command to send messages to a specified user interface or all user
interfaces.
Syntax send { all | number | type }
Parameters all Specifies to send a message to all user interfaces.

number Specifies the absolute/relative number of the interface
that you want to send a message to.
type Specifies the type and type number of the user
interface that you want to send a message to.
Example To send a message to all the user interfaces, enter the following:
<S4200G>send all
■ User view
3Com Switch 4200G Family server-type ● 657
Command Reference
server-type
Purpose Use the server-type command to configure the RADIUS server type supported by
the Switch.
Use the undo server-type to restore the RADIUS server type to the default value.
Syntax server-type { 3com | standard }
undo server-type
Parameters 3Com Specifies the 3Com private RADIUS protocol (such as

the procedure and packet format) to interact with the
3Com RADIUS server, which is generally the CAMS.
standard Specifies to use the standard RADIUS protocol. That is,
it is required that the RADIUS client (on the switch) and
the RADIUS server interact with each other following
the procedure and packet format of the standard
RADIUS protocol (RFC2138/2139 or above).
Default By default, the switch supports the standard type of RADIUS server. The type of
RADIUS server in the default RADIUS scheme "system" is 3Com.
Example To set the RADIUS server type in RADIUS scheme radius1 to 3Com, enter the
following:
New Radius scheme
[S4200G-radius-radius1] server-type 3Com
Description The Switch 4200G supports standard RADIUS protocol and the extended RADIUS
service platform independently developed by 3Com.

658 ● service-type 3Com Switch 4200G Family
Command Reference
service-type
Purpose Use the command service-type to authorize a user access to the specified services.
Use the command undo service-type to inhibit the user for accessing the specified
services.
Syntax service-type { ftp [ ftp-directory directory ] | lan-access |{ssh |

telnet | terminal }* [ level level ]}
undo service-type { ftp [ ftp-directory directory ] | lan-access |{ssh

| telnet | terminal }* [ level level ]}
Parameters ftp Specifies the user type as ftp.

lan-access Specifies the user type as lan-access. For example
Ethernet accessing users using 802.1x applications.
telnet Authorizes the user to access the Telnet.
ssh Specifies user type as SSH.
terminal Authorizes the user to use the terminal service (login
from the Console port).
level level Specifies the level of Telnet, SSH, or terminal users.
Valid values are integers from 0 to 3.
If no value is specified, the default is 0.
ftp-directory directory
Specifies the directory of ftp users. Valid values for
directory are a character string up to 64 characters
long.
Default By default, the user is inhibited from accessing any type of service.
Example To authorize user1 to access the Telnet service, enter the following:
[S4200G-luser-user1] service-type telnet
■ Local User view

3Com Switch 4200G Family service-type ● 659
Command Reference
Description Commands are classified into four levels, as follows:
■ 0 - Visit level. Users at this level have access to network diagnosis tools (such as
ping and tracert), and the Telnet commands. A user at this level cannot save the
configuration file.
■ 1 - Monitoring level. Users at this level can perform system maintenance, service
fault diagnosis, and so on. A user at this level cannot save the configuration file.
■ 2 - System level. Users at this level can perform service configuration operations,
including routing, and can enter commands that affect each network layer.
Configuration level commands are used to provide direct network service to the
user.
■ 3 - Management level. Users at this level can perform basic system operations, and
can use file system commands, FTP commands, TFTP commands, XModem
downloading commands, user management commands and level setting
commands.
660 ● service-type 3Com Switch 4200G Family
Command Reference
service-type
Purpose Use the service-type command to specify the login type and the corresponding
available command level.
Use the undo service-type command to cancel login type configuration.
Syntax service-type { ftp | lan-access | { ssh | telnet | terminal }* [ level

level ] }
undo service-type { ftp | lan-access | { ssh | telnet | terminal }* }
Parameters ftp Specifies the users to be of FTP type.

lan-access Specifies the users to be of LAN-access type, which
normally means Ethernet users, such as 802.1x users.
ssh Specifies the users to be of SSH type.
telnet Specifies the users to be of Telnet type.
terminal Makes terminal services available to users logging in
through the Console port.
level level Specifies the user level for Telnet users, Terminal users,
or SSH users. The level argument ranges from 0 to
Example Configure commands of level 0 are available to the users logging in using the user
name of “zbr”.
[S4200G] local-user zbr
[S4200G-luser-zbr] service-type telnet level 0
To verify the above configuration, you can quit the system, log in again using the user
name of “zbr”, and then list the available commands, as listed in the following.
[S4200G] quit
<S4200G> ?
User view commands:
cluster Run cluster command
language-mode Specify the language environment
ping Ping function
quit Exit from current command view
super Privilege specified user priority level
telnet Establish one TELNET connection
tracert Trace route function
undo Negate a command or set its default
3Com Switch 4200G Family service-type ● 661
Command Reference
■ Local User view
Description Commands fall into four command levels: access, monitor, system, and
administration, which are described as follows:
■ Access level: Commands of this level are used to diagnose network and change
the language mode of user interface, such as the ping, tracert, and
language-mode command. The Telnet command is also of this level.
Commands of this level cannot be saved in configuration files.
■ Monitor level: Commands of this level are used to maintain the system, to debug
service problems, and so on. The display and debugging command are of
monitor level. Commands of this level cannot be saved in configuration files.
■ System level: Commands of this level are used to configure services. Commands
concerning routing and network layers are of system level. You can utilize network
services by using these commands.
■ Administration level: Commands of this level are for the operation of the entire
system and the system supporting modules. Services are supported by these
commands. Commands concerning file system, file transfer protocol (FTP), trivial
file transfer protocol (TFTP), downloading using XModem, user management, and
level setting are of administration level.
662 ● service-type multicast 3Com Switch 4200G Family
Command Reference
service-type multicast
Purpose Use the service-type multicast command to set the current VLAN as a
multicast VLAN.
Use the undo service-type multicast command to cancel the multicast

VLAN setting.
Syntax service-type multicast
undo service-type multicast
Parameters None
Default By default, no VLAN is a multicast VLAN.
Example Configure VLAN 2 as a multicast VLAN.
[S4200G] vlan 2
[S4200G-vlan2] service-type multicast
■ VLAN view
Description By configuring a multicast VLAN, adding corresponding switch ports to the multicast
VLAN and enabling IGMP Snooping, you can make users in different VLANs share the
same multicast VLAN. This saves bandwidth since multicast stream is transmitted only
within the multicast VLAN, and also guarantees the security because the multicast
VLAN is completely isolated from the user VLANs.
3Com Switch 4200G Family set authentication password ● 663
Command Reference
set authentication password
Purpose Use the set authentication password command to set the local password.
Use the undo set authentication password command to remove the local
password.
Syntax set authentication password { cipher | simple } password
undo set authentication password
Parameters cipher Specifies to display the local password in encrypted

text when you display the current configuration.
simple Specifies to display the local password in plain text
when you display the current configuration.
password If the authentication is in the simple mode, the
password must be in plain text. If the authentication is
in the cipher mode, the password can be either in
encrypted text or in plain text. Whether the password
is in encrypted text or plain text depends on the
password string entered. Strings containing up to 16
characters (such as 123) are regarded as plain text
passwords and are converted to the corresponding
24-character encrypted password (such as
!TP<\*EMUHL,408`W7TH!Q!!). A encrypted password
must contain 24 characters and must be in ciphered
text (such as !TP<\*EMUHL,408`W7TH!Q!!).
Default By default, a password is required for users connecting over Modem or Telnet. If a
password has not been set, the following prompt is displayed: Login password has
not been set!
Example Set the local password of VTY 0 to "3Com".
<S4200G>system-view
[S4200G]user-interface vty 0
[S4200G-ui-vty0]set authentication password simple 3com
Description The password in plain text is required when performing authentication, regardless of
whether the configuration is plain text or cipher text.
664 ● sftp 3Com Switch 4200G Family
Command Reference
sftp
Purpose Use the sftp command to establish a connection to the SFTP server and enter SFTP
client view.
Syntax sftp { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 |

dh_exchange_group } ] [ prefer_ctos_cipher { des | aes128 } ] [
prefer_stoc_cipher { des | aes128 } ] [ prefer_ctos_hmac { sha1 |
sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 |
md5_96 } ]
Parameters host-ip IP address of the server.

host-name Name of the server, consisting of a string from 1 to 20
characters long.
port-num Port number of the server. Valid values are 0 to 65,535.
If not specified, the default port number is 22.
prefer_kex Key exchange algorithm preference. Choose one of
the two algorithms available.
dh_group1 Diffie-Hellman-group1-sha1 key exchange algorithm. It
is the default key exchange algorithm.
dh_exchange_group Diffie-Hellman-group-exchange-sha1 key exchange
algorithm.
prefer_ctos_cipher Encryption algorithm preference from the client to
server. It defaults to AES128.
prefer_stoc_cipher Encryption algorithm preference from the server to
client. It defaults to AES128.
des DES_cbc encryption algorithm.
aes128 AES_128 encryption algorithm.
prefer_ctos_hmac HMAC algorithm preference from the client to server.
It defaults to SHA1_96.
prefer_stoc_hmac HMAC algorithm preference from the server to client.
It defaults to SHA1_96.
sha1 HMAC-SHA1 algorithm.
sha1_96 HMAC-SHA1_96 algorithm.
md5 HMAC-MD5 algorithm.
md5_96 HMAC-MD5-96 algorithm.
Example Establish a connection to the SFTP server with IP address 10.1.1.2 and use the default
encryption algorithms.
[S4200G] sftp 10.1.1.2
3Com Switch 4200G Family sftp ● 665
Command Reference
■ System view
666 ● sftp server enable 3Com Switch 4200G Family
Command Reference
sftp server enable
Purpose Use the sftp server enable command to enable the secure FTP (SFTP) server.
Use the undo sftp server enable command to disable the SFTP server.
Syntax sftp server enable
undo sftp server
Parameters None
Default By default, the SFTP server is disabled.
Example Enable the SFTP server.
[S4200G] sftp server enable
Disable the SFTP server.
[S4200G] undo sftp server
■ System view
3Com Switch 4200G Family sftp time-out ● 667
Command Reference
sftp time-out
Purpose Use the sftp time-out command to set the timeout time for the SFTP user
connection.
Use the undo sftp time-out command to restore the default timeout time.
Syntax sftp time-out time-out-value
undo sftp time-out
Parameters time-out-value Timeout time. Valid values are 1 to 35,791 minutes.

Example Set the timeout time for the SFTP user connection to 500 minutes.
[S4200G] sftp timeout 500
■ System view
Description After you set the timeout time for the SFTP user connection, the system will
automatically release the connection when the time is up.
668 ● shell 3Com Switch 4200G Family
Command Reference
shell
Purpose Use the shell command to make terminal services available for the user interface.
Use the undo shell command to make terminal services unavailable to the user
interface.
Syntax shell
undo shell
Parameters None
Default By default, terminal services are available in all user interfaces.
Example Log into user interface 0 and make terminal services unavailable in VTY 0 through
VTY 4.
<S4200G>system-view
[S4200G]user-interface vty 0 4
[S4200G-ui-vty0-4]undo shell
Description When using the undo shell command, note the following points.
■ For reasons of security, the undo shell command can only be used on user
interfaces other than the AUX user interface. The AUX port (also the Console) is
exclusively used for configuring the switch.
■ You cannot use this command on the current user interface.
■ This command prompts for confirmation when being executed in any valid user
interface.
3Com Switch 4200G Family shutdown ● 669
Command Reference
shutdown
Purpose Use the shutdown command to disable an Ethernet port.
Use the undo shutdown command to enable an Ethernet port.
Syntax shutdown
undo shutdown
Parameters None
Default By default, the Ethernet port is enabled.
Example Enable the GigabitEthernet1/0/1 port.
<S4200G>system-view
[S4200G-GigabitEthernet1/0/1]undo shutdown

670 ● shutdown 3Com Switch 4200G Family
Command Reference
shutdown
Purpose Use the shutdown command to disable the VLAN interface.
Use the undo shutdown command to enable the VLAN interface.
Syntax shutdown
undo shutdown
Parameters None
Default By default, a management VLAN interface is down if all the Ethernet ports in the
management VLAN are down, and the management VLAN interface is up if one or
more Ethernet ports in the management VLAN are up.
Example Bring up the management VLAN interface. (Assume that VLAN 1 is the management
VLAN.)
[S4200G-Vlan-interface1] undo shutdown
Description This command can be used to start the interface after the related parameters and
protocols of VLAN interface are set. Or when the VLAN interface fails, the interface
can be shut down first and then restarted, in this way, the interface may be restored
to normal status. Shutting down or starting VLAN interface will not take any effect on
any Ethernet port of this VLAN.
3Com Switch 4200G Family smarton ● 671
Command Reference
smarton
Purpose Use the smarton command to enable the SmartOn function for an Ethernet port
with supplicant systems attached.
Use the undo smarton command to disable the SmartOn function.
Syntax smarton
undo smarton
Parameters None
Default By default, the SmartOn function is disabled.
Example To enter system view, enter the following:
To enter GigabitEthernet1/0/2 port view, enter the following:
To enable 802.1x authentication and the SmartOn function, enter the following:
[S4200G-GigabitEthernet1/0/2] dot1x
802.1X is enabled on port GigabitEthernet1/0/2
Description Caution: When executing the smarton command, make sure 802.1x authentication
is enabled on the port.
672 ● smarton password 3Com Switch 4200G Family
Command Reference
smarton password
Purpose Use the smarton password command to set the password to be used by the
SmartOn function.
Use the undo smarton password command to revert to the default password.
Syntax smarton password { cipher password | simple password }
undo smarton password
Parameters cipher Specifies to enter ciphered password.

simple Specifies to enter password in plain text.
Password Password to be set. This argument is a string
comprising up to 16 characters.
Default The default password is NULL.
Example To Enter system view. enter the following:
To set the password to be used by the SmartOn function to Test, enter the following:
[S4200G] smarton password Test
■ System view
3Com Switch 4200G Family smarton switchid ● 673
Command Reference
smarton switchid
Purpose Use the smarton switchid command to set the switch ID.
Use the undo smarton switchid command to revert to the default switch ID.
Syntax smarton switchid switch-ID
undo smarton switchid
Parameters switch-ID Specifies the switch ID. This argument is a string

comprised of up to 30 characters.
Default The default switch ID is NULL.
Example To enter system view and set the switch ID to Switch, enter the following:
[S4200G] smarton switchid Switch
■ System view
674 ● smarton timer 3Com Switch 4200G Family
Command Reference
smarton timer
Purpose Use the smarton timer command to set the supplicant timeout timer for
SmartOn-enabled supplicant systems.
Use the undo smarton timer command to revert to the default supplicant timeout
timer setting.
Syntax smarton timer { supp-timeout supp-timeout-value | max-tx value }
undo smarton timer { supp-timeout | max-tx }
Parameters supp-timeout Sets the supplicant timeout timer.

supp-timeout-value Value of the supplicant timeout timer (in seconds). This
argument ranges from 10 to 120 and defaults to 30.
After sending an authentication request packet to an
802.1x client, a switch sends another authentication
request packet if the switch does not receive responses
from the SmartOn-enabled 802.1x client when the
supplicant timeout timer expires.
max-tx value Specifies the maximum number of retries to send
authentication request packets. The value argument
ranges from 1 to 10 and defaults to 3. The SmartOn
checking ends if the maximum number of retries to
send authentication request packets is reached.
Default Normally, the default supplicant timeout timer setting is recommended.
Example To enter system view and set the supplicant timeout timer to 50 seconds, enter the
following:
[S4200G] smarton timer supp-timeout 50
■ System view
3Com Switch 4200G Family snmp-agent ● 675
Command Reference
snmp-agent
Purpose Use the snmp-agent command to enable SNMP Agent.
Use the undo snmp-agent command to disable SNMP Agent.
Syntax snmp-agent
undo snmp-agent
Parameters None
Default By default, SNMP Agent is disabled.
Example Disable running SNMP Agent.

[S4200G] undo snmp-agent
■ System view
Related Command None

676 ● snmp-agent community 3Com Switch 4200G Family
Command Reference
snmp-agent community
Purpose Use the snmp-agent community command to set a community name and to enable
users to access the switch through SNMP. You can also optionally use this command
to apply an ACL to filter network management users.
Use the undo snmp-agent community command to cancel community-related

configuration for the specified community.
Syntax snmp-agent community { read | write } community-name [ mib-view

view-name ] [ acl acl-number ] ]
undo snmp-agent community community-name
Parameters read Specifies that the community has read-only permission

in the specified view.
write Specifies that the community has read/write
permission in the specified view.
community-name Community name character string.
mib-view Sets the name of the MIB view accessible to the
community.
view-name MIB view name.
acl acl-number Specifies the ACL number. The acl-number argument
ranges from 2,000 to 2,999.
Default By default, SNMPV1 and SNMPV2C access a switch by community names
Example Set the community name to "3Com", enable users to access the switch in the name
of the community (with read-only permission), and apply ACL 2,000 to filter network
management users (assuming that ACL 2000 already exists.).
[S4200G] snmp-agent community read 3Com acl 2000
■ System view
3Com Switch 4200G Family snmp-agent community ● 677
Command Reference
Purpose Use the snmp-agent community command to set the community access name and
enable access to SNMP.
Use the undo snmp-agent community command to cancel the settings of

community access name.
Syntax snmp-agent community { read | write } community-name [ mib-view

view-name ] [ acl acl-list ] ]
undo snmp-agent community community-name
Parameters read Indicates that MIB object can only be read. Only the
read-only community can query device information.
write Indicates that MIB object can be read and written. The
read-write community can configure the device.
community-name The community name, a character string of 1 to 32
characters.
view-name The MIB view name, a character string of 1 to 32
characters.
acl acl-list The basic access control list (ACL) number specified by
the community, ranging from 2,000 to 2,999.
Example Configure community name as comaccess and permit read-only access by this
community name.
[S4200G] snmp-agent community read comaccess
Configure community name as mgr and permit read-write access.
[S4200G] snmp-agent community write mgr
Remove community name comaccess.
[S4200G] undo snmp-agent community comaccess
■ System view
678 ● snmp-agent group 3Com Switch 4200G Family
Command Reference
snmp-agent group
Purpose Use the snmp-agent group command to configure a SNMP group. You can also
optionally use this command to apply an ACL to filter network management users.
Use the undo snmp-agent group command to delete a specified SNMP group.
Syntax snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [

write-view write-view ] [ notify-view notify-view ] [ acl acl-number]
undo snmp-agent group { v1 | v2c } group-name
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view

read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl
acl-number ]
undo snmp-agent group v3 group-name [ authentication | privacy ]
Parameters v1 Specifies to adopt V1 security scheme.

v2 Specifies to adopt V2 security scheme.
v3 Specifies to adopt V3 security scheme.
group-name Specifies a group name, up to 32 characters in length.
authentication Specifies to authenticate SNMP data without
encrypting the data.
privacy Specifies that the packet is authenticated and
encrypted.
read-view Sets a read-only view.
read-view Name of the view to be set to read-only, up to 32
write-view Sets a readable & writable views.
write-view Name of the view to be set to readable and writable,
up to 32 characters in length.
notify-view Sets a notifying view.
notify-view Name of the view to be set to a notifying view, up to
32 characters in length.
acl acl-number Specifies an ACL. The acl-number argument ranges
from 2,000 to 2,999.
Example Create a SNMP group named "3Com" and apply ACL 2001 to filter network
management users (assuming that ACL 2001 already exists).
[S4200G] snmp-agent group v1 3Com acl 2001
3Com Switch 4200G Family snmp-agent group ● 679
Command Reference
■ System view
Description 3Com recommends that you do not use the notify-view parameter when
configuring an SNMP group, for the following reasons:
■ The snmp-agent target-host command automatically generates a notify-view

for a user, and adds it to the corresponding group.
■ Any change of the SNMP group notify-view will affect all the users related to
this group.
680 ● snmp-agent group 3Com Switch 4200G Family
Command Reference
snmp-agent group
Purpose Use the snmp-agent group command to configure a new SNMP group, that is, to
map SNMP user to SNMP view.
Use the undo snmp-agent group command to cancel a specified SNMP group.
Syntax For Versions V1 and V2C:
snmp-agent group { v1 | v2c } group_name [ read-view read-view ] [

write-view write-view ] [ notify-view notify-view ] [ acl acl-list ]
undo snmp-agent group { v1 | v2c } group-name
For Version V3:
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view

read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl
acl-list ]
undo snmp-agent group v3 group-name [ authentication | privacy ]
Parameters v1 Specifies to use version V1.

v2c Specifies to use version V2c.
v3 Specifies to use version V3.
group-name Enter a group name, up to 32 characters in length.
authentication Configures to authenticate the packet without
encryption.
privacy Configures to authenticate and encrypt the packet.
read-view Configures read-only view settings.
read-view Enter a read-only view name, up to 32 characters in
length.
write-view Configures read and write view settings.
write-view Enter a read and write view name, up to 32 characters
in length.
notify-view Configures notify view settings.
notify-view Enter a notify view name, up to 32 characters in
length.
acl acl-list Enter the access control list for this group name.
Example Create SNMP group 1.
3Com Switch 4200G Family snmp-agent group ● 681
Command Reference
[S4200G] snmp-agent group v3 group1
System view
Description 3Com recommends that you do not use the notify-view parameter when
configuring an SNMP group, for the following reasons:
■ The snmp-agent target-host command automatically generates a notify-view

for a user, and adds it to the corresponding group.
■ Any change of the SNMP group notify-view will affect all the users related to
this group.
Related Command ■ snmp-agent mib-view

■ snmp-agent usm-user
682 ● snmp-agent local-engineid 3Com Switch 4200G Family
Command Reference
snmp-agent local-engineid
Purpose Use the snmp-agent local-engineid command to set the engine ID of the local
SNMP entity.
Use the undo snmp-agent local-engineid command to restore the default setting
of engine ID.
Syntax snmp-agent local-engineid engineid
undo snmp-agent local-engineid
Parameters engineid Specifies the engine ID with a character string, only

composed of hexadecimal numbers between 10 and
64 inclusive.
Example Configure the local device name as 123456789A.
[S4200G] snmp-agent local-engineid 123456789A
■ System view
Description By default, the device engine ID is "Enterprise Number + device information". Device
information is determined according to different products. It can be IP address, MAC
address or user-defined hexadecimal numeral string.
Related Command ■ snmp-agent usm-user

3Com Switch 4200G Family snmp-agent log ● 683
Command Reference
snmp-agent log
Purpose Use the snmp-agent log command to enable the logging function for network
management.
Use the undo snmp-agent log command to disable the logging function.
Syntax snmp-agent log { set-operation | get-operation | all }
undo snmp-agent log { set-operation | get-operation | all }
Parameters set-operation Logs the information about the set operation.

get-operation Logs the information about the get operation.
all Logs the information about both the get and set
operations.
Default By default, the logging function is disabled.
Example Enable the logging function for both the get and the set operations.
[S4200G] snmp-agent log all
■ System view
Description You can use the display logbuffer command to display logging information for the get
and the set operations sent from network management station (NMS).
■ In a network that contains no fabric, you can use the display logbuffer
command to view the logs of the get and set operations performed by the
network administrator.
■ As for a fabric, you can execute the display logbuffer command on the
master device to view the logs of the set operations performed by the network
administrator, and execute the display logbuffer command on the devices
to which the get operations are performed to view the logs of corresponding get
operations.
684 ● snmp-agent mib-view 3Com Switch 4200G Family
Command Reference
snmp-agent mib-view
Purpose Use the snmp-agent mib-view command to create or update the view information,
limiting the MIB objects to be accessed by the NMS.
Use the undo snmp-agent mib-view command to cancel the current setting.
Syntax snmp-agent mib-view { included | excluded } view-name oid-tree
undo snmp-agent mib-view view-name
Parameters included Includes this MIB subtree.

excluded Excludes this MIB subtree.
view-name Specifies the view name, consisting of a character
oid-tree The OID MIB subtree of the MIB object subtree. It can
be a character string of the variable OID (such as
1.4.5.3.1), or a variable name (such as system). The
character string can include wildcards (such as
1.4.5.*.*.1).
Default By default, the view name is viewDefault. OID is 1.
Example Create a view that consists of all the objects of MIB2.
[S4200G] snmp-agent mib-view included mib2 1.3.6.1
■ System view
Related Command snmp-agent group

3Com Switch 4200G Family snmp-agent packet max-size ● 685
Command Reference
snmp-agent packet max-size
Purpose Use the snmp-agent packet max-size command to set the maximum size of SNMP
packet that the Agent can send/receive.
Use the undo snmp-agent packet max-size command to restore the default size of
SNMP packet.
Syntax snmp-agent packet max-size max-size
undo snmp-agent packet max-size
Parameters max-size Specifies the maximum size of SNMP packet (measured

in bytes) that the agent can send or receive. Valid
values are 484 to 17940 bytes.
If not specified, the default size is 1500 bytes.
Example Set the maximum size of SNMP packet that the Agent can send/receive to 1,042
bytes.
[S4200G] snmp-agent packet max-size 1042
■ System view
Description The sizes of the SNMP packets received/sent by the Agent are different in different
network environments.
686 ● snmp-agent sys-info 3Com Switch 4200G Family
Command Reference
snmp-agent sys-info
Purpose Use the snmp-agent sys-info command to configure system information such as
geographical location of the device, contact information for system maintenance and
version information of running SNMP.
Use the undo snmp-agent sys-info location command to restore the default
value.
Syntax snmp-agent sys-info { contact sys-contact | location sys-location |

version { { v1 | v2c | v3 } * | all } }
undo snmp-agent sys-info {{ contact | location | version { { v1 | v2c |

v3 }* | all }}
Parameters sys-contact A character string describing the system maintenance

contact. Valid values are 1 to 255 characters long.
If not specified, the default contact information is
"3Com Marlborough USA".
sys-location A character string to describe the system location.
If not specified, the default character string is
"Marlborough USA".
version Version of running SNMP.
v1 SNMP V1.
v2c SNMP V2C.
v3 SNMP V3.
all All SNMP version (includes SNMP V1, SNMP V2C,
SNMP V3).
Example Set contact information for system maintenance as Dial System Operator # 1234.
[S4200G] snmp-agent sys-info contact Dial System Operator # 1234
■ System view
Related Command diplay snmp-agent sys-info

3Com Switch 4200G Family snmp-agent target-host ● 687
Command Reference
snmp-agent target-host
Purpose Use the snmp-agent target-host command to command to configure destination

of SNMP Trap packets.
Use the undo snmp-agent target-host command to cancel the host currently
configured to receive SNMP notification.
Syntax snmp-agent target-host trap address udp-domain ip-addr [ udp-port

udp-port-number ] params securityname security-string [ v1 | v2c | v3 [
authentication | privacy ] ]
undo snmp-agent target-host ip-addr securityname security-string
Parameters trap Specifies the host to receive traps or notifications

address Specifies the transport address to be used in the
generation of SNMP messages.
udp-domain Specifies the transport domain over UDP for the target
address.
ip-addr The IPv4 address of the host receiving Trap packets.
udp-port udp-port-number Specifies the UDP port number of the host to receive
the SNMP notification.
params Specifies the SNMP target host information to be used
in the generation of SNMP messages.
security-string The community name of SNMP V1 and SNMP V2C, or
SNMP V3 user name, ranging from 1 to 32 characters.
v1 Specifies SNMP version 1.
v2c Specifies SNMP version 2C.
v3 Specifies SNMP version 3.
authentication Specifies that the packet is authenticated without
encryption.
privacy Specifies that the packet is authenticated and
encrypted.
Example Enable sending SNMP Trap packets to 10.1.1.1 with community name public.
[S4200G] snmp-agent trap enable standard
securityname public
688 ● snmp-agent target-host 3Com Switch 4200G Family
Command Reference
Description The snmp-agent target-host command and the snmp-agent trap enable or enable
snmp trap updown command must be used at the same time on the device to send
Trap packets.
■ Use the snmp-agent trap enable or enable snmp trap updown command to set
Trap packets allowed to send (all Trap packets can be sent by default).
■ Use the snmp-agent target-host command to set the address of the destination
host receiving SNMP Trap packets.
■ System view
Related Command ■ snmp-agent trap enable

■ snmp-agent trap source
■ snmp-agent trap life
3Com Switch 4200G Family snmp-agent trap enable ● 689
Command Reference
snmp-agent trap enable
Purpose Use the snmp-agent trap enable command to enable the device to send Trap
packets.
Use the undo snmp-agent trap enable command to disable Trap package sending.
Syntax snmp-agent trap enable [ configuration | flash | standard [

authentication | coldstart | linkdown | linkup | warmstart ]* | system
]
undo snmp-agent trap enable [ configuration | flash | standard [

authentication | coldstart | linkdown | linkup | warmstart ]* | system
]
Parameters configuration Configure to send SNMP configuration Trap packets.

flash Configure to send SNMP flash Trap packets.
standard Configures to send SNMP standard notification or Trap
messages.
authentication Sends SNMP authentication failure Trap messages in
cases of authentication failures.
coldstart Configures to send SNMP cold start Trap messages
when the device is rebooted.
linkdown Configures to send SNMP link down Trap messages
when the port is down.
linkup Configures to send SNMP link up Trap messages when
the port is up.
warmstart Configures to send SNMP warm start Trap messages
when SNMP is rebooted.
system Configures to send sysMIB (private MIB) Trap
messages.
Default By default, Trap message sending is enabled.
Example Enable to send the Trap packet of SNMP authentication failure to 10.1.1.1. The
community name is public.
[S4200G] snmp-agent trap enable authentication
securityname public
■ System view
690 ● snmp-agent trap enable 3Com Switch 4200G Family
Command Reference
Description The snmp-agent trap enable and snmp-agent target-host commands

must be used at the same time. The snmp-agent target-host command
specifies which hosts can receive Trap message. However, to send Trap message, you
must configure snmp-agent target-host command.
3Com Switch 4200G Family snmp-agent trap life ● 691
Command Reference
snmp-agent trap life
Purpose Use the snmp-agent trap life command to set aging time for Trap packets.
Use the undo snmp-agent trap life command to restore the default aging time for
Trap packets.
Syntax snmp-agent trap life seconds
undo snmp-agent trap life
Parameters seconds Specifies the timeouts (in seconds). Valid values are 1
to 2,592,000.
If not specified, the default timeout interval is 120
seconds.
Example Configure the timeout interval of Trap packet as 60 seconds.
<S4200G>system-view
[S4200G] snmp-agent trap life 60
■ System view
Description The Trap packets exceeding the aging time are discarded.
Related Commands ■ snmp-agent trap enable

■ snmp-agent target-host
692 ● snmp-agent trap queue-size 3Com Switch 4200G Family
Command Reference
snmp-agent trap queue-size
Purpose Use the snmp-agent trap queue-size command to configure the information
queue length of a Trap packet sent to the destination host.
Use the undo snmp-agent trap queue-size command to restore the default value.
Syntax snmp-agent trap queue-size size
undo snmp-agent trap queue-size
Parameters size Length of queue. Valid values are 1 to 1000.

If not specified, the default length is 100.
Example Configure the queue length to 200.
[S4200G] snmp-agent trap queue-size 200
■ System view
Related Commands ■ snmp-agent trap enable

■ snmp-agent trap life
3Com Switch 4200G Family snmp-agent trap source ● 693
Command Reference
snmp-agent trap source
Purpose Use the snmp-agent trap source command to configure the source address for
sending Trap messages.
Use the undo snmp-agent trap source command to cancel the source address for
sending Trap messages.
Syntax snmp-agent trap source interface-type interface-number
undo snmp-agent trap source

Default By default, SNMP chooses an outgoing interface.
Example Configure the IP address of the VLAN interface 1 as the source address for
transmitting the Trap packets.
[S4200G] snmp-agent trap source Vlan-interface 1
■ System view
Description The SNMP Trap message sent from a server has a source IP address no matter which
interface the Trap message is sent from.
You can configure this command to trace a specific event using the source address of
a Trap packet
Note: Before setting the IP address of an interface address as the source address of
the sent Trap packet, you must configure an IP address for the interface.
694 ● snmp-agent usm-user 3Com Switch 4200G Family
Command Reference
snmp-agent usm-user
Purpose Use the snmp-agent usm-user command to add a new community name or, if you
use the V3 parameter, a new user to an SNMP group.
Use the undo snmp-agent usm-user command to delete a user from an SNMP
group.
Syntax snmp-agent usm-user { v1 | v2c } username groupname [ acl acl-list ]
undo snmp-agent usm-user { v1 | v2c } username groupname
snmp-agent usm-user v3 username groupname [ authentication-mode { md5 |

sha } authpassstring [ privacy-mode { des56 privpassstring }]]
[ acl acl-list ]
undo snmp-agent usm-user v3 username groupname { local | engineid

engine-id }
Parameters username Enter the user name, up to 32 characters in length.

groupname Enter the group name corresponding to that user, up
to 32 characters in length.
v1 Specifies the use of V1 safe mode.
v2c Specifies the use of V2c safe mode.
authentication-mode Specifies the use of authentication.
md5 Specifies that the MD5 algorithm is used in
authentication. MD5 authentication uses a128-bit
password. The computation speed of MD5 is faster
than that of SHA
sha Specifies that the SHA algorithm is used in
authentication. SHA authentication uses a 160-bit
password. The computation speed of SHA is slower
than that of MD5, but SHA offers higher security.
authpassstring Enter the authentication password, up to 64 characters
in length.
privacy-mode Specifies the use of authentication and encryption.
des 56 Specifies that the DES encryption algorithm is used.
Must be entered if you enter the privacy-mode
parameter.
privpassstring Enter the encryption password with a character string,
ranging from 1 to 64 bytes.
acl acl-list Enter the access control list for this user, based on USM
name.
3Com Switch 4200G Family snmp-agent usm-user ● 695
Command Reference
Example To add a user named “JohnQ” to the SNMP group “3Com”, then configure the use
of MD5, and set the authentication password to “pass”, enter the following:
[SW4200G]snmp-agent usm-user v3 JohnQ 3Com authentication-mode md5 pass
[SW4200G]
■ System view
Description Note:
■ SNMP engineID (for authentication) is required when configuring remote users.
This command will not be effective if engineID is not configured.
■ For V1 and V2C, this command will add a new community name. For V3, it will
add a new user for an SNMP group. See Related Commands below.
Related Commands ■ display snmp-agent

■ snmp-agent local engineid
Command Reference
snmp-agent usm-user
Purpose Use the snmp-agent usm-user command to add a new user to an SNMP group. You
can also optionally use this command to apply an ACL to filter network management
users.
Use the undo snmp-agent usm-user command to remove the user from the
corresponding SNMP group. The operation also frees the user from the corresponding
ACL-related configuration.
Syntax snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number

]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5

| sha } auth-password ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid

engineid-string }
Parameters v1 Specifies to adopt V 1 security mode.

v2c Specifies to adopt V 2 security mode.
v3 Specifies to adopt V 3 security mode.
user-name The user name. Valid values are from 1 to 32 bytes.
group-name The corresponding group name of the user. Valid
values are from 1 to 32 bytes.
authentication-mode Specifies the security level to "to be authenticated"
md5 Specifies the authentication protocol as
HMAC-MD5-96.
sha Specifies the authentication protocol as
HMAC-SHA-96.
auth-password Authentication password, consisting of a character
string from 1 to 64 bytes.
privacy Specifies the security level as encryption.
des56 Specifies the DES encryption protocol.
priv-password Encryption password, character string, ranging from 1
to 64 bytes.
acl acl-number The number identifier of basic number-based ACLs,
local Local entity user.
engineid Specifies the engine ID related to the user.
engineid-string Engine ID character string, comprised of 10 to 64
characters.
Command Reference
Example Add the user named "3Com" to the SNMP group named "3Comgroup", specifying
to authenticate the user, specifying the authentication protocol to be
HMAC-MD5-96, the authentication password to be "S4200G", and applying ACL
2002 to filter network management users (assuming that ACL 2002 already exists).
[S4200G] snmp-agent usm-user v3 3Com 3Comgroup authentication-mode md5
S4200G acl 2002
■ System view
Command Reference
snmp-agent usm-user
Purpose Use the snmp-agent usm-user command to add a new user to an SNMP group.
Use the undo snmp-agent usm-user command to remove the user from the related
SNMP group.
Syntax For Versions V1 and V2C:
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number

]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
For Version V3:
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5

| sha } auth-password ] [ privacy-mode des56 priv-password ][ acl
acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid

engineid-string }
Parameters v1 V 1 security mode.

v2c V 2 security mode.
v3 V 3 security mode.
user-name The user name. Valid values are from 1 to 32
characters.
group-name The corresponding group name of the user. Valid
values are from 1 to 32 characters.
authentication-mode Specifies the security level to "to be authenticated."
Absence of this parameter indicates that neither
authentication nor encryption is required.
md5 Specifies the authentication protocol as
HMAC-MD5-96 algorithm.
sha Specifies the authentication protocol as
HMAC-SHA-96 algorithm.
auth-password Authentication password, consisting of a character
privacy Specifies the security level as encryption.
des56 Specifies the DES encryption protocol.
priv-password Encryption password, character string, ranging from 1
to 64 bytes.
acl-number The number identifier of basic number-based ACLs,
local Represents a local entity user.
Command Reference
engineid Specifies the engine ID related to the user.

engineid-string Specifies the engine ID character string, ranging from
10 to 64 hexadecimal numerals.
Example Add a user John to SNMP group Johngroup. Configure to authenticate using
HMAC-MD5-96 algorithm, require authentication and set authentication password as
hello.
[S4200G] snmp-agent group v3 Johngroup
[S4200G] snmp-agent usm-user v3 John Johngroup authentication-mode md5
hello
■ System view
Description The snmp-agent usm-user command is used to delete the stopping accounting
requests from the Switch buffer.
While using SNMPV3, SNMP engineID (for authentication) is required when you
configure a remote user for an agent. If you change engineID after configuring a user,
the user corresponding to the original engineID is not effective.
For V1 and V2C, this command will add a new community name. For V3, it will add a
new user for an SNMP group.
Related Commands ■ snmp-agent group

■ snmp-agent community
■ snmp-agent local-enginid
Command Reference
snmp-agent usm-user
Purpose Use the snmp-agent usm-user command to add a new community name or, if you
use the V3 parameter, a new user to an SNMP group.
Use the undo snmp-agent usm-user command to delete a user from an SNMP
group.
Syntax snmp-agent usm-user { v1 | v2c } username groupname [ acl acl-list ]
undo snmp-agent usm-user { v1 | v2c } username groupname
snmp-agent usm-user v3 username groupname [ authentication-mode { md5 |

sha } authpassstring [ privacy-mode { des56 privpassstring }]]
[ acl acl-list ]
undo snmp-agent usm-user v3 username groupname { local | engineid

engine-id }
Parameters username Specifies the user name, consisting of a character

string from 1 to 32 characters in length.
groupname Specifies the group name corresponding to that user,
consisting of a character string from 1 to 32 characters
in length.
v2c Specifies the use of V2c safe mode.
authentication-mode Specifies the use of authentication.
md5 Specifies that the MD5 algorithm is used in
authentication. MD5 authentication uses a128-bit
password. The computation speed of MD5 is faster
than that of SHA
sha Specifies that the SHA algorithm is used in
authentication. SHA authentication uses a 160-bit
password. The computation speed of SHA is slower
than that of MD5, but SHA offers higher security.
authpassstring Enter the authentication password, up to 64 characters
in length.
privacy-mode Specifies the use of authentication and encryption.
des 56 Specifies that the DES encryption algorithm is used.
Must be entered if you enter the privacy-mode
parameter.
privpassstring Specifies the encryption password with a character
string from 1 to 64 bytes.
acl acl-list Specifies the access control list for this user, based on
USM name.
Command Reference
Example To add a user named “JohnQ” to the SNMP group “3Com”, then configure the use
of MD5, and set the authentication password to “pass”, enter the following:
[SW4200G]snmp-agent usm-user v3 JohnQ 3Com authentication-mode md5 pass
[SW4200G]
■ System view
Description Note:
■ SNMP engineID (for authentication) is required when configuring remote users.
This command will not be effective if engineID is not configured.
■ For V1 and V2C, this command will add a new community name. For V3, it will
add a new user for an SNMP group. See Related Commands below.
Related Commands ■ display snmp-agent

■ snmp-agent usm-user
702 ● snmp-host 3Com Switch 4200G Family
Command Reference
snmp-host
Purpose Use the snmp-host command to configure an SNMP host for the member devices
inside a cluster on the management device.
Use the undo snmp-host command to cancel the SNMP host configuration.
Syntax snmp-host ip-address
undo snmp-host
Parameters ip-address IP address of the SNMP host configured for the cluster.
Default By default, no public SNMP host is configured.
Example Configure an SNMP host for the cluster on the management device.
[aaa_0.S4200G-cluster] snmp-host 1.0.0.9
■ Cluster view
Description Only after you configure the IP address of the network management site for the
cluster, cluster members can send the trap information to the site through the
management device.
These commands can only be executed on the management device.

3Com Switch 4200G Family speed ● 703
Command Reference
speed
Purpose Use the speed command to set the transmission speed of the user interface.
Use the undo speed command to revert to the default transmission speed.
Syntax speed speed-value
undo speed
Parameters speed-value Specifies the transmission rate on the AUX (Console)

port in bits per second (bps). Valid values are any of the
following: 300, 600, 1200, 2400, 4800, 9600, 19200,
38400, 57600, or 115200.
If not specified, the default rate is 9,600 bps.
Example To configure the transmission speed on the AUX (Console) port as 9600 b/s, enter the
following:
<S4200G>system-view
[S4200G-ui-aux0]speed 9600
Description Note: The speed and undo speed commands can only be performed in AUX User
Interface view
704 ● speed 3Com Switch 4200G Family
Command Reference
speed
Purpose Use the speed command to configure the port rate.
Use the undo speed command to restore the default port rate.
Syntax speed { 10 | 100 | 1000 | auto }
undo speed
Parameters 10 Sets the port rate to 10 Mbps.

100 Sets the port rate to 100 Mbps.
1000 Sets the port rate to 1000 Mbps. (Only available on
Gigabit ports).
auto Sets the port speed to auto-negotiation rate mode.
Default By default, the port is in auto-negotiation rate mode.
Example Set the rate of the GigabitEthernet1/0/1 port to 10 Mbps.
<S4200G>system-view
[S4200G-Ethernet1/0/1]speed 10
Description Note: The speed and undo speed commands cannot be configured on a combo
port.
Related Command duplex

3Com Switch 4200G Family ssh client assign rsa-key ● 705
Command Reference
ssh client assign rsa-key
Purpose Use the ssh client assign rsa-key command to specify on the client the
public key for the server to be connected to guarantee the client can be connected to
a reliable server.
Use the undo ssh client assign rsa-key command to remove the
association between the public keys and servers.
Syntax ssh client { server-ip | server-name } assign rsa-key keyname
undo ssh client server-ip assign rsa-key
Parameters server-ip Server IP address.

server-name Server name, consisting of a string from 1 to 80
characters long.
keyname Server public key name, consisting of a string from 1 to
64 characters long.
Example Specify on the client the public key of the server (with IP address 192.168.0.1) as abc.
[S4200G] ssh client 192.168.0.1 assign rsa-key abc
■ System view
706 ● ssh client first-time enable 3Com Switch 4200G Family
Command Reference
ssh client first-time enable
Purpose Use the ssh client first-time enable command to configure the client to
run the initial authentication.
Use the undo ssh client first-time command to remove the configuration.
Syntax ssh client first-time enable
undo ssh client first-time
Parameters None
Default By default, the client runs the initial authentication.
Example Configure the client to run the initial authentication.
[S4200G] ssh client first-time enable
■ System view
Description In the initial authentication, if the SSH client does not have the public key for the
server which it accesses for the first time, the client continues to access the server and
save locally the public key of the server. Then at the next access, the client can
authenticate the server with the public key saved locally.
When the initial authentication function is not available, the client does not access
the server if it does not have the public key of the server locally. In this case, you need
first to save the public key of the target server to the client in other ways.
3Com Switch 4200G Family ssh server authentication-retries ● 707
Command Reference
ssh server authentication-retries
Purpose Use the ssh server authentication-retries command to set

authentication retry number for SSH connections.
Use the undo ssh server authentication-retries command to restore

the default authentication retry number. The default value takes effect at next login.
Syntax ssh server authentication-retries times
undo ssh server authentication-retries
Parameters times Authentication retry number. Valid values are 1 to 5.

Example Set the authentication retry number to 4.
[S4200G] ssh server authentication-retries 4
■ System view
Description Note: If you have used the ssh user authentication-type command to configure the
authentication type to password-publickey, you must set the authentication retry
times to a number greater than or equal to 2, for one is counted when a client sends
a public key to the server.
Related Command display ssh server

708 ● ssh server timeout 3Com Switch 4200G Family
Command Reference
ssh server timeout
Purpose Use the ssh server timeout command to set authentication timeout time for
SSH connections.
Use the undo ssh server timeout command to restore the default timeout
time. The default value takes effect at next login.
Syntax ssh server timeout seconds
undo ssh server timeout
Parameters seconds Authentication timeout time (in seconds). Valid values

are 1 to 120.
Example Set the authentication timeout time to 80 seconds.
[S4200G] ssh server timeout 80
■ System view
Related Command display ssh server

3Com Switch 4200G Family ssh user assign rsa-key ● 709
Command Reference
ssh user assign rsa-key
Purpose Use the ssh user assign rsa-key command to allocate public keys to SSH
users.
Use the undo ssh user assign rsa-key command to remove the association
between the public keys and SSH users. The configuration takes effect at the next
login.
Syntax ssh user username assign rsa-key keyname
undo ssh user username assign rsa-key
Parameters username SSH user name, consisting of a string from 1 to 80

characters long.
keyname Client public key name, consisting of a string from 1 to
64 characters long.
Example Set the client public key for the zhangsan user to key1.
[S4200G] ssh user zhangsan assign rsa-key key1
[S4200G]
■ System view
Description If the user already has a public key, the new public key overrides the old one.
Related Command display ssh user-information

710 ● ssh user authentication-type 3Com Switch 4200G Family
Command Reference
ssh user authentication-type
Purpose Use the ssh user authentication-type command to define on the server the
available authentication type for an SSH user.
Use the undo ssh user authentication-type command to restore the

default setting.
Syntax ssh user username authentication-type { password | rsa |

password-publickey | all }
undo ssh user username authentication-type
Parameters username Valid SSH user name, consisting of a string from 1 to

80 characters long.
password Specifies the authentication type as password.
rsa Specifies the authentication type as RSA public key.
password-publickey Specifies the authentication type as both password
and RSA public key. That is, the user can pass the
authentication only if both the password and RSA
public key are correct.
For the authentication type specified by the password-publickey keyword,
■ SSHv1 client users can access the switch as long as they pass one of the two
authentications.
■ SSHv2 client users can access the switch only when they pass both the
authentications.
all Specifies the authentication type as either password or
RSA public key. That is, the user can pass the
authentication if either the password or RSA public key
is correct.
Default By default, no authentication type is specified for new users, so they cannot access
the switch.
New users must specify authentication type. Otherwise, they cannot access the
switch. The new authentication type configured takes effect at the next login.
Example Set the authentication type for the zhangsan user as password.
[S4200G] ssh user zhangsan authentication-type password

3Com Switch 4200G Family ssh user authentication-type ● 711
Command Reference
■ System view
Description This command defines available authentication type on the server. The actual
authentication type, however, is determined by the client.

712 ● ssh user service-type 3Com Switch 4200G Family
Command Reference
ssh user service-type
Purpose Use the ssh user service-type command to specify service type for a user.
Use the undo ssh user service-type command to restore the default service
type for the SSH user in the system.
Syntax ssh user username service-type { stelnet | sftp | all }
undo ssh user username service-type
Parameters username Local user name or the user name defined on the
remote RADIUS server, consisting of a string from 1 to
80 characters long.
stelnet Sets the service type to Telnet.
If no service type is specified, Telnet is used as the
default.
sftp Sets the service type to SFTP.
all Includes Telnet and SFTP two services types.
Example Specify SFTP service for SSH user zhangsan.
[S4200G] ssh user zhangsan service-type sftp
■ System view

3Com Switch 4200G Family ssh2 ● 713
Command Reference
ssh2
Purpose Use the ssh2 command to enable the connection between SSH client and server,
define key exchange algorithm preference, encryption algorithm preference and
HMAC algorithm preference on the server and client.
Syntax ssh2 { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 |

dh_exchange_group } ] [ prefer_ctos_cipher { des | aes128 } ] [
prefer_stoc_cipher { des | aes128 } ] [ prefer_ctos_hmac { sha1 |
sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 |
md5_96 } ]
Parameters host-ip Server IP address.

host-name Server name, consisting of a string from 1 to 20
characters long.
port-num Server port number. Valid values are 0 to 65,535.
prefer_kex Key exchange algorithm preference. Choose one of
the two algorithms available.
dh_group1 Diffie-Hellman-group1-sha1 key exchange algorithm.
If not specified, Diffie-Hellman-group1-sha1 key
exchange is the default algorithm.
dh_exchange_group Diffie-Hellman-group-exchange-sha1 key exchange
algorithm.
prefer_ctos_cipher Encryption algorithm preference from the client to
server.
If not specified, the default is AES128.
prefer_stoc_cipher Encryption algorithm preference from the server to
client.
If not specified, the default is AES128.
des DES_cbc encryption algorithm.
aes128 AES_128 encryption algorithm.
prefer_ctos_hmac HMAC algorithm preference from the client to server.
If not specified, the default is SHA1_96.
prefer_stoc_hmac HMAC algorithm preference from the server to client.
If not specified, the default is SHA1_96.
sha1 HMAC-SHA1 algorithm.
sha1_96 HMAC-SHA1_96 algorithm.
md5 HMAC-MD5 algorithm.
md5_96 HMAC-MD5-96 algorithm.
714 ● ssh2 3Com Switch 4200G Family
Command Reference
Example Log into the SSH 2.0 server with IP address 10.214.50.51 and make these settings:
■ Key exchange algorithm preference as dh_exchange_group

■ encryption algorithm preference from the server to client as aes128
■ HMAC algorithm preference from the client to server as md5
■ HMAC algorithm preference from the server to client as sha1_96
[S4200G] ssh2 10.214.50.51 prefer_kex dh_exchange_group
prefer_stoc_cipher aes128 prefer_ctos_hmac md5 prefer_stoc_hmac sha1_96
■ System view
3Com Switch 4200G Family startup bootrom-access enable ● 715
Command Reference
startup bootrom-access enable
Purpose Use the startup bootrom-access enable command to specify a switch to

prompt for the customized password before entering the BOOT menu.
Use the undo startup bootrom-access enable to disable the user from
entering the main Boot Menu with customized password.
Syntax startup bootrom-access enable
undo startup bootrom-access enable
Parameters None
Default By default, the user is disabled from entering the main Boot Menu with customized
password.
Example Specify to prompt for the customized password before entering the BOOT menu.
<S4200G> startup bootrom-access enable
■ User view
Related Command You can use the display startup command to check the executing results of the
above commands.
716 ● startup saved-configuration 3Com Switch 4200G Family
Command Reference
startup saved-configuration
Purpose Use the startup saved-configuration command to specify the main or

backup configuration file for a switch to start the next time.
Use the undo startup saved-configuration command to specify a switch to

start without loading the configuration file.
Syntax startup saved-configuration cfgfile [ backup | main ]
undo startup saved-configuration [ unit unit-id ]
Parameters cfgfile Path name or file name of a configuration file in the

flash memory, consisting of a character string from 5
backup Assigns the backup attribute to the file.
main Assigns the main attribute to the file.
unit unit-id Unit ID of a switch.
CAUTION: To make a switch to start without loading the configuration file, do not
execute the save command after executing the undo startup
saved-configuration command.
Example Configure the file named vrpcfg.cfg to be the main configuration file for the switch to
start the next time.
<S4200G>startup saved-configuration vrpcfg.cfg main

Please wait......Done!
%Apr 2 02:55:10:025 2000 S4200G CFM/3/CFM_LOG:- 1 -Unit1 set the
configuration
successfully.
■ User view
Description Executing the startup saved-configuration command with neither backup

nor main parameter assigns the main attribute to the file.
Related Command display startup

3Com Switch 4200G Family state ● 717
Command Reference
state
Purpose Use the state command to configure the state of the current ISP domain/current
user.
In ISP Domain view or Local User view, use the state command to configure the
state of the current ISP domain/current user.
In RADIUS view, use the state command to set the status of a RADIUS server.
Syntax In ISP Domain view or Local User view:
state { active | block }
In RADIUS view:
state { block | active } { primary | secondary } { accounting |

authentication }
Parameters active ■ In ISP Domain view or Local User view:

Sets the current ISP domain in ISP Domain View or
local user in Local User View. In other words, allow
users in the current ISP domain or the current local
user to access the network.
■ In RADIUS view:
Sets the status of the specified RADIUS server to
active (that is, the normal working state).
block ■ In ISP Domain view or Local User view:
Inhibits the current ISP domain in ISP domain view
or local user in Local User view. In other words,
blocks users in current ISP domain or current local
user from accessing the network.
■ In RADIUS view:
Sets the status of the specified RADIUS server to
block (that is, the down state).
primary Specifies the server to be set is a primary RADIUS
server.
secondary Specifies the server to be set is a secondary RADIUS
server.
accounting Specifies the server to be set is a RADIUS accounting
server.
authentication Specifies the server to be set is a RADIUS
authentication/authorization server.
Default In ISP Domain view or Local User view, an ISP domain and the local user are in the
active state upon creation.
718 ● state 3Com Switch 4200G Family
Command Reference
In RADIUS view, all the RADIUS servers in a user-defined RADIUS scheme are in the
active state; and the RADIUS servers in the default RADIUS scheme "system" are in
the block state.
Example In ISP Domain view or Local User view to set the ISP domain aabbcc.net to the block
state, so that all its offline users cannot access the network, enter the following:
New Domain added.
[S4200G-isp-aabbcc.net] state block
In ISP Domain view or Local User view to set user1 to the block state.
[S4200G-user-user1] state block
In RADIUS view to set the timeout time of the response timeout timer for the RADIUS
scheme radius1 to 5 seconds, enter the following:
New Radius scheme
[S4200G-radius-radius1] timer 5
■ ISP Domain view

■ Local User view
■ RADIUS view
Description In ISP Domain view or Local User view:
■ After an ISP domain is set to the block state, except the online users, the users
under this domain are not allowed to access the network.
■ After the local user is set to the block state, the user is not allowed to access the
network.
In RADIUS view for the primary and secondary servers (authentication/authorization

servers, or accounting servers) in a RADIUS scheme, note that:
■ If the switch gets no response from the RADIUS server after sending out a RADIUS
request (authentication/authorization request or accounting request) and waiting
for a time, it should retransmit the packet to ensure that the user can obtain the
RADIUS service. This wait time is called response timeout time of RADIUS server;
and the timer in the switch system that is used to control this time is called the
response timeout timer of RADIUS server. You can use the timer command to set
the timeout time of this timer.
■ Appropriately setting the timeout time of this timer according to the network
situation can improve the performance of the system.
Command Reference
■ The timer command has the same effect with the timer response-timeout
command.
Related Command For ISP Domain view or Local User view)
■ domain
For RADIUS view:
■ radius scheme
■ retry
720 ● state 3Com Switch 4200G Family
Command Reference
state
Purpose Use the state command to configure the state of RADIUS server.
Syntax state { primary | secondary } { accounting | authentication } { block |

active }
Parameters primary Configures to set the state of the primary RADIUS

server.
secondary Configures to set the state of the second RADIUS
server.
accounting Configures to set the state of RADIUS accounting
server.
authentication Configures to set the state of RADIUS
authentication/authorization.
block Configures the RADIUS server to be in the state of
block.
active Configures the RADIUS server to be active, namely the
normal operation state.
Default By default, as for the newly created RADIUS scheme, the primary and secondary
accounting/authentication servers are in the state of block; as for the "system"
RADIUS scheme created by the system, the primary accounting/authentication servers
are in the state of active, and the secondary accounting/authentication servers are in
the state of block.
Example To set the second authentication server of RADIUS scheme, “3Com”, to be active,
[SW4200G]radius scheme 3Com
[SW4200G-radius-3Com]state secondary authentication active
Description For the primary and second servers (no matter an authentication/authorization or an
accounting server), if the primary server is disconnected to NAS for some fault, NAS
will automatically turn to exchange packets with the second server. However, after
the primary one recovers, NAS will not resume the communication with it at once,
instead, it continues communicating with the second one. When the second one fails
to communicate, NAS will turn to the primary one again. This command is used to set
Command Reference
the primary server to be active manually, in order that NAS can communicate with it
right after the troubleshooting.
When the primary and second servers are all active or block, NAS will send the
packets to the primary server only.
Related Commands ■ primary accounting

■ primary authentication
■ radius-scheme
■ secondary accounting
■ secondary authentication
722 ● stop-accounting-buffer enable 3Com Switch 4200G Family
Command Reference
stop-accounting-buffer enable
Purpose Use the stop-accounting-buffer enable command to enable the switch to buffer
the stop-accounting requests that bring no response.
Use the undo stop-accounting-buffer enable command to disable the switch

from buffering the stop-accounting requests that bring no response.
Syntax stop-accounting-buffer enable
undo stop-accounting-buffer enable
Parameters None
Default By default, the switch is enabled to buffer the stop-accounting requests that bring no
response.
Example To enable the switch to buffer the stop-accounting requests that bring no response
from the servers in RADIUS scheme radius1, enter the following:
New Radius scheme
[S4200G-radius-radius1] stop-accounting-buffer enable
Description Stop-accounting requests are critical to billing and will eventually affect the charges;
they are important for both the users and the ISP. Therefore, the switch should do its
best to transmit them to the RADIUS server. If the RADIUS accounting server does not
respond to such a request, the switch should first buffer the request on itself, and
then retransmit the request to the RADIUS accounting server until it gets a response,
or the maximum number of transmission attempts is reached (in this case, it discards
the request).
Related Commands ■ display stop-accounting-buffer

■ radius scheme
■ reset stop-accounting-buffer
3Com Switch 4200G Family stopbits ● 723
Command Reference
stopbits
Purpose Use the stopbits command to set the stop bits of the user interface.
Use the undo stopbits command to revert to the default stop bits.
Syntax stopbits { 1 | 1.5 | 2 }
undo stopbits
Parameters 1 Sets the stop bits to 1.

If no value is specified, 1 is the default.
1.5 Sets the stop bits to 1.5.
2 Sets the stop bits to 2.
Example Set the stop bits to 2.
<S4200G>system-view
[S4200G-ui-aux0]stopbits 2
Description This command can only be performed in AUX User Interface view.
724 ● stp 3Com Switch 4200G Family
Command Reference
stp
Purpose Use the stp command to enable or disable MSTP globally or for a port.
Use the undo stp command to restore the default MSTP status globally or for a
port.
Syntax stp { enable | disable }
undo stp
Parameters enable Enables MSTP globally or for a port.

disable Disables MSTP globally or for a port.
Default By default, MSTP is disabled.
Example To enable MSTP globally, enter the following:
[S4200G] stp enable
To disable MSTP for port Ethernet1/0/1, enter the following:
[S4200G-GigabitEthernet1/0/1] stp disable
■ System view
Description With MSTP enable, a switch determines whether to operate in STP mode, RSTP mode,
or MSTP mode according to your configuration. A switch becomes a transparent
bridge if you disable MSTP.
With MSTP enabled, a switch dynamically maintains the status of spanning trees by
processing BPDUs of the corresponding VLANs. After MSTP is disabled, the switch
stops doing so.
Related Commands ■ stp interface

■ stp mode
3Com Switch 4200G Family stp bpdu-protection ● 725
Command Reference
stp bpdu-protection
Purpose Use the stp bpdu-protection command to enable the BPDU protection
function.
Use the undo stp bpdu-protection command to restore the default operation
mode of the BPDU protection function,
Syntax stp bpdu-protection
undo stp bpdu-protection
Parameters None
Default By default, the BPDU protection function is disabled.
Example To enable the BPDU protection function, enter the following:
[S4200G] stp bpdu-protection
■ System view
Description Normally, access ports of access layer devices have terminals (such as PCs) or file
servers directly connected to them. These ports are usually configured to be edge
ports to achieve rapid transition. When they receive BPDUs, however, they are set as
non-edge ports automatically, which causes MSTP to recalculate the spanning trees,
resulting in network topology jitters.
In normal cases, edge ports are free of BPDUs. But malicious users may attack the
switches by sending forged BPDUs to the edge ports to create network jitters. You
can prevent this type of attack by utilizing the BPDU protection function. With this
function enabled on a switch, once an edge port receives a BPDU, the system
automatically shut it down and notifies the network administrator of the situation.
Only the administrator can restore edge ports that are shut down.
CAUTION:
As 1000 Mbps ports of a 3Com Switch 4200G Family switch cannot be shut down,
the BPDU protection function is not applicable to these ports even you enable the
BPDU protection function and specify these ports to be MSTP edge ports.
726 ● stp bridge-diameter 3Com Switch 4200G Family
Command Reference
stp bridge-diameter
Purpose Use the stp bridge-diameter command to set the network diameter of a
switched network, which is represented in terms of the maximum number of switches
between any two terminals in a switched network.
Use the undo stp bridge-diameter command to restore the default network
diameter.
Syntax stp bridge-diameter bridgenum
undo stp bridge-diameter
Parameters bridgenum Sets the network diameter for the switched network.
Valid values are 2 to 7.
Default By default, the network diameter of a switched network is 7.
Example To set the network diameter to 5, enter the following:
[S4200G] stp bridge-diameter 5
■ System view
Description An MSTP-enabled switch adjusts its Hello time, Forward delay, and Max age settings
accordingly after you configure the network diameter on the switch. With the
network diameter set to 7 (the default), the three time settings are set to their
defaults as well.
The stp bridge-diameter command applies to CISTs only; it is invalid for MSTIs.
Related Commands ■ stp timer forward-delay

■ stp timer hello
■ stp timer max-age
3Com Switch 4200G Family stp config-digest-snooping ● 727
Command Reference
stp config-digest-snooping
Purpose Use the stp config-digest-snooping command to enable the digest

snooping feature.
Use the undo stp config-digest-snooping command to disable the digest

snooping feature.
Syntax stp config-digest-snooping
undo stp config-digest-snooping
Parameters None
Default The digest snooping feature is disabled by default.
Example To enable the digest snooping feature for GigabitEthernet1/0/1 port, enter the
following:
[S4200G-GigabitEthernet1/0/1] stp config-digest-snooping
[S4200G-GigabitEthernet1/0/1] quit
[S4200G]stp config-digest-snooping
Description According to IEEE 802.1s, two connected switches can interwork with each other
through MSTIs in an MST region only when the two switches have the same MST
region-related configuration. With MSTP employed, interconnected switches
determine whether or not they are in the same MST region by checking the
configuration IDs of the BPDUs between them. (A configuration ID contains
information such as region ID and configuration digest.)
As some partners' switches adopt proprietary spanning tree protocols, they cannot
interwork with other switches in an MST region even if they are configured with the
same MST region-related settings as other switches in the MST region.
This kind of problems can be overcome by implementing the digest snooping feature.
If a switch port is connected to a partner's switch that has the same MST
region-related settings but adopts a proprietary spanning tree protocol, you can
enable digest snooping on the port. Then the switch regards the peer switch
connected to the port as in the same region and records the configuration digests
carried in the BPDUs received from the switch, which will be put in the BPDUs to be
728 ● stp config-digest-snooping 3Com Switch 4200G Family
Command Reference
send to the peer switch.. In this way, the switch can interwork with the partners'
switches in an MST region.
Note:
■ The digest snooping feature is needed only when your S5100-EI series switch is
connected to partner's proprietary protocol-adopted switches.
■ To enable the digest snooping feature successfully, you must first enable it on all
the switch ports that connect to partner's proprietary protocol-adopted switches
and then enable it globally.
■ To enable the digest snooping feature, the interconnected switches must be
configured with exactly the same MST settings.
■ The digest snooping feature must be enabled on all the switch ports that connect
to partners' proprietary protocol-adopted switches in the same MST region..
■ To change MST region-related configuration, be sure to disable the digest
snooping feature first to prevent possible broadcast storms.
3Com Switch 4200G Family stp cost ● 729
Command Reference
stp cost
Purpose Use the stp cost command to set the path cost of a port in a spanning tree
instance.
Use the undo stp cost command to restore the default.
Syntax stp [ instance instance-id ] cost cost
undo stp [ instance instance-id ] cost
Parameters instance-id Specifies the ID of a spanning tree instance. Valid

values are 0 to 16. A value of 0 specifies the CIST.
cost Specifies the path cost for the port. Valid values are 1
to 200,000,000.
Default By default, a switch automatically calculates the path costs of a port in different
spanning tree instances based on a specified standard.
Example To set the path cost of GigabitEthernet1/0/3 port in spanning tree instance 2 to 200.
[S4200G-GigabitEthernet1/0/3] stp instance 2 cost 200
Description The path cost of a port affects the role of the port. By configuring the same ports to
have different path costs in different MSTIs, you can enable flows of different VLANs
to travel along different physical links, implementing VLAN-based load balancing.
Path cost changes for ports of an MSTP-enabled switch can cause MSTP to
redetermine the roles of the ports and to perform state transitions.
If you specify the instance-id argument to be 0 or do not specify this argument,

the stp cost command sets the path cost of the port in the CIST.
Related Command stp interface cost

730 ● stp edged-port 3Com Switch 4200G Family
Command Reference
stp edged-port
Purpose Use the stp edged-port command to configure the current Ethernet port as
either an edge port or a non-edge port.
Use the undo stp edged-port command to restore the current Ethernet port to
its default state.
Syntax stp edged-port { enable | disable }
undo stp edged-port
Parameters enable Configures the current Ethernet port to be an edge

port.
disable Configures the current Ethernet port to be a non-edge
port.
Default By default, all Ethernet ports of a switch are non-edge ports.
Example To Configure GigabitEthernet1/0/1 port as a non-edge port, enter the following:
[S4200G-GigabitEthernet1/0/1] stp edged-port disable
Description An edge port is a port that is directly connected to a user terminal instead of another
switch or a network segment. Rapid transition is applied to edge ports because, on
these ports, no loops can be incurred by network topology changes. You can enable a
port to transit to the forwarding state rapidly by setting it to an edge port. And you
are recommended to configure the Ethernet ports directly connected to user
terminals as edge ports to enable them to transit to the forwarding state rapidly.
Normally, configuration BPDUs cannot reach an edge port because the port is not
connected to another switch. But when the BPDU protection function is disabled on
an edge port, configuration BPDUs sent deliberately by a malicious user may reach the
port. If an edge port receives a BPDU, it turns to a non-edge port.
CAUTION:
Among loop prevention function, root protection function and edge port setting,
only one can be valid on the same port.
3Com Switch 4200G Family stp edged-port ● 731
Command Reference
Related Command stp interface edged-port

732 ● stp interface 3Com Switch 4200G Family
Command Reference
stp interface
Purpose Use the stp interface command in system view to enable or disable MSTP for
specified ports.
Syntax stp interface interface-list { enable | disable }
interface-num }
enable Enables MSTP on the specified ports.
disable Disables MSTP on the specified ports.
Default By default, MSTP is enabled on ports of a switch if MSTP is globally enabled; and
MSTP is disabled on ports of a switch if MSTP is disabled globally.
An MSTP-disabled port does not participate in any calculation of spanning trees and is
always in forwarding state.
Example To Enable MSTP on GigabitEthernet1/0/1 port in system view, enter the following:
[S4200G] stp interface GigabitEthernet 1/0/1 enable
■ System view
3Com Switch 4200G Family stp interface ● 733
Command Reference
Disabling MSTP on ports may result in loops.
Related Command ■ stp

■ stp mode
734 ● stp interface config-digest-snooping 3Com Switch 4200G Family
Command Reference
stp interface config-digest-snooping
Purpose Use the stp interface config-digest-snooping command to enable the

digest snooping feature.
Use the undo stp interface config-digest-snooping command to

disable the digest snooping feature.
Syntax stp interface interface-list config-digest-snooping
undo stp interface interface-list config-digest-snooping
interface-num }
Default By default, the digest snooping feature is disabled.
Example To enable the digest snooping feature on GigabitEthernet1/0/1 port in system view,
[S4200G] stp interface GigabitEthernet 1/0/1 config-digest-snooping
■ System view
Description According to IEEE 802.1s, two interconnected MSTP switches can interwork with
each other through MSTIs in an MST region only when the two switches have the
same MST region-related configuration. Interconnected MSTP switches determine
3Com Switch 4200G Family stp interface config-digest-snooping ● 735
Command Reference
whether or not they are in the same MST region by checking the configuration IDs of
the BPDUs between them. (A configuration ID contains information such as region ID
and configuration digest.)
As some partners' switches adopt proprietary spanning tree protocols, they cannot
interwork with other switches in an MST region even if they are configured with the
same MST region-related settings as other switches in the MST region.
This problem can be overcome by implementing the digest snooping feature. If a port
on an S5100-EI series switch is connected to a partner's switch that has the same
MST region-related settings as its own but adopts a proprietary spanning tree
protocol, you can enable digest snooping on the port. Then the S5100-EI switch
regards the partner's switch as in the same region; it records the configuration digests
carried in the BPDUs received from the partner's switch, and put them in the BPDUs
to be send to the partner's switch. In this way, the S5100-EI switches can interwork
with the partners' switches in the same MST region.
Note:
■ The digest snooping feature is needed only when your S5100-EI series switch is
connected to partner's proprietary protocol-adopted switches.
■ To enable the digest snooping feature successfully, you must first enable it on all
the ports of your S5100-EI series switch that are connected to partner's proprietary
protocol-adopted switches and then enable it globally.
■ To enable the digest snooping feature, the interconnected switches must be
configured with exactly the same MST region-related configuration.
■ The digest snooping feature must be enabled on all the ports of your S5100-EI
series switch that are connected to partners' proprietary protocol-adopted
switches in the same MST region.
■ To change MST region-related configuration, be sure to disable the digest
snooping feature first to prevent possible broadcast storms.
736 ● stp interface cost 3Com Switch 4200G Family
Command Reference
stp interface cost
Purpose Use the stp interface cost command to set the path cost of specified ports in
a specified spanning tree instance.
Use the undo stp interface cost command to restore the default path costs.
Syntax stp interface interface-list [ instance instance-id ] cost cost
undo stp interface interface-list [ instance instance-id ] cost
interface-num }
instance-id Specifies the spanning tree instance ID. Valid values are
0 to 16. A value of 0 specifies the CIST.
cost Specifies the path cost for the ports. Valid values are
1 to 200,000,000.
Default By default, a switch calculates the path costs of ports in each spanning tree instance
automatically according to the specified standard.
If you specify the instance-id argument to be 0 or do not specify this argument,

the stp interface cost command sets the path cost of the port in the CIST.
Example To set the path cost of GigabitEthernet1/0/3 port in spanning tree instance 2 to 400 in
system view, enter the following:
[S4200G] stp instance 2 interface GigabitEthernet 1/0/3 cost 400
3Com Switch 4200G Family stp interface cost ● 737
Command Reference
■ System view
Description The path cost of a port affects the role of the port. By configuring the same ports to
have different path costs in different MSTIs, you can enable flows of different VLANs
to travel along different physical links, implementing VLAN-based load balancing.
Path cost changes for ports of an MSTP-enabled switch can cause MSTP to recalculate
the roles of the ports and to perform state transitions.
Related Command stp cost

738 ● stp interface edged-port 3Com Switch 4200G Family
Command Reference
stp interface edged-port
Purpose Use the stp interface edged-port command to configure the specified
Ethernet ports to be either edge ports or non-edge ports.
Use the stp interface edged-port enable command to configure the

specified Ethernet port(s) as edge ports.
Use the stp interface edged-port disable command to configure the

specified Ethernet port(s) as non-edge ports.
Use the undo stp interface edged-port command to restore the specified
Ethernet ports to their default states.
Syntax stp interface interface-list edged-port { enable | disable }
undo stp interface interface-list edged-port
interface-num }
enable Configures the specified Ethernet ports to be edge
ports.
disable Configures the specified Ethernet ports to be
non-edge ports.
Default By default, all Ethernet ports of a switch are non-edge ports.

3Com Switch 4200G Family stp interface edged-port ● 739
Command Reference
Example To configure GigabitEthernet1/0/3 port as an edge port in system view, enter the
following:
[S4200G] stp interface GigabitEthernet 1/0/3 edged-port enable
■ System view
Description An edge port is a port that is directly connected to a user terminal instead of another
switch or a network segment. Rapid transition is applied to edge ports because, on
these ports, no loops can be incurred by network topology changes. You can enable a
port to transit to the forwarding state rapidly by setting it to an edge port. And you
are recommended to configure the Ethernet ports directly connected to user
terminals as edge ports to enable them to transit to the forwarding state rapidly.
Normally, configuration BPDUs cannot reach an edge port because the port is not
connected to another switch. But when the BPDU protection function is disabled on
an edge port, configuration BPDUs sent deliberately by a malicious user may reach the
port. If an edge port receives a BPDU, it turns to a non-edge port.
CAUTION:
Only one function among loop prevention, root protection, and edge port can be
valid at a time.
Related Command stp edged-port

740 ● stp interface loop protection 3Com Switch 4200G Family
Command Reference
stp interface loop protection
Purpose Use the stp interface loop-protection command to enable the loop
prevention function.
Use the undo stp interface loop-protection command to restore the

default state of the loop prevention function.
Syntax stp interface interface-list loop-protection
undo stp interface interface-list loop-protection
interface-num }
Default The loop prevention function is disabled by default.
Example To enable the loop prevention function on GigabitEthernet1/0/1 port, enter the
following:
[S4200G] stp interface GigabitEthernet 1/0/1 loop-protection
■ System view
3Com Switch 4200G Family stp interface loop protection ● 741
Command Reference
valid at a given time.
Related Command stp loop-protection

742 ● stp interface mcheck 3Com Switch 4200G Family
Command Reference
stp interface mcheck
Purpose Use the stp interface mcheck command to perform the mCheck operation for
specified ports.
Syntax stp [ interface interface-list ] mcheck
interface-num }
Example To perform the mCheck operation on GigabitEthernet1/0/3 port, enter the following:
[S4200G] stp interface GigabitEthernet 1/0/3 mcheck
■ System view
Description A port on an MSTP-enabled switch toggles to the STP/RSTP mode automatically if an

STP-/RSTP-enabled switch is connected to it. But when the STP-/RSTP-enabled switch
is disconnected from the port, the port cannot toggle back to the MSTP mode
automatically. In this case, you can force the port to toggle to the MSTP mode by
performing the mCheck operation on the port.
Related Commands ■ stp mcheck

■ stp mode
3Com Switch 4200G Family stp interface no-agreement-check ● 743
Command Reference
stp interface no-agreement-check
Purpose Use the stp interface no-agreement-check command to enable the rapid
transition feature on a specified port.
Use the undo stp interface no-agreement-check command to disable the

rapid transition feature on a specified port.
Syntax stp interface interface-type interface-number no-agreement-check
undo stp interface interface-type interface-number no-agreement-check
Parameters interface-type Port type.

Default The rapid transition feature is disabled on any port by default.
Example To enable the rapid transition feature for GigabitEthernet1/0/1 port, enter the
following:
[S4200G]stp interface GigabitEthernet1/0/1 no-agreement-check
■ System view
Description Some partners' switches adopt proprietary spanning tree protocols that are similar to
RSTP in the way to implement rapid transition on designated ports. When a switch of
this kind operates as the upstream switch of the 4200G series switch running MSTP,
the upstream designated port fails to change their states rapidly.
The rapid transition feature is developed to avoid this case. When the 4200G series
switch running MSTP is connected in the upstream direction to a partner's switch
running proprietary spanning tree protocol, you can enable the rapid transition
feature on the ports of the 4200G series switch operating as the downstream switch.
Among these ports, those operating as the root ports will then send agreement
packets to their upstream ports after they receive proposal packets from the upstream
designated ports, instead of waiting for agreement packets from the upstream
switch. This enables designated ports of the upstream switch to change their states
rapidly.
Note: Enable the rapid transition feature on root ports or alternate ports only.
Related Command stp interface no-agreement-check

744 ● stp interface point-to-point 3Com Switch 4200G Family
Command Reference
stp interface point-to-point
Purpose Use the stp interface point-to-point command to specify whether the
specified Ethernet ports are point-to-point links.
Use the undo stp interface point-to-point command to restore the

default setting.
Syntax stp interface interface-list point-to-point { force-true | force-false

| auto }
undo stp interface interface-list point-to-point
interface-num }
force-true Specifies that the links connected to the specified
Ethernet ports are point-to-point links.
force-false Specifies that the links connected to the specified
Ethernet ports are not point-to-point links.
auto Specifies to automatically determine whether or not
the links connected to the specified Ethernet ports are
point-to-point links.
Default If no keyword is specified in the stp interface point-to-point command,

the auto keyword is used by default, and so MSTP automatically determines the types
of the links connected to the specified ports.
3Com Switch 4200G Family stp interface point-to-point ● 745
Command Reference
Example To configure the link connected to GigabitEthernet1/0/3 port as a point-to-point link

in system view, enter the following:
[S4200G] stp interface GigabitEthernet 1/0/3 point-to-point force-true
■ System view
Description The rapid transition feature is not applicable to ports on non-point-to-point links.
If an Ethernet port is the master port of an aggregated port or operates in full-duplex

mode, the link connected to the port is a point-to-point link.
You are recommended to let MSTP automatically determine the link types.
These two commands only apply to CIST and MSTIs. If you configure the link to which
a port is connected to be a point-to-point link (or a non-point-to-point link), the
configuration applies to all spanning tree instances (that is, the port is configured to
connect to a point-to-point link (or a non-point-to-point link) in all spanning tree
instances). If the actual physical link is not a point-to-point link and you configure the
link to which the port is connected to be a point-to-point link, loops may temporarily
occur.
Related Command stp point-to-point

746 ● stp interface port priority 3Com Switch 4200G Family
Command Reference
stp interface port priority
Purpose Use the stp interface port priority command to set the port priority of
specified ports in a spanning tree instance.
Use the undo stp interface port priority command to restore the
default port priority of the specified ports in the spanning tree instance.
Syntax stp interface interface-list instance instance-id port priority

priority
undo stp interface interface-list instance instance-id port priority
interface-num }
instance-id Specifies the spanning tree instance ID. Valid values are
priority Specifies the priority for the ports. Valid values are 0 to
240 but must be a multiple of 16 (such as 0, 16 or 32).
If not specified, the default port priority is 128.
Example To set the port priority of GigabitEthernet1/0/3 port (with regard to spanning tree
instance 2) to 16, enter the following:
[S4200G] stp interface GigabitEthernet 1/0/3 instance 2 port priority
16
3Com Switch 4200G Family stp interface port priority ● 747
Command Reference
■ System view
Description If you specify the instance-id argument to be 0, the configured priorities apply to
the CIST. The role a port plays in a spanning tree instance can be affected by its
priority. A port on an MSTP-enabled switch can have different port priorities and play
different roles in different MSTIs. This enables packets of different VLANs to be
forwarded along different physical paths, implementing VLAN-based load balancing.
Changes of port priorities can cause MSTP to redetermine the roles of ports, resulting
in state transition of ports.
Related Command stp port priority

748 ● stp interface root-protection 3Com Switch 4200G Family
Command Reference
stp interface root-protection
Purpose Use the stp interface root-protection command to enable the root
protection function for specified ports.
Use the undo stp interface root-protection command to restore the

default operation state of the root protection function.
Syntax stp interface interface-list root-protection
undo stp interface interface-list root-protection
interface-num }
Default By default, the root protection function is disabled.
Example To enable the root protection function on GigabitEthernet1/0/1 port, enter the
following:
[S4200G] stp interface GigabitEthernet 1/0/1 root-protection
■ System view
3Com Switch 4200G Family stp interface root-protection ● 749
Command Reference
Description Configuration errors and malicious attacks may cause legal root bridges to receive
BPDUs of higher priorities, and give up their roles as root bridges, which means
network topology jitters. In this case, flows that should travel along high-speed links
may be led to low-speed links, and network congestions may occur.
You can avoid this problem by utilizing the root protection function. Ports with this
function enabled can retain their roles in all spanning tree instances. When such a
port receives BPDUs of higher priorities, its state is set to discarding and it stops
forwarding any packets as if the connected link were down. Only when it receives no
BPDUs of higher priorities in a specified period, does it resumes its normal state.
CAUTION:
valid at a time.
Related Command stp root-protection

750 ● stp interface transmit-limit 3Com Switch 4200G Family
Command Reference
stp interface transmit-limit
Purpose Use the stp interface transmit-limit command to set the maximum
number of BPDUs that each specified port can send within a Hello time interval.
Use the undo stp interface transmit-limit command to restore the

default.
Syntax stp interface interface-list transmit-limit packetnum
undo stp interface interface-list transmit-limit
interface-num }
packetnum Specifies the maximum number of BPDUs that the
ports can send within a Hello time interval, also known
as maximum transmission speed. Valid values are 1 to
Example To set the maximum transmitting speed of GigabitEthernet1/0/3 port to 5, enter the
following:
[S4200G] stp interface GigabitEthernet 1/0/3 transmit-limit 5
■ System view
3Com Switch 4200G Family stp interface transmit-limit ● 751
Command Reference
Description A larger packetnum value means a greater number of packets can be transmitted in
each Hello time interval and more switch resources will be consumed. Configure the
packetnum argument to a proper value to limit the number of BPDUs sent in each
Hello time interval, preventing MSTP from occupying too much network resources
when network topology jitters occur.
Related Command stp transmit-limit

752 ● stp loop-protection 3Com Switch 4200G Family
Command Reference
stp loop-protection
Purpose Use the stp loop-protection command to enable the loop prevention function
for the current port.
Use the undo stp loop-protection command to restore the default operation
state of the loop prevention function.
Syntax stp loop-protection
undo stp loop-protection
Parameters None
Default By default, the loop prevention function is disabled.
Example To enable the loop prevention function on GigabitEthernet1/0/1 port, enter the
following:
[S4200G-GigabitEthernet1/0/1] stp loop-protection

3Com Switch 4200G Family stp max-hops ● 753
Command Reference
stp max-hops
Purpose Use the stp max-hops command to set the maximum hop count of the MST region
to which the switch belongs.
Use the undo stp max-hops command to restore the default.
Syntax stp max-hops hops
undo stp max-hops
Parameters hops Specifies the maximum hop count. Valid values are 1
to 40. If not specified, the default is 20.
Default . The default maximum hops value of an MST region is 20.
Example To set the maximum hops of the current MST region to 35, enter the following:
[S4200G] stp max-hops 35
■ System view
Description The maximum hop count configured on the region root for an MST region is used to
limit the size of the MST region.
A BPDU contains a hop counter field. In a MST region, after a BPDU leaves the root
bridge, its hop counter decreases by 1 whenever it is forwarded by a switch; once its
hop counter reaches 0, it is dropped. Such a mechanism disables the switches that are
beyond the maximum hop count from participating in spanning tree calculation, and
thus limits the size of an MST region.
With such a mechanism, once a switch becomes the root bridge of a CIST or MSTI,
the maximum hop count configured on it determines the network diameter of the
spanning tree and limits the size of the spanning tree. The switches that are not the
root bridge in an MST region adopts the maximum hop count configured on the root
bridge.
754 ● stp mcheck 3Com Switch 4200G Family
Command Reference
stp mcheck
Purpose Use the stp mcheck command to perform the mCheck operation for the current
port.
Syntax stp mcheck
Parameters None
Example To perform the mCheck operation on GigabitEthernet1/0/1 port, enter the following:
[S4200G-GigabitEthernet1/0/1] stp mcheck

■ System view
Description A port on an MSTP-enabled switch automatically toggles to the STP/RSTP mode when
an STP-/RSTP-enabled switch is connected to it. But when the STP-/RSTP-enabled
switch is disconnected from the port, the port cannot automatically toggle back to
the MSTP mode and still remains in the STP/RSTP mode.
In this case, you can force the port to toggle to the MSTP mode by performing the
mCheck operation on the port.
Related Commands ■ stp interface mcheck

■ stp mode
3Com Switch 4200G Family stp mode ● 755
Command Reference
stp mode
Purpose Use the stp mode command to set the MSTP operation mode of the switch.
Use the undo stp mode command to restore the default MSTP operation mode.
Syntax stp mode { stp | rstp | mstp }
undo stp mode
Parameters stp Specifies the MSTP to operate in STP mode.

mstp Specifies the MSTP to operate in MSTP mode.
rstp Specifies the MSTP to operate in RSTP mode.
Default By default, a switch operates in MSTP mode.
Example To configure the switch to operate in STP mode, enter the following:
[S4200G] stp mode stp
■ System view
Description To make a switch compatible with STP/RSTP, MSTP provides another two operation
modes besides the MSTP mode: STP and RSTP. When a switch operates in STP mode,
the packets sent by the ports of the switch are STP BPDUs. When a switch operates in
RSTP mode, the packets sent by the ports of the switch are RSTP BPDUs. And when a
switch operates in MSTP mode, the packets sent by the ports of the switch are MSTP
BPDUs. When a switch detects that STP-/RSTP-enabled switches are connected to its
ports, the corresponding ports change to operate in STP/RSTP mode automatically.
Related Commands ■ stp

■ stp interface
■ stp interface mcheck
■ stp mcheck
756 ● stp no-agreement-check 3Com Switch 4200G Family
Command Reference
stp no-agreement-check
Purpose Use the stp no-agreement-check command to enable the rapid transition
feature on the current port.
Use the stp no-agreement-check command to disable the rapid transition

feature.
Syntax stp no-agreement-check
undo stp no-agreement-check
Parameters None
Default By default, the rapid transition feature is disabled on any port.
Example To enable the rapid transition feature on GigabitEthernet1/0/1 port, enter the
following:
[S4200G]interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1]stp no-agreement-check
Description Some partners' switches adopt proprietary spanning tree protocols that are similar to
RSTP in the way to implement rapid transition on designated ports. When a switch of
this kind operates as the upstream switch of an S5100-EI series switch running MSTP,
the upstream designated port fails to change their states rapidly.
The rapid transition feature is developed to resolve this problem. When an S5100-EI
series switch running MSTP is connected in the upstream direction to a partner's
switch running proprietary spanning tree protocol, you can enable the rapid transition
feature on the ports of the S5100-EI series switch operating as the downstream
switch. Among these ports, those operating as the root ports will then send
agreement packets to their upstream ports after they receive proposal packets from
the upstream designated ports, instead of waiting for agreement packets from the
upstream switch. This enables designated ports of the upstream switch to change
their states rapidly.
Note: Enable the rapid transition feature on root ports or alternate ports only.
Related Command stp interface no-agreement-check

3Com Switch 4200G Family stp pathcost-standard ● 757
Command Reference
stp pathcost-standard
Purpose Use the stp pathcost-standard command to set the standard used for
calculating the default path costs of ports.
Use the undo stp pathcost-standard command to restore the default

standard.
Syntax stp pathcost-standard { dot1d-1998 | dot1t | legacy }
undo stp pathcost-standard
Parameters dot1d-1998 Specifies the IEEE 802.1D-1998 standard to calculate

the default path costs for ports.
dot1t Specifies the IEEE 802.1t standard to calculate the
default path costs for ports.
legacy Specifies the standard defined by 3Com to calculate
the default path costs for ports.
Default By default, the switch uses the legacy standard to calculate the default path costs of
ports
Example To configure the switch to use the IEEE 802.1D-1998 standard to calculate the default
path costs of its ports, enter the following:
[S4200G] stp pathcost-standard dot1d-1998
To configure the switch to use the IEEE 802.1t standard to calculate the default path
costs of its ports, enter the following:
[S4200G] stp pathcost-standard dot1t
■ System view
758 ● stp pathcost-standard 3Com Switch 4200G Family
Command Reference
Description The following table lists transmission speeds and their corresponding path costs.
Table 112 Transmission speeds and the corresponding path costs

Standard
Transmission Operation mode defined by
speed (half-/full-duplex) 802.1D-1998 IEEE 802. 1t 3Com
0 - 65,535 200,000,000 200,000
10 Mbps Half-Duplex 100 2,000,000 2,000
Full-Duplex 99 1,999,999 2,000
Aggregated Link 2 Ports 95 1,000,000 1,800
Aggregated Link 3 Ports 95 666,666 1,600
Aggregated Link 4 Ports 95 500,000 1,400
100 Mbps Half-Duplex 19 200,000 200
Full-Duplex 18 199,999 200
Aggregated Link 2 Ports 15 100,000 180
1,000 Mbps Full-Duplex 4 20,000 20
10 Gbps Full-Duplex 2 2,000 2
Aggregated Link 3 Ports 1 666 1
Aggregated Link 4 Ports 1 500 1
Normally, the path cost of a port in full-duplex mode is slightly less than that of the
port in half-duplex mode.
When calculating the path cost of an aggregate link, the 802.1D-1998 standard does
not take the number of the aggregated links into account, whereas the 802.1T
standard does so by using the following equation:
Path cost = 200,000,000/link transmission speed
Where, the link transmission speed is the sum of the speeds of the unblocked ports
for the aggregate link measured in 100 kbps units.
3Com Switch 4200G Family stp point-to-point ● 759
Command Reference
stp point-to-point
Purpose Use the stp point-to-point command to specify whether the port must
connect to point-to-point link.
Use the undo stp point-to-point command to restore the default setting.
Syntax stp point-to-point { force-true | force-false | auto }
undo stp point-to-point
Parameters force-true Specifies that the link connected to the current

Ethernet port is a point-to-point link
force-false Specifies that the link connected to the current
Ethernet port is not a point-to-point link.
auto Specifies to automatically determine whether or not
the link connected to the current Ethernet port is a
point-to-point link
Default If no keyword is specified in the stp point-to-point command, the auto keyword is
used by default, and so MSTP automatically determines the type of the link connected
to the current port.
Example To configure the link connected to GigabitEthernet1/0/3 port as a point-to-point link,

[S4200G-GigabitEthernet1/0/3] stp point-to-point force-true
Description The rapid transition feature is not applicable to ports that are connected to
non-point-to-point links.
If an Ethernet port is the master port of an aggregation port or operates in full-duplex

mode, then the link to which the port is connected is a point-to-point link. It is
recommended that you specify the auto keyword in the stp interface
point-to-point command for links of this kind to enable the type of the links
being automatically determined by MSTP.
These two commands only apply to CISTs and MSTIs. If you configure the link to
which a port is connected is a point-to-point link (or a non-point-to-point link), the
configuration applies to all spanning tree instances (that is, the port is configured to
760 ● stp point-to-point 3Com Switch 4200G Family
Command Reference
connect to a point-to-point link [or a non-point-to-point link] in all spanning tree

instances). If the actual physical link is not a point-to-point link and you configure the
link to which the port is connected to be a point-to-point link, loops may temporarily
occur.
Related Command stp interface point-to-point

3Com Switch 4200G Family stp port priority ● 761
Command Reference
stp port priority
Purpose Use the stp port priority command to set the priority of the current port in a
specified spanning tree instance.
Use the undo stp port priority command to restore the default priority.
Syntax stp [ instance instance-id ] port priority priority
undo stp [ instance instance-id ] port priority
Parameters instance-id Specifies the spanning tree instance ID. Valid values are
port priority priority
Specifies the priority for the port. Valid values are 0 to
240 but must be a multiple of 16 (such as 0, 16, and
32). If not specified, the default port priority is 128.
Example To set the port priority of GigabitEthernet1/0/3 port in spanning tree instance 2 to 16,
[S4200G-GigabitEthernet1/0/3] stp instance 2 port priority 16
Description If you specify the instance-id argument to be 0 or do not specify the argument, these
two commands apply to the port priorities on the CIST. The role a port plays in a
spanning tree instance is determined by the port priority in the instance. A port on a
MSTP-enabled switch can have different port priorities and play different roles in
different MSTIs. This enables packets of different VLANs to be forwarded along
different physical paths, so as to achieve load balancing by VLANs. Changing port
priorities result in port roles being re-determined and may cause state transitions.
Related Command stp interface port priority

762 ● stp priority 3Com Switch 4200G Family
Command Reference
stp priority
Purpose Use the stp priority command to set the priority of a switch in a spanning tree
instance.
Use the undo stp priority command to restore the default priority of a switch.
Syntax stp [ instance instance-id ] priority priority
undo stp [ instance instance-id ] priority
priority Specifies t he priority for the switch. Valid values are 0
to 61,440 but must be a multiple of 4,096 (such as 0,
4096, and 8192). The total number of switch priorities
is 16.
Default The default priority of a switch is 32,768.
Example To set the priority of the switch in spanning tree instance 1 to 4,096, enter the
following:
[S4200G] stp instance 1 priority 4096
■ System view
Description The priorities of switches are used for spanning tree generation. Switch priorities are
spanning tree-specific. That is, you can set different priorities for the same switch in
different spanning tree instances.
If you do not specify the instance-id argument, the configuration applies to the
CIST.
3Com Switch 4200G Family stp region-configuration ● 763
Command Reference
stp region-configuration
Purpose Use the stp region-configuration command to enter MST region view.
Use the undo stp region-configuration command to restore the default

MST region settings.
Syntax stp region-configuration
undo stp region-configuration
Parameters None
Default The three MST region settings default to:
■ MST region name: the first MAC address of the switch.

■ All VLANs are mapped to the CIST.
■ MSTP revision level: 0.
Example To enter MST region view, enter the following:
[S4200G-mst-region]
■ System view
Description MST region-related settings include: region name, revision level, and VLAN mapping
table. The three MST region-related settings default to:
■ MST region name: The first MAC address of the switch

■ VLAN mapping table: All VLANs are mapped to the CIST.
■ MSTP revision level: 0
And you can modify the three settings after entering MST region view by using the
stp region-configuration command.
764 ● stp root primary 3Com Switch 4200G Family
Command Reference
stp root primary
Purpose Use the stp root primary command to configure the current switch to be the
root bridge of a specified spanning tree instance.
Use the undo stp root command to cancel the configuration.
Syntax stp [ instance instance-id ] root primary [ bridge-diameter bridgenum ]

[ hello-time centi-seconds ]
undo stp [ instance instance-id ] root
bridgenum Specifies the network diameter of the specified
spanning tree. Valid values are 2 to 7.
centi-seconds Specifies the hello time of the specified spanning tree
in centiseconds. Valid values are 100 to 1,000.
Default By default, a switch does not operate as a root bridge.
CIST.
Example To configure the current switch as the root bridge of spanning tree instance 1, setting
the network diameter of the switched network to 4, and the Hello time to 500
centiseconds, enter the following:
[S4200G] stp instance 1 root primary bridge-diameter 4 hello-time 500
■ System view
Description You can specify the current switch as the root bridge of a spanning tree instance
regardless of the priority of the switch. You can also specify the network diameter of
the switched network by using the stp root primary command. The switch will
then figure out the following three time parameters: Hello time, Forward delay, and
Max age. As the Hello time figured out by the network diameter is not always the
optimal one, you can set it manually through the hello-time keyword. Normally, you
are recommended to set the network diameter and leave the Forward delay and Max
age parameters being automatically determined by the network diameter you set.
3Com Switch 4200G Family stp root primary ● 765
Command Reference
CAUTION:
■ You can configure only one root bridge for a spanning tree instance and can
configure one or more secondary root bridges for a spanning tree instance.
Configuring multiple root bridges for a spanning tree instance causes
unpredictable results.
■ Once a switch is configured to be the root bridge or a secondary root bridge, its
priority cannot be modified.
766 ● stp root-protection 3Com Switch 4200G Family
Command Reference
stp root-protection
Purpose Use the stp root-protection command to enable the root protection function
for the current port.
Use the undo stp root-protection command to restore the default operation
state of the root protection function.
Syntax stp root-protection
undo stp root-protection
Parameters None
Default By default, the root protection function is disabled.
Example To enable the root protection function on GigabitEthernet1/0/1 port, enter the
following:
[S4200G-GigabitEthernet1/0/1] stp root-protection
Description Configuration errors and malicious attacks may cause legal root bridges to receive
BPDUs of higher priorities, and give up their roles as root bridges, which means
network topology jitters. In this case, flows that should travel along high-speed links
may be led to low-speed links, and network congestions may occur.
You can avoid this problem by utilizing the root protection function. Ports with this
function enabled can retain their roles in all spanning tree instances. When such a
port receives BPDUs of higher priorities, its state is set to discarding and it stops
forwarding any packets as if the connected link were down. Only when it receives no
BPDUs of higher priorities in a specified period, does it resumes its normal state.
Related Command stp interface root-protection

3Com Switch 4200G Family stp root secondary ● 767
Command Reference
stp root secondary
Purpose Use the stp root secondary command to configure the current switch as a
secondary root bridge of a specified spanning tree instance.
Use the undo stp root command to cancel the configuration.
Syntax stp [ instance instance-id ] root secondary [ bridge-diameter bridgenum

] [ hello-time centi-seconds ]
undo stp [ instance instance-id ] root
bridgenum Specifies the network diameter of the specified
spanning tree. Valid values are 2 to 7. If not specified,
the default is 7.
centi-seconds Specifies the hello time of the specified spanning tree
in centiseconds. Valid values are 100 to 1,000. If not
specified, the default is 200.
Default By default, a switch does not operate as a secondary root bridge.
CIST.
Example To configure the current switch to be a secondary root bridge of spanning tree
instance 4, setting the network diameter of the switched network to 5 and the Hello
time to 300 centiseconds, enter the following:
[S4200G] stp instance 4 root secondary bridge-diameter 5 hello-time 300
■ System view
Description You can configure one or more secondary root bridges for a spanning tree instance. If
the switch operating as the root bridge fails or is turned off, the secondary root
bridge with the smallest MAC address becomes the root bridge.
You can also specify the network diameter and the Hello time of the switch while
specifying a switch to be a secondary root bridge. The switch will then figures out the
other two correlated settings (that is, the Forward delay and Max age). You can
configure only one root bridge for a spanning tree instance and can configure one or
more secondary root bridges for a spanning tree instance.
768 ● stp root secondary 3Com Switch 4200G Family
Command Reference
Once a switch is configured to be the root bridge or a secondary root bridge, its
priority cannot be modified.
3Com Switch 4200G Family stp tc-protection ● 769
Command Reference
stp tc-protection
Purpose Use the stp tc-protection command to enable or disable the TC-BPDU attack
prevention function for the switch.
Syntax stp tc-protection { enable | disable }
Parameters None
Default By default, the TC-BPDU attack prevention function is enabled.
Example To enable the TC-BPDU attack prevention function for the switch, enter the following:
[S4200G] stp tc-protection enable
■ System view
Description A switch removes MAC address entries and ARP entries upon receiving TC-BPDUs. If a
malicious user sends large amounts of TC-BPDUs to a switch in a short period, the
switch may be busy removing MAC address entries and ARP entries, which may
decrease the performance of the switch and introduce potential stability risks.
With the TC-BPDU attack prevention function enabled, a switch performs removing
operation only once in a specified period (10 seconds by default) after it receives a
TC-BPDU. The switch also checks to see if other TC-BPDUs arrive and performs
another removing operation in the next period if a TC-BPDU is received. Such a
mechanism prevents a switch from being busy removing address entries and ARP
entries.
770 ● stp timer-factor 3Com Switch 4200G Family
Command Reference
stp timer-factor
Purpose Use the stp timer-factor command to set the timeout time of a switch in terms
of the multiple of the Hello time.
For example, with the number argument set to 3, the timeout time is three times of
the Hello time.
Use the undo stp timer-factor command to restore the default.
Syntax stp timer-factor number
undo stp timer-factor
Parameters number Specifies the timeout time factor. Valid values are 1 to
Example To set the Hello time factor to 7, enter the following:
[S4200G] stp timer-factor 7
■ System view
Description A switch sends protocol packets to its neighboring devices in the specified Hello time
interval to test the connectivity of links. Normally, if a switch does not receive any
protocol packets from its upstream switch in a period three times of the Hello time, it
assumes that the upstream switch is down and recalculates the spanning trees.
Spanning tree recalculation may also occur in a very stable network where certain
upstream switches are busy. In this case, you can increase the timeout time to four or
more times of the Hello time. For stable networks, a timeout time of five to seven
times of the Hello time is recommended.
3Com Switch 4200G Family stp timer forward-delay ● 771
Command Reference
stp timer forward-delay
Purpose Use the stp timer forward-delay command to set the Forward delay for a
switch.
Use the undo stp timer forward-delay command to restore the default.
Syntax stp timer forward-delay centi-seconds
undo stp timer forward-delay
Parameters centi-seconds Forward delay in centiseconds. Valid values are 400 to

3,000. If not specified, the default is 1,500.
Example To set the Forward delay to 2,000 centiseconds, enter the following:
[S4200G] stp timer forward-delay 2000
■ System view
Description To prevent temporary loops while ports change their states, each port undergoes an
intermediate period when it changes from the discarding state to the forwarding
state to allow for synchronizing with the remote switches. This intermediate period is
determined by the Forward delay configured on the root bridge.
The Forward delay setting configured for a root bridge applies to all switches
operating in the spanning tree instance, including the root bridge.
As for the configuration of the three time-related parameters (that is, the Hello time,
Forward delay, and Max age parameters), you can refer to the following expressions
to prevent networks from jittering frequently.
2 * (Forward delay – 1 second) >= Max age,
Max age >= 2 * (Hello time + 1 second).
It is recommended that you specify the network diameter and the Hello time
parameter by using the stp root primary or stp root secondary command
in a network with MSTP employed, after which the three optimized time-related
parameters are automatically determined.
772 ● stp timer forward-delay 3Com Switch 4200G Family
Command Reference
Related Commands ■ stp bridge-diameter

■ stp timer hello
3Com Switch 4200G Family stp timer hello ● 773
Command Reference
stp timer hello
Purpose Use the stp timer hello command to set the Hello time for a switch.
Use the undo stp timer hello command to restore the default Hello time.
Syntax stp timer hello centi-seconds
undo stp timer hello
Parameters centi-seconds Integer for the Hello time in centiseconds. Valid values
are 100 to 1,000. If not specified, the default is 200.
Example To set the Hello time to 400 centiseconds, enter the following:
[S4200G] stp timer hello 400
■ System view
Description A root bridge regularly sends out configuration BPDUs to maintain the existing
spanning trees. The Hello time is used to set the sending interval. When a switch
becomes a root bridge, it regularly sends BPDUs at the interval specified by the hello
time you have configured on it. While, the other none-root-bridge switches listen to
the BPDUs; if they do not receive a BPDU in a specific period, spanning trees will be
regenerated.
As for the configuration of the three time-related parameters (that is, the Hello time,
Forward delay, and Max age parameters), the following formulas must be met to
prevent network jitter.
2 * (Forward delay 1 second) >= Max age
Max age >= 2 * (Hello time + 1 second)
It is recommended that you specify the network diameter and the Hello time by using
the stp root primary or stp root secondary command. MSTP will then
automatically calculate the optimal values of the three parameters.

■ stp timer forward-delay
774 ● stp timer max-age 3Com Switch 4200G Family
Command Reference
stp timer max-age
Purpose Use the stp timer max-age command to set the maximum age of a switch.
Use the undo stp timer max-age command to restore the default.
Syntax stp timer max-age centi-seconds
undo stp timer max-age
Parameters centi-seconds Specifies the maximum age in centiseconds. Valid

values are 600 to 4,000. If not specified, the default is
2,000.
Example To set the maximum age to 1,000 centiseconds, enter the following:
[S4200G] stp timer max-age 1000
■ System view
Description MSTP is capable of detecting link problems and automatically setting redundant links
to forwarding state. In a CIST, the Max age is the criterion for switches to judge
whether or not a received BPDU is timed out. And spanning trees will be regenerated
if a BPDU received by a port is timed out.
The Max age argument is meaningless to MSTIs. All switches in a CIST uses the Max
age configured for the root bridge of the CIST to judge whether a BPDU is timed out.
The settings of the three MSTP time parameters must satisfy the following expressions
to prevent frequent network jitters:
2 * (Forward delay 1 second) >= Max age
Max age >= 2 * (Hello time + 1 second)
It is recommended that you specify the network diameter and the Hello time by using
the stp root primary or stp root secondary command. MSTP will then
automatically calculate the optimal values of the three parameters.

■ stp timer forward-delay
■ stp timer hello
3Com Switch 4200G Family stp transmit-limit ● 775
Command Reference
stp transmit-limit
Purpose Use the stp transmit-limit command to set the maximum number of
configuration BPDUs the current port can transmit within a Hello time.
Use the undo stp transmit-limit command to restore the default.
Syntax stp transmit-limit packetnum
undo stp transmit-limit
Parameters packetnum Specifies the maximum number of BPDUs that the port
can transmit within a Hello time interval. Valid values
are 1 to 255. If not specified, the default is 3.
Example To set the maximum number of configuration BPDUs that can be transmitted by the
GigabitEthernet1/0/1 port in each Hello time to 5, enter the following:
[S4200G-GigabitEthernet1/0/1] stp transmit-limit 5
Description A larger number configured by the stp transmit-limit command allows more
configuration BPDUs can be transmitted in each Hello time, which may occupy more
switch resources. So configure it to a proper value to avoid MSTP from occupying too
many network resources.
Related Command stp interface transmit-limit

776 ● super 3Com Switch 4200G Family
Command Reference
super
Purpose Use the super command to switch the current user level to the one identified by the
level argument.
Syntax super [ level ]
Parameters level Specifies a user level. Valid values are 0 to 3.

Example Switch to user level 3.
<S4200G> super 3
Password:
■ User view
Description If a password is previously set by using the super password [ level level ] {
simple | cipher } password command, you need to provide the password, as well,
to switch to the higher user level. You will remain in the original user level if you fail to
provide the correct password.
Note:
■ Users logging into a switch also fall into four levels, each of which corresponding
to one of the command levels. Users at a specific level can only use the commands
at the same level and the commands at the lower levels.
■ You can specify an AUX user to provide a password when he switches from a
lower user level to a higher user level and specify the password by using the
super password [ level level ] { simple | cipher } password
command. With a password configured, an AUX user remains in the original user
level if the password provided is incorrect when the AUX user attempts to switch
to a higher user level. If the password is not configured, an AUX user can switch to
a higher user level directly.
■ A password is necessary for a VTY user to switch to a higher user level. You can
use the super password [ level level ] { simple | cipher } password
command to set the password. With the password not configured, a VTY user fails
to switch to a higher user level and is prompted the message reading “Password is
not set”.
■ An AUX user or a VTY user can switch to a lower user level directly regardless of
the password.
Related Command super password

3Com Switch 4200G Family super ● 777
Command Reference
778 ● super password 3Com Switch 4200G Family
Command Reference
super password
Purpose Use the super password command to set the password for users to switch to a
higher user level.
Use the undo super password command to cancel the configuration.
Syntax super password [ level level ] { simple | cipher } password
undo super password [ level level ]
Parameters level User level. Valid values for this argument are 1 to 3. If
not specified, the is 3. If you execute this command
with the level argument not provided, this
command sets the password to switch to level 3.
simple Specifies to provide the password in plain text.
cipher Specifies to provide the password in encrypted text.
password Password to be set. If you specify the simple keyword,
provide this argument in plain text. If you specify the
cipher keyword, you can provide this argument in
either encrypted text or plain text. In this case, a
password containing no more than 16 characters (such
as 123) is regarded to be in plain text and is converted
to the corresponding 24-character encrypted form (
such as !TP<\*EMUHL,408`W7TH!Q!!) automatically.
You can also provide a 24-character encrypted
password directly if you are aware of the actual
password.
No matter what form of the password (plain text or encrypted text) is in, the
password entered for verification must be in plain text.
Example Set the password to switch from the current user level to user level 3 to “zbr”.
[S4200G] super password level 3 simple zbr
■ System view
Description To prevent unauthorized accesses, you can use this command to require users to
provide the password when they switch to a higher user level. For security purpose,
the password a user enters when switching to a higher user level is not displayed. A
user will remain at the original user level if the user has tried three times to enter the
correct password but fails to do this.
3Com Switch 4200G Family super password ● 779
Command Reference
780 ● sysname 3Com Switch 4200G Family
Command Reference
sysname
Purpose Use the sysname command to set a domain name for the switch.
Use the undo sysname command to restore the default domain name.
Syntax sysname text
undo sysname
Parameters text Specifies the host/domain name of the switch. The

host/domain name must be no more than 30
characters long.
If not specified, the default host name is S4200G.
Example Set the domain name of the switch to "ABC".
<S4200G>system-view
[S4200G]sysname ABC
[ABC]
■ System view
Description The CLI prompt reflects the domain name of a switch. For example, if the domain
name of a switch is "S4200G", then the prompt of user view is <S4200G>.
3Com Switch 4200G Family sysname ● 781
Command Reference
sysname
Purpose Use the sysname command to set the system name of the Switch.
Use the undo sysname command to restore the default value of the system name.
Syntax sysname sysname
undo sysname
Parameters sysname Specifies the system name, comprised of a character

string from1 to 30 characters long.
Default By default, the system name of the Switch is 3Com.
Example Set the system name of the Ethernet switch to S4200GLANSwitch.

[S4200G] sysname S4200GLANSwitch
[S4200GLANSwitch]
■ System view
Description Changing the system name of the Switch will affect the prompt of the command line
interface. For example, the system name of the Switch is 4200G, and the prompt in
user view is <S4200G>.
782 ● system-view 3Com Switch 4200G Family
Command Reference
system-view
Purpose Enter system-view to enter the system view from the user view.
Syntax system-view
Parameters None
Example To enter system view from user view, enter the following:
[S4200G]
■ User view
Related Commands ■ quit

■ return
3Com Switch 4200G Family tcp timer fin-timeout ● 783
Command Reference
tcp timer fin-timeout
Purpose Use the tcp timer fin-timeout command to configure the TCP finwait timer.
Use the undo tcp timer fin-timeout command to restore the default value of the
TCP finwait timer.
Syntax tcp timer fin-timeout time-value
undo tcp timer fin-timeout
Parameters time-value Specifies the TCP finwait timer value in seconds. Valid
Example To configure the TCP finwait timer value as 800 seconds, enter the following:
<S4200G>system-view
[S4200G]tcp timer fin-timeout 800
■ System view
Description When the TCP connection state changes from FIN_WATI_1 to FIN_WAIT_2, the
finwait timer is enabled. If the switch does not receive FIN packet before finwait timer
timeouts, the TCP connection is terminated.
Related Commands ■ tcp timer syn-timeout

■ tcp window
784 ● tcp timer syn-timeout 3Com Switch 4200G Family
Command Reference
tcp timer syn-timeout
Purpose Use the tcp timer syn-timeout command to configure the TCP synwait timer.
Use the undo tcp timer syn-timeout command to restore the default value of the
timer.
Syntax tcp timer syn-timeout time-value
undo tcp timer syn-timeout
Parameters time-value Specifies the TCP synwait timer value measured in

seconds. Valid values are 2 to 600.
If not specified, the default time-value is 75 seconds.
Example To configure the TCP synwait timer value as 80 seconds, enter the following:
<S4200G>system-view
[S4200G]tcp timer syn-timeout 80
■ System view
Description When a SYN packet is sent, TCP starts the synwait timer. If no response packet is
received before the synwait timer times out, the TCP connection is terminated.
Related Commands ■ tcp timer fin-timeout

■ tcp window
3Com Switch 4200G Family tcp window ● 785
Command Reference
tcp window
Purpose Use the tcp window command to configure the size of the transmission and receiving
buffers of the connection-oriented socket.
Use the undo tcp window command to restore the default size of the buffer.
Syntax tcp window window-size
undo tcp window
Parameters window-size Specifies the size of the transmission and receiving

buffers measured in kilobytes (KB). Valid values are 1 to
32.
If not specified, the default window-size is 8 KB.
Example To configure the size of the transmission and receiving buffers as 3 KB, enter the
following:
<S4200G>system-view
[S4200G]tcp window 3
■ System view
Related Commands ■ tcp timer fin-timeout

■ tcp timer syn-timeout
786 ● telnet 3Com Switch 4200G Family
Command Reference
telnet
Purpose Use the telnet command to log in to another Ethernet switch from the current
switch via Telnet for remote management.
Syntax telnet { hostname | ip-address } [ service-port ]
Parameters hostname Specifies the host name of the remote Switch. You can
use the ip host command to assign a host name to a
switch.
ip-address Specifies the IP address or the host name of the remote
Switch.
If you enter the host name, the Switch must be set to
static resolution.
service-port Designates the TCP port number of the port that
provides Telnet service on the switch. Valid values are 0
to 65535.
If not specified, the default Telnet port number of 23 is
used.
Example Telnet to the switch with the host name of S4200G2 and IP address of 129.102.0.1
from the current switch (with the host name of S4200G1).
<S4200G1> telnet 129.102.0.1

<S4200G2>
■ User view
Description Use the telnet command to Telnet to another switch from the current switch to
manage the former remotely. You can terminate a Telnet connection by pressing
<Ctrl+K> or <Ctrl+]>.
Related Command display tcp status

3Com Switch 4200G Family terminal debugging ● 787
Command Reference
terminal debugging
Purpose Use the terminal debugging command to configure to display the debugging
information on the terminal.
Use the undo terminal debugging command to configure not to display the
debugging information on the terminal.
Syntax terminal debugging
undo terminal debugging
Parameters None
Default By default, the debug displaying function is disabled.
Example Enable debug terminal display.
<S4200G> terminal debugging
■ User view

788 ● terminal debugging 3Com Switch 4200G Family
Command Reference
terminal debugging
Purpose Use the terminal debugging command to configure to display the debugging
information on the terminal.
Use the undo terminal debugging command to configure not to display the
debugging information on the terminal.
Syntax terminal debugging
undo terminal debugging
Parameters None
Default By default, the displaying function is disabled.
Example Enable the terminal display debugging.
<S4200G> terminal debugging
■ User view

3Com Switch 4200G Family terminal logging ● 789
Command Reference
terminal logging
Purpose Use the terminal logging command to enable log terminal display.
Use the undo terminal logging command to disable log terminal display.
Syntax terminal logging
undo terminal logging
Parameters None
Default By default, log terminal display is enabled for console users and disabled for terminal
users.
Example Disable log terminal display.
<S4200G> undo terminal logging
■ User view
790 ● terminal monitor 3Com Switch 4200G Family
Command Reference
terminal monitor
Purpose Use the terminal monitor command to enable the debug/log/trap terminal display
function.
Use the undo terminal monitor command to disable the function.
Syntax terminal monitor
undo terminal monitor
Parameters None
Default By default, this function is enabled for the console user but disabled for terminal
users.
Example Disable terminal display.
<S4200G> undo terminal monitor
■ User view
Description This command works only on the current terminal. Only after the command has been
executed in user view, can the debug/log/trap information be output on the current
terminal. Disabling the function has the same effect as executing the following three
commands: undo terminal debugging, undo terminal logging and undo terminal
trapping. That is, no debug/log/trap information will be displayed on the current
terminal. If the function is enabled, you can run the terminal debugging/undo
terminal debugging, terminal logging/undo terminal logging or terminal
trapping/undo terminal trapping command to enable or disable debug/log/trap
terminal output respectively.
3Com Switch 4200G Family terminal trapping ● 791
Command Reference
terminal trapping
Purpose Use the terminal trapping command to enable terminal trap information display.
Use the undo terminal trapping command to disable trap terminal display.
Syntax terminal trapping
undo terminal trapping
Parameters None
Default By default, this function is enabled.
Example Enable trap terminal display.
<S4200G> terminal trapping
■ User view
792 ● tftp 3Com Switch 4200G Family
Command Reference
tftp
Purpose Use the tftp command to set the TFTP data transfer mode.
Syntax tftp { ascii | binary }
Parameters ascii Transfers data in the ASCII mode.

binary Transfers data in the binary mode.
Default By default, the binary mode is adopted.
Example Specify to adopt the ASCII mode.
[S4200G] tftp ascii
TFTP transfer mode changed to ASCII.
■ System view
3Com Switch 4200G Family tftp cluster get ● 793
Command Reference
tftp cluster get
Purpose Use the tftp cluster get command to download a specified file from a cluster
TFTP server.
Syntax tftp cluster get source-file [ destination-file ]
Parameters source-file Directory and the name of the file to be downloaded

on the cluster TFTP server.
destination-file Local directory and the file name which the
downloaded file is to be saved as.
Example Download the file named LANSwitch.app from the cluster TFTP server and save it as
vs.app.
<123_1.S4200G> tftp cluster get LANSwitch.app vs.app
■ User view
Related Command tftp cluster put

794 ● tftp cluster put 3Com Switch 4200G Family
Command Reference
tftp cluster put
Purpose Use the tftp put command to upload a specified file to a specified directory of a
cluster TFTP server.
Syntax tftp cluster put source-file [ destination-file ]
Parameters source-file Directory and the name of the file to be uploaded.

destination-file Remote directory and the file name which the
uploaded file is to be saved as.
Example Upload the local file named vrpcfg.txt to the cluster TFTP server and save it as
Temp.txt.
<123_1.S4200G> tftp cluster put vrpcfg.txt temp.txt
■ User view
Related Command tftp cluster get

3Com Switch 4200G Family tftp get ● 795
Command Reference
tftp get
Purpose Use the tftp get command to download a file from a TFTP server to this switch.
Syntax tftp tftp-server get source-file [ dest-file ]
Parameters tftp-server IP address or host name of a TFTP server.

source-file Name of the file which will be downloaded from the
TFTP server.
dest-file Name of the file to which the downloaded file will be
saved on the switch.
Example Download the file named abc.txt from the TFTP server whose IP address is 1.1.1.1 and
save it as efg.txt.
<S4200G>tftp 1.1.1.1 get abc.txt efg.txt

File will be transferred in binary mode.
Downloading file from remote tftp server, please wait......
TFTP: 35 bytes received in 0 second(s).
File downloaded successfully.
■ User view
Related Command tftp put

796 ● tftp put 3Com Switch 4200G Family
Command Reference
tftp put
Purpose Use the tftp put command to upload a file from the switch to the specified directory
on the TFTP server.
Syntax tftp tftp-server put source-file [ dest-file ]
Parameters tftp-server IP address or host name of the TFTP server. The name
of the TFTP server should be a string from 1 to 20
characters long.
source-file Name of the file to be uploaded to the TFTP server.
dest-file Specifies the file name of the destination file that will
be saved on the TFTP server.
Example Upload the file named vrpcfg.txt to the TFTP server whose IP address is 1.1.1.1 and
save it as temp.txt.
<S4200G>tftp 1.1.1.1 put vrpcfg.cfg temp.cfg
File will be transferred in binary mode.

Copying file to remote tftp server. Please wait... /
TFTP: 962 bytes sent in 0 second(s).
File uploaded successfully.
■ User view
Related Command tftp get

3Com Switch 4200G Family tftp-server ● 797
Command Reference
tftp-server
Purpose Use the tftp-server command to configure a TFTP server for cluster members on
the management device.
Use the undo tftp-server command to cancel the TFTP server configuration.
Syntax tftp-server ip-address
undo tftp-server
Parameters ip-address IP address of TFTP server configured for the cluster.
Default By default, no TFTP server is configured.
Only after you assign an IP address for TFTP server of the cluster, member devices can
access it through the management device.
Example Configure a TFTP server on the management device.
[aaa_0.S4200G-cluster] tftp-server 1.0.0.9
■ Cluster view
Description You need to configure the IP address of a TFTP server first for the member devices in a
cluster to access the TFTP server through the management device.
Execute these two commands on management devices only.

798 ● tftp-server acl 3Com Switch 4200G Family
Command Reference
tftp-server acl
Purpose Use the tftp-server acl command to specify the ACL (Access Control List)
adopted for the connection between a TFTP client and a TFTP server.
Use the undo tftp-server acl command to cancel all ACLs adopted.
Syntax tftp-server acl acl-number

undo tftp-server acl
Parameters acl-number The Basic ACL number. Valid values are 2000 to 2999.
Example Specify to adopt ACL 2000 on the TFTP client.
[S4200G] tftp-server acl 2000
The ACL number is not existent or contains no rule. Continue? [Y/N] y
[S4200G]
■ System view
3Com Switch 4200G Family time-range ● 799
Command Reference
time-range
Purpose Use the time-range command to define a time range.
Use the undo time-range command to delete a time range.
Use the undo time-range all command to delete all time ranges.
Syntax time-range time-name { start-time to end-time days-of-the-week [ from

start-time start-date ] [ to end-time end-date ] | from start-time
start-date [ to end-time end-date ] | to end-time end-date }
undo time-range {time-name [ start-time to end-time days-of-the-week [

from start-time start-date ] [ to end-time end-date ] | from start-time
start-date [ to end-time end-date ] | to end-time end-date ] | all }
Parameters time-name Name of a special time range to be referenced.

start-time Start time of the special time range, format as hh:mm.
Optional argument.
end-time End time of the special time range, format as hh:mm.
Optional argument.
days-of-the-week Means the special time is effective on a specified day
every week. You can input the following parameters:
■ Numbers (ranging from 0 to 6)
■ Monday, Tuesday, Wednesday, Thursday, Friday,
Saturday or Sunday
■ Working-day, representing 5 working days, from
Monday to Friday
■ Off-days, representing Saturday and Sunday;
■ Daily, namely everyday of the week
from start-time start-dateSpecifies the start date of a special time range,
optional. In the form of hh:mm MM/DD/ YYYY,
start-time start-date and end-time end-date jointly
define a date in which the special time range takes
effect.
to end-time end-date Specifies the end date of a special time range,
optional. In the form of hh:mm MM/DD/ YYYY,
start-time start-date and end-time end-date jointly
define a date on which the special time range takes
effect.
all Deletes all time ranges.
If the two parameters above are not configured, it means there is no restriction to
time-range.
800 ● time-range 3Com Switch 4200G Family
Command Reference
Example Define a time range that is effective from 12:00 January 1, 2000 to 12:00 January 1,
2001.
[S4200G] time-range test from 12:00 1/1/2000 to 12:00 1/1/2001
■ System view
Description The time range defined by means of the time-range command can include absolute
time sections and periodic time sections. The start-time and end-time
days-of-the-week jointly define a periodic time section, while start-time start-date and
end-time end-date jointly define an absolute time section.
If only a periodic time section is defined in a time range, the time range is active only
within the defined periodic time section.
If only an absolute time section is defined in a time, the time range is active only
within the defined absolute time section.
If both a periodic time section and an absolute time section are defined in a time
range, the time range is active only when the periodic time range and the absolute
time range are both matched. Assume that a time range defines an absolute time
section from 00:00 January 1, 2004 to 23:59 December 31, 2004, and a periodic time
section from 12:00 to 14:00 every Wednesday. This time range is active only from
12:00 to 14:00 every Wednesday in 2004.
If you include any argument with the undo time-range command, the system will
delete only the content defined by the argument from the time range.
3Com Switch 4200G Family timer ● 801
Command Reference
timer
Purpose Use the timer command to set the interval to send handshake packets.
Use the undo timer command to restore the default interval value.
Syntax timer interval
undo timer
Parameters Interval Handshake packet interval. Valid values are 1 to 255

seconds.
Example Configure the interval to send handshake packets to be 3 seconds.
[aaa_0.S4200G-cluster] timer 3
■ Cluster view
Description Inside a cluster, the connections between member devices and the management
device are kept through transmitting handshake packets. Handshake packets in a
cluster enable the management device to acquire the information about member
states link states.
Execute these two commands on management devices only. All the member devices
in a cluster acquire the handshake interval setting from the management device.
802 ● timer 3Com Switch 4200G Family
Command Reference
timer
Purpose Use the timer command to set the response timeout time of RADIUS server (that is,
the timeout time of the response timeout timer of RADIUS server).
Use the undo timer command to restore the default response timeout timer of
RADIUS server.
Syntax timer seconds
undo timer
Parameters seconds Sets the response timeout time (in seconds) of RADIUS
server. Valid values are 1 to 10 seconds.
Example To set the timeout time of the response timeout timer for the RADIUS scheme radius1
to 5 seconds, enter the following:
New Radius scheme
[S4200G-radius-radius1] timer 5
Description Note:
RADIUS service. This wait time is called response timeout time of RADIUS server;
response timeout timer of RADIUS server. You can use the timer command to set
the timeout time of this timer.
■ The timer command has the same effect with the timer
response-timeout command.
Related Commands ■ radius scheme

■ retry
3Com Switch 4200G Family timer quiet ● 803
Command Reference
timer quiet
Purpose Use the timer quiet command to set the wait time for the primary server to
restore the active state.
Use the undo timer quiet command to restore the default wait time.
Syntax timer quiet minutes
undo timer quiet
Parameters minutes Specifies the wait time (in minutes) the primary server
waits before restoring the active state. Valid values are
1 to 255 minutes.
Example To set the wait time for the primary server to restore the active state to 10 minutes,
New Radius scheme
[S4200G-radius-radius1] timer quiet 10

804 ● timer realtime-accounting 3Com Switch 4200G Family
Command Reference
Purpose Use the timer realtime-accounting command to set the real-time accounting
interval.
Use the undo timer realtime-accounting command to restore the default

real-time accounting interval.
Syntax timer realtime-accounting minutes
undo timer realtime-accounting
Parameters minutes Specifies the real-time accounting interval (in minutes).

Valid values are 3 to 60 minutes in multiples of 3.
If not specified, the default interval is 12 minutes.
Example To set the real-time accounting interval of the RADIUS scheme radius1 to 51 minutes.
New Radius scheme
[S4200G-radius-radius1] timer realtime-accounting 51
Description Note:
■ To charge the users in real time, you should set the interval of real-time
accounting. After the setting, the switch sends the accounting information of
online users to the RADIUS server at regular intervals.
■ The setting of the real-time accounting interval depends to some degree on the
performance of the switch and the RADIUS server. The higher the performance of
the switch and the RADIUS server is, the shorter the interval can be. You are
recommended to set the interval as long as possible when the number of users is
relatively great (f1000). Table 113 lists the numbers of users and the
corresponding recommended intervals.
Table 113 Numbers of users and corresponding recommended intervals
Real-time accounting interval

Number of users (minute)
1 to 99 3
100 to 499 6
500 to 999 12
f1000 f15
3Com Switch 4200G Family timer realtime-accounting ● 805
Command Reference
Related Commands ■ retry realtime-accounting

■ radius scheme
806 ● timer response-timeout 3Com Switch 4200G Family
Command Reference
timer response-timeout
Purpose Use the timer response-timeout command to set the response timeout time of
RADIUS servers.
Use the undo timer command to restore the default response timeout timer of
RADIUS servers.
Syntax timer response-timeout seconds
undo timer response-timeout
Parameters seconds Sets the response timeout time (in seconds) of RADIUS
servers. Valid values are 1 to 10 seconds.
If not specified, the default timeout time is 3 seconds.
Example To set the response timeout time in the RADIUS scheme radius1 to five seconds, enter
the following:
New Radius scheme
[S4200G-radius-radius1] timer response-timeout 5
Description Note:
RADIUS service. This wait time is called response timeout time of RADIUS servers;
response timeout timer of RADIUS servers. You can use the timer
response-timeout command to set the timeout time of this timer.
■ This command has the same effect with the timer command.
Related Commands ■ radius scheme

■ retry
3Com Switch 4200G Family topology accept ● 807
Command Reference
topology accept
Purpose Use the topology accept command to confirm the current topology information
of the cluster and save that as a standard topology.
Use the undo topology accept command to delete the current topology
information of the cluster.
Syntax topology accept { all [ save-to { administrator | local-flash } ] |

mac-address mac-address | member-id member-number }
undo topology accept { all | mac-address mac-address | member-id

member-number }
Parameters mac-address Specifies a bridge MAC address of the device while the
device authenticates the topology authenticated by
the topology, in the format of H-H-H.
member-number Specifies the member number from which the
topology displays or the member numbers at the
starting point and ending point of a specified path.
save-to Configures to save a standard topology to the FTP
server or the flash while saving the standard topology.
This file is named topology.top universally.
Example Accept the current topology as a standard topology.
<123> system-view
[123] cluster
[123.abc-cluster] topology accept all
■ Cluster view
The topology.top file is used to save standard topology information on the FTP server
or the local flash. The saved information includes information of the white list and
blacklist. The blacklist is a list of devices that are not allowed to join the cluster. The
white list is a list of devices that can join the cluster.
808 ● topology restore-from 3Com Switch 4200G Family
Command Reference
topology restore-from
Purpose Use the topology restore-from command to obtain and restore the standard
topology information from the local flash.
Syntax topology restore-from local flash
Parameters None
Example Obtain and restore the standard topology information.
<123> system-view
[123] cluster
[123.abc-cluster] topology restore-from local-flash
■ Cluster view

3Com Switch 4200G Family topology save-to ● 809
Command Reference
topology save-to
Purpose Use the topology save-to command to save the standard topology information
into the local flash.
Syntax topology save-to local flash
Parameters None
Example Save the standard topology information into the local flash.
<123> system-view
[123] cluster
[123.abc-cluster] topology save-to local-flash
■ Cluster view
Description The topology includes white list and blacklist. The file is named topology.top
universally.
This command can be executed only on the management device.

810 ● tracemac 3Com Switch 4200G Family
Command Reference
tracemac
Purpose Use the tracemac command to locate a device by MAC address or IP address.
Syntax tracemac { by-mac mac-address vlan vlan-id | by-ip ip-address } [ nondp

]
Parameters by-mac Configures to locate a device by MAC address.

mac-address Specifies a MAC address of the device to be traced, in
the format of H-H-H.
vlan-id Configures to trace a device by a specified VLAN ID,
by-ip Configures to locate a device by IP address.
ip-address Specifies the IP address of a device to be traced.
nondp Configures not to use neighboring information of the
NDP protocol.
Example Locate a device by MAC address.
<123> system-view
[123] tracemac by-mac 000f-3232-0005 vlan 1
Tracing MAC address 000f-3232-0005 in vlan 1
1 000f-3232-0001abc01 ethernet1/0/2
2 000f-3232-0002abc02 ethernet1/0/7
3 000f-3232-0003abc03 ethernet1/0/4
4 000f-3232-0005abc05 Local
Locate a device by IP address.
[123] tracemac by-ip 1922.168.1.5

Tracing MAC address 000f-3232-0005 in vlan 1
1 000f-3232-0001abc01 ethernet0/2
2 000f-3232-0002abc02 ethernet0/7
3 000f-3232-0003abc03 ethernet0/4
4 000f-3232-0005abc05 Local
■ Any view
3Com Switch 4200G Family tracert ● 811
Command Reference
tracert
Purpose Use the tracert command to trace the gateways the test packets passes through
during its journey from the source to the destination.
tracert [[ -a source-ip] -f first-TTL ] [ -m max-TTL ] [ -p port ] [ -q

num-packet ] [ -w timeout ] string
Parameters -a source-IP Configures the source IP address used by tracert

command.
-f Sets the initial TTL of the packets to be sent, so that
this command displays the addresses of only those
gateways on the path whose hop counts are not
smaller than the hop count specified by the first-TTL
argument. The first-TTL argument ranges from 1 to
-m Sets the maximum TTL value of the packets to be
sent, so that this command displays the addresses of
only those gateways on the path whose hop counts
are not greater than the hop count specified by the
max-TTL argument. After the command sends a
packet with the maximum TTL, it will not send any
more packets. The max-TTL argument ranges from 1
to 255 and defaults to 30.
-p Sets the destination port of the packets to be sent.
The port argument ranges from 0 to 65535 and
defaults to 33434. Generally, you need not change
the argument.
-q Sets the number of packets to be sent every time.
The nqueries argument ranges from 0 to 65,535 and
defaults to 3.
-w Sets the timeout time to wait for ICMP error packets.
The timeout argument ranges from 0 to 65,535 and
defaults to 5,000 (in milliseconds).
string IP address of the destination host, or host name of
the remote system with 1 to 20 characters.
Default By default, when the parameters are not specified,
■ first-TTL is 1,
■ max-TTL is 30,
■ port is 33434,
■ nqueries is 3
■ timeout is 5000 ms.
Example Test the gateways passed by the packets to the destination host at 18.26.0.115.
812 ● tracert 3Com Switch 4200G Family
Command Reference
<S4200G>tracert 18.26.0.115
tracert to allspice.lcs.mit.edu (18.26.0.115), 30 hops max
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms
9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms
10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms
11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms
12 * * *
13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms
■ Any view
Description The tracert command is primarily used to check the network connectivity. It can
also help you locate the trouble spot of the network.
If you find that the network is in trouble by using the ping command, you can use
the tracert command to find where the trouble is in the network.
The executing procedure of the tracert command is as follows. First, the source
sends a packet with the TTL of 1, and the first hop device returns an ICMP error
message indicating that it cannot forward this packet because of TTL timeout.
Then, the source re-sends a packet with the TTL of 2, and the second hop device
also returns an ICMP TTL timeout message. This procedure continues until a
packet gets to the destination or the maximum TTL is reached. During the
procedure, the system records the source address of each ICMP TTL timeout
message in order to offer the path that the packets pass through to the destination.
The tracert command can output the IP addresses of all the gateways the
packets pass through to the destination. You will see the string "***" if a gateway
times out.
3Com Switch 4200G Family traffic-limit ● 813
Command Reference
traffic-limit
Purpose Use the traffic-limit command to use ACL rules in traffic identifying and traffic
policing for the packet matching with the ACL rules and to set traffic policing
parameters.
Use the undo traffic-limit command to disable traffic policing.
Syntax traffic-limit inbound acl-rule target-rate
undo traffic-limit inbound acl-rule
Parameters inbound Indicates that traffic policing is performed on the

packets received on the port.

Issue a rule in an IP ACL and a rule in a Link ACL at ip-group acl-number rule rule link-group
the same time acl-number rule rule
target-rate Specifies the rate at which to limit the packets received

on the port in kbps. Its value range varies with
different ports as follows:
■ Gigabit port: In the rang of 1 to 1000000
■ 10G port: In the rang of 1 to 100000000
Example To perform traffic policing for packets matching with ACL 4000 rules. Limit the rate
within 128 kbps and drop the packets exceeding the traffic limit, enter the following:
[S4200G-GigabitEthernet1/0/1] traffic-limit inbound link-group 4000 128

814 ● traffic-limit 3Com Switch 4200G Family
Command Reference
Description The command is used in traffic policing for packets matching with the specified ACL
rules. It is applicable only to ACL rules with permit action.
The granularity of traffic policing is described in the following table:

Table 115 The granularity of traffic policing
The rang of total rate Granularity (bps)

0 to 1M 1K
0 to 10M 10K
0 to 100M 100K
0 to 1G 1M
0 to 10G 10M
3Com Switch 4200G Family traffic shape ● 815
Command Reference
traffic shape
Purpose Use the traffic-shape command to enable traffic shaping and send the packets
out at an even rate.
Use the undo traffic-shape command to disable traffic shaping.
Syntax traffic-shape [ queue queue-id ] max-rate burst-size
undo traffic-shape [ queue queue-id ]
Parameters queue queue-id Specifies the ID of a queue. Valid values are 1 to 7.

max-rate Specifies the maximum traffic rate on a port, in kbps.
burst-size Specifies the burst size measured in kbyte. Valid values
are 12 to 16000. The value must be in multiples of 4
kbytes.
Example To perform traffic shaping on the current port. Set the max rate to 650kbps and the
burst size to 12kbytes, enter the following:
[S4200G-GigabitEthernet1/0/1] traffic-shape 650 12
Description The switch supports two forms of traffic shaping:
■ Traffic shaping for all the traffic of a port. The function can be implemented when
queue queue-id in the traffic-shape command is not specified.
■ Traffic shaping for the specified output queues. The function can be implemented
when queue queue-id in the traffic-shape command is specified.
Table 116 The granularity of traffic shaping
The set traffic

Port class shaping value Granularity (bps)
GE ports 0 to 80M 20K
GE ports 80M to 1G 260K
10GE ports 0 to 10G 2500K
816 ● traffic-statistic 3Com Switch 4200G Family
Command Reference
traffic-statistic
Purpose Use the traffic-statistic command to use ACL rules in traffic identifying and
perform traffic statistics on the packets matching with the ACL rules.
Use the undo traffic-statistic command to disable traffic statistics.
Syntax traffic-statistic inbound acl-rule
undo traffic-statistic inbound acl-rule
Parameters inbound Indicates that traffic redirect is performed on the

packets received on the port.

Issue a rule in an IP ACL and a rule in a Link ACL at ip-group acl-number rule rule
the same time link-group acl-number rule rule
Example To perform traffic statistics on packets matching with ACL 2000 rules, enter the
following:
[S4200G-GigabitEthernet1/0/1] traffic-statistic inbound ip-group 2000
■ System view
Description Use the display qos-interface traffic-statistic command to display the times of
hardware matching in packet forwarding.
Related Command display qos-interface traffic-statistic

3Com Switch 4200G Family udp-helper enable ● 817
Command Reference
udp-helper enable
Purpose Use the udp-helper enable command to enable the UDP Helper function.
Use the undo udp-helper enable command to disable the UDP Helper function.
Syntax udp-helper enable
undo udp-helper enable
Parameters None
Default By default, UDP Helper function is disabled.
Example To enable the UDP Helper function.
[SW4200G]udp-helper enable
■ System view
818 ● udp-helper port 3Com Switch 4200G Family
Command Reference
udp-helper port
Purpose Use the udp-helper port command to configure the UDP port with relay function.
Use the undo udp-helper port command to remove the UDP configuration.
Syntax udp-helper port { port | dns | netbios-ds | netbios-ns | tacacs | tftp

| time }
undo udp-helper port { port | dns | netbios-ds | netbios-ns | tacacs |

tftp | time }
Parameters port Specifies the ID of the UDP port with relay function to
be enabled. Valid values are 1 to 65535.
dns Domain name service, corresponding to UDP port 53.
netbios-ds NetBios datagram service, corresponding to UDP port
138.
netbios-ns NetBios name service, corresponding to UDP port 137.
tacacs TAC access control system, corresponding to UDP port
49.
tftp Trivial file transfer protocol, corresponding to UDP port
69.
time Time service, corresponding to UDP port 37.
Example To configure the UDP port with relay function as the UDP port corresponding to DNS,
[SW4200G]udp-helper port dns
■ System view
3Com Switch 4200G Family udp-helper server ● 819
Command Reference
udp-helper server
Purpose Use the udp-helper server command to configure the relay destination server for
UDP broadcast packets.
Use the undo udp-helper server command to delete the relay destination server.
Syntax udp-helper server ip-address
undo udp-helper server [ ip-address ]
Parameters ip-address Specifies the IP address of the destination server.
Default By default, no relay destination server is configured.
Example To configure the relay destination server with IP address 192.1.1.2, enter the
following:
[SW4200G]interface vlan-interface 1
[SW4200G-Vlan-interface1]udp-helper server 192.1.1.2
Related Command display udp-helper server

820 ● undelete 3Com Switch 4200G Family
Command Reference
undelete
Purpose Use the undelete command to restore a deleted file.
Syntax undelete file-url
Parameters file-url Path name or the file name of a file in the Flash,
comprised of a string from1 to 142 characters long.
Example Restore the deleted file named sample.bak.
<S4200G> undelete sample.bak

Undelete flash:/sample.bak ?[Y/N]:y
% Undeleted file flash:/sample.bak
■ User view
Description The file name to be recovered cannot be the same as an existing directory name. If
the destination file name is the same as an existing file name, a prompt will be
displayed asking whether to overwrite the existing file.
3Com Switch 4200G Family user ● 821
Command Reference
user
Purpose Use the user command to switch to a specified user.
Syntax user username [ password ]
Parameters username User name used to log into an FTP server.

password Password used to log into an FTP server.
Example Log into the FTP server using the user account with the user name being
tom and the password being 111.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp] user tom 111
■ FTP Client view
Description After logging into an FTP server, you can switch to another user by using the user
command.
822 ● user-interface 3Com Switch 4200G Family
Command Reference
user-interface
Purpose Using user-interface command to enter one or more user interface views to
perform configuration.
Syntax user-interface [ type ] first-number [ last-number ]
Parameters type Specifies the user interface type, which can be aux or
vty.
first-number Specifies the user interface index, which identifies the
first user interface to be configured.
last-number Specifies the user interface index, which identifies the
last user interface to be configured.
Example Enter VTY 0 user interface view.
[S4200G] user-interface vty 0
[S4200G-ui-vty0]
■ System view
3Com Switch 4200G Family user-name-format ● 823
Command Reference
user-name-format
Purpose Use the user-name-format command to set the format of the user names to be sent
to RADIUS server.
Syntax user-name-format { with-domain | without-domain }
Parameters with-domain Specifies to include ISP domain names in the user

names to be sent to RADIUS servers.
without-domain Specifies to exclude ISP domain names from the user
names to be sent to RADIUS servers.
Default By default, except for the default RADIUS scheme "system", the user names sent to
RADIUS servers in any RADIUS scheme carry ISP domain names.
Example To specify that the user names sent to a RADIUS server in RADIUS scheme radius1
does not carry ISP domain names, enter the following:
Description Note:
■ Generally, an access user is named in the userid@isp-name format. Where,
isp-name behind the @ character represents the ISP domain name, by which the
device determines which ISP domain it should ascribe the user to. However, some
old RADIUS servers cannot accept the user names that carry ISP domain names. In
this case, it is necessary to remove the domain names carried in the user names
before sending the user names to the RADIUS server. For this reason, the
user-name-format command is designed for you to specify whether or not ISP
domain names are carried in the user names sent to the RADIUS server.
■ For a RADIUS scheme, if you have specified that no ISP domain names are carried
in the user names, you should not use this RADIUS scheme in more than one ISP
domain. Otherwise, such errors may occur: the RADIUS server regards two
different users having the same name but belonging to different ISP domains as
the same user (because the user names sent to it are the same).

824 ● user privilege level 3Com Switch 4200G Family
Command Reference
user privilege level
Purpose Use the user privilege level level command to configure the command
level that a user can access from the specified user interface.
Use the undo user privilege level command to restore the default
command level.
Syntax user privilege level level
undo user privilege level
Parameters level Specifies the level of command that a user can access.
Default By default, a user can access all commands at Level 3 after logging in through the
AUX user interface, and all commands at Level 0 after logging in through a VTY user
interface.
Example Configure that commands of level 0 are available to the users logging into VTY 0.
[S4200G-ui-vty0] user privilege level 0
You can verify the above configuration by Telneting to VTY 0 and displaying the
available commands, as listed in the following.
<S4200G> ?
User view commands:
cluster Run cluster command
language-mode Specify the language environment
ping Ping function
quit Exit from current command view
super Privilege specified user priority level
telnet Establish one TELNET connection
tracert Trace route function
Description The user can use all the available commands at this command level.
3Com Switch 4200G Family verbose ● 825
Command Reference
verbose
Purpose Use the verbose command to enable the verbose function, which displays execution
and response information of other related commands.
Use the undo verbose command to disable verbose.
Syntax verbose
undo verbose
Parameters None
Default By default, verbose is disabled.
Example Enable verbose.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp] verbose
■ FTP Client view

826 ● virtual-cable-test 3Com Switch 4200G Family
Command Reference
virtual-cable-test
Purpose Use the virtual-cable-test command to enable the system to test the cable
connected to a specific port and to display the results.
Syntax virtual-cable-test
Parameters None
Default By default, the test of the connection cable of the Ethernet port is closed, that is, the
system does not test the cable connected to the Ethernet port.
Example Enable the system to test the cable connected.
[S4200G-GigabitEthernet0/1] virtual-cable-test
Cable status: abnormal(open), 7 metres
Pair Impedance mismatch: yes
Pair skew: 4294967294 ns
Pair swap: swap
Pair polarity: normal
Insertion loss: 7 db
Return loss: 7 db
Near-end crosstalk: 7 db
Description The system can test these attributes of the cable:
■ Cable status, including normal, abnormal, abnormal-open, abnormal-short and

failure
■ Cable length
■ Pair Impedance mismatch
■ Pair skew
■ Pair swap
■ Pair polarity
■ Insertion loss
■ Return loss
■ Near-end crosstalk
3Com Switch 4200G Family virtual-cable-test ● 827
Command Reference
Note:
■ If the cable is in normal state, the displayed length value is the total length of the
cable.
■ If the cable is in any other state, the displayed length value is the length from the
port to the faulty point.
The speed and undo speed commands cannot be configured on a combo port.
828 ● vlan 3Com Switch 4200G Family
Command Reference
vlan
Purpose Use the vlan command to enter the VLAN view.
Use the undo vlan command to remove a VLAN.
Syntax vlan vlan-id
undo vlan { vlan-id1 to vlan-id2 | all }
Parameters vlan-id Specifies the ID of the VLAN you want to configure.

vlan-id1 Beginning VLAN ID. Valid values are 1 to 4094.
to Specifies a VLAN ID range.
vlan-id2 Ending VLAN ID. Valid values are 1 to 4094. Note that
this value cannot be less than the vlan-id2 argument.
all Delete all VLANs.
CAUTION: The undo vlan all command cannot be used to remove the VLANs
kept by protocols, voice VLANs, the default VLANs (VLAN 1), management VLANs,
and the remote probe VLANs.
Default VLAN 1 is the default VLAN and cannot be deleted.
If the VLAN to be removed is the management VLAN, but not the default
management VLAN, VLAN 1 becomes the management VLAN after the VLAN is
removed.
Example To enter VLAN 1 view, enter the following:
[S4200G] vlan 1
[S4200G-vlan1]
Remove VLAN 2 through VLAN 9, assuming that VLAN 5 is a voice VLAN.
[S4200G] undo vlan 2 to 9
This may delete all static VLAN except the VLAN kept by protocol, the
voice VLAN, the default VLAN, the management VLAN and the remote probe
VLAN.
[S4200G] display vlan
The following VLANs exist:
1(default), 5
3Com Switch 4200G Family vlan ● 829
Command Reference
■ System view
Description If the VLAN identified by the vlan-id argument does not exist, this command creates
the VLAN and then enters VLAN view.
830 ● vlan-assignment-mode 3Com Switch 4200G Family
Command Reference
vlan-assignment-mode
Purpose Use the vlan-assignment-mode command to set the VLAN assignment mode on
the switch.
Syntax vlan-assignment-mode { integer | string }
Parameters integer Sets the VLAN assignment mode to integer.

string Sets the VLAN assignment mode to string.
Default By default, the VLAN assignment mode is integer. That is, the switch supports the
integer type of VLAN IDs assigned by RADIUS authentication server.
Example To set the VLAN assignment mode to string, enter the following:
[S4200G-isp-3Com163.net] vlan-assignment-mode string
■ ISP Domain view
Description Through dynamic VLAN assignment, the Ethernet switch dynamically adds the ports
of the successfully authenticated users to different VLANs depending on the attribute
values assigned by RADIUS server, so as to control the network resources the users
can access.
In actual application, to cooperate with Guest VLAN, port control is usually set to the
port-based mode. If it is set to the MAC address–based mode, each port can have
only one user end connected.
Currently, the switch supports the following two data types of VLAN ID assigned by
RADIUS authentication server:
■ Integer: If the RADIUS server assigns integer type of VLAN IDs, you can set the
VLAN assignment mode to integer on the switch (this is also the default mode on
the switch). Then, upon receiving an integer ID assigned by the RADIUS
authentication server, the switch adds the port to the VLAN whose VLAN ID is
equal to the assigned integer ID. If no such a VLAN exists, the switch first creates a
VLAN with the assigned ID, and then adds the port to the newly created VLAN.
■ String: If the RADIUS server assigns string type of VLAN IDs, you can set the VLAN
assignment mode to string on the switch. Then, upon receiving a string ID
assigned by the RADIUS authentication server, the switch compares the ID with
existing VLAN names on the switch. If it finds a match, it adds the port to the
corresponding VLAN. Otherwise, the VLAN assignment fails and the user cannot
pass the authentication.
3Com Switch 4200G Family vlan-assignment-mode ● 831
Command Reference
Note: In string mode, if the VLAN ID assigned by the RADIUS server is a character
string containing only digits (for example, 1024), the switch first regards it as an
integer VLAN ID: the switch transforms the string to an integer value and judges if the
value is in the valid VLAN ID range; if it is, the switch adds the authenticated port to
the VLAN with the value as the VLAN ID (VLAN 1024, for example).
Related Commands ■ dot1x guest-vlan

■ name
832 ● vlan-mapping modulo 3Com Switch 4200G Family
Command Reference
vlan-mapping modulo
Purpose Use the vlan-mapping modulo command to map VLANs to specific spanning tree
instances.
Syntax vlan-mapping modulo modulo
Parameters modulo Specifies the modulo. Valid values are 1 to 16.
Default By default, all VLANs in a network are mapped to the CIST (spanning tree instance 0).
Example To map VLANs to spanning tree instances using the modulo of 16, enter the
following:
[S4200G-mst-region] vlan-mapping modulo 16
■ MST Region view
Description MSTP uses VLAN mapping tables to describe VLAN-to-spanning tree instance
mappings. You can use this command to establish VLAN mapping tables and to map
VLANs to specific spanning tree instances.
Note that a VLAN cannot be mapped to multiple spanning tree instances at a time. A
VLAN-to-spanning tree instance mapping becomes invalid when you map the VLAN
to another spanning tree instance.
You can map large amounts of VLANs to specific spanning tree instances quickly by
using the vlan-mapping modulo modulo command. The ID of the spanning tree
instance to which a VLAN is mapped can be figured out by using the following
expression:
(VLAN ID-1) % modulo + 1
where (VLAN ID-1) % modulo yields the module of (VLAN ID-1) with regards to
modulo. For example, if you set the modulo argument to 16, VLAN 1 is mapped to
spanning tree instance 1, VLAN 2 is mapped to spanning tree instance 2, …, VLAN 16
is mapped to spanning tree instance 16, VLAN 17 is mapped to spanning tree
instance 1, and so on.
3Com Switch 4200G Family vlan-mapping modulo ● 833
Command Reference

■ region-name
■ revision-level
834 ● vlan-vpn enable 3Com Switch 4200G Family
Command Reference
vlan-vpn enable
Purpose Use the vlan-vpn enable command to enable the VLAN-VPN function for a port.
Use the undo vlan-vpn command to disable the VLAN-VPN function for a port.
Syntax vlan-vpn enable
undo vlan-vpn
Parameters None
Default By default, the VLAN-VPN function is disabled.
Example Enable the VLAN-VPN function for Ethernet1/0/1 port.
[S4200G]interface Ethernet 1/0/1
[S4200G-Ethernet1/0/1] vlan-vpn enable
Description With the VLAN VPN function enabled, a received packet is tagged with the default
VLAN tag of the receiving port no matter whether or not the packet already carries a
VLAN tag. If the packet already carries a VLAN tag, the packet becomes a dual-tagged
packet. Otherwise, the packet becomes a packet carrying the default VLAN tag of the
port.
CAUTION: The VLAN-VPN function is unavailable if the port has any of the protocols
among GVRP, GMRP, STP, IRF, NTDP and 802.1x enabled.
CAUTION: If this port is a remote mirror reflection port, the VLAN-VPN function
cannot be enabled on the port.
3Com Switch 4200G Family vlan-vpn tpid ● 835
Command Reference
vlan-vpn tpid
Purpose Use the vlan-vpn tpid command to set a TPID value for a port. The setting takes
effect only when the VLAN-VPN or VLAN-VPN uplink function is enabled.
Use the undo vlan-vpn tpid command to restore the default TPID value.
Syntax vlan-vpn tpid value
undo vlan-vpn tpid
Parameters value TPID value (in hexadecimal format) to be set. Valid

values for this argument are from 1 to 0xFFFF.
Default The default TPID value is 0x8100.
Example Set the TPID value to 0x12 for Ethernet1/0/2 port.
[S4200G-GigabitEthernet 1/0/2] vlan-vpn tpid 12
Description Do not set the TPID value to a value that conflicts with the known protocol type
values (such as 0x0806, which is that of ARP packets). Otherwise, the packet may be
discarded.
Table 118 Common Ethernet frame protocol type values

Protocol type Value
ARP 0x0806
IP 0x0800
MPLS 0x8847/0x8848
IPX 0x8137
IS-IS 0x8000
LACP 0x8809
802.1x 0x888E
836 ● vlan-vpn tunnel 3Com Switch 4200G Family
Command Reference
vlan-vpn tunnel
Purpose Use the vlan-vpn tunnel command to enable the BPDU tunnel function.
Use the undo vlan-vpn tunnel command to disable the BPDU tunnel function.
Syntax vlan-vpn tunnel
undo vlan-vpn tunnel
Parameters None
Default By default, the BPDU tunnel function is disabled.
Example To enable the BPDU tunnel function for the switch, enter the following:
[S4200G] vlan-vpn tunnel
Note:
■ You must enable STP on a device before enabling the BPDU tunnel function on it.
■ The BPDU tunnel function is only available to access ports.
■ To implement the BPDU tunnel function, the links between operator networks
must be trunk links.
■ As the VLAN VPN function is unavailable to the ports with 802.1x, GVRP, GMRP,
STP, or NTDP employed, the BPDU tunnel function is unavailable to these ports.
■ System view
Description The BPDU tunnel function enables BPDUs to be transparently transmitted between
geographically dispersed user networks through specified VLAN VPNs in operator’s
networks, allowing spanning trees to be generated across these user networks and
keep independent of those of the operator’s networks.
3Com Switch 4200G Family vlan-vpn uplink enable ● 837
Command Reference
vlan-vpn uplink enable
Purpose Use the vlan-vpn uplink enable command to configure a port to be a

VLAN-VPN uplink port.
Use the undo vlan-vpn uplink command to remove the configuration.
Syntax vlan-vpn uplink enable
undo vlan-vpn uplink
Parameters None
Example Configure Ethernet1/0/2 port to be a VLAN-VPN uplink port.
[S4200G]interface Ethernet 1/0/2
[S4200G-Ethernet1/0/2] vlan-vpn uplink enable
VLAN-VPN uplink status: enabled
Description When sending a VLAN-VPN packet, a VLAN-VPN uplink port replaces the TPID value in
the outer VLAN tag of the packet with the customized TPID value. You can use the
vlan-vpn tpid command to set the TPID value used by the VLAN-VPN uplink port.
CAUTION: The vlan-vpn uplink enable command and the vlan-vpn enable
command are mutually exclusive. That is, if you execute the vlan-vpn
enable command on a port, you will fail to execute the vlan-vpn uplink
enable command on the same port. Similarly, if you execute the vlan-vpn
uplink enable command on a port, you will fail to execute the vlan-vpn
enable command on the same port.
838 ● voice vlan 3Com Switch 4200G Family
Command Reference
voice vlan
Purpose Use the voice vlan command to enable the voice VLAN function globally.
Use the undo voice vlan enable command to disable the voice VLAN function
globally.
Syntax voice vlan vlan-id enable
undo voice vlan enable
Parameters vlan-id ID of the VLAN for which the voice VLAN function is to
be enabled. Valid values for this argument are from
2 to 4,094.
Example Enable the voice VLAN function for VLAN 2.
[S4200G] vlan 2
[S4200G-vlan2] quit
[S4200G] voice vlan 2 enable
With the voice VLAN function enabled for VLAN 2, the following message appears if
you enable the voice VLAN function for another VLAN, for example, VLAN 4.
[S4200G] voice vlan 4 enable

Can't change voice vlan configuration when other voice vlan is running
■ System view
Description Use the voice vlan command to enable the voice VLAN function globally.
globally.
CAUTION:
■ Before enabling the voice VLAN function, make sure the VLAN for which the voice
VLAN function is to be enabled exists. Otherwise, you will fail to perform the
operation.
■ To remove a VLAN with the voice VLAN function enabled, you need to disable the
voice VLAN function first.
■ Only one VLAN can have the voice VLAN function enabled at a time.
Related Command display voice vlan status

3Com Switch 4200G Family voice vlan aging ● 839
Command Reference
voice vlan aging
Purpose Use the voice vlan aging command to set the aging time for a voice VLAN.
Use the undo voice vlan aging command to restore the default aging time for
a voice VLAN.
Syntax voice vlan aging minutes
undo voice vlan aging
Parameters minutes Aging time (in minutes) to be set for a voice VLAN.
Valid values for this argument are from 5 to 43,200.
If not specified, the default is 1,440.
Example Set the aging time of the voice VLAN to 100 minutes.
[S4200G] voice vlan aging 100
■ System view

840 ● voice vlan enable 3Com Switch 4200G Family
Command Reference
voice vlan enable
Purpose Use the voice vlan enable command to enable the voice VLAN function for a
port.
for a port.
Syntax voice vlan enable
undo voice vlan enable
Parameters None
Example Enable the voice VLAN function for GigabitEthernet1/0/2 port.
[S4200G-Ethernet1/0/2] voice vlan enable
Description The voice VLAN function takes effect on a port only when it is enabled in both system
view and port view. Note that the operation to enable the voice VLAN function for a
port is independent of that to enable the function globally.

3Com Switch 4200G Family voice vlan mac-address ● 841
Command Reference
voice vlan mac-address
Purpose Use the voice vlan mac-address command to set a MAC address used for a
voice VLAN to identify voice devices.
Use the undo voice vlan mac-address command to remove a MAC address
used to identify voice devices.
Syntax voice vlan mac-address oui mask oui-mask [ description string ]
undo voice vlan mac-address oui
Parameters oui MAC address to be set. You need to provide this

argument in the format of H-H-H.
oui-mask MAC address mask in the format of H-H-H. This
argument specifies the valid bits of the MAC address.
string Description of the MAC address, consisting of a string
Example Set 00aa-bb00-0000 as an OUI address, with a description of "ABC".
[S4200G] voice vlan mac-address 00aa-bb00-0000 mask ffff-ff00-0000
description ABC
■ System view
Description A switch can use up to 16 MAC addresses to identify voice devices, including the four
default MAC addresses (as listed in Table 2-2). When the number of MAC addresses
reaches 16, you will fail to add new MAC addresses.s
Table 119 Default OUI address
Number OUI Description

1 00e0-bb00-0000 3com phone
2 0003-6b00-0000 Cisco phone
3 00e0-7500-0000 Polycom phone
4 00d0-1e00-0000 Pingtel phone
Related Command display voice vlan oui

842 ● voice vlan mode 3Com Switch 4200G Family
Command Reference
voice vlan mode
Purpose Use the voice vlan mode auto command to configure an Ethernet port to
operate in the automatic voice VLAN mode.
Use the undo voice vlan mode auto command to configure an Ethernet port
to operate in the manual voice VLAN mode.
Syntax voice vlan mode auto
undo voice vlan mode auto
Parameters None
Default By default, an Ethernet port operates in the automatic voice VLAN mode.
Example Configure Ethernet 1/0/2 port to operate in the manual voice VLAN mode.
[S4200G] interface ethernet 1/0/2
[S4200G-Ethernet1/0/2] undo voice vlan mode auto
Description Use the voice vlan mode auto command to configure an Ethernet port to
operate in the automatic voice VLAN mode.
Use the undo voice vlan mode auto command to configure an Ethernet port
to operate in the manual voice VLAN mode.
These two commands are valid only before you enable the voice VLAN function
globally.

3Com Switch 4200G Family voice vlan security enable ● 843
Command Reference
voice vlan security enable
Purpose Use the voice vlan security enable command to enable the voice VLAN
security mode.
Use the undo voice vlan security enable command to disable the voice
VLAN security mode.
Syntax voice vlan security enable
undo voice vlan security enable
Parameters None
Default By default, the voice VLAN security mode is enabled.
Example Disable the voice VLAN security mode.
[S4200G] undo voice vlan security enable
■ System view
Description In the voice VLAN security mode, the ports in a voice VLAN and with voice devices
attached to can only forward voice data. Data packets with their MAC addresses not
among the OUI addresses that can be identified by the system will be dropped. This
mode has no effects on other VLANs.
These two commands are valid only before you enable the voice VLAN function
globally.

844 ● voice vlan security enable 3Com Switch 4200G Family
Command Reference
3Com Switch 4200G Family ● 845
Command Reference
Numerics COMMANDS BY FUNCTION
Commands by This section lists all commands by function.

Function Numerics
802.1x
display debugging habp 157
display dot1x 171
display habp 182
display habp table 183
display habp traffic 184
dot1x 332
dot1x authentication-method 334
dot1x dhcp-launch 335
dot1x guest-vlan 336
dot1x max-user 338
dot1x port-control 340
dot1x port-method 342
dot1x quiet-period 344
dot1x retry 345
dot1x retry-version-max 346
dot1x timer 347
dot1x version-check 349
habp enable 374
habp server vlan 375
habp timer 376
reset dot1x statistics 595
smarton 671
smarton password 672
smarton switchid 673
smarton timer 674
A
AAA and Radius

access-limit 14
accounting 15
accounting optional 19
accounting-on enable 17
attribute 36
authentication 38
authorization 42
cut connection 89
data-flow-format 91
debugging radius 102
display connection 149
display domain 169
display local-server statistics 229
display local-user 230
display radius 278
display radius statistics 280
display stop-accounting-buffer 307
domain 330
846 ● 3Com Switch 4200G Family
Command Reference
key 421
level 428
local-server 431
messenger 463
name 476
nas-ip 477
primary accounting 538
primary authentication 540
radius nas-ip 579
radius trap 583
radius-scheme 580
reset radius statistics 601
reset stop-accounting-buffer 605
retry realtime-accounting 613
retry stop-accounting 615
scheme 648
secondary accounting 651
secondary authentication 652
self-service-url 654
server-type 657
state 717, 720
stop-accounting-buffer enable 722
timer 802
timer quiet 803
timer realtime-accounting 804
timer response-timeout 806
user-name-format 823
vlan-assignment-mode 830
ACL
acl 22
description 114
display acl 126
display packet-filter 257
display time-range 316
packet-filter 506
rule (Advanced ACL) 634
rule (Basic ACL) 638
rule (Layer 2 ACL) 641
rule comment 640
time-range 799
ARP
arp check enable 31
arp static 32
arp timer aging 34
debugging arp packet 96
display arp 128
display arp count 130
display arp timer aging 131
gratuitous-arp learning enable 371
reset arp 593
Auto-detect
ip route-static 418
retry 612
Command Reference
Centralized MAC
display mac-authentication 241
mac-authentication 453
mac-authentication authmode 455
mac-authentication authpassword 456
mac-authentication authusername 457
mac-authentication domain 458
mac-authentication timer 459
CLI
command-privilege level 86
display history-command 185
super 776
super password 778
Cluster
add-member 25
administrator-address 27
auto-build 43
black-list add-mac 46
black-list delete-mac 47
build 55
cluster 70
cluster enable 71
cluster switch-to 83
cluster switch-to-sysname 84
cluster-local-user 72
cluster-mac 73
cluster-mac syn-interval 74
cluster-snmp-agent community 75
cluster-snmp-agent group v3 77
cluster-snmp-agent mib-view included 79
cluster-snmp-agent usm-user v3 81
delete-member 109
display cluster 139
display cluster base-topology 141
display cluster black-list 142
display cluster candidates 143
display cluster current-topology 145
display cluster members 147
display ntdp single-device mac-address 251
ftp cluster 362
holdtime 381
ip-pool 415
logging-host 437
management-vlan 460
management-vlan synchronization enable 461
nm-interface vlan-interface 481
reboot member 585
snmp-host 702
tftp cluster get 793
tftp cluster put 794
timer 801
topology accept 807
topology restore-from 808
Command Reference
topology save-to 809

tracemac 810
Configuration File Management

display current-configuration 152
display saved-configuration 290
display startup 306
display this 315
reset saved-configuration 603
save 643
startup saved-configuration 716
D
DHCP
accounting domain 16
address-check 26
debugging dhcp-relay 98
dhcp relay information enable 115
dhcp relay information strategy 116
dhcp-security static 117
dhcp-server 118
dhcp-server ip 119
display dhcp-security 160
display dhcp-server 161
display dhcp-server intervace vlan-interface 163
display dhcp-snooping 164, 165
display dhcp-snooping trust 166, 167
DLDP
debugging DLDP 100
E
EAD
security-policy-server 653
Ethernet Switch
acl 21
authentication-mode 40
auto-execute command 44
databits 93
display user-interface 320
display users 322
free user-interface 359
free web-users 360
header 377
history-command max-size 380
idle-timeout 383
ip http acl 414
jumboframe enable 420
lock 436
parity 507
protocol inbound 546
screen-length 650
send 656
service-type 660
set authentication password 663
Command Reference
shell 668
snmp-agent community 676
snmp-agent group 678
snmp-agent usm-user 696
speed 703
stopbits 723
sysname 780
telnet 786
user privilege level 824
user-interface 822
F
File System Management

boot attribute-switch 48
boot boot-loader 49
boot boot-loader backup-attribute 51
boot web-packege 53
cd 59
copy 87
delete 105
display boot-loader 132
file prompt 356
format 358
local-user 433
local-user password-display mode 435
mkdir 470
more 473
move 474
pwd 555
rename 591
reset recycle-bin 602
rmdir 619
startup bootrom-access enable 715
undelete 820
FTP
ascii 35
binary 45
bye 57
cd 60
cdup 62
close 69
delete 107
dir 122
disconnect 125
display ftp-server 176
display ftp-user 177
ftp 361
ftp server 363
ftp server enable 364
ftp timeout 365
get 370
lcd 427
ls 444
mkdir 471
open 504
passive 508
put 553
Command Reference
pwd 556
quit 577
remotehelp 588
rename 592
rmdir 620
user 821
verbose 825
G
GARP and GVRP

display garp statistics 178
display garp timer 179
display gvrp statistics 180
display gvrp status 181
garp timer 366
garp timer leaveall 368
gvrp 372
gvrp registration 373
reset garp statistics 596
I
IGMP
display igmp-snooping configuration 188
display igmp-snooping group 189
display igmp-snooping statistics 190
display mac-address multicast static 239
gmp-snooping fast-leave 386
gmp-snooping max-response-time 391
igmp host-join vlan 384
igmp-snooping 385
igmp-snooping group-limit 387
igmp-snooping group-policy 388
igmp-snooping host-aging-time 390
igmp-snooping router-aging-time 392
mac-address multicast interface vlan 449
mac-address multicast vlan 450
service-type multicast 662
Information Center
display channel 137
display info-center 191
display logbuffer 232
display logbuffer summary 234
display trapbuffer 318
info-center channel name 393
info-center console channel 394
info-center enable 395
info-center logbuffer 396
info-center monitor channel 397
info-center snmp channel 398
info-center source 399
info-center synchronous 403
info-center timestamp 404
info-center trapbuffer 405
reset logbuffer 599
reset trapbuffer 611
terminal debugging 787
terminal logging 789
Command Reference
terminal monitor 790

terminal trapping 791
L
Link Aggregation
display link-aggregation interface 224
display link-aggregation summary 226
display link-aggregation verbose 227
lacp enable 423
lacp port-priority 424
lacp system-priority 425
link-aggregation group agg-id description 429
link-aggregation group agg-id mode 430
port link-aggregation group 520
Loopback Detection
display-loopback-detection 235
M
MAC Address Table

display mac-address 236, 445
display mac-address aging-time 238
mac-address timer 452
Management VLAN
debugging dhcp client 97
description 113
display bootp client 134
display dhcp client 159
display interface VLAN-interface 196
display ip host 197
display ip interface vlan-interface 198
display ip routing-table 200
display ip routing-table acl 201
display ip routing-table ip address 204
display ip routing-table ip address1 ip address2 208
display ip routing-table ip-prefix 210
display ip routing-table statistics 216
display ip routing-table verbose 217
interface VLAN-interface 409
ip address 410
ip address bootp-alloc 411
ip address dhcp-alloc 412
ip host 413
shutdown 670
Mirroring
display mirroring-group 244
mirroring group 464
mirroring-group mirroring-port 465
mirroring-group reflector-port 466
mirroring-group remote-probe vlan 467
mirroring-port 468
monitor-port 472
remote-probe vlan 587
Command Reference
MSTP
active region-configuration 24
check region-configuration 63
display stp 309
display stp region-configuration 311
instance 406
region-name 586
reset stp 607
revision-level 617
stp 724
stp bpdu-protection 725
stp bridge-diameter 726
stp config-digest-snooping 727
stp cost 729
stp edged-port 730
stp interface 732
stp interface config-digest-snooping 734
stp interface cost 736
stp interface edged-port 738
stp interface loop protection 740
stp interface mcheck 742
stp interface no-agreement-check 743
stp interface point-to-point 744
stp interface port priority 746
stp interface root-protection 748
stp interface transmit-limit 750
stp loop-protection 752
stp max-hops 753
stp mcheck 754
stp mode 755
stp no-agreement-check 756
stp pathcost-standard 757
stp point-to-point 759
stp port priority 761
stp priority 762
stp region-configuration 763
stp root primary 764
stp root secondary 767
stp root-protection 766
stp tc-protection 769
stp timer forward-delay 771
stp timer hello 773
stp timer max-age 774
stp timer-factor 770
stp transmit-limit 775
vlan-mapping modulo 832
vlan-vpn tunnel 836
Multicast Protocol
display igmp-snooping configuration 188
display igmp-snooping group 189
display igmp-snooping statistics 190
igmp-snooping 385
igmp-snooping group-limit 387
igmp-snooping group-policy 388
igmp-snooping router-aging-time 392
reset igmp-snooping statistics 597
service-type multicast 662
Command Reference
NDP
display ndp 246
ndp enable 478
ndp timer aging 479
ndp timer hello 480
reset ndp statistics 600
Network Protocol
arp check enable 31
reset ip statistics 598
NTDP
display ntdp 249
display ntdp device-list 250
ntdp enable 482
ntdp explore 483
ntdp hop 484
ntdp timer 485
ntdp timer hop-delay 486
ntdp timer port-delay 487
NTP
debugging ntp-service 101
display ntp-service sessions 253
display ntp-service status 255
display ntp-service trace 256
ntp-service access 488
ntp-service authentication enable 490
ntp-service authentication-keyid 491
ntp-service broadcast-client 492
ntp-service broadcast-server 493
ntp-service in-interface disable 494
ntp-service max-dynamic sessions 495
ntp-service multicast-client 496
ntp-service multicast-server 497
ntp-service source-interface 499
ntp-service unicast-peer 500
ntp-service unicast-server 502
P
Password Control
password 509
Port
am user-bind 28
broadcast-suppression 54
copy configuration 88
description 111
display am user-bind 127
display brief interface 135
display interface 193
display isolate port 222
display lacp system-id 223
Command Reference
display mac-address security 240

display port 258
display port-security 259
duplex 351
flow-control 357
interface 408
loopback-detection control enable 438
loopback-detection enable 439
loopback-detection interval-time 441
loopback-detection per-vlan enable 442
mac-address security 451
mdi 462
port access vlan 516
port hybrid pvid vlan 517
port hybrid vlan 518
port isolate 519
port link-type 521
port trunk permit vlan 537
port trunk pvid vlan 536
port-security enable 522
port-security intrusion-mode 523
port-security max-mac-count 525
port-security ntk-mode 527
port-security OUI 529
port-security port-mode 530
port-security timer disableport 533
port-security trap 534
reset counters interface 594
shutdown 669
speed 704
virtual-cable-test 826
Q
QoS
apply qos-profile 29
apply qos-profile interface 30
display protocol-priority 262
display qos cos-drop-precedence-map 263
display qos cos-dscp-map 264
display qos cos-local-precedence-map 265
display qos dscp-cos-map 266
display qos dscp-drop-precedence-map 267
display qos dscp-dscp-map 268
display qos dscp-local-precedence-map 269
display qos-interface all 270
display qos-interface priority-trust 272
display qos-interface traffic-limit 273
display qos-interface traffic-shape 274
display qos-interface traffic-statistic 275
display qos-profile 276
display queue-scheduler 277
packet-filter 505
priority 542
priority trust 543
protocol-priority protocol-type 547
qos cos-drop-precedence-map 557
qos cos-dscp-map 559
qos cos-local-precedence-map 561
qos dscp-cos-map 563
Command Reference
qos dscp-drop-precedence-map 565

qos dscp-dscp-map 567
qos dscp-local-precedence-map 569
qos-profile 571
qos-profile port-based 572
queue-scheduler 573
reset traffic-limit 609
reset traffic-statistic 610
traffic shape 815
traffic-limit 813
traffic-statistic 816
R
RMON
display rmon alarm 282
display rmon event 283
display rmon eventlog 284
display rmon prialarm 286
display rmon statistics 287
rmon alarm 621
rmon event 623
rmon history 624
rmon prialarm 625
rmon statistics 628
Routing Protocol
delete static-routes all 110
display ip routing-table protocol 213
display ip routing-table radix 215
ip route-static 416, 418
S
SNMP
debugging snmp-agent 103
display snmp-agent community 294
display snmp-agent group 295
display snmp-agent mib-view 296
display snmp-agent statistics 298
display snmp-agent sys-info 300
display snmp-agent trap-list 301
display snmp-agent usm-user 302
enable snmp trap updown 352
snmp-agent 675
snmp-agent community 677
snmp-agent group 680
snmp-agent local-engineid 682
snmp-agent log 683
snmp-agent mib-view 684
snmp-agent packet max-size 685
snmp-agent sys-info 686
snmp-agent target-host 687
snmp-agent trap enable 689
snmp-agent trap life 691
snmp-agent trap queue-size 692
snmp-agent trap source 693
Command Reference
SSH
bye 56
cd 58
cdup 61
dir 124
display rsa local-key-pair public 288
display rsa peer-public-key 289
display ssh server 303
display ssh server-info 304
display ssh user-information 305
exit 355
get 369
help 379
ls 443, 444
mkdir 469, 471
peer-public-key end 511
protocol inbound 545
public-key-code begin 548, 549
public-key-code end 550, 551
put 552
pwd 554
quit 575, 576
remove 589
rename 590
rmdir 618
rsa local-key-pair create 629
rsa local-key-pair destroy 631
rsa peer-public-key 632, 633
sftp 664
sftp server enable 666
sftp time-out 667
ssh client assign rsa-key 705
ssh client first-time enable 706
ssh server authentication-retries 707
ssh server timeout 708
ssh user assign rsa-key 709
ssh user authentication-type 710
ssh user service-type 712
ssh2 713
Static Route
delete static-routes all 110
ip route-static 416
System Access
free user-interface 359
return 616
service-type 658
System Maintenance
boot boot-loader 50
boot bootrom 52
clock datetime 65
clock summer-time 66
clock timezone 68
debugging 95
display boot-loader 133
Command Reference
display clock 138

display cpu 151
display device 158
display diagnostic-information 168
display fib 175
display icmp statistics 186
display ip socket 218
display ip statistics 220
display memory 243
display schedule reboot 292
display tcp statistics 312
display tcp status 314
display users 323
display version 324
language-mode 426
ping 512
quit 578
reboot 584
reset tcp statistics 608
schedule reboot at 645
schedule reboot delay 647
sysname 781
system-view 782
tcp timer fin-timeout 783
tcp timer syn-timeout 784
tcp window 785
terminal debugging 788
tracert 811
System Management
debugging 94, 95
debugging ntp-service 101
display cpu 292
display rmon history 285
display rmon prialarm 286
display snmp-agent 293
end-station polling ip-address 353
execute 354
T
TFTP
tftp get 795
tftp put 796
tftp-server 797
U
UDP Helper
debugging udp-helper 104
display udp-helper server 319
udp-helper enable 817
udp-helper port 818
udp-helper server 819
V
VLAN
description 112
Command Reference
display vlan 326

name 475
port 515
vlan 828
VLAN-VPN
display port vlan-vpn 261
vlan-vpn enable 834
vlan-vpn tpid 835
vlan-vpn uplink enable 837
Voice VLAN
display vlan 325
display voice vlan oui 328
display voice vlan status 329
voice vlan 838
voice vlan aging 839
voice vlan enable 840
voice vlan mac-address 841
voice vlan mode 842
voice vlan security enable 843
3COM SWITCH 4200G FAMILY
QUICK REFERENCE GUIDE
Overview
This Command Reference applies to the following Switch 4200G models:
Switch 4200G 12-Port (3CR17660-91) Switch 4200G 48-Port FX (3CR17662-91)
Switch 4200G 24-Port (3CR17661-91) Switch 4200G 1-Port 10Gigabit Module (XFP) (3C17666)
About the Command Line Interface

To use and navigate the command line interface of your unit, please refer to the following points for assistance:
■ When initially accessing the command line interface, press Enter when prompted. The User View menu for the unit
displays. This is indicated by the chevron brackets around the name of the unit at the prompt, for example,
<sw4200G>.
■ When in the System View menu, square brackets appear around the name of the unit at the prompt, for example,
[sw4200G].
■ You must be in the System View menu to access the configurable CLI commands.
■ Some commands can be entered directly at any prompt from anywhere in the interface.
■ If you enter part of a command followed by a ? (with no space between), the CLI will show you all the commands
that begin in that way.
■ The term ‘view’ may be used interchangeably with the term ‘menu’.
■ The undo command is placed before the command you wish to undo, for example, undo setauthentication password.
■ <CTRL-A> places the cursor back to the start of the command line.
■ Enter the first few characters of a command and press TAB to enter the full command without having to input the
entire command (where there is only one command that starts with the entered characters).
■ Use the Up Arrow key at the prompt to repeat the previous command string.
■ Use the Delete key to delete the character after the cursor; the Backspace key deletes the character before the cursor.
■ When entering physical port numbers, Enter the port number as x/0/z, where x is the unit number and z is the
physical port number.
Copyright © 2006-2007, 3Com Corporation. All rights reserved.

www.3Com.com
Part Number: 10014917 Rev. AC
Published: February 2007
2 3Com Switch 4200G Family
Command Reference
Displaying Command Parameters
At the prompt, enter the name of the command followed by a space and ?. For example:
<sw4200G>boot ?
The following parameters are displayed:
attribute-switch Exchange the file main-attribute and backup-attribute.

boot-loader Select a file to boot at the next time
bootrom Update Bootrom
web-package Set web resource package
To specify boot loader, enter the command as follows:
<sw4200G>boot boot-loader ?
You only need to enter ? if parameters exist for the command.
Displaying Parent Menus
At the prompt, enter quit.
Displaying the User View Menu
Press <CTRL-Z>.
Obtaining Help
At the prompt, enter ?.
Further Information
For further information about how to use the command line interface, refer to the Command Reference Guide and
the Configuration Guide, which are both available as PDF documents on the CD that accompanied the unit.
Commands
access-limit
Use the access-limit command to set the maximum number of access users that can be contained in
current ISP domain.
ISP Domain view
accounting
Use the accounting command to configure an accounting scheme for the current ISP domain.
ISP Domain view
accounting domain
Use the accounting domain command to enable the DHCP accounting function.
DHCP Address Pool view
accounting-on enable
Use the accounting-on enable command to enable user re-authentication upon device restart function.
RADIUS Scheme view
accounting optional
Use the accounting optional command to open the accounting-optional switch.

ISP Domain view
RADIUS Scheme view
3Com Switch 4200G Family 3
Command Reference
acl
Use the acl command to reference ACL and implement the ACL control to the TELNET users.
User Interface view
acl
Use the acl command to define an ACL identified by a number, and enter the corresponding ACL View.
System view
active region-configuration
Use the active region-configuration command to activate the settings of an MST (multiple spanning
tree) region.
MST Region view
add-member
Use the add-member command to add a candidate device to a cluster.

Cluster view
address-check
Use the address-check command to enable or disable DHCP relay security on a VLAN interface, so as to
start or stop the validity check on user addresses under the VLAN interface.
VLAN Interface view
administrator-address
Use the administrator-address command to store the MAC address of the management device on a
member device.
Cluster view
am user-bind
Use the am user-bind command to bind the MAC and IP addresses of a legal user to a specified port.
System view
Ethernet Port view
apply qos-profile
Use the apply qos-profile command to manually apply the QoS profile to the current port.
Ethernet Port view
apply qos-profile interface
Use the apply qos-profile interface command to manually apply a QoS profile to one or more
consecutive ports.
System view
arp check enable
Use the arp check enable command to enable the ARP entry checking function, that is, to disable a switch
from creating multicast MAC address ARP entries for MAC addresses learned.
System view
arp static
Use the arp static command to configure the static ARP mapping entries in the ARP mapping table.
System view
arp timer aging
Use the arp timer aging command to configure the aging time for dynamic ARP mapping entries.
System view
ascii
Use the ascii command to configure data transmission mode as ASCII mode.
FTP Client view
attribute
Use the attribute command to configure attributes of a user whose service type is lan-access.
Local User view
authentication
Use the authentication command to configure an authentication scheme for the current ISP domain.
ISP Domain view
authentication-mode
Use the command authentication-mode to specify the authentication mode.

User Interface view
authorization
Use the authorization none command to allow users in the current ISP domain to use network services
without being authorized.
ISP Domain view
Command Reference
auto-build
Use the auto-build command to create a cluster automatically.

Cluster view
auto-execute command
Use the auto-execute command command to set the command that is executed automatically after a user
logs in.
User Interface view
binary
Use the binary command to specify that files be transferred in binary mode. That is, data is transferred in
binary streams.
FTP Client view
black-list add-mac
Use the black-list add-mac command to add a device into the blacklist.
Cluster view
black-list delete-mac
Use the black-list delete-mac command to delete a device from the blacklist.
Cluster view
boot attribute-switch
Use the boot attribute-switch command to switch between the main and backup attribute for all the files
or a specified type of files. This changes a file with the main attribute to one with the backup attribute, or
vice versa.
User view
boot boot-loader
Use the boot boot-loader command to configure an app file to be of the main attribute. The app file
specified by this command becomes the main startup file when the device starts the next time.
User view
boot boot-loader
Use the boot boot-loader command to specify the host software that will be adopted when the current
switch or a specified switch in the fabric reboots next time.
User view
boot boot-loader backup-attribute
Use the boot boot-loader backup-attribute command to configure an app file to be of the backup
attribute.
User view
boot bootrom
Use the boot bootrom command to update the BootROM.

User view
boot web-package
Use the boot web-package command to configure a Web file to be of the main or backup attribute.
User view
broadcast-suppression
Use the broadcast-suppression command to define the broadcast traffic ratio allowed on one port or each
of the ports.
System view
build
Use the build command to configure a cluster with the current switch as the management device. Argument
name specifies the name of the cluster.
Cluster view
bye
Use the bye command to terminate the connection to the remote SFTP server and return to system view.
SFTP Client view
bye
Use the bye command to terminate the control connection and data connection with the remote FTP server
and quit to user view.
FTP Client view
cd
Use the cd command to change the current path on the remote SFTP server.
SFTP Client view
Command Reference
cd
Use the cd command to enter a specified directory on the Ethernet switch.

User view
cd
Use the cd command to change the work path on the remote FTP server.
FTP Client view
cdup
Use the cdup command to return to the upper directory.

SFTP Client view
cdup
Use the cdup command to enter the parent directory.

FTP Client view
check region-configuration
Use the check region-configuration command to display the configurations of the MST regions that are
not activated.
MST Region view
clock datetime
Use the clock datetime command to set the current system time and date.
User view
clock summer-time
Use the clock summer-time command to set the name, time range, and offset of the daylight saving time.
User view
clock timezone
Use the clock timezone command to set local time zone information.
User view
close
Use the close command to terminate an FTP connection without quitting FTP client view.
FTP Client view
cluster
Use the cluster command to enter cluster view.

System view
cluster enable
Use the cluster enable command to enable the cluster function on a switch.
System view
cluster-local-user
Use the cluster-local-user command to configure a Web username and password for all cluster
members.
Cluster view
cluster-mac
Use the cluster-mac command to configure a multicast MAC address for cluster management. Run this
command only on the management device only.
Cluster view
cluster-mac syn-interval
Use the cluster-mac syn-interval command to set the interval for the management device to send
multicast packets. This command can be executed on the management device only.
Cluster view
cluster-snmp-agent community
Use the cluster-snmp-agent community command to configure a SNMP community for a cluster to enable
SNMP access.
Cluster view
cluster-snmp-agent group v3
Use the cluster-snmp-agent group command to configure a SNMP group for a cluster to map SNMP
users to the SNMP view.
Cluster view
cluster-snmp-agent mib-view included
Use the cluster-snmp-agent mib-view command to create or update the information about the MIB view
configured for a cluster.
Cluster view
Command Reference
cluster-snmp-agent usm-user v3
Use the cluster-snmp-agent usm-user v3 command to add an account to the SNMPV3 group configured
for a cluster.
Cluster view
cluster switch-to
Use the cluster switch-to command to switch between the management device and member devices
for configuration and management.
User view
cluster switch-to sysname
Use the cluster switch-to sysname command to switch between the master device and a member
device.
User view
command-privilege level
Use the command-privilege level command to set the level of the specified command in a specified view.
System view
copy
Use the copy command to copy a file.

User view
copy configuration
Use the copy configuration command to copy the configuration of a specific port to other ports, to ensure
consistent configuration.
System view
cut connection
Use the cut connection command to cut the connection a user or a category of users by force.
System view
data-flow-format
Use the data-flow-format command to set the units of measure for the data flow sent to the RADIUS
Server.
RADIUS Scheme view
databits
Use the databits command to set the databits for the user interface.
User Interface view
debugging
Use the debugging command to enable the system debugging.

User view
debugging
Use the debugging command to enable the system debugging.

User view
debugging arp packet
Use the debugging arp packet command to enable ARP debugging.

User view
debugging dhcp client
Use the debugging dhcp client command to enable debugging for the DHCP client/BOOTP client.
User view
debugging dhcp-relay
Use the debugging dhcp-relay command to enable DHCP relay debugging.

User view
debugging DLDP
Use the debugging dldp command to enable specific debugging for DLDP on all ports with DLDP enabled.
User view
debugging ntp-service
Use the debugging ntp-service command to debug different NTP (network time protocol) services.
User view
debugging radius
Use the debugging radius command to enable the debugging for RADIUS protocol.
User view
debugging snmp-agent
Use the debugging snmp-agent command to enable SNMP Agent debugging.

User view
Command Reference
debugging udp-helper
Use the debugging udp-helper command to enable UDP Helper debugging.

User view
delete
Use the delete command to delete a specified file stored on a switch.

User view
delete
Use the delete command to delete the specified file from the server.
SFTP Client view
delete
Use the delete command to delete the specified remote file.

FTP Client view
delete-member
Use the delete-member command to remove a member device from the cluster.
Cluster view
delete static-routes all
Use the delete static-routes all command to delete all the static routes.
System view
description
Use the description command to enter a description of an Ethernet port.

Ethernet Port view
description
Use the description command to assign a description string for the VLAN.
VLAN view
description
Use the description command to assign a description string to a VLAN or a VLAN interface.
VLAN view
VLAN Interface view
description
Use the description command to define the description information of an ACL to describe the specific
purpose of the ACL.
Basic ACL view
Advanced ACL view
Layer 2 ACL view
dhcp relay information enable
Use the dhcp relay information enable command to enable option 82 supporting on a DHCP relay,
through which you can enable the DHCP relay to insert option 82 into DHCP request packets sent to a
DHCP server.
System view
dhcp relay information strategy
Use the dhcp relay information strategy command to instruct a DHCP relay to perform specified
operations to DHCP request packets that carry option 82.
System view
dhcp-security static
Use the dhcp-security static command to configure a static user address entry.
System view
dhcp-server
Use the dhcp-server command to map the current VLAN interface to a DHCP server group.
VLAN Interface view
dhcp-server ip
Use the dhcp-server ip command to configure the DHCP server IP address(es) in a specified DHCP
server group.
System view
dir
Use the dir command to display the information about the specified files or directories on a switch.
User view
Command Reference
dir
Use the dir command to query specified files.

FTP Client view
dir
Use the dir command to display the files in the specified directory.
SFTP Client view
disconnect
Use the disconnect command to terminate a FTP connection without quitting FTP client view.
FTP Client view
display acl
Use the display acl command to view the detailed configuration information of an ACL, including each
rule and its number as well as the number and size in bytes of the data packets that match the statement.
Any view
display am user-bind
Use the display am command to view whether address management is enabled and to display IP address
pool configuration.
Any view
display arp
Use the display arp command to display the ARP mapping table entries by entry type, or by a specified
IP address.
Any view
display arp count
Use the display arp count command to display the number of the specified type of ARP mapping entries.
Any view
display arp timer aging
Use the display arp timer aging command to view the current setting of the dynamic ARP aging timer.
Any view
display boot-loader
Use the display boot-loader command to display the information about the app startup files of a switch,
including the current app startup file name, the main and backup app startup files to be used when the switch
starts the next time.
Any view
display boot-loader
Use the display boot-loader command to display the host software (.bin file) that will be adopted when
the switch reboots.
Any view
display bootp client
Use the display bootp client command to display BOOTP client-related information, including the MAC
address of the BOOTP client and the IP address obtained.
Any view
display brief interface
Use the display brief interface command to display the configuration information about one specific
or all ports in brief, including the port type, connection state, connection rate, duplex attribute, link type and
default VLAN ID.
Any view
display channel
Use the display channel command to display the details about the information channel.
Any view
display clock
Use the display clock command to display the current date and time of the system, so that you can adjust
them if they are wrong.
Any view
display cluster
Use the display cluster command to display the state and basic configuration information of the cluster
that contains the current switch.
Any view
display cluster base-topology
Use the display cluster topology command to display the standard topology view of the cluster.
Any view
Command Reference
display cluster black-list
Use the display cluster black-list command to display the current blacklist of the cluster.
Any view
display cluster candidates
Use the display cluster candidates command to display candidate devices of a cluster.
Any view
display cluster current-topology
Use the display cluster current topology command to display the current topology view or the topology
path between two points.
Any view
display cluster members
Use the display cluster members command to display the information about cluster members.
Any view
display connection
Use the display connection command to view the information for a specified connection type.
Any view
display cpu
Use the display cpu command to display CPU usage of a specified switch.
Any view
display current-configuration
Use the display current-configuration command to display the current configuration of a switch.
Any view
display debugging
Use the display debugging command to display the enabled debugging on a specified device.
Any view
display debugging habp
Use the display debugging habp command to display the state of HABP debugging.
Any view
display device
Use the display device command to display the information, such as the module type and operating
status, about each board (main board and sub-board) of a specified switch.
Any view
display dhcp client
Use the display dhcp client command to display the DHCP client-related information.
Any view
display dhcp-security
Use the display dhcp-security command to display one or all user address entries, or a specified type
of user address entries in the valid user address table of a DHCP server group.
Any view
display dhcp-server
Use the display dhcp-server command to display information about a specified DHCP server group.
Any view
display dhcp-server interface vlan-interface
Use the display dhcp-server interface vlan-interface command to display information about the
DHCP server group to which a VLAN interface is mapped.
Any view
Use the display dhcp-snooping command to display the user IP-MAC address mapping entries recorded
by the DHCP snooping function.
Any view
Use the display dhcp-snooping command to display the correspondence between user IP addresses and
MAC addresses recorded by the DHCP snooping function.
Any view
Use the display dhcp-snooping trust command to display the (enabled/disabled) state of the DHCP
snooping function and the trusted ports.
Any view
Command Reference
Use the display dhcp-snooping trust command to display the DHCP-Snooping state and information
on trusted ports.
Any view
display diagnostic-information
Use the display diagnostic-information command to display the system diagnostic information, or save
the system diagnostic information to a file (with a suffix of "diag") in the flash memory.
Any view
display domain
Use the display domain command to view the configuration information of a specified ISP domain or
display the summary information of all ISP domains.
Any view
display dot1x
Use the display dot1x command to view the relevant information of 802.1x.
Any view
display fib
Use the display fib command to view the summary of the forwarding information base.
Any view
display ftp-server
Use the display ftp-server command to display the FTP server-related settings of a switch when it
operates as an FTP server.
You can use this command to verify FTP server-related configurations.
Any view
display ftp-user
Use the display ftp-user command to display the settings of the current FTP user, including the user
name, host IP address, port number, connection idle time, and authorized directory.
Any view
display garp statistics
Use the display garp statistics command to display the GARP statistics on specified (or all) ports.
Any view
display garp timer
Use the display garp timer command to display the values of the GARP timers on specified or all ports.
Any view
display gvrp statistics
Use the display gvrp statistics command to display the GVRP statistics about specified (or all) Trunk
ports.
Any view
display gvrp status
Use the display gvrp status command to display the enable/disable status of global GVRP.
Any view
display habp
Use the display habp command to display HABP configuration and status information.
Any view
display habp table
Use the display habp table command to display the MAC address table maintained by HABP.
Any view
display habp traffic
Use the display habp traffic command to display statistics on HABP packets.
Any view
display history-command
Use the display history-command command to display history commands.

Any view
display icmp statistics
Use the display icmp statistics command to view the statistics information about ICMP packets.
Any view
display igmp-snooping configuration
Use the display igmp-snooping configuration command to display the configuration information about
IGMP Snooping.
Any view
Command Reference
display igmp-snooping group
Use the display igmp-snooping group command to display information about the IP and MAC multicast
groups under one VLAN (with vlan vlan-id) or all VLANs (without vlan vlan-id).
Any view
display igmp-snooping statistics
Use the display igmp-snooping statistics command to display the message statistics about IGMP
Snooping.
Any view
display info-center
Use the display info-center command to display system log settings and memory buffer record statistics.
Any view
display interface
Use the display interface command to view the configuration information on the selected interface.
Any view
display interface VLAN-interface
Use the display interface vlan-interface command to display the information about the management
VLAN interface, including the physical and link status, the format of the sent frames, the MAC address, IP
address (and subnet mask), description string and MTU (maximum transmit unit) of the management VLAN.
Any view
display ip host
Use the display ip host command to display all host names and their corresponding IP addresses.
Any view
display ip interface vlan-interface
Use the display ip interface vlan-interface command to view information on the specified interface.
Any view
display ip routing-table
Use the display ip routing-table command to display the summary information about the routing table.
Any view
display ip routing-table acl
Use the display ip routing-table acl command to display the routes permitted by the specified basic
ACL.
Any view.
display ip routing-table ip-address
Use the display ip routing-table ip-address command to display the information about the routes
leading to the destination.
Any view
display ip routing-table ip-address1 ip-address2
Use the display ip routing-table ip-address1 ip-address2 command to display the information
about the routes with their destinations within the specified destination IP address range.
Any view
display ip routing-table ip-prefix
Use the display ip routing-table ip-prefix command to display the information about the routes
matching a specified IP prefix list.
Any view
display ip routing-table protocol
Use the display ip routing-table protocol command to display the information about specific routes.
Any view
display ip routing-table radix
Use the display ip routing-table radix command to view the route information in a hierarchical (tree)
structure.
Any view
display ip routing-table statistics
Use the display ip routing-table statistics command to display the statistics of a routing table.
Any view
display ip routing-table verbose
Use the display ip routing-table verbose command to display the detailed information about a routing
table.
Any view
Command Reference
display ip socket
Use the display ip socket command to display the information about the sockets in the current system.
Any view
display ip statistics
Use the display ip statistics command to view the statistics information about IP packets.
Any view
display isolate port
Use the display isolate port command to display the information about the Ethernet ports added to an
isolation group.
Any view
display lacp system-id
Use the display lacp system-id command to view actor system ID, including system priority and system
MAC address.
Any view
display link-aggregation interface
Use the display link-aggregation interface command to display the link aggregation details about a
specified port or port range.
Any view
Use the display link-aggregation interface command to display the link aggregation details about a
specified port or port range, including:
display link-aggregation summary
Use the display link-aggregation summary command to display summary information of all aggregation
groups, including device ID of the local end, aggregation group ID, aggregation group type, device ID of the
remote end, number of the selected ports, number of the unselected ports, load sharing type and master
port number.
Any view
display link-aggregation verbose
Use the display link-aggregation verbose command to display the details about a specified
aggregation group.
Any view
display local-server statistics
Use the display local-server statistics command to view the statistics of all local RADIUS
authentication server.
Any view
display local-user
Use the display local-user command to view information about all the local users or the specified
one(s).
Any view
display logbuffer
Use the display logbuffer command to display the status of the log buffer and the records in the log
buffer.
Any view
display logbuffer summary
Use the display logbuffer summary command to display the summary of the log buffer.
Any view
display-loopback-detection
Use the display loopback-detection command to display the loopback detection status on the port.
Any view
display mac-address
Use the display mac-address command to display MAC address table information.
Any view
display mac-address aging-time
Use the display mac-address aging-time command to display the aging time of the dynamic entry in the
MAC address table.
Any view
display mac-address multicast static
Use the display mac-address multicast static command to display the multicast MAC address entries
manually configured on the switch, with each entry containing the following information: multicast MAC
address, VLAN ID, MAC address state, port number(s), and aging time of each port.
Any view
Command Reference
display mac-address security
Use the display mac-address security command to display the information about Security MAC address.
Any view
display mac-authentication
Use the display mac-authentication command to display global information about centralized MAC
address authentication
Any view
display memory
Use the display memory command to display the memory usage of a specified switch.
Any view
display mirroring-group
Use the display mirroring-group command to display the parameter settings of a port mirroring group.
Any view
display ndp
Use the display ndp command to display global NDP configuration information, including the interval to
send NDP packets, the holdtime of NDP information, and the information about the neighbors of all the
ports.
Any view
display ntdp
Use the display ntdp command to display the global NTDP information. The information includes the
range (in hop count) within which topology information is collected, the interval to collect topology
information (the NTDP timer), the delay time for a device to forward topology-collection requests, the delay
time for a topology-collection request to be forwarded through a port, and the time cost during the last
topology collection.
Any view
display ntdp device-list
Use the display ntdp device-list command to display the device information collected through NTDP.
Any view
display ntdp single-device mac-address
Use the display ntdp single-device mac-address h-h-h command to display the information about a
specific device in detail.
Cluster view
display ntp-service sessions
Use the display ntp-service sessions command to display the status of all the sessions maintained by
NTP (Network Time Protocol) service provided by the local equipment.
Any view
display ntp-service status
Use the command display ntp-service status to display the NTP service status.
Any view.
display ntp-service trace
Use the display ntp-service trace command to display the brief information of each NTP time server
along the time synchronization chain from the local device to the reference clock source.
Any view
display packet-filter
Use the display packet-filter command to view the application information of packet filtering, including
the ACL name, rule names, and application status.
Any view
display port
Use the display port command to display all current ports with their type indicated.
Any view
display port-security
Use the display port-security command to display the information about port security configuration
(including global configuration and all or specific port configuration).
Any view
display port vlan-vpn
Use the display port vlan-vpn command to display the information about the VLAN VPN configuration
of the current system, including current TPID value, VLAN-VPN ports, and VLAN-VPN uplink ports.
Any view
Command Reference
display protocol-priority
Use the display protocol-priority command to display the priority of protocol packets.
Any view
display qos cos-drop-precedence-map
Use the display qos cos-drop-precedence-map command to display the "COS->Drop-precedence"

Any view
display qos cos-dscp-map
Use the display qos cos-dscp-map command to display the "COS->DSCP" mapping relationship.
Any view
display qos cos-local-precedence-map
Use the display qos cos-local-precedence-map command to view the COS–>Local-precedence map.
Any view
display qos dscp-cos-map
Use the display qos dscp-cos-map command to display the "DSCP->802.1 priority" mapping relationship.
Any view
display qos dscp-drop-precedence-map
Use the display qos dscp-drop-precedence-map command to display the "DSCP->Drop-precedence"

Any view
display qos dscp-dscp-map
Use the display qos dscp-cos-map command to display the "DSCP->DSCP" mapping relationship.
Any view
display qos dscp-local-precedence-map
Use the display qos dscp-local-precedence-map command to display the "DSCP->Local-precedence"

Any view
display qos-interface all
Use the display qos-interface all command to display all the QoS settings of the port.
Any view
display qos-interface priority-trust
Use the display qos-interface priority-trust command to display the precedence mapping mode of
the switch.
Any view
display qos-interface traffic-limit
Use the display qos-interface traffic-limit command to view the traffic limit settings.
Any view
display qos-interface traffic-shape
Use the display qos-interface traffic-shape command to view the parameter configurations of traffic
shaping on the port.
Any view
display qos-interface traffic-statistic
Use the display qos-interface traffic-statistic command to view the traffic statistics.
Any view
display qos-profile
Use the display qos-profile command to view the configurations of the QoS profile.
Any view
display queue-scheduler
Use the display queue-scheduler command to view queue scheduling mode and corresponding
parameters.
Any view
display radius
Use the display radius command to view the configuration information about all RADIUS schemes or a
specified scheme.
Any view
display radius statistics
Use the display radius statistics command to view the statistics information about RADIUS packet.
Any view
Command Reference
display rmon alarm
Use the display rmon alarm command to display the configuration of a specified alarm entry or all the
alarm entries.
Any view
display rmon event
Use the display rmon event command to display the configuration of a specified event entry or all the
event entries.
Any view
display rmon eventlog
Use the display rmon eventlog command to display the log of a specified event entry or all the event
entries.
Any view
display rmon history
Use the display rmon history command to display the RMON history information about a specified port.
The information about the latest sample, including utilization, the number of errors, the total number of
packets and so on, is also displayed.
Any view
display rmon prialarm
Use the display rmon prialarm command to display the configuration of a specified extended alarm entry
or all the extended alarm entries.
Any view
display rmon statistics
Use the display rmon statistics command to display the RMON statistics of a specified port.
Any view
display rsa local-key-pair public
Use the display rsa local-key-pair public command to display the public key of the server host key
pair. If no key pair is generated, the system prompts “%RSA keys not found”.
Any view
display rsa peer-public-key
Use the display rsa peer-public-key command to display the client public key of the specified RSA key
pair. If no key name is specified, the command displays all public keys of the client
Any view
display saved-configuration
Use the display saved-configuration command to display the content of the main configuration file in
the flash memory of a switch.
Any view
display schedule reboot
Use the display schedule reboot command to display information about scheduled reboot.
Any view
display snmp-agent
Use the display snmp-agent command to view engine ID of the local or remote SNMP entity.
Any view
display snmp-agent community
Use the display snmp-agent community command to view the information about the currently configured
community names for SNMPv1 or SNMPv2c.
Any view
display snmp-agent group
Use the display snmp-agent group command to view group name, security model, state of various views
and storage models.
Any view
display snmp-agent mib-view
The display snmp-agent mib-view command is used to view the MIB view configuration information of
the current Ethernet switch.
Any view
display snmp-agent statistics
Use the display snmp-agent statistics command to view the statistics information about SNMP
packets.
Any view
Command Reference
display snmp-agent sys-info
Use the display snmp-agent sys-info command to view the system information of SNMP configuration.
Any view
display snmp-agent trap-list
Use the display snmp-agent trap-list command to display trap list information.
Any view
display snmp-agent usm-user
Use the display snmp-agent usm-user command to view SNMP user information.
Any view
display ssh server
Use the display ssh server command to display the status or session information about the SSH server
Any view
display ssh server-info
Use the display ssh server-info command to display the association between the server public keys
configured on the client and the servers.
Any view
display ssh user-information
Use the display ssh user-information command to display information about the current SSH users,
including user name, authentication mode, key name and authorized service types. If the username is
specified, the command displays information about the specified user.
Any view
display startup
Use the display startup command to display the startup configuration of a switch, including the name of
the current startup configuration file, the names of the main startup configuration file, and backup startup
configuration file to be used when the switch starts the next time, and so on.
Any view
display stop-accounting-buffer
Use the display stop-accounting-buffer command to view the no-response stop-accounting request
packets buffered in the device.
Any views
display stp
Use the display stp command to display the state and statistical information about one or all spanning
trees.
Any view
display stp region-configuration
Use the display stp region-configuration command to display the MST region configuration.
Any view
display tcp statistics
Use the display tcp statistics command to view the statistics information about TCP packets.
Any view
display tcp status
Use the display tcp status command to view the TCP connection state.
Any view
display this
Use the display this command to display the current configuration performed in the current view of the
system.
Any view
display time-range
Use the display time-range command to view the configuration and status of the current time range. You
will see the active or inactive state outputs respectively.
Any view
display trapbuffer
Use the display trapbuffer command to display the status of the trap buffer and the records in the trap
buffer.
Any view
display udp-helper server
Use the display udp-helper server command to view the information of destination Helper server
corresponding to the VLAN interface.
Any view
Command Reference
display user-interface
Use the display user-interface command to view information on a user interface.

Any view
display users
Use the display users command to display the information about user interfaces. If you do not specify the
all keyword, only the information about the current user interface is displayed.
Any view
display users
Use the display users command to display the status and configuration information about user terminal
interfaces. Use the display users all command to view the information on all user terminal interfaces.
Any view
display version
Use the display version command to view the software version, issue date and the basic hardware
configuration information.
Any view
display vlan
Use the display vlan command to display the ports operating in the manual/automatic mode in the current
voice VLAN.
Any view
display vlan
Use the display vlan command to view related information about specified VLANs or all VLANs.
Any view
display voice vlan oui
Use the display voice vlan oui command to display the currently supported OUI addresses and the
related information.
Any view
display voice vlan status
Use the display voice vlan status command to display voice VLAN-related information, including voice
VLAN operation mode, port mode (manual mode or automatic mode), and so on.
Any view
domain
Use the domain command to create an ISP domain and enter its view, or enter the view of an existing ISP
domain, or configure the default ISP domain.
System view
dot1x
Use the dot1x command to enable 802.1x on the specified port or globally, (that is on the current device).
System view
Ethernet Port view
dot1x authentication-method
Use the dot1x authentication-method command to set 802.1x authentication mode.

System view
dot1x dhcp-launch
Use the dot1x dhcp-launch command to specify an 802.1x-enabled switch to launch the process to
authenticate a supplicant system when the supplicant system applies for a dynamic IP address through
DHCP.
System view
dot1x guest-vlan
Use the dot1x guest-vlan command to enable the Guest VLAN function for specified ports.
System view
Ethernet Port view
dot1x max-user
Use the dot1x max-user command to set the maximum number of systems an Ethernet port can
accommodate.
System view
Ethernet Port view
dot1x port-control
Use the dot1x port-control command to specify the access control method for specified Ethernet ports.
System view
Ethernet Port view
Command Reference
dot1x port-method
Use the dot1x port-method command to specify the access control method for specified Ethernet ports.
Ethernet Port view
dot1x quiet-period
Use the dot1x quiet-period command to enable the quiet-period timer.

System view
dot1x retry
Use the dot1x retry command to specify the maximum number of times a switch can transmit the
authentication request frame to supplicant systems.
System view
dot1x retry-version-max
Use the dot1x retry-version-max command to set the maximum number of retries for a switch to send
version request packets to an online supplicant system.
System view
dot1x timer
Use the dot1x timer command to set the 802.1x timers.

System view
dot1x version-check
Use the dot1x version-check command to enable 802.1x client version checking for specified Ethernet
ports.
System view
Ethernet Port view
duplex
Use the duplex command to set the port duplex attribute.

Ethernet Port view
enable snmp trap updown
Use the enable snmp trap updown command to enable the port to send LINK UP and LINK DOWN Trap
information.
System view
end-station polling ip-address
Use the end-station polling ip-address command to configure the IP address requiring periodic testing.
System view
execute
Use the execute command to execute the specified batch file.

System view
exit
Use the exit command to terminate the connection to the remote SFTP server and return to system view.
This command has the same function as the bye and quit commands.
SFTP Client view
file prompt
Use the file prompt command to modify the prompt mode of file operations on the Switch.
System view
flow-control
Use the flow-control command to enable port flow control, to avoid packet loss in the event of network
congestion.
Ethernet Port view
format
Use the format command to format a storage device.

User view
free user-interface
Use the free user-interface command to reset a specified user interface to its default settings. The user
interface will be disconnected after the reset.
User view
free web-users
Use the free web-users command to disconnect a specified Web user or all Web users by force.
User view
ftp
Use the ftp command to establish a control connection with an FTP server and enter FTP client view.
User view
Command Reference
ftp cluster
Use the ftp cluster command to establish a control connection with a cluster FTP server. This command
also leads you to FTP client view.
User view
ftp server
Use the ftp server command to configure an FTP server on the management device for the member
devices in the cluster.
Use the undo ftp server command to remove the FTP server configured for the member devices in the
cluster.
System view
ftp server enable
Use the ftp server enable command to enable FTP server and allow FTP users to log in.
System view
ftp timeout
Use the ftp timeout command to configure connection timeout interval.

System view
garp timer
Use the garp timer command to set the GARP Hold, Join or Leaver timer value on the current port.
Ethernet Port view
garp timer leaveall
Use the garp timer leaveall command to set the GARP LeaveAll timer to a specified value.
System view
get
Use the get command to download a remote file and save the file to the local device.
SFTP Client view
get
Use the get command to download a remote file and save it as a local file.
FTP Client view
gratuitous-arp learning enable
Use the gratuitous-arp-learning enable command to enable the gratuitous ARP packet learning
function.
System view
gvrp
Use the gvrp command to enable GVRP globally (in system view) or on a port (in Ethernet port view).
System view
Ethernet Port view
gvrp registration
Use the gvrp registration command to configure the GVRP registration type on a port.
Ethernet Port view
habp enable
Use the habp enable command to enable HABP for a switch.

System view
habp server vlan
Use the habp server vlan command to configure a switch to operate as an HABP server and HABP
packets to be broadcast in specified VLAN.
System view
habp timer
Use the habp timer command to set the interval for a switch to send HABP request packets.
System view
header
Use the header command to set the banners that are displayed when a user logs into a switch. The login
banner is displayed on the terminal when the connection is established. And the session banner is displayed
on the terminal if a user successfully logs in.
System view
help
Use the help command to get the help information about the specified or all SFTP client commands.
SFTP Client view
Command Reference
history-command max-size
Use the history-command max-size command to set the size of the history command buffer.
User Interface view
holdtime
Use the holdtime command to configure the holdtime of a switch.

Cluster view
idle-cut
Use the idle-cut command to set the user idle-cut function in current ISP domain.
ISP Domain view
idle-timeout
Use the idle-timeout command to configure the amount of time you want to allow a user interface to
remain idle before it is disconnected.
User Interface view
igmp host-join vlan
Use the igmp host-join vlan command to configure a routing port to join to a multicast group.
Ethernet Port view
igmp-snooping
Use the igmp-snooping command to enable or disable the IGMP Snooping.

System view
VLAN view
igmp-snooping fast-leave
Use the igmp-snooping fast-leave command to enable IGMP fast leave processing.
Ethernet Port view
igmp-snooping group-limit
Use the igmp-snooping group-limit command to set the maximum number of multicast groups the port
can join.
Ethernet Port view
igmp-snooping group-policy
Use the igmp-snooping group-policy command to configure an IGMP Snooping filter ACL.
System view
Ethernet Port view
igmp-snooping host-aging-time
Use the igmp-snooping host-aging-time command to set the aging time of multicast member ports.
System view
igmp-snooping max-response-time
Use the igmp-snooping max-response-time command to configure the maximum query response time.
System view
igmp-snooping router-aging-time
Use the igmp-snooping router-aging-time command to configure the aging time of the router port.
System view
info-center channel name
Use the info-center channel name command to name the channel of the specified number.
System view
info-center console channel
Use the info-center console channel command to enable information output to the console through a
specified channel.
System view
info-center enable
Use the info-center enable command to enable the information center.

System view
info-center logbuffer
Use the info-center logbuffer command to enable information output to the log buffer through the
specified channel (you can also set the size of the log buffer in this command).
System view
info-center monitor channel
Use the info-center monitor channel command to enable information output to terminals through a
specified channel.
System view
Command Reference
info-center snmp channel
Use the info-center snmp channel command to enable information output to the SNMP through a
specified channel.
System view
info-center source
Use the info-center source command to add a record (that is, an information source) to an information
channel.
System view
info-center synchronous
Use the info-center synchronous command to enable synchronous terminal output.

System view
Use the info-center synchronous command to enable synchronous terminal output, so that if system
information (such as log information) is output when the user is inputting, the command prompt and input
information are echoed after the output (note that, the command prompt is echoed in command edit state
but is not echoed in interactive state).
info-center timestamp
Use the info-center timestamp command to set the format of time stamp included in the log/trap/debug
information or specify not to include time stamp in the information.
System view
info-center trapbuffer
Use the info-center trapbuffer command to enable information output to the trap buffer.
System view
instance
Use the instance command to map specified VLANs to a specified spanning tree instance.
MST Region view
interface
Use the command interface command to enter Ethernet port view. To configure parameters for a port, you
must enter the port view first.
System view
interface VLAN-interface
Use the interface vlan-interface command to create a management VLAN interface and enter
management VLAN interface view.
System view
ip address
Use the ip address command to assign an IP address (and mask) to a management VLAN interface.
VLAN Interface view
ip address bootp-alloc
Use the ip address bootp-alloc command to configure VLAN interface to obtain IP address using
BOOTP.
VLAN Interface view
ip address dhcp-alloc
Use the ip address dhcp-alloc command to configure VLAN interface to obtain an IP address using
DHCP.
VLAN Interface view
ip host
Use the ip host command to configure a host name and the corresponding IP address for a switch.
System view
ip http acl
Use the ip http acl command to apply an ACL to filter Web users.
System view
User Interface view
ip-pool
Use the ip-pool command to configure a private IP address range for cluster members on the switch to
be set as the management device.
Cluster view
ip route-static
Use the ip route-static command to configure a static route.

Use the ip route-static command to configure a static route, whose validity depends on detecting results
as follows: valid when the detecting result is reachable or invalid when the detecting result is unreachable.
System view
Command Reference
ip route-static
Use the ip route-static command to configure a static route, whose validity depends on detecting results
as follows: valid when the detecting result is reachable or invalid when the detecting result is unreachable.
System view
jumboframe enable
Use this command to allow jumbo frames to pass through the Ethernet port.
Ethernet port view
key
Use the key command to specify a shared key for the RADIUS authentication/authorization packets or
accounting packets.
RADIUS Scheme view
lacp enable
Use the lacp enable command to enable the LACP protocol on the current port.
Ethernet Port view
lacp port-priority
Use the lacp port priority command to configure port priority value.
Ethernet Port view
lacp system-priority
Use the lacp system-priority command to configure system priority value.

System view
language-mode
Use the language-mode command to toggle between the language modes (that is, language environments)
of the command line interface (CLI) to meet your requirement.
User view
lcd
Use the lcd command to display the local work directory on the FTP client.
FTP Client view
level
Use the level command to set the priority level of the user.
Local User view
link-aggregation group description
Use the link-aggregation group description command to set a description for an aggregation group.
System view
link-aggregation group mode
Use the link-aggregation group mode command to create a manual or static aggregation group.
System view
local-server
Use the local-server command to configure the parameters of local RADIUS server.
System view
local-user
Use the local-user command to add a local user and enter local user view.
System view
local-user password-display mode
Use the local-user password-display-mode command to set the password display mode of all users.
System view
lock
Use the lock command to lock the current user interface and prevent unauthorized users from accessing it.
User view
logging-host
Use the logging-host command to configure a public logging host on the management device for member
devices.
Cluster view
loopback-detection control enable
Use the loopback-detection control enable command to enable loopback detection and control function
for Trunk ports and Hybrid ports.
Ethernet Port view
Command Reference
loopback-detection enable
Use the loopback-detection enable command to enable the loopback detection function globally or for
a specific port.
System view
Ethernet Port view
loopback-detection interval-time
Use the loopback-detection interval-time command to set the time interval for detecting the external
loopback for a port.
System view
loopback-detection per-vlan enable
Use the loopback-detection per-vlan enable command to configure the system to run loopback
detection on all VLANs for the Trunk and Hybrid ports.
Ethernet Port view
ls
Use the ls command to display the files in the specified directory.

SFTP Client view
ls
Use the ls command to display the information about a specified remote file.
FTP Client view
mac-address
Use the mac-address command to add/modify the MAC address table entry.
System view
Port view
mac-address max-mac-count
Use the mac-address max-mac-count command to configure the maximum number of MAC addresses an
Ethernet port can learn.
Ethernet Port view
Use the mac-address max-mac-count0 command to disable a switch from learning MAC address in a
VLAN.
VLAN view
mac-address multicast interface vlan
Use the mac-address multicast command to add a multicast MAC address entry.
System view
mac-address multicast vlan
Use the mac-address multicast vlan command to add a multicast MAC address entry.
Ethernet Port view
mac-address security
Use the mac-address security command to add Security MAC address manually.
Ethernet Port view
System view
mac-address timer
Use the mac-address timer command to set the aging time for dynamic MAC address entries.
System view
mac-authentication
Use the mac-authentication command to enable centralized MAC address authentication globally (current
device) or on specified ports.
System view
Ethernet Port view
mac-authentication authmode
Use the mac-authentication authmode command to set MAC address authentication mode.
System view
mac-authentication authpassword
Use the mac-authentication authpassword command to set a password for MAC address authentication
when the fixed mode is adopted.
System view
mac-authentication authusername
Use the mac-authentication authusername command to set a user name when a switch authenticates
users in fixed mode.
System view
Command Reference
mac-authentication domain
Use the mac-authentication domain command to configure an ISP domain for centralized MAC address
authentication users.
System view
mac-authentication timer
Use the mac-authentication timer command to configure the timers used in centralized MAC address
authentication.
System view
management-vlan
Use the management-vlan command to specify the management VLAN on the switch.
System view
management-vlan synchronization enable
Use the management-vlan synchronization enable command to enable the management VLANs of the
member devices of a cluster to be synchronized.
Cluster view
mdi
Use the mdi command to set port MDI attribute.

Ethernet Port view
messenger
Use the messenger time command to enable or disable the messenger alert and configure the related
parameters.
ISP Domain view
mirroring group
Use the mirroring-group command to configure the port mirroring group.

System view
mirroring-group mirroring-port
Use the mirroring-group mirroring-port command to configure the monitored port.

System view
mirroring-group reflector-port
Use the mirroring-group reflector-port command to configure a reflector port.

System view
mirroring-group remote-probe vlan
Use the mirroring-group remote-probe vlan command to specify the remote-probe VLAN for a given
mirroring group.
System view
mirroring-port
Use the mirroring-port command to configure a mirroring port.

Ethernet Port view
mkdir
Use the mkdir command to create a directory on the remote SFTP server.
SFTP Client view
mkdir
Use the mkdir command to create a directory in a specified directory of a specified storage device.
User view
mkdir
Use the mkdir command to create a directory on the remote SFTP server.
FTP Client view
monitor-port
Use the monitor-port command to configure the destination monitor port.

Ethernet Port view
more
Use the more command to display the content of a specified file.

User view
move
Use the move command to move a file to a specified directory. You can also assign a new name for the file.
User view
name
Use the name command to set a name for the assigned VLAN.
VLAN view
Command Reference
name
Use the name command to set a name for the assigned VLAN.
VLAN view
nas-ip
Use the nas-ip command to set the source IP address used by the switch to send RADIUS packets.
RADIUS Scheme view
ndp enable
Use the ndp enable command in system view to enable NDP globally on the switch. When being executed
in Ethernet port view, this command enables NDP for an Ethernet port.
System view
Ethernet Port view
ndp timer aging
Use the ndp timer aging command to set how long a device will hold the NDP packets received from the
local device. After the aging timer expires, the device will discard the received NDP neighbor node
information.
System view
ndp timer hello
Use the ndp timer hello command to define how often to transmit the NDP packets.
System view
nm-interface vlan-interface
Use the nm-interface vlan-interface command to configure an NMS interface of the management
device.
Cluster view
ntdp enable
Use the ntdp enable command in system view to enable NTDP globally. When being executed in Ethernet
port view, this command enables NTDP for an Ethernet port.
System view
Ethernet Port view
ntdp explore
Use the ntdp explore command to start topology information collection manually.
User view
ntdp hop
Use the ntdp hop command to set a range (in terms of hop count) for topology information collection.
System view
ntdp timer
Use the ntdp timer command to configure the interval to collect topology information.
System view
ntdp timer hop-delay
Use the ntdp timer hop-delay command to set the delay time for a switch to forward topology-collection
request packets.
System view
ntdp timer port-delay
Use the ntdp timer port-delay command to set the delay time for a switch to forward a received
topology-collection request packet through its successive ports.
System view
Use the ntdp timer port-delay command to set the delay time for a switch to forward a received
topology-collection request packet through its successive ports. A switch forwards received topology
request packets to all its ports in turn. After forwarding a received topology-collection request packet through
one port, the switch delays for specific period before it forwards the packet through the next port.
ntp-service access
Use the ntp-service access command to set the authority to access the local equipment.
System view
ntp-service authentication enable
Use the ntp-service authentication enable command to enable the NTP-service authentication
function.
System view
ntp-service authentication-keyid
Use the ntp-service authentication-keyid command to configure an NTP authentication key.

System view
Command Reference
ntp-service broadcast-client
Use the ntp-service broadcast-client command to configure an Ethernet switch to operate in NTP
broadcast client mode.
VLAN Interface view
ntp-service broadcast-server
Use the ntp-service broadcast-server command to configure NTP broadcast server mode.
VLAN Interface view
ntp-service in-interface disable
Use the ntp-service in-interface disable command to disable an interface to receive NTP message.
VLAN Interface view
ntp-service max-dynamic sessions
Use the ntp-service max-dynamic-sessions command to set how many sessions can be created locally.
System view
ntp-service multicast-client
Use the ntp-service multicast-client command to configure an Ethernet switch to operate in NTP
multicast client mode.
VLAN Interface view
ntp-service multicast-server
Use the ntp-service multicast-server command to configure an Ethernet switch to operate in NTP
multicast server mode.
VLAN Interface view
ntp-service reliable authentication-keyid
Use the ntp-service reliable authentication-keyid command to specify an authentication key to be

a trusted key.
System view
ntp-service source-interface
Use the ntp-service source-interface command to designate an interface to transmit NTP message.
System view
ntp-service unicast-peer
Use the ntp-service unicast-peer command to be an active NTP peer.

System view
ntp-service unicast-server
Use the ntp-service unicast-server command to configure an Ethernet switch to operate in NTP server
mode.
System view
open
Use the open command to establish a control connection with an FTP server.
FTP Client view
packet-filter
Use the packet-filter command to define the packet filter function in the QoS profile.
QoS Profile view
packet-filter
Use the packet-filter command to apply ACL rules on the port to filter packets.
Ethernet Port view
parity
Use the parity command to set the check mode of the user interface.
User Interface view
passive
Use the passive command to set the data transmission mode to be passive mode.
FTP Client view
password
Use the password command to configure or change the system login password for a user.
Local User view
password
Use the password command to set a password for the local users.
Local User View
peer-public-key end
Use the peer-public-key end command to return to system view from public key view.
Public Key view
Command Reference
ping
Use the ping command to check the IP network connection and the reachability of the host.
Any view
port
Using the port command, you can add one port or one group of ports to a VLAN.
VLAN view
port access vlan
Use the port access vlan command to assign the access port to a specified VLAN.
Ethernet Port view
port hybrid pvid vlan
Use the port hybrid pvid vlan command to configure the default VLAN ID of the hybrid port.
Ethernet Port view
port hybrid vlan
Use the port hybrid vlan command to add the port to the specified VLAN(s). The port needs to have been
made a hybrid port before you can do this. See the related command below.
Ethernet Port view
port isolate
Use the port isolate command to add an Ethernet port to the isolation group.
Ethernet Port view
port link-aggregation group
Use the port link-aggregation group agg_id command to add an Ethernet port to a manual or static
aggregation group.
Ethernet Port view
port link-type
Use the port link-type command to configure the link type of the Ethernet port.
Ethernet Port view
port-security enable
Use the port-security enable command to enable port security.

System view
port-security intrusion-mode
Use the port-security intrusion-mode command to set the action mode of the Intrusion Protection
feature.
Ethernet Port view
port-security max-mac-count
Use the port-security max-mac-count command to set the maximum number of MAC addresses allowed
to access the port.
Ethernet Port view
port-security ntk-mode
Use the port-security ntk-mode command to set the packet transmission mode of the Need to Know
(NTK) feature.
Ethernet Port view
port-security OUI
Use the port-security OUI command to set an OUI value for authentication.
System view
port-security port-mode
Use the port-security port-mode command to set the security mode of the port.
Ethernet Port view
port-security timer disableport
Use the port-security timer disableport command to set the time during which the system temporarily
disables a port.
System view
port-security trap
Use the port-security trap command to enable the sending of the specified type(s) of trap messages.
System view
port trunk pvid vlan
Use the port trunk pvid vlan command to configure the default VLAN ID for a trunk port.
Ethernet Port view
Command Reference
port trunk permit vlan
Use the port trunk permit vlan command to add a trunk port to one VLAN, a selection of VLANs, or all
VLANs.
Ethernet Port view
primary accounting
Use the primary accounting command to set the IP address and port number for the primary accounting
server.
RADIUS Scheme view
primary authentication
Use the primary authentication command to configure the IP address and port number for the primary
RADIUS authentication/authorization server.
RADIUS Server Group view
priority
Use the priority command to set the priority of Ethernet port.

Ethernet Port view
priority trust
Use the priority trust command to configure the precedence mapping mode on the port of the switch.
Ethernet Port view
protocol inbound
Use the protocol inbound command to configure the protocols supported in the current user interface.
VTY User Interface view
protocol inbound
Use the protocol inbound command to specify the protocols supported by the user interface.
User Interface view
protocol-priority protocol-type
Use the protocol-priority command to set the global traffic priority that applies to a given protocol.
System view
Use the public-key-code begin command to enter public key edit view and input the client public key.
Public Key view
Use the public-key-code begin command to enter public key edit view and set server public keys.
Public Key view
public-key-code end
Use the public-key-code end command to return from public key edit view to public key view and save the
public keys you set.
Public Key Edit view
public-key-code end
Use the public-key-code end command to return from public key edit view to public key view and save the
public keys you set.
Public Key Edit view
put
Use the put command to upload a local file to the remote SFTP server.
SFTP Client view
put
Use the put command to upload a local file to the remote FTP server.
FTP Client view
pwd
Use the pwd command to display the current directory on the SFTP server.
SFTP Client view
pwd
Use the pwd command to display the current path. If the current path is not configured, an error occurs when
you execute this command.
User view
pwd
Use the pwd command to display the current directory on the remote FTP Server.
FTP Client view
Command Reference
qos cos-drop-precedence-map
Use the qos cos-drop-precedence-map command to configure the "COS->Drop-precedence" mapping

relationship.
System view
qos cos-dscp-map
Use the qos cos-dscp-map command to configure the "COS->DSCP" mapping relationship.
System view
qos cos-local-precedence-map
Use the qos cos-local-precedence-map command to configure the "COS->Local-precedence" mapping

relationship.
System view
qos dscp-cos-map
Use the qos dscp-cos-map command to configure the "COS->802.1p priority" mapping relationship.
System view
qos dscp-drop-precedence-map
Use the qos dscp-drop-precedence-map command to configure the "DSCP->Drop-precedence" mapping

relationship.
System view
qos dscp-dscp-map
Use the qos dscp-dscp-map command to configure the "DSCP->DSCP" mapping relationship.
System view
qos dscp-local-precedence-map
Use the qos dscp-local-precedence-map command to configure the "DSCP->Local-precedence"

System view
qos-profile
Use the qos-profile command to create a QoS profile and enter the corresponding view.
System view
qos-profile port-based
Use the qos-profile port-based command to configure the port-based application mode of QoS profiles
on ports.
Ethernet Port view
queue-scheduler
Use the queue-scheduler command to set the queue-scheduling algorithm and parameters.
System view
quit
Use the quit command to terminate the connection to the remote SSH server.
User view
quit
Use the quit command to terminate the connection to the remote SFTP server and exit to system view.
SFTP Client view
quit
Use the quit command to terminate FTP control connection and FTP data connection and quit to user view.
This command has the same effect as that of the bye command.
FTP Client view
quit
Use the quit command to return from current view to lower level view, or exit the system if current view is
user view.
Any view
radius nas-ip
Use the radius nas-ip command to set the source IP address used by the switch to send RADIUS packets.
System view
radius-scheme
Use the radius-scheme command to specify the RADIUS scheme to be used by the current ISP domain.
ISP Domain view
radius scheme
Use the radius scheme command to create a RADIUS scheme and enter its view.
System view
Command Reference
radius trap
Use the radius trap command to enable the switch to send trap messages when its RADIUS
authentication or accounting server turns down.
System view
reboot
Use the reboot command to restart an Ethernet switch.

User view
reboot member
Use the reboot member command to reboot a specified member device on the management device.
Cluster view
region-name
Use the region-name command to set an MST region name to a switch.

MST Region view
remote-probe vlan
Use the remote-probe vlan enable command to enable the remote-probe port mirror port feature on the
VLAN of the switch.
VLAN view
remotehelp
Use the remotehelp command to display help information about the FTP protocol command.
FTP Client view
remove
Use the remove command to delete the specified file from the server.
SFTP Client view
rename
Use the rename command to change the name of the specified file on the SFTP server.
SFTP Client view
rename
Use the rename command to rename a file or a directory. If the target file name or directory name is the
same with any existing file name or directory name, you will fail to rename a file.
User view
rename
Use the rename command to rename a file on a remote host.

FTP Client view
reset arp
Use the reset arp command to remove information that is no longer required from the ARP mapping table.
User view
reset counters interface
Use the reset counters interface command to clear the statistics of the port, preparing for a new
statistics collection.
User view
reset dot1x statistics
Use the reset dot1x statistics command to clear the statistics of 802.1x.
User view
reset garp statistics
Use the reset garp statistics command to clear the GARP statistics (such as the information about the
packets received/sent/discarded by GVRP/GMRP) on specified (or all) ports.
User view
reset igmp-snooping statistics
Use the reset igmp-snooping statistics command to clear the IGMP Snooping statistics.
User view
reset ip statistics
Use the reset ip statistics command to clear the IP statistics information.

User view
reset logbuffer
Use the reset logbuffer command to clear information in the log buffer.
User view
reset ndp statistics
Use the reset ndp statistics command to reset the NDP counters to clear the NDP statistics.
User view
Command Reference
reset radius statistics
Use the reset radius statistics command to clear the statistics information about the RADIUS protocol.
User view
reset recycle-bin
Use the reset recycle-bin command to completely delete file(s) in the recycle bin in the Flash.
User view
reset saved-configuration
Use the reset saved-configuration command to delete the configuration file that is of the specified
attribute from the Flash, including the main and backup configuration files to be used when the switch starts
the next startup.
User view
reset stop-accounting-buffer
Use the reset stop-accounting-buffer command to delete the buffered no-response stop-accounting
request packets.
User view
reset stp
Use the reset stp command to clear the STP statistics of specified Ethernet ports.
User view
reset tcp statistics
Use the reset tcp statistics command to clear the TCP statistics information.
User view
reset traffic-limit
Use the reset traffic-limit command to clear the statistics of the traffic policing matching with the
specified ACL rules.
Ethernet Port view
reset traffic-statistic
Use the reset traffic-statistic command to clear the traffic statistics of the packets matching with the
specified ACL rules.
Ethernet Port view
reset trapbuffer
Use the reset trapbuffer command to clear information in the trap buffer.
User view
retry
Use the retry command to set the maximum number of transmission attempts of RADIUS requests.
Detecting Group view
retry realtime-accounting
Use the retry realtime-accounting command to set the maximum allowed number of continuous
no-response real-time accounting requests.
RADIUS Scheme view
retry stop-accounting
Use the retry stop-accounting command to set the maximum number of transmission attempts of the
stop-accounting requests buffered due to no response.
RADIUS Scheme view
return
Use the return command to return to user view from any other view.
System view or higher level views
revision-level
Use the revision-level command to set the MSTP revision level for a switch.
MST Region view
rmdir
Use the rmdir command to delete the specified directory from the remote SFTP server.
SFTP Client view
rmdir
Use the rmdir command to delete a directory.

User view
Because only empty directories can be deleted, you need to delete the files in a directory before deleting it.
Command Reference
rmdir
Use the rmdir command to delete the specified directory from the remote FTP server.
FTP Client view
You can only use this command to remove directories that are empty.
rmon alarm
Use the rmon alarm command to add an entry to the alarm table.
System view
rmon event
Use the rmon event command to add an entry to the event table.
System view
rmon history
Use the rmon history command to add an entry to the history control table.
Ethernet Port view
rmon prialarm
Use the rmon prialarm command to add an entry to the extended RMON alarm table.
System view
rmon statistics
Use the rmon statistics command to add an entry to the statistic table.
Ethernet Port view
rsa local-key-pair create
Use the rsa local-key-pair create command to generate RSA key pairs, whose names are in the format
of switch name plus _host, for example, S4200G_host.
System view
rsa local-key-pair destroy
Use the rsa local-key-pair destroy command to destroy all existing RSA key pairs at the server end.
System view
rsa peer-public-key
Use the rsa peer-public-key command to enter public key view.

System view
rsa peer-public-key
Use the rsa peer-public-key command to enter public key view.

System view
rule (Advanced ACL)
Use the rule command to define an ACL rule.

Advanced ACL view
rule (Basic ACL)

Basic ACL view
rule comment
Use the rule comment command to define the comment string for an ACL rule.
Advanced ACL view / Layer 2 ACL view
rule (Layer 2 ACL)

Layer 2 ACL view
save
Use the save command to save the current configuration to a configuration file in the flash memory.
Any view
schedule reboot at
Use the schedule reboot at command to schedule a reboot on the current switch and set the reboot date
and time.
User view
schedule reboot delay
Use the schedule reboot delay command to schedule a reboot on the switch, and set the reboot waiting
delay.
User view
scheme
Use the scheme command to configure the AAA scheme to used by the current ISP domain.
ISP Domain view
Command Reference
screen-length
Use the screen-length command to set the number of lines the terminal screen can contain.
User Interface view
secondary accounting
Use the secondary accounting command to set the IP address and port number of the secondary RADIUS
accounting server.
RADIUS Scheme view
secondary authentication
Use the secondary authentication command to set the IP address and port number of the secondary
RADIUS authentication/authorization server.
RADIUS Scheme view
security-policy-server
Use the security-policy-server command to set the IP address of a security policy server.
RADIUS Scheme view
self-service-url
Use the self-service-url command to either enable or disable the self-service server location function.
ISP Domain view
send
Use the send command to send messages to a specified user interface or all user interfaces.
User view
server-type
Use the server-type command to configure the RADIUS server type supported by the Switch.
RADIUS Scheme view
service-type
Use the command service-type to authorize a user access to the specified services.
Local User view
service-type
Use the service-type command to specify the login type and the corresponding available command level.
Local User view
service-type multicast
Use the service-type multicast command to set the current VLAN as a multicast VLAN.
VLAN view
set authentication password
Use the set authentication password command to set the local password.
User Interface view
sftp
Use the sftp command to establish a connection to the SFTP server and enter SFTP client view.
System view
sftp server enable
Use the sftp server enable command to enable the secure FTP (SFTP) server.
System view
sftp time-out
Use the sftp time-out command to set the timeout time for the SFTP user connection.
System view
shell
Use the shell command to make terminal services available for the user interface.
User Interface view
shutdown
Use the shutdown command to disable an Ethernet port.

Ethernet Port view
shutdown
Use the shutdown command to disable the VLAN interface.

VLAN Interface view
smarton
Use the smarton command to enable the SmartOn function for an Ethernet port with supplicant systems
attached.
Ethernet Port view
Command Reference
smarton password
Use the smarton password command to set the password to be used by the SmartOn function.
System view
smarton switchid
Use the smarton switchid command to set the switch ID.

System view
smarton timer
Use the smarton timer command to set the supplicant timeout timer for SmartOn-enabled supplicant
systems.
System view
snmp-agent
Use the snmp-agent command to enable SNMP Agent.

System view
Use the snmp-agent community command to set a community name and to enable users to access the
switch through SNMP. You can also optionally use this command to apply an ACL to filter network
management users.
System view
Use the snmp-agent community command to set the community access name and enable access to SNMP.
System view
snmp-agent group
Use the snmp-agent group command to configure a SNMP group. You can also optionally use this
command to apply an ACL to filter network management users.
System view
snmp-agent group
Use the snmp-agent group command to configure a new SNMP group, that is, to map SNMP user to SNMP
view.
snmp-agent local-engineid
Use the snmp-agent local-engineid command to set the engine ID of the local SNMP entity.
System view
snmp-agent log
Use the snmp-agent log command to enable the logging function for network management.
System view
snmp-agent mib-view
Use the snmp-agent mib-view command to create or update the view information, limiting the MIB objects
to be accessed by the NMS.
System view
snmp-agent packet max-size
Use the snmp-agent packet max-size command to set the maximum size of SNMP packet that the Agent
can send/receive.
System view
snmp-agent sys-info
Use the snmp-agent sys-info command to configure system information such as geographical location of
the device, contact information for system maintenance and version information of running SNMP.
System view
snmp-agent target-host
Use the snmp-agent target-host command to command to configure destination of SNMP Trap packets.
System view
snmp-agent trap enable
Use the snmp-agent trap enable command to enable the device to send Trap packets.
System view
snmp-agent trap life
Use the snmp-agent trap life command to set aging time for Trap packets.
System view
snmp-agent trap queue-size
Use the snmp-agent trap queue-size command to configure the information queue length of a Trap packet
sent to the destination host.
System view
Command Reference
snmp-agent trap source
Use the snmp-agent trap source command to configure the source address for sending Trap messages.
System view
snmp-agent usm-user
Use the snmp-agent usm-user command to add a new community name or, if you use the V3 parameter,
a new user to an SNMP group.
System view
snmp-agent usm-user
Use the snmp-agent usm-user command to add a new user to an SNMP group. You can also optionally
use this command to apply an ACL to filter network management users.
System view
snmp-agent usm-user
Use the snmp-agent usm-user command to add a new user to an SNMP group.
System view
snmp-agent usm-user
Use the snmp-agent usm-user command to add a new community name or, if you use the V3 parameter,
a new user to an SNMP group.
System view
snmp-host
Use the snmp-host command to configure an SNMP host for the member devices inside a cluster on the
management device.
Cluster view
speed
Use the speed command to set the transmission speed of the user interface.
User Interface view
speed
Use the speed command to configure the port rate.

Ethernet Port view
ssh client assign rsa-key
Use the ssh client assign rsa-key command to specify on the client the public key for the server to be
connected to guarantee the client can be connected to a reliable server.
System view
ssh client first-time enable
Use the ssh client first-time enable command to configure the client to run the initial authentication.
System view
ssh server authentication-retries
Use the ssh server authentication-retries command to set authentication retry number for SSH
connections.
System view
ssh server timeout
Use the ssh server timeout command to set authentication timeout time for SSH connections.
System view
ssh user assign rsa-key
Use the ssh user assign rsa-key command to allocate public keys to SSH users.
System view
ssh user authentication-type
Use the ssh user authentication-type command to define on the server the available authentication type
for an SSH user.
System view
ssh user service-type
Use the ssh user service-type command to specify service type for a user.
System view
ssh2
Use the ssh2 command to enable the connection between SSH client and server, define key exchange
algorithm preference, encryption algorithm preference and HMAC algorithm preference on the server and
client.
System view
Command Reference
startup bootrom-access enable
Use the startup bootrom-access enable command to specify a switch to prompt for the customized
password before entering the BOOT menu.
User view
startup saved-configuration
Use the startup saved-configuration command to specify the main or backup configuration file for a
switch to start the next time.
User view
state
Use the state command to configure the state of the current ISP domain/current user.
ISP Domain view
Local User view
RADIUS view
state
Use the state command to configure the state of RADIUS server.

RADIUS Scheme view
stop-accounting-buffer enable
Use the stop-accounting-buffer enable command to enable the switch to buffer the stop-accounting
requests that bring no response.
RADIUS Scheme view
stopbits
Use the stopbits command to set the stop bits of the user interface.
User Interface view
stp
Use the stp command to enable or disable MSTP globally or for a port.
System view
Ethernet Port view
stp bpdu-protection
Use the stp bpdu-protection command to enable the BPDU protection function.
System view
stp bridge-diameter
Use the stp bridge-diameter command to set the network diameter of a switched network, which is
represented in terms of the maximum number of switches between any two terminals in a switched network.
System view
stp config-digest-snooping
Use the stp config-digest-snooping command to enable the digest snooping feature.
Ethernet Port view
stp cost
Use the stp cost command to set the path cost of a port in a spanning tree instance.
Ethernet Port view
stp edged-port
Use the stp edged-port command to configure the current Ethernet port as either an edge port or a
non-edge port.
Ethernet Port view
stp interface
Use the stp interface command in system view to enable or disable MSTP for specified ports.
System view
stp interface config-digest-snooping
Use the stp interface config-digest-snooping command to enable the digest snooping feature.
System view
stp interface cost
Use the stp interface cost command to set the path cost of specified ports in a specified spanning tree
instance.
System view
stp interface edged-port
Use the stp interface edged-port command to configure the specified Ethernet ports to be either edge
ports or non-edge ports.
System view
Command Reference
stp interface loop protection
Use the stp interface loop-protection command to enable the loop prevention function.
System view
stp interface mcheck
Use the stp interface mcheck command to perform the mCheck operation for specified ports.
System view
stp interface no-agreement-check
Use the stp interface no-agreement-check command to enable the rapid transition feature on a specified
port.
System view
stp interface point-to-point
Use the stp interface point-to-point command to specify whether the specified Ethernet ports are
point-to-point links.
System view
stp interface port priority
Use the stp interface port priority command to set the port priority of specified ports in a spanning
tree instance.
System view
stp interface root-protection
Use the stp interface root-protection command to enable the root protection function for specified
ports.
System view
stp interface transmit-limit
Use the stp interface transmit-limit command to set the maximum number of BPDUs that each
specified port can send within a Hello time interval.
System view
stp loop-protection
Use the stp loop-protection command to enable the loop prevention function for the current port.
Ethernet Port view
stp max-hops
Use the stp max-hops command to set the maximum hop count of the MST region to which the switch
belongs.
System view
stp mcheck
Use the stp mcheck command to perform the mCheck operation for the current port.
Ethernet Port view
System view
stp mode
Use the stp mode command to set the MSTP operation mode of the switch.
System view
stp no-agreement-check
Use the stp no-agreement-check command to enable the rapid transition feature on the current port.
Ethernet Port view
stp pathcost-standard
Use the stp pathcost-standard command to set the standard used for calculating the default path costs
of ports.
System view
stp point-to-point
Use the stp point-to-point command to specify whether the port must connect to point-to-point link.
Ethernet Port view
stp port priority
Use the stp port priority command to set the priority of the current port in a specified spanning tree
instance.
Ethernet Port view
stp priority
Use the stp priority command to set the priority of a switch in a spanning tree instance.
System view
Command Reference
stp region-configuration
Use the stp region-configuration command to enter MST region view.

System view
stp root primary
Use the stp root primary command to configure the current switch to be the root bridge of a specified
spanning tree instance.
System view
stp root-protection
Use the stp root-protection command to enable the root protection function for the current port.
Ethernet Port view
stp root secondary
Use the stp root secondary command to configure the current switch as a secondary root bridge of a
specified spanning tree instance.
System view
stp tc-protection
Use the stp tc-protection command to enable or disable the TC-BPDU attack prevention function for
the switch.
System view
stp timer-factor
Use the stp timer-factor command to set the timeout time of a switch in terms of the multiple of the Hello
time.
System view
stp timer forward-delay
Use the stp timer forward-delay command to set the Forward delay for a switch.
System view
stp timer hello
Use the stp timer hello command to set the Hello time for a switch.
System view
stp timer max-age
Use the stp timer max-age command to set the maximum age of a switch.
System view
stp transmit-limit
Use the stp transmit-limit command to set the maximum number of configuration BPDUs the current
port can transmit within a Hello time.
Ethernet Port view
super
Use the super command to switch the current user level to the one identified by the level argument.
User view
super password
Use the super password command to set the password for users to switch to a higher user level.
System view
sysname
Use the sysname command to set a domain name for the switch.
System view
sysname
Use the sysname command to set the system name of the Switch.
System view
system-view
Enter system-view to enter the system view from the user view.
User view
tcp timer fin-timeout
Use the tcp timer fin-timeout command to configure the TCP finwait timer.
System view
tcp timer syn-timeout
Use the tcp timer syn-timeout command to configure the TCP synwait timer.
System view
Command Reference
tcp window
Use the tcp window command to configure the size of the transmission and receiving buffers of the
connection-oriented socket.
System view
telnet
Use the telnet command to log in to another Ethernet switch from the current switch via Telnet for remote
management.
User view
terminal debugging
Use the terminal debugging command to configure to display the debugging information on the terminal.
User view
terminal debugging
Use the terminal debugging command to configure to display the debugging information on the terminal.
User view
terminal logging
Use the terminal logging command to enable log terminal display.

User view
terminal monitor
Use the terminal monitor command to enable the debug/log/trap terminal display function.
User view
terminal trapping
Use the terminal trapping command to enable terminal trap information display.
User view
tftp
Use the tftp command to set the TFTP data transfer mode.
System view
tftp cluster get
Use the tftp cluster get command to download a specified file from a cluster TFTP server.
User view
tftp cluster put
Use the tftp put command to upload a specified file to a specified directory of a cluster TFTP server.
User view
tftp get
Use the tftp get command to download a file from a TFTP server to this switch.
User view
tftp put
Use the tftp put command to upload a file from the switch to the specified directory on the TFTP server.
User view
tftp-server
Use the tftp-server command to configure a TFTP server for cluster members on the management
device.
Cluster view
tftp-server acl
Use the tftp-server acl command to specify the ACL (Access Control List) adopted for the connection
between a TFTP client and a TFTP server.
System view
time-range
Use the time-range command to define a time range.

System view
timer
Use the timer command to set the interval to send handshake packets.
Cluster view
timer
Use the timer command to set the response timeout time of RADIUS server (that is, the timeout time of the
response timeout timer of RADIUS server).
RADIUS Scheme view
timer quiet
Use the timer quiet command to set the wait time for the primary server to restore the active state.
RADIUS Scheme view
Command Reference
Use the timer realtime-accounting command to set the real-time accounting interval.
RADIUS Scheme view
timer response-timeout
Use the timer response-timeout command to set the response timeout time of RADIUS servers.
RADIUS Scheme view
topology accept
Use the topology accept command to confirm the current topology information of the cluster and save that
as a standard topology.
Cluster view
topology restore-from
Use the topology restore-from command to obtain and restore the standard topology information from
the local flash.
Cluster view
topology save-to
Use the topology save-to command to save the standard topology information into the local flash.
Cluster view
tracemac
Use the tracemac command to locate a device by MAC address or IP address.

Any view
tracert
Use the tracert command to trace the gateways the test packets passes through during its journey from
the source to the destination.
Any view
The tracert command is primarily used to check the network connectivity. It can also help you locate the
trouble spot of the network.
traffic-limit
Use the traffic-limit command to use ACL rules in traffic identifying and traffic policing for the packet
matching with the ACL rules and to set traffic policing parameters.
Ethernet Port view
traffic shape
Use the traffic-shape command to enable traffic shaping and send the packets out at an even rate.
Ethernet Port view
traffic-statistic
Use the traffic-statistic command to use ACL rules in traffic identifying and perform traffic statistics on
the packets matching with the ACL rules.
System view
udp-helper enable
Use the udp-helper enable command to enable the UDP Helper function.
System view
udp-helper port
Use the udp-helper port command to configure the UDP port with relay function.
System view
udp-helper server
Use the udp-helper server command to configure the relay destination server for UDP broadcast packets.
VLAN Interface view
undelete
Use the undelete command to restore a deleted file.

User view
user
Use the user command to switch to a specified user.

FTP Client view
After logging into an FTP server, you can switch to another user by using the user command.
user-interface
Using user-interface command to enter one or more user interface views to perform configuration.
System view
user-name-format
Use the user-name-format command to set the format of the user names to be sent to RADIUS server.
RADIUS Scheme view
Command Reference
user privilege level
Use the user privilege level level command to configure the command level that a user can access
from the specified user interface.
User Interface view
verbose
Use the verbose command to enable the verbose function, which displays execution and response
information of other related commands.
FTP Client view
virtual-cable-test
Use the virtual-cable-test command to enable the system to test the cable connected to a specific port
and to display the results.
Ethernet Port view
vlan
Use the vlan command to enter the VLAN view.

System view
vlan-assignment-mode
Use the vlan-assignment-mode command to set the VLAN assignment mode on the switch.
ISP Domain view
vlan-mapping modulo
Use the vlan-mapping modulo command to map VLANs to specific spanning tree instances.
MST Region view
vlan-vpn enable
Use the vlan-vpn enable command to enable the VLAN-VPN function for a port.
Ethernet Port view
vlan-vpn tpid
Use the vlan-vpn tpid command to set a TPID value for a port. The setting takes effect only when the
VLAN-VPN or VLAN-VPN uplink function is enabled.
Ethernet Port view
vlan-vpn tunnel
Use the vlan-vpn tunnel command to enable the BPDU tunnel function.
System view
vlan-vpn uplink enable
Use the vlan-vpn uplink enable command to configure a port to be a VLAN-VPN uplink port.
Ethernet Port view
voice vlan
Use the voice vlan command to enable the voice VLAN function globally.
System view
voice vlan aging
Use the voice vlan aging command to set the aging time for a voice VLAN.
System view
voice vlan enable
Use the voice vlan enable command to enable the voice VLAN function for a port.
Ethernet Port view
voice vlan mac-address
Use the voice vlan mac-address command to set a MAC address used for a voice VLAN to identify voice
devices.
System view
voice vlan mode
Use the voice vlan mode auto command to configure an Ethernet port to operate in the automatic voice
VLAN mode.
Ethernet Port view
voice vlan security enable
Use the voice vlan security enable command to enable the voice VLAN security mode.
System view

Comando Switch 3com 4200 PDF

Transféré par

Informations du document

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Comando Switch 3com 4200 PDF

Transféré par

Droits d'auteur :

Formats disponibles

3Com® Switch 4200G Family

Command Reference Guide

ABOUT THIS GUIDE

ALPHABETICAL LISTING OF COMMANDS

Intended Readership The manual is intended for the following readers:

Conventions This manual uses the following conventions:

Icon Notice Type Description

Caution Information that alerts you to potential loss of data or

Table 2 Text conventions

Example 3: in the command header [shell | incoming | login]

Alphebetical Listing of This section lists all commands in alphabetical order.

Commands The commands in this document are listed in alphabetical order.

Syntax access-limit { disable | enable max-user-number }

View This command can be used in the following views:

■ ISP Domain view

Use the undo accounting command to cancel the accounting scheme

Syntax accounting { none | radius-scheme radius-scheme-name }

Parameters none Specifies not to perform accounting.

Default By default, no accounting scheme is configured for the ISP domain.

View This command can be used in the following views:

■ ISP Domain view

Related Command ■ scheme

Syntax accounting domain domain-name

undo accounting domain

Parameters domain-name Name of a domain, consisting of a string from 1 to 24

Example Enter system view.

Enter DHCP address pool view.

[S4200G] dhcp server ip-pool test

[S4200G-dhcp-pool-test] accounting domain 123

View This command can be used in the following views:

■ DHCP Address Pool view

Use the undo accounting-on enable command to disable user

Use the undo accounting-on interval command to restore the default

Syntax accounting-on enable [ send times | interval interval ]

undo accounting-on { enable | send | interval }

Parameters times Specifies the number of times to attempt sending the

Default By default, this feature is disabled.

View This command can be used in the following views:

■ RADIUS Scheme view

■ The switch generates an Accounting-On packet, which mainly contains the

Related Command nas-ip

Use the undo accounting optional command to close the accounting-optional

Syntax accounting optional

undo accounting optional

Default By default, the accounting-optional switch is closed.

View This command can be used in the following views:

■ ISP Domain view

Syntax acl acl-number { inbound | outbound }

undo acl { inbound | outbound }

Parameters acl-number The number identifier of basic and advanced

View This command can be used in the following views:

■ User Interface view

Syntax acl number acl-number [ match-order { config | auto } ]

undo acl { number acl-number | all }

Default By default, the ACLs are matched in config order.

View This command can be used in the following views:

An ACL supports the following types of match orders:

The "depth-first" ordering of rules in IP ACLs (basic and advanced ACLs) is

Related Command rule

Purpose Use the active region-configuration command to activate the settings of

Syntax active region-configuration

Example To activate the MST region settings, enter the following:

View This command can be used in the following views: