Page 1 M6100 Series Switches CLI Com man d Re ference M anua l Sof tware Version 1 0.2.0 September 2014 202-11457-02 350 East Plumeria Drive San Jose, CA 95134...
Page 2 See the regulatory compliance document before connecting the power supply. Trademarks NETGEAR, the NETGEAR logo, and Connect with Innovation are trademarks and/or registered trademarks of NETGEAR, Inc. and/or its subsidiaries in the United States and/or other countries. Information is subject to change without notice.
Page 3: Table Of Contents
Contents Chapter 1 About the NETGEAR Managed Switch Software Scope............. . . 9 Product Concept .
Page 4 M6100 Series Switches Access Commands........... 76 User Account Commands .
Page 5 M6100 Series Switches GARP Commands........... 389 GVRP Commands .
Page 6 M6100 Series Switches IP Helper Commands..........694 Open Shortest Path First Commands .
Page 7 PoE Commands ...........1143 Chapter 17 NETGEAR Managed Switch Software Log Messages Core .
Page 8: Chapter 1 About The Netgear Managed Switch Software
About the NETGEAR Managed Switch Software The NETGEAR Managed Switch software has two purposes: • Assist attached hardware in switching frames, based on Layer 2, 3, or 4 information contained in the frames. • Provide a complete device management portfolio to the network administrator.
Page 9: Scope
The price of the technology continues to decline, while performance and feature sets continue to improve. Devices that are capable of switching Layers 2, 3, and 4 are increasingly in demand. NETGEAR Managed Switch software provides a flexible solution to these ever-increasing needs.
Page 10: Chapter 2 Using The Command-Line Interface
Using the Command-Line Interface The command-line interface (CLI) is a text-based way to manage and monitor the system. You can access the CLI by using a direct serial connection or by using a remote logical connection with telnet or SSH. This chapter describes the CLI syntax, conventions, and modes.
Page 11: Command Syntax
[gateway] the parameter. The CLI Command Reference Manual M6100 Series Switches lists each command by the command name and provides a brief description of the command. Each command reference also contains the following information: •...
Page 12: Common Parameter Values
M6100 Series Switches Common Parameter Values Parameter values might be names (strings) or numbers. To use spaces as part of a name parameter, enclose the name value in double quotes. For example, the expression “System Name with Spaces” forces the system to accept the spaces. Empty strings (““) are not valid user-defined strings.
Page 13: Unit/Slot/Port Naming Convention
M6100 Series Switches unit/slot/port Naming Convention NETGEAR Managed Switch software references physical entities such as cards and ports by using a unit/slot/port naming convention. The NETGEAR Managed Switch software also uses this convention to identify certain logical entities, such as Port-Channel interfaces.
Page 14: Using The No Form Of A Command
Q to stop pagination, or press any other key to advance a whole page. These keys are not configurable. Note: Although some NETGEAR Managed Switch show commands already support pagination, the implementation is unique per command and not generic to all commands.
Page 15 Script file name for writing active configuration. Show all the running configuration on the switch. interface Display the running configuration for specificed interface on the switch. (NETGEAR Switch) #show running-config | ? begin Begin with the line that matches exclude Exclude lines that matches...
Page 16: Chapter 3 Netgear Managed Switch Software Modules
NETGEAR Managed Switch Software Modules NETGEAR Managed Switch software consists of flexible modules that can be applied in various combinations to develop advanced Layer 2/3/4+ products. The commands and command modes available on your switch depend on the installed modules. Additionally, for some show commands, the output fields might change based on the modules included in the NETGEAR Managed Switch software.
Page 17: Command Modes
The CLI groups commands into modes according to the command function. Each of the command modes supports specific NETGEAR Managed Switch software commands. The commands in one mode are not available until you switch to that particular mode, with the exception of the User EXEC mode commands.
Page 18 Peer Template Contains the BGP peer template (Config-rtr-tmplt)# Config configuration commands. MAC Access-list Switch (Config-mac-access-list)# Allows you to create a MAC Access-List and Config to enter the mode containing MAC Access-List configuration commands. NETGEAR Managed Switch Software Modules...
Page 19 To exit to the Privileged EXEC mode, enter exit, or press Ctrl-Z. configure. VLAN Config From the Privileged EXEC mode, enter To exit to the Privileged EXEC mode, enter exit, or press Ctrl-Z. vlan database. NETGEAR Managed Switch Software Modules...
Page 20 To exit to the Global Config mode, enter exit. Config class-map, and specify the optional To return to the Privileged EXEC mode, enter keyword ipv4 to specify the Layer 3 Ctrl-Z. protocol for this class. See class-map page 1005 for more information. NETGEAR Managed Switch Software Modules...
Page 21 Ctrl-Z. DHCPv6 Pool From the Global Config mode, enter To exit to the Global Config mode, enter exit. Config To return to the Privileged EXEC mode, enter ip dhcpv6 pool pool-name. Ctrl-Z. NETGEAR Managed Switch Software Modules...
Page 22: Command Completion And Abbreviation
Indicates that you did not enter the required keywords or values. Command not found / Incomplete command. Use ? to list commands. Indicates that you did not enter enough letters to uniquely identify the Ambiguous command command. NETGEAR Managed Switch Software Modules...
Page 23: Cli Line-Editing Conventions
Prints last deleted character. Ctrl-Q Enables serial flow. Ctrl-S Disables serial flow. Ctrl-Z Return to root command prompt. Tab, <SPACE> Command-line completion. Exit Go to next lower command prompt. List available commands, keywords, or parameters. NETGEAR Managed Switch Software Modules...
Page 24: Using Cli Help
Select DHCP, BootP, or None as the network config protocol. If the help output shows a parameter in angle brackets, you must replace the parameter with a value. (NETGEAR Switch) #network parms ? <ipaddr> Enter the IP Address. none Reset IP address and gateway on management interface...
Page 25: Accessing The Cli
You can set the network configuration information manually, or you can configure the system to accept these settings from a BootP or DHCP server on your network. For more information, see Network Interface Commands on page 47. NETGEAR Managed Switch Software Modules...
Page 26: Chapter 4 Chassis Commands
Chassis Commands This chapter describes the chassis commands available in the NETGEAR Managed Switch CLI. The Chassis Commands chapter includes the following sections: • General Chassis Commands • Backplane Port Commands • Chassis Firmware Synchronization Commands • Nonstop Forwarding Commands The commands in this chapter are in one of two functional groups: •...
Page 27: Chassis-Status Sample-Mode
M6100 Series Switches General Chassis Commands This section describes the commands you use to configure the chassis. chassis This command sets the mode to Chassis Global Config. Format chassis Mode Chassis Global Config chassis-status sample-mode This command set the global status management mode.
Page 28 M6100 Series Switches no member This command removes a blade from the chassis. The unit is the identifier of the blade to be removed from the chassis. You execute this command on the primary management blade. Format no member unit...
Page 29: Set Slot Disable
M6100 Series Switches no slot This command removes configured information from an existing slot in the system. Format no slot unit/slot cardindex Mode Global Config Note: Card index can be obtained by executing show supported cardtype command in User EXEC mode.
Page 30: Show Supported Cardtype
M6100 Series Switches Use this command when installing or removing cards. If a card or other module is present in this slot, the power mode is applied to the contents of the slot. If the slot is empty, the power mode is applied to any card inserted into the slot.
Page 31: Show Chassis
M6100 Series Switches If you supply a value for cardindex, the following output appears: Term Definition Card Type The 32-bit numeric card type for the supported card. Model Identifier The model identifier for the supported card type. Card Description The description for the supported card type.
Page 32 M6100 Series Switches Command example: (NETGEAR Switch) #show chassis Management Plugged-in Serial Switch Version Admin Unit Role Model ID Number Status Code State Card ------ ---------- ------------ ------------- ------------- ----------- ------- -------- Primary XCM8944-PoE+ 33J1245WF0021 5.26.23.31 Enable XCM89P Oper Standby...
Page 33 Status Serial Number The serial number for the blade. Up Time The system up time. Command example: (NETGEAR Switch) #show chassis 1 Switch......1 Management Status....Management Switch Hardware Management Preference..Unassigned Admin Management Preference..15 Admin State....... Enable Power State....... Enable Switch Type.......
Page 34: Show Chassis Watchdog
POE D-card PoE FW version..SFS Last Attempt Status... None Serial Number..... 33J1245WF0022 Up Time......4 days 21 hrs 52 mins 41 secs Command example: (NETGEAR Switch) #show chassis 3 Switch......3 Management Status....Chassis Member Hardware Management Preference..Unassigned Admin Management Preference..Disabled Admin State.......
Page 35: Show Supported Switchtype
Sequence numbers in the discovery messaged determine loss. Format chassis-status unit [unit | all] [clear] Mode User EXEC Command example: (NETGEAR Switch) #show chassis-status 1 Chassis Unit 1 Status Unit Current Average Dropped 2000 2000...
Page 36: Show Backplane-Port
M6100 Series Switches If you supply a value for switchindex, the following output appears: Term Definition Switch Type The 32-bit numeric switch type for the supported blade. Model Identifier The model identifier for the supported blade type. Switch Description The description for the supported blade type.
Page 37: Show Backplane
M6100 Series Switches Term Definition Tx Total Errors Platform-specific number of total transmit errors since power-up. Rx Data Rate Receive data rate in megabits per second on the backplane port. Rx Error Rate Platform-specific number of receive errors per second.
Page 38: Boot Auto-Copy-Sw
M6100 Series Switches boot auto-copy-sw Use this command to enable the Chassis Firmware Synchronization feature on the chassis. Default Disabled Format boot auto-copy-sw Mode Privileged Exec no boot auto-copy-sw Use this command to disable the Chassis Firmware Synchronization feature on the chassis...
Page 39: Nonstop Forwarding Commands
M6100 Series Switches no boot auto-copy-sw allow-downgrade Use this command to prevent the chassis manager from downgrading the firmware version of a chassis member. Format no boot auto-copy-sw allow-downgrade Mode Privileged Exec show auto-copy-sw Use this command to display chassis firmware synchronization configuration status information.
Page 40: Show Nsf
The management plane restarts when a failover occurs. Management connections must be reestablished. For NSF to be effective, adjacent networking devices must not reroute traffic around the restarting device. NETGEAR Managed Switch software uses three techniques to prevent traffic from being rerouted: •...
Page 41: Initiate Failover
M6100 Series Switches Parameter Description NSF Administrative Whether nonstop forwarding is administratively enabled or disabled. Status Default: Enabled NSF Operational Status Indicates whether NSF is enabled on the chassis. Last Startup Reason The type of activation that caused the software to start the last time: “Power-On”...
Page 42: Show Checkpoint Statistics
M6100 Series Switches The movemanagement command (see movemanagement on page 28) also transfers control from the current management blade; however, the hardware is cleared and all blades reinitialize. Format initiate failover Mode Chassis Global Config Mode show checkpoint statistics This command displays general information about the checkpoint service operation.
Page 43: Chapter 5 Management Commands
Management Commands This chapter describes the management commands available in the NETGEAR Managed Switch CLI. The Management Commands chapter contains the following sections: • Configure the Switch Management CPU • CPU Queue Commands • Network Interface Commands • Console Port Access Commands •...
Page 44: Configure The Switch Management Cpu
CPU. You can accomplish this task through CLI commands or you can use the ezconfig tool, which simplifies the task. The tool is applicable to all NETGEAR M6100 series managed switches and lets you configure the following settings: •...
Page 45 M6100 Series Switches Enter new password:******** Confirm new password:******** Assigning an IP address to your switch management Current IP Address Configuration -------------------------------- Management VLAN ID: 1 IP Address Assignment Mode: None IP Address: 0.0.0.0 Subnet mask: 0.0.0.0 Default Router IP: 0.0.0.0 Routing Mode: Disable IP address is not assigned.
Page 46: Ip Cpu-Priority
M6100 Series Switches Config file 'startup-config' created successfully . The configuration changes have been applied and saved. Please enter 'show running-config' to see the final configuration. Thanks for using EzConfig! CPU Queue Commands You can send all packets with a specified destination address to a higher priority queue (5) than the default queue for data packets and unicast packets to the CPU.
Page 47: Network Interface Commands
M6100 Series Switches Network Interface Commands This section describes the commands you use to configure a logical interface for management access. To configure the management VLAN, see network mgmt_vlan page 362. enable (Privileged EXEC access) This command gives you access to the Privileged EXEC mode. From the Privileged EXEC mode, you can configure the network interface.
Page 48: Serviceport Protocol
To remove the client-id option from the DHCP client messages, issue the command serviceport protocol dhcp without the client-id option. The command serviceport protocol none can be used to disable the DHCP client and client-id option on the interface. Command example: (NETGEAR Switch) # serviceport protocol dhcp client-id Management Commands...
Page 49: Network Parms
DHCP client and client-id option on the interface. Command example: (NETGEAR Switch) # network protocol dhcp client-id network mac-address This command sets locally administered MAC addresses. The following rules apply: •...
Page 50: Network Javamode
M6100 Series Switches • Bit 7 of byte 0 (called the I/G bit) indicates whether the destination address is an individual address (b'0') or a group address (b'1'). • The second character, of the twelve character macaddr, must be 2, 6, A or E.
Page 51: Show Network
M6100 Series Switches show network This command displays configuration settings associated with the switch's network interface. The network interface is the logical interface used for in-band connectivity with the switch via any of the switch's front panel ports. The configuration parameters associated with the switch's network interface do not affect the configuration of the front panel ports through which traffic is switched or routed.
Page 52: Show Serviceport
M6100 Series Switches Term Definition IPv6 Autoconfig Mode Whether IPv6 Stateless address autoconfiguration is enabled or disabled. DHCP Client Identifier The client identifier is displayed in the output of the command only if DHCP is enabled with the client-id option on the network port. See network protocol dhcp on page 49.
Page 53: Console Port Access Commands
M6100 Series Switches Term Definition IPv6 Address/Length The IPv6 address and length. Default is Link Local format. IPv6 Default Router TheIPv6 default router address on the service port. The factory default value is an unspecified address. Configured IPv4 Protocol The IPv4 network protocol being used. The options are bootp | dhcp | none.
Page 54: Serial Baudrate
M6100 Series Switches configure This command gives you access to the Global Config mode. From the Global Config mode, you can configure a variety of system settings, including user accounts. From the Global Config mode, you can enter other command modes, including Line Config mode.
Page 55: Serial Timeout
M6100 Series Switches serial timeout This command specifies the maximum connect time (in minutes) without console activity. A value of 0 indicates that a console can be connected indefinitely. The time range is 0 to 160. Default Format serial timeout 0-160...
Page 56: Telnet Commands
M6100 Series Switches Term Definition Serial Port Login Timeout The time, in minutes, of inactivity on a serial port connection, after which the switch will close (minutes) the connection. A value of 0 disables the timeout. Baud Rate (bps) The default baud rate at which the serial port will try to connect.
Page 57: Transport Input Telnet
M6100 Series Switches operational mode as linemode where, by default, the operational mode is character mode. The localecho option enables local echo. Format telnet {ip-address | hostname} port [debug] [line] [localecho] Modes • Privileged EXEC • User EXEC transport input telnet This command regulates new Telnet sessions.
Page 58: Session-Timeout (Line Config)
M6100 Series Switches no transport output telnet Use this command to prevent new outbound Telnet connection from being established. Format no transport output telnet Mode Line Config session-limit This command specifies the maximum number of simultaneous outbound Telnet sessions. The number argument can be a number in the range from 0–5. A value of 0 indicates that no outbound Telnet session can be established.
Page 59: Telnetcon Timeout
M6100 Series Switches telnetcon maxsessions This command specifies the maximum number of Telnet connection sessions that can be established. The number argument can be a number in the range from 0–5. A value of 0 indicates that no Telnet connection can be established.
Page 60: Show Telnet
M6100 Series Switches Note: Changing the time-out value for active sessions does not become effective until the session is accessed again. Also, any keystroke activates the new time-out duration. Format no telnetcon timeout Mode Privileged EXEC show telnet This command displays the current outbound Telnet settings. In other words, these settings apply to Telnet connections initiated from the switch to a remote system.
Page 61: Secure Shell Commands
M6100 Series Switches Term Definition Maximum Number of This object indicates the number of simultaneous remote connection sessions allowed. The Remote Connection factory default is 5. Sessions Allow New Telnet New Telnet sessions will not be allowed when this field is set to no. The factory default value Sessions is yes.
Page 62: Sshcon Timeout
M6100 Series Switches no ip ssh server enable This command disables the IP secure shell server. Format no ip ssh server enable Mode Privileged EXEC sshcon maxsessions This command specifies the maximum number of SSH connection sessions that can be established.
Page 63: Management Security Commands
M6100 Series Switches Changing the time-out value for active sessions does not become effective until the session is re accessed. Also, any keystroke activates the new time-out duration. Format no sshcon timeout Mode Privileged EXEC show ip ssh This command displays the ssh settings.
Page 64: Crypto Key Generate Rsa
M6100 Series Switches no crypto certificate generate Use this command to delete the HTTPS certificate files from the device, regardless of whether they are self-signed or downloaded from an outside source. Format no crypto certificate generate Mode Global Config crypto key generate rsa Use this command to generate an RSA key pair for SSH.
Page 65: Management Access-List
M6100 Series Switches When a management ACL is enabled, incoming TCP packets initiating a connection (TCP SYN) and all UDP packets are filtered based on their source IP address and destination port. When the management ACL is disabled, incoming TCP/UDP packets are not filtered and are processed normally.
Page 66: Permit Service
M6100 Series Switches permit service This command sets permit conditions for the management access list based on the access protocol. Each rule requires a unique priority. Use this command in Management access-list configuration mode. Format permit service service [priority priority]...
Page 67: Deny Service
M6100 Series Switches deny service This command sets deny conditions for the management access list based on the access protocol. Each rule requires a unique priority. Use this command in Management access-list configuration mode. Format deny service service [priority priority]...
Page 68: Show Management Access-Class
Packets Filtered The number of packets filtered by the management ACL Rules The rules that are included in the ACL. Command example: (NETGEAR Switch) #show management access-list List Name........mgmtacl List Admin Mode........ Disabled Packets Filtered....... 0 Rules: permit ip-source 192.168.2.10 mask 255.255.255.255 service ssh priority 1 permit ip-source 192.168.2.182 mask 255.255.255.255 service ssh priority 2...
Page 69: Hypertext Transfer Protocol Commands
M6100 Series Switches Hypertext Transfer Protocol Commands This section describes the commands you use to configure Hypertext Transfer Protocol (HTTP) and secure HTTP access to the switch. Access to the switch by using a Web browser is enabled by default. Everything you can view and configure by using the CLI is also available by using the Web.
Page 70: Ip Https Authentication
Uses the list of all TACACS+ servers for authentication. Command example: The following example configures http authentication: (NETGEAR Switch)(config)# ip http authentication radius local no ip http authentication Use this command to return to the default. Format no ip http authentication...
Page 71: Ip Http Server
Uses the list of all TACACS+ servers for authentication. Command example: The following example configures http authentication: (NETGEAR Switch)(config)# ip https authentication radius local no ip https authentication Use this command to return to the default. Format no ip https authentication...
Page 72: Ip Http Java
M6100 Series Switches no ip http secure-server This command is used to disable the secure socket layer for secure HTTP. Format no ip http secure-server Mode Privileged EXEC ip http java This command enables the Web Java mode. The Java mode applies to both secure and un-secure Web connections.
Page 73: Ip Http Session Maxsessions
M6100 Series Switches ip http session maxsessions This command limits the number of allowable unsecure HTTP sessions. The number argument specifies the number of sessions in the range of 0–16. Zero is the configurable minimum. Default Format ip http session maxsessions number...
Page 74: Ip Http Secure-Session Maxsessions
M6100 Series Switches Web session and is unaffected by the activity level of the connection. The secure-session hard-time-out can not be set to zero (infinite). Default Format ip http secure-session hard-timeout hours Mode Privileged EXEC no ip http secure-session hard-timeout This command resets the hard time-out for secure HTTP sessions to the default value.
Page 75: Ip Http Secure-Port
M6100 Series Switches no ip http secure-session soft-timeout This command restores the soft time-out for secure HTTP sessions to the default value. Format no ip http secure-session soft-timeout Mode Privileged EXEC ip http secure-port This command is used to set the SSL port where port can be 1025-65535 and the default is port 443.
Page 76: Access Commands
M6100 Series Switches Term Definition Maximum Allowable HTTP The number of allowable un-secure http sessions. Sessions HTTP Session Hard Timeout The hard timeout for un-secure http sessions in hours. HTTP Session Soft Timeout The soft timeout for un-secure http sessions in minutes.
Page 77: User Account Commands
This section describes the commands you use to add, manage, and delete system users. NETGEAR Managed Switch software has two default users: admin and guest. The admin user can view and configure system settings, and the guest user can view settings.
Page 78: Aaa Authentication Enable
This list is applied by default for Telnet and SSH, and contains enable followed by deny methods. In NETGEAR Managed Switch, by default, the enable password is not configured. That means that, by default, Telnet and SSH users will not get access to...
Page 79 If the login methods include only enable, and there is no enable password configured, then NETGEAR Managed Switch does not prompt for a username. In such cases, NETGEAR Managed Switch only prompts for a password. NETGEAR Managed Switch supports configuring methods after the local method in authentication and authorization lists.
Page 80: Aaa Authorization
Uses the list of all TACACS+ servers for authentication. Command example: The following example sets authentication to access higher privilege levels: (NETGEAR Switch)(config)# aaa authentication enable default enable no aaa authentication enable Use this command to return to the default configuration.
Page 81: Per-Command Authorization
M6100 Series Switches Per-Command Authorization When authorization is configured for a line mode, the user manager sends information about an entered command to the AAA server. The AAA server validates the received command, and responds with either a PASS or FAIL response. If approved, the command is executed.
Page 82: Authorization Exec
(NETGEAR Switch) # (NETGEAR Switch) #configure (NETGEAR Switch) (Config)#aaa authorization exec default tacacs+ none (NETGEAR Switch) (Config)#aaa authorization commands default tacacs+ none no aaa authorization This command deletes the authorization method list. Format no aaa authorization {commands | exec} {default | list-name}...
Page 83: Show Authorization Methods
Line console, Line telnet, Line SSH show authorization methods This command displays the configured authorization method lists. Format show authorization methods Mode Privileged EXEC Command example: (NETGEAR Switch) #show authorization methods Command Authorization List Method -------------------------- -------------------------------------- dfltCmdAuthList tacacs none...
Page 84: Enable Authentication
Uses the indicated list created with the aaa authentication enable command. Command example: The following example specifies the default authentication method to access a higher privilege level console: (NETGEAR Switch)(config)# line console (NETGEAR Switch)(config-line)# enable authentication default Management Commands...
Page 85: Username (Global Config)
Disables the validation of the password strength. Command example: The following example configures user bob with password xxxyyymmmm and user level 15. (NETGEAR Switch)(config)# username bob password xxxyyymmmm level 15 Command example: The following example configures user test with password testPassword and assigns a user level of 1 (read-only).
Page 86: Username Name Nopassword
M6100 Series Switches (NETGEAR Switch)(config)# username test password testPassword level 1 override-complexity-check Command example: (NETGEAR Switch) (Config)#username test password testtest Command example: (NETGEAR Switch) (Config)# username test password e8d63677741431114f9e39a853a15e8fd35ad059e2e1b49816c243d7e08152b052eafbf23b528d348cdba1b 1b7ab91be842278e5e970dbfc62d16dcd13c0b864 level 1 encrypted override-complexity-check (NETGEAR Switch) (Config)# username test level 15 password...
Page 87: Username Snmpv3 Authentication
M6100 Series Switches Parameter Description password The authentication password for the user. Range 8-64 characters. level The user level. Level 0 can be assigned by a level 15 user to another user to suspend that user’s access. Range 0-15. username name unlock Use this command to allows a locked user account to be unlocked.
Page 88: Username Snmpv3 Encryption
M6100 Series Switches authentication protocol. You must enter the username in the same case you used when you added the user. To see the case of the user name, enter the show users command. Default no authentication Format username snmpv3 authentication username {none | md5 | sha}...
Page 89: Show Users
The encryption protocol to be used for the specified login user. show users long This command displays the complete user names of the configured users on the switch. Format show users long Mode Privileged EXEC Command example: (NETGEAR Switch) #show users long User Name ------------ admin Management Commands...
Page 90: Show Users Accounts
M6100 Series Switches guest test1111test1111test1111test1111 show users accounts This command displays the local user status with respect to user account lockout and password aging.This command displays truncated user names. Use the show users long command to display the complete user names.
Page 91: Show Users Login-History [Username
M6100 Series Switches Privilege........15 Password Aging......... --- Password Expiry........ --- Lockout........False Override Complexity Check...... Disable Password Strength......--- UserName........guest Privilege........1 Password Aging......... --- Password Expiry........ --- Lockout........False Override Complexity Check...... Disable Password Strength......--- show users login-history [long] Use this command to display information about the login history of users.
Page 92: Login Authentication
Command example: The following example specifies the default authentication method for a console: (NETGEAR Switch) (config)# line console (NETGEAR Switch) (config-line)# login authentication default no login authentication Use this command to return to the default specified by the authentication login command.
Page 93: Password (User Exec)
M6100 Series Switches Command example: (NETGEAR Switch)(Config-line)# password testtest (NETGEAR Switch) (Config-line)# password e8d63677741431114f9e39a853a15e8fd35ad059e2e1b49816c243d7e08152b052eafbf23b528d348cdba1b 1b7ab91be842278e5e970dbfc62d16dcd13c0b864 encrypted (NETGEAR Switch) (Config-line)# password Enter new password:******** Confirm new password:******** no password (Line Configuration) Use this command to remove the password on a line.
Page 94: Passwords Min-Length
Encrypted password you entered, copied from another switch configuration. The encrypted password should be 128 characters long because the assumption is that this password is already encrypted with AES. Command example: (NETGEAR Switch) #enable password testtest (NETGEAR Switch) #enable password e8d63677741431114f9e39a853a15e8fd35ad059e2e1b49816c243d7e08152b052eafbf23b528d348cdba1b 1b7ab91be842278e5e970dbfc62d16dcd13c0b864 encrypted...
Page 95: Passwords History
M6100 Series Switches passwords history Use this command to set the number of previous passwords that can be stored for each user account. When a local user changes his or her password, the user is not be able to reuse any password stored in password history.
Page 96: Passwords Strength-Check
M6100 Series Switches number argument is a number in the range 1–5. The default is 0, or no lockout count enforced. Default Format passwords lock-out number Mode Global Config no passwords lock-out Use this command to set the password lock-out count to the default value.
Page 97: Passwords Strength Maximum Repeated-Characters
M6100 Series Switches passwords strength maximum repeated-characters Use this command to set the maximum number of repeated characters to be used in password strength. The number argument is a number in the range 0–15. The default is 0. Minimum of 0 means no restriction on that set of characters.
Page 98: Passwords Strength Minimum Numeric-Characters
M6100 Series Switches no passwords strength minimum lowercase-letters Use this command to reset the minimum lower letters required in a password to the default value. Format no passwords minimum lowercase-letter Mode Global Config passwords strength minimum numeric-characters Use this command to enforce a minimum number of numeric characters that a password should contain.
Page 99: Show Passwords Configuration
M6100 Series Switches passwords strength minimum character-classes Use this command to enforce a minimum number of characters classes that a password should contain. Character classes are uppercase letters, lowercase letters, numeric characters and special characters. The number argument is a number in the range 0–4. The default is 4.
Page 100: Show Passwords Result
M6100 Series Switches Term Definition Minimum Password Length Minimum number of characters required when changing passwords. Password History Number of passwords to store for reuse prevention. Password Aging Length in days that a password is valid. Lockout Attempts Number of failed password login attempts before lockout.
Page 101: Aaa Session-Id
(NETGEAR Switch) # (NETGEAR Switch) #configure (NETGEAR Switch) (Config)#aaa ias-user username client-1 ((NETGEAR Switch)(Config-aaa-ias-User)#exit (NETGEAR Switch) (Config)#no aaa ias-user username client-1 (NETGEAR Switch) (Config)# aaa session-id Use this command in Global Config mode to specify if the same session-id is used for Authentication, Authorization and Accounting service type within a session.
Page 102: Aaa Accounting
Sends a stop accounting notice at the end of the requested user process. none Disables accounting services on this line. method Use either TACACS or radius server for accounting purposes. Command example: (NETGEAR Switch) # (NETGEAR Switch) #configure (NETGEAR Switch) #aaa accounting commands default stop-only tacacs Management Commands...
Page 103: Password (Aaa Ias User Config)
(NETGEAR Switch) #aaa accounting exec ExecList stop-only tacacs (NETGEAR Switch) #aaa accounting exec ExecList start-stop tacacs (NETGEAR Switch) #aaa accounting exec ExecList start-stop tacacs radius The first aaa command creates a method list for exec sessions with the name ExecList, with record-type as stop-only and the method as tacacs.
Page 104: Clear Aaa Ias-Users
Encrypted password to be entered, copied from another switch configuration. Command example: (NETGEAR Switch) # (NETGEAR Switch) #configure (NETGEAR Switch) (Config)#aaa ias-user username client-1 (NETGEAR Switch) (Config-aaa-ias-User)#password client123 (NETGEAR Switch) (Config-aaa-ias-User)#no password Command example: The following is an example of adding a MAB Client to the Internal user database:...
Page 105: Show Aaa Ias-Users
Format show aaa ias-users [username] Mode Privileged EXEC Command example: (NETGEAR Switch) # (NETGEAR Switch) #show aaa ias-users UserName ------------------- Client-1 Client-2 Following are the IAS configuration commands shown in the output of show running-config command. Passwords shown in the command output are always encrypted.
Page 106: Show Accounting
M6100 Series Switches (NETGEAR Switch) #configure (NETGEAR Switch) (Config)#line telnet (NETGEAR Switch)(Config-line)# accounting exec default (NETGEAR Switch) #exit no accounting Use this command to remove accounting from a Line Configuration mode. Format no accounting {exec | commands] Mode Line Configuration show accounting Use this command to display ordered methods for accounting lists.
Page 107: Clear Accounting Statistics
M6100 Series Switches Commands dfltCmdsList stop-only TACACS Commands UserCmdAudit start-stop TACACS DOT1X dfltDot1xList start-stop radius Line EXEC Method List Command Method List ------- --------------------------------------- Console dfltExecList dfltCmdsList Telnet dfltExecList dfltCmdsList dfltExecList UserCmdAudit clear accounting statistics This command clears the accounting statistics.
Page 108: Snmp-Server Community
M6100 Series Switches snmp-server This command sets the name and the physical location of the switch and the organization responsible for the network. The range for the name, loc and con parameters is from 1 to 31 alphanumeric characters. Default...
Page 109: Snmp-Server Community Ipmask
M6100 Series Switches ANDed with the mask to determine the range of allowed client IP addresses. The name is the applicable community name. Default 0.0.0.0 Format snmp-server community ipaddr ipaddr name Mode Global Config no snmp-server community ipaddr This command sets a client IP address for an SNMP community to 0.0.0.0. The name is the applicable community name.
Page 110: Snmp-Server Community Ro
M6100 Series Switches this case, the SNMP manager that is associated with this community cannot manage the switch until the status is changed back to enabled. Default • private and public communities - enabled • other four - disabled Format...
Page 111: Snmp-Server Enable Traps
M6100 Series Switches Note: For information about port security commands, see Protected Ports Commands on page 385. Default disabled Format snmp-server enable traps violation Mode Interface Config no snmp-server enable traps violation This command prevents the switch from sending violation traps.
Page 112: Snmp-Server Enable Traps Multiusers
M6100 Series Switches no snmp-server enable traps linkmode This command disables Link Up/Down traps for the entire switch. Format no snmp-server enable traps linkmode Mode Global Config snmp-server enable traps multiusers This command enables multiple user traps. If the traps are enabled, the switch sends a multiple user trap if a user logs in to the terminal interface (EIA 232 or Telnet) while an existing terminal interface session is already established.
Page 113: Snmp-Server Enable Traps Bgp
SNMP Community table (see snmp-server community on page 108). Default snmpv2 Format snmptrap name {ipaddr ipaddr | ip6addr ip6addr} [snmpversion snmpversion] Mode Global Config Command example: (NETGEAR Switch)# snmptrap mytrap ip6addr 3099::2 Management Commands...
Page 114: Snmptrap Snmpversion
M6100 Series Switches no snmptrap This command delete trap receivers for a community. Format no snmptrap name {ipaddr ipaddr | ip6addr ip6addr} Mode Global Config snmptrap snmpversion This command modifies the SNMP version of a trap. The maximum length of the name parameter is 16 case-sensitive alphanumeric characters.
Page 115: Snmptrap Source-Interface
M6100 Series Switches no snmptrap mode This command deactivates an SNMP trap. Disabled trap receivers are inactive (that is, not able to receive traps). Format no snmptrap mode name {ipaddr | ip6addr} Mode Global Config snmptrap source-interface This command configures the global source interface (that is, the source IP address) for all SNMP communication between the SNMP client and the server.
Page 116: Snmp Trap Link-Status All
M6100 Series Switches Note: This command is valid only when the Link Up/Down Flag is enabled. For more information, see no snmp-server enable traps bgp page 113. Format snmp trap link-status Mode Interface Config no snmp trap link-status This command disables link status traps for an interface.
Page 117: Show Snmpcommunity
M6100 Series Switches show snmpcommunity This command displays SNMP community information. Six communities are supported. You can add, change, or delete communities. You do not need to reset the switch for changes to take effect. The SNMP agent of the switch complies with SNMP Versions 1, 2, and 3. For more information about the SNMP specification, see the SNMP RFCs.
Page 118: Show Trapflags
M6100 Series Switches Term Definition SNMP Version SNMPv2 Status The receiver's status (enabled or disabled). Command example: (NETGEAR Switch)#show snmptrap Community Name IpAddress IPv6 Address Snmp Version Mode Mytrap 0.0.0.0 2001::1 SNMPv2 Enable show trapflags show trapflags This command displays the trap conditions. The command output shows all enabled trap flags, including OSPFv2 and OSPFv3 trap flags.
Page 119: Radius Commands
M6100 Series Switches Term Definition OSPFv2 Traps Can be enabled or disabled. The factory default is disabled. Indicates whether OSPF traps are sent. If any of the OSPF trap flags are not enabled, then the command displays disabled. Otherwise, the command shows all the enabled OSPF traps’...
Page 120: Radius Server Attribute 4
4 [ipaddr] Mode Global Config Command example: (NETGEAR Switch) (Config) #radius server attribute 4 192.168.37.60 (NETGEAR Switch) (Config) #radius server attribute 4 radius server host This command configures the IP address or DNS name to use for communicating with the RADIUS server of a selected server type.
Page 121 M6100 Series Switches authenticating servers and the name should be unique for accounting servers. The RADIUS client allows the configuration of a maximum 32 authenticating and accounting servers. If you use the auth parameter, the command configures the IP address or host name to use to connect to a RADIUS authentication server.
Page 122: Radius Server Key
(NETGEAR Switch) (Config) #radius server host acct 192.168.37.60 (NETGEAR Switch) (Config) #radius server host acct 192.168.37.60 port 1813 (NETGEAR Switch) (Config) #radius server host auth 192.168.37.60 name Network1_RS port 1813 (NETGEAR Switch) (Config) #radius server host acct 192.168.37.60 name Network2_RS (NETGEAR Switch) (Config) #no radius server host acct 192.168.37.60...
Page 123: Radius Server Msgauth
M6100 Series Switches Field Description dnsname The DNS name of the server. password The password in encrypted format. Command example: radius server key acct 10.240.4.10 encrypted encrypt-string radius server msgauth This command enables the message authenticator attribute to be used for the specified RADIUS Authenticating server.
Page 124: Radius Server Retransmit
M6100 Series Switches Field Description ip addr The IP address of the RADIUS Authenticating server. dnsname The DNS name of the server. radius server retransmit This command configures the global parameter for the RADIUS client that specifies the number of transmissions of the messages to be made before attempting the fall back server upon unsuccessful communication with the current RADIUS authenticating server.
Page 125: Radius Server Timeout
M6100 Series Switches Parameter Description unit/slot/port The unit identifier assigned to the switch. loopback-id Configures the loopback interface. The range of the loopback ID is 0 to 7. vlan-id Configures the VLAN interface to use as the source IP address. The range of the VLAN ID is 1 to 4093.
Page 126: Show Radius Servers
M6100 Series Switches Term Definition Number of Configured Authentication The number of RADIUS Authentication servers that are configured. Servers Number of Configured Accounting The number of RADIUS Accounting servers that are configured. Servers Number of Named Authentication The number of configured named RADIUS server groups.
Page 127 Port Type rent ---- ------------------------ --------------------------------- ----- ---------- 192.168.37.200 Network1_RADIUS_Server 1813 Primary 192.168.37.201 Network2_RADIUS_Server 1813 Secondary 192.168.37.202 Network3_RADIUS_Server 1813 Primary 192.168.37.203 Network4_RADIUS_Server 1813 Secondary Command example: (NETGEAR Switch) #show radius servers name Current Host Address Server Name Type Management Commands...
Page 128: Show Radius Accounting
Primary 192.168.37.202 Network3_RADIUS_Server Secondary 192.168.37.203 Network4_RADIUS_Server Primary Command example: (NETGEAR Switch) #show radius servers name Default_RADIUS_Server Server Name......Default_RADIUS_Server Host Address......192.168.37.58 Secret Configured...... No Message Authenticator ....Enable Number of Retransmits....4 Time Duration......10 RADIUS Accounting Mode....Disable RADIUS Attribute 4 Mode....
Page 129: Show Radius Accounting Statistics
192.168.37.202 Network3_RADIUS_Server 1813 192.168.37.203 Network4_RADIUS_Server 1813 Command example: (NETGEAR Switch) #show radius accounting name Default_RADIUS_Server Server Name......Default_RADIUS_Server Host Address......192.168.37.200 RADIUS Accounting Mode....Disable Port ........1813 Secret Configured ..... Yes show radius accounting statistics This command displays a summary of statistics for the configured RADIUS accounting servers.
Page 130 The number of RADIUS packets received from this server on the accounting port and dropped for some other reason. Command example: (NETGEAR Switch) #show radius accounting statistics 192.168.37.200 RADIUS Accounting Server Name....Default_RADIUS_Server Host Address........192.168.37.200 Round Trip Time....... 0.00 Requests........
Page 131: Show Radius Statistics
M6100 Series Switches Command example: (NETGEAR Switch) #show radius accounting statistics name Default_RADIUS_Server RADIUS Accounting Server Name....Default_RADIUS_Server Host Address........192.168.37.200 Round Trip Time....... 0.00 Requests........0 Retransmissions....... 0 Responses........0 Malformed Responses......0 Bad Authenticators......0 Pending Requests......0 Timeouts........
Page 132 Packets Dropped The number of RADIUS packets received from this server on the authentication port and dropped for some other reason. (NETGEAR Switch) #show radius statistics 192.168.37.200 RADIUS Server Name......Default_RADIUS_Server Server Host Address......192.168.37.200 Access Requests....... 0.00 Access Retransmissions......0 Access Accepts........
Page 133: Tacacs-Server Host
M6100 Series Switches Command example: (NETGEAR Switch) #show radius statistics name Default_RADIUS_Server RADIUS Server Name......Default_RADIUS_Server Server Host Address......192.168.37.200 Access Requests....... 0.00 Access Retransmissions......0 Access Accepts........ 0 Access Rejects........ 0 Access Challenges......0 Malformed Access Responses....0 Bad Authenticators......0 Pending Requests......
Page 134: Tacacs-Server Key
M6100 Series Switches no tacacs-server host Use the no tacacs-server host command to delete the specified hostname or IP address. The ip-address or hostname argument is the IP address or host name of the TACACS+ server. Format no tacacs-server host {ip-address | hostname}...
Page 135: Tacacs-Server Source-Interface
M6100 Series Switches (NETGEAR Switch)(Config)#tacacs-server keystring Enter tacacs key:********Re-enter tacacs key:******** tacacs-server source-interface Use this command in Global Configuration mode to configure the source interface (Source IP address) for TACACS+ server configuration. The selected source-interface IP address is used for filling the IP header of management protocol packets. This allows security devices (firewalls) to identify the source packets coming from the specific switch.
Page 136 M6100 Series Switches time-out to the default value. TACACS+ servers that do not use the global time-out will retain their configured time-out values. Default Format tacacs-server timeout seconds Mode Global Config no tacacs-server timeout Use the no tacacs-server timeout command to restore the default timeout value for all TACACS servers.
Page 137: Port (Tacacs Config)
M6100 Series Switches Enter tacacs key:******** Re-enter tacacs key:******** port (TACACS Config) Use the port command in TACACS Configuration mode to specify a server port number. The server port-number argument is a number in the range 0–65535. Default Format port port-number...
Page 138: Configuration Scripting Commands
M6100 Series Switches Term Definition TimeOut The timeout in seconds for establishing a TCP connection. Priority The preference order in which TACACS+ servers are contacted. If a server connection fails, the next highest priority server is contacted. show tacacs source-interface Use the show tacacs source-interface command in Global Config mode to display the configured global source interface details used for a TACACS+ client.
Page 139: Script Apply
M6100 Series Switches • The maximum number of configuration file command lines is 2000. You can type single-line annotations at the command prompt to use when you write test or configuration scripts to improve script readability. The exclamation point (!) character flags the beginning of a comment.
Page 140: Prelogin Banner, System Prompt, And Host Name Commands
M6100 Series Switches script list This command lists all scripts present on the switch as well as the remaining available space. Format script list Mode Privileged EXEC Term Definition Configuration Script Name of the script. Size Privileged EXEC script show This command displays the contents of a script file, which you specify with the scriptname argument.
Page 141: Set Prompt
M6100 Series Switches Note: The ip6address argument is also a valid parameter for routing packages that support IPv6. Default none Format copy <tftp://<ipaddr>/<filepath>/<filename>> nvram:clibanner copy nvram:clibanner <tftp://<ipaddr>/<filepath>/<filename>> Mode Privileged EXEC set prompt This command changes the name of the prompt. The length of name may be up to 64 alphanumeric characters.
Page 142: Set Clibanner
M6100 Series Switches TEST -------------------------- set clibanner Use this command to configure the prelogin CLI banner before displaying the login prompt. Format set clibanner line Mode Global Config Parameter Description line Banner text where ““ (double quote) is a delimiting character. The banner message can be up to 2000 characters.
Page 143: Chapter 6 Utility Commands
Utility Commands This chapter describes the utility commands available in the NETGEAR Managed Switch CLI. The chapter includes the following sections: • AutoInstall Commands • CLI Output Filtering Commands • Dual Image Commands • System Information and Statistics Commands •...
Page 144: Autoinstall Commands
M6100 Series Switches The commands in this chapter are in one of four functional groups: • Show commands. Display switch settings, statistics, and other information. • Configuration commands. Configure features and options of the switch. For every configuration command, there is a show command that displays the configuration setting.
Page 145: Boot Autoinstall
M6100 Series Switches boot autoinstall Use this command to operationally start or stop the AutoInstall process on the switch. The command is non-persistent and is not saved in the startup or running configuration file. Default stop Format boot autoinstall {start | stop}...
Page 146: Boot Host Autoreboot
M6100 Series Switches boot host autosave Use this command to automatically save the downloaded configuration file to the startup-config file on the switch. When autosave is disabled, you must explicitly save the downloaded configuration to non-volatile memory by using the write memory or copy system:running-config nvram:startup-config command.
Page 147: Show Autoinstall
The command xxx is executed and the output is filtered to only show lines containing the “string” match. All other non-matching lines in the output are suppressed. Command example: (NETGEAR Switch) #show running-config | include “spanning-tree” spanning-tree configuration name "00-02-BC-42-F9-33" spanning-tree bpduguard spanning-tree bpdufilter default spanning-tree forceversion 802.1w...
Page 148: Show Xxx | Exclude "String
M6100 Series Switches Command example: (NETGEAR Switch) #show running-config | include “spanning-tree” exclude “configuration” spanning-tree bpduguard spanning-tree bpdufilter default spanning-tree forceversion 802.1w show xxx | exclude “string” The command xxx is executed and the output is filtered to show all lines not containing the “string”...
Page 149: Dual Image Commands
Dual Image Commands NETGEAR Managed Switch software supports a dual image feature that allows the switch to have two software images in the permanent storage. You can specify which image is the active image to be loaded in subsequent reboots. This feature allows reduced down-time when you upgrade or downgrade the software.
Page 150: Boot System
M6100 Series Switches boot system This command activates the specified image. It will be the active-image for subsequent reboots and will be loaded by the boot loader. The current active-image is marked as the backup-image for subsequent reboots. If the specified image doesn't exist on the system, this command returns an error message.
Page 151: System Information And Statistics Commands
M6100 Series Switches System Information and Statistics Commands This section describes the commands you use to view information about system features, components, and configurations. show arp switch (system information and statistics commands) This command displays the contents of the Address Resolution Protocol (ARP) table that is associated with the IP address of the chassis.
Page 152: Show Hardware
M6100 Series Switches show hardware This command displays inventory information for the switch. Note: The show version command and the show hardware command display the same information. In future releases of the software, the show hardware command will not be available. For a description of...
Page 153: Show Interface
Software Version Release Version Maintenance Level and Build (RVMB) information of the switch. Timestamp Timestamp at which the image is built Command example: (NETGEAR Switch) #show platform vpd Operational Code Image File Name....NETGEAR-Ent-esw-xgs4-gto-BL20R-CS-6AIQHSr3v7m14b35 Software Version....... 3.7.14.35 Timestamp........Thu Mar...
Page 154: Show Interfaces Status
M6100 Series Switches Parameters Definition Packets The total number of packets transmitted out of the interface. Transmitted Without Error Transmit Packets The number of outbound packets which were chosen to be discarded even though no errors had Discarded been detected to prevent their being deliverable to a higher-layer protocol. A possible reason for discarding a packet could be to free up buffer space.
Page 155: Show Interfaces Traffic
M6100 Series Switches Format show interfaces status [unit/slot/port] Mode Privileged EXEC Field Description Port The interface associated with the rest of the data in the row. Name The descriptive user-configured name for the interface. Link State Indicates whether the link is up or down.
Page 156 The total number of unicast packets transmitted by the interface. OutMcastPkts The total number of multicast packets transmitted by the interface. OutBcastPkts The total number of broadcast packets transmitted by the interface. Command example: (NETGEAR Switch) #show interface counters Port InOctets InUcastPkts InMcastPkts InBcastPkts...
Page 157: Show Interface Ethernet
M6100 Series Switches ch64 4025293 32910 show interface ethernet This command displays detailed statistics for a specific interface or for all CPU traffic based upon the argument. Format show interface ethernet {unit/slot/port | switchport | all} Mode Privileged EXEC When you specify a value for unit/slot/port, the command displays the following information.
Page 158 M6100 Series Switches Term Definition Packets Received Packets RX and TX 64 Octets - The total number of packets (including bad packets) received and transmitted that were 64 octets in length (excluding framing bits but including FCS octets). (continued) Packets RX and TX 65–127 Octets - The total number of packets (including bad packets) received and transmitted that were between 65 and 127 octets in length inclusive (excluding framing bits but including FCS octets).
Page 159 M6100 Series Switches Term Definition Packets Received Total Packets Received with MAC Errors - The total number of inbound packets that contained with MAC Errors errors preventing them from being deliverable to a higher-layer protocol. Jabbers Received - The total number of packets received that were longer than 1518 octets...
Page 160 M6100 Series Switches Term Definition Packets Total Packets Transmitted (Octets) - The total number of octets of data (including those in bad Transmitted Octets packets) received on the network (excluding framing bits but including FCS octets). This object can be used as a reasonable estimate of Ethernet utilization. If greater precision is desired, the etherStatsPkts and etherStatsOctets objects should be sampled before and after a common interval.
Page 161 M6100 Series Switches Term Definition Transmit Discards Total Transmit Packets Discards - The sum of single collision frames discarded, multiple collision frames discarded, and excessive frames discarded. Single Collision Frames - A count of the number of successfully transmitted frames on a particular interface for which transmission is inhibited by exactly one collision.
Page 162: Show Interface Ethernet Switchport
M6100 Series Switches Term Definition Packets Transmitted The total number of packets transmitted out of the interface. without Errors Broadcast Packets The total number of packets that higher-level protocols requested be transmitted to the Transmitted Broadcast address, including those that were discarded or not sent.
Page 163: Show Interface Lag
M6100 Series Switches show interface lag Use this command to display configuration information about the specified LAG interface. Format show interface lag lag-intf-num Mode Privileged EXEC Parameters Definition Packets Received Without The total number of packets (including broadcast packets and multicast packets) received...
Page 164: Show Fiber-Ports Optical-Transceiver-Eeprom
M6100 Series Switches Field Description Input Power Measured optical power received relative to 1mW. TX Fault Transmitter fault. Loss of signal. Command example: (NETGEAR Switch) #show fiber-ports optical-transceiver all Output Input Port Temp Voltage Current Power Power [Volt] [mA] [dBm]...
Page 165: Show Fiber-Ports Optical-Transceiver-Info
M6100 Series Switches ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ....ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ....ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ....
Page 166: Show Mac-Addr-Table
ASCII spaces (20h), defining the vendor's product revision number. A value of all zero in this field indicates that the vendor revision is unspecified. Command example: (NETGEAR Switch) #show fiber-ports optical-transceiver-info all Link Link Nominal Length Length 50um 62.5um...
Page 167: Process Cpu Threshold
M6100 Series Switches The following information displays if you do not enter a parameter, the keyword all, or the MAC address and VLAN ID. Term Definition VLAN ID The VLAN in which the MAC address is learned. MAC Address A unicast MAC address for which the switch has forwarding and or filtering information. The format is 6 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB.
Page 168: Show Process App-List
M6100 Series Switches falling utilization threshold is optional. If the falling CPU utilization parameters are not configured, then they take the same value as the rising CPU utilization parameters. Format process cpu threshold type total rising threshold interval seconds [falling...
Page 169: Show Process Cpu
The administrative status of the process. Auto Restart Indicates whether the process will automatically restart if it stops. Running Status Indicates whether the process is currently running or stopped. Command example: (NETGEAR Switch) #show process app-list Admin Auto Running Name Status...
Page 170: Show Process Proc-List
M6100 Series Switches Command example: (NETGEAR Switch) #show process cpu Memory Utilization Report status bytes ------ ---------- free 106450944 alloc 423227392 CPU Utilization: Name 5 Secs 60 Secs 300 Secs ----------------------------------------------------------------- _interrupt_thread 0.00% 0.01% 0.02% bcmL2X.0 0.58% 0.35% 0.28% bcmCNTR.0 0.77%...
Page 171: Show Running-Config
Description VM Peak The maximum amount of virtual memory the process has used at a given time. FD Count The file descriptors count for the process. Command example: (NETGEAR Switch) #show process proc-list Process Application VM Size VM Peak Name...
Page 172: Show Running-Config Interface
M6100 Series Switches Note: If you use a text-based configuration file, the show running-config command only displays configured physical interfaces (i.e. if any interface only contains the default configuration, that interface will be skipped from the show running-config command output). This is true for any configuration mode that contains nothing but default configuration.
Page 173: Show (Privileged Exec)
Display the running config for a specified loopback interface. tunnel Display the running config for a specified tunnel interface. vlan Display the running config for a specified vlan routing interface. Command example: (NETGEAR Switch) #show running-config interface 0/1 !Current Configuration: interface addport 3/1 exit (NETGEAR Switch) # show (Privileged EXEC) This command displays the content of text-based configuration files from the CLI.
Page 174 M6100 Series Switches Parameter Description backup-config Display the content of the backup-config file. factory-defaults Display the content of the factory-defaults file. Command example: (NETGEAR Switch) #show startup-config !Current Configuration: !System Description "Quanta LB6M, 8.1.14.41, U-Boot 2009.06 (Apr 19 2011 - 15:57:06)"...
Page 175: Command Example
M6100 Series Switches !Additional Packages BGP-4,QOS,IPv6,IPv6 Management,Routing,Data Center !Current SNTP Synchronized Time: Not Synchronized vlan database vlan 10 exit configure ipv6 router ospf exit line console exit line telnet exit line ssh exit --More-- or (q)uit interface 0/1 description 'intf1'...
Page 176 M6100 Series Switches exit --More-- or (q)uit interface 0/1 description 'intf1' exit router ospf exit exit Use this command to list the files in flash from the CLI. Format Mode Privileged EXEC Command example: (NETGEAR Switch) #dir drwx 2048 May 09 2002 16:47:30 .
Page 177: Show Sysinfo
M6100 Series Switches show sysinfo This command displays switch information. Format show sysinfo Mode Privileged EXEC Term Definition Switch Description Text used to identify this switch. System Name Name used to identify the switch.The factory default is blank. To configure the system...
Page 178: Terminal Length
M6100 Series Switches length Use this command to set the pagination length to value number of lines for the sessions specified by configuring on different Line Config modes (Telnet, SSH, and console). The command is persistent. The number argument is a number in the range of 5–48 lines. Enter...
Page 179: Memory Free Low-Watermark Processor
M6100 Series Switches Command example: (NETGEAR Switch) #show terminal length Terminal Length: ---------------------- For Current Session………………….24 For Serial Console…………………… 24 For Telnet Sessions………………….24 For SSH Sessions…………………….. 24 memory free low-watermark processor Use this command to get notifications when the CPU free memory falls below the configured threshold.
Page 180: Environment Trap
M6100 Series Switches Parameter Definition min temperature Sets the minimum allowed temperature for normal operation. The range is between – 100°C and 100°C. The default is 0°C. max temperature Sets the maximum allowed temperature for normal operation. The range is between –...
Page 181: Logging Commands
M6100 Series Switches debug i2c This command displays information about the health and statistics of the i2c bus. The slot parameter specifies the slot in which a blade is installed. Note: To display the debug trace, enable the debug console command.
Page 182: Logging Console
Format no logging buffered wrap Mode Privileged EXEC logging cli-command This command enables the CLI command logging feature, which enables the NETGEAR Managed Switch software to log all CLI commands issued on the system. Default enabled Format logging cli-command...
Page 183: Logging Host
(0), alert (1), critical (2), error (3), warning (4), notice (5), info (6), or debug (7). Command example: (NETGEAR Switch) (Config)# logging host google.com dns 214 (NETGEAR Switch) (Config)# logging host 10.130.64.88 ipv4 214 6 (NETGEAR Switch) (Config)# logging host 2000::150 ipv6 214 7 logging host reconfigure This command enables logging host reconfiguration.
Page 184: Logging Port
M6100 Series Switches logging port This command sets the local port number of the LOG client for logging messages. The portid argument is a number in the range from 1 to 65535. Default Format logging port portid Mode Global Config no logging port This command resets the local logging port to the default.
Page 185: Logging Syslog Source-Interface
M6100 Series Switches no logging syslog port This command disables syslog logging. Format no logging syslog port Mode Global Config logging syslog source-interface This command configures the syslog source-interface (source IP address) for syslog server configuration. The selected source-interface IP address is used for filling the IP header of management protocol packets.
Page 186: Show Logging
M6100 Series Switches show logging This command displays logging configuration information. Format show logging Mode Privileged EXEC Term Definition Logging Client Port on the collector/relay to which syslog messages are sent. Local Port Logging Client Shows the configured syslog source-interface (source IP address).
Page 187: Show Logging Buffered
M6100 Series Switches Log Messages Received : 1010 Log Messages Dropped Log Messages Relayed show logging buffered This command displays buffered logging (system startup and system operation logs). Format show logging buffered Mode Privileged EXEC Term Definition Buffered Shows whether the In-Memory log is enabled or disabled.
Page 188: Show Logging Persistent
M6100 Series Switches Command example: (NETGEAR Switch) #show logging hosts Index IP Address/Hostname Severity Port Status -------- ---------------------- ----------- ------ -------- 10.130.64.88 critical Active 2000::150 critical Active show logging persistent Use the show logging persistent command to display persistent log entries.
Page 189: Email Alerting And Mail Server Commands
M6100 Series Switches clear logging buffered This command clears buffered logging (system startup and system operation logs). Format clear logging buffered Mode Privileged EXEC clear eventlog This command clears all event messages that are stored on the switch. Format clear eventlog...
Page 190: Logging Email Message-Type To-Addr
M6100 Series Switches Default Alert (1) and emergency (0) messages are sent immediately. Format logging email urgent {severitylevel | none} Mode Global Config no logging email urgent This command resets the urgent severity level to the default value. Format no logging email urgent...
Page 191: Logging Email Logtime
M6100 Series Switches no logging email from-addr This command removes the configured email source address. Format no logging email from-addr from-email-addr Mode Global Config logging email message-type subject This command configures the subject line of the email for the specified type.
Page 192: Logging Traps
M6100 Series Switches logging traps This command sets the severity at which SNMP traps are logged and sent in an email. Specify the severitylevel value as either an integer from 0 to 7 or symbolically through one of the following keywords: emergency (0), alert (1), critical (2), error (3), warning (4), notice (5), info (6), or debug (7).
Page 193: Show Logging Email Statistics
M6100 Series Switches Term Definition Email Alert Notification Period The amount of time to wait between non-urgent messages. Email Alert To Address Table The configured email recipients. Email Alert Subject Table The subject lines included in urgent (Type 1) and non-urgent (Type 2) messages.
Page 194: Port (Mail Server Config)
M6100 Series Switches no mail-server This command removes the specified SMTP server from the configuration. Format no mail-server {ip-address | ipv6-address | hostname} Mode Global Config security This command sets the email alerting security protocol by enabling the switch to use TLS authentication with the SMTP Server.
Page 195: System Utility And Clear Commands
M6100 Series Switches show mail-server config This command displays information about the email alert configuration. Format show mail-server {ip-address | hostname | all} config Mode Privileged EXEC Term Definition No of mail servers configured The number of SMTP servers configured on the switch.
Page 196 M6100 Series Switches NETGEAR Managed Switch will not accept an incoming packet, such as a traceroute response, that arrives on a routing interface if the packet’s destination address is on one of the out-of-band management interfaces (service port or network port). Similarly, NETGEAR Managed Switch will not accept a packet that arrives on a management interface if the packet’s destination is an address on a routing interface.
Page 197 Command example: The following example shows that the IPv6 traceroute is a success: (NETGEAR Switch) # traceroute 2001::2 initTtl 1 maxTtl 4 maxFail 0 interval 1 count 3 port 33434 size 43 Traceroute to 2001::2 hops max 43 byte packets:...
Page 198: Clear Config
Hop Count = 6 Last TTL = 7 Test attempt = 19 Test Success = 18 Command example: The following example shows that the IPv6 traceroute fails: (NETGEAR Switch)# traceroute 2001::2 initTtl 1 maxFail 0 interval 1 count 3 port 33434 size 43 Traceroute to 2001::2 hops max 43 byte packets:...
Page 199: Clear Igmpsnooping
M6100 Series Switches clear igmpsnooping This command clears the tables managed by the IGMP Snooping function and attempts to delete these entries from the Multicast Forwarding Database. Format clear igmpsnooping Mode Privileged EXEC clear pass This command resets all user passwords to the factory defaults without powering off the switch.
Page 200 M6100 Series Switches logout This command closes the current telnet connection or resets the current serial connection. Note: Save configuration changes before logging out. Format logout Modes Privileged EXEC User EXEC ping Use this command to determine whether another computer is on the network. Ping provides a synchronous response when initiated from the CLI and Web interfaces.
Page 201 Command example: The following example shows that the IPv4 ping fails because the destination cannot be reached: (NETGEAR Switch) # ping 192.168.254.222 count 3 interval 1 size 255 Pinging 192.168.254.222 with 255 bytes of data: Received Response: Unreachable Destination Received Response :Unreachable Destination...
Page 202 (msec) min/avg/max = 0/0/0 Command example: The following example shows that the IPv4 ping fails because the request times out: (NETGEAR Switch) # ping 1.1.1.1 count 1 interval 3 Pinging 1.1.1.1 with 0 bytes of data: ----1.1.1.1 PING statistics----...
Page 203 M6100 Series Switches Upload and download files from a server using FTP, TFTP, Xmodem, Ymodem, or Zmodem. SFTP and SCP are available as additional transfer methods if the software package supports secure management. If FTP is used, a password is required.
Page 204 M6100 Series Switches CAUTION: Before you load a new release image to make a backup, upload the existing startup-config.cfg file to the server. Table 9. Copy parameters Source Destination Description nvram:startup-config Copies the backup configuration to the startup nvram:backup-config configuration.
Page 205 When you use this option, the copy command will nvram:script not validate the downloaded script file. An destfilename noval example of the CLI command follows: (NETGEAR Switch) #copy tftp://1.1.1.1/file.scr nvram:script file.scr noval Downloads an SSH key file. For more information, nvram:sshkey-dsa Secure Shell Commands on page 61.
Page 206: File Verify
| blades in a chassis. backup} Command example: The following example shows an ias users file that is downloaded and applied. (NETGEAR Switch) #copy tftp://10.131.17.104/aaa_users.txt ias-users Mode........... TFTP Set Server IP........10.131.17.104 Path........../ Filename........aaa_users.txt Data Type........IAS Users...
Page 207: Write Memory
M6100 Series Switches no file verify Resets the configured digital signature verification value to the factory default value. Format no file verify Mode Global Config write memory Use this command to save running configuration changes to NVRAM so that the changes you make will persist across a reboot.
Page 208: Sntp Client Mode
M6100 Series Switches sntp client mode This command enables Simple Network Time Protocol (SNTP) client mode and may set the mode to either broadcast or unicast. Default disabled Format sntp client mode [broadcast | unicast] Mode Global Config no sntp client mode This command disables Simple Network Time Protocol (SNTP) client mode.
Page 209: Sntp Unicast Client Poll-Timeout
M6100 Series Switches no sntp unicast client poll-interval This command resets the poll interval for SNTP unicast clients to its default value. Format no sntp unicast client poll-interval Mode Global Config sntp unicast client poll-timeout This command sets the poll time-out for SNTP unicast clients to a value from 1–30 seconds, as represented by the poll-timeout argument.
Page 210: Sntp Server
M6100 Series Switches sntp server This command configures an SNTP server (a maximum of three). The server address can be either an IPv4 address or an IPv6 address. The optional priority can be a value of 1–3, the version a value of 1–4, and the portid a value of 1–65535.
Page 211: Show Sntp
M6100 Series Switches no sntp source-interface Use this command to reset the SNTP source interface to the default settings. Format no sntp source-interface Mode Global Config show sntp This command is used to display SNTP settings and status. Format show sntp...
Page 212: Show Sntp Server
M6100 Series Switches show sntp server This command is used to display SNTP server settings and configured servers. Format show sntp server Mode Privileged EXEC Term Definition Server Host Address IP address or hostname of configured SNTP Server. Server Type Address type of server (IPv4, IPv6, or DNS).
Page 213: Time Zone Commands
Enter the current system date the format month, day, year. The range for month is 1 to 12. The range for the day of the month is 1 to 31. The range for year is 2010 to 2079. Command example: (NETGEAR Switch) (Config)# clock set 03:17:00 (NETGEAR Switch) (Config)# clock set 11/01/2011 Utility Commands...
Page 214: Clock Summer-Time Date
Command example: (NETGEAR Switch) (Config)# clock summer-time date 1 nov 2011 3:18 2 nov 2011 3:18 (NETGEAR Switch) (Config)# clock summer-time date 1 nov 2011 3:18 2 nov 2011 3:18 offset 120 zone INDA clock summer-time recurring This command sets the summer-time recurring parameters.
Page 215: Clock Timezone
The acronym for the summertime to be displayed when summertime is in effect. Up to four characters are allowed. Command example: (NETGEAR Switch) (Config)# clock summer-time recurring 2 sun nov 3:18 2 mon nov 3:18 (NETGEAR Switch) (Config)# clock summer-time recurring 2 sun nov 3:18 2 mon nov 3:18 offset 120 zone INDA no clock summer-time This command disables the summer time settings.
Page 216: Show Clock
Use this command to reset the time zone settings. Format no clock timezone Mode Global Config Command example: (NETGEAR Switch) (Config)# no clock timezone show clock Use this command to display the time and date from the system clock. Format show clock Mode...
Page 217: Dhcp Server Commands
M6100 Series Switches Summertime: Summer-time is disabled Command example: ((NETGEAR Switch) # show clock detail 10:57:57 INDA(UTC+7:30) Nov 1 2011 No time source Time zone: Acronym is INDA Offset is UTC+5:30 Summertime: Acronym is INDA Recurring every year Begins on second Sunday of Nov at 03:18...
Page 218 M6100 Series Switches no ip dhcp pool This command removes the DHCP address pool. The name should be previously configured pool name. Format no ip dhcp pool name Mode Global Config client-identifier This command specifies the unique identifier for a DHCP client. Unique-identifier is a valid notation in hexadecimal format.
Page 219 M6100 Series Switches default-router This command specifies the default router list for a DHCP client. address1, address2… address8 are valid IP addresses, each made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. Default...
Page 220 M6100 Series Switches no hardware-address This command removes the hardware address of the DHCP client. Format no hardware-address Mode DHCP Pool Config host This command specifies the IP address and network mask for a manual binding to a DHCP client. Address and Mask are valid IP addresses; each made up of four decimal bytes ranging from 0 to 255.
Page 221: Network (Dhcp Pool Config)
M6100 Series Switches network (DHCP Pool Config) Use this command to configure the subnet number and mask for a DHCP address pool on the server. Network-number is a valid IP address, made up of four decimal bytes ranging from 0 to 255. IP address 0.0.0.0 is invalid. Mask is the IP subnet mask for the specified address pool.
Page 222: Domain-Name Enable
This command removes the domain name. Format no domain-name Mode DHCP Pool Config domain-name enable This command enables the domain name functionality in NETGEAR Managed Switch. Format domain-name enable [name name] Mode Global Config Command example: (NETGEAR Switch) (Config)#domain-name enable...
Page 223 M6100 Series Switches netbios-node-type The command configures the NetBIOS node type for Microsoft Dynamic Host Configuration Protocol (DHCP) clients.type Specifies the NetBIOS node type. Valid types are: • b-node—Broadcast • p-node—Peer-to-peer • m-node—Mixed • h-node—Hybrid (recommended) Default none Format netbios-node-type type...
Page 224: Ip Dhcp Excluded-Address
M6100 Series Switches example, a3.4f.22.0c), colon (for example, a3:4f:22:0c), or white space (for example, a3 4f 22 0c). Default none Format option code {ascii string | hex string1 [string2...string8] | ip address1 [address2...address8]} Mode DHCP Pool Config no option This command removes the DHCP Server options. The code parameter specifies the DHCP option code.
Page 225: Service Dhcp
M6100 Series Switches Default Format ip dhcp ping packets number Mode Global Config no ip dhcp ping packets This command restores the number of ping packets to the default value. Format no ip dhcp ping packets Mode Global Config service dhcp This command enables the DHCP server.
Page 226: Ip Dhcp Conflict Logging
M6100 Series Switches no ip dhcp bootp automatic This command disables the allocation of the addresses to the bootp client. The address are from the automatic address pool. Format no ip dhcp bootp automatic Mode Global Config ip dhcp conflict logging This command enables conflict logging on DHCP server.
Page 227: Clear Ip Dhcp Conflict
M6100 Series Switches clear ip dhcp conflict The command is used to clear an address conflict from the DHCP Server database. The server detects conflicts using a ping. DHCP server clears all conflicts If * (the asterisk character) is used as the address parameter.
Page 228: Show Ip Dhcp Pool Configuration
M6100 Series Switches show ip dhcp pool configuration This command displays pool configuration. If all is specified, configuration for all the pools is displayed. Format show ip dhcp pool configuration {name | all} Modes Privileged EXEC User EXEC Field Definition Pool Name The name of the configured pool.
Page 229: Show Ip Dhcp Conflict
M6100 Series Switches Field Definition Automatic Bindings The number of IP addresses that have been automatically mapped to the MAC addresses of hosts that are found in the DHCP database. Expired Bindings The number of expired leases. Malformed The number of truncated or corrupted messages that were received by the DHCP server.
Page 230: Dns Client Commands
These commands are used in the Domain Name System (DNS), an Internet directory service. DNS is how domain names are translated into IP addresses. When enabled, the DNS client provides a hostname lookup service to other components of NETGEAR Managed Switch.
Page 231: Ip Domain List
M6100 Series Switches no ip domain name Use this command to remove the default domain name configured using the ip domain name command. Format no ip domain name Mode Global Config ip domain list Use this command to define a list of default domain names to complete unqualified names.
Page 232: Ip Name Source-Interface
M6100 Series Switches ip name source-interface Use this command to specify the physical or logical interface to use as the DNS client (IP name) source interface (source IP address) for the DNS client management application. If configured, the address of source Interface is used for all DNS communications between the DNS server and the DNS client.
Page 233: Ipv6 Host
M6100 Series Switches ipv6 host Use this command to define static host name-to-IPv6 address mapping in the host cache. The parameter name is host name and v6 address is the IPv6 address of the host. The host name can include 1–255 alphanumeric characters, periods, hyphens, and spaces. Host names that include one or more space must be enclosed in quotation marks, for example “lab-pc 45”.
Page 234: Clear Host
M6100 Series Switches Default Format ip domain timeout seconds Mode Global Config no ip domain timeout Use this command to return to the default setting. Format no ip domain timeout Mode Global Config clear host Use this command to delete entries from the host name-to-address cache. This command clears the entries from the DNS cache maintained by the software.
Page 235: Ip Address Conflict Commands
M6100 Series Switches Field Description Number of Retries Number of time to retry sending Domain Name System (DNS) queries. Retry Timeout Amount of time to wait for a response to a DNS query. Period Name Servers Configured name servers. DNS Client Source Shows the configured source interface (source IP address) used for a DNS client.
Page 236: Serviceability Packet Tracing Commands
Modes Privileged EXEC Serviceability Packet Tracing Commands These commands improve the capability of network engineers to diagnose conditions affecting their NETGEAR Managed Switch product. CAUTION: The output of debug commands can be long and may adversely affect system performance. capture start Use the capture start command to manually start capturing CPU packets for packet trace.
Page 237: Capture Stop
M6100 Series Switches The command is not persistent across a reboot cycle. Format capture start [all | receive | transmit] Mode Privileged EXEC Parameter Description Capture all traffic. receive Capture only received traffic. transmit Capture only transmitted traffic. capture stop Use the capture stop command to manually stop capturing CPU packets for packet trace.
Page 238: Capture Remote Port
M6100 Series Switches Parameter Description remote In the remote capture mode, the captured packets are redirected in real time to an external PC running the Wireshark tool for Microsoft® Windows®. A packet capture server runs on the switch side and sends the captured packets via a TCP connection to the Wireshark tool.
Page 239: Show Capture Packets
M6100 Series Switches no capture line wrap This command disables wrapping of captured packets and configures capture packet to stop when the captured packet capacity is full. Format no capture line wrap Mode Global Config show capture packets Use this command to display packets captured and saved to RAM. It is possible to capture and save into RAM, packets that are received or transmitted through the CPU.
Page 240: Debug Arp
Mode Privileged EXEC Command example: (NETGEAR Switch) #debug aaa authorization Tacacs authorization receive packet tracing enabled. (NETGEAR Switch) #debug tacacs authorization packet transmit authorization tracing enabled. (NETGEAR Switch) #no debug aaa authorization AAA authorization tracing enabled (NETGEAR Switch) # debug arp Use this command to enable ARP debug protocol messages.
Page 241: Debug Authentication
M6100 Series Switches debug authentication This command displays either the debug trace for either a single event or all events for an interface. Note: To display the debug trace, enable the debug console command. Default none Format debug authentication packet {all | event} interface unit/slot/port...
Page 242: Debug Crashlog
M6100 Series Switches Note: To display the debug trace, enable the debug console command. Default disabled Format debug console Mode Privileged EXEC no debug console This command disables the display of “debug” trace output on the login session in which it is executed.
Page 243: Debug Dcbx Packet
M6100 Series Switches Parameter Description kernel View the crash log file for the kernel crashlog-number Specifies the file number to view. The system maintains up to four copies, and the valid range is 1 – 4. upload url To upload the crash log (or crash dump) to a TFTP server, use the upload keyword and specify the required TFTP server information.
Page 244: Debug Dhcp Packet
M6100 Series Switches Default disabled Format debug debug-config {download url | upload url} Mode Privileged EXEC debug dhcp packet This command displays “debug” information about DHCPv4 client activities and traces DHCPv4 packets to and from the local DHCPv4 client. Note:...
Page 245: Debug Igmpsnooping Packet
M6100 Series Switches Note: To display the debug trace, enable the debug console command. Default disabled Format debug fip-snooping packet [{transmit | receive | filter {dst-mac mac-addr | fip-proto-code code | src-intf unit/slot/port | src-mac mac-addr | vlan vlan-id}] Mode...
Page 246: Debug Igmpsnooping Packet Transmit
M6100 Series Switches no debug igmpsnooping packet This command disables tracing of IGMP Snooping packets. Format no debug igmpsnooping packet Mode Privileged EXEC debug igmpsnooping packet transmit This command enables tracing of IGMP Snooping packets transmitted by the switch. Snooping should be enabled on the device and the interface in order to monitor packets for a particular interface.
Page 247: Debug Igmpsnooping Packet Receive
M6100 Series Switches no debug igmpsnooping transmit This command disables tracing of transmitted IGMP snooping packets. Format no debug igmpsnooping transmit Mode Privileged EXEC debug igmpsnooping packet receive This command enables tracing of IGMP Snooping packets received by the switch. Snooping should be enabled on the device and the interface in order to monitor packets for a particular interface.
Page 248: Debug Ip Acl
M6100 Series Switches no debug igmpsnooping receive This command disables tracing of received IGMP Snooping packets. Format no debug igmpsnooping receive Mode Privileged EXEC debug ip acl Use this command to enable debug of IP Protocol packets matching the ACL criteria.
Page 249: Debug Ip Dvmrp Packet
M6100 Series Switches Parameter Description peer-address (Optional) The IPv4 address of a BGP peer. Debug traces are enabled for a specific peer when this option is specified. The command can be issued multiple times to enable simultaneous tracing for multiple peers.
Page 250: Debug Ip Igmp Packet
M6100 Series Switches debug ip igmp packet Use this command to trace IGMP packet reception and transmission. The receive keyword traces only received IGMP packets and the transmit keyword traces only transmitted IGMP packets. When neither keyword is used in the command, then all IGMP packet traces are dumped.
Page 251: Debug Ip Pimdm Packet
M6100 Series Switches debug ip pimdm packet Use this command to trace PIMDM packet reception and transmission. The receive keyword traces only received PIMDM packets and the transmit keyword traces only transmitted PIMDM packets. When neither keyword is used in the command, then all PIMDM packet traces are dumped.
Page 252: Debug Ip Vrrp
M6100 Series Switches debug ip vrrp Use this command to enable VRRP debug protocol messages. Note: To display the debug trace, enable the debug console command. Default disabled Format debug ip vrrp Mode Privileged EXEC no debug ip vrrp Use this command to disable VRRP debug protocol messages.
Page 253: Debug Ipv6 Mld Packet
M6100 Series Switches Note: To display the debug trace, enable the debug console command. Default disabled Format debug ipv6 mcache packet [receive | transmit] Mode Privileged EXEC no debug ipv6 mcache packet Use this command to disable debug tracing of MDATAv6 packet reception and transmission.
Page 254: Debug Ipv6 Pimsm Packet
M6100 Series Switches no debug ipv6 ospfv3 packet Use this command to disable tracing of IPv6 OSPFv3 packets. Format no debug ipv6 ospfv3 packet Mode Privileged EXEC debug ipv6 pimsm packet Use this command to trace PIMSMv6 packet reception and transmission. The receive keyword traces only received PIMSMv6 packets and the transmit keyword traces only transmitted PIMSMv6 packets.
Page 255: Debug Mldsnooping Packet
M6100 Series Switches no debug lacp packet This command disables tracing of LACP packets. Format no debug lacp packet Mode Privileged EXEC debug mldsnooping packet Use this command to trace MLD snooping packet reception and transmission. The receive keyword traces only received MLD packets and the transmit keyword traces only transmitted MLD snooping packets.
Page 256 M6100 Series Switches <15> JAN 02 11:03:35 10.50.50.1-2 OSPF[46300472]: ospf_debug.c(293) 25431 % Pkt TX - Intf:2/0/48 Src Ip:10.50.50.1 DestIp:192.168.50.2 AreaId:0.0.0.0 Type:DB_DSCR Mtu:1500 Options:E Flags: I/M/MS Seq:126166 <15> JAN 02 11:03:36 10.50.50.1-2 OSPF[46300472]: ospf_debug.c(297) 25434 % Pkt RX - Intf:2/0/48 Src Ip:192.168.50.2 DestIp:192.168.50.1 AreaId:0.0.0.0 Type:LS_REQ Length: 1500...
Page 257: Debug Ping Packet
M6100 Series Switches DB_DSCR packet field definitions. Field Definition Options Options in the OSPF packet. Flags Could be one or more of the following: • I. Init • M. More • MS. Master/Slave Sequence Number of the DD packet. LS_REQ packet field definitions.
Page 258: Debug Rip Packet
M6100 Series Switches Default disabled Format debug ping packet Mode Privileged EXEC A sample output of the trace message is shown below. <15> JAN 01 00:21:22 192.168.17.29-1 SIM[181040176]: sim_debug.c(128) 20 % Pkt TX - Intf: 1/0/1(1), SRC_IP:10.50.50.2, DEST_IP:10.50.50.1, Type:ECHO_REQUEST <15> JAN 01 00:21:22 192.168.17.29-1 SIM[182813968]: sim_debug.c(82) 21 % Pkt RX - Intf: 1/0/1(1), S RC_IP:10.50.50.1, DEST_IP:10.50.50.2, Type:ECHO_REPLY...
Page 259 M6100 Series Switches A sample output of the trace message is shown below. <15> JAN 01 00:35:15 192.168.17.29-1 RIP[181783160]: rip_map_debug.c(96) 775 % Pkt RX on Intf: 1/0/1(1), Src_IP:43.1.1.1 Dest_IP:43.1.1.2 Rip_Version: RIPv2 Packet_Type:RIP_RESPONSE ROUTE 1): Network: 10.1.1.0 Mask: 255.255.255.0 Metric: 1 ROUTE 2): Network: 40.1.0.0 Mask: 255.255.0.0 Metric: 1...
Page 260: Debug Sflow Packet
M6100 Series Switches debug sflow packet Use this command to enable sFlow debug packet trace. Note: To display the debug trace, enable the debug console command. Default disabled Format debug sflow packet Mode Privileged EXEC no debug sflow packet Use this command to disable sFlow debug packet trace.
Page 261: Debug Spanning-Tree Bpdu Transmit
M6100 Series Switches Default disabled Format debug spanning-tree bpdu receive Mode Privileged EXEC A sample output of the trace message is shown below. <15> JAN 01 01:02:04 192.168.17.29-1 DOT1S[191096896]: dot1s_debug.c(1249) 101 % Pkt RX - Intf: 1/0/9(9), Source_Mac: 00:11:88:4e:c2:10 Version: 3, Root Mac: 00:11:88:4e:c2:00, Root Priority: 0x8000 Path Cost: 0 The following parameters are displayed in the trace message.
Page 262: Debug Tacacs
M6100 Series Switches A sample output of the trace message is shown below. <15> JAN 01 01:02:04 192.168.17.29-1 DOT1S[191096896]: dot1s_debug.c(1249) 101 % Pkt TX - Intf: 1/0/7(7), Source_Mac: 00:11:88:4e:c2:00 Version: 3, Root_Mac: 00:11:88:4e:c2:00, Root_Priority: 0x8000 Path_Cost: 0 The following parameters are displayed in the trace message.
Page 263: Debug Transfer
M6100 Series Switches debug transfer This command enables debugging for file transfers. Note: To display the debug trace, enable the debug console command. Format debug transfer Mode Privileged EXEC no debug transfer This command disables debugging for file transfers. Format...
Page 264: Show Debugging
M6100 Series Switches show debugging Use the show debugging command to display enabled packet tracing configurations. Format show debugging Mode Privileged EXEC Command example: console# debug arp Arp packet tracing enabled. console# show debugging Arp packet tracing enabled. no show debugging Use the no show debugging command to disable packet tracing configurations.
Page 265: Exception Dump Tftp-Server
M6100 Series Switches exception dump tftp-server Use this command to configure the IP address of a remote TFTP server in order to dump core files to an external server. Default None Format exception dump tftp-server {ip-address} Mode Global Config no exception dump tftp-server Use this command to reset the exception dump remote server configuration to its factory default value.
Page 266: Exception Dump Filepath
M6100 Series Switches exception dump filepath Use this command to configure a file-path to dump core file to a TFTP server, NFS mount or USB device subdirectory. Default None Format exception dump filepath dir Mode Global Config no exception dump filepath Use this command to reset the exception dump filepath configuration to its factory default value.
Page 267: Exception Switch-Chip-Register
M6100 Series Switches no exception core-file Use this command to reset the exception core file prefix configuration to its factory default value. The hostname and time-stamp are disabled. Default Core Format no exception core-file Mode Global Config exception switch-chip-register This command enables or disables the switch-chip-register dump in case of an exception.
Page 268: Logging Persistent
M6100 Series Switches show exception Use this command to display the configuration parameters for generating a core dump file. Default None Format show exception Mode Privileged EXEC Command example: Protocol exception protocol configuration TFTP Server Address TFTP server configuration NFS Mount point...
Page 269: Show Mbuf Total
M6100 Series Switches Field Description Rising Threshold The percentage of the memory buffer resources that, when exceeded for the configured rising interval, triggers a notification. The range is 1 to 100. The default is 0 (disabled). Falling Threshold The percentage of memory buffer resources that, when usage falls below this level for the configured interval, triggers a notification.
Page 270: Session Start Unit
M6100 Series Switches Field Description Total Rx Mid0 Alloc Number of times the system tried to allocate a message buffer allocation of class RX Mid0. Attempts Total Rx High Alloc Number of times the system tried to allocate a message buffer allocation of class RX High.
Page 271: Techsupport Enable
M6100 Series Switches techsupport enable Use this command to allow access to Support mode. Default Disabled Format techsupport enable Mode Privileged Exec console Use this command to enable the display of support debug for this session. Default Disabled Format console...
Page 272: Cable Test Command
M6100 Series Switches Format snapshot routing Mode Support snapshot multicast Use this command in Support mode to dump a set of IP multicast debug information to capture the current state of multicast on the switch. The output is written to the console and can be extensive.
Page 273: Power Redundancy
M6100 Series Switches cablestatus This command returns the status of the specified port. Format cablestatus unit/slot/port Mode Privileged EXEC Field Description Cable Status One of the following statuses is returned: • Normal. The cable is working correctly. • Open. The cable is disconnected or there is a faulty connector.
Page 274: Power System
M6100 Series Switches Default Disabled Format power redundancy Mode Chassis Global Config Note: If the total available power minus the total consumed power is less than what one PSU can supply, the switch does not enable the N+1 feature. Instead, it generates the following error message on the console and in the logging buffer: Not enough power to enable N+1 feature.
Page 275: Show Power
This command displays the power redundancy status. Format show power redundancy Mode Privileged EXEC Command example: (NETGEAR Switch)# show power redundancy N+1 configuration: ......Disable N+1 Active: ........No Number of PSU: ........ 1 Effective Number of PSU: ...... 1 show power matrix This command displays the Blade Power Matrix (BPM) table information from the hardware.
Page 276: Power Cycle
M6100 Series Switches Command example: (NETGEAR Switch)#show power Chassis power: Total available power(W): ..... 910 Total required system power(W): ....220 Total consumption power(W): ....2550 System Power(W): ......220 Power auto-rebalance: ......Disable Power Module AC Input: ......220V Power module redundancy (N+1): ....
Page 277: Usb Commands
Device Protocol Vendor ID Vendor specifies details of device-Vendor ID Product ID Vendor specifies details of device-Product ID Command example: (NETGEAR Switch) #show USB device Device Status………………………………………………… Active Manufacturer…………………………………………………… xxxx Serial Number………………………………………………… yyyyy USB Version Compliance………………………… 2.0 Class Code………………………………………………………… abc Subclass Code…………………………………………………...
Page 278: Sflow Commands
M6100 Series Switches dir usb This command displays USB device contents and memory statistics. Format dir usb Mode Privileged EXEC Term Description Filename File name Filesize File size Total Size USB flash device storage size Bytes Used Indicates size of memory used on the device.
Page 279: Sflow Receiver Owner Timeout
M6100 Series Switches Parameter Description Receiver Owner The identity string for the receiver, the entity making use of this sFlowRcvrTable entry. The range is 127 characters. The default is a null string. The empty string indicates that the entry is currently unclaimed and the receiver configuration is reset to the default values.
Page 280: Sflow Sampler
M6100 Series Switches Field Description index Receiver index identifier. The range is 1 to 8. Receiver Owner The owner name corresponds to the receiver name. The identity string for the receiver, the entity making use of this sFlowRcvrTable entry. The range is 127 characters. The default is a null string.
Page 281: Sflow Poller
M6100 Series Switches Field Description Receiver Index The sFlow Receiver for this sFlow sampler to which flow samples are to be sent. A value of zero (0) means that no receiver is configured, no packets will be sampled. Only active receivers can be set. If a receiver expires, then all samplers associated with the receiver will also expire.
Page 282: Sflow Source-Interface
M6100 Series Switches To overcome this situation, sFlow polling interval configuration on an interface or range of interfaces is controlled as mentioned below: The maximum number of allowed interfaces for the polling intervals max (1, (interval – 10)) to min ((interval + 10), 86400) is:...
Page 283: Show Sflow Agent
Revision: 1.0 IP Address The IP address associated with this agent. Command example: (NETGEAR Switch) #show sflow agent sFlow Version........1.3;NETGEAR Corp;1.0 IP Address........10.131.12.66 show sflow pollers Use this command to display the sFlow polling instances created on the switch. Use “-” for range.
Page 284 2. Datagram Version The sFlow protocol version to be used while sending samples to sFlow receiver. Command example: (NETGEAR Switch) #show sflow receivers 1 Receiver Index......... 1 Owner String........tulasi Time out........0 IP Address:........0.0.0.0 Address Type........
Page 285: Show Sflow Samplers
M6100 Series Switches Command example: The following example also shows that a receiver is configured as a non-time-out entry: (NETGEAR Switch) #show sflow receivers 1 Receiver Index......... 1 Owner String........tulasi Time out........No Timeout <= No Timeout string is added IP Address:........
Page 286: Sdm Prefer
M6100 Series Switches Command example: (NETGEAR Switch) #show sflow source-interface sFlow Client Source Interface....(not configured) Switch Database Management Template Commands A Switch Database Management (SDM) template is a description of the maximum resources a switch or router can use for various features. Different SDM templates allow different combinations of scaling factors, enabling different allocations of resources depending on how the device is used.
Page 287: Show Sdm Prefer
M6100 Series Switches Default dual IPv4 and IPv6 template Format sdm prefer {dual-ipv4-and-ipv6 {default | data-center} | ipv4-routing {default | data-center {default | plus}}} Mode Global Config no sdm prefer Use this command to revert to the default template after the next reboot.
Page 288 The following example shows the SDM template when the user sets the next active SDM template: (NETGEAR Switch) # configure (NETGEAR Switch) (Config)#sdm prefer ipv4-routing data-center default Changes to the running SDM preferences have been stored, but cannot take effect until the next reload.
Page 289: Green Ethernet Commands
Green Ethernet Commands This section describes the commands you use to configure Green Ethernet modes on the system. The purpose of the Green Ethernet features is to save power. NETGEAR Managed Switch software supports the following three Green Ethernet modes: •...
Page 290: Green-Mode Eee
M6100 Series Switches no green-mode energy-detect Use this command to disable energy-detect mode on the interface(s). Format no green-mode energy-detect Mode Interface Config green-mode eee Use this command to enable EEE low-power idle mode on an interface or on a range of interfaces.
Page 291: Green-Mode Eee Tx-Wake-Time
M6100 Series Switches no green-mode eee tx-idle-time Use this command to return the EEE idle time to the default value. Format no green-mode eee tx-idle-time Mode Interface Config green-mode eee tx-wake-time Use this command to configure the EEE mode transmit wake time for an interface or range of interfaces.
Page 292: Green-Mode Eee-Lpi-History Max-Samples
M6100 Series Switches no green-mode eee-lpi-history sampling-interval Use this command to return the global EEE LPI history collection interval to the default value. Format no green-mode eee-lpi-history sampling-interval Mode Global Config green-mode eee-lpi-history max-samples Use this command to configure global EEE LPI history collection buffer size for the system.
Page 293 M6100 Series Switches If you do not specify a port, the command displays the information in the following table. Term Definition Global Cumulative Energy Saving per Estimated cumulative energy saved in the chassis in (watts * hours) due to all green...
Page 294 M6100 Series Switches 1/0/6 Enabled Active Enabled Disabled Inactive Enabled 1/0/7 Enabled Active Enabled Disabled Inactive Enabled --More-- or (q)uit If you specify the port, the command displays the information in the following table. Term Definition Energy Detect Energy-detect admin mode...
Page 295 Time Since Counters Last Cleared (since the time of power up, or after the clear eee statistics command is executed) Command example: The following example shows that the system supports all green Ethernet features: (NETGEAR Switch) #show green-mode 1/0/1 Energy Detect Admin Mode....Enabled Operational Status....... Active Reason........No Energy Detected Auto Short Reach Admin Mode....
Page 296: Clear Green-Mode Statistics
M6100 Series Switches Reason........Forced EEE Admin Mode......Enabled Transmit Idle Time....... 0 Transmit Wake Time....... 0 Rx Low Power Idle Event Count.... 0 Rx Low Power Idle Duration (uSec)..0 Tx Low Power Idle Event Count.... 0 Tx Low Power Idle Duration (uSec)..0 Tw_sys_tx (usec)......
Page 297: Show Green-Mode Eee-Lpi-History
Command example: The following example shows that the system has the EEE feature enabled: (NETGEAR Switch) #show green-mode eee-lpi-history interface 1/0/1 Sampling Interval (sec)......30 Total No. of Samples to Keep....168 Percentage LPI time per Chassis....29...
Page 298: Remote Monitoring Commands
M6100 Series Switches 0d:00:03:20 0d:00:03:51 0d:00:04:22 0d:00:04:53 Remote Monitoring Commands Remote Monitoring (RMON) is a method of collecting a variety of data about network traffic. RMON supports 64-bit counters (RFC 3273) and High Capacity Alarm Table (RFC 3434). Note: There is no configuration command for ether stats and high capacity ether stats.
Page 299: Rmon Hcalarm
Alarm Owner The owner string associated with the alarm entry. The default is monitorAlarm. Command example: (NETGEAR Switch) (Config)# rmon alarm 1 ifInErrors.2 30 absolute rising-threshold 100 1 falling-threshold 10 2 startup rising owner myOwner no rmon alarm This command deletes the RMON alarm entry.
Page 300 M6100 Series Switches Parameter Description High Capacity Alarm The method of sampling the selected variable and calculating the value to be compared against Sample Type the thresholds. Possible types are absolute and delta. The default is absolute. High Capacity Alarm...
Page 301: Rmon Event
M6100 Series Switches Command example: (NETGEAR Switch) (Config)# rmon hcalarm 1 ifInOctets.1 30 absolute rising-threshold high 1 low 100 status positive 1 falling-threshold high 1 low 10 status positive startup rising owner myOwner no rmon hcalarm This command deletes the rmon hcalarm entry.
Page 302: Rmon Collection History
The interval in seconds over which the data is sampled. The range is 1 to 3600. The default is 1800. Interval History Control The owner string associated with the history control entry. The default is monitorHistoryControl. Owner Command example: (NETGEAR Switch) (Interface 1/0/1)# rmon collection history 1 buckets 10 interval 30 owner myOwner Utility Commands...
Page 303: Show Rmon
M6100 Series Switches Command example: (NETGEAR Switch) (Interface 1/0/1-1/0/10)#rmon collection history 1 buckets 10 interval 30 owner myOwner Error: 'rmon collection history' is not supported on range of interfaces. no rmon collection history This command will delete the history control group entry with the specified index number.
Page 304: Show Rmon Collection History
(NETGEAR Switch) #show rmon alarms Index Owner ---------------------------------------------- alarmInterval.1 MibBrowser alarmInterval.1 MibBrowser Command example: (NETGEAR Switch) #show rmon alarm 1 Alarm 1 ---------- OID: alarmInterval.1 Last Sample Value: 1 Interval: 1 Sample Type: absolute Startup Alarm: rising-falling Rising Threshold: 1...
Page 305 The interval in seconds over which the data is sampled. The range is 1 to 3600. The default is 1800. Interval History Control The owner string associated with the history control entry. The default is monitorHistoryControl. Owner Command example: (NETGEAR Switch) #show rmon collection history Index Interface Interval Requested Granted...
Page 306: Show Rmon Events
M6100 Series Switches Command example: (NETGEAR Switch) #show rmon collection history interfaces 1/0/1 Index Interface Interval Requested Granted Owner Samples Samples ---------------------------------------------------------------------- 1/0/1 myowner 1/0/1 1800 monitorHistoryControl show rmon events This command displays the entries in the RMON event table.
Page 307: Show Rmon History
M6100 Series Switches show rmon history This command displays the specified entry in the RMON history table. Format show rmon history index {errors [period seconds] | other [period seconds] | throughput [period seconds]} Mode Privileged Exec Term Description History Control Index An index that uniquely identifies an entry in the historyControl table.
Page 308 Util Port utilization of the interface associated with the history index specified. Dropped Collisions Total number of dropped collisions. Command example: (NETGEAR Switch) #show rmon history 1 errors Sample set: 1 Owner: myowner Interface: 1/0/1 Interval: 30 Requested Samples: 10...
Page 309: Show Rmon Log
M6100 Series Switches (NETGEAR Switch) #show rmon history 1 other Sample set: 1 Owner: myowner Interface: 1/0/1 Interval: 30 Requested Samples: 10 Granted Samples: 10 Maximum table size: 1758 Time Dropped Collisions -------------------- ------- ---------- Jan 01 1970 21:41:43 0...
Page 310: Show Rmon Statistics Interfaces
M6100 Series Switches Command example: (NETGEAR Switch) #show rmon log 1 Maximum table size: 10 Event Description Time ------------------------------------------------ show rmon statistics interfaces This command displays the RMON statistics for the given interfaces. Format show rmon statistics interfaces unit/slot/port Mode...
Page 311 HC Overflow Pkts 1024 - 1518 Total number of HC overflow packets which are between 1024 and 1518 octets in Octets length. Command example: (NETGEAR Switch) # show rmon statistics interfaces 1/0/1 Port: 1/0/1 Dropped: 0 Octets: 0 Packets: 0...
Page 312: Show Rmon Hcalarms
M6100 Series Switches HC Overflow Pkts 512 - 1023 Octets: 0 HC Pkts 512 - 1023 Octets: 0 HC Overflow Pkts 1024 - 1518 Octets: 0 HC Pkts 1024 - 1518 Octets: 0 show rmon hcalarms This command displays the entries in the RMON high-capacity alarm table.
Page 313 (NETGEAR Switch) #show rmon hcalarms Index Owner ---------------------------------------------- alarmInterval.1 MibBrowser alarmInterval.1 MibBrowser Command example: (NETGEAR Switch) #show rmon hcalarm 1 Alarm 1 ---------- OID: alarmInterval.1 Last Sample Value: 1 Interval: 1 Sample Type: absolute Startup Alarm: rising-falling Rising Threshold High: 0...
Page 314: Statistics Application Commands
M6100 Series Switches Falling Event: 2 Startup Alarm: Rising-Falling Owner: MibBrowser Statistics Application Commands The statistics application gives you the ability to query for statistics on port utilization, flow-based and packet reception on programmable time slots. The statistics application collects the statistics at a configurable time range. You can specify the port number(s) or a range of ports for statistics to be displayed.
Page 315: Stats Flow-Based (Global Config)
2. syslog • 3. e-mail The default is None. Command example: (NETGEAR Switch) (Config)# stats group received timerange test reporting console email syslog (NETGEAR Switch) (Config)# stats group received-errors timerange test reporting email syslog (NETGEAR Switch) (Config)# stats group received-...
Page 316 The destination UDP port number. Command example: (NETGEAR Switch) (Config)#stats flow-based 1 timerange test srcip 1.1.1.1 dstip 2.2.2.2 srcmac 1234 dstmac 1234 srctcpport 123 dsttcpport 123 srcudpport 123 dstudpport (NETGEAR Switch) (Config)#stats flow-based 2 timerange test srcip 1.1.1.1 dstip 2.2.2.2...
Page 317: Stats Flow-Based Reporting
Mode Global Config Command example: (NETGEAR Switch) (Config)# stats flow-based reporting console email syslog (NETGEAR Switch) (Config)# stats flow-based reporting email syslog (NETGEAR Switch) (Config)# stats flow-based reporting none stats group (Interface Config) This command applies the group specified on an interface or interface-range.
Page 318: Show Stats Group
Mode Interface Config Command example: (NETGEAR Switch) (Interface 1/0/1-1/0/10)# no stats flow-based 1 (NETGEAR Switch) (Interface 1/0/1-1/0/10)# no stats flow-based 2 show stats group This command displays the configured time range and the interface list for the group specified and shows collected statistics for the specified time-range name on the interface list after the time-range expiry.
Page 319 M6100 Series Switches Command example: (NETGEAR Switch) #show stats group received Group: received Time Range: test Interface List ----------------- 1/0/2, 1/0/4, lag 1 Counter ID Interface Counter Value ------------------------- --------- ------------ Rx Total 1/0/2 951600 Rx Total 1/0/4 304512 Rx Total...
Page 320 Privileged EXEC Parameter Description rule-id The unique identifier for the flow-based rule. Command example: (NETGEAR Switch) #show stats flow-based all Flow based rule Id......1 Time Range........test Source IP........1.1.1.1 Source MAC........1234 Source TCP Port........ 123 Source UDP Port........ 123 Destination IP.........
Page 321 Interface Hit Count --------- --------- 1/0/1 1/0/2 Command example: (NETGEAR Switch) #show stats flow-based 2 Flow based rule Id......2 Time Range........test Source IP........1.1.1.1 Source TCP Port........ 123 Source UDP Port........ 123 Destination IP......... 2.2.2.2 Destination TCP Port......123 Destination UDP Port......
Page 322: Chapter 7 Switching Commands
Switching Commands This chapter describes the switching commands available in the NETGEAR Managed Switch CLI. The Switching Commands chapter includes the following sections: • Port Configuration Commands • Spanning Tree Protocol Commands • VLAN Commands • Double VLAN Commands •...
Page 323 M6100 Series Switches • DHCP Client Commands • DHCP Snooping Configuration Commands • Dynamic ARP Inspection Commands • MVR Commands • IGMP Snooping Configuration Commands • IGMP Snooping Querier Commands • MLD Snooping Commands • MLD Snooping Querier Commands •...
Page 324: Port Configuration Commands
M6100 Series Switches Port Configuration Commands This section describes the commands you use to view and configure port settings. interface (Global Config) This command gives you access to the Interface Config mode, which allows you to enable or modify the operation of an interface (port).
Page 325: Auto-Negotiate All
You can use the mtu command to configure jumbo frame support for physical and port-channel (LAG) interfaces. For the standard NETGEAR Managed Switch implementation, the MTU size is a valid integer between 1522–9216 for tagged packets and a valid integer between 1518 - 9216 for untagged packets.
Page 326: Shutdown (Interface Config)
M6100 Series Switches no mtu This command sets the default MTU size (in bytes) for the interface. Format no mtu Mode Interface Config shutdown (Interface Config) This command disables a port or range of ports. Note: You can use the shutdown command on physical and port-channel (LAG) interfaces, but not on VLAN routing interfaces.
Page 327: Show Port
M6100 Series Switches no shutdown all This command enables all ports. Format no shutdown all Mode Global Config speed Use this command to enable or disable auto-negotiation and set the speed that will be advertised by that port. The duplex parameter allows you to set the advertised speed for both half as well as full duplex mode.
Page 328 This object determines whether or not to send a trap when link status changes. The factory default is enabled. LACP Mode LACP is enabled or disabled on this port. Command example: The following example shows output for all ports: (NETGEAR Switch) #show port all Admin Physical Physical Link Link...
Page 329: Show Port Advertise
M6100 Series Switches Command example: The following example shows output for a range of ports: (NETGEAR Switch) #show port 0/1-1/6 Admin Physical Physical Link Link LACP Actor Intf Type Mode Mode Status Status Trap Mode Timeout --------- ------ --------- ---------- ---------- ------ ------- ------ --------...
Page 330: Show Port Description
M6100 Series Switches Command example: The following example shows output with an optional parameter: (NETGEAR switch)#show port advertise 0/1 Port: 0/1 Type: Gigabit - Level Link State: Down Auto Negotiation: Enabled Clock: Auto 1000f 1000h 100f 100h 10f 10h ----- ----- ---- ---- --- ---...
Page 331: Spanning Tree Protocol Commands
The MAC address of the port. The format is 6 two-digit hexadecimal numbers that are separated by colons, for example 01:23:45:67:89:AB. Bit Offset Val The bit offset value. Command example: (NETGEAR switch) #show port description 0/1 Interface...0/1 ifIndex.....1 Description..MAC address..00:10:18:82:0C:10 Bit Offset Val..1...
Page 332: Spanning-Tree Auto-Edge
M6100 Series Switches spanning-tree auto-edge Use this command to allow the interface to become an edge port if it does not receive any BPDUs within a given amount of time. Default Enabled Format spanning-tree auto-edge Mode Interface Config no spanning-tree auto-edge This command resets the auto-edge status of the port to the default value.
Page 333: Spanning-Tree Bpdufilter
M6100 Series Switches A bridge that receives an RLQ and has connectivity to the root forwards the query toward the root through its root port. A bridge that receives a RLQ request and does not have connectivity to the root (switch bridge ID is different from the root bridge ID in the query) or is the root bridge immediately answers the query with its root bridge ID.
Page 334: Spanning-Tree Bpdufilter Default
M6100 Series Switches spanning-tree bpdufilter default Use this command to enable BPDU Filter on all the edge port interfaces. Default disabled Format spanning-tree bpdufilter default Mode Global Config no spanning-tree bpdufilter default Use this command to disable BPDU Filter on all the edge port interfaces.
Page 335: Spanning-Tree Bpdumigrationcheck
M6100 Series Switches no spanning-tree bpduguard Use this command to disable BPDU Guard on the switch. Default disabled Format no spanning-tree bpduguard Mode Global Config spanning-tree bpdumigrationcheck Use this command to force a transmission of rapid spanning tree (RSTP) and multiple spanning tree (MSTP) BPDUs.
Page 336: Spanning-Tree Cost
M6100 Series Switches no spanning-tree configuration revision This command sets the Configuration Identifier Revision Level for use in identifying the configuration that this switch is currently using to the default value. Format no spanning-tree configuration revision Mode Global Config spanning-tree cost Use this command to configure the external path cost for port used by a MST instance.
Page 337: Spanning-Tree Forceversion
M6100 Series Switches spanning-tree forceversion This command sets the Force Protocol Version parameter to a new value. Default 802.1s Format spanning-tree forceversion {802.1d | 802.1s | 802.1w} Mode Global Config • Use 802.1d to specify that the switch transmits ST BPDUs rather than MST BPDUs (IEEE 802.1d functionality supported).
Page 338: Spanning-Tree Guard
M6100 Series Switches spanning-tree guard This command selects whether loop guard or root guard is enabled on an interface or range of interfaces. If neither is enabled, then the port operates in accordance with the multiple spanning tree protocol. Default...
Page 339: Spanning-Tree Mode
When PVSTP or rapid PVSTP (PVRSTP) is enabled, MSTP/RSTP/STP is operationally disabled. To reenable MSTP/RSTP/STP, disable PVSTP/PVRSTP. By default, NETGEAR Managed Switch has MSTP enabled. In PVSTP or PVRSTP mode, BPDUs contain per-VLAN information instead of the common spanning-tree information (MST/RSTP).
Page 340 M6100 Series Switches parameter that corresponds to an existing multiple spanning tree instance, the configurations are done for that multiple spanning tree instance. If you specify 0 (defined as the default CIST ID) as the mstid, the configurations are done for the common and internal spanning tree instance.
Page 341: Spanning-Tree Mst Instance
M6100 Series Switches spanning-tree mst instance This command adds a multiple spanning tree instance to the switch. The parameter mstid is a number within a range of 1 to 4094, that corresponds to the new instance ID to be added.
Page 342: Spanning-Tree Mst Vlan
M6100 Series Switches Format no spanning-tree mst priority mstid Mode Global Config spanning-tree mst vlan This command adds an association between a multiple spanning tree instance and one or more VLANs so that the VLAN(s) are no longer associated with the common and internal spanning tree.
Page 343: Spanning-Tree Port Mode All
M6100 Series Switches spanning-tree port mode all This command sets the Administrative Switch Port State for all ports to enabled. Default enabled Format spanning-tree port mode all Mode Global Config no spanning-tree port mode all This command sets the Administrative Switch Port State for all ports to disabled.
Page 344: Spanning-Tree Transmit
M6100 Series Switches no spanning-tree tcnguard This command resets the TCN guard status of the port to the default value. Format no spanning-tree tcnguard Mode Interface Config spanning-tree transmit This command sets the Bridge Transmit Hold Count parameter. Default Format...
Page 345: Spanning-Tree Vlan
M6100 Series Switches no spanning-tree uplinkfast This command disables uplinkfast on PVSTP configured switches. All switch priorities and path costs that have not been modified from their default values are set to their default values. Format no spanning-tree uplinkfast [max-update-rate]...
Page 346: Spanning-Tree Vlan Hello-Time
M6100 Series Switches Parameter Description vlan-list The VLANs to which to apply this command. forward-time The spanning tree forward delay time. The range is 4-30 seconds. spanning-tree vlan hello-time Use this command to configure the spanning tree hello time for a specified VLAN or a range of VLANs.
Page 347: Spanning-Tree Vlan Root
M6100 Series Switches spanning-tree vlan root Use this command to configure the switch to become the root bridge or standby root bridge by modifying the bridge priority from the default value of 32768 to a lower value calculated to ensure the bridge is the root (or standby) bridge.
Page 348: Show Spanning-Tree
M6100 Series Switches Parameter Description vlan-list The VLANs to which to apply this command. priority The VLAN bridge priority. Valid values are 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, and 61440. show spanning-tree This command displays spanning tree settings for the common and internal spanning tree.
Page 349: Show Spanning-Tree Backbonefast
M6100 Series Switches Term Definition Associated FIDs List of forwarding database identifiers currently associated with this instance. Associated VLANs List of VLAN IDs currently associated with this instance. Command example: (NETGEAR Routing) #show spanning-tree Bridge Priority........ 32768 Bridge Identifier......80:00:00:10:18:48:FC:07 Time Since Topology Change.....
Page 350: Show Spanning-Tree Brief
Bridge max-hops count for the device. Bridge Hello Time Configured value. Bridge Forward Configured value. Delay Bridge Hold Time Minimum time between transmission of Configuration Bridge Protocol Data Units (BPDUs). Command example: (NETGEAR Routing) #show spanning-tree brief Bridge Priority........ 32768 Switching Commands...
Page 351: Show Spanning-Tree Interface
M6100 Series Switches Bridge Identifier......80:00:00:10:18:48:FC:07 Bridge Max Age......... 20 Bridge Max Hops........ 20 Bridge Hello Time......2 Bridge Forward Delay......15 Bridge Hold Time....... 6 show spanning-tree interface This command displays the settings and parameters for a specific switch port within the common and internal spanning tree.
Page 352 RSTP BPDUs Transmitted......0 RSTP BPDUs Received......0 MSTP BPDUs Transmitted......0 MSTP BPDUs Received......0 Command example: (NETGEAR Routing) >show spanning-tree interface lag 1 Hello Time........Not Configured Port Mode........Enabled BPDU Guard Effect......Disabled Root Guard........FALSE Loop Guard........FALSE TCN Guard........
Page 353: Show Spanning-Tree Mst Detailed
Description mstid A multiple spanning tree instance identifier. The value is 0–4094. Command example: (NETGEAR Routing) >show spanning-tree mst detailed 0 MST Instance ID........ 0 MST Bridge Priority......32768 MST Bridge Identifier......80:00:00:10:18:48:FC:07 Time Since Topology Change..... 8 day 3 hr 47 min 7 sec Topology Change Count......
Page 354 M6100 Series Switches Term Definition MST Instance ID The ID of the existing multiple spanning tree (MST) instance identifier. The value is 0–4094. Port Identifier The port identifier for the specified port within the selected MST instance. It is made up from the port priority and the interface number of the port.
Page 355 The number of times this interface has transitioned out of loop inconsistent state. Loop Inconsistent State Command example: The following example shows output for the command in the slot/port format: (NETGEAR Routing) >show spanning-tree mst port detailed 0 0/1 Switching Commands...
Page 356 Transitions Into Loop Inconsistent State..0 Transitions Out Of Loop Inconsistent State..0 Command example: The following example shows output using a LAG interface number: (NETGEAR Routing) >show spanning-tree mst port detailed 0 lag 1 Port Identifier........ 60:42 Port Priority........96 Port Forwarding State......Disabled Port Role........
Page 357: Show Spanning-Tree Mst Port Summary
Indicates whether the port is in loop inconsistent state or not. This field is blank if the loop guard feature is not available. Command example: The following example shows output in the slot/port format: (NETGEAR Routing) >show spanning-tree mst port summary 0 0/1 MST Instance ID........ CST Port Interface...
Page 358 M6100 Series Switches Command example: The following example shows output using a LAG interface number: (NETGEAR Routing) >show spanning-tree mst port summary 0 lag 1 MST Instance ID........ CST Port Interface Mode Type State Role Desc --------- -------- ------- ----------------- ---------- ----------...
Page 359: Show Spanning-Tree Mst Summary
Specifies the version of the configuration format being used in the exchange of BPDUs. The default value is zero. MST Instances List of all multiple spanning tree instances configured on the switch. Command example: (NETGEAR Routing) >show spanning-tree summary Switching Commands...
Page 360: Show Spanning-Tree Uplinkfast
The number of uplinkfast transitions on all VLANs. Proxy multicast addresses transmitted (all The number of proxy multicast addresses transmitted on all VLANs. VLANs) Command example: (NETGEAR Switch) #show spanning-tree uplinkfast Uplinkfast is enabled. BPDU update rate : 150 packets/sec Uplinkfast Statistics --------------------- Uplinkfast transitions (all VLANs)....
Page 361 “X-Y” where X and Y are valid VLAN identifiers and X< Y. The vlanid corresponds to an existing VLAN ID. Format show spanning-tree vlan {vlanid | vlan-list} Mode Privileged EXEC User EXEC Command example: (NETGEAR Switch) show spanning-tree vlan 1 VLAN Spanning-tree enabled protocol rpvst RootID Priority 32769 Address 00:0C:29:D3:80:EA...
Page 362: Vlan Commands
M6100 Series Switches VLAN Commands This section describes the commands you use to configure VLAN settings. vlan database This command gives you access to the VLAN Config mode, which allows you to configure VLAN characteristics. Format vlan database Mode Privileged EXEC...
Page 363: Vlan Acceptframe
M6100 Series Switches no vlan This command deletes an existing VLAN. The ID is a valid VLAN identification number (ID 1 is reserved for the default VLAN). The VLAN number is in the range 2–4093. Format no vlan number Mode...
Page 364: Vlan Makestatic
M6100 Series Switches no vlan ingressfilter This command disables ingress filtering. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
Page 365: Vlan Participation
M6100 Series Switches no vlan name This command sets the name of a VLAN to a blank string. Format no vlan name number Mode VLAN Config vlan participation This command configures the degree of participation for a specific interface or range of interfaces in a VLAN.
Page 366: Vlan Port Acceptframe All
M6100 Series Switches vlan port acceptframe all This command sets the frame acceptance mode for all interfaces. Default Format vlan port acceptframe all {vlanonly | admituntaggedonly |all} Mode Global Config The modes are defined as follows: Mode Definition VLAN Only mode Untagged frames or priority frames received on this interface are discarded.
Page 367: Vlan Port Pvid All
M6100 Series Switches no vlan port ingressfilter all This command disables ingress filtering for all ports. If ingress filtering is disabled, frames received with VLAN IDs that do not match the VLAN membership of the receiving interface are admitted and forwarded to ports that are members of that VLAN.
Page 368: Vlan Protocol Group
M6100 Series Switches vlan protocol group This command adds protocol-based VLAN groups to the system. The groupid is a unique number from 1–128 that is used to identify the group in subsequent commands. Format vlan protocol group groupid Mode Global Config vlan protocol group name This command assigns a name to a protocol-based VLAN group.
Page 369: Protocol Group
M6100 Series Switches protocol group This command attaches a vlanid to the protocol-based VLAN identified by groupid. A group can only be associated with one VLAN at a time, however the VLAN association can be changed. Default none Format protocol group groupid vlanid...
Page 370: Show Port Protocol
M6100 Series Switches Default none Format protocol vlan group all groupid Mode Global Config no protocol vlan group all This command removes all interfaces from this protocol-based VLAN group that is identified by this groupid. Format no protocol vlan group all groupid...
Page 371: Vlan Tagging
M6100 Series Switches no vlan pvid This command sets the VLAN ID on an interface or range of interfaces to 1. Format no vlan pvid Mode Interface Config vlan tagging This command configures the tagging behavior for a specific interface or range of interfaces in a VLAN to enabled.
Page 372: Vlan Association Mac
M6100 Series Switches vlan association mac This command associates a MAC address to a VLAN. Format vlan association mac macaddr vlanid Mode VLAN database no vlan association mac This command removes the association of a MAC address to a VLAN.
Page 373: Show Vlan Internal Usage
M6100 Series Switches Term Definition VLAN Type Type of VLAN, which can be Default (VLAN ID = 1) or static (one that is configured and permanently defined), or Dynamic. A dynamic VLAN can be created by GVRP registration or during the 802.1X authentication process (DOT1X) if a RADIUS-assigned VLAN does not exist on the switch.
Page 374: Show Vlan Port
M6100 Series Switches Term Definition VLAN ID There is a VLAN Identifier (vlanid) associated with each VLAN. The range of the VLAN ID is 1 to 4093. VLAN Name A string associated with this VLAN as a convenience. It can be up to 32 alphanumeric characters long, including blanks.
Page 375: Double Vlan Commands
M6100 Series Switches Term Definition IP Address The IP address assigned to each interface. Net Mask The subnet mask. VLAN ID There is a VLAN Identifier (VID) associated with each VLAN. show vlan association mac This command displays the VLAN associated with a specific configured MAC address. If no MAC address is specified, the VLAN associations of all the configured MAC addresses are displayed.
Page 376: Dvlan-Tunnel Ethertype Primary-Tpid
M6100 Series Switches Parameter Description 802.1Q Configure the ethertype as 0x8100. custom Configure the value of the custom tag in the range from 1 to 65535. vman Represents the commonly used value of 0x88A8. no dvlan-tunnel ethertype (Interface Config) This command removes the ethertype value for the interface.
Page 377: Mode Dot1Q-Tunnel
M6100 Series Switches mode dot1q-tunnel This command is used to enable Double VLAN Tunneling on the specified interface. Default disabled Format mode dot1q-tunnel Mode Interface Config no mode dot1q-tunnel This command is used to disable Double VLAN Tunneling on the specified interface. By default, Double VLAN Tunneling is disabled.
Page 378: Show Dvlan-Tunnel
M6100 Series Switches Format show dot1q-tunnel [interface {unit/slot/port | all}] Mode Privileged EXEC User EXEC Term Definition Interface The interface. Mode The administrative mode through which Double VLAN Tunneling can be enabled or disabled. The default value for this field is disabled.
Page 379: Private Vlan Commands
M6100 Series Switches (NETGEAR Switch)#show dvlan-tunnel interface 1/0/1 Interface Mode EtherType --------- ------- ------------ 1/0/1 Disable 0x88a8 Private VLAN Commands This section describes the commands you use for private VLANs. Private VLANs provides Layer 2 isolation between ports that share the same broadcast domain. In other words, it allows a VLAN broadcast domain to be partitioned into smaller point-to-multipoint subdomains.
Page 380: Switchport Mode Private-Vlan
M6100 Series Switches switchport mode private-vlan This command configures a port as a promiscuous or host private VLAN port. Note that the properties of each mode can be configured even when the switch is not in that mode. However, they will only be applicable once the switch is in that particular mode.
Page 381: Voice Vlan Commands
M6100 Series Switches no private-vlan This command restores normal VLAN configuration. Format no private-vlan [association] Mode VLAN Config Voice VLAN Commands This section describes the commands you use for Voice VLAN. Voice VLAN enables switch ports to carry voice traffic with defined priority so as to enable separation of voice and data traffic coming onto the port.
Page 382: Voice Vlan Data Priority
M6100 Series Switches voice vlan (Interface Config) Use this command to enable the Voice VLAN capability on the interface or range of interfaces. Default disabled Format voice vlan {vlan-id | dot1p priority | none | untagged} Mode Interface Config You can configure Voice VLAN in one of four different ways.
Page 383: Vlan Port Priority All
M6100 Series Switches When the interface parameter is not specified, only the global mode of the Voice VLAN is displayed. Term Definition Administrative Mode The Global Voice VLAN mode. When the interface parameter is specified.. Term Definition Voice VLAN Mode The admin mode of the Voice VLAN on the interface.
Page 384: Asymmetric Flow Control
M6100 Series Switches Asymmetric Flow Control Note: Asymmetric Flow Control is not supported on Fast Ethernet platforms. Note: If Asymmetric Flow Control is not supported on the platform, then only symmetric, or no flow control, modes are configurable. When in asymmetric flow control mode, the switch responds to PAUSE frames received from a peer by stopping packet transmission, but the switch does not initiate MAC control PAUSE frames.
Page 385: Protected Ports Commands
Admin Flow Control: Symmetric Port Flow Control RxPause TxPause Oper ------ ------------ -------- --------- Active Inactive Command example: (NETGEAR Switch)#show flowcontrol interface 0/1 Admin Flow Control: Symmetric Port Flow Control RxPause TxPause Oper --------- ------- -------- ------- Active Protected Ports Commands This section describes commands you use to configure and view protected ports on a switch.
Page 386: Switchport Protected (Interface Config)
M6100 Series Switches switchport protected (Global Config) Use this command to create a protected port group. The groupid parameter identifies the set of protected ports. Use the name parameter to assign a name to the protected port group. The name can be up to 32 alphanumeric characters long, including blanks. The default is blank.
Page 387: Show Switchport Protected
M6100 Series Switches no switchport protected (Interface Config) Use this command to configure a port as unprotected. The groupid parameter identifies the set of protected ports to which this interface is assigned. Format no switchport protected groupid Mode Interface Config...
Page 388: Private Group Commands
M6100 Series Switches Private Group Commands This section describes commands that are used to configure a private group and view the configuration information of a private group. You can use a private group to create a group of ports that either can or cannot share traffic with each other in the same VLAN group.
Page 389: Garp Commands
M6100 Series Switches Format private-group name privategroup-name [private-group-id] [mode {community | isolated}] Mode Global Config no private-group name This command removes a private group. Format no private-group name privategroup-name Mode Global Config show private-group This command displays information about a private group. If you do not specify a group name, group identifier, or port, the command displays information about all private groups.
Page 390: Set Garp Timer Leave
M6100 Series Switches command has an effect only when GVRP is enabled. The time is from 10 to 100 centiseconds. The value 20 centiseconds is 0.2 seconds. Default Format set garp timer join centiseconds Mode Interface Config Global Config no set garp timer join This command sets the GVRP join time to the default and only has an effect when GVRP is enabled.
Page 391: Gvrp Commands
M6100 Series Switches set garp timer leaveall This command sets how frequently Leave All PDUs are generated. A Leave All PDU indicates that all registrations will be unregistered. Participants would need to rejoin in order to maintain registration. The value applies per port and per GARP participation. The time may range from 200 to 6000 centiseconds.
Page 392: Set Gvrp Adminmode
M6100 Series Switches Note: If GVRP is disabled, the system does not forward GVRP messages. set gvrp adminmode This command enables GVRP on the system. Default disabled Format set gvrp adminmode Mode Privileged EXEC no set gvrp adminmode This command disables GVRP.
Page 393: Show Gvrp Configuration
M6100 Series Switches show gvrp configuration This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces. Format show gvrp configuration {unit/slot/port | all} Mode Privileged EXEC User EXEC Term Definition Interface unit/slot/port Join Timer The interval between the transmission of GARP PDUs registering (or reregistering) membership for an attribute.
Page 394: Set Gmrp Adminmode
M6100 Series Switches set gmrp adminmode This command enables GARP Multicast Registration Protocol (GMRP) on the system. Default disabled Format set gmrp adminmode Mode Privileged EXEC no set gmrp adminmode This command disables GARP Multicast Registration Protocol (GMRP) on the system.
Page 395: Show Gmrp Configuration
M6100 Series Switches show gmrp configuration This command displays Generic Attributes Registration Protocol (GARP) information for one or all interfaces. Format show gmrp configuration {unit/slot/port | all} Mode Privileged EXEC User EXEC Term Definition Interface The unit/slot/port of the interface that this row in the table describes.
Page 396: Aaa Authentication Dot1X Default
(NETGEAR Routing) # (NETGEAR Routing) #configure (NETGEAR Routing) (Config)#aaa authentication dot1x default ias none (NETGEAR Routing) (Config)#aaa authentication dot1x default ias local radius none clear dot1x statistics This command resets the 802.1X statistics for the specified port or for all ports.
Page 397: Clear Radius Statistics
M6100 Series Switches clear dot1x authentication-history This command clears the authentication history table captured during successful and unsuccessful authentication on all interface or the specified interface. Format clear dot1x authentication-history [unit/slot/port] Mode Privileged EXEC clear radius statistics This command is used to clear all RADIUS statistics.
Page 398: Dot1X Initialize
M6100 Series Switches no dot1x dynamic-vlan enable Use this command to prevent the switch from creating VLANs when a RADIUS-assigned VLAN does not exist in the switch. Format no dot1x dynamic-vlan enable Mode Global Config dot1x guest-vlan This command configures VLAN as guest vlan on an interface or a range of interfaces. The command specifies an active VLAN as an IEEE 802.1X guest VLAN.
Page 399: Dot1X Max-Users
M6100 Series Switches no dot1x max-req This command sets the maximum number of times the authenticator state machine on this port will transmit an EAPOL EAP Request/Identity frame before timing out the supplicant. Format no dot1x max-req Mode Interface Config...
Page 400: Dot1X Port-Control All
M6100 Series Switches no dot1x port-control This command sets the 802.1X port control mode on the specified port to the default value. Format no dot1x port-control Mode Interface Config dot1x port-control all This command sets the authentication mode to use on all ports. Select the force-unauthorized parameter to specify that the authenticator PAE unconditionally sets the controlled port to unauthorized.
Page 401: Dot1X Re-Authenticate
M6100 Series Switches no dot1x mac-auth-bypass This command sets the MAB mode on the ports to the default value. Format no dot1x mac-auth-bypass Mode Interface Config dot1x re-authenticate This command begins the reauthentication sequence on the specified port. This command is only valid if the control mode for the specified port is auto or mac-based.
Page 402: Dot1X Timeout
M6100 Series Switches no dot1x system-auth-control This command is used to disable the dot1x authentication support on the switch. Format no dot1x system-auth-control Mode Global Config dot1x system-auth-control monitor Use this command to enable the 802.1X monitor mode on the switch. The purpose of Monitor mode is to help troubleshoot port-based authentication configuration issues without disrupting network access for hosts connected to the switch.
Page 403: Dot1X Unauthenticated-Vlan
Use this command to configure the unauthenticated VLAN associated with the specified interface or range of interfaces. The unauthenticated VLAN ID can be a valid VLAN ID from 0–maximum supported VLAN ID (4093 for NETGEAR Managed Switch). The unauthenticated VLAN must be statically configured in the VLAN database to be operational.
Page 404: Dot1X User
M6100 Series Switches no dot1x unauthenticated-vlan This command resets the unauthenticated-vlan associated with the port to its default value. Format no dot1x unauthenticated-vlan Mode Interface Config dot1x user This command adds the specified user to the list of users with access to the specified port or all ports.
Page 405: Authentication Priority
M6100 Series Switches Each method can only be entered once. Ordering is only possible between 802.1x and MAB. Captive portal can be configured either as a stand-alone method or as the last method in the order. Format authentication order {dot1x [mab [captive-portal] | captive-portal] | mab...
Page 406: Show Authentication Authentication-History
M6100 Series Switches no authentication timer restart This command sets the reauthentication value to the default value of 3600 seconds. Format no authentication timer restart Mode Interface Config show authentication authentication-history Use this command to display information about the authentication history for a specified interface.
Page 407 Auth State If the authentication was successful. Auth Status The current authentication status. Command example: (NETGEAR Switch) #show authentication interface all Interface........1/0/1 Authentication Restart timer....300 Configured method order......dot1x mab captive-portal Enabled method order......dot1x mab undefined Configured method priority..... undefined undefined undefined Enabled method priority......
Page 408: Show Authentication Methods
M6100 Series Switches show authentication methods Use this command to display information about the authentication methods. Format show authentication methods Mode Privileged EXEC Term Definition Authentication Login List The authentication login listname. Method 1 The first method in the specified authentication login list, if any.
Page 409: Show Dot1X
The number of captive portal (Web authorization) authentication attempts for the port. Captive-portal failed attempts The number of failed captive portal authentication attempts for the port. Command example: (NETGEAR Routing) #show authentication statistics 1/0/1 Port........... 1/0/1 802.1X attempts........ 0 802.1X failed attempts......0 Mab attempts........
Page 410 Indicates whether reauthentication is enabled on this port. Enabled Port Status Indicates whether the port is authorized or unauthorized. Possible values are authorized and unauthorized. Command example: (NETGEAR Switch) #show dot1x summary 0/1 Operating Interface Control Mode Control Mode Port Status...
Page 411 M6100 Series Switches If you use the optional parameter detail unit/slot/port, the detailed dot1x configuration for the specified port is displayed. Term Definition Port The interface whose configuration is displayed. Protocol Version The protocol version associated with this port. The only possible value is 1, corresponding to the first version of the dot1x specification.
Page 412 If the value is Radius-Request, then a reauthentication of the client authenticated on the port is performed. This value is valid for the port only when the port control mode is not MAC-based. Command example: (NETGEAR Switch) #show dot1x detail 1/0/3 Port........... 1/0/1 Protocol Version....... 1 PAE Capabilities....... Authenticator Control Mode........
Page 413 M6100 Series Switches Configured MAB Mode......Enabled Operational MAB Mode......Disabled VLAN Id........0 VLAN Assigned Reason......Not Assigned Reauthentication Period (secs)....3600 Reauthentication Enabled....... FALSE Key Transmission Enabled....... FALSE EAPOL flood Mode Enabled....... FALSE Control Direction......both Maximum Users........16 Unauthenticated VLAN ID......
Page 414: Show Dot1X Authentication-History
M6100 Series Switches Term Definition Last EAPOL Frame The protocol version number carried in the most recently received EAPOL frame. Version Last EAPOL Frame The source MAC address carried in the most recently received EAPOL frame. Source EAP Response/Id The number of EAP response/identity frames that have been received by this authenticator.
Page 415: Show Dot1X Clients
M6100 Series Switches show dot1x clients This command displays 802.1X client information. This command also displays information about the number of clients that are authenticated using Monitor mode and using 802.1X. Format show dot1x clients {unit/slot/port | all} Mode Privileged EXEC...
Page 416: 802.1X Supplicant Commands
Users configured locally to have access to the specified port. 802.1X Supplicant Commands NETGEAR Managed Switch supports 802.1X (dot1x) supplicant functionality on point-to-point ports. The administrator can configure the user name and password used in authentication and capabilities of the supplicant port.
Page 417: Dot1X Supplicant Max-Start
M6100 Series Switches dot1x supplicant max-start This command configures the number of attempts that the supplicant makes to find the authenticator before the supplicant assumes that there is no authenticator. The number of attempts can be in a range from 1–10. The default is 3 attempts.
Page 418: Dot1X Supplicant User
M6100 Series Switches no dot1x supplicant timeout held-period This command sets the held-period value to the default value. Format no dot1x supplicant timeout held-period Mode Interface Config dot1x supplicant timeout auth-period This command configures the authentication period timer interval to wait for the next EAP request challenge from the authenticator.
Page 419 Last EAPOL Frames Source Displays the source MAC Address attached to the most recently received EAPOL frame. Command example: (NETGEAR Switch) #show dot1x statistics 0/1 Port........... 0/1 EAPOL Frames Received......0 EAPOL Frames Transmitted....... 0 EAPOL Start Frames Transmitted....3 EAPOL Logoff Frames Received....
Page 420: Storm-Control Broadcast
LAN, which creates performance degradation in the network. The Storm-Control feature protects against this condition. NETGEAR Managed Switch provides broadcast, multicast, and unicast story recovery for individual interfaces. Unicast Storm-Control protects against traffic whose MAC addresses are not known by the system. For broadcast, multicast, and unicast storm-control, if the rate of traffic ingressing on an interface increases beyond the configured threshold for that type, the traffic is dropped.
Page 421: Storm-Control Broadcast Level
M6100 Series Switches no storm-control broadcast Use this command to disable broadcast storm recovery mode for all interfaces (Global Config mode) or one or more interfaces (Interface Config mode). Format no storm-control broadcast Mode Global Config Interface Config storm-control broadcast level...
Page 422: Storm-Control Multicast
M6100 Series Switches Default Format storm-control broadcast rate threshold Mode Global Config Interface Config no storm-control broadcast rate This command sets the broadcast storm recovery threshold to the default value for all interfaces (Global Config mode) or one or more interfaces (Interface Config mode) and disables broadcast storm recovery.
Page 423: Storm-Control Multicast Rate
M6100 Series Switches beyond the configured threshold, the traffic will be dropped. Therefore, the rate of multicast traffic will be limited to the configured threshold. The threshold level can be in the range from 0–100. The default is 5. Default...
Page 424: Storm-Control Unicast
M6100 Series Switches storm-control unicast This command enables unicast storm recovery mode for all interfaces (Global Config mode) or one or more interfaces (Interface Config mode). If the mode is enabled, unicast storm recovery is active, and if the rate of unknown L2 unicast (destination lookup failure) traffic ingressing on an interface increases beyond the configured threshold, the traffic will be dropped.
Page 425: Storm-Control Unicast Rate
M6100 Series Switches no storm-control unicast level This command sets the unicast storm recovery threshold to the default value for all interfaces (Global Config mode) or one or more interfaces (Interface Config mode) and disables unicast storm recovery. Format no storm-control unicast level...
Page 426 Broadcast Storm Control Level....5 percent Multicast Storm Control Mode....Disable Multicast Storm Control Level....5 percent Unicast Storm Control Mode..... Disable Unicast Storm Control Level....5 percent Command example: (NETGEAR Switch) #show storm-control 0/1 Bcast Bcast Mcast Mcast Ucast...
Page 427: Link Local Protocol Filtering Commands
M6100 Series Switches Disable 5% Disable 5% Disable Disable 5% Disable 5% Disable Disable 5% Disable 5% Disable Link Local Protocol Filtering Commands Link Local Protocol Filtering (LLPF) allows the switch to filter out multiple proprietary protocol PDUs, such as Port Aggregation Protocol (PAgP), if the problems occur with proprietary protocols running on standards-based switches.
Page 428: Show Mrp
M6100 Series Switches Term Definition Block UDLD Shows whether the port blocks UDLD PDUs. Block PAGP Shows whether the port blocks PAgP PDUs. Block SSTP Shows whether the port blocks SSTP PDUs. Block All Shows whether the port blocks all proprietary PDUs available for the LLDP feature.
Page 429: Mmrp Periodic State Machine
M6100 Series Switches Format show mrp interface {summary | unit/slot/port} Mode Privileged Exec MMRP Commands mmrp (Global Config) Use this command in Global Config mode to enable MMRP. MMRP must also be enabled on the individual interfaces. Default disabled Format...
Page 430: Clear Mmrp Statistics
M6100 Series Switches Default disabled Format mmrp Mode Interface Config no mmrp (Interface Config) Use this command in Interface Config mode to disable MMRP mode on the interface. Format no mmrp Mode Global Config clear mmrp statistics Use this command in Privileged EXEC mode to clear MMRP statistics of one or all interfaces.
Page 431 Command example: (NETGEAR switch) #show mmrp summary MMRP Global Admin Mode......Disabled MMRP Periodic State Machine....Disabled Command example: (NETGEAR switch) #show mmrp interface 0/12 MMRP Interface Admin Mode...... Disabled Command example: (NETGEAR switch) #show mmrp interface summary Intf Mode...
Page 432: Msrp Commands
M6100 Series Switches The following statistics display when the summary keyword or unit/slot/port parameter is used. Using the summary keyword displays global statistics. The unit/slot/port parameter displays per-interface statistics. Parameter Description MMRP messages received Total number of MMRP messages received.
Page 433: Msrp Srclassqav
M6100 Series Switches no msrp (Global Config) Use this command in Global Config mode to disable MSRP global admin mode. Format no msrp Mode Global Config msrp srClassQav Use this command in Global Config mode to configure EAV traffic class mapping. The number can be in the range 0–7.
Page 434: Msrp Talker-Pruning
M6100 Series Switches msrp talker-pruning Use this command in Global Config mode to enable MSRP talker-pruning. Default disabled Format msrp talker-pruning Mode Global Config no msrp talker-pruning Use this command in Global Config mode to disable MSRP talker-pruning. Format no msrp talker-pruning...
Page 435: Msrp Srclasspvid
M6100 Series Switches no msrp (Interface Config) Use this command in Interface Config mode to disable MSRP admin mode on the interface. Format no msrp Mode Interface Config msrp srClassPVID Use this command in Interface Config mode to configure MSRP VLAN ID for the SR traffic class on the interface.
Page 436: Show Msrp
QAV class A remap priority..... 1 QAV class B priority......2 QAV class B remap priority..... 1 Command example: (NETGEAR switch) #show msrp interface 0/12 MSRP Interface Admin Mode...... Enabled SRclassPVID........2 MSRP class A Boundary port status....True MSRP class B Boundary port status....True MSRP QAV class A delta bandwidth....
Page 437 M6100 Series Switches Command example: (NETGEAR switch) #show msrp interface summary Intf Mode SrPVID A-Prio A-Remap B-Prio B-Remap Boundary(A/B) --------- --------- ------ ------ ------- ------ ------- ------------- Enabled True / True Enabled True / True Enabled True / True Enabled...
Page 438: Show Msrp Reservations
Use this command in Privileged EXEC mode to display MSRP stream reservation details for the given interface. Format show msrp reservations unit/slot/port [detail | summary] Mode Privileged EXEC Command example: ((NETGEAR Switch) #show msrp reservations 0/10 summary Stream Stream Talker Listener Fail Information Stream...
Page 439: Show Msrp Statistics
If used with the summary parameter, the command shows global MSRP statistics. interface If the interface is specified, the command shows MSRP statistics for that interface. (NETGEAR Switch) # show msrp statistics summary MSRP messages received......1790 MSRP messages received with bad header..0 MSRP messages received with bad format..
Page 440: Mvrp Periodic State Machine
M6100 Series Switches MVRP Commands mvrp (Global Config) Use this command in Global Configuration mode to enable MVRP. MVRP must also be enabled on the individual interfaces. Note: If MVRP is enabled on all devices and STP is disabled, statically created VLANs are propagated to other devices.
Page 441: Mvrp (Interface Config)
M6100 Series Switches mvrp (Interface Config) Use this command in Interface Configuration mode to enable MVRP mode on the interface. The port should be configured in trunk or general mode. MVRP can be enabled on physical interfaces or LAG interfaces. When configured on a LAG member port, MVRP is operationally disabled.
Page 442: Show Mvrp Statistics
(NETGEAR Switch) #show mvrp summary MVRP global state......Disabled MVRP Periodic State Machine state....Disabled VLANs created via MVRP......20-45, 3001-3050 Command example: (NETGEAR Switch) #show mvrp interface 0/12 MVRP interface state......Enabled VLANs declared......... 20-45, 3001-3050 VLANs registered....... none show mvrp statistics Use this command in Privileged EXEC mode to display MVRP statistics.
Page 443: Port-Channel/Lag (802.3Ad) Commands
M6100 Series Switches MVRP messages failed to transmit....0 MVRP Message Queue Failures....0 Command example: (NETGEAR Switch) #show mvrp statistics 0/12 Port........... 0/12 MVRP messages received......21 MVRP messages received with bad header..0 MVRP messages received with bad format..0 MVRP messages transmitted......
Page 444: Deleteport (Global Config)
M6100 Series Switches Note: Before you include a port in a port-channel, set the port physical mode. For more information, see speed on page 327. Format port-channel name Mode Global Config addport This command adds one port to the port-channel (LAG). The first interface is a logical unit/slot/port number of a configured port-channel.
Page 445: Lacp Admin Key
M6100 Series Switches lacp admin key Use this command to configure the administrative value of the key for the port-channel. The value range of key is 0 to 65535. Default 0x8000 Format lacp admin key key Mode Interface Config Note: This command is applicable only to port-channel interfaces.
Page 446: Lacp Actor Admin State Individual
M6100 Series Switches lacp actor admin key Use this command to configure the administrative value of the LACP actor admin key on an interface or range of interfaces. The valid range for key is 0-65535. Default Internal Interface Number of this Physical Port...
Page 447: Lacp Actor Admin State
M6100 Series Switches Note: This command is applicable only to physical interfaces. no lacp actor admin state longtimeout Use this command to set the LACP actor admin state to short timeout. Format no lacp actor admin state longtimeout Mode Interface Config Note: This command is applicable only to physical interfaces.
Page 448: Lacp Actor Port Priority
M6100 Series Switches Note: This command is applicable only to physical interfaces. no lacp actor admin state Use this command the configure the default administrative values of actor state as transmitted by the Actor in LACPDUs. Note: Both the no portlacptimeout and the no lacp actor admin state commands set the values back to default, regardless of the command used to configure the ports.
Page 449: Lacp Partner Admin State Individual
M6100 Series Switches lacp partner admin key Use this command to configure the administrative value of the Key for the protocol partner. This command can be used to configure a single interface or a range of interfaces. The valid range for key is 0 to 65535.
Page 450: Lacp Partner Admin State Longtimeout
M6100 Series Switches lacp partner admin state longtimeout Use this command to set LACP partner admin state to longtimeout. Format lacp partner admin state longtimeout Mode Interface Config Note: This command is applicable only to physical interfaces. no lacp partner admin state longtimeout Use this command to set the LACP partner admin state to short timeout.
Page 451: Lacp Partner Port Id
M6100 Series Switches lacp partner port id Use this command to configure the LACP partner port id. This command can be used to configure a single interface or a range of interfaces. The valid range for port-id is 0 to 65535.
Page 452: Lacp Partner System-Id
M6100 Series Switches lacp partner system-id Use this command to configure the 6-octet MAC Address value representing the administrative value of the Aggregation Port’s protocol Partner’s System ID. This command can be used to configure a single interface or a range of interfaces. The valid range of system-id is 00:00:00:00:00:00 - FF:FF:FF:FF:FF.
Page 453: Interface Lag
M6100 Series Switches interface lag Use this command to enter Interface configuration mode for the specified LAG. Format interface lag lag-interface-number Mode Global Config port-channel static This command enables the static mode on a port-channel (LAG) interface or range of interfaces.
Page 454: Port Lacpmode Enable All
M6100 Series Switches port lacpmode enable all This command enables Link Aggregation Control Protocol (LACP) on all ports. Format port lacpmode enable all Mode Global Config no port lacpmode enable all This command disables Link Aggregation Control Protocol (LACP) on all ports.
Page 455: Port Lacptimeout (Global Config)
M6100 Series Switches port lacptimeout (Global Config) This command sets the timeout for all interfaces of a particular device type (actor or partner) to either long or short timeout. Default long Format port lacptimeout {actor | partner} {long | short}...
Page 456: Port-Channel Load-Balance
M6100 Series Switches Default enabled Format port-channel linktrap {logical unit/slot/port | all} Mode Global Config no port-channel linktrap This command disables link trap notifications for the port-channel (LAG). The interface is a logical slot and port for a configured port-channel. The option all sets every configured port-channel with the same administrative mode setting.
Page 457: Port-Channel Local-Preference
M6100 Series Switches Term Definition unit/slot/port Global Config Mode only: The interface is a logical unit/slot/port number of a configured port-channel. Global Config Mode only: all applies the command to all currently configured port-channels. no port-channel load-balance This command reverts to the default load balancing configuration.
Page 458: Port-Channel Name
M6100 Series Switches port-channel name This command defines a name for the port-channel (LAG). The interface is a logical unit/slot/port for a configured port-channel, and name is an alphanumeric string up to 15 characters. Instead of unit/slot/port, lag lag-intf-num can be used as an alternate way to specify the LAG interface, in which lag-intf-num is the LAG port number.
Page 459: Show Lacp Partner
M6100 Series Switches show lacp partner Use this command to display LACP partner attributes. Instead of unit/slot/port, lag lag-intf-num can be used as an alternate way to specify the LAG interface, in which lag-intf-num is the LAG port number. Format...
Page 460: Show Port-Channel
Port Speed Speed of the port-channel port. Active Ports This field lists ports that are actively participating in the port-channel (LAG). Command example: (NETGEAR Switch) #show port-channel 0/3/1 Local Interface........ 0/3/1 Channel Name........ch1 Link State........Up Admin Mode........Enabled Type...........
Page 461: Show Port-Channel System Priority
M6100 Series Switches Device/ Port Port Ports Timeout Speed Active ------ ------------- --------- ------- 1/0/1 actor/long Auto True partner/long 1/0/2 actor/long Auto True partner/long 1/0/3 actor/long Auto False partner/long 1/0/4 actor/long Auto False partner/long show port-channel system priority Use this command to display the port-channel system priority.
Page 462: Clear Port-Channel Counters
M6100 Series Switches Command example: (NETGEAR Switch) #show port-channel 3/1 counters Local Interface........ 3/1 Channel Name........ch1 Link State........Down Admin Mode........Enabled Port Channel Flap Count......0 Mbr Flap Ports Counters ------ --------- clear port-channel counters Use this command to clear and reset specified port-channel and member flap counters for the specified interface.
Page 463: Vpc Domain
M6100 Series Switches vpc domain Use this command to enter into VPC configuration mode. Format vpc domain id Mode Global Config feature vpc This command enables VPC globally. VPC role election occurs if both VPC and the keepalive state machine are enabled (see peer-keepalive timeout on page 464).
Page 464: Peer-Keepalive Destination
M6100 Series Switches peer-keepalive destination This command configures the IP address of the peer VPC switch, which is the destination IP address of the dual control plane detection protocol (DCPDP) on the peer VPC switch. This configuration is used by the dual control plane detection protocol (DCPDP) on the VPC switches.
Page 465: Role Priority
M6100 Series Switches Note: The keepalive state machine is not restarted if keepalive priority is modified post election. The configurable range is 2 to 15 seconds. The default is 5 seconds. Default Format peer-keepalive timeout seconds Mode VPC Config no peer-keepalive timeout This command resets the keepalive timeout to the default value of 5 seconds.
Page 466: Track Vpc Interface
M6100 Series Switches track vpc interface This command enables shutting down local VPC members if a non-VPC link goes down. The local VPC members are brought up again if the link comes back up for the specified interface. Default Disabled...
Page 467: Show Vpc Brief
(with their link status). Format show vpc id Mode User EXEC Command example: (NETGEAR Switch) # show vpc 10 VPC id#10 ----------------- Config mode………………………………………..Enabled Operational mode...………………………Enabled Port channel……………….………………………3/1 Self member ports Status...
Page 468 M6100 Series Switches Command example: (NETGEAR Switch) # show vpc brief VPC config Mode........ Enabled Keepalive config mode......Enabled VPC operational Mode......Enabled Self Role........Primary Peer Role........Secondary Peer detection......... Disabled Peer-Link details ----------------- Interface........3/2 Peer link status....... UP Peer-link STP Mode......
Page 469: Show Vpc Role
If enabled, the detection status is displayed. Format show vpc peer-keepalive Mode User EXEC Command example: (NETGEAR Switch) # show vpc peer-keepalive Peer IP address ………………………………….. 10.130.14.55 Source IP address……………………………….. 10.130.14.54 UDP port ………………….……………………………….. 60000 Peer detection ………..……………………….. ENABLED Peer is detected…….………………………….. TRUE show vpc role This command displays information about the keepalive status and parameters.
Page 470: Show Vpc Statistics
This command displays counters for the keepalive messages transmitted and received by the VPC switch. Format show vpc statistics {peer-keepalive | peer-link} Mode User EXEC Command example: (NETGEAR Switch) # show vpc statistics peer-keepalive Total trasmitted……………………….………. 123 Tx successful…………………….…………………. 118 Tx errors……………....5 Total received………………………………………. 115 Rx successful…………………………………………. 108 Rx Errors…………………………………………………………… 7 Timeout counter………………………………………….
Page 471: Show Vpc Consistency-Parameters
No MST instances to display. FDB Age Time 300 seconds MST VLAN Configuration Instance Associated VLANS ---------- ----------------------------------------------- 01, 10 Command example: (NETGEAR Switch) #show vpc consistency-parameters interface lag 2 Parameter Value ------------------------- ----------------------------------------------- Port Channel Mode Enabled STP Mode Enabled BPDU Filter Mode...
Page 472: Clear Vpc Statistics
Format clear vpc statistics {peer-keepalive | peer-link} Mode User EXEC Command example: (NETGEAR Switch) # clear vpc statistics peer-keepalive (NETGEAR Switch) # clear vpc statistics peer-link debug vpc core This command enables debug traces for VPC core functionality. Note: To display the debug trace, enable the debug console command.
Page 473: Port Mirroring Commands
M6100 Series Switches debug vpc peer detection This command enables debug traces for the dual control plane detection protocol. Traces are seen when the DCPDP transmits or receives detection packets to or from the peer VPC switch. Note: To display the debug trace, enable the debug console command.
Page 474 Use the mode parameter to disable the administrative mode of the session. Note: Since the current version of NETGEAR Managed Switch software only supports one session, if you do not supply optional parameters, the behavior of this command is similar to the behavior of the no monitor command.
Page 475: Show Monitor Session
M6100 Series Switches no monitor This command removes all the source ports and a destination port for the and restores the default value for mirroring session mode for all the configured sessions. Note: This is a stand-alone no command. This command does not have a normal form.
Page 476: Static Mac Filtering Commands
Format show vlan remote-span Mode Privileged Exec Mode Command example: (NETGEAR Switch)# show vlan remote-span Remote SPAN VLAN ------------------------------------------------------------------------ Static MAC Filtering Commands The commands in this section describe how to configure static MAC filtering. Static MAC filtering allows you to configure destination ports for a static multicast MAC filter irrespective of the platform.
Page 477: Macfilter Adddest
M6100 Series Switches • Multicast MAC and source port (max = 20) • Multicast MAC and destination port (only) (max = 256) • Multicast MAC and source ports and destination ports (max = 20) Format macfilter macaddr vlanid Mode Global Config...
Page 478: Macfilter Addsrc
M6100 Series Switches macfilter adddest all This command adds all interfaces to the destination filter set for the MAC filter with the given macaddr and VLAN of vlanid. The macaddr parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The vlanid parameter must identify a valid VLAN.
Page 479: Macfilter Addsrc All
M6100 Series Switches macfilter addsrc all This command adds all interfaces to the source filter set for the MAC filter with the MAC filter with the given macaddr and VLAN of vlanid. The macaddr parameter must be specified as a 6-byte hexadecimal number in the format of b1:b2:b3:b4:b5:b6. The vlanid parameter must identify a valid VLAN.
Page 480: Dhcp L2 Relay Agent Commands
M6100 Series Switches show mac-address-table staticfiltering This command displays the Static Filtering entries in the Multicast Forwarding Database (MFDB) table. Format show mac-address-table staticfiltering Mode Privileged EXEC Term Definition VLAN ID The VLAN in which the MAC Address is learned.
Page 481: Dhcp L2Relay Circuit-Id Vlan
M6100 Series Switches dhcp l2relay circuit-id vlan This parameter sets the DHCP Option-82 Circuit ID for a VLAN. When enabled, the interface number is added as the Circuit ID in DHCP option 82. Format dhcp l2relay circuit-id vlan vlan-list Mode...
Page 482: Dhcp L2Relay Remote-Id Vlan
M6100 Series Switches dhcp l2relay remote-id vlan This parameter sets the DHCP Option-82 Remote ID for a VLAN and subscribed service (based on subscription-name). Format dhcp l2relay remote-id remote-id-string vlan vlan-list Mode Global Config Parameter Description vlan–list The VLAN ID. The range is 1–4093. Separate nonconsecutive IDs with a comma (,) no spaces and no zeros in between the range.
Page 483: Dhcp L2Relay Trust
M6100 Series Switches dhcp l2relay trust Use this command to configure an interface or range of interfaces as trusted for Option-82 reception. Default untrusted Format dhcp l2relay trust Mode Interface Config no dhcp l2relay trust Use this command to configure an interface to the default untrusted for Option-82 reception.
Page 484: Show Dhcp L2Relay Interface
This command displays DHCP L2 relay configuration specific to interfaces. Format show dhcp l2relay interface {all | unit/slot/port} Mode Privileged EXEC Command example: (NETGEAR Switch) #show dhcp l2relay interface all DHCP L2 Relay is Enabled. Switching Commands...
Page 485: Show Dhcp L2Relay Stats Interface
This command displays statistics specific to DHCP L2 Relay configured interface. Format show dhcp l2relay stats interface {all | unit/slot/port} Mode Privileged EXEC Command example: ((NETGEAR Switch)) #show dhcp l2relay stats interface all DHCP L2 Relay is Enabled. Interface UntrustedServer UntrustedClient...
Page 486: Show Dhcp L2Relay Subscription Interface
This command displays DHCP L2 Relay configuration specific to a service subscription on an interface. Format show dhcp l2relay subscription interface {all | unit/slot/port} Mode Privileged EXEC Command example: (NETGEAR Switch) #show dhcp l2relay subscription interface all Interface SubscriptionName L2Relay mode Circuit-Id mode Remote-Id mode -----------...
Page 487: Clear Dhcp L2Relay Statistics Interface
Class Identifier. The information is a string of 128 octets. dhcp client vendor-id-option This command enables the inclusion of DHCP Option-60, Vendor Class Identifier included in the requests transmitted to the DHCP server by the DHCP client operating in the NETGEAR Managed Switch switch. Format...
Page 488: Dhcp Snooping Configuration Commands
Mode Privileged EXEC Command example: (NETGEAR Switch) #show dhcp client vendor-id-option DHCP Client Vendor Identifier Option... Enabled DHCP Client Vendor Identifier Option String..NetgearClient DHCP Snooping Configuration Commands This section describes commands you use to configure DHCP Snooping.
Page 489: Ip Dhcp Snooping Vlan
M6100 Series Switches ip dhcp snooping vlan Use this command to enable DHCP Snooping on a list of comma-separated VLAN ranges. Default disabled Format ip dhcp snooping vlan vlan-list Mode Global Config no ip dhcp snooping vlan Use this command to disable DHCP Snooping on VLANs.
Page 490: Ip Verify Binding
M6100 Series Switches ip dhcp snooping database write-delay (DHCP) Use this command to configure the interval in seconds at which the DHCP Snooping database persists. The interval value ranges from 15 to 86400 seconds. Default 300 seconds Format ip dhcp snooping database write-delay seconds...
Page 491: Ip Dhcp Snooping Limit
M6100 Series Switches no ip verify binding Use this command to remove the IPSG static entry from the IPSG database. Format no ip verify binding mac-address vlan vlan-id ipaddress interface interface-id Mode Global Config ip dhcp snooping limit Use this command to control the rate at which the DHCP Snooping messages come on an interface or range of interfaces.
Page 492: Ip Verify Source
M6100 Series Switches ip dhcp snooping trust Use this command to configure an interface or range of interfaces as trusted. Default disabled Format ip dhcp snooping trust Mode Interface Config no ip dhcp snooping trust Use this command to configure the port as untrusted.
Page 493: Show Ip Dhcp Snooping Binding
Log Invalid Pkts If it is enabled, DHCP snooping application logs invalid packets on the specified interface. Command example: (NETGEAR Switch) #show ip dhcp snooping DHCP snooping is Disabled DHCP snooping source MAC verification is enabled DHCP snooping is enabled on the following VLANs:...
Page 494: Show Ip Dhcp Snooping Database
Type Binding type; statically configured from the CLI or dynamically learned. Lease (sec) The remaining lease time for the entry. Command example: (NETGEAR Switch) #show ip dhcp snooping binding Total number of bindings: 2 MAC Address IP Address VLAN Interface...
Page 495: Show Ip Dhcp Snooping Interfaces
Rate Limit Burst Interval (pps) (seconds) ----------- ---------- ---------- -------------- 1/g1 1/g2 1/g3 Command example: (NETGEAR Switch) #show ip dhcp snooping interfaces ethernet 1/g15 Interface Trust State Rate Limit Burst Interval (pps) (seconds) ----------- ---------- ---------- -------------- 1/g15 show ip dhcp snooping statistics Use this command to list statistics for DHCP Snooping security violations on untrusted ports.
Page 496: Clear Ip Dhcp Snooping Binding
M6100 Series Switches Command example: (NETGEAR Switch) #show ip dhcp snooping statistics Interface MAC Verify Client Ifc DHCP Server Failures Mismatch Msgs Rec'd ----------- ---------- ---------- ----------- 1/0/2 1/0/3 1/0/4 1/0/5 1/0/6 1/0/7 1/0/8 1/0/9 1/0/10 1/0/11 1/0/12 1/0/13 1/0/14...
Page 497: Show Ip Verify Source
If MAC address filtering is not configured on the interface, the MAC Address field is empty. If port security is disabled on the interface, then the MAC Address field displays “permit-all.” VLAN The VLAN for the binding rule. Command example: (NETGEAR Switch) #show ip verify source Interface Filter Type IP Address MAC Address...
Page 498: Dynamic Arp Inspection Commands
Entry type; statically configured from CLI or dynamically learned from DHCP Snooping. VLAN VLAN for the entry. Interface IP address of the interface in unit/slot/port format. Command example: (NETGEAR Switch) #show ip source binding MAC Address IP Address Type Vlan Interface...
Page 499: Ip Arp Inspection Validate
M6100 Series Switches ip arp inspection vlan Use this command to enable Dynamic ARP Inspection on a list of comma-separated VLAN ranges. Default disabled Format ip arp inspection vlan vlan-list Mode Global Config no ip arp inspection vlan Use this command to disable Dynamic ARP Inspection on a list of comma-separated VLAN ranges.
Page 500: Ip Arp Inspection Trust
M6100 Series Switches no ip arp inspection vlan logging Use this command to disable logging of invalid ARP packets on a list of comma-separated VLAN ranges. Format no ip arp inspection vlan vlan-list logging Mode Global Config ip arp inspection trust Use this command to configure an interface or range of interfaces as trusted for Dynamic ARP Inspection.
Page 501: Ip Arp Inspection Filter
M6100 Series Switches no ip arp inspection limit Use this command to set the rate limit and burst interval values for an interface to the default values of 15 pps and 1 second, respectively. Format no ip arp inspection limit...
Page 502: Permit Ip Host Mac Host
M6100 Series Switches permit ip host mac host Use this command to configure a rule for a valid IP address and MAC address combination used in ARP packet validation. Format permit ip host sender-ipaddress mac host sender-mac Mode ARP Access-list Config no permit ip host mac host Use this command to delete a rule for a valid IP and MAC combination.
Page 503: Show Ip Arp Inspection Statistics
The ARP ACL Name, if configured on the VLAN. Static Flag If the ARP ACL is configured static on the VLAN. Command example: (NETGEAR Switch) #show ip arp inspection vlan 10-12 Source Mac Validation : Disabled Destination Mac Validation : Disabled...
Page 504: Clear Ip Arp Inspection Statistics
The output of the show ip arp inspection statistics command lists the summary of forwarded and dropped ARP packets on all DAI-enabled VLANs: VLAN Forwarded Dropped ---- --------- ------- Command example: (NETGEAR Switch) #show ip arp inspection statistics vlan vlan-list VLAN DHCP DHCP Bad Src Bad Dest Invalid Drops Drops...
Page 505: Mvr Commands
Whether the interface is trusted or untrusted for DAI. Rate Limit The configured rate limit value in packets per second. Burst Interval The configured burst interval value in seconds. Command example: (NETGEAR Switch) #show ip arp inspection interfaces Interface Trust State Rate Limit Burst Interval (pps)
Page 506: Mvr Group
M6100 Series Switches MVR is intended to solve the problem of receivers in different VLANs. It uses a dedicated manually configured VLAN, called the multicast VLAN, to forward multicast traffic over a Layer 2 network with IGMP snooping. This command enables MVR.
Page 507: Mvr Querytime
M6100 Series Switches IGMP queries from the router on source ports and forwarding the IGMP joins from the hosts to the IGMP router on the multicast VLAN (with appropriate translation of the VLAN ID). Default compatible Format mvr mode {compatible | dynamic}...
Page 508: Mvr Immediate
M6100 Series Switches no mvr vlan This command sets the MVR multicast VLAN to the default value. Format no mvr vlan Mode Global Config mvr immediate This command enables MVR immediate leave mode. MVR provides two modes of operating with the IGMP Leave messages: normal leave and immediate leave.
Page 509: Mvr Vlan Group
M6100 Series Switches no mvr type Use this command to set the MVR port type to none. Format no mvr type Mode Interface Config mvr vlan group Use this command to include the port in the specific MVR group. mVLAN is the multicast VLAN, and A.B.C.D is the IP multicast group.
Page 510: Show Mvr Members
M6100 Series Switches Command example: (NETGEAR Switch)#show mvr MVR Running…......TRUE MVR multicast VLAN…....1200 MVR Max Multicast Groups…....256 MVR Current multicast groups…..1 MVR Global query response time…..10 (tenths of sec) MVR Mode…......compatible show mvr members This command displays the MVR membership groups allocated.
Page 511: Show Mvr Traffic
M6100 Series Switches The following table explains the output parameters. Term Description Port Interface number Type The MVR port type. It can be none, receiver, or source type. Status The interface status. It consists of two characteristics: • active or inactive indicates whether the port is forwarding.
Page 512: Igmp Snooping Configuration Commands
IGMP Packet Transmit Failures…......0 IGMP Snooping Configuration Commands This section describes the commands you use to configure IGMP snooping. NETGEAR Managed Switch SMB software supports IGMP Versions 1, 2, and 3. The IGMP snooping feature can help conserve bandwidth because it allows the switch to forward IP multicast traffic only to connected hosts that request multicast traffic.
Page 513: Set Igmp Interfacemode
M6100 Series Switches If an interface has IGMP Snooping enabled and you enable this interface for routing or enlist it as a member of a port-channel (LAG), IGMP Snooping functionality is disabled on that interface. IGMP Snooping functionality is re-enabled if you disable routing or remove port-channel (LAG) membership from an interface that has IGMP Snooping enabled.
Page 514: Set Igmp Fast-Leave
M6100 Series Switches no set igmp interfacemode This command disables IGMP Snooping on all interfaces. Format no set igmp interfacemode Mode Global Config set igmp fast-leave This command enables or disables IGMP Snooping fast-leave admin mode on a selected interface, a range of interfaces, or a VLAN. Enabling fast-leave allows the switch to...
Page 515: Set Igmp Maxresponse
M6100 Series Switches Default 260 seconds Format set igmp groupmembership-interval [vlan-id] seconds Mode Interface Config Global Config VLAN Config no set igmp groupmembership-interval This command sets the IGMPv3 group membership interval time to the default value. Format no set igmp groupmembership-interval [vlan-id]...
Page 516: Set Igmp Mcrtrexpiretime
M6100 Series Switches set igmp mcrtrexpiretime This command sets the multicast router present expiration time. The time is set for the system, on a particular interface or VLAN, or on a range of interfaces. This is the amount of time in seconds that a switch waits for a query to be received on an interface before the interface is removed from the list of interfaces with multicast routers attached.
Page 517: Set Igmp Mrouter Interface
Mode VLAN Config Parameter Description vlan-id A valid VLAN ID. Range is 1 to 4093. Command example: (NETGEAR Switch) #vlan database (NETGEAR Switch) (Vlan)#set igmp report-suppression ? <1-4093> Enter VLAN ID. (NETGEAR Switch) (Vlan)#set igmp report-suppression 1 Switching Commands...
Page 518: Show Igmpsnooping
M6100 Series Switches no set igmp report-suppression Use this command to return the system to the default. Format no set igmp report-suppression Mode VLAN Config show igmpsnooping This command displays IGMP Snooping information for a given unit/slot/port or VLAN. Configured information is displayed whether or not IGMP Snooping is enabled.
Page 519: Show Igmpsnooping Mrouter Interface
517) in Suppression Mode enabled or not. Command example: (NETGEAR switch) #show igmpsnooping 1 VLAN ID........1 IGMP Snooping Admin Mode....... Disabled Fast Leave Mode........ Disabled Group Membership Interval (secs)....260 Max Response Time (secs)....... 10 Multicast Router Expiry Time (secs)....
Page 520: Show Igmpsnooping Mrouter Vlan
M6100 Series Switches show igmpsnooping mrouter vlan This command displays information about statically configured ports. Format show igmpsnooping mrouter vlan unit/slot/port Mode Privileged EXEC Term Definition Interface The port on which multicast router information is being displayed. VLAN ID The list of VLANs of which the interface is a member.
Page 521: Igmp Snooping Querier Commands
M6100 Series Switches IGMP Snooping Querier Commands IGMP Snooping requires that one central switch or router periodically query all end-devices on the network to announce their multicast memberships. This central device is the “IGMP Querier”. The IGMP query responses, known as IGMP reports, keep the switch updated with the current multicast group membership on a port-by-port basis.
Page 522: Set Igmp Querier Timer Expiry
M6100 Series Switches no set igmp querier Use this command to disable IGMP Snooping Querier on the system. Use the optional address parameter to reset the querier address to 0.0.0.0. Format no set igmp querier [vlan-id] [address] Mode Global Config...
Page 523: Set Igmp Querier Version
M6100 Series Switches set igmp querier version Use this command to set the IGMP version of the query that the snooping switch sends periodically. Default Format set igmp querier version {1 | 2} Mode Global Config no set igmp querier version Use this command to set the IGMP Querier version to its default value.
Page 524 M6100 Series Switches When the optional argument vlan-id is not used, the command displays the following information. Field Description Admin Mode Indicates whether or not IGMP Snooping Querier is active on the switch. Admin Version The version of IGMP that will be used while sending out the queries.
Page 525: Mld Snooping Commands
M6100 Series Switches set igmp proxy-querier This command enables IGMP snooping through different command modes the following ways: • in Global Config mode, on the entire switch • in Interface Config mode, on an interface • in VLAN Config mode, on a particular VLAN and all interfaces participating in the VLAN.
Page 526: Set Mld Interfacemode
M6100 Series Switches MLD Snooping supports the following activities: • Validation of address version, payload length consistencies and discarding of the frame upon error. • Maintenance of the forwarding table entries based on the MAC address versus the IPv6 address.
Page 527: Set Mld Fast-Leave
M6100 Series Switches set mld fast-leave Use this command to enable MLD Snooping fast-leave admin mode on a selected interface or VLAN. Enabling fast-leave allows the switch to immediately remove the Layer 2 LAN interface from its forwarding table entry upon receiving and MLD done message for that multicast group without first sending out MAC-based general queries to the interface.
Page 528: Set Mld Maxresponse
M6100 Series Switches no set groupmembership-interval Use this command to set the MLDv2 group membership Interval time to the default value. Format no set mld groupmembership-interval Mode Interface Config Global Config VLAN Mode set mld maxresponse Use this command to set the MLD maximum response time for the system, on a particular interface or VLAN.
Page 529: Set Mld Mrouter
M6100 Series Switches no set mld mcrtexpiretime Use this command to set the multicast router present expiration time to 0. The time is set for the system, on a particular interface or a VLAN. Format no set mld mcrtexpiretime vlan-id...
Page 530: Show Mldsnooping
M6100 Series Switches show mldsnooping Use this command to display MLD Snooping information. Configured information is displayed whether or not MLD Snooping is enabled. Format show mldsnooping [unit/slot/port | vlan-id] Mode Privileged EXEC When the optional arguments unit/slot/port or vlan-id are not used, the command displays the following information.
Page 531: Show Mldsnooping Mrouter Interface
M6100 Series Switches show mldsnooping mrouter interface Use this command to display information about statically configured multicast router attached interfaces. Format show mldsnooping mrouter interface unit/slot/port Mode Privileged EXEC Term Definition Interface Shows the interface on which multicast router information is being displayed.
Page 532: Show Mldsnooping Ssm Stats
M6100 Series Switches Term Definition Source Filter Mode The source filter mode (Include/Exclude) for the specified group. Interfaces • If Source Filter Mode is “Include,” specifies the list of interfaces on which a incoming packet is forwarded. If it’s source IP address is equal to the current entry’s Source, the destination IP address is equal to the current entry’s Group and the VLAN ID on which it arrived is current...
Page 533: Mld Snooping Querier Commands
M6100 Series Switches show mac-address-table mldsnooping Use this command to display the MLD Snooping entries in the Multicast Forwarding Database (MFDB) table. Format show mac-address-table mldsnooping Mode Privileged EXEC Term Definition VLAN ID The VLAN in which the MAC address is learned.
Page 534: Set Mld Querier
M6100 Series Switches set mld querier Use this command to enable MLD Snooping Querier on the system (Global Config Mode) or on a VLAN. Using this command, you can specify the IP address that the snooping querier switch should use as a source address while generating periodic queries.
Page 535: Set Mld Querier Timer Expiry
M6100 Series Switches set mld querier timer expiry Use this command to set the MLD querier timer expiration period. It is the period in seconds, from 60–300 seconds, that the switch remains in non-querier mode after it has discovered a multicast querier in the network.
Page 536 M6100 Series Switches When you do not specify a value for vlan-id, the command displays the following information. Field Description Admin Mode Indicates whether or not MLD Snooping Querier is active on the switch. Admin Version Indicates the version of MLD that will be used while sending out the queries. This is defaulted to MLD v1 and it cannot be changed.
Page 537: Port Security Commands
M6100 Series Switches Port Security Commands This section describes the command you use to configure Port Security on the switch. Port security, which is also known as port MAC locking, allows you to secure the network by locking allowable MAC addresses on a given port. Packets with a matching source MAC address are forwarded normally, and all other packets are discarded.
Page 538: Port-Security Max-Static
M6100 Series Switches no port-security max-dynamic This command resets the maximum number of dynamically locked MAC addresses allowed on a specific port to its default value. Format no port-security max-dynamic Mode Interface Config port-security max-static This command sets the maximum number of statically locked MAC addresses allowed on a port.
Page 539: Port-Security Mac-Address Move
M6100 Series Switches port-security mac-address move This command converts dynamically locked MAC addresses to statically locked addresses for an interface or range of interfaces. Format port-security mac-address move Mode Interface Config port-security mac-address sticky This command enables sticky mode Port MAC Locking on a port. If accompanied by a MAC address and a VLAN id (for interface config mode only), it adds a sticky MAC address to the list of statically locked MAC addresses.
Page 540: Show Port-Security Dynamic
Maximum statically allocated MAC Addresses. Violation Trap Whether violation traps are enabled. Mode Sticky Mode The administrative mode of the port security Sticky Mode feature on the interface. Command example: (NETGEAR Routing) #show port-security 0/1 Admin Dynamic Static Violation Sticky Intf...
Page 541: Show Port-Security Static
The ID of the VLAN that includes the host with the specified MAC address. Sticky Indicates whether the static MAC address entry is added in sticky mode. Command example: (NETGEAR Switch) #show port-security static 1/0/1 Number of static MAC addresses configured: 2 Statically configured MAC Address VLAN ID...
Page 542: Lldp Transmit
M6100 Series Switches LLDP (802.1AB) Commands This section describes the command you use to configure Link Layer Discovery Protocol (LLDP), which is defined in the IEEE 802.1AB specification. LLDP allows stations on an 802 LAN to advertise major capabilities and physical descriptions. The advertisements allow a network management system (NMS) to access and display this information.
Page 543: Lldp Transmit-Tlv
M6100 Series Switches multiplier on the transmit interval that sets the TTL in local data LLDPDUs. The multiplier range is 2–10. The reinit-seconds is the delay before reinitialization, and the range is 1–0 seconds. Default interval—30 seconds hold—4 reinit—2 seconds...
Page 544: Lldp Notification
M6100 Series Switches lldp transmit-mgmt Use this command to include transmission of the local system management address information in the LLDPDUs. This command can be used to configure a single interface or a range of interfaces. Format lldp transmit-mgmt Mode...
Page 545: Clear Lldp Statistics
M6100 Series Switches no lldp notification-interval Use this command to return the notification interval to the default value. Format no lldp notification-interval Mode Global Config clear lldp statistics Use this command to reset all LLDP statistics, including MED-related information. Format...
Page 546: Show Lldp Interface
M6100 Series Switches show lldp interface Use this command to display a summary of the current LLDP configuration for a specific interface or for all interfaces. Format show lldp interface {unit/slot/port | all} Mode Privileged Exec Term Definition Interface The interface in a unit/slot/port format.
Page 547: Show Lldp Remote-Device
The ID that is sent by a remote device as part of the LLDP message, it is usually a MAC address of the device. Port ID The port number that transmitted the LLDPDU. System Name The system name of the remote device. Command example: (NETGEAR switch) #show lldp remote-device all LLDP Remote Device Summary Switching Commands...
Page 548 M6100 Series Switches Local Interface RemID Chassis ID Port ID System Name ------- ------- -------------------- ------------------ ------------------ 00:FC:E3:90:01:0F 00:FC:E3:90:01:11 00:FC:E3:90:01:0F 00:FC:E3:90:01:12 00:FC:E3:90:01:0F 00:FC:E3:90:01:13 00:FC:E3:90:01:0F 00:FC:E3:90:01:14 00:FC:E3:90:01:0F 00:FC:E3:90:03:11 00:FC:E3:90:01:0F 00:FC:E3:90:04:11 0/10 0/11 0/12 show lldp remote-device detail Use this command to display detailed information about remote devices that transmit current LLDP data to an interface on the system.
Page 549: Show Lldp Local-Device
Time To Live The amount of time (in seconds) the remote device's information received in the LLDPDU should be treated as valid information. Command example: (NETGEAR switch) #show lldp remote-device detail 0/7 LLDP Remote Device Detail Local Interface: 0/7 Remote Identifier: 2...
Page 550: Show Lldp Local-Device Detail
M6100 Series Switches Term Definition Port ID The port ID associated with this interface. Port Description The port description associated with the interface. show lldp local-device detail Use this command to display detailed information about the LLDP data a specific interface transmits.
Page 551: Lldp Med Confignotification
M6100 Series Switches lldp med Use this command to enable MED on an interface or a range of interfaces. By enabling MED, you will be effectively enabling the transmit and receive function of LLDP. Default disabled Format lldp med Mode...
Page 552: Lldp Med All
M6100 Series Switches Parameter Definition capabilities Transmit the LLDP capabilities TLV. ex-pd Transmit the LLDP extended PD TLV. ex-pse Transmit the LLDP extended PSE TLV. inventory Transmit the LLDP inventory TLV. location Transmit the LLDP location TLV. network-policy Transmit the LLDP network policy TLV.
Page 553: Show Lldp Med
M6100 Series Switches no lldp med faststartrepeatcount Use this command to return to the factory default value. Format no lldp med faststartrepeatcount Mode Global Config lldp med transmit-tlv all Use this command to specify which optional Type Length Values (TLVs) in the LLDP MED set will be transmitted in the Link Layer Discovery Protocol Data Units (LLDPDUs).
Page 554: Show Lldp Med Interface
LLDP interfaces. Format show lldp med interface {unit/slot/port | all} Mode Privileged Exec Command example: (NETGEAR Routing) #show lldp med interface all Interface Link configMED operMED ConfigNotify TLVsTx --------- ------...
Page 555: Show Lldp Med Local-Device Detail
Format show lldp med local-device detail unit/slot/port Mode Privileged EXEC Command example: (NETGEAR Routing) #show lldp med local-device detail 1/0/8 LLDP MED Local Device Detail Interface: 1/0/8 Network Policies Media Policy Application Type : voice Vlan ID: 10...
Page 556: Show Lldp Med Remote-Device
An internal identifier to the switch to mark each remote device to the system. Device Class Device classification of the remote device. Command example: (NETGEAR Routing) #show lldp med remote-device all LLDP MED Remote Device Summary Local Interface Remote ID...
Page 557: Show Lldp Med Remote-Device Detail
LLDP MED data to an interface on the system. Format show lldp med remote-device detail unit/slot/port Mode Privileged EXEC Command example: (NETGEAR Routing) #show lldp med remote-device detail 1/0/8 LLDP MED Remote Device Detail Local Interface: 1/0/8 Remote Identifier: 18 Capabilities MED Capabilities Supported: capabilities, networkpolicy, location, extendedpse...
Page 558: Denial Of Service Commands
This section describes the commands you use to configure Denial of Service (DoS) Control. NETGEAR Managed Switch software provides support for classifying and blocking specific types of Denial of Service attacks. You can configure your system to monitor and block these types of attacks: •...
Page 559: Dos-Control All
M6100 Series Switches • TCP Flag & Sequence: TCP Flag SYN set and Source Port < 1024 or TCP Control Flags = 0 and TCP Sequence Number = 0 or TCP Flags FIN, URG, and PSH set and TCP Sequence Number = 0 or TCP Flags SYN and FIN set.
Page 560: Dos-Control Firstfrag
M6100 Series Switches no dos-control sipdip This command disables Source IP address = Destination IP address (SIP = DIP) Denial of Service prevention. Format no dos-control sipdip Mode Global Config dos-control firstfrag This command enables Minimum TCP Header Size Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack.
Page 561: Dos-Control Tcpflag
M6100 Series Switches no dos-control tcpfrag This command disables TCP Fragment Denial of Service protection. Format no dos-control tcpfrag Mode Global Config dos-control tcpflag This command enables TCP Flag Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attacks. If packets ingress having TCP...
Page 562: Dos-Control Smacdmac
M6100 Series Switches no dos-control l4port This command disables L4 Port Denial of Service protections. Format no dos-control l4port Mode Global Config dos-control smacdmac This command enables Source MAC address = Destination MAC address (SMAC = DMAC) Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack.
Page 563: Dos-Control Udpport
M6100 Series Switches dos-control udpport This command enables UDP L4 source = destination port number (Source UDP Port = Destination UDP Port) DoS protection. If the mode is enabled, Denial of Service prevention is active for this type of attack. If packets ingress with Source UDP Port = Destination UDP Port, the packets will be dropped if the mode is enabled.
Page 564: Dos-Control Tcpsyn
M6100 Series Switches Default disabled Format dos-control tcpoffset Mode Global Config no dos-control tcpoffset This command disabled TCP Offset Denial of Service protection. Format no dos-control tcpoffset Mode Global Config dos-control tcpsyn This command enables TCP SYN and L4 source = 0-1023 Denial of Service protection. If the mode is enabled, Denial of Service prevention is active for this type of attack.
Page 565: Dos-Control Tcpfinurgpsh
M6100 Series Switches no dos-control tcpsynfin This command sets disables TCP SYN & FIN Denial of Service protection. Format no dos-control tcpsynfin Mode Global Config dos-control tcpfinurgpsh This command enables TCP FIN and URG and PSH and SEQ = 0 checking Denial of Service protections.
Page 566: Dos-Control Icmpfrag
M6100 Series Switches dos-control icmpv6 This command enables Maximum ICMPv6 Packet Size Denial of Service protections. If the mode is enabled, Denial of Service prevention is active for this type of attack. If ICMPv6 Echo Request (PING) packets ingress having a size greater than the configured value, the packets will be dropped if the mode is enabled.
Page 567 M6100 Series Switches Term Definition First Fragment Mode The administrative mode of First Fragment DoS prevention. When enabled, this causes the switch to drop packets that have a TCP header smaller then the configured Min TCP Hdr Size. Min TCP Hdr Size The minimum TCP header size the switch will accept if First Fragment DoS prevention is enabled.
Page 568: Mac Database Commands
M6100 Series Switches Term Definition TCP Fragment Mode The administrative mode of TCP Fragment DoS prevention. Enabling this causes the switch to drop packets that have a TCP payload in which the IP payload length minus the IP header size is less than the minimum allowed TCP header size.
Page 569: Show Mac-Address-Table Multicast
Command example: If one or more entries exist in the multicast forwarding table, the output is similar to the following: (NETGEAR Switch) #show mac-address-table multicast VLAN ID MAC Address Source Type...
Page 570: Isdp Commands
M6100 Series Switches 1/0/7, 1/0/7, 1/0/8, 1/0/8, 1/0/9, 1/0/9, 1/0/10, 1/0/10, show mac-address-table stats This command displays the Multicast Forwarding Database (MFDB) statistics. Format show mac-address-table stats Mode Privileged EXEC Term Definition Total Entries The total number of entries that can possibly be in the Multicast Forwarding Database table.
Page 571: Isdp Holdtime
M6100 Series Switches isdp holdtime This command configures the hold time for ISDP packets that the switch transmits. The hold time specifies how long a receiving device should store information sent in the ISDP packet before discarding it. The period is in the range 10–255 seconds.
Page 572: Clear Isdp Counters
M6100 Series Switches Default Enabled Format isdp enable Mode Interface Config no isdp enable This command disables ISDP on the interface. Format no isdp enable Mode Interface Config clear isdp counters This command clears ISDP counters. Format clear isdp counters...
Page 573: Show Isdp Interface
M6100 Series Switches Term Definition Neighbors table The amount of time that has passed since the ISPD neighbor table changed. time since last change Device ID The Device ID advertised by this device. The format of this Device ID is characterized by the value of the Device ID Format object.
Page 574: Show Isdp Entry
M6100 Series Switches Command example: (NETGEAR Switch) #show isdp interface 0/1 Interface Mode --------------- ---------- Enabled Command example: (NETGEAR Switch) #show isdp interface all Interface Mode --------------- ---------- Enabled Enabled Enabled Enabled Enabled Enabled Enabled Enabled show isdp entry This command displays ISDP entries. If the device-id is specified, then only entries for that device are shown.
Page 575: Show Isdp Neighbors
The version of the advertisement packet received from the neighbor. Version Entry Last The time when the entry was last changed. Changed Time Command example: (NETGEAR Switch) #show isdp entry Switch Device ID Switch Address(es): IP Address: 172.20.1.18 IP Address: 172.20.1.18...
Page 576: Show Isdp Traffic
Platform Port ID ---------------- ----- --------- ----------- -------------- ------------------- Switch cisco WS-C4948 GigabitEthernet1/1 Command example: (NETGEAR Switch) #show isdp neighbors detail Device ID 0001f45f1bc0 Address(es): IP Address: 10.27.7.57 Capability Router Trans Bridge Switch IGMP Platform SecureChassis C2 Interface 0/48 Port ID ge.3.14...
Page 577: Debug Isdp Packet
ISDP IP Address Table Full Displays the number of times a neighbor entry was added to the table without an IP address. Command example: (NETGEAR Routing) #show isdp traffic ISDP Packets Received......4253 ISDP Packets Transmitted....... 127 ISDPv1 Packets Received......0 ISDPv1 Packets Transmitted.....
Page 578: Udld Enable (Global Config)
M6100 Series Switches no debug isdp packet This command disables tracing of ISDP packets on the receive or the transmit sides or on both sides. Format no debug isdp packet [receive | transmit] Mode Privileged EXEC UniDirectional Link Detection Commands The purpose of the UniDirectional Link Detection (UDLD) feature is to detect and avoid unidirectional links.
Page 579: Udld Timeout Interval
M6100 Series Switches udld timeout interval This command configures the time interval after which UDLD link is considered to be unidirectional. The range is from 5 to 60 seconds. Default 5 seconds Format udld timeout interval seconds Mode Global Config udld reset This command resets all interfaces that have been shutdown by UDLD.
Page 580: Show Udld
M6100 Series Switches show udld This command displays the global settings of UDLD. Format show udld Mode User EXEC Privileged EXEC Parameter Description Admin Mode The global administrative mode of UDLD. Message Interval The time period (in seconds) between the transmission of UDLD probe packets.
Page 581 Undetermined (Link Down). The port would transition into this state when the port link physically goes down due to any reasons other than the port been put into D-Disable mode by the UDLD protocol on the switch. Command example: (NETGEAR Switch) #show udld 0/1 Port Admin Mode UDLD Mode...
Page 582: Show Interface Debounce
Mode Interface Config show interface debounce This command displays the flap counts for all interfaces. Format show interface debounce Mode Privileged EXEC Command example: (NETGEAR Switch) #show interface debounce Interface Debounce Time(ms) Flaps --------- -------------- ------- 1/0/1 1/0/2 Switching Commands...
Page 583 M6100 Series Switches 1/0/3 1/0/4 1/0/5 1/0/6 Switching Commands...
Page 584: Chapter 8 Data Center Commands
Data Center Commands The data center commands allow network operators to deploy lossless Ethernet capabilities in support of a converged network with Fiber Channel and Ethernet data, as specified by the FC-BB-5 working group of ANSI T11. This capability allows operators to deploy networks at a lower cost while still maintaining the same network management operations that exist today.
Page 585: Lldp Dcbx Version
M6100 Series Switches Data Center Bridging Exchange Protocol Commands The Data Center Bridging Exchange Protocol (DCBX) is used by DCB devices to exchange configuration information with directly-connected peers. The protocol is also used to detect misconfiguration of the peer DCB devices and, optionally, for configuration of peer DCB devices.
Page 586: Lldp Tlv-Select Dcbxp
M6100 Series Switches no lldp dcbx version Use the no form of the command to reset the DCBX version to the default value of auto. Format no lldp dcbx version Mode Global Config lldp tlv-select dcbxp Use the lldp tlv-select dcbxp command in Interface Configuration or Global Configuration mode to send specific DCBX TLVs if LLDP is enabled to transmit on the given interface.
Page 587: Lldp Dcbx Port-Role
M6100 Series Switches lldp dcbx port-role Use the lldp dcbx port-role command in Interface Configuration mode to configure the port role to manual, auto-upstream, auto-downstream and configuration source. In order to reduce configuration flapping, ports that obtain configuration information from a configuration source port will maintain that configuration for 2x the LLDP timeout, even if the configuration source port becomes operationally disabled.
Page 588: Show Lldp Tlv-Select
M6100 Series Switches no lldp dcbx port-role Use the no lldp dcbx port-role command in Interface Configuration mode to configure the port role to manual. Format no lldp dcbx port-role Mode Interface Config show lldp tlv-select Use the show lldp tlv-select command in Privileged EXEC mode to display the per interface TLV configuration.
Page 589 M6100 Series Switches Command example: The following output shows DCBX status: (NETGEAR Routing) #show lldp dcbx interface all Is configuration source selected....False DCBX DCBX DCBX unknown Interface Status Role Version Errors ---------- ---------- ------------- --------- ------- ----- ------- -------...
Page 590 M6100 Series Switches Command example: The following output shows that DCBX is enabled with a legacy device (CIN/CEE): switch(config)# show lldp dcbx interface te1/0/1 Interface te1/0/1 DCBX Admin Status: Enabled Configured Version: Auto Peer DCBX Version: CIN Version 1.0 Peer MAC:...
Page 591 M6100 Series Switches TCP/SCTP Disabled TCP/SCTP 3260 Disabled Error Counters: ETS Incompatible Configuration: 0 PFC Incompatible Configuration: 0 Disappearing Neighbor: Multiple Neighbors Detected: Command example: The following output shows that DCBX is enabled with an IEEE device (DCBX Version Forced):...
Page 592: Classofservice Traffic-Class-Group
M6100 Series Switches ETS Configuration (TX Enabled) Willing: True Credit Shaper: False Traffic Classes Supported: 3 Priority Assignment: Traffic Class Bandwidth (%): 0:00 1:10 2:12 3:00 4:00 5:78 6:00 7:00 Traffic Selection Algorithm: ETS Recommendation (TX Enabled) Peer DCBX Version: CEE 1.6...
Page 593: Traffic-Class-Group Max-Bandwidth
M6100 Series Switches Parameter Description trafficclass The Traffic Class can range from 0–6, although the actual number of available traffic classes depends on the platform. traffic-class-group The Traffic Class Group can range from 0–6, although the actual number of available traffic classes depends on the platform.
Page 594: Traffic-Class-Group Min-Bandwidth
M6100 Series Switches Note: A value of 0 (the default) implies an unrestricted upper transmission limit, which is similar to 100%, although there may be subtle operational differences depending on how the device handles a no limit case versus limit to 100%.
Page 595: Traffic-Class-Group Strict
M6100 Series Switches no traffic-class-group min-bandwidth Use the no traffic-class-group min-bandwidth command in Global Config or Interface Config mode to restore the default for each queue’s minimum bandwidth value. Format no traffic-class-group min-bandwidth Mode Global Config Interface Config traffic-class-group strict Use the traffic-class-group strict command in Global Config or Interface Config mode to activate the strict priority scheduler mode for each specified TCG.
Page 596: Traffic-Class-Group Weight
M6100 Series Switches traffic-class-group weight Use the traffic-class-group weight command in Global Config or Interface Config mode to specify the weight for each interface TCG. The total number of TCGs supported per interface is platform specific. Default For TCG0:TCG1:TCG2, weights are in the ratio 100%:0%:0% Format traffic-class-group weight wp-0 wp-1 …...
Page 597: Fip Snooping Commands
Emulation of FC point-to-point links within the DCB Ethernet network. Enhanced FCoE security/robustness by preventing FCoE MAC spoofing. The FIP Snooping Bridge solution in NETGEAR Managed Switch supports configuration-only of perimeter port role and FCF-facing port roles and is only intended for use at the edge of the switched network.
Page 598: Feature Fip-Snooping
M6100 Series Switches The role of FIP Snooping-enabled ports on the switch falls under one of the following types: Perimeter or Edge port (connected directly to ENode). FCF facing port (that receives traffic from FCFs targeted to the ENodes). The default port role in an FCoE enabled VLAN is as a perimeter port. FCF facing ports must be configured by the user.
Page 599: Fip-Snooping Enable
M6100 Series Switches fip-snooping enable Use the fip-snooping enable command in VLAN Configuration mode to enable snooping of FIP packets on the configured VLANs. FIP snooping is disabled on VLANs by default. Priority Flow Control (PFC) must be operationally enabled before FIP snooping can operate on an interface.
Page 600: Fip-Snooping Port-Mode
M6100 Series Switches This command can only be entered after FIP snooping is enabled using the priority-flow-control mode command. Otherwise, it does not appear in the CLI syntax tree. Default The default FC map value is 0x0efc00. Format fip-snooping fc-map mapvalue...
Page 601: Show Fip-Snooping
M6100 Series Switches This command can only be entered after FIP snooping is enabled using the priority-flow-control mode command. Otherwise, it does not appear in the CLI syntax tree. Default Configuration as a host-facing interface. Format fip-snooping port-mode fcf Mode...
Page 602: Show Fip-Snooping Enode
M6100 Series Switches The following information is displayed. Parameter Description Global Mode FIP snooping configuration status on the switch. It displays Enable when FIP snooping is enabled on the switch and Disable when FIP snooping is disabled on the switch.
Page 603 (NETGEAR Switch)# show fip-snooping enode Interface VLAN Name-ID ENode-MAC FCFs Sessions ---------------------------------------------------------------- 1/0/2 00000000 00:0c:29:65:82:bc 1/0/5 00000000 00:0d:31:23:53:11 Command example: The following output displays when you specify the optional argument: (NETGEAR Switch)# show fip-snooping enode 00:0c:29:65:82:bc Interface 1/0/2 VLAN Data Center Commands...
Page 604: Show Fip-Snooping Fcf
M6100 Series Switches Name-ID 000000 ENode-MAC 00:0c:29:65:82:bc FCFs Connected Sessions Established Sessions Waiting Session Failed Max-FCoE-PDU 2158 Time elapsed 0 days, 1 hours, 20 minutes show fip-snooping fcf Use the show fip-snooping fcf command in User EXEC or Privileged EXEC mode to display information about the interfaces connected to FCFs.
Page 605 M6100 Series Switches Below is additional information regarding the FCF that is displayed when the optional FCF MAC address argument is provided. Parameter Description Sessions Total number of virtual sessions accepted by FCF in the associated VLAN. D-bit This reflects the value of the D-bit provided by the most recently received Discovery Advertisement from the FCF.
Page 606: Show Fip-Snooping Sessions
M6100 Series Switches FC-MAP 0e:fc:00 Name-ID 20:65:00:0d:ec:b1:9e:81 Fabric-Name 20:65:00:0d:ec:97:52:c1 Sessions D-bit Available for Login Priority FKA-ADV(FKA_ADV_PERIOD*5) FCF Expiry Time Time Elapsed 0 days, 2 hours, 8 minutes show fip-snooping sessions Use the show fip-snooping sessions command in User EXEC or Privileged EXEC mode to display information about the active FIP snooping sessions.
Page 607 M6100 Series Switches The command output format is different when the detail option is used. The information below is displayed. Parameter Description VLAN VLAN to which the session belongs. FC-MAP FCMAP value used by the FCF. FCFs Number of FCFs discovered.
Page 608 0e:fc:11:aa:bb:03 44:35:2a 00:0e:ad:12:23:53 00:0d:29:23:14:22 0e:fc:11:aa:bb:04 44:36:3b Command example: The following output displays when you specify the detail option: (NETGEAR Switch)# show fip-snooping sessions detail VLAN: 100 FC-MAP: 0e:fc:00 FCFs: ENodes: 1 Sessions: 7 <FCF Information> Interface: 3/0/15 MAC: 00:0d:ec:b2:2c:80 ENodes: 1 Sessions: 7 <ENode Information>...
Page 609 0e:fc:11:ad:00:03 FDESC(1,1) 232 FPMA ACTIVE 0d, 01h, 02m ----------------- FDESC(1,1) --- FPMA TENTATIVE ------------ Command example: The following output displays sessions between the specified FCF and ENode: (NETGEAR Switch)# show fip-snooping sessions fcf 00:0e:ad:12:23:53 enode 00:0d:29:12:22:a6 ------------------------------------------------------------------------------ FCF-MAC ENode-MAC VLAN FCoE-MAC FC-ID...
Page 610: Show Fip-Snooping Statistics
M6100 Series Switches show fip-snooping statistics Use the show fip-snooping statistics command in User EXEC or Privileged EXEC mode to display the statistics of the FIP packets snooped in the VLAN or on an interface. If the optional (VLAN or interface) argument is not given, this command displays the statistics for all of the FIP snooping enabled VLANs.
Page 611 When an interface is provided as an argument, interface applicable statistics are only displayed. See the third example for applicable statistics on an interface. Command example: The following output displays when you specify no optional arguments supplied: (NETGEAR Switch)# show fip-snooping statistics VLAN: 4 --------------------------------- FIP-Operation...
Page 612 M6100 Series Switches FLOGI_ACC FLOGI_RJT FDISC_ACC FDISC_RJT LOGO_ACC LOGO_RJT ---------------------------------- Number of Virtual Session Timeouts:23 Number of FCF Session Timeouts: Number of Session configuration failures: 10 Number of Sessions denied with FCF limit: Number of Sessions denied with ENode limit:...
Page 613 M6100 Series Switches Command example: The following output displays when you specify an optional VLAN argument: (NETGEAR Switch)# show fip-snooping statistics vlan 200 VLAN: 200 ------------------------------- FIP-Operation Number of Pkts ------------------------------- FLOGI FDISC LOGO VNPort-keep-alive 310 FLOGI_ACC FLOGI_RJT FDISC_ACC FDISC_RJT...
Page 614 M6100 Series Switches FLOGI FDISC LOGO VNPort-keep-alive 310 FLOGI_ACC FLOGI_RJT FDISC_ACC FDISC_RJT LOGO_ACC LOGO_RJT -------------------------------- Number of Virtual Session Timeouts:2 Number of FCF Session Timeouts: Number of Session configuration failures: 10 Number of Sessions denied with FCF limit: Number of Sessions denied with ENode limit:...
Page 615: Clear Fip-Snooping Statistics
M6100 Series Switches Parameter Description FCFs Number of FCFs discovered. ENodes Number of ENodes discovered. Sessions Total virtual sessions in FCoE VLAN. Command example: (NETGEAR Switch)# show fip-snooping Global Mode: Enable FCoE VLAN List : 2,4,5-8 FCFs: ENodes: Sessions: Max VLANs:...
Page 616: Priority-Flow-Control Mode
Priorities are differentiated by the priority field of the IEEE 802.1Q VLAN header, which identifies an IEEE 802.1p priority value. In NETGEAR Managed Switch, these priority values must be mapped to internal class-of-service (CoS) values. To enable priority-based flow control for a particular CoS value on an interface: Ensure that VLAN tagging is enabled on the interface so that the 802.1p priority values...
Page 617: Priority-Flow-Control Priority
M6100 Series Switches Command example: The following example enables PFC on an interface: s1(config)#interface te1/0/1 s1(config-if-Te1/0/1)#datacenter-bridging s1(config-if-dcb)#priority-flow-control mode on no priority-flow-control mode Use the no priority-flow-control mode command to return the PFC mode to the default (off). Format no priority-flow-control mode...
Page 618: Clear Priority-Flow-Control Statistics
M6100 Series Switches no priority-flow-control priority Use the no priority-flow-control priority command in Datacenter-Bridging Config mode to enable lossy behavior on all priorities on the interface. This has no effect on interfaces not enabled for PFC or with no lossless priorities configured.
Page 619 The number of PFC frames received by the interface with the associated 802.1p priority. Transmitted PFC Frames The number of PFC frames transmitted by the interface with the associated 802.1p priority. Command example: (NETGEAR Switch) #show interface 0/1 priority-flow-control Interface Detail: PFC Configured State: Disabled...
Page 620 M6100 Series Switches Command example: (NETGEAR Switch) #show interface priority-flow-control Port Drop No-Drop Oper Priorities Priorities State ------ ---------- ---------- ------- 1/0/1 1-4,75,6 Enabled 1/0/2 1-4,6-75 Enabled 1/0/48 1-4,75,6 Enabled Data Center Commands...
Page 621: Chapter 9 Routing Commands
Routing Commands This chapter describes the routing commands available in the NETGEAR Managed Switch SMB CLI. The chapter contains the following sections: • Address Resolution Protocol Commands • IP Routing Commands • Router Discovery Protocol Commands • Virtual LAN Routing Commands •...
Page 622: Address Resolution Protocol Commands
M6100 Series Switches Address Resolution Protocol Commands This section describes the commands you use to configure Address Resolution Protocol (ARP) and to view ARP information on the switch. ARP associates IP addresses with MAC addresses and stores the information as ARP entries in the ARP cache.
Page 623: Arp Cachesize
M6100 Series Switches no ip proxy-arp This command disables proxy ARP on a router interface. Format no ip proxy-arp Mode Interface Config ip local-proxy-arp Use this command to allow an interface to respond to ARP requests for IP addresses within the subnet and to forward traffic between hosts in the subnet.
Page 624: Arp Purge
M6100 Series Switches from the hardware. Traffic to the host continues to be forwarded in hardware without interruption. If the entry is not being used to forward data packets, then the entry is deleted from the ARP cache, unless the dynamic renew option is enabled. If the dynamic renew option is enabled, the system sends an ARP request to renew the entry.
Page 625: Arp Timeout
M6100 Series Switches no arp resptime This command configures the default ARP request response timeout. Format no arp resptime Mode Global Config arp retries This command configures the ARP count of maximum request for retries. The value for retries is an integer, which represents the maximum number of request for retries.
Page 626: Clear Arp-Cache
M6100 Series Switches clear arp-cache This command causes all ARP entries of type dynamic to be removed from the ARP cache. If the gateway keyword is specified, the dynamic entries of type gateway are purged as well. Format clear arp-cache [gateway]...
Page 627: Show Arp Brief
M6100 Series Switches The following are displayed for each ARP entry: Term Definition IP Address The IP address of a device on a subnet attached to an existing routing interface. MAC Address The hardware MAC address of that device. Interface The routing unit/slot/port associated with the device ARP entry.
Page 628: Ip Routing Commands
M6100 Series Switches Term Definition IP Address The IP address of a device on a subnet attached to the switch. MAC Address The hardware MAC address of that device. Interface The routing unit/slot/port associated with the device’s ARP entry. IP Routing Commands This section describes the commands you use to enable and configure IP routing on the switch.
Page 629: Ip Address
Note: The 31-bit subnet mask is only supported on routing interfaces. The feature is not supported on network port and service port interfaces because NETGEAR Managed Switch acts as a host, not a router, on these management interfaces. Format ip address ipaddr {subnetmask | /masklen} [secondary]...
Page 630: Ip Address Dhcp
0/4/1. (NETGEAR Switch) #config (NETGEAR Switch) (Config)#interface 0/4/1 (NETGEAR Switch) (Interface 0/4/1)#ip address 192.168.10.1 /31 no ip address This command deletes an IP address from an interface. The value for ipaddr is the IP address of the interface in a.b.c.d format where the range for a, b, c, and d is 1-255. The value for subnetmask is a 4-digit dotted-decimal number which represents the Subnet Mask of the interface.
Page 631: Ip Default-Gateway
The IPv4 address of an attached router. Command example: The following example sets the default gateway to 10.1.1.1: (NETGEAR Switch) #config (NETGEAR Switch) (Config)#ip default-gateway 10.1.1.1 no ip default-gateway This command removes the default gateway address from the configuration. Format...
Page 632: Renew Dhcp
M6100 Series Switches Format release dhcp unit/slot/port Mode Privileged EXEC renew dhcp Use this command to force the DHCPv4 client to immediately renew an IPv4 address lease on the specified interface. Note: This command can be used on in-band ports as well as the service or network (out-of-band) port.
Page 633: Ip Route Default
M6100 Series Switches For the static routes to be visible, you must perform the following steps: • Enable ip routing globally. • Enable ip routing for the interface. • Confirm that the associated link is also up. Default preference—1 Format...
Page 634: Ip Netdirbcast
M6100 Series Switches no distance is specified in these commands. Changing the default distance does not update the distance of existing static routes, even if they were assigned the original default distance. The new default distance will only be applied to static routes created after invoking the ip route distance command.
Page 635: Show Dhcp Lease
M6100 Series Switches form an adjacency (unless OSPF has been instructed to ignore differences in IP MTU with the ip ospf mtu-ignore command.) Note: The IP MTU size refers to the maximum size of the IP packet (IP Header + IP payload). It does not include any extra bytes that may be required for Layer-2 headers.
Page 636: Show Ip Brief
1 to 200 messages. The default value is 100 messages. ICMP Echo Replies Shows whether ICMP Echo Replies are enabled or disabled. ICMP Redirects Shows whether ICMP Redirects are enabled or disabled. Command example: (NETGEAR Switch) #show ip brief Routing Commands...
Page 637: Show Ip Interface
M6100 Series Switches Default Time to Live......64 Routing Mode........Disabled Maximum Next Hops......4 Maximum Routes......... 128 ICMP Rate Limit Interval....... 1000 msec ICMP Rate Limit Burst Size..... 100 messages ICMP Echo Replies......Enabled ICMP Redirects......... Enabled show ip interface This command displays all pertinent information about the IP interface.
Page 638 The client identifier is displayed in the output of the command only if DHCP is enabled with the Identifier client-id option on the in-band interface. See the ip address dhcp command. Command example: (NETGEAR Switch)#show ip interface 1/0/2 Routing Interface Status....... Down Primary IP Address......1.2.3.4/255.255.255.0 Method......... Manual Secondary IP Address(es)....... 21.2.3.4/255.255.255.0 ..........22.2.3.4/255.255.255.0 Helper IP Address......
Page 639: Show Ip Interface Brief
M6100 Series Switches Command example: The following example enables the DHCP client on a VLAN routing interface: (NETGEAR Switch) #show ip interface vlan 10 Routing Interface Status....Up Method........DHCP Routing Mode......Enable Administrative Mode...... Enable Forward Net Directed Broadcasts..Disable Active State......
Page 640: Show Ip Protocols
M6100 Series Switches ---------- ----- --------------- --------------- -------- 1/0/17 192.168.75.1 255.255.255.0 DHCP show ip protocols This command lists a summary of the configuration and status for each unicast routing protocol. The command lists routing protocols which are configured and enabled. If a protocol is selected on the command line, the display will be limited to that protocol.
Page 641 M6100 Series Switches Parameter Description Networks The set of networks originated through a network command. Those networks that are actually Originated advertised to neighbors are marked “active.” Neighbors A list of configured neighbors and the inbound and outbound policies configured for each.
Page 642 For ospf, configured ospf match parameters are also shown. Interface The interfaces where RIP is enabled and the version sent and accepted on each interface. Command example: (NETGEAR Switch) #show ip protocols Routing Protocol......BGP Router ID......... 6.6.6.6 Local AS Number......65001 BGP Admin Mode......
Page 643 M6100 Series Switches Filter List In......1 Filter List Out....... 2 Prefix List In......PfxList2 Prefix List Out....... PfxList3 Route Map In......rmapUp Route Map Out......rmapDown 172.20.5.1 Prefix List Out....... PfxList12 Routing Protocol......OSPFv2 Router ID......... 6.6.6.6 OSPF Admin Mode......Enable Maximum Paths......
Page 644: Show Ip Route
M6100 Series Switches ospf 20 int ext1 ext2 nssa-ext1 Interface Send Recv --------- ---- ---- 0/25 RIPv2 RIPv2 show ip route This command displays the routing table. The ip-address specifies the network for which the route is to be displayed and displays the best matching best-route for the address. The mask specifies the subnet mask for the given ip-address.
Page 645 OSPF/RIP. Reject routes are supported in both OSPFv2 and OSPFv3. Command example: (NETGEAR Routing) #show ip route Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static B - BGP Derived, IA - OSPF Inter Area...
Page 646: Show Ip Route Ecmp-Groups
Mode Privileged Exec Command example: (NETGEAR Switch) #show ip route ecmp-groups ECMP Group 1 with 2 next hops (used by 1 route) 172.20.33.100 on interface 2/33 172.20.34.100 on interface 2/34 ECMP Group 2 with 3 next hops (used by 1 route) 172.20.32.100 on interface 2/32...
Page 647: Show Ip Route Summary
M6100 Series Switches 172.20.33.100 on interface 2/33 172.20.34.100 on interface 2/34 ECMP Group 3 with 4 next hops (used by 1 route) 172.20.31.100 on interface 2/31 172.20.32.100 on interface 2/32 172.20.33.100 on interface 2/33 172.20.34.100 on interface 2/34 show ip route summary This command displays a summary of the state of the routing table.
Page 648 M6100 Series Switches Term Definition Best Routes (High) The number of best routes currently in the routing table. This number only counts the best route to each destination. The value in parentheses indicates the highest count of unique best routes since counters were last cleared.
Page 649 M6100 Series Switches Command example: (NETGEAR Switch) #show ip route summary Connected Routes....... 7 Static Routes........1 RIP Routes........20 BGP Routes........10 External........0 Internal........10 Local........0 OSPF Routes........1004 Intra Area Routes......4 Inter Area Routes......1000 External Type-1 Routes.......
Page 650: Clear Ip Route
M6100 Series Switches clear ip route This command lets you reset the IPv4 routing table counters or remove various types of routes in the IPv4 routing table. Format clear ip route {all | bgp [ip-address subnet-mask [interface unit/slot/port]] | counters | ospf [ip-address subnet-mask [interface unit/slot/port] | rip...
Page 651: Show Ip Stats
The route preference value of the statically-configured default gateway DHCP Default Gateway The route preference value of the default gateway learned from the DHCP server. Command example: (NETGEAR Switch) #show ip route preferences Local.......... 0 Static......... 1 OSPF Intra........110 OSPF Inter........
Page 652: Routing Policy Commands
In Use High Water The maximum memory in use since the system last rebooted. Mark Command example: (NETGEAR Switch) #show routing heap summary Heap Size....... 95053184 Memory In Use....56998 Memory on Free List..... 47 Memory Available in Heap..94996170 In Use High Water Mark..
Page 653: Ip Prefix-List
M6100 Series Switches Command example: (NETGEAR Routing) (Config)#interface 1/0/1 (NETGEAR Routing) (Interface 1/0/1)# (NETGEAR switch) (Interface 1/0/1)# #ip policy route-map equal-access no ip policy route-map Use this command to disable policy-based routing on an interface. Format no ip policy route-map-name...
Page 654: Ip Prefix-List Description
The following example configures a prefix list that allows routes with one of two specific destination prefixes, 172.20.0.0/16 and 192.168.1.0/24: (NETGEAR Switch)(config)# ip prefix-list apple seq 10 permit 172.20.0.0/16 (NETGEAR Switch)(config)# ip prefix-list apple seq 20 permit 192.168.10/24 Command example: The following example disallows only the default route: (NETGEAR Switch)(config)# ip prefix-list orange deny 0.0.0.0/0...
Page 655: Ipv6 Prefix-List (Routing Policy Commands)
M6100 Series Switches Format ip prefix-list list-name description text Mode Global Configuration Parameter Description list-name The text name of the prefix list. description text Text description of the prefix list. Up to 80 characters. no ip prefix-list description To remove the text description, use the no ip prefix-list description command.
Page 656 M6100 Series Switches Parameter Description list-name The text name of the prefix list. Up to 32 characters. seq number (Optional) The sequence number for this prefix list statement. Prefix list statements are ordered from lowest sequence number to highest and applied in that order. If you do not specify a sequence number, the system will automatically select a sequence number five larger than the last sequence number in the list.
Page 657: Match As-Path
The redistribution command specifies a route map which refers to a prefix list. The prefix list identifies the prefixes that may be redistributed. NETGEAR Managed Switch accepts up to 64 route maps. Default No route maps are configured by default.
Page 658: Match Community
M6100 Series Switches has a match as-path term, the AS path list numbers in the new term are added to the existing match term, up to the maximum number of lists in a term. A route is considered a match if it matches any one or more of the AS path access lists the match term refers to.
Page 659: Match Ip Address
M6100 Series Switches from the route map. (It does not simply remove the exact-match option.) The command no match community removes the match term and all its community lists. Format no match community community-list [community-list...] [exact-match] Mode Route Map Configuration...
Page 660 The following example creates a route-map with a match clause on ACL number and applies that route-map on an interface: (NETGEAR Routing) (config)#access-list 1 permit ip 10.1.0.0 0.0.255.255 (NETGEAR Routing) (config)#access-list 2 permit ip 10.2.0.0 0.0.255.255 (NETGEAR Routing) (config)#route-map equal-access permit 10 (NETGEAR Routing) (config-route-map)#match ip address 1 (NETGEAR Routing) (config-route-map)#set ip default next-hop 192.168.6.6...
Page 661 (NETGEAR Routing) # (NETGEAR Routing) # (NETGEAR Routing) #configure (NETGEAR Routing) (Config)#route-map madan (NETGEAR Routing) (route-map)#match ip address 1 2 3 4 5 madan (NETGEAR Routing) (route-map)#match mac-list madan mohan goud (NETGEAR Routing) (route-map)#exit (NETGEAR Routing) (Config)#exit (NETGEAR Routing) #show route-map...
Page 662: Match Ipv6 Address
M6100 Series Switches (NETGEAR Routing) (Config)#ip access-list madan (NETGEAR Routing) (Config-ipv4-acl)#permit udp any any Request denied. Another application using this ACL restricts the number of rules allowed. no match ip address (for an access list) To delete a match statement for an access list from a route map, use the no match ip address command.
Page 663: Match Length
No match criteria are defined by default. Format match length min max Mode Route Map Configuration Command example: (NETGEAR Switch) (config-route-map)# match length 64 1500 no match length Use this command to delete a match statement from a route map. Format no match length Mode...
Page 664 (NETGEAR Routing) # (NETGEAR Routing) # (NETGEAR Routing) #configure (NETGEAR Routing) (Config)#route-map madan (NETGEAR Routing) (route-map)#match mac-list madan mohan goud (NETGEAR Routing) (route-map)#exit (NETGEAR Routing) (Config)#exit (NETGEAR Routing) #show route-map route-map madan permit 10 Match clauses: mac-list (access-lists) : madan mohan goud...
Page 665: Set As-Path
(NETGEAR Switch)# config (NETGEAR Switch)# route-map ppAsPath (NETGEAR Switch)# set as-path prepend “2 2 2” (NETGEAR Switch)# exit (NETGEAR Switch)# router bgp 1 (NETGEAR Switch)# neighbor 172.20.1.2 remote-as 2 (NETGEAR Switch)# neighbor 172.20.1.2 route-map ppAsPath in...
Page 666: Set Community
M6100 Series Switches command can be used to remove selected communities from inbound and outbound routes. When a community list is applied to a route for this purpose, each of the route’s communities is submitted to the community list one at a time. Communities permitted by the list are removed from the route.
Page 667: Set Interface
M6100 Series Switches no set community To remove a set term from a route map, use the no set community command. Format no set community Mode Route Map Configuration set interface If you do not want to revert to normal forwarding but instead want to drop a packet that does not match the specified criteria, a set statement must be configured to route the packets to interface null 0 as the last entry in the route-map.
Page 668: Set Ip Precedence
M6100 Series Switches no set ip next-hop Use this command to remove a set command from a route map. Format no set ip next-hop ip-address [...ip-address] Mode Route Map Configuration set ip default next-hop Use this command to set a list of default next-hop IP addresses. If more than one IP address is specified, the first next hop specified that appears to be adjacent to the router is used.
Page 669: Set Ipv6 Next-Hop (Bgp)
M6100 Series Switches Parameter Description Sets the routine precedence Sets the priority precedence Sets the immediate precedence Sets the Flash precedence Sets the Flash override precedence Sets the critical precedence Sets the internetwork control precedence Sets the network control precedence...
Page 670: Set Local-Preference
M6100 Series Switches no set ipv6 next-hop (BGP) To remove a set command from a route map, use the no set ipv6 next-hop command. Format no set ipv6 next-hop Mode Route Map Configuration set local-preference To set the local preference of specific BGP routes, use the set local-preference command in Route Map Configuration mode.
Page 671: Show Ip Policy
M6100 Series Switches no set metric (BGP) To remove a set command from a route map, use the no set metric command. Format no set metric value Mode Route Map Configuration show ip policy This command lists the route map associated with each interface.
Page 672: Show Ipv6 Prefix-List
5 permit 10.10.1.1/20 ge 22 seq 10 permit 10.10.1.2/20 le 30 seq 15 permit 10.10.1.2/20 ge 29 le 30 Command example: (NETGEAR Switch) #show ip prefix-list summary fred ip prefix-list fred: count: 3, range entries: 3, sequences: 5 - 15, refcount: 0 Command example:...
Page 673 Range of sequence numbers for the entries in the list hit count Number of matches for the prefix entry Command example: (NETGEAR Switch) #show ipv6 prefix-list apple ipv6 prefix-list apple: count: 6, range entries: 3, sequences: 5 - 30, refcount: 31 seq 5 deny 5F00::/8 le 128...
Page 674: Show Route-Map
20 deny ::/2 seq 25 deny ::/3 ge 4 seq 30 permit ::/0 le 128 Command example: (NETGEAR Switch) #show ipv6 prefix-list summary apple ipv6 prefix-list apple: count: 6, range entries: 3, sequences: 5 - 30, refcount: 31 Command example:...
Page 675: Router Discovery Protocol Commands
(Optional) Network number and length (in bits) of the network mask. If this option is specified, hit counters are only cleared for the matching statement. Command example: (NETGEAR Switch) # clear ip prefix-list orange 20.0.0.0/8 clear ipv6 prefix-list Use this command to reset and clear IPv6 prefix-list hit counters. The hit count is a value indicating the number of matches to a specific prefix list entry.
Page 676: Ip Irdp Holdtime
M6100 Series Switches ip irdp This command enables Router Discovery on an interface or range of interfaces. Default disabled Format ip irdp Mode Interface Config no ip irdp This command disables Router Discovery on an interface. Format no ip irdp...
Page 677: Ip Irdp Maxadvertinterval
M6100 Series Switches no ip irdp holdtime This command resets the default value of the holdtime field of the router advertisement sent from this interface. Format no ip irdp holdtime Mode Interface Config ip irdp maxadvertinterval This command configures the maximum time allowed between sending router advertisements from the interface.
Page 678: Ip Irdp Multicast
M6100 Series Switches ip irdp multicast This command configures the destination IP address for router advertisements as 224.0.0.1, which is the default address. The no form of the command configures the IP address as 255.255.255.255 to instead send router advertisements to the limited broadcast address.
Page 679: Virtual Lan Routing Commands
M6100 Series Switches used to specify the VLAN ID of the routing VLAN directly instead of in a unit/slot/port format. The vland-id argument can be a number from 1–4093. Format show ip irdp {unit/slot/port | vlan vland-id | all} Modes...
Page 680 Mode VLAN Config Command example: The following example specifies a VLAN ID value. The interface ID argument is not used. (NETGEAR Switch)(Vlan)#vlan 14 (NETGEAR Switch)(Vlan)#vlan routing 14 ? <cr> Press enter to execute the command. <1-24> Enter interface ID Typically, you press Enter without supplying the Interface ID value; the system automatically selects the interface ID.
Page 681 "0 days 8 hrs 38 mins 3 secs" !Cut-through mode is configured as disabled !Additional Packages NETGEAR BGP-4,NETGEAR QOS,NETGEAR Multicast,NETGEAR IPv6,NETGEAR IPv6 Management,NETGEAR Metro,NETGEAR Routing,NETGEAR Data Center !Current SNTP Synchronized Time: SNTP Client Mode Is Disabled vlan database exit configure no logging console aaa authentication enable "enableNetList"...
Page 682: Interface Vlan
M6100 Series Switches line telnet exit line ssh exit router rip exit router ospf exit ipv6 router ospf exit exit interface vlan Use this command to enter Interface configuration mode for the specified VLAN. The vlan-id range is 1 to 4093.
Page 683: Virtual Router Redundancy Protocol Commands
M6100 Series Switches Virtual Router Redundancy Protocol Commands This section describes the commands you use to view and configure Virtual Router Redundancy Protocol (VRRP) and to view VRRP status information. VRRP helps provide failover and load balancing when you configure two devices as a VRRP pair.
Page 684: Ip Vrrp Mode
M6100 Series Switches ip vrrp mode This command enables the virtual router configured on the specified interface. Enabling the status field starts a virtual router. The parameter vrid is the virtual router ID which has an integer value ranging from 1 to 255.
Page 685: Ip Vrrp Accept-Mode
M6100 Series Switches ip vrrp accept-mode Use this command to allow the VRRP Master to accept ping packets sent to one of the virtual router's IP addresses. The parameter vrid is the virtual router ID which has an integer value range from 1 to 255.
Page 686: Ip Vrrp Preempt
M6100 Series Switches ip vrrp preempt This command sets the preemption mode value for the virtual router configured on a specified interface or range of interfaces. The parameter vrid is the virtual router ID which has an integer value ranges from 1 to 255.
Page 687: Ip Vrrp Timers Advertise
M6100 Series Switches ip vrrp timers advertise This command sets the frequency, from 1–255 seconds, that an interface or range of interfaces on the specified virtual router sends a virtual router advertisement. The parameter vrid is the virtual router ID which has an integer value ranges from 1 to 255.
Page 688: Ip Vrrp Track Ip Route
M6100 Series Switches Format ip vrrp vrid track interface {unit/slot/port | vlan vlan-id} [decrement priority] Mode Interface Config no ip vrrp track interface Use this command to remove the interface or range of interfaces from the tracked list or to restore the priority decrement to its default.
Page 689: Show Ip Vrrp Interface Stats
M6100 Series Switches show ip vrrp interface stats This command displays the statistical information about each virtual router configured on the switch. The parameter vrid is the virtual router ID which has an integer value ranges from 1 to 255.
Page 690: Show Ip Vrrp Interface
M6100 Series Switches Term Definition Authentication The total number of VRRP advertisements received for which the authentication type is not equal to Type Mismatch the locally configured type for this virtual router. Packet Length The total number of VRRP packets received with packet length less than length of VRRP header.
Page 691 M6100 Series Switches Term Definition Authentication type The authentication type for the specific virtual router. Priority The priority value for the specific virtual router, taking into account any priority decrements for tracked interfaces or routes. Configured Priority The priority configured through the ip vrrp vrid priority priority command.
Page 692: Show Ip Vrrp Interface Brief
M6100 Series Switches show ip vrrp interface brief This command displays information about each virtual router configured on the switch. This command takes no options. It displays information about each virtual router. Format show ip vrrp interface brief Modes Privileged EXEC...
Page 693: Bootpdhcprelay Maxhopcount
M6100 Series Switches bootpdhcprelay maxhopcount This command configures the maximum allowable relay agent hops for BootP/DHCP Relay on the system. The hops parameter has a range of 1 to 16. Default Format bootpdhcprelay maxhopcount hops Mode Global Config no bootpdhcprelay maxhopcount This command configures the default maximum allowable relay agent hops for BootP/DHCP Relay on the system.
Page 694: Ip Helper Commands
M6100 Series Switches Term Definition Maximum Hop Count The maximum allowable relay agent hops. Minimum Wait Time (Seconds) The minimum wait time. Admin Mode Indicates whether relaying of requests is enabled or disabled. Circuit Id Option Mode The DHCP circuit Id option which may be enabled or disabled.
Page 695 M6100 Series Switches Table 10. Default ports—UDP port numbers implied by wildcard Protocol UDP Port Number IEN-116 Name Service NetBIOS Name Server NetBIOS Datagram Server TACACS Server Time Service DHCP Trivial File Transfer Protocol (TFTP) The system limits the number of relay entries to four times the maximum number of routing interfaces.
Page 696: Clear Ip Helper Statistics
Mode Privileged EXEC Command example: (NETGEAR Switch) #clear ip helper statistics ip helper-address (Global Config) Use this command to configure the relay of certain UDP broadcast packets received on any interface. This command can be invoked multiple times, either to specify multiple server addresses for a given UDP port number or to specify multiple UDP port numbers handled by a specific server.
Page 697: Ip Helper-Address (Interface Config)
The following example relays DHCP packets that are received on any interface to two DHCP servers, 10.1.1.1 and 10.1.2.1: (NETGEAR Switch)#config (NETGEAR Switch)(config)#ip helper-address 10.1.1.1 dhcp (NETGEAR Switch)(config)#ip helper-address 10.1.2.1 dhcp Command example: The following example relays UDP packets that are received on any interface for all default ports to the server at 20.1.1.1:...
Page 698 The following example relays DHCP packets that are received on interface 1/0/2 to two DHCP servers, 192.168.10.1 and 192.168.20.1: (NETGEAR Switch)#config (NETGEAR Switch)(config)#interface 1/0/2 (NETGEAR Switch)(interface 1/0/2)#ip helper-address 192.168.10.1 dhcp (NETGEAR Switch)(interface 1/0/2)#ip helper-address 192.168.20.1 dhcp Command example: The following example relays DHCP and DNS packets to 192.168.30.1:...
Page 699: Ip Helper Enable
M6100 Series Switches (NETGEAR Switch)(config)#interface 1/0/2 (NETGEAR Switch)(interface 1/0/2)#ip helper-address 192.168.40.2 dhcp (NETGEAR Switch)(interface 1/0/2)#ip helper-address 192.168.40.2 domain (NETGEAR Switch)(interface 1/0/2)#exit (NETGEAR Switch)(config)#interface 1/0/17 (NETGEAR Switch)(interface 1/0/17)#ip helper-address 192.168.23.1 162 (NETGEAR Switch)(interface 1/0/17)#ip helper-address discard dhcp no ip helper-address (Interface Config) Use this command to delete a relay entry on an interface.
Page 700: Show Ip Helper Statistics
The number of times the IP helper entry has been used to relay or discard a packet. Server Address The IPv4 address of the server to which packets are relayed. Command example: (NETGEAR Switch) #show ip helper-address IP helper is enabled Interface UDP Port...
Page 701 The number of packets ignored by the relay agent because they match a discard relay entry. matched a discard entry Command example: (NETGEAR Switch)#show ip helper statistics DHCP client messages received....8 DHCP client messages relayed....2 DHCP server messages received....2 DHCP server messages relayed....
Page 702: Router Ospf
M6100 Series Switches Open Shortest Path First Commands This section describes the commands you use to view and configure Open Shortest Path First (OSPF), which is a link-state routing protocol that you use to route traffic within a network. This section contains the following subsections: •...
Page 703: Network Area (Ospf)
M6100 Series Switches network area (OSPF) Use this command to enable OSPFv2 on an interface and set its area ID if the IP address of an interface is covered by this network command. Default disabled Format network ip-address wildcard-mask area area-id...
Page 704: Area Default-Cost (Ospf)
M6100 Series Switches area default-cost (OSPF) This command configures the default cost for the stub area. For the value argument, you must specify an integer value between 1–16777215. Format area area-id default-cost value Mode Router OSPF Config area nssa (OSPF) This command configures the specified area-id to function as an NSSA.
Page 705: Area Nssa No-Redistribute (Ospf)
M6100 Series Switches area nssa no-redistribute (OSPF) This command configures the NSSA Area Border router (ABR) so that learned external routes will not be redistributed to the NSSA. Format area area-id nssa no-redistribute Mode Router OSPF Config no area nssa no-redistribute (OSPF) This command disables the NSSA ABR so that learned external routes are redistributed to the NSSA.
Page 706: Area Nssa Translator-Stab-Intv (Ospf)
M6100 Series Switches no area nssa translator-role (OSPF) This command disables the nssa translator role from the specified area id. Format no area area-id nssa translator-role {always | candidate} Mode Router OSPF Config area nssa translator-stab-intv (OSPF) This command configures the translator stabilityinterval of the NSSA. The stabilityinterval is the period of time that an elected translator continues to perform its duties after it determines that its translator status has been deposed by another router.
Page 707 OSPF sets the cost to the largest cost among the contained routes. !! Create area range with static cost. (NETGEAR Switch) (Config-router)#area 1 range 10.0.0.0 255.0.0.0 summarylink cost 1000 !! Remove static cost. (NETGEAR Switch) (Config-router)#no area 1 range 10.0.0.0 255.0.0.0 summarylink cost...
Page 708: Area Stub (Ospf)
M6100 Series Switches area stub (OSPF) This command creates a stub area for the specified area ID. A stub area is characterized by the fact that AS External LSAs are not propagated into the area. Removing AS External LSAs and Summary LSAs can significantly reduce the link state database of routers within the stub area.
Page 709: Area Virtual-Link Authentication
M6100 Series Switches no area virtual-link This command deletes the OSPF virtual interface from the given interface, identified by area-id and neighbor. The neighbor parameter is the Router ID of the neighbor. Format no area area-id virtual-link neighbor Mode Router OSPF Config...
Page 710: Area Virtual-Link Hello-Interval (Ospf)
M6100 Series Switches no area virtual-link dead-interval This command configures the default dead interval for the OSPF virtual interface on the virtual interface identified by area-id and neighbor. The neighbor parameter is the Router ID of the neighbor. Format no area area-id virtual-link neighbor dead-interval...
Page 711: Area Virtual-Link Transmit-Delay (Ospf)
M6100 Series Switches no area virtual-link retransmit-interval This command configures the default retransmit interval for the OSPF virtual interface on the virtual interface identified by area-id and neighbor. The neighbor parameter is the Router ID of the neighbor. Format no area area-id virtual-link neighbor retransmit-interval...
Page 712: Capability Opaque
Use this command to enable Opaque Capability on the Router. The information contained in Opaque LSAs may be used directly by OSPF or indirectly by an application wishing to distribute information throughout the OSPF domain. NETGEAR Managed Switch supports the storing and flooding of Opaque LSAs of different scopes. The default value of enabled means that OSPF will forward opaque LSAs by default.
Page 713: Clear Ip Ospf Redistribution
M6100 Series Switches clear ip ospf counters Use this command to reset global and interface statistics. Format clear ip ospf counters Mode Privileged EXEC clear ip ospf neighbor Use this command to drop the adjacency with all OSPF neighbors. On each neighbor’s interface, send a one-way hello.
Page 714: Default-Metric (Ospf)
M6100 Series Switches no default-information originate (OSPF) This command is used to reset the advertisement of default routes to default values. Format no default-information originate [metric] [metric-type] Mode Router OSPF Config default-metric (OSPF) This command is used to set a default for the metric of distributed routes. The metric argument can be a number in the range 0–16777214.
Page 715: Distribute-List Out (Ospf)
M6100 Series Switches distribute-list out (OSPF) Use this command to specify the access list to filter routes received from the source protocol. The access-list argument can be a number from 1–199. Format distribute-list access-list out {rip | bgp | static | connected}...
Page 716: Prefix-Suppression (Router Ospf Config)
M6100 Series Switches Default Format external-lsdb-limit limit Mode Router OSPF Config no external-lsdb-limit This command configures the default external LSDB limit for OSPF. Format no external-lsdb-limit Mode Router OSPF Config log-adjacency-changes To enable logging of OSPFv2 neighbor state changes, use the log-adjacency-changes command in router configuration mode.
Page 717: Prefix-Suppression (Router Ospfv3 Config)
M6100 Series Switches Default Prefix suppression is disabled. Format prefix-suppression Mode Router OSPF Config no prefix-suppression This command disables prefix-suppression. No prefixes are suppressed from getting advertised. Format no prefix-suppression Mode Router OSPF Config prefix-suppression (Router OSPFv3 Config) This command suppresses the advertisement of all the IPv6 prefixes except for prefixes that are associated with secondary IPv6 addresses, loopbacks, and passive interfaces from the OSPFv3 router advertisements.
Page 718: Redistribute (Ospf)
M6100 Series Switches redistribute (OSPF) This command configures the OSPF protocol to allow redistribution of routes from the specified source protocol or routers. The metric argument can be in the range 0–16777214. The metric type can be 1 or 2. The tag argument can be in the range 0–4294967295.
Page 719: Passive-Interface Default
M6100 Series Switches passive-interface default Use this command to enable global passive mode by default for all interfaces. It overrides any interface level passive mode. OSPF will not form adjacencies over a passive interface. Default disabled Format passive-interface default Mode...
Page 720: Timers Pacing Lsa-Group
M6100 Series Switches in Link State Advertisements (LSAs), which are bundled into Link State Update (LS Update) packets. To reduce the likelihood of sending a neighbor more packets than it can buffer, OSPF rate limits the transmission of LS Update packets. By default, OSPF sends up to 30 updates per second on each interface (1/the pacing interval).
Page 721: Timers Spf
M6100 Series Switches timers spf Use this command to configure the SPF delay time and hold time. The valid range for both the delay time and hold time parameters is 0–65535 seconds. Default delay-time—5 hold-time—10 Format timers spf delay-time hold-time...
Page 722: Ip Ospf Area
M6100 Series Switches Default disabled Format trapflags {all | errors {all | authentication-failure | bad-packet | config-error | virt-authentication-failure | virt-bad-packet | virt-config-error} | lsa {all | lsa-maxage | lsa-originate} | overflow {all | lsdb-overflow | lsdb-approaching-overflow} | retransmit {all | packets |...
Page 723: Ip Ospf Authentication
M6100 Series Switches no ip ospf area Use this command to disable OSPF on an interface. Format no ip ospf area [secondaries none] Mode Interface Config bandwidth By default, OSPF computes the link cost of an interface as the ratio of the reference bandwidth to the interface bandwidth.
Page 724: Ip Ospf Cost
M6100 Series Switches no ip ospf authentication This command resets the default OSPF authentication type for the interface. Format no ip ospf authentication Mode Interface Config ip ospf cost This command configures the cost on an OSPF interface or range of interfaces. The cost parameter has a range of 1 to 65535.
Page 725: Ip Ospf Dead-Interval
M6100 Series Switches ip ospf dead-interval This command sets the OSPF dead interval for the specified interface or range of interfaces. The value for seconds is a valid positive integer in the range 1–65535 and represents the period in seconds that a router's Hello packets are allowed to go undetected before its neighbor routers declare that the router is down.
Page 726: Ip Ospf Prefix-Suppression
M6100 Series Switches interfaces have a special loopback network type, which cannot be changed.) When there are only two routers on the network, OSPF can operate more efficiently by treating the network as a point-to-point network. For point-to-point networks, OSPF does not elect a designated router or generate a network link state advertisement (LSA).
Page 727: Ip Ospf Priority
M6100 Series Switches Format no ip ospf prefix-suppression Mode Interface Config ip ospf priority This command sets the OSPF priority for the specified router interface or range of interfaces. The priority argument for the interface is a priority integer from 0 to 255. A value of 0 indicates that the router is not eligible to become the designated router on this network.
Page 728: Ip Ospf Transmit-Delay
M6100 Series Switches ip ospf transmit-delay This command sets the OSPF Transit Delay for the specified interface or range of interfaces. The transmit delay is specified in seconds. In addition, it sets the estimated number of seconds it takes to transmit a link state update packet over this interface. The value for second ranges from 0 to 3600 (1 hour).
Page 729: Ip Event Dampening Commands
This command summarizes the number of interfaces configured with dampening and the number of interfaces being suppressed. Format show dampening interface Mode Privileged EXEC Command example: (NETGEAR Switch)# show dampening interface 2 interfaces are configured with dampening. 1 interface is being suppressed. Routing Commands...
Page 730: Show Interface Dampening
M6100 Series Switches show interface dampening This command displays the status and configured parameters of the interfaces configured with dampening. Format show interface dampening Mode Privileged EXEC Parameter Description Flaps The number times the link state of an interface changed from UP to DOWN.
Page 731: Ospf Graceful Restart Commands
M6100 Series Switches OSPF Graceful Restart Commands The OSPF protocol can be configured to participate in the checkpointing service, so that these protocols can execute a graceful restart” when the management unit fails. In a graceful restart, the hardware to continues forwarding IPv4 packets using OSPF routes while a backup switch takes over management unit responsibility Graceful restart uses the concept of helpful neighbors.
Page 732: Nsf Helper
M6100 Series Switches initiate failover command), the grace LSAs are sent prior to restarting the management unit, whereas for unplanned restarts, they are sent after reboot begins. The grace period must be set long enough to allow the restarting router to reestablish all of its adjacencies and complete a full database exchange with each of those neighbors.
Page 733: Nsf Ietf Helper Disable
M6100 Series Switches nsf ietf helper disable Use this command to disable helpful neighbor functionality for OSPF. Note: The commands no nsf helper and nsf ietf helper disable are functionally equivalent. The command nsf ietf helper disable is supported solely for compatibility with other network software CLI.
Page 734: Max-Metric Router-Lsa (Ospfv2 Router Configuration)
M6100 Series Switches OSPFv2 Stub Router Commands max-metric router-lsa (OSPFv2 Router Configuration) To configure OSPF to enter stub router mode, use this command in Router OSPF Global Configuration mode. When OSPF is in stub router mode, as defined by RFC 3137, OSPF sets the metric in the nonstub links in its router LSA to LsInfinity.
Page 735: Ospf Show Commands
M6100 Series Switches router-lsa summary-lsa command causes OSPF to send summary LSAs with metrics computed using normal procedures defined in RFC 2328. Format no max-metric router-lsa [on-startup] [summary-lsa] Mode OSPFv2 Router Configuration clear ip ospf stub-router Use the clear ip ospf stub-router command in Privileged EXEC mode to force OSPF to exit stub router mode when it has automatically entered stub router mode because of a resource limitation.
Page 736 M6100 Series Switches Term Definition Spf Delay Time The number of seconds between two subsequent changes of LSAs, during which time the routing table calculation is delayed. Spf Hold Time The number of seconds between two consecutive spf calculations. Flood Pacing The average time, in milliseconds, between LS Update packet transmissions on an interface.
Page 737 M6100 Series Switches Term Definition Stub Router The remaining time, in seconds, until OSPF exits stub router mode. This row is only listed if OSPF is Startup Time in startup stub router mode. Remaining Stub Router The time elapsed since the router last entered the stub router mode. The row is only listed if stub Duration router is active and the router entered stub mode because of a resource limitation.
Page 738 M6100 Series Switches Term Definition NSF Restart Status The current graceful restart status of the router. • Not Restarting • Planned Restart • Unplanned Restart NSF Restart Age Number of seconds until the graceful restart grace period expires. NSF Restart Exit...
Page 739: Show Ip Ospf Abr
M6100 Series Switches Metric Type........External Type 2 Number of Active Areas......1 (1 normal, 0 stub, 0 nssa) ABR Status........Disable ASBR Status........Disable Stub Router........FALSE Stub Router Status......Inactive Stub Router Reason......<reason> Stub Router Startup Time Remaining..... <duration> seconds Stub Router Duration......
Page 740: Show Ip Ospf Area
M6100 Series Switches Term Definition Area ID The area ID of the area from which this route is learned. Next Hop Next hop toward the destination. Next Hop Intf The outgoing router interface to use when forwarding traffic to the next hop.
Page 741: Show Ip Ospf Asbr
M6100 Series Switches Term Definition Default Information Shows whether to advertise a default route into the NSSA. Originate Default Metric The metric value for the default route advertised into the NSSA. Default Metric Type The metric type for the default route advertised into the NSSA.
Page 742: Show Ip Ospf Database
M6100 Series Switches Term Definition Next Hop Next hop toward the destination. Next Hop Intf The outgoing router interface to use when forwarding traffic to the next hop. show ip ospf database This command displays information about the link state database when OSPF is enabled. If you do not enter any parameters, the command displays the LSA headers for all areas.
Page 743: Show Ip Ospf Database Database-Summary
M6100 Series Switches If OSPF is enabled, for each link-type and area, the following information is displayed: Term Definition Link Id A number that uniquely identifies an LSA that a router originates from all other self originated LSAs of the same LS type.
Page 744: Show Ip Ospf Interface
M6100 Series Switches show ip ospf interface This command displays the information for the physical interface or virtual interface tables. The argument unit/slot/port corresponds to a physical routing interface or VLAN routing interface. The vlan keyword and vlan-id parameter are used to specify the VLAN ID of the routing VLAN directly instead of in a unit/slot/port format.
Page 745 Displays whether prefix-suppression is enabled, disabled, or unconfigured on the given interface. Command example: The following output displays when the OSPF Admin Mode is disabled: (NETGEAR Routing) >show ip ospf interface 1/0/1 IP Address........0.0.0.0 Subnet Mask........0.0.0.0 Secondary IP Address(es).......
Page 746: Show Ip Ospf Interface Brief
M6100 Series Switches show ip ospf interface brief This command displays brief information for the physical interface or virtual interface tables. Format show ip ospf interface brief Mode Privileged EXEC User EXEC Term Definition Interface unit/slot/port OSPF Admin Mode States whether OSPF is enabled or disabled on a router interface.
Page 747 M6100 Series Switches Term Definition Area LSA Count The total number of link-state advertisements in this area's link-state database, excluding AS External LSAs. IP Address The IP address associated with this OSPF interface. OSPF Interface The number of times the specified OSPF interface has changed its state, or an error has occurred.
Page 748: Show Ip Ospf Lsa-Group
M6100 Series Switches The following table lists the number of OSPF packets of each type sent and received on the interface. Table 12. Type of OSPF packets sent and received on the interface Packet Type Sent Received Hello 6960 6960...
Page 749 M6100 Series Switches Format show ip ospf neighbor [interface {unit/slot/port | vlan vland-id}] [ip-address] Modes Privileged EXEC User EXEC If you do not specify an IP address, a table with the following columns displays for all neighbors or the neighbor associated with the interface that you specify:...
Page 750 • Unrecognized - a value not defined in RFC 3623 When NETGEAR Managed Switch software sends a grace LSA, it sets the Restart Reason to Software Restart on a planned warm restart (when the initiate failover command is invoked), and to Unknown on an unplanned warm restart.
Page 751: Show Ip Ospf Range
M6100 Series Switches Command example: (alpha1) #show ip ospf neighbor 170.1.1.50 Interface........0/17 Neighbor IP Address......170.1.1.50 Interface Index.......17 Area Id........0.0.0.2 Options........0x2 Router Priority.......1 Dead timer due in (secs)......15 Up Time........0 days 2 hrs 8 mins 46 secs State.........Full/BACKUP-DR Events........4 Retransmitted LSAs......32 Retransmission Queue Length....0...
Page 752: Show Ip Ospf Statistics
• SN. New network summary LSA • SA. New ASBR summary LSA • X. New external LSA Command example: (NETGEAR Switch) #show ip ospf statistics Area 0.0.0.0: SPF algorithm executed 15 times Delta T Intra Summ SPF Total RIB Update...
Page 753: Show Ip Ospf Stub Table
A 32-bit identifier for the created stub area. Type of Service The type of service associated with the stub metric. NETGEAR supports only Normal TOS. Metric Val The metric value is applied based on the TOS. It defaults to the least metric of the type of service among the interfaces to other areas.
Page 754 Statistics that failed to be enqueued, and the queue limit. The high water marks are not cleared when OSPF counters are cleared. Command example: (NETGEAR Switch) #show ip ospf traffic Time Since Counters Cleared: 4000 seconds OSPFv2 Packet Statistics Hello...
Page 755: Show Ip Ospf Virtual-Link
M6100 Series Switches Current Drops Limit Hello 1680 Data Event 1000 show ip ospf virtual-link This command displays the OSPF Virtual Interface information for a specific area and neighbor. The area-id parameter identifies the area and the neighbor parameter identifies the neighbor's Router ID.
Page 756: Routing Information Protocol Commands
M6100 Series Switches Term Definition Area ID The area id of the requested OSPF area. Neighbor The neighbor interface of the OSPF virtual interface. Hello Interval The configured hello interval for the OSPF virtual interface. Dead Interval The configured dead interval for the OSPF virtual interface.
Page 757: Ip Rip
M6100 Series Switches ip rip This command enables RIP on a router interface or range of interfaces. Default disabled Format ip rip Mode Interface Config no ip rip This command disables RIP on a router interface. Format no ip rip...
Page 758: Distance Rip
M6100 Series Switches default-metric (RIP) This command is used to set a default for the metric of distributed routes. The value for the metric argument can be from 0–15. Format default-metric metric Mode Router RIP Config no default-metric (RIP) This command is used to reset the default metric of distributed routes to its default value.
Page 759: Ip Rip Authentication
M6100 Series Switches no distribute-list out This command is used to specify the access list to filter routes received from the source protocol. The value for the access-list argument can be from 1–199. Format no distribute-list access list out {ospf | bgp | static | connected}...
Page 760: Ip Rip Send Version
M6100 Series Switches no ip rip receive version This command configures the interface to allow RIP control packets of the default version(s) to be received. Format no ip rip receive version Mode Interface Config ip rip send version This command configures an interface or range of interfaces to allow RIP control packets of the specified version to be sent.
Page 761: Redistribute (Rip)
M6100 Series Switches split-horizon This command sets the RIP split horizon mode. Split horizon is a technique for avoiding problems caused by including routes in updates sent to the router from which the route was originally learned. The options are: none, no special processing; simple, a route is not included in updates sent to the router from which it was learned;...
Page 762: Show Ip Rip
M6100 Series Switches show ip rip This command displays information relevant to the RIP router. Format show ip rip Modes Privileged EXEC User EXEC Term Definition RIP Admin Mode Enable or disable. Split Horizon Mode None, simple or poison reverse.
Page 763: Show Ip Rip Interface
M6100 Series Switches show ip rip interface This command displays information related to a particular RIP interface. The argument unit/slot/port corresponds to a physical routing interface or VLAN routing interface. The vlan keyword and vlan-id parameter are used to specify the VLAN ID of the routing VLAN directly instead of in a unit/slot/port format.
Page 764: Ip Unreachables
M6100 Series Switches ip unreachables Use this command to enable the generation of ICMP Destination Unreachable messages on an interface or range of interfaces. By default, the generation of ICMP Destination Unreachable messages is enabled. Default enable Format ip unreachables...
Page 765: Ipv6 Redirects
M6100 Series Switches ipv6 redirects Use this command to enable the generation of ICMPv6 Redirect messages by the router. By default, the generation of ICMP Redirect messages is enabled. You can use this command to configure an interface, a range of interfaces, or all interfaces.
Page 766 M6100 Series Switches Default burst-interval of 1000 msec. burst-size of 100 messages Format ip icmp error-interval burst-interval [burst-size] Mode Global Config no ip icmp error-interval Use the no ip icmp error-interval command to return the burst-interval and burst-size to their default values.
Page 767: Captive Portal Commands
Captive Portal Commands This section describes the CLI commands you use to manage the Captive Portal features on the switch. The chapter contains the following sections: • Captive Portal Global Commands • Captive Portal Configuration Commands • Captive Portal Status Commands •...
Page 768: Chapter 10 Captive Portal Commands
0-65535, excluding port numbers 80 and 443 which are reserved. The HTTP port default is 0 which denotes no additional port and the default port (80) is used. Default Format http port port-number Mode Captive Portal Config Command example: (NETGEAR Switch) (Config-CP) #http port 8080 (NETGEAR Switch) (Config-CP) #no http port Captive Portal Commands...
Page 769: Https Port
Parameter Description port-num Port number in the range of 0-65535. Command example: (NETGEAR Switch) (Config-CP) #https port 60000 (NETGEAR Switch) (Config-CP) #no https port no https port This command set the HTTPS secure port to the default. Format no https port port-number...
Page 770: Authentication Timeout
M6100 Series Switches no snmp-server enable traps captive-portal This command globally disables all the captive portal traps. Format no snmp-server enable traps captive-portal Mode Global Config trapflags (Captive Portal Config Mode) This command enables captive portal SNMP traps. If no parameters are specified, then all traps are enabled.
Page 771: Show Captive-Portal
M6100 Series Switches Default Format authentication timeout seconds Mode Captive Portal Config no authentication timeout This command sets the authentication timeout to the default value. Format no authentication timeout Mode Captive Portal Config show captive-portal This command reports status of the captive portal feature.
Page 772 Authenticated Shows the number of users currently authenticated to all captive portal instances on this switch. Users Command example: (NETGEAR Switch) #show captive-portal status Additional HTTP Port......0 Additional HTTP Secure Port....0 Peer Switch Statistics Reporting Interval..120 Authentication Timeout......300 Supported Captive Portals......
Page 773: Captive Portal Configuration Commands
M6100 Series Switches show captive-portal trapflags This command shows which captive portal SNMP traps are enabled.The existing NETGEAR Managed Switch show trapflags command shows the global captive portal traps configuration. For more information, see the sample output of show trapflags on page 118.
Page 774: Enable (Captive Portal Instance)
M6100 Series Switches enable (Captive Portal Instance) This command enables a captive portal configuration. Default Enable Format enable Mode Captive Portal Instance no enable This command disables a captive portal configuration. Format no enable Mode Captive Portal Instance name This command configures the name for a captive portal configuration. The cp-name can contain up to 32 alphanumeric characters.
Page 775: Redirect-Url Mode
M6100 Series Switches Default guest Format verification {guest | local | radius} Mode Captive Portal Instance group This command assigns a group ID to a captive portal configuration. Each Captive Portal configuration must contain at least one group ID. The group-id can have a number in the 1–1024 range.
Page 776 M6100 Series Switches no redirect-url mode This command disables the redirect mode for a captive portal configuration. Format no redirect-url mode Mode Captive Portal Instance redirect-url Use this command to specify the URL to which the newly authenticated client is redirected if the URL Redirect Mode is enabled.
Page 777 M6100 Series Switches Parameter Description rate Rate in bps. 0 indicates limit not enforced. no max-bandwidth-down This command sets to the default the maximum rate at which a client can receive data from the network. Format no max-bandwidth-down Mode Captive Portal Instance max-input-octets This command configures the maximum number of octets the user is allowed to transmit.
Page 778: Session-Timeout (Captive Portal Instance)
M6100 Series Switches Parameter Description bytes Output octets in bytes. 0 indicates limit not enforced. no max-output-octets This command sets to the default the maximum number of octets the user is allowed to receive. Format no max-output-octets Mode Captive Portal Instance max-total-octets This command configures the maximum number of octets the user is allowed to transfer, i.e.,...
Page 779: Do (Captive Portal Instance Mode)
The command is primarily used by the NETGEAR Managed Switch show running config command and process as it provides the ability to save and restore configurations using a text-based format.
Page 780: Show (Captive Portal Instance)
M6100 Series Switches script-text Use this command to specify, in UTF-16 byte stream format, the text that is displayed if javascript is disabled in the users browser. Format script-text UTF-16 Mode Captive Portal Instance show (Captive Portal Instance) Use this command to display the switches options and settings.
Page 781: Clear (Captive Portal Instance Config)
M6100 Series Switches no block This command unblocks all traffic for a captive portal configuration. Format no block Mode Captive Portal Instance clear (Captive Portal Instance Config) This command sets the configuration for this instance to the default values. Format...
Page 782: Captive Portal Status Commands
M6100 Series Switches Default #999999 Format foreground-color color-code Mode Captive Portal Instance separator-color Use this command to customize the separator bar color of the Captive Portal authentication page using a well-known color name or RGB value. For example, red or RGB hex-code; that is, #FF0000.The range of color-code is 1-32 characters.
Page 783: Show Captive-Portal Configuration Interface
M6100 Series Switches show captive-portal configuration interface This command displays information for all interfaces assigned to a captive portal configuration or a specific interface assigned to a captive portal configuration. The cp-id variable is the captive portal ID, which ranges from 1-10.
Page 784: Captive Portal Client Connection Commands
M6100 Series Switches Term Description Max Bandwidth Up The maximum rate in bytes per second (bps) at which a client can send data into the network. (bytes/sec) Max Bandwidth The maximum rate in bps at which a client can receive data from the network.
Page 785: Show Captive-Portal Client Statistics
M6100 Series Switches Format show captive-portal client [macaddr] status Mode Privileged EXEC Term Description Client MAC Identifies the MAC address of the wireless client (if applicable). Address Client IP Address Identifies the IP address of the wireless client (if applicable).
Page 786: Show Captive-Portal Interface Client Status
M6100 Series Switches Term Description Packets Total packets the client has transmitted. Transmitted Packets Received Total packets the client has received. show captive-portal interface client status This command displays information about clients authenticated on all interfaces or a specific interface.
Page 787: Captive Portal Interface Commands
M6100 Series Switches Term Description CP ID Shows the captive portal ID the connected client is using. CP Name Shows the name of the captive portal the connected client is using. Client MAC Identifies the MAC address of the wireless client (if applicable).
Page 788: Show Captive-Portal Interface Capability
M6100 Series Switches Term Description CP ID Shows the captive portal ID the connected client is using. CP Name Shows the name of the captive portal the connected client is using. Interface Valid slot and port number separated by a forward slash.
Page 789: Captive Portal Local User Commands
Mode Captive Portal Config Command example: The following example uses name to create the user. (NETGEAR Switch)(Config-CP) #user 1 name test Command example: The following example uses password to create the user: (NETGEAR Switch)(Config-CP) #user 1 password test1234 no user This command deletes a user from the local user database.
Page 790: User Name (Captive Portal Config)
Mode Captive Portal Config Command example: (NETGEAR Switch)(Config-CP) #user 1 password encrypted 42 65 74 74 65 72 20 73 61 66 65 20 74 68 61 6e 20 73 6f 72 72 79 Captive Portal Commands...
Page 791: User Group (Captive Portal Local User Commands)
Mode Captive Portal Config Command example: (NETGEAR Switch)(Config-CP) #user 1 group 123 user session-timeout This command sets the session timeout value for the associated captive portal user. The user-id variable is the ID of a user configured in the local database, and is a number in the range of 1 to 128.
Page 792: User Max-Bandwidth-Up
Mode Captive Portal Config Command example: (NETGEAR Switch)(Config-CP) #user 1 idle-timeout 600 no user idle-timeout This command sets the session idle timeout value for the associated captive portal user to the default value. The user-id variable is the ID of a user configured in the local database, and is a number in the range of 1 to 128.
Page 793: User Max-Bandwidth-Down
M6100 Series Switches Format no user user-id max-bandwidth-up Mode Captive Portal Config user max-bandwidth-down This command is used configure the bandwidth in bytes per second (bps, with the variable) at which the client can receive data from the network. 0 denotes using the default value configured for the captive portal.
Page 794: User Max-Output-Octets
M6100 Series Switches Parameter Description user-id User ID from 1 to 128 characters. octets Number of bytes. no user max-input-octets Use this command to set to the default the number of octets in bytes that the user is allowed to transmit. The user-id variable is the ID of a user configured in the local database, and is a number in the range of 1 to 128.
Page 795: Show Captive-Portal User
M6100 Series Switches unlimited transmission. The user-id variable is the ID of a user configured in the local database, and is a number in the range of 1 to 128. Default Format user user-id max-total-octets octets Mode Captive Portal Config...
Page 796: Captive Portal User Group Commands
M6100 Series Switches Field Description Password Indicates whether a password has been configured for the user. Configured Max Bandwidth Up The maximum rate in bytes per second (bps) at which a client can send data into the network. (bps) Max Bandwidth The maximum rate in bps at which a client can receive data from the network.
Page 797: User Group Moveusers
The group-id and destination-group-id variables are each a number in the range of 1-10. Format user group group-id moveusers destination-group-id Mode Captive Portal Config Command example: (NETGEAR Switch)(Config-CP) #user group 2 moveusers 3 Captive Portal Commands...
Page 798 This section describes the commands you use to view and configure Border Gateway Protocol (BGP), which is an exterior gateway routing protocol that you use to route traffic between autonomous systems. The BGP CLI commands are available in the NETGEAR Managed Switch software BGP package.
Page 799: Chapter 11 Border Gateway Protocol Commands
M6100 Series Switches BGP Commands router bgp This command enables BGP and identifies the autonomous system (AS) number of the router. Only a single instance of BGP can be run and the router can only belong to a single Default BGP is inactive by default.
Page 800 M6100 Series Switches no address-family ipv6 Use the no address-family ipv6 command to clear all IPv6 address family configuration. Format no address-family ipv6 Mode BGP Router Config aggregate-address To configure a summary address for BGP, use the aggregate-address command in Router Configuration mode.
Page 801: Bgp Aggregate-Different-Meds (Ipv6 Address Family Config)
M6100 Series Switches no aggregate-address Use this command to delete a summary address for BGP. The address-mask is a summary prefix and mask. Format no aggregate-address address-mask Mode BGP Router Config bgp aggregate-different-meds (BGP Router Config) Use the bgp aggregate-different meds command in BGP Router Configuration mode to allow the aggregation of routes with different MED attributes.
Page 802: Bgp Always-Compare-Med (Ipv6 Address Family Config)
M6100 Series Switches Default All the routes aggregated by a given aggregate address must have the same MED value. Format bgp aggregate-different-meds Mode IPv6 Address Family Config no bgp aggregate-different-meds Use the no bgp aggregate-different meds command in IPv6 Address Family Configuration mode to return the command to the default.
Page 803: Bgp Client-To-Client Reflection (Bgp Router Config)
M6100 Series Switches metrics or have different policies for setting the MED, the decision process normally does not compare MED values in paths received from peers in different autonomous systems. This command allows you to force BGP to compare MEDs, regardless of whether paths are received from a common AS.
Page 804: Bgp Client-To-Client Reflection (Ipv6 Address Family Config)
M6100 Series Switches no bgp client-to-client reflection (BGP Router Config) Use the no bgp client-to-client reflection command to disable client-to-client reflection for IPv4 routes. Note: This command only affects the advertisement of IPv4 routes. The same command is available in Address-Family ipv6 Configuration mode for IPv6 routes.
Page 805: Bgp Cluster-Id
M6100 Series Switches bgp cluster-id Use the bgp cluster-id command in BGP router configuration mode to specify the cluster ID of a route reflector. To revert the cluster ID to its default, use the no form of this command. A route reflector and its clients form a cluster. Since a cluster with a single route reflector has a single point of failure, a cluster may be configured with multiple route reflectors.
Page 806: Bgp Fast-External-Failover
M6100 Series Switches Parameter Description number The value to use as the local preference for routes advertised to internal peers. The range is 0 to 4,294,967,295. no bgp default local-preference This command sets the default value of local preference of the BGP router.
Page 807: Bgp Log-Neighbor-Changes
Router Configuration mode. If BGP receives a path whose AS Path attribute is longer than the configured limit, BGP discards it. Default NETGEAR Managed Switch BGP accepts AS paths with up to 75 AS numbers. Format bgp maxas-limit number...
Page 808: Bgp Router-Id
M6100 Series Switches no bgp maxas-limit To revert to the default the limit on the length of AS Paths that BGP accepts from its neighbors, use the no form of this command. Format no bgp maxas-limit Mode BGP Router Config bgp router-id Use this command to set the BGP router ID.
Page 809: Default-Information Originate (Ipv6 Address Family Config)
M6100 Series Switches Parameter Description always (Optional) This optional keyword allows BGP to originate a default route, even if the common routing table has no default route. no default-information originate Use this command to disable BGP from originating a default route.
Page 810: Default Metric (Ipv6 Address Family Config)
M6100 Series Switches Default No default metric is set and no MED is included in redistributed routes. Format default-metric value Mode BGP Router Config Parameter Description value The value to set as the MED. The range is 1 to 4,294,967,295.
Page 811 M6100 Series Switches whose prefix and wildcard mask are the longest match for a neighbor’s address is applied to routes from that neighbor. An ECMP route’s distance is determined by applying distance commands to the neighbor that provided the best path.
Page 812: Distance Bgp (Ipv6 Address Family Config)
M6100 Series Switches no distance (BGP Router Config) Use this command to set the preference of BGP routes to the default. Format no distance distance [prefix wildcard-mask [prefix-list]] Mode BGP Router Config distance BGP (BGP Router Config) Use this command to set the preference, (also known as administrative distance), of BGP routes.
Page 813: Distribute-List Prefix In
M6100 Series Switches locally originated. A route with a lower preference value is preferred to a route with a higher preference value to the same destination. Routes with a preference of 255 may not be selected as best routes and used for forwarding.
Page 814: Distribute-List Prefix Out (Bgp)
M6100 Series Switches no distribute-list prefix in Use this command to disable a filter that restricts the routes that BGP accepts from all neighbors based on destination prefix. Format no distribute-list prefix list-name in Mode BGP Router Config distribute-list prefix out (BGP) Use this command to configure a filter that restricts the advertisement of routes based on destination prefix.
Page 815: Ip Bgp Fast-External-Failover
M6100 Series Switches When BGP is administratively disabled, BGP sends a Notification message to each peer with a Cease error code. Format enable Mode BGP Router Config no enable (BGP) This command globally disables the administrative mode of BGP on the system, while retaining the configuration.
Page 816: Maximum-Paths (Ipv6 Address Family Config)
M6100 Series Switches maximum-paths (BGP Router Config) Use this command to specify the maximum number of next hops BGP may include in an Equal Cost Multipath (ECMP) route derived from paths received from neighbors outside the local autonomous system. Paths are considered for ECMP when their attributes are the same (local preference, AS path, origin, MED, peer type and IGP distance).
Page 817: Maximum-Paths Igbp (Ipv6 Address Family Config)
M6100 Series Switches no maximum-paths (IPv6 Address Family Config) This command resets back to the default the number of ECMP next hops in IPv6 routes BGP may include in an ECMP route. Format no maximum-paths Mode IPv6 Address Family Config...
Page 818: Neighbor Activate
M6100 Series Switches Format maximum-paths igbp number-of-paths Mode IPv6 Address Family Config Parameter Description number-of-paths The maximum number of next hops in a BGP router. The range is from 1 to 32 unless the platform or SDM template further restricts the range.
Page 819: Neighbor Advertisement-Interval (Bgp Router Config)
NETGEAR Managed Switch BGP enforces the advertisement interval by limiting how often phase 3 of the decision process can run for each update group. The interval applies to withdrawals as well as active advertisements.
Page 820: Neighbor Advertisement-Interval (Ipv6 Address Family Config)
If a neighbor does not respond to an initial TCP connection attempt, NETGEAR Managed Switch retries three times. The first retry is after the retry interval configured with neighbor connect-retry-interval. Each subsequent retry doubles the previous retry interval.
Page 821: Neighbor Default-Originate (Bgp Router Config)
M6100 Series Switches Parameter Description ip-address The neighbor’s IP address. retry-time The number of seconds to wait before attempting to establish a TCP connection with a neighbor after a previous attempt failed. no neighbor connect-retry-interval This command resets to the default the initial connection retry time for a specific neighbor.
Page 822: Neighbor Default-Originate (Ipv6 Address Family Config)
M6100 Series Switches no neighbor default-originate (BGP Router Config) Use this command to prevent BGP from originating a default route to a specific neighbor. Format no neighbor ip-address default-originate [route-map map-name] Mode BGP Router Config neighbor default-originate (IPv6 Address Family Config) To configure BGP to originate a default IPv6 route to a specific neighbor, use the neighbor default-originate command in IPv6 Address Family configuration mode.
Page 823: Neighbor Description
M6100 Series Switches no neighbor default-originate (IPv6 Address Family Config) Use this command to prevent BGP from originating a default IPv6 route to a specific neighbor. Format no neighbor ip-address default-originate [route-map map-name] Mode IPv6 Address Family Config neighbor description Use this command in BGP Router Config mode to record a text description of a neighbor.
Page 824: Neighbor Filter-List (Ipv6 Address Family Config)
M6100 Series Switches Parameter Description ip-address The neighbor’s IPv4 address. as-path-list-number Identifies an AS path list. The AS Path list is applied to advertisements received from the neighbor. The AS Path list is applied to advertisements to be sent to the neighbor.
Page 825: Neighbor Inherit Peer
M6100 Series Switches neighbor inherit peer To configure a BGP peer to inherit peer configuration parameters from a peer template, use the neighbor inherit peer command in Router Configuration mode. Neighbor session and policy parameters can be configured once in a peer template and inherited by multiple neighbors, eliminating the need to configure the same parameters for each neighbor.
Page 826: Neighbor Maximum-Prefix (Ipv6 Address Family Config)
M6100 Series Switches neighbor maximum-prefix (BGP Router Config) This command configures the maximum number of prefixes that BGP will accept from a specified neighbor. The prefix limit is compared against the number of prefixes received from the neighbor, including prefixes that are rejected by inbound policy. If the peering session is...
Page 827: Neighbor Next-Hop-Self (Bgp Router Config)
M6100 Series Switches Default By default the prefix limit is set to the maximum number of routes that can be installed in the forwarding table. The default warning threshold is 75%. A neighbor that exceeds the limit is shutdown unless the warning-only option is configured.
Page 828: Neighbor Next-Hop-Self (Ipv6 Address Family Config)
M6100 Series Switches Parameter Description ip-address The neighbor’s IP address. no neighbor next-hop-self (BGP Router Config) This command disables the peer as the next hop for the locally originated paths. After executing this command, the BGP peer must be reset before the changes take effect.
Page 829: Neighbor Prefix-List
M6100 Series Switches Issue this command in Peer Template Configuration Mode to add it to a peer template. Default MD5 authentication is disabled. Format neighbor ip-address password string Mode BGP Router Config Peer Template Config Parameter Description ip-address The neighbor’s IP address.
Page 830: Neighbor Remote-As
M6100 Series Switches no neighbor prefix-list This command disables filtering advertisements sent to a specific neighbor based on the destination prefix of each route. Format no neighbor ip-address prefix-list prefix-list-name {in | out} Mode BGP Router Config neighbor remote-as This command configures a neighbor and identifies the neighbor’s autonomous system. The neighbor’s AS number must be specified when the neighbor is created.
Page 831: Neighbor Remove-Private-As (Ipv6 Address Family Config)
M6100 Series Switches neighbor remove-private-as (BGP Router Config) Use this command in BGP Router Config mode to remove private AS numbers when advertising IPv4 routes to an external peer. This command can only be applied to external peers. Private AS numbers are removed or replaced whether or not the original AS path includes any non-private AS numbers.
Page 832: Neighbor Route-Map (Ipv6 Address Family Config)
M6100 Series Switches Parameter Description ip-address The neighbor’s IPv4 or IPv6 address. all replace-as To retain the original AS path length, replace each private AS number with the local AS number. This is optional. no neighbor remove-private-as (IPv6 Address Family Config) Use this command in IPv6 Address Family Config mode to stop removing private AS numbers when advertising IPv6 routes to an external peer.
Page 833: Neighbor Route-Reflector-Client (Bgp Router Config)
M6100 Series Switches Default No route maps are applied by default. Format neighbor ip-address route-map map-name {in | out} Mode IPv6 Address Family Config Parameter Description ip-address The neighbor’s IP address. map-name The name of the route map to be applied.
Page 834: Neighbor Route-Reflector-Client (Ipv6 Address Family Config)
M6100 Series Switches no neighbor route-reflector-client Use this command in BGP Router Config mode to unconfigure an internal peer as an IPv4 route reflector client. Format no neighbor ip-address route-reflector-client Mode BGP Router Config neighbor route-reflector-client (IPv6 Address Family Config) Use this command in IPv6 Address Family Config mode to configure an internal peer as an IPv6 route reflector client.
Page 835: Neighbor Shutdown
M6100 Series Switches Default The communities attribute is not sent to neighbors by default. Format neighbor ip-address send-community Mode BGP Router Config IPv6 Address Family Config Parameter Description ip-address The neighbor’s IP address. no neighbor send-community Use this command in BGP Router Config mode or IPv6 Address Family Config mode to return the community attributes to the default configuration.
Page 836: Neighbor Timers
M6100 Series Switches no neighbor shutdown This command administratively enables a BGP peer. Format no neighbor ip-address shutdown Mode • BGP Router Config • Peer Template Config neighbor timers Use this command in BGP Router Config mode to override the global timer values and set the keepalive and hold timers for a specific neighbor.
Page 837: Neighbor Update-Source
M6100 Series Switches neighbor update-source Use this command in BGP Router Config mode to configure BGP to use a specific IP address as the source address for the TCP connection with a neighbor. This IP address must be the IP address configured on the peer as its neighbor address for this router.
Page 838: Network (Ipv6 Address Family Config)
M6100 Series Switches If a route map is configured to set attributes on the advertised routes, match as-path and match community terms in the route map are ignored. A match ip-address prefix-list term is honored in this context. If your route map includes such a match term, the network is only advertised if the prefix list permits the network prefix.
Page 839: Redistribute (Bgp Router Config)
M6100 Series Switches Parameter Description ipv6-address Network IPv6 prefixes. prefix An IPv4 address prefix in dotted notation. rm-name (Optional) A route map can be used to set path attributes on the route. no network (IPv6 Address Family Config) This command disables BGP from advertising an address prefix.
Page 840: Redistribute (Ipv6 Address Family Config)
BGP Router Config redistribute (IPv6 Address Family Config) This command configures BGP to non-BGP routes from the IPv6 routing table. NETGEAR Managed Switch software does not support RIP for IPv6. The distribute-list out command can also be used to filter redistributed routes by prefix. Either a redistribute route map or a distribute list may be configured, but not both.
Page 841: Template Peer
(although policy changes are subject to a three-minute delay). Note: NETGEAR Managed Switch does not support a remote-as as-number command in Peer Template Configuration mode. The neighbor’s AS number must be specified when the neighbor is created.
Page 842 M6100 Series Switches Default No peer templates are configured by default. Format template peer name Mode BGP Router Config Parameter Description name The name of the template. The name may be no more than 32 characters. Command example: (R1) (Config)# router bgp 65000 (R1) (Config-router)# neighbor 172.20.1.2 remote-as 65001...
Page 843 M6100 Series Switches address-family To configure policy parameters within a peer template to be applied to a specific address family, use the address-family command in Peer Template Configuration mode. This command enters an Address Family Configuration mode within the peer template. Policy commands configured within this mode apply to the address family.
Page 844 Use this command in Peer Template Configuration mode to add it to a peer template to configure a connection retry interval. If a neighbor does not respond to an initial TCP connection attempt, NETGEAR Managed Switch retries three times. The first retry is after the retry interval configured with the command neighbor connect-retry-interval on page 820.
Page 845: Description (Peer Template Config)
M6100 Series Switches Default 2 seconds Format connect-retry-interval retry-time Mode Peer Template Config Parameter Description retry-time The number of seconds to wait before attempting to establish a TCP connection with a neighbor after a previous attempt failed. no connect-retry-interval This command resets to the default the connection retry time in a peer template.
Page 846: Password (Peer Template Config)
M6100 Series Switches password (Peer Template Config) Use this command in Peer Template Configuration mode to configure a TCP password in a peer template. Default MD5 authentication is disabled. Format password string Mode Peer Template Config Parameter Description string Case-sensitive password from 1 to 25 characters in length.
Page 847 M6100 Series Switches timers Use this command in Peer Template Configuration mode to configure the keepalive and hold timers in a peer template. Default The keepalive and hold timers default to the globally configured values set with the address-family command.
Page 848: Timers Bgp
M6100 Series Switches no update-source This command configures the peer template to use the primary IPv4 address on the outgoing interface to the neighbor for the TCP connection. Format no update-source [unit/slot/port | loopback number] Mode Peer Template Config timers bgp This command configures the keepalive and hold times that BGP uses for all of its neighbors.
Page 849: Clear Ip Bgp Counters
M6100 Series Switches a neighbor does not support the Route Refresh capability, then updated policy is applied to routes previously received from the neighbor. When a change is made to an outbound policy, BGP schedules an outbound soft reset to update neighbors according to the new policy.
Page 850: Show Ip Bgp
M6100 Series Switches Note: To display the debug trace, enable the debug console command. Default No debug tracing is enabled by default Format debug ip bgp [peer-address | events | keepalives | notification | open | refresh | updates] Mode...
Page 851 M6100 Series Switches The command output displays the following information. Parameter Description BGP table version Each time phase 2 of the BGP decision process runs to select new BGP routes, this number is incremented Status codes • s. The route is aggregated into an aggregate address configured with the summary-only option •...
Page 852 M6100 Series Switches *> 24.14.8.0/24 100.10.1.1 20 10 Communities: no-export-subconfed If you enter the command with the network/pfx-len option and without any additional options, then the output format lists more information about the individual prefix. The best path is always listed first, followed by any nonbest paths. The output only shows attributes that are included with each path.
Page 853: Show Ip Bgp Aggregate-Address
M6100 Series Switches AS Path........20 10 Origin........IGP Metric........10 Type........External IGP Cost........30 Peer (Peer ID)......100.10.1.1 (32.4.1.1) BGP Next Hop....... 100.10.1.1 Atomic Aggregate......Included Aggregator (AS, Router ID)....300, 14.1.1.1 Communities........ no-export Non-best Paths: Local Preference......200 AS Path........
Page 854: Show Ip Bgp Community
M6100 Series Switches show ip bgp community This command shows BGP IPv4 routes that belong to a specified set of communities. Format show ip bgp community communities [exact-match] Mode Privileged EXEC Parameter Description communities A string of zero or more community values, which may be in either format and may contain the well-known community keywords no-advertise and no-export.
Page 855 MP. Multiprotocol • RF. Route Refresh This version of NETGEAR Managed Switch does not support any multiprotocol AFI/SAFI pairs other than IPv4 unicast. The presence of this capability does not imply otherwise. IPv4 Unicast Indicates whether IPv4 unicast routes can be exchanged with this peer. Both indicates that IPv4 is Support active locally and the neighbor indicated support for IPv4 unicast in its OPEN message.
Page 856 M6100 Series Switches Parameter Description Configured Keep The configured KEEPALIVE interval for this neighbor. Alive Time Negotiated Hold The minimum of the configured hold time and the hold time in the OPEN message received from this Time neighbor. If the local router does not receive a KEEPALIVE or UPDATE message from this neighbor within this interval of time, the local router drops the adjacency.
Page 857 M6100 Series Switches Remote Address ........ 172.20.1.100 Remote AS ........100 Peer ID ........14.3.0.1 Peer Admin Status ......START Peer State ........ESTABLISHED Local Interface Address ....... 172.20.1.2 Local Port ........179 Remote Port ........58265 Connection Retry Interval ..... 120 sec Neighbor Capabilities ......
Page 858 M6100 Series Switches IPv6 Prefix Statistics: Inbound Outbound Prefixes Advertised Prefixes Withdrawn Prefixes Current Prefixes Accepted Prefixes Rejected Max NLRI per Update Min NLRI per Update If the router receives an UPDATE message with an invalid path attribute, the router will in most cases send a NOTIFICATION message and reset the adjacency.
Page 859: Show Ip Bgp Neighbors Advertised-Routes
172.20.101.100 with something other than the peer’s ASN as the first ASN in the AS Path. The additional counter shows that this occurred one time. (NETGEAR Switch) #show ip bgp neighbors 172.20.101.100 Remote Address ........ 172.20.101.100 Remote AS ........101 Last Error ........
Page 860 Note: The value of the ORIGIN attribute follows immediately after the AS Path. Command example: (NETGEAR Switch) #show ip bgp neighbors 172.20.101.100 advertised-routes BGP table version is 5, local router ID is 20.1.1.1 Status codes: p advertisement pending Origin codes: i - IGP, e - EGP, ? - incomplete Originating default network 0.0.0.0...
Page 861: Show Ip Bgp Neighbors Policy
The peer address of a neighbor. Policy A neighbor-specific BGP policy. Template If the policy is inherited from a peer template, this field lists the template name. Command example: (NETGEAR Switch) #show ip bgp neighbors 172.20.101.100 policy Neighbor Policy Template --------------- ------------------------------- ------------------------ 172.20.101.100...
Page 862: Show Ip Bgp Route-Reflection
The AS path as received from the peer Origin The value of the Origin attribute as received from the peer Command example: (NETGEAR Switch) #show ip bgp neighbors 172.20.101.100 received-routes local router ID is 20.1.1.1 Origin codes: i - IGP, e - EGP, ? - incomplete Network...
Page 863: Show Ip Bgp Statistics
A list of this router’s internal peers that are not configured as route reflector clients. Routes from Peers non-client peers are reflected to clients and vice-versa. Command example: (NETGEAR Switch) #show ip bgp route-reflection Cluster ID ........1.1.1.1 (configured) Client-to-client Reflection ....Enabled Clients: 172.20.1.2, 172.20.3.2, 172.20.5.2 Non-client Internal Peers: 192.168.1.2, 192.162.2.2...
Page 864: Show Ip Bgp Summary
M6100 Series Switches Parameter Description GenId Generation ID of BGP routing table when decision process was run. The generation ID is incremented each time phase 2 of the decision process is run and when there is a change to the status of aggregate addresses.
Page 865 M6100 Series Switches The command displays the following information. Parameter Description IPv4 Routing Displays whether IPv4 routing is globally enabled. BGP does not include the IPv4 unicast AFI/SAFI capability in OPEN messages it sends unless routing is globally enabled. BGP Admin Mode...
Page 866: Show Ip Bgp Template
M6100 Series Switches Parameter Description Up/Down Time Displays how long the adjacency has been in the ESTABLISHED state, or, if the adjacency is down, how long it has been down. In days:hours:minutes:seconds Pfx Rcvd The number of prefixes received from the neighbor...
Page 867: Show Ip Bgp Traffic
The address family to which the configuration command applies. This field is blank for session parameters, which apply to all address families. Configuration Configuration commands that are included in the template. Command example: (NETGEAR Switch) #show ip bgp template Template Name Configuration ------------- ----...
Page 868: Show Ip Bgp Update-Group
Includes best route change and next hop resolution change notifications from the routing table. MIB Queries Includes pending SNMP queries for BGP status Command example: (NETGEAR Switch) #show ip bgp traffic Time Since Counters Cleared: 55223 Seconds BGP Message Statistics Open Update...
Page 869 M6100 Series Switches Parameter Description group-index (Optional) If specified, this option restricts the output to a single update group. peer-address (Optional) If specified, this option restricts the output to the update group containing the peer with the given address. The command displays the following information.
Page 870 M6100 Series Switches Parameter Description UPDATE Send The number of UPDATE messages that failed to be delivered to all members of the group Failures Current Members The IPv4 address of all current members of the group The update send history table show statistics on as many as the ten most recent executions of the update send process for the update group.
Page 871 M6100 Series Switches Current Members: 172.20.1.100, 172.20.2.100 Version Delta T Duration UPD Built UPD Sent Paths Sent Pfxs Adv Pfxs Wd 00:33:49 1250 00:33:49 00:33:49 1000 00:33:49 1018 00:33:49 00:33:49 1750 00:33:49 00:31:49 00:23:49 1000 00:03:49 1250 Update Group ID......1 Peer Type........
Page 872: Show Bgp Ipv
M6100 Series Switches show bgp ipv6 Use the show bgp ipv6 command in Privileged EXEC mode to display IPv6 routes in the BGP routing table. Format show bgp ipv6 [ipv6-prefix/prefix-length [longer-prefixes | shorter-prefixes [length]] | filter-list as-path-list] Mode Privileged Exec...
Page 873: Show Bgp Ipv6 Aggregate-Address
M6100 Series Switches Network Next Hop Metric LocPrf Path *> 2001:DB8::/48 3FFE:100::1 20 10 3FFE:200::4 *> 2001:DB8:4:5::/64 3FFE:100::1 20 10 show bgp ipv6 aggregate-address This command lists IPv6 aggregate addresses that have been configured and indicates whether each is currently active.
Page 874: Show Bgp Ipv6 Community-List
M6100 Series Switches Parameter Description communities A string of zero or more community values, which may be in either format and may contain the well-known community keywords no-advertise and no-export. The output displays routes that belong to every community specified in the command.
Page 875: Show Bgp Ipv6 Neighbors Policy
A list of this router’s internal peers that are not configured as route reflector clients. Routes from Peers non-client peers are reflected to clients and vice-versa. Command example: (NETGEAR Switch) #show bgp ipv6 route-reflection Cluster ID ........0.0.0.0 (default) Client-to-client Reflection ....Enabled Clients:...
Page 876: Routing Policy Commands
M6100 Series Switches show bgp ipv6 summary This command displays a summary of BGP IPv6 configuration and status. The output and field descriptions are the same as for the command show ip bgp summary on page 864, except that Number of Network Entries, Number of AS Paths, and Pfx Rcvd all count IPv6 rather than IPv4 routing information.
Page 877: Ip As-Path Access-List
Statements are applied in the order in which they are created. New statements are added to the end of the list. The statement with the first matching regular expression is applied. NETGEAR Managed Switch allows configuration of up to 128 AS path access lists, with up to 64 statements each.
Page 878: Ip Bgp-Community New-Format
The following example configures the router to reject routes that it receives from neighbor 172.20.1.1 with an AS path that indicates that the route originates in, or passes through, AS 100: (NETGEAR Switch)(Config)# ip as-path access-list 1 deny _100_ (NETGEAR Switch)(Config)# ip as-path access-list 1 deny ^100$ (NETGEAR Switch)(Config)# router bgp 1 (NETGEAR Switch)(Config-router)# neighbor 172.20.1.1 remote-as 200...
Page 879: Ip Community-List
M6100 Series Switches no ip bgp-community new-format To display BGP standard communities as 32-bit integers, use the no ip bgp-community new-format command. Format no ip bgp-community new-format Mode Global Configuration ip community-list To create or configure a BGP community list, use the ip community-list command in Global Configuration mode.
Page 880: Show Ip As-Path-Access-List
(Optional) When an AS path list number is specified, the output is limited to the single AS path list specified. The number is an integer from 1 to 500. Command example: (NETGEAR Switch)# show ip as-path-access-list AS path access list 1 deny _100_...
Page 881: Clear Ip Community-List
M6100 Series Switches clear ip community-list This command clears community lists. Format clear ip community-list [community-list-name] Mode Privileged EXEC Parameter Description community-list-name (Optional) A community list name. Border Gateway Protocol Commands...
Page 882: Chapter 12 Ipv6 Commands
IPv6 Commands This chapter describes the IPv6 commands available in the NETGEAR Managed Switch SMB CLI. The chapter contains the following sections: • IPv6 Management Commands • Tunnel Interface Commands • Loopback Interface Commands • IPv6 Routing Commands • OSPFv3 Commands •...
Page 883: Ipv6 Management Commands
IPv6 Management commands allow a device to be managed via an IPv6 address in a switch or IPv4 routing (i.e., independent from the IPv6 Routing package). For Routing/IPv6 builds of NETGEAR Managed Switch software, dual IPv4/IPv6 operation over the service port is enabled. NETGEAR Managed Switch software has capabilities such as: •...
Page 884: Serviceport Ipv6 Address
M6100 Series Switches no network ipv6 enable Use this command to disable IPv6 operation on the network port. Format no network ipv6 enable Mode Privileged EXEC serviceport ipv6 address Use the options of this command to manually configure IPv6 global address, enable/disable stateless global address autoconfiguration and to enable/disable dhcpv6 client protocol information on the service port.
Page 885: Serviceport Ipv6 Gateway
M6100 Series Switches serviceport ipv6 gateway Use this command to configure IPv6 gateway information (that is, default routers information) for the service port. Note: Only a single IPv6 gateway address can be configured for the service port. There may be a combination of IPv6 prefixes and gateways that...
Page 886: Network Ipv6 Address
M6100 Series Switches no serviceport ipv6 neighbor Use this command to remove IPv6 neighbors from the IPv6 neighbor table for the service port. Format no serviceport ipv6 neighbor ipv6-address macaddr Mode Privileged EXEC network ipv6 address Use the options of this command to manually configure IPv6 global address, enable/disable stateless global address autoconfiguration and to enable/disable dhcpv6 client protocol information for the network port.
Page 887: Network Ipv6 Gateway
M6100 Series Switches network ipv6 gateway Use this command to configure IPv6 gateway (i.e. default routers) information for the network port. Format network ipv6 gateway gateway-address Mode Privileged EXEC Parameter Description gateway-address Gateway address in IPv6 global or link-local address format.
Page 888: Show Network Ipv6 Neighbors
The time in seconds that has elapsed since an entry was added to the cache. Type The type of neighbor entry. The type is Static if the entry is manually configured and Dynamic if dynamically resolved. Command example: (NETGEAR Routing) #show network ipv6 neighbors Neighbor IPv6 Address MAC Address isRtr State...
Page 889: Ping Ipv6
The time in seconds that has elapsed since an entry was added to the cache. Type The type of neighbor entry. The type is Static if the entry is manually configured and Dynamic if dynamically resolved. Command example: (NETGEAR Routing) #show serviceport ipv6 neighbors Neighbor IPv6 Address MAC Address isRtr State...
Page 890: Tunnel Interface Commands
M6100 Series Switches Use the optional size keyword and datagram-size parameter to specify the size of the ping packet. Default The default count is 1. The default interval is 3 seconds. The default size is 0 bytes. Format ping ipv6 {ipv6-global-address | hostname | {interface {unit/slot/port | vlan...
Page 891: Interface Tunnel
M6100 Series Switches interface tunnel Use this command to enter the Interface Config mode for a tunnel interface. The tunnel-id range is 0 to 7. Format interface tunnel tunnel-id Mode Global Config no interface tunnel This command removes the tunnel interface and associated configuration parameters for the specified tunnel interface.
Page 892: Show Interface Tunnel
M6100 Series Switches show interface tunnel This command displays the parameters related to tunnel such as tunnel mode, tunnel source address and tunnel destination address. Format show interface tunnel [tunnel-id] Mode Privileged EXEC If you do not specify a tunnel ID, the command shows the following information for each configured tunnel.
Page 893: Interface Loopback
M6100 Series Switches interface loopback Use this command to enter the Interface Config mode for a loopback interface. The range of the loopback ID is 0 to 7. Format interface loopback loopback-id Mode Global Config no interface loopback This command removes the loopback interface and associated configuration parameters for the specified loopback interface.
Page 894: Ipv6 Routing Commands
M6100 Series Switches IPv6 Routing Commands This section describes the IPv6 commands you use to configure IPv6 on the system and on the interfaces. This section also describes IPv6 management commands and show commands. ipv6 hop-limit This command defines the unicast hop count used in ipv6 packets originated by the node.
Page 895: Ipv6 Address
M6100 Series Switches When you use this command, the interface is automatically configured with a link-local address. You do not need to use this command if you configured an IPv6 global address on the interface. Default disabled Format ipv6 enable...
Page 896: Ipv6 Address Autoconfig
M6100 Series Switches no ipv6 address Use this command to remove all IPv6 addresses on an interface or specified IPv6 address. The prefix parameter consists of the bits of the address to be configured. The prefix_length designates how many of the high-order contiguous bits of the address comprise the prefix.The optional eui-64 field designates that IPv6 processing on the...
Page 897: Ipv6 Route
M6100 Series Switches no ipv6 address dhcp This command releases a leased address and disables DHCPv6 on an interface. Format no ipv6 address dhcp Mode Interface Config ipv6 route Use this command to configure an IPv6 static route. The ipv6-prefix is the IPv6 network that is the destination of the static route.
Page 898: Ipv6 Mtu
M6100 Series Switches ipv6 route distance This command sets the default distance (preference) for IPv6 static routes. Lower route distance values are preferred when determining the best route. The ipv6 route distance command lets you optionally set the distance (preference) of an individual static route.
Page 899: Ipv6 Nd Dad Attempts
M6100 Series Switches no ipv6 mtu This command resets maximum transmission unit value to default value. Format no ipv6 mtu Mode Interface Config ipv6 nd dad attempts This command sets the number of duplicate address detection probes transmitted on an interface or range of interfaces.
Page 900: Ipv6 Nd Ns-Interval
M6100 Series Switches ipv6 nd ns-interval This command sets the interval between router advertisements for advertised neighbor solicitations, in milliseconds. An advertised value of 0 means the interval is unspecified. This command can configure a single interface or a range of interfaces. The milliseconds variable is a period in milliseconds in the range of 1000–4294967295.
Page 901: Ipv6 Nd Ra-Lifetime
M6100 Series Switches no ipv6 nd ra-interval This command sets router advertisement interval to the default. Format no ipv6 nd ra-interval-max Mode Interface Config ipv6 nd ra-lifetime This command sets the value, in seconds, that is placed in the Router Lifetime field of the router advertisements sent from the interface or range of interfaces.
Page 902: Ipv6 Nd Reachable-Time
M6100 Series Switches ipv6 nd reachable-time This command sets the router advertisement time to consider a neighbor reachable after neighbor discovery confirmation. Reachable time is specified in milliseconds in a range of 0–4294967295 milliseconds. A value of zero means the time is unspecified by the router.
Page 903: Ipv6 Nd Prefix
M6100 Series Switches no ipv6 nd suppress-ra This command enables router transmission on an interface Format no ipv6 nd suppress-ra Mode Interface Config ipv6 nd prefix Use the ipv6 nd prefix command to configure parameters associated with prefixes the router advertises in its router advertisements. The first optional parameter is the valid lifetime of the router, in seconds in the range of 0–4294967295 seconds.You can specify a value or...
Page 904: Ipv6 Neighbor
M6100 Series Switches ipv6 neighbor Configures a static IPv6 neighbor with the given IPv6 address and MAC address on a routing or host interface. The argument unit/slot/port corresponds to a physical routing interface or VLAN routing interface. The vlan keyword and vland-id parameter are used to specify the VLAN ID of the routing VLAN directly instead of in the unit/slot/port format.
Page 905: Ipv6 Nud
M6100 Series Switches no ipv6 neighbors dynamicrenew Disables automatic renewing of IPv6 neighbor entries. Format no ipv6 neighbors dynamicrenew Mode Global Config ipv6 nud Use this command to configure Neighbor Unreachability Detection (NUD). NUD verifies that communication with a neighbor exists.
Page 906: Ipv6 Unreachables
M6100 Series Switches Format ip prefix-list list-name {[seq number] {permit | deny} ipv6-prefix/prefix-length [ge length] [le length] | renumber renumber-interval first-statement-number} Mode Global Configuration Parameter Description list-name The text name of the prefix list. Up to 32 characters. seq number (Optional) The sequence number for this prefix list statement.
Page 907: Ipv6 Unresolved-Traffic
M6100 Series Switches Default enable Format ipv6 unreachables Mode Interface Config no ipv6 unreachables Use this command to prevent the generation of ICMPv6 Destination Unreachable messages. Format no ipv6 unreachables Mode Interface Config ipv6 unresolved-traffic Use this command to control the rate at which IPv6 data packets come into the CPU. By default, rate limiting is disabled.
Page 908: Show Ipv6 Brief
M6100 Series Switches Default burst-interval of 1000 msec. burst-size of 100 messages Format ipv6 icmp error-interval burst-interval [burst-size] Mode Global Config no ipv6 icmp error-interval Use the no ipv6 icmp error-interval command to return the burst-interval and burst-size to their default values.
Page 909: Show Ipv6 Interface
Neighbor Solicitation transmission during NUD (neighbor unreachabililty detection) following the Backoff Multiple exponential backoff algorithm. Command example: (NETGEAR Switch) #show ipv6 brief IPv6 Unicast Routing Mode...... Disable IPv6 Hop Limit......... 0 ICMPv6 Rate Limit Error Interval....1000 msec ICMPv6 Rate Limit Burst Size....100 messages Maximum Routes.........
Page 910 M6100 Series Switches If you use the brief parameter, the following information displays for all configured IPv6 interfaces. Term Definition Interface The interface in unit/slot/port format. IPv6 Operational Shows whether the mode is enabled or disabled. Mode IPv6 Shows the IPv6 address and length on interfaces with IPv6 enabled.
Page 911 Shows whether the onlink flag is set (enabled) in the prefix. Autonomous Flag Shows whether the autonomous address-configuration flag (autoconfig) is set (enabled) in the prefix. Command example: (NETGEAR Switch) #show ipv6 interface brief Oper. Interface Mode IPv6 Address/Length ---------- -------- ---------------------------------...
Page 912: Show Ipv6 Interface Vlan
M6100 Series Switches IPv6 Enable Mode....... Enabled Administrative Mode......Enabled IPv6 Operational Mode......Enabled Bandwidth........10000 kbps Interface Maximum Transmit Unit....1500 Router Duplicate Address Detection Transmits... 1 Address DHCP Mode......Disabled IPv6 Hop Limit Unspecified..... Enabled Router Advertisement NS Interval....0 Router Advertisement Lifetime....
Page 913: Show Ipv6 Neighbors
M6100 Series Switches ID of the routing VLAN directly instead of in the unit/slot/port format. The vlan-id parameter is a number in the range of 1–4093. Format show ipv6 dhcp [interface {unit/slot/port | vlan vland-id}] Modes Privileged EXEC Term Definition Mode Displays whether the specified interface is in Client mode or not.
Page 914: Clear Ipv6 Neighbors
M6100 Series Switches Term Definition Interface The interface in unit/slot/port format. IPv6 Address IPV6 address of neighbor or interface. MAC Address Link-layer Address. IsRtr Shows whether the neighbor is a router. If the value is TRUE, the neighbor is known to be a router, and FALSE otherwise.
Page 915 Whether default advertisement depends on having a default route in the common routing table. Metric The metric configured to be advertised with the default route. Metric Type The metric type for the default route. Command example: (NETGEAR Switch) #show ipv6 protocols Routing Protocol ......BGP IPv6 Commands...
Page 916: Show Ipv6 Route
M6100 Series Switches BGP Router ID ......... 1.1.1.1 Local AS Number ....... 1 BGP Admin Mode ........ Enable Maximum Paths ......... Internal 1, External 1 Always compare MED ......FALSE Maximum AS Path Length ......75 Fast Internal Failover ......Enable Fast External Failover ......
Page 917 M6100 Series Switches The argument unit/slot/port corresponds to a physical routing interface or VLAN routing interface. The vlan keyword and vland-id parameter are used to specify the VLAN ID of the routing VLAN directly instead of in the unit/slot/port format. The vlan-id parameter is a number in the range of 1–4093.
Page 918 OSPF/RIP. Reject routes are supported in both OSPFv2 and OSPFv3. Command example: (NETGEAR Routing) #show ipv6 route IPv6 Routing Table - 3 entries Codes: C - connected, S - static O - OSPF Intra, OI - OSPF Inter, OE1 - OSPF Ext 1, OE2 - OSPF Ext 2...
Page 919: Show Ipv6 Route Ecmp-Groups
Mode Privileged EXEC Command example: (NETGEAR Switch) #show ipv6 route ecmp-groups ECMP Group 1 with 2 next hops (used by 1 route) 2001:DB8:1::1 on interface 2/1 2001:DB8:2::14 on interface 2/2 ECMP Group 2 with 3 next hops (used by 1 route)
Page 920: Show Ipv6 Route Preferences
M6100 Series Switches show ipv6 route preferences Use this command to show the preference value associated with the type of route. Lower numbers have a greater preference. A route with a preference of 255 cannot be used to forward traffic.
Page 921 M6100 Series Switches Term Definition OSPF Routes Total number of routes installed by OSPFv3 protocol. Reject Routes Total number of reject routes installed by all protocols. Number of Prefixes Summarizes the number of routes with prefixes of different lengths. Total Routes The total number of routes in the routing table.
Page 922 Routes with n Next Hops The current number of routes with each number of next hops. Command example: (NETGEAR Routing) #show ipv6 route summary Connected Routes....... 4 Static Routes........0 6To4 Routes........0 BGP Routes........
Page 923: Show Ipv6 Traffic
M6100 Series Switches clear ipv6 route counters The command resets to zero the IPv6 routing table counters reported in the command show ipv6 route summary on page 920. The command only resets event counters. Counters that report the current state of the routing table, such as the number of routes of each type, are not reset.
Page 924 M6100 Series Switches Format show ipv6 traffic [{unit/slot/port | vlan vlan-id | loopback loopback-id | tunnel tunnel-id}] Mode Privileged EXEC Term Definition Total Datagrams Received Total number of input datagrams received by the interface, including those received in error. Received Datagrams Locally...
Page 925 M6100 Series Switches Term Definition Datagrams Failed To Reassemble Number of failures detected by the IPv6 reassembly algorithm (for whatever reason: timed out, errors, etc.). Note that this is not necessarily a count of discarded IPv6 fragments since some algorithms (notably the algorithm in by combining them as they are received.
Page 926 M6100 Series Switches Term Definition ICMPv6 Packet Too Big Messages Number of ICMP Packet Too Big messages received by the interface. Received ICMPv6 Echo Request Messages Number of ICMP Echo (request) messages received by the interface. Received ICMPv6 Echo Reply Messages Number of ICMP Echo Reply messages received by the interface.
Page 927: Clear Ipv6 Statistics
M6100 Series Switches Term Definition ICMPv6 Echo Request Messages Number of ICMP Echo (request) messages sent by the interface.ICMP echo Transmitted messages sent. ICMPv6 Echo Reply Messages Number of ICMP Echo Reply messages sent by the interface. Transmitted ICMPv6 Router Solicit Messages Number of ICMP Router Solicitation messages sent by the interface.
Page 928: Ospfv3 Commands
M6100 Series Switches OSPFv3 Commands This section describes the commands you use to configure OSPFv3, which is a link-state routing protocol that you use to route traffic within a network. This section includes the following subsections: • Global OSPFv3 Commands on page 928 •...
Page 929: Area Nssa Default-Info-Originate (Ospfv)
M6100 Series Switches area nssa default-info-originate (OSPFv3) This command configures the metric value and type for the default route advertised into the NSSA. The optional metric parameter specifies the metric of the default route and must be in the range of 1–16777214. If no metric is specified, the default value is 10. The metric type can be comparable (nssa-external 1) or noncomparable (nssa-external 2).
Page 930: Area Nssa Translator-Role (Ospfv)
M6100 Series Switches no area nssa no-summary (OSPFv3) This command disables nssa from the summary LSAs. Format no area area-id nssa no-summary Mode Router OSPFv3 Config area nssa translator-role (OSPFv3) This command configures the translator role of the NSSA. Selecting always causes the...
Page 931: Area Range (Ospfv)
M6100 Series Switches area range (OSPFv3) Use this command to configure a summary prefix that an area border router advertises for a specific area. Default No area ranges are configured by default. No cost is configured by default. Format area area-id range prefix netmask {summarylink | nssaexternallink} [advertise...
Page 932: Area Stub No-Summary (Ospfv)
M6100 Series Switches no area stub This command deletes a stub area for the specified area ID. Format no area area-id stub Mode Router OSPFv3 Config area stub no-summary (OSPFv3) This command disables the import of Summary LSAs for the stub area identified by area-id.
Page 933: Area Virtual-Link Hello-Interval (Ospfv)
M6100 Series Switches Default Format area area-id virtual-link neighbor dead-interval seconds Mode Router OSPFv3 Config no area virtual-link dead-interval This command configures the default dead interval for the OSPF virtual interface on the virtual interface identified by area-id and neighbor. The neighbor parameter is the Router ID of the neighbor.
Page 934: Area Virtual-Link Transmit-Delay (Ospfv)
M6100 Series Switches no area virtual-link retransmit-interval This command configures the default retransmit interval for the OSPF virtual interface on the virtual interface identified by area-id and neighbor. The neighbor parameter is the Router ID of the neighbor. Format no area area-id virtual-link neighbor retransmit-interval...
Page 935: Clear Ipv6 Ospf
M6100 Series Switches Default 100 Mbps Format auto-cost reference-bandwidth mbps Mode Router OSPFv3 Config no auto-cost reference-bandwidth (OSPFv3) Use this command to set the reference bandwidth to the default value. Format no auto-cost reference-bandwidth Mode Router OSPFv3 Config clear ipv6 ospf Use this command to disable and re-enable OSPF.
Page 936: Clear Ipv6 Ospf Neighbor Interface
M6100 Series Switches clear ipv6 ospf neighbor interface To drop adjacency with all neighbors on a specific interface, use the optional parameter unit/slot/port. The argument unit/slot/port corresponds to a physical routing interface or VLAN routing interface. The vlan keyword and vland-id parameter are used to specify the VLAN ID of the routing VLAN directly instead of in the unit/slot/port format.
Page 937: Default-Metric (Ospfv)
M6100 Series Switches default-metric (OSPFv3) This command is used to set a default for the metric of distributed routes. The metric argument can be a number in the range 0–16777214. Format default-metric metric Mode Router OSPFv3 Config no default-metric (OSPFv3) This command is used to set a default for the metric of distributed routes.
Page 938: Exit-Overflow-Interval (Ospfv)
M6100 Series Switches no enable (OSPFv3) This command sets the administrative mode of OSPF in the router to inactive. Format no enable Mode Router OSPFv3 Config exit-overflow-interval (OSPFv3) This command configures the exit overflow interval for OSPF. It describes the number of seconds after entering Overflow state that a router will wait before attempting to leave the overflow state.
Page 939: Maximum-Paths (Ospfv)
M6100 Series Switches no external-lsdb-limit This command configures the default external LSDB limit for OSPF. Format no external-lsdb-limit Mode Router OSPFv3 Config maximum-paths (OSPFv3) This command sets the number of paths that OSPF can report for a given destination where maxpaths is platform dependent.
Page 940: Passive-Interface (Ospfv)
M6100 Series Switches passive-interface (OSPFv3) Use this command to set the interface or tunnel as passive. The argument unit/slot/port corresponds to a physical routing interface or VLAN routing interface. The vlan keyword and vland-id parameter are used to specify the VLAN ID of the routing VLAN directly instead of in the unit/slot/port format.
Page 941: Router-Id (Ospfv)
M6100 Series Switches no redistribute This command configures OSPF protocol to prohibit redistribution of routes from the specified source protocol/routers. Format no redistribute {static | connected} [metric] [metric-type] [tag] Mode Router OSPFv3 Config router-id (OSPFv3) This command sets a 4-digit dotted-decimal number uniquely identifying the router ospf id.
Page 942: Timers Throttle Spf
M6100 Series Switches timers throttle spf The initial wait interval is set to an amount of delay specified by the spf-hold value. If an SPF calculation is not scheduled during the current wait interval, the next SPF calculation is scheduled at a delay of spf-start. If there has been an SPF calculation scheduled during the current wait interval, the wait interval is set to two times the current wait interval until the wait interval reaches the maximum time in milliseconds as specified in spf-maximum.
Page 943 M6100 Series Switches Table 14. Trapflag groups (OSPFv3) Group Flags errors • authentication-failure • bad-packet • config-error • virt-authentication-failure • virt-bad-packet • virt-config-error • lsa-maxage • lsa-originate overflow • lsdb-overflow • lsdb-approaching-overflow retransmit • packets • virt-packets state-change • if-state-change •...
Page 944: Ipv6 Ospf Area
M6100 Series Switches Format no trapflags {all | errors {all | authentication-failure | bad-packet | config-error | virt-authentication-failure | virt-bad-packet | virt-config-error} | lsa {all | lsa-maxage | lsa-originate} | overflow {all | lsdb-overflow | lsdb-approaching-overflow} | retransmit {all | packets |...
Page 945: Ipv6 Ospf Dead-Interval
M6100 Series Switches ipv6 ospf dead-interval This command sets the OSPF dead interval for the specified interface or range of interfaces. The value for seconds is a valid positive integer, which represents the length of time in seconds that a router's Hello packets have not been seen before its neighbor routers declare that the router is down.
Page 946: Ipv6 Ospf Network
M6100 Series Switches Default False Format ipv6 ospf link-lsa-suppression Mode Privileged EXEC no ipv6 ospf link-lsa-suppression This command returns Link LSA Suppression for the interface to disabled. When Link LSA Suppression is disabled, Link LSA protocol packets are originated (transmitted) on the P2P interface.
Page 947: Ipv6 Ospf Prefix-Suppression
M6100 Series Switches Default broadcast Format ipv6 ospf network {broadcast | point-to-point} Mode Interface Config no ipv6 ospf network This command sets the interface type to the default value. Format no ipv6 ospf network {broadcast | point-to-point} Mode Interface Config...
Page 948: Ipv6 Ospf Priority
M6100 Series Switches ipv6 ospf priority This command sets the OSPF priority for the specified router interface or range of interfaces. For the priority argument, the priority of the interface is an integer in the range from 0 to 255. A value of 0 indicates that the router is not eligible to become the designated router on this network.
Page 949: Ospfv3 Graceful Restart Commands
M6100 Series Switches Default Format ipv6 ospf transmit-delay seconds Mode Interface Config no ipv6 ospf transmit-delay This command sets the default OSPF Transit Delay for the specified interface. Format no ipv6 ospf transmit-delay Mode Interface Config OSPFv3 Graceful Restart Commands The OSPFv3 protocol can be configured to participate in the checkpointing service, so that these protocols can execute a graceful restart when the management unit fails.
Page 950: Nsf Restart-Interval (Ospfv)
M6100 Series Switches Parameter Description ietf This keyword is accepted but not required. planned-only This optional keyword indicates that OSPF should only perform a graceful restart when the restart is planned (that is, when the restart is a result of the initiate failover command).
Page 951: Nsf Helper (Ospfv)
M6100 Series Switches nsf helper (OSPFv3) Use this command to enable helpful neighbor functionality for the OSPF protocol. You can enable this functionality for planned or unplanned restarts, or both. Default OSPF may act as a helpful neighbor for both planned and unplanned restarts...
Page 952: Max-Metric Router-Lsa (Ospfv3 Router Configuration)
M6100 Series Switches Default Enabled. Format nsf [ietf] helper strict-lsa-checking Modes Router OSPFv3 Config Parameter Description ietf This keyword is accepted but not required. no nsf [ietf] helper strict-lsa-checking (OSPFv3) Use this command to allow OSPF to continue as a helpful neighbor in spite of topology changes.
Page 953: Clear Ipv6 Ospf Stub-Router
M6100 Series Switches Default OSPF is not in stub router mode by default Format max-metric router-lsa [on-startup seconds] [summary-lsa {metric}] max-metric router-lsa [external-lsa [max-metric-value]] [inter-area-lsas [max-metric-value]] [on-startup seconds] [summary-lsa [max-metric-value]] Mode OSPFv3 Router Configuration Parameter Description external-lsa (Optional) Sends the maximum metric values for external LSAs. max-metric-value is the maximum metric value to use for LSAs.
Page 954: Ospfv3 Show Commands
M6100 Series Switches Format clear ipv6 ospf stub-router Mode Privileged EXEC OSPFv3 Show Commands show ipv6 ospf This command displays information relevant to the OSPF router. Format show ipv6 ospf Mode Privileged EXEC User EXEC Note: Some of the information below displays only if you enable OSPF and configure certain features.
Page 955 M6100 Series Switches Term Definition Default Metric Default value for redistributed routes. Default Route Indicates whether the default routes received from other source protocols are advertised or not. Advertise Always Shows whether default routes are always advertised. Metric The metric for the advertised default routes. If the metric is not configured, this field is blank.
Page 956 M6100 Series Switches Term Definition LSA High Water The maximum size of the link state database since the system started. Mark Retransmit List The total number of LSAs waiting to be acknowledged by all neighbors. An LSA may be pending Entries acknowledgment from more than one neighbor.
Page 957: Show Ipv6 Ospf Abr
M6100 Series Switches show ipv6 ospf abr This command displays the internal OSPFv3 routes to reach Area Border Routers (ABR). This command takes no options. Format show ipv6 ospf abr Modes Privileged EXEC User EXEC Term Definition Type The type of the route to the destination. It can be either: •...
Page 958: Show Ipv6 Ospf Asbr
M6100 Series Switches Term Definition Stub Mode Represents whether the specified Area is a stub area or not. The possible values are enabled and disabled. This is a configured value. Import Summary Shows whether to import summary LSAs (enabled). LSAs OSPF Stub Metric The metric value of the stub area.
Page 959: Show Ipv6 Ospf Database
M6100 Series Switches Term Definition Area ID The area ID of the area from which this route is learned. Next Hop Next hop toward the destination. Next Hop Intf The outgoing router interface to use when forwarding traffic to the next hop.
Page 960: Show Ipv6 Ospf Database Database-Summary
M6100 Series Switches Term Definition Sequence A number that represents which LSA is more recent. Checksum The total number LSA checksum. Prefix The IPv6 prefix. Interface The interface for the link. Rtr Count The number of routers attached to the network.
Page 961: Show Ipv6 Ospf Interface
M6100 Series Switches show ipv6 ospf interface This command displays the information for the physical interface or virtual interface tables. The argument unit/slot/port corresponds to a physical routing interface or VLAN routing interface. The vlan keyword and vlan-id parameter are used to specify the VLAN ID of the routing VLAN directly instead of in a unit/slot/port format.
Page 962: Show Ipv6 Ospf Interface Brief
M6100 Series Switches The following information only displays if OSPF is initialized on the interface. Term Definition OSPF Interface Type Broadcast LANs, such as Ethernet and IEEE 802.5, take the value broadcast. The OSPF Interface Type is broadcast. State The OSPF Interface States are: down, loopback, waiting, point-to-point, designated router, and backup designated router.
Page 963: Show Ipv6 Ospf Interface Stats
M6100 Series Switches show ipv6 ospf interface stats This command displays the statistics for a specific interface. The command displays information only if OSPF is enabled. Format show ipv6 ospf interface stats unit/slot/port Modes Privileged EXEC User EXEC Term Definition OSPFv3 Area ID The area id of this OSPF interface.
Page 964: Show Ipv6 Ospf Lsa-Group
M6100 Series Switches Term Definition Invalid OSPF Packet The number of OSPF packets discarded because the packet type field in the OSPF header is not Type a known type. Hellos Ignored The number of received Hello packets that were ignored by this router from the new neighbors after the limit has been reached for the number of neighbors on an interface or on the system as a whole.
Page 965 M6100 Series Switches 1019 1020 1079 1080 1139 1140 1199 1200 1259 1260 1319 1320 1379 1380 1439 1440 1499 1500 1559 1560 1619 1620 1679 1680 1739 1740 1799 1800 1859 1860 1919 show ipv6 ospf max-metric This command displays the configured maximum metrics for stub-router mode.
Page 966: Show Ipv6 Ospf Neighbor
M6100 Series Switches show ipv6 ospf neighbor This command displays information about OSPF neighbors. If you do not specify a neighbor IP address, the output displays summary information in a table. If you specify an interface or tunnel, only the information for that interface or tunnel displays.
Page 967: Show Ipv6 Ospf Range
M6100 Series Switches Term Definition Restart Helper Indicates the status of this router as a helper during a graceful restart of the router specified in the Status command line: • Helping—This router is acting as a helpful neighbor to the specified router.
Page 968: Show Ipv6 Ospf Statistics
M6100 Series Switches Term Definition Area ID The area whose prefixes are summarized. IPv6 Prefix/Prefix The summary prefix and prefix length. Length Type S (Summary Link) or E (External Link) Action Enabled or Disabled Cost Metric to be advertised when the range is active.
Page 969: Show Ipv6 Ospf Stub Table
M6100 Series Switches Command example: (NETGEAR Switch) #show ipv6 ospf statistics Area 0.0.0.0: SPF algorithm executed 10 times Delta T Intra Summ SPF Total RIB Update Reason 23:32:46 R, IP 23:32:09 R, N, IP 23:32:04 23:31:44 R, N, IP 23:31:39...
Page 970: Show Ipv6 Ospf Virtual-Link
M6100 Series Switches show ipv6 ospf virtual-link This command displays the OSPF Virtual Interface information for a specific area and neighbor. The area-id parameter identifies the area and the neighbor parameter identifies the neighbor’s Router ID. Format show ipv6 ospf virtual-link area-id neighbor...
Page 971: Dhcpv6 Commands
M6100 Series Switches DHCPv6 Commands This section describes the commands you use to configure the DHCPv6 server on the system and to view DHCPv6 information. service dhcpv6 This command enables DHCPv6 configuration on the router. Default enabled Format service dhcpv6...
Page 972: Ipv6 Dhcp Server
(NETGEAR Switch) (Config)#interface 1/0/1 (NETGEAR Switch) (Interface 1/0/1)# ipv6 dhcp client pd (NETGEAR Switch) #configure (NETGEAR Switch) (Config)#interface 1/0/1 (NETGEAR Switch) (Interface 1/0/1)# ipv6 dhcp client pd rapid-commit no ipv6 dhcp client pd This command disables requests for prefix delegation. Format...
Page 973: Ipv6 Dhcp Pool
M6100 Series Switches Note: If relay-address is an IPv6 global address, then relay-interface is not required. If relay-address is a link-local or multicast address, then relay-interface is required. Finally, if you do not specify a value for relay-address, then you must...
Page 974: Domain-Name (Ipv)
Command example: The following example configures an IPv6 address prefix for the IPv6 configuration pool pool1: (NETGEAR Switch) #configure (NETGEAR Switch) (Config)# ipv6 dhcp pool pool1 (NETGEAR Switch) (Config-dhcp6s-pool)# address prefix 2001::/64 (NETGEAR Switch) (Config-dhcp6s-pool)# exit domain-name (IPv6) This command sets the DNS domain name which is provided to DHCPv6 client by DHCPv6 server.
Page 975: Dns-Server (Ipv)
M6100 Series Switches dns-server (IPv6) This command sets the ipv6 DNS server address which is provided to dhcpv6 client by dhcpv6 server. The DNS server address is configured for stateless server support. DHCPv6 pool can have multiple number of domain names with a maximum of 8.
Page 976: Show Ipv6 Dhcp
M6100 Series Switches show ipv6 dhcp This command displays the DHCPv6 server name and status. Format show ipv6 dhcp Mode Privileged EXEC Term Definition DHCPv6 is The status of the DHCPv6 server. Enabled (Disabled) Server DUID If configured, shows the DHCPv6 unique identifier.
Page 977: Show Ipv6 Dhcp Interface
M6100 Series Switches Term Definition DHCPv6 Relay-reply Packets Transmitted Number of relay-reply sent statistics. DHCPv6 Relay-forward Packets Transmitted Number of relay-forward sent statistics. Total DHCPv6 Packets Transmitted Total number of DHCPv6 sent statistics. show ipv6 dhcp interface This command displays DHCPv6 information for all relevant interfaces or the specified interface.
Page 978: Show Ipv6 Dhcp Binding
M6100 Series Switches If you use the statistics parameter, the command displays the IPv6 DHCP statistics for the specified interface. See show ipv6 dhcp statistics on page 976 for information about the output. show ipv6 dhcp binding This command displays configured DHCP pool.
Page 979: Show Network Ipv6 Dhcp Statistics
M6100 Series Switches Term Definition Valid Lifetime Valid lifetime in seconds for delegated prefix. DNS Server Address Address of DNS server address. Domain Name DNS domain name. show network ipv6 dhcp statistics This command displays the statistics of the DHCPv6 client running on the network management interface.
Page 980: Management Interface
M6100 Series Switches Field Description DHCPv6 Release Packets The number of DHCPv6 Release packets transmitted on the network interface. Transmitted Total DHCPv6 Packets The total number of DHCPv6 packets transmitted on the network interface. Transmitted Command example: (admin)#show network ipv6 dhcp statistics...
Page 981 M6100 Series Switches Field Description Received DHCPv6 Reply The number of DHCPv6 Reply packets discarded on the service port interface. Packets Discarded DHCPv6 Malformed The number of DHCPv6 packets that are received malformed on the service port interface. Packets Received Total DHCPv6 Packets The total number of DHCPv6 packets received on the service port interface.
Page 982: Clear Ipv6 Dhcp
M6100 Series Switches clear ipv6 dhcp Use this command to clear DHCPv6 statistics for all interfaces or for a specific interface. Use the unit/slot/port parameter to specify the interface. Format clear ipv6 dhcp {statistics | interface unit/slot/port statistics} Mode Privileged EXEC clear ipv6 dhcp binding This command deletes an automatic address binding from the DHCP server database.
Page 983: Dhcpv6 Snooping Configuration Commands
M6100 Series Switches DHCPv6 Snooping Configuration Commands This section describes commands you use to configure IPv6 DHCP Snooping. ipv6 dhcp snooping Use this command to globally enable IPv6 DHCP Snooping. Default disabled Format ipv6 dhcp snooping Mode Global Config no ipv6 dhcp snooping Use this command to globally disable IPv6 DHCP Snooping.
Page 984: Ipv6 Dhcp Snooping Database
M6100 Series Switches no ipv6 dhcp snooping verify mac-address Use this command to disable verification of the source MAC address with the client hardware address. Format no ipv6 dhcp snooping verify mac-address Mode Global Config ipv6 dhcp snooping database Use this command to configure the persistent location of the DHCP Snooping database. This can be local or a remote file on a given IP machine.
Page 985: Ipv6 Dhcp Snooping Trust
M6100 Series Switches no ipv6 dhcp snooping binding Use this command to remove the DHCP static entry from the DHCP Snooping database. Format no ipv6 dhcp snooping binding mac-address Mode Global Config ipv6 dhcp snooping trust Use this command to configure an interface or range of interfaces as trusted.
Page 986: Ipv6 Dhcp Snooping Limit
M6100 Series Switches ipv6 dhcp snooping limit Use this command to control the rate at which the DHCP Snooping messages come on an interface or range of interfaces. By default, rate limiting is disabled. When enabled, the rate can range from 0 to 300 packets per second, which is expressed in the pps argument. The burst level range is 1 to 15 seconds, which is expressed in the seconds argument.
Page 987: Ipv6 Verify Binding
Log Invalid Pkts If it is enabled, DHCP snooping application logs invalid packets on the specified interface. Command example: (NETGEAR Switch) #show ipv6 dhcp snooping DHCP snooping is Disabled DHCP snooping source MAC verification is enabled DHCP snooping is enabled on the following VLANs:...
Page 988: Show Ipv6 Dhcp Snooping Binding
Type Binding type; statically configured from the CLI or dynamically learned. Lease (sec) The remaining lease time for the entry. Command example: (NETGEAR Switch) #show ipv6 dhcp snooping binding Total number of bindings: 2 MAC Address IPv6 Address VLAN Interface...
Page 989: Show Ipv6 Dhcp Snooping Database
Trust State Rate Limit Burst Interval (pps) (seconds) ----------- ---------- ----------- -------------- 1/g1 1/g2 1/g3 (NETGEAR Switch) #show ip dhcp snooping interfaces ethernet 1/0/1 Interface Trust State Rate Limit Burst Interval (pps) (seconds) ----------- ---------- ----------- -------------- 1/0/1 IPv6 Commands...
Page 990: Show Ipv6 Dhcp Snooping Statistics
Client Ifc Mismatch Represents the number of DHCP release and Deny messages received on the different ports than learned previously. DHCP Server Msgs Represents the number of DHCP server messages received on Untrusted ports. Rec’d Command example: (NETGEAR Switch) #show ipv6 dhcp snooping statistics Interface MAC Verify Client Ifc DHCP Server Failures...
Page 991: Clear Ipv6 Dhcp Snooping Binding
If MAC address filtering is not configured on the interface, the MAC Address field is empty. If port security is disabled on the interface, then the MAC Address field displays “permit-all.” VLAN The VLAN for the binding rule. Command example: (NETGEAR Switch) #show ipv6 verify 0/1 Interface Filter Type IP Address MAC Address...
Page 992: Show Ipv6 Verify Source
If MAC address filtering is not configured on the interface, the MAC Address field is empty. If port security is disabled on the interface, then the MAC Address field displays permit-all. VLAN The VLAN for the binding rule. Command example: (NETGEAR Switch) #show ipv6 verify source Interface Filter Type IP Address MAC Address...
Page 993 M6100 Series Switches Term Definition VLAN VLAN for the entry. Interface IP address of the interface in unit/slot/port format. Command example: (NETGEAR Switch) #show ipv6 source binding MAC Address IP Address Type Vlan Interface ----------------- --------------- ------------- ----- ------------- 00:00:00:00:00:08...
Page 994: Chapter 13 Quality Of Service Commands
Quality of Service Commands This chapter describes the Quality of Service (QoS) commands available in the NETGEAR Managed Switch CLI. The chapter contains the following sections: • Class of Service Commands • Differentiated Services Commands • DiffServ Class Commands •...
Page 995: Class Of Service Commands
M6100 Series Switches Class of Service Commands This section describes the commands you use to configure and view Class of Service (CoS) settings for the switch. The commands in this section allow you to control the priority and transmission rate of traffic.
Page 996: Classofservice Trust
M6100 Series Switches no classofservice ip-dscp-mapping This command maps each IP DSCP value to its default internal traffic class value. Format no classofservice ip-dscp-mapping Mode Global Config classofservice trust This command sets the class of service trust mode of an interface or range of interfaces. You can set the mode to trust one of the Dot1p (802.1p), IP DSCP, or IP Precedence packet...
Page 997: Cos-Queue Random-Detect
M6100 Series Switches no cos-queue min-bandwidth This command restores the default for each queue's minimum bandwidth value. Format no cos-queue min-bandwidth Modes Global Config Interface Config cos-queue random-detect This command activates weighted random early discard (WRED) for each specified queue on the interface.
Page 998: Random-Detect Exponential Weighting-Constant
M6100 Series Switches no cos-queue strict This command restores the default weighted scheduler mode for each specified queue. Format no cos-queue strict queue-id-1 [queue-id-2 … queue-id-n] Modes Global Config Interface Config random-detect This command is used to enable WRED for the interface as a whole, and is only available...
Page 999: Random-Detect Queue-Parms
M6100 Series Switches no random-detect exponential-weighting-constant Use this command to set the WRED decay exponent back to the default. Format no random-detect exponential-weighting-constant Modes Global Config Interface Config random-detect queue-parms This command is used to configure WRED parameters for each drop precedence level supported by a queue.
Page 1000: Show Classofservice Dot1P-Mapping
M6100 Series Switches traffic-shape This command specifies the maximum transmission bandwidth (bw) limit for the interface as a whole. The bandwidth values are from 0-100 in increments of 1. You can also specify this value for a range of interfaces or all interfaces. Also known as rate shaping, traffic shaping has the effect of smoothing temporary traffic bursts over time so that the transmitted traffic rate is bounded.

NETGEAR M6100 Series Reference Manual

Table of Contents

Chapter 1 About the NETGEAR Managed Switch Software

Chapter 2 Using the Command-Line Interface

Chapter 3 NETGEAR Managed Switch Software Modules

Chapter 4 Chassis Commands

Chapter 5 Management Commands

Chapter 6 Utility Commands

Chapter 7 Switching Commands

Chapter 8 Data Center Commands

Chapter 9 Routing Commands

Chapter 10 Captive Portal Commands

Chapter 11 Border Gateway Protocol Commands

Chapter 12 Ipv6 Commands

Chapter 13 Quality of Service Commands

Chapter 14 IP Multicast Commands

Chapter 15 Ipv6 Multicast Commands

Chapter 16 Power over Ethernet Commands

Chapter 17 NETGEAR Managed Switch Software Log Messages

Quick Links

Chapters

Related Manuals for NETGEAR M6100 Series

Summary of Contents for NETGEAR M6100 Series