1. Manuals
  2. Brands
  3. Ruijie Networks Manuals
  4. Switch
  5. RG-S2600E Series
  6. Cli reference manual

Ruijie Networks RG-S2600E Series Cli Reference Manual

Hide thumbs
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
Table of Contents

Advertisement

Quick Links

Download this manual
CLI Reference Guide
RG-S2600E Series Switch
RGOS 10.4(3)p1
1

Advertisement

Table of Contents
loading
Need help?

Need help?

Do you have a question about the RG-S2600E Series and is the answer not in the manual?

Questions and answers

Related Manuals for Ruijie Networks RG-S2600E Series

Summary of Contents for Ruijie Networks RG-S2600E Series

  • Page 1 CLI Reference Guide RG-S2600E Series Switch RGOS 10.4(3)p1...
  • Page 2 This document is provided “as is”. The contents of this document are subject to change without any notice. Please obtain the latest information through the Ruijie Networks website. Ruijie Networks endeavors to ensure content accuracy and will not shoulder any responsibility for losses and...
  • Page 3 Preface Version Description ® This manual matches the software version RGOS 10.4(3)p1. Target Readers This manual is intended for the following readers:  Network engineers  Technical salespersons  Network administrators Conventions in this Document 1. Universal Format Convention Arial: Arial with the point size 10 is used for the body. Note: A line is added respectively above and below the prompts such as caution and note to separate them from the body.
  • Page 4 Warning, danger or alert in the operation. Caution Descript, prompt, tip or any other necessary supplement or explanation for the operation. Note The port types mentioned in the examples of this manual may not be consistent with the actual ones. In real network environments, you need configure port types according to the support on various products.
  • Page 5 Basic Configuration...
  • Page 6 S2600E/P CLI Reference Guide Chapter 1 CLI Authorization Configuration Commands CLI Authorization Configuration Commands alias You can use the alias command to configure an alias of a command in the global configuration mode. Use the no form of the command to remove the alias of a specified command or all the aliases under one mode.
  • Page 7 S2600E/P CLI Reference Guide Chapter 1 CLI Authorization Configuration Commands undebug The default alias cannot be deleted by the no alias exec command. By setting the alias, you can use a word to replace a command. For example, you can create an alias to represent the first part of a command, and then type the rest part of the command.
  • Page 8 S2600E/P CLI Reference Guide Chapter 1 CLI Authorization Configuration Commands interface configuration mode, then: Ruijie(config-if)#ia ? A.B.C.D IP address dhcp IP Address via DHCP Ruijie(config-if)# ip address The above help information lists the parameters of ip address and shows the actual command name. You must enter an entire alias;...
  • Page 9 S2600E/P CLI Reference Guide Chapter 1 CLI Authorization Configuration Commands (0–15) command sub-commands reset Restore the command execution rights to its default level command-string: Command string to be authorized Default Settings N/A. Command mode Global configuration mode. The following table lists some key words that can be authorized by command privilege in the CLI mode.

  • Page 10: Show Aliases

    S2600E/P CLI Reference Guide Chapter 1 CLI Authorization Configuration Commands <cr> You can use the key word all to attribute all sub-commands of reload to level-1 users: Ruijie(config)# privilege exec all level 1 reload After the above setting, you can access the CLI window as level-1 user to use all sub commands of the reload command: Ruijie>reload ?
  • Page 11 S2600E/P CLI Reference Guide Chapter 1 CLI Authorization Configuration Commands exec mode alias: help ping show undebug undebug Command Description Related commands alias Set the alias of a command.

  • Page 12: Switch Management

    S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Switch Management Configuration Commands User Management Related Commands 2.1.1 disable To exit from privileged user mode to normal user mode or lower the privilege level, execute the privileged user command disable . disable [ privilege-level ] Parameter Description...
  • Page 13 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands 2.1.2 enable To enter into the privileged user mode, execute the normal user configuration command enable. For the details of the command, see the Security Configuration Command Reference. 2.1.3 enable password To configure the password for different privilege level, execute the global configuration command enable password.
  • Page 14 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands No encryption is required in general. The encryption type is required generally when the password that has been encrypted with the command for the device are to be copies and pasted. The effective password is defined as below: ...
  • Page 15 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Command Global configuration mode. mode The password falls into "password" and "security" passwords. "password" simple encryption password, which can be set only for level 15. The "security" means the security encryption password, which can be set for level 0 ~ 15.
  • Page 16 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Enable HTTP Server, and the IPv4 and IPv6 services are enabled at the same web-server time. Enable SNMP Agent, and the IPv4 and snmp-agent IPv6 services are enabled at the same time.
  • Page 17 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands This command is used to execute the commands in the batch files. Users could self-specify the filename and content of the batch file. In general, after finishing editting the batch files on the user PC , the files are transmit to the Flash of the device through the TFTP.
  • Page 18 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands 2.1.7 ip http authenticatio When using the Http Server, it needs to perform the logon authentication to enter the Web page. Use this command to set the mode of Web logon authentication.
  • Page 19 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Keyword Description Parameter Port number of the HTTP server, the default description number value is 80. Default configuration Command mode Global configuration mode. This command is used to set the port of the HTTP service. Usage Use the no ip http port command to restore it to the guidelines...
  • Page 20 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands This command is used to configure the port for HTTPS Usage services. The no form of this command is used to restore guidelines the default port configuration. The example below sets the port for HTTPS services as 4443.
  • Page 21 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Command Description Related commands telnet log in a Telnet server 2.1.11 lock To set a temporary password at the terminal, execute the EXEC mode command lock. lock Parameter description N/A. Command mode Privileged mode.
  • Page 22 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Command Description Related Set to support the terminal lock commands lockable function in the line. 2.1.12 lockable To support the use of the lock command at the terminal, execute the lockable command in the line configuration mode.
  • Page 23 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands 2.1.13 login In case the AAA is disabled, to enable simple logon password authentication on the interface, execute the interface configuration command login. The no form of this command is used to delete the line logon password authentication. login no login Parameter...

  • Page 24: Login Local

    S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Parameter Description Parameter default Name of the default authentication description method list list-name Name of the method list available Command Line configuration mode. mode If the AAA security server is enabled, this command is Usage used for the logon authentication with the specified method guidelines...
  • Page 25 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands If the AAA security server is not enabled, this command is used for the local user authentication at logon. The user Usage guidelines here means the one configured with the username command.
  • Page 26 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Command Description Related From user mode enter to the privileged mode commands login or log on the higher level of authority. 2.1.17 privilege mode Please refer to the chapter of configure CLI authorization commands. Default Please refer to the chapter of configure CLI authorization configuration...
  • Page 27 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands This command is disabled by default. Various passwords are displayed in form of plain text, unless it is directly configured in cipher text form. After you execute the Usage service password-encryption and show running or guidelines write command to save the configuration, the password transforms into cipher text.
  • Page 28 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Usage This command is used to log in a telnet server. guidelines The example below commands telnet to 192.168.1.11, the port uses the default value, and the source interface is specified as Gi 0/1, the queried VRF route table is specified as vpn1.
  • Page 29 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands This command is used to establish local user database for the purpose of authentication. If the type of encryption is specified as 7, the length of the entered legal cipher text should be even. Usage guidelin In general, it is not necessary to specify the type of...

  • Page 30: Banner Motd

    S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands This command sets the logging banner message, which is Usage displayed upon login. All characters behind the guidelines terminating symbol will be discarded by the system. The following example shows the configuration of logging Examples banner: Ruijie(config)# banner login $ enter your password $...
  • Page 31 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Default The default filename is flash:/rgos.bin. configuration Command mode Global configuration mode. This command is used to set the startup main program filename for the device. The system performs the boot according to the file specified by the url parameter.
  • Page 32 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Command Description Related show boot Show the boot related configuration of commands system the device. 2.2.4 clock set To configure system clock manually, execute one of the two formats of the privileged user command clock set: clock set hh:mm:ss month day year Parameter...
  • Page 33 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands 2.2.5 clock update-calen In the privileged EXEC mode, you can execute command clock update-calendar to overwrite the value of hardware clock by software clock. clock update-calendar Parameter description N/A. Command mode Privileged EXEC mode.
  • Page 34 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands no exec-timeout Parameter Description Parameter minutes The minutes of specified timeout. description (optional parameter) The seconds of seconds specified timeout. Default configuration The default timeout is 10min. Command Line configuration mode. mode If there is no input/output information for this connection Usage...
  • Page 35 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands This hostname is mainly used to identify the device and is Usage taken as the username for the local device in the dialup guidelines and CHAP authentication. The example below configures the hostname of the device as BeiJingAgenda: Examples Ruijie(config)# hostname BeiJingAgenda...
  • Page 36 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands The system is restarted at the specified hh:mm month day year time. Up to 200 days is supported Month range January month December Date in the range 1 to 31 year Year in the range 1993 to 2035 cancel...
  • Page 37 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands The example below specifies the timeout of session is 5 Examples minutes. Ruijie(config-line)#exec-timeout 5 output 2.2.11 speed To set speed at which the terminal transmits packets, execute the speed speed command in the line configuration mode.
  • Page 38 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Parameter Description Write system configuration (running-config) into NVRAM, which is memory equivalent to copy running-config startup-config. Parameter description Save the system configuration into the network TFTP server, which is equivalent to copy running-config tftp.
  • Page 39 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Parameter Description Parameter description Command mode Privileged mode This command is used to show the current filename of the Usage boot main program. guidelines Ruijie# show mainfile Examples MainFile name: /rgos.bin Command Description Related...

  • Page 40: Show Line

    S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Command Description Related commands clock set Set the system clock. 2.3.3 show line To show the configuration of a line, execute the show line command in the privileged mode. show line {console line-num | vty line-num | line-num} Parameter Description Show the configuration of a console...
  • Page 41 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Parameter description N/A. Command mode Privileged mode. Usage Use this command to show the restart settings of the guidelines system. The following example shows the restart settings of the system: Ruijie# show reload Examples Reload scheduled in 595 seconds.

  • Page 42: Show Version

    S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands 2.3.7 show version To view the information of the system, execute the command show version in the privileged mode. show clock [slots | devices| module] Parameter Description slots Current slot information of the device. Parameter Current module information of the description...
  • Page 43 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Command Privileged mode mode Usage guidelines The example below is an execution result of the show web-server status command: Ruijie# show web-server status Examples http server status : enabled http server port : 80 https server status: enabled https server port: 443 Showing Configuration...
  • Page 44 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands For current operation of the CLI, the configuration is realized by executing the every single command. As for the configuration and deployment of a specific functional module, current CLI presentation lacks some replicable typical configuration examples, therefore, users can only ask for the configuration help by other means(such as reading related manuals and going to our frontline...
  • Page 45 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Examples Note: Use the language chinese/english command in privileged mode to switchover the Chinese/English interface. Command Description Related Show the configuration and running view commands status information about SMNG user-manage modules.
  • Page 46 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Showing Example Commands 2.5.1 enable help Use this command to show the example information of the command beginning with the keyword enable. enable help Parameter Description Parameter description Command mode Global configuration mode Currently, you can enter the question mark “?”...
  • Page 47 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Platform description 2.5.2 username help Use this command to show the example information of the command beginning with the keyword username. username help Parameter Description Parameter description Command Global configuration mode mode Currently, you can enter the question mark “?”...
  • Page 48 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands user-manage Show the typical configuration of SMNG help modules. Platform description 2.5.3 login help Use this command to show the example information of the command beginning with the keyword login. login help Parameter Description...
  • Page 49 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Configuration in the line configuration mode: With AAA disabled: Example With AAA enabled: Note: Use the language chinese/english command in privileged mode to switchover the Chinese/English interface. Command Description Related user-manage Show the typical configuration of SMNG commands...
  • Page 50 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Command mode Global configuration mode Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines...
  • Page 51 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands 2.5.5 banner help Use this command to show the example information of the command beginning with the keyword banner. banner help Parameter Description Parameter description Command mode Global configuration mode Currently, you can enter the question mark “?”...
  • Page 52 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands Showing Main Status Commands 2.6.1 show line summary Use this command to show the brief information of various lines. show line summary Parameter Description Parameter description Command mode Any mode Usage guidelines Example...
  • Page 53 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands view user-manage Parameter Description Parameter description Command mode Any mode Currently, two commands should be used to show the related configuration and status information respectively and several commands are needed for showing various status information that the user want, which is not convenient for users.
  • Page 54 S2600E/P CLI Reference Guide Chapter 2 Switch Management Configuration Commands user-manage Show the typical configuration of SMNG help modules. Platform description...
  • Page 55 S2600E/P CLI Reference Guide Chapter 3 SSH Configuration Commands Configuration Commands Related Configuration Commands 3.1.1 crypto key generate In global configuration mode, use this command to generate a public key on the SSH server: crypto key generate {rsa|dsa} Parameter Description Parameter Generate an RSA key.

  • Page 56: Crypto Key

    S2600E/P CLI Reference Guide Chapter 3 SSH Configuration Commands Ruijie# configure terminal Examples Ruijie(config)# crypto key generate rsa Command Description Show the current status of the SSH show ip ssh Related Server. commands crypto Delete DSA and RSA keys and zeroize {rsa disable the SSH Server function.
  • Page 57 S2600E/P CLI Reference Guide Chapter 3 SSH Configuration Commands Command Description Show the current status of the SSH show ip ssh Related Server. commands crypto generate Generate DSA and RSA keys. {rsa|dsa} Version description The software version must be RGOS10.1 and later. 3.1.3 ip ssh authenticatio...
  • Page 58 S2600E/P CLI Reference Guide Chapter 3 SSH Configuration Commands Command Description Related Show the current status of the SSH commands show ip ssh Server. Version description The software version must be RGOS10.1 and higher. 3.1.4 ip ssh time-out Use this command to set the authentication timeout for the SSH Server. Use the no form of this command to restore it to the default setting.
  • Page 59 S2600E/P CLI Reference Guide Chapter 3 SSH Configuration Commands 3.1.5 ip ssh version Use this command to set the version of the SSH server. Use the no form of this command to restore it to the default setting. ip ssh version {1 | 2} no ip ssh version Parameter Description...
  • Page 60 S2600E/P CLI Reference Guide Chapter 3 SSH Configuration Commands Showing Related Commands 3.2.1 disconnect Use this command to disconnect the established SSH connection. disconnect ssh [vty] session-id Parameter Description Parameter ID of the established SSH connection description session-id session. Default configuration N/A.
  • Page 61 S2600E/P CLI Reference Guide Chapter 3 SSH Configuration Commands 3.2.2 show crypto mypubkey Use this command to show the information about the public key part of the public key on the SSH Server. show crypto key mypubkey {rsa/dsa} Parameter Description Show the public key part of the Parameter RSA key.
  • Page 62 S2600E/P CLI Reference Guide Chapter 3 SSH Configuration Commands Parameter description N/A. Default configuration N/A. Command mode Privileged EXEC mode. This command is used to show the information of the SSH Server, including version, enablement state, authentication timeout, and authentication retry times. Usage guidelines Note: If no key is generated for the SSH Server, the SSH...
  • Page 63 S2600E/P CLI Reference Guide Chapter 3 SSH Configuration Commands Command Privileged EXEC mode. mode This command is used to show the information about the established SSH connections, including VTY number of Usage connection, SSH version, encryption algorithm, message guidelines authentication algorithm, connection status, and user name.
  • Page 64 S2600E/P CLI Reference Guide Chapter 3 SSH Configuration Commands functional module, current presentation of the CLI lacks some replicable typical configuration examples, therefore, users can only obtain the configuration help by other means(such as reading related manuals and going to our frontline engineers for help) Displaying typical...
  • Page 65 S2600E/P CLI Reference Guide Chapter 3 SSH Configuration Commands displayed: Use the language chinese/english command in the global configuration mode to switchover the interface between Chinese and English. Command Description Related Show the configuration and running commands view ssh status information of ssh modules.
  • Page 66 S2600E/P CLI Reference Guide Chapter 3 SSH Configuration Commands Platform description Showing Example Commands 3.4.1 crypto help Use this command to show the example information of the command beginning with the keyword crypto key. crypto key help Parameter Description Parameter description Default configuration...
  • Page 67 S2600E/P CLI Reference Guide Chapter 3 SSH Configuration Commands Chinese and English. Command Description Related Show typical configuration commands ssh help information about ssh modules. Platform description 3.4.2 ip ssh help Use this command to show the example information of the command beginning with the keyword ip ssh.
  • Page 68 S2600E/P CLI Reference Guide Chapter 3 SSH Configuration Commands Example Use the language chinese/english command in the global configuration mode to switchover the interface between Chinese and English. Command Description Related Show typical configuration commands ssh help information about ssh modules. Platform description Showing Main Status...
  • Page 69 S2600E/P CLI Reference Guide Chapter 3 SSH Configuration Commands Currently, multiple commands are needed to show the related configuration or status information of one function. The users do not know to use which command to show the main status information of this function. And several Usage commands are involved for showing various status guidelines...
  • Page 70 S2600E/P CLI Reference Guide Chapter 4 LINE Configuration Commands LINE Configuration Commands Configuration Related Commands 4.1.1 access-class Set the applied ACL (Access Control List) in Line. Use the access-class { access-list-number | access-list-name } { in | out } command to configure the ACL in Line.
  • Page 71 S2600E/P CLI Reference Guide Chapter 4 LINE Configuration Commands filtering can be established successfully. Use the show running command to view configuration information under Line. In line vty 0 4, configure access-list for the accepted connections to 10: Examples Ruijie# configure terminal Ruijie(config)# line vty 0 4 Ruijie(config-line)# access-class 10 in Command...

  • Page 72: Line Vty

    S2600E/P CLI Reference Guide Chapter 4 LINE Configuration Commands Enter the LINE mode from LINE VTY 1 to 3: Examples Ruijie(config)# line vty 1 3 Related commands N/A. 4.1.3 line vty This command can be used to increase the number of VTY connections currently available.
  • Page 73 S2600E/P CLI Reference Guide Chapter 4 LINE Configuration Commands default transport input Parameter Description Allow all the protocols under Line to be used for communication Allow only the SSH protocol under Line Parameter to be used for communication description Allow only the Telnet protocol under telnet Line to be used for communication Allow none of protocols under Line to be...
  • Page 74 S2600E/P CLI Reference Guide Chapter 4 LINE Configuration Commands Command Description Related commands show running Show status information Version description The software version must be later than RGOS10.1.
  • Page 75 S2600E/P CLI Reference Guide Chapter 5 Network Connectivity Test Tool Configuration Commands Network Connectivity Test Tool Configuration Commands Configuration Related Commands 5.1.1 ping Use this command to test the connectivity of a network to locate the network connectivity problem. The command format is as follows: ping [vrf vrf-name | ip] [ip-address [length length ] [ntimes times] [timeout seconds] [data data] [source source] [df-bit] [validate]] Parameter...
  • Page 76 S2600E/P CLI Reference Guide Chapter 5 Network Connectivity Test Tool Configuration Commands Command mode Privileged mode. The ping command can be used in the ordinary user mode and the privileged mode. In the ordinary mode, only the basic functions of ping are available. In the privileged mode, in addition to the basic functions, the extension functions of the ping are also available.
  • Page 77 S2600E/P CLI Reference Guide Chapter 5 Network Connectivity Test Tool Configuration Commands 5.1.2 ping ipv6 Use this command to test the connectivity of a network to locate the network connectivity problem. The command format is as follows: ping [ipv6] [ipv6-address [length length ] [ntimes times] [timeout seconds] [data data] [source source] Parameter Description...
  • Page 78 S2600E/P CLI Reference Guide Chapter 5 Network Connectivity Test Tool Configuration Commands The ping ipv6 command can be used in the ordinary user mode and the privileged mode. In the ordinary mode, only the basic functions of ping ipv6 are available. In the privileged mode, in addition to the basic functions, the extension functions of the ping ipv6 are also available.
  • Page 79 S2600E/P CLI Reference Guide Chapter 5 Network Connectivity Test Tool Configuration Commands traceroute [vrf vrf-name | ip] [ip-address [probe number ] [source source] [timeout seconds] [ttl minimum maximum]] Parameter Description vrf-name VRF name ip-address Specifies an IPv4 address. Specifies the number of probe packets number to be sent.
  • Page 80 S2600E/P CLI Reference Guide Chapter 5 Network Connectivity Test Tool Configuration Commands From above result, it’s clear to know that the gateways passed by the packets sent to the host with an IP address of 61.154.22.36 (gateways 1~6) and the spent time are displayed.
  • Page 81 S2600E/P CLI Reference Guide Chapter 5 Network Connectivity Test Tool Configuration Commands 219.142.11.10 40 msec 50 msec 30 msec 211.157.37.14 50 msec 40 msec 50 msec 222.35.65.1 40 msec 50 msec 40 msec 222.35.65.18 40 msec 40 msec 40 msec 222.35.15.109 50 msec 50 msec 50 msec 64.170.98.32...
  • Page 82 S2600E/P CLI Reference Guide Chapter 5 Network Connectivity Test Tool Configuration Commands Ruijie# traceroute ipv6 3004::1 < press Ctrl+C to break > Tracing the route to 3004::1 3000::1 0 msec 0 msec 0 msec 3001::1 4 msec 4 msec 4 msec 3002::1 8 msec 8 msec 4 msec 3004::1...
  • Page 83 Ethernet Switching...
  • Page 84 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands Interface Configuration Commands Configuration Related Commands 1.1.1 carrier-delay In the interface configuration mode, execute the carrier-delay command to set the carrier delay on the interface, and the no carrier-delay command to restore it to the default value.
  • Page 85 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands This parameter refers to the delay after which the carrier detection signal DCD of the interface link changes from the Down status to the Up status. If the DCD changes within the delay, the system will ignore such changes without disconnecting the upeer data link layer for renegotiation.
  • Page 86 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands 1.1.3 clear interface Reset the interface hardware. clear interface interface-id Parameter Description Parameter description Interface type and interface ID interface-id Command Privileged mode. mode This command is only used on the switch port, member port of the L2 Aggregate port, routing port, and member Usage port of the L3 aggregate port.
  • Page 87 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands Ruijie(config)# interface gigabitethernet 1/1 Examples Ruijie(config-if)# description GBIC-1 Command Description Related commands Show the interface information. show interfaces 1.1.5 duplex Use the duplex command in the interface configuration mode to specify the duplex mode for the interface.
  • Page 88 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands flowcontrol {auto | off | on | receive {auto | off | on } | send {auto | off | on}} no flowcontrol Parameter Description Self-negotiate the flow control. auto Disable the flow control. Parameter Enable the flow control.
  • Page 89 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands Command Global configuration mode. mode According to some rules, you can add other ports to an aggregate port. All the port members of an aggregate port are considered in a whole, and their attributes depend on Usage the ones of the aggregate port.
  • Page 90 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands Command Description Related commands Show the interface information. show interfaces Platform Description 1.1.9 interface giagbitEthernet Use this command to select a Gigabit Ethernet interface, and enter the interface configuration mode. interface gigabitEthernet mod-num/port-num Parameter Description Parameter...
  • Page 91 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands Parameter Description Parameter VLAN ID. Its range depends by description vlan-id products. Command Global configuration mode. mode Use show interfaces or show interfaces vlan to display Usage the interface configurations. guidelines Ruijie(config)# interface vlan 2 Examples Ruijie(config-if)#...
  • Page 92 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands pair state length(meters) ---- ---------- -------------- pair state length(meters) ---- ---------- -------------- pair state length(meters) ---- ---------- -------------- Short pair state length(meters) ---- ---------- -------------- Short Field Description Number of line pairs included. For pairs example, twisted...
  • Page 93 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands Auto-select the medium type for the auto-select interface. Copper interface. copper Default Copper interface. configuration Interface configuration (physical interface, except for AP Command and SVI) mode If a port can be selected as an optical port or electrical port, you can only select one of them.
  • Page 94 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands Command Interface configuration mode. mode Set the maximum transmission unit (MTU) supported on Usage the interface. S8600 series now supports the setting on guidelines physical interfaces. Ruijie(config)# interface gigabitethernet 1/1 Examples Ruijie(config-if)# mtu 9216 Command Description...
  • Page 95 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands Show the interface information. show interfaces If you use the script to run no shutdown frequently and rapidly, the system may prompt the interface status reversal. Note 1.1.15 snmp trap link-status You can set whether to send LinkTrap on a port.
  • Page 96 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands Ruijie(config-if)# Disable sending LinkTrap on the interface. snmp trap link-status 1.1.16 speed Use this command to configure the speed on the port. Use the no form of this command to restore the default setting. Parameter Description The transmission rate of the interface is...
  • Page 97 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands 1.1.17 switchport access Use this command to configure an interface as a statics access port and add it to a VLAN. Use the no form of the command to assign the port to the default VLAN.
  • Page 98 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands no switchport mode Parameter Description Configure the switch port as an access Parameter access port. description Configure the switch port as a trunk port. trunk Default The default mode of switch port is access port. configuration Command Interface configuration mode.
  • Page 99 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands Parameter Description Configure the list of VLANs allowed on the trunk port. vlan-list can be a VLAN or a range of VLANs starting with the smaller VLAN ID and ending with the larger VLAN ID and being separated by hyphen, for example, 10 to 20.

  • Page 100: Show Interfaces

    S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands The example below removes port 1/15 from VLAN 2: Ruijie(config)# interface fastethernet 1/15 Ruijie(config-if)# switchport trunk allowed vlan remove Ruijie(config-if)# end Ruijie# show interfaces fastethernet1/15 switchport Examples Switchport is enabled Mode is trunk port Access vlan is 1,Native vlan is 1 Protected is disabled Vlan lists is...
  • Page 101 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands Basic optical module information. transceiver Alarm information of the optical module. The “None” is displayed when no fault alarm exists. Diagnosis parameter value of the optical diagnosis module. Line detecting status of the port. line-detect Default Show all the information.
  • Page 102 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands flow receive control admin status is OFF,flow send control admin status is OFF,flow receive control oper status is Unknown,flow send control oper status is Unknown broadcast Storm Control OFF,multicast Storm Control is OFF,unicast Storm Control is OFF Port-type: trunk Native vlan:1 Allowed vlan lists:1-4094...
  • Page 103 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands control admin status is OFF,flow receive control oper status is Unknown,flow send control oper status is Unknown broadcast Storm Control is OFF,multicast Storm Control is OFF,unicast Storm Control is OFF Port-type: access Vlan id : 2 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec...
  • Page 104 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands Port-type: hybrid Tagged vlan id:2 Untagged vlan id:none 5 minutes input rate 0 bits/sec, 0 packets/sec 5 minutes output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer, 0 dropped Received 0 broadcasts, 0 runts, 0 giants 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 abort 0 packets output, 0 bytes, 0 underruns , 0 dropped...
  • Page 105 S2600E/P CLI Reference Guide Chapter 1 Interface Configuration Commands The functions of showing the optical module information, alarming the fault and diagnosing the parameters shall be used combining with the optical module of the RG network. To show the optical module and alarm the fault and diagnose the Caution parameters, the function of Digital Diagnostic Monitoring must be supported by the optical module.

  • Page 106: Mac Address

    S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands MAC Address Configuration Commands Configuration Related Commands 2.1.1 address-bind Use this command to configure IP address-MAC address binding. address-bind ip-address mac-address no address-bind ip-address Parameter Description Parameter IP address to be bound ip-address description MAC address to be bound...
  • Page 107 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands 2.1.2 address-bind ip-address Use this command to configure IP address-MAC address binding. address-bind ip-address mac-address no address-bind ip-address Parameter Description Parameter IP address to be bound ip-address description MAC address to be bound mac-address Command Global configuration mode.
  • Page 108 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands address-bind ipv6-mode strict Parameter N/A. description Command Global configuration mode. mode Default Strict mode value There are three IP address binding modes: compatible, loose and strict. The following table shows the forwarding rules corresponding to binding modes.
  • Page 109 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands Command Function Related Show the exceptional port of show address-bind commands the address binding. uplink Platform description 2.1.4 address-bind install Use this command to install or uninstall the exceptional port. address-bind install no address-bind install Parameter...
  • Page 110 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands address-bind uplink intf-id no address-bind uplink intf-id Parameter Description Parameter description Exceptional port intf-id Command Global configuration mode. mode If you have bound an IP address and a MAC address, the switch will discard the packets that have the same source IP address but different source MAC address.
  • Page 111 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands of the specified interface. interface-id Clear all the dynamic MAC addresses vlan vlan-id of the specified VLAN. Command Privileged mode. mode Use show mac-address-table dynamic to display all the Usage dynamic MAC addresses.
  • Page 112 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands Command Description Configure the filtering MAC mac-address-table Related address. filtering commands show Show filtering mac-address-table address. filtering 2.1.8 clear mac-address-table static Use this command to clear the static MAC address. clear mac-address-table static [address mac-addr] [interface interface-id] [vlan vlan-id] Parameter...
  • Page 113 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands 2.1.9 mac-address-learning Use this command to enable / disable the MAC address learning on the interface. mac-address-learning Parameter N/A. description Default Enabled. configuration Command Interface configuration mode. mode The MAC address learning could not be disabled on the interface with the security function enabled.
  • Page 114 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands Command Global configuration mode. mode Use show mac-address-table aging-time to display configuration. Usage Use show mac-address-table dynamic to display the guidelines dynamic MAC address table. Examples Ruijie(config)# mac-address-table aging-time 150 Command Description Use this command to display the...
  • Page 115 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands Command Global configuration mode. mode The filtering MAC address shall not be a multicast address. Usage Use show mac-address-table filtering to display the guidelines filtering MAC addresses. Ruijie(config)# mac-address-table filtering Examples 00d0f8000000 vlan 1 Command...
  • Page 116 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands The MAC address notification function is specific for only dynamic MAC address and secure MAC address. No MAC address trap message is generated for static MAC Usage addresses. In the global configuration mode, you can use guidelines snmp-server enable...
  • Page 117 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands Command Global configuration mode. mode A static MAC address has the same function as the dynamic MAC address that the switch learns. Compared with the dynamic MAC address, the static MAC address will not be aged out.
  • Page 118 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands Parameter Description Notify when a MAC address is Parameter added added. description Notify when a MAC address is removed removed Default Disabled. configuration Command Interface configuration mode. mode Use show mac-address-table notification interface to Usage display configuration.
  • Page 119 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands Ruijie# show address-bind IP Address Binding MAC Addr Examples ------------ ----------------- 3.3.3.3 00d0.f811.1112 3.3.3.4 00d0.f811.1117 Command Description Related Enable address-MAC commands address-bind address binding. 2.2.2 show address-bind uplink Use this command to show the exceptional port. show address-bind uplink Command Privileged mode.
  • Page 120 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands 2.2.4 show mac-address-table address Use this command to show all types of MAC addresses (including dynamic address, static address and filtering address) show mac-address-table [address mac-addr] [interface interface-id] [ vlan vlan-id] Parameter Description...
  • Page 121 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands show Show the filtering MAC mac-address-table address. filtering 2.2.5 show mac-address-table aging-time Use this command to display the aging time of the dynamic MAC address. show mac-address-table aging-time Command Privileged mode. mode Ruijie# show mac-address-table aging-time Examples...
  • Page 122 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands show Display the dynamic address. mac-address-table dynamic Display address show information of the specified mac-address-table address. address Display address show information of the specified mac-address-table interface. interface Display address show information of the specified mac-address-table vlan vlan.
  • Page 123 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands Command Description Related clear Clear dynamic commands mac-address-table address. dynamic 2.2.8 show mac-address-table filtering Use this command to show the filtering MAC address. show mac-address-table filtering [addr mac-addr] [vlan vlan-id] Parameter Description Destination MAC address of the...
  • Page 124 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands Show address vlan-id information of the VLAN. Command Privileged mode. mode Ruijie# show mac-address-table interface gigabitethernet 1/1 Vlan MAC Address Type Interface ----- ------------- -------- ---------------- Examples 00d0.f800.1001 STATIC gigabitethernet 1/1 00d0.f800.1002 STATIC gigabitethernet 1/1 00d0.f800.1003 STATIC...
  • Page 125 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands Parameter Description Interface ID. Show the MAC address notification Parameter interface interface-id configuration on the interface. description Show address history notification history. The MAC address notification configuration is shown by Default default.
  • Page 126 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands entry VLAN ID of the entry vlan-id Interface of the entry (physical interface-id interface or aggregate port) Command Privileged mode. mode Show only static MAC addresses Ruijie# show mac-address-table static Vlan MAC Address Type...
  • Page 127 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands Command Description show Show the static MAC address. mac-address-table static show Show the filtering MAC address. mac-address-table filtering show Show dynamic mac-address-table address. Related dynamic commands show Show types mac-address-table addresses.
  • Page 128 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands Example Use the language chinese/english command in the global configuration mode to switchover the Chinese/English interface. Command Description Related Show the main status and configuration information of commands view address-bind address-bind modules.
  • Page 129 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands Example Use the language chinese/english command in the global configuration mode switchover Chinese/English interface. Command Description Related Show the main status and commands configuration information of view address-bind address-bind modules. Showing Main status Commands 2.5.1 view address-bind...
  • Page 130 S2600E/P CLI Reference Guide Chapter 2 MAC Address Configuration Commands Currently, multiple commands are needed to show the related configuration or status information of one function. The users do not know to use which command to show the main status information of this function. And several commands are involved for showing various status Usage information that the user want, which is not convenient for...
  • Page 131 S2600E/P CLI Reference Guide Chapter 3 Aggregate Port Configuration Commands Aggregate Port Configuration Commands Configuration Related Commands 3.1.1 aggregateport load-balance Specify a load-balance algorithm. Use the no command to return it to the default setting. aggregateport load-balance {dst-mac | src-mac | src-dst-mac | dst-ip | src-ip | src-dst ip } no aggregateport load-balance Parameter...
  • Page 132 S2600E/P CLI Reference Guide Chapter 3 Aggregate Port Configuration Commands Traffic is distributed according to the source IP address and destination IP address. Packets with different source and destination IP address pairs are forwarded through different ports. The Src-dst-ip packets with the same source and destination address pairs...
  • Page 133 S2600E/P CLI Reference Guide Chapter 3 Aggregate Port Configuration Commands Use show aggregateport to display load-balance Usage configuration. guidelines Examples Ruijie(config)# aggregateport load-balance dst-mac Command Description Related show this command display commands aggregateport aggregate port configurations. load-balance Platform description 3.1.2 port-group Use this command to assign a physical interface to be a member port of an aggregate port.
  • Page 134 S2600E/P CLI Reference Guide Chapter 3 Aggregate Port Configuration Commands Platform description Showing Related Command 3.2.1 show aggregateport Use this command to display the aggregate port configurations. show aggregateport {[aggregate-port-number] summary | load-balance} Parameter Description Number of the aggregate port. aggregate-port-number Show the load-balance algorithm Parameter...
  • Page 135 S2600E/P CLI Reference Guide Chapter 3 Aggregate Port Configuration Commands Parameter Description Parameter description Command Privileged mode. mode For current operation of the CLI, the configuration is realized by executing the every single command. As for the configuration and deployment of a specific functional module, current CLI presentation lacks some replicable typical configuration examples, therefore, users can only ask for the configuration help by other means(such as...
  • Page 136 S2600E/P CLI Reference Guide Chapter 3 Aggregate Port Configuration Commands The following is the presentation of the command run in the privileged mode: Example Use the language chinese/english command in the privileged mode to switchover the Chinese/English interface. Command Description Related commands...
  • Page 137 S2600E/P CLI Reference Guide Chapter 3 Aggregate Port Configuration Commands Example Showing Command 3.4.1 aggregateport load-balance help Use this command to display the example information of the command beginning with the keyword aggregateport load-balance. aggregateport load-balance help Parameter Description Parameter description Command Global configuration mode.
  • Page 138 S2600E/P CLI Reference Guide Chapter 3 Aggregate Port Configuration Commands view aggregateport Parameter Description Parameter description Command Any mode. mode Currently, two commands are needed to show the configuration and main state information respectively and several related showing commands are required to display Usage the information of each state, which is not convenient for guidelines...
  • Page 139 S2600E/P CLI Reference Guide Chapter 4 LACP Configuration Commands LACP Configuration Commands Configuration Related Commands 4.1.1 port-group mode Use this command to enable LACP and specify the group ID and the aggregation mode. Use the no form of this command to disable the LACP. port-group key mode {active | passive} no port-group Parameter...
  • Page 140 S2600E/P CLI Reference Guide Chapter 4 LACP Configuration Commands guidelines Ruijie(config)# interface gigabitethernet 1/1 Examples Ruijie(config-if)# port-group 1 mode active Command Description Related commands Set the LACP port priority. lacp port-priority 4.1.2 lacp port-priority Use this command to set the LACP port priority. Use the no form of this command to return to the default value.
  • Page 141 S2600E/P CLI Reference Guide Chapter 4 LACP Configuration Commands %LACP-5-UNBUNDLE_FAIL: Interface FastEthernet 0/1 failed to leave the AggregatePort 1. In this case, please modify the configuration to cancel the related configuration of forbidding the member ports to leave the AP, otherwise the normal packets transmission on the AP will be influenced.
  • Page 142 S2600E/P CLI Reference Guide Chapter 4 LACP Configuration Commands the higher the priority is. All LACP groups on the switch share the system priority. Changing the system priority may influence the whole aggregation groups on the switch. Examples Ruijie(config)# lacp system-priority 4096 Command Description Enable the LACP on the port...
  • Page 143 S2600E/P CLI Reference Guide Chapter 4 LACP Configuration Commands Port Flags State Priority Number State ---------------------------------------------------------- Gi0/1 bndl 4096 0x3d Gi0/2 bndl 4096 0x3d Gi0/3 bndl 4096 0x3d Partner information: LACP port Oper Port Port Port Flags Priority Dev ID Number State ----------------------------------------------------------...
  • Page 144 S2600E/P CLI Reference Guide Chapter 4 LACP Configuration Commands Partly show LACP Partner infomation information of the peer port. Partly show the system MAC Dev ID information peer device. Command Description Related Enable the LACP on the port and commands specify the aggregation group ID port-group key mode and operation mode.

  • Page 145: Vlan Configuration

    S2600E/P CLI Reference Guide Chapter 5 VLAN Configuration Commands VLAN Configuration Commands Configuration Related Commands 5.1.1 Use this command to add one or a group Access interface into current VLAN. Use the no form of the command to remove the Access interface. add interface { interface-id | range interface-range } no add interface { interface-id | range interface-range } Parameter...
  • Page 146 S2600E/P CLI Reference Guide Chapter 5 VLAN Configuration Commands This command is only valid for the access port.  The configuration of this command is the same as  specifying the VLAN to which interface belongs in the interface configuration mode (that is the switchport access vlan vlan-id).
  • Page 147 S2600E/P CLI Reference Guide Chapter 5 VLAN Configuration Commands Gi0/23, Gi0/24 VLAN0200 STATIC Gi0/1,Gi0/2,Gi0/3,Gi0/4,Gi0/5, Gi0/6,Gi0/7,Gi0/8,Gi0 /9,Gi0/10 The following example adds the AggregatePort10 into the VLAN20. Ruijie# configure terminal SwitchA(config)#vlan 20 SwitchA(config-vlan)#add interface aggregateport 10 Ruijie# show interface aggregateport 10 switchport Interface Switchport Mode...
  • Page 148 S2600E/P CLI Reference Guide Chapter 5 VLAN Configuration Commands command. guidelines Ruijie(config)# vlan 10 Examples Ruijie(config-vlan)# name vlan10 Command Description Related commands Show member ports of the VLAN. show vlan 5.1.3 switchport access Use this command to configure an interface as a statics access port and assign it to a VLAN.
  • Page 149 S2600E/P CLI Reference Guide Chapter 5 VLAN Configuration Commands Use this command to specify a native switchport VLAN and the allowed-VLAN list for the trunk trunkport. 5.1.4 switchport mode Use this command to specify a L2 interface (switch port) mode. You can specify this interface to be an access port or a trunk port or an 802.1Q tunnel.
  • Page 150 S2600E/P CLI Reference Guide Chapter 5 VLAN Configuration Commands Command Description Use this command to configure an switchport interface as a statics access port and Related access assign it to a VLAN. commands Use this command to specify a native switchport VLAN and the allowed-VLAN list for the trunk...
  • Page 151 S2600E/P CLI Reference Guide Chapter 5 VLAN Configuration Commands Command Interface configuration mode. mode Native VLAN: A trunk port belongs to one native VLAN. A native VLAN means that the untagged packets received/sent on the trunk port belong to the VLAN. Obviously, the default VLAN ID of the interface (that is, the PVID in the IEEE 802.1Q) is the VLAN ID of the native VLAN.
  • Page 152 S2600E/P CLI Reference Guide Chapter 5 VLAN Configuration Commands no vlan vlan-id Parameter Description Parameter VLAN ID description Default VLAN (VLAN 1) cannot be vlan-id removed. Command Global configuration mode. mode To return to the privileged EXEC mode, input end or Usage pressing Ctrl+C.
  • Page 153 S2600E/P CLI Reference Guide Chapter 5 VLAN Configuration Commands To return to the privileged EXEC mode, input end or Usage pressing Ctrl+C. guidelines To return to the global configuration mode, input exit. Ruijie# show vlan id 1 VLAN Name Status Ports Examples ----------- ------------- ------------...
  • Page 154 S2600E/P CLI Reference Guide Chapter 5 VLAN Configuration Commands For current operation of the CLI, the configuration is realized by executing the every single command. As for the configuration and deployment of a specific functional module, current CLI presentation lacks some replicable typical configuration examples, therefore, users can only ask for the configuration help by other means(such as Usage...
  • Page 155 S2600E/P CLI Reference Guide Chapter 5 VLAN Configuration Commands Example Use the language chinese/english command in the privileged mode to switchover the Chinese/English interface. Related Command Description...
  • Page 156 S2600E/P CLI Reference Guide Chapter 5 VLAN Configuration Commands Showing Example Commands 5.4.1 switchport help Use this command to show the example information of the command beginning with the keyword switchport. switchport help Parameter Description Parameter description Default configuration Command Interface configuration mode.
  • Page 157 S2600E/P CLI Reference Guide Chapter 5 VLAN Configuration Commands Example Use the language chinese/english command in the privileged mode to switchover the Chinese/English interface. Command Description Related commands 5.4.2 switchport trunk help Use this command to show the example information of the command beginning with the keyword switchport trunk.
  • Page 158 S2600E/P CLI Reference Guide Chapter 5 VLAN Configuration Commands Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines description of keywords, so they do not know how to continue the configuration in order to complete the...
  • Page 159 S2600E/P CLI Reference Guide Chapter 5 VLAN Configuration Commands Currently, multiple commands are needed to show the related configuration or status information of one function. The users do not know to use which command to show the main status information of this function. And several commands are involved for showing various status Usage information that the user want, which is not convenient for...

  • Page 160: Private Vlan

    S2600E/P CLI Reference Guide Chapter 6 Private VLAN Configuration Commands Private VLAN Configuration Commands Configuration Related Commands 6.1.1 private-vlan type Use this command to configure the VLAN as the private VLAN. private-vlan {community | isolated | primary} no private-vlan {community | isolated | primary} Parameter Description Configure it as the community VLAN.
  • Page 161 S2600E/P CLI Reference Guide Chapter 6 Private VLAN Configuration Commands Platform The software version must be RGOS10.1 and later. description 6.1.2 private-vlan association Use this command to associate the secondary VLAN with the primary command. private-vlan association {svlist | add svlist | remove svlist} no private-vlan association Parameter Description...
  • Page 162 S2600E/P CLI Reference Guide Chapter 6 Private VLAN Configuration Commands Parameter Description Parameter secondary VLAN list svlist description Delete the mapping. Command The interface mode corresponding to the primary VLAN mode Ruijie(config)# interface vlan 22 Examples Ruijie(config-if)# private-vlan mapping add 24-26 Command Description Related...
  • Page 163 S2600E/P CLI Reference Guide Chapter 6 Private VLAN Configuration Commands show vlan private-vlan Platform The software version must be RGOS10.1 and later. description 6.1.5 switchport private-vlan host-association Use this command to associate the primary VLAN, which is associated with the private VLAN mode of the interface, with the secondary VLAN.
  • Page 164 S2600E/P CLI Reference Guide Chapter 6 Private VLAN Configuration Commands no switchport private-vlan association trunk Parameter Description Primary VID. p_vid Parameter Secondary VID s_vid description Delete the host port from the private VLAN. Command Interface configuration mode. mode Ruijie(config)# interface gigabitEthernet 0/2 Ruijie(config-if)# switchport mode trunk Examples Ruijie(config-if)# switchport private-vlan association...
  • Page 165 S2600E/P CLI Reference Guide Chapter 6 Private VLAN Configuration Commands Command Hybrid interface configuration mode of private VLAN mode Ruijie(config)# interface gigabitEthernet 0/1 Ruijie(config-if)# switchport mode private-vlan Examples promiscuous Ruijie(config-if)# switchport private-vlan mapping 22 add 23-25 Command Description Related show vlan commands private-vlan...
  • Page 166 S2600E/P CLI Reference Guide Chapter 6 Private VLAN Configuration Commands Command Description Related commands Platform The software version must be RGOS10.4 (3) and later. description Showing Related Commands 6.2.1 show vlan private-vlan Show the configuration of private VLAN. show vlan private-vlan [community | primary | isolated] Parameter Description Show...
  • Page 167 S2600E/P CLI Reference Guide Chapter 6 Private VLAN Configuration Commands no switchport mode Parameter Description Parameter description Delete the hybrid port. Default No hybrid port is configured. configuration Command Interface configuration mode. mode Examples Ruijie(config-if)# switchport mode hybrid Platform The software version must be RGOS10.1 and later. description 6.3.2 switchport hybrid native vlan...
  • Page 168 S2600E/P CLI Reference Guide Chapter 6 Private VLAN Configuration Commands switchport hybrid allowed vlan [[add] [tagged | untagged] | remove] vlist no switchport hybrid allowed vlan Parameter Description Parameter Restore the output rules of the hybrid description port to the default settings. Default No output rules are configured.
  • Page 169 S2600E/P CLI Reference Guide Chapter 7 MAC VLAN Configuration Commands VLAN Configuration Commands Configuration Related Commands 7.1.1 mac-vlan enable Use this command to enable the MAC VLAN function on the port in the interface configuration mode. mac-vlan enable Default Disabled configuration Command Interface configuration mode.
  • Page 170 S2600E/P CLI Reference Guide Chapter 7 MAC VLAN Configuration Commands 7.1.2 mac-vlan mac-address Use this command to configure the static MAC VLAN entries manually in the global configuration mode. mac-vlan mac-address mac-address [mask mac-mask] vlan vlan-id [priority pri_val] Parameter Description Specify the MAC address.
  • Page 171 S2600E/P CLI Reference Guide Chapter 7 MAC VLAN Configuration Commands Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Ruijie(config)# mac-vlan mac-address 0001.0001.0001 vlan 100 priority 3 Ruijie(config)# mac-vlan mac-address 0002.0002.0000 mask ffff.ffff.0000 vlan 200 priority 5 Ruijie# show mac-vlan all Examples The following MAC VLAN address exist:...
  • Page 172 S2600E/P CLI Reference Guide Chapter 7 MAC VLAN Configuration Commands Command Privileged mode. mode If the parameter mac-address is specified without the parameter mask, the MAC-VLAN entry of the single MAC address is shown. Usage If the parameters mac-address and mask are both specified, guidelines the MAC-VLAN entries in the specified MAC address range are shown.
  • Page 173 S2600E/P CLI Reference Guide Chapter 7 MAC VLAN Configuration Commands Command Privileged mode. mode With the MAC VLAN function enabled on the port, use this Usage command to verify whether the configuration is successful. guidelines Ruijie# show mac-vlan interface MAC VLAN is enabled on following interface: Examples --------------------------------------- fastethernet 0/3...
  • Page 174 S2600E/P CLI Reference Guide Chapter 8 Share VLAN Configuration Commands Share VLAN Configuration Commands Configuration Related Commands 8.1.1 share Use this command to set the share vlan. Parameter Description Parameter description Default N/A. Settings Command VLAN configuration mode. mode Use the no share command to cancel the share vlan. Enter the end command or Ctrl+C to return to the Usage privileged EXEC mode.
  • Page 175 S2600E/P CLI Reference Guide Chapter 8 Share VLAN Configuration Commands Showing Related Commands 8.2.1 show mac-address-table share Use this command to show the mac address status: original, duplicated and null. The “null” item indicates that share vlan has not been configured. Parameter Description Parameter...

  • Page 176: Voice Vlan

    S2600E/P CLI Reference Guide Chapter 9 Voice VLAN Configuration Commands Voice VLAN Configuration Commands Configuration Related Commands 9.1.1 voice vlan Use this command to enable Voice VLAN in the global configuration mode. Use the no form of this command to disable this function. voice vlan vlan-id no voice vlan Parameter...
  • Page 177 S2600E/P CLI Reference Guide Chapter 9 Voice VLAN Configuration Commands the same VLAN, or it influences the remote port mirror and the Voice VLAN function. The following example shows how to set the VLAN2 as the Voice VLAN: Ruijie(config)# vlan 2 Examples Ruijie(config-vlan)# exit Ruijie(config)# voice vlan 2...
  • Page 178 S2600E/P CLI Reference Guide Chapter 9 Voice VLAN Configuration Commands Command Description Related Show Voice VLAN configurations commands show voice vlan and the current state. 9.1.3 voice vlan cos Use this command to set the Voice VLAN CoS value in the global configuration mode.
  • Page 179 S2600E/P CLI Reference Guide Chapter 9 Voice VLAN Configuration Commands Parameter Description Parameter description The Voice VLAN CoS value. dscp-value Default Settings Command Global configuration mode. mode You can improve the Voice VLAN priority level and the Usage session quality, by modifying the Voice VLAN CoS and guidelines DHCP value.
  • Page 180 S2600E/P CLI Reference Guide Chapter 9 Voice VLAN Configuration Commands Use this command to enable the Voice VLAN on the physical port only. The Voice VLAN can be enabled on the Access Port、Trunk Port、Hybrid Port、Private VLAN host port、Private VLAN promiscuous port and Uplink port on Usage the Ruijie products.
  • Page 181 S2600E/P CLI Reference Guide Chapter 9 Voice VLAN Configuration Commands address for the voice device are used to identify the manufacture. Voice VLAN determines whether the packets are voice packets or not through the OUI address obtained from the source MAC address and the OUI mask for the received packets.
  • Page 182 S2600E/P CLI Reference Guide Chapter 9 Voice VLAN Configuration Commands phone type connected downward the port or the port type.  Caution With the Voice VLAN enabled on the port and in the manual mode, this port must be added to the Voice VLAN manually to ensure the function validity.
  • Page 183 S2600E/P CLI Reference Guide Chapter 9 Voice VLAN Configuration Commands Parameter Description Parameter description Default Enabled Settings Command Global configuration mode. mode The Voice VLAN working mode can be classified into the auto-mode and the manual-mode, and configured on the port.

  • Page 184: Show Voice Vlan

    S2600E/P CLI Reference Guide Chapter 9 Voice VLAN Configuration Commands Showing Related Commands 9.2.1 show voice vlan Use this command to view the Voice VLAN configurations and the current state, including the working mode of the port with Voice VLAN enabled. show voice vlan Parameter Description...

  • Page 185: Show Voice Vlan Oui

    S2600E/P CLI Reference Guide Chapter 9 Voice VLAN Configuration Commands Set the DSCP value for the voice vlan dscp Voice VLAN. dscp-value Enable the Voice VLAN. voice vlan enable Set the Voice VLAN working voice vlan mode auto mode. Enable the Voice VLAN security voice vlan security mode.
  • Page 186 S2600E/P CLI Reference Guide Chapter 9 Voice VLAN Configuration Commands address, the source MAC address for voice packet. Mask mask. valid length for the OUI address. Description description information for the OUI address. Command Description voice vlan Set the OUI address for the Related mac-address voice packet recognized by the...
  • Page 187 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands MSTP Configuration Commands 10.1 Configuration Related Commands 10.1.1 spanning-tree Use this command to enable MSTP and configure its basic settings globally. The no form of the command disables the spanning-tree function. The no form of the command with parameters only restores the corresponding parameters to the default values, but does not disable the spanning-tree function.
  • Page 188 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands The values of forward-time, hello time and max-age are interrelated. Modifying one of these three parameters will affect the others. There is a restricted relationship among the above three values. Usage 2*(Hello Time+1.0snd) <= Max-Age Time <= guidelines 2*(Forward-Delay–1.0snd)
  • Page 189 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Ruijie(config)# interface gigabitethernet 1/1 Examples Ruijie(config-if)# spanning-tree bpdufilter enable Command Description Related Show the STP configuration of show spanning-tree commands the interface. interface 10.1.3 spanning-tree bpduguard Use this command to enable the BPDU guard function on the interface. You can use the enabled or disabled option of the command to enable or disable the BPDU guard function on the interface.
  • Page 190 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Parameter Description Set the link type of the interface to Parameter point-to-point point-to-point. description Forcibly set the link type of the shared interface to shared. For a full-duplex interface, its link type is set to Default point-to-point link;...
  • Page 191 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Command Global configuration mode. mode In the region, the BPDU message sent by the root bridge includes a Hot Count field. When the BPDU message passes a device, the Hop Count is decreased by 1 until it Usage reaches 0, which indicates the BPDU message times out.
  • Page 192 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Command Global configuration mode. mode Examples Ruijie(config)# spanning-tree mode stp Command Description Related Show spanning-tree commands show spanning-tree configuration. 10.1.7 spanning-tree mst configure Use this command to enter the MST configuration mode in the global configuration mode and configure the MSTP region.
  • Page 193 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands characters. You can use the no name command to restore it to the default setting. revision version: Set the MST versions in the range 0 to 65535. You can use the no name command to restore it the default setting.
  • Page 194 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands 10.1.8 spanning-tree mst cost Use this command to set the path cost of an instance in the interface configuration mode. Use the no form of the command to restore it to the default setting.
  • Page 195 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Configure the priority of an spanning-tree instance. priority 10.1.9 spanning-tree mst port-priority Use this command to configure the interface priority for different instances in the interface configuration mode. It will determine which interface of a loop in a region is in charge of forwarding.
  • Page 196 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Show the MSTP information of an show interface. spanning-tree mst spanning-tree mst Set the path cost. cost Set the device priority for different spanning-tree mst instances. priority 10.1.10 spanning-tree mst priority Use this command to set the device priority for different instances in the global configuration mode.
  • Page 197 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Show the MSTP information of an show spanning-tree interface. spanning-tree mst Set path cost. cost spanning-tree mst Set the port priority of an instance. port-priority 10.1.11 spanning-tree reset Use this command to restore the spanning-tree configuration to the default value.
  • Page 198 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Default The default value is 3. configuration Command Global configuration mode. mode Examples Ruijie(config)# spanning-tree tx-hold-count 5 Command Description Related Show global MSTP commands show spanning-tree configuration. 10.1.13 spanning-tree pathcost method Use this command to configure the path cost of the port.
  • Page 199 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands show Show the STP configuration of the spanning-tree interface. interface 10.1.14 spanning-tree portfast Use this command to enable the portfast on the interface. You can use the disabled option of this command to disable the portfast feature on the interface. spanning-tree portfast [disabled] Parameter Description...
  • Page 200 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Command Global configuration mode. mode Once the BPDU guard is enabled on the interface, it will enter the error-disabled status if the BPDU message Usage arrives at the interface. Use the show spanning-tree guidelines command to display the configuration.
  • Page 201 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Show global show spanning-tree configuration. interface 10.1.17 spanning-tree portfast default Use this command to enable the portfast feature on all interfaces globally. Use the no form of the command to disable the portfast on all interfaces globally. spanning-tree portfast default no spanning-tree portfast default Parameter...
  • Page 202 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Examples Ruijie(config)# spanning-tree tc-protection 10.1.19 spanning-tree tc-protection tc-guard Use this command to enable tc-guard globally to prevent the spread of TC messages. Use the no form of this command to disable tc-guard globally. spanning-tree tc- protection tc-guard no spanning-tree tc- protection tc-guard Parameter...
  • Page 203 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands 10.1.21 spanning-tree ignore tc Use this command to turn on the tc filtering switch on the interface. Use the no form of this command to turn off the tc filtering switch on the interface. With tc filtering enabled, the TC packets received on the interface will not be processed.
  • Page 204 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands 10.1.23 spanning-tree loopguard default Use this command to enable loop guard globally to prevent the root port or backup port from generating loop since they can not receive bpdu. Use the no form of this command to disable loop guard.
  • Page 205 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands 10.1.25 spanning-tree guard none Use this command to disable guard on the interface. Use the no form of this command to delete guard on the interface. spanning-tree guard none no spanning-tree guard none Parameter N/A.
  • Page 206 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Show the STP configuration show spanning-tree information of the interface. interface 10.1.27 bpdu src-mac-check Use this command to enable the BPDU source MAC address check function on the interface. Use the no form of this command to disable the function. bpdu src-mac-check H.H.H no bpdu src-mac-check Parameter...
  • Page 207 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Examples Ruijie# clear spanning-tree detected-protocols Command Description Related Show the STP configuration of show spanning-tree commands the interface. interface 10.1.29 spanning-tree compatible enable Use this command to send the message selectively carried with MSTI according to the interface attibute of current port to realize interconnection with other vendors.
  • Page 208 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Show the block port due to root inconsistentports guard or loop guard. Show BridgeForwardDelay. forward-time Show BridgeHelloTime. hello-time Show BridgeMaxAge. max-age Show the maximum hops of an max-hops instance. Show TxHoldCount. tx-hold-count Show method...
  • Page 209 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Show the status of portfast. portfast Show the status of BPDU guard. bpduguard Show the link type of an interface. link-type Command Privileged EXEC mode. mode Ruijie# show spanning-tree interface gigabitethernet Examples Command Description...

  • Page 210: Stp Commands

    S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Command Description spanning-tree Configure the MST region. configuration spanning-tree Show the path cost of the instance. mst cost Related Show the maximum hops of the commands spanning-tree instance. mst max-hops Show the equipment priority of the spanning-tree instance.
  • Page 211 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands For current operation of the CLI, the configuration is realized by executing the every single command. As for the configuration and deployment of a specific functional module, current CLI presentation lacks some replicable typical configuration examples, therefore, users can only ask for the configuration help by other means(such as Usage...
  • Page 212 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Note: 1. Use the language chinese/english command in the global configuration mode switchover Chinese/English interface. 2. The commands spanning-tree help and mstp help can be also used here to show the configuration examples. Command Description Related...
  • Page 213 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands In the global configuration mode: In the interface configuration mode: Example Note: Use the language chinese/english command in the global configuration mode switchover Chinese/English interface. Command Description Related commands 10.3.3 bpdu help Use this command to show the example information of the command beginning with the keyword bpdu.
  • Page 214 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands bpdu help Parameter N/A. description Default configuration Command Interface configuration mode. mode Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description.
  • Page 215 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Default configuration Command Privileged mode. mode Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines...
  • Page 216 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands Command Any mode. mode Currently, two commands should be used to show the related configuration and status information respectively and several commands are needed for showing various status information that the user want, which is not Usage convenient for users.
  • Page 217 S2600E/P CLI Reference Guide Chapter 10 MSTP Configuration Commands 2. Configure the TxHoldCount for global STP, set the maximum number of BPDU sent per second. 3. Use this command to configure the maximum hops of BPDU frames. 4. Use this command to configure the max-age of BPDU packets. 5.
  • Page 218 S2600E/P CLI Reference Guide Chapter 11 GVRP Configuration Commands GVRP Configuration Commands 11.1 Configuration Related Command 11.1.1 gvrp applicant state Use this command to set the port advertising mode, which determines whether to allow sending the GVRP advertisement on the port. Use the no form of this command to restore it to the default setting.
  • Page 219 S2600E/P CLI Reference Guide Chapter 11 GVRP Configuration Commands 11.1.2 gvrp dynamic-vlan-creation Use this command to control whether to allow creating the vlan dynamically. Use the no form of this command to restore it to the default setting. . gvrp dynamic-vlan-creation enable no gvrp dynamic-vlan-creation enable Parameter Description...
  • Page 220 S2600E/P CLI Reference Guide Chapter 11 GVRP Configuration Commands Use the show gvrp configuration to show the related Usage configurations. guidelines Examples Ruijie(config)#gvrp enable Command Description Related show gvrp commands Show the GVRP configurations. configuration 11.1.4 gvrp registration mode Use this command to set the registration mode to control whether to allow creating/registering/canceling the vlan dynamically on the port.
  • Page 221 S2600E/P CLI Reference Guide Chapter 11 GVRP Configuration Commands 11.1.5 gvrp timer Use this command to set the GVRP timer. Use the no form of this command to restore it to the default setting. gvrp timer {join | leave | leaveall} timer_value no gvrp timer Parameter Description...
  • Page 222 S2600E/P CLI Reference Guide Chapter 11 GVRP Configuration Commands Examples Ruijie(config)# gvrp timer join 200 Command Description Related show gvrp commands Show the GVRP configurations. configuration 11.2 Showing Related Commands 11.2.1 clear gvrp statistic Use this command to clear the GVRP statistics for re-counting. clear gvrp statistics { interface-id | all} Parameter Description...
  • Page 223 S2600E/P CLI Reference Guide Chapter 11 GVRP Configuration Commands Default Command Privileged mode. mode Use the show gvrp configuration to show the related Usage configurations. guidelines Ruijie# show gvrp configuration Global GVRP Configuration: GVRP Feature:enabled GVRP dynamic VLAN creation:enabled Join Timers(ms):200 Join Timers(ms):600 Join Timers(ms):10000 Port based GVRP Configuration:...

  • Page 224: Show Gvrp Statistics

    S2600E/P CLI Reference Guide Chapter 11 GVRP Configuration Commands 11.2.3 show gvrp statistics Use this command to show the GVRP statistics of one interface or all interfaces. show gvrp statistics {interface-id | all} Parameter Description Parameter description Interface id. interface-id Default Command Privileged mode.
  • Page 225 S2600E/P CLI Reference Guide Chapter 11 GVRP Configuration Commands Command Description Related Clear the statistics of one interface or all clear gvrp commands interfaces. statistics 11.2.4 show gvrp status Use this command to show the GVRP status. show gvrp status Parameter Description Parameter...

  • Page 226: Qinq Configuration

    S2600E/P CLI Reference Guide Chapter 12 QinQ Configuration Commands QinQ Configuration Commands 12.1 Configuration Related Commands 12.1.1 dot1q-tunnel cos inner-cos-value remark-cos outer-cos-value Use this command to map the priority from the outer tag to the inner tag for the packets on the interface. dot1q-tunnel cos inner-cos-value remark-cos outer-cos-value no dot1q-tunnel cos inner-cos-value remark-cos outer-cos-value Parameter...
  • Page 227 S2600E/P CLI Reference Guide Chapter 12 QinQ Configuration Commands show interface intf-name remark Platform description 12.1.2 frame-tag tpid tpid Use this command to set the manufacturer tpid. frame-tag tpid <tpid> no frame-tag tpid Parameter Description Parameter description Remove the setting. Command Interface configuration mode.
  • Page 228 S2600E/P CLI Reference Guide Chapter 12 QinQ Configuration Commands Parameter Description Parameter description Remove the settings. Command Interface configuration mode. mode Ruijie(config)# interface gigabitEthernet 0/2 Examples Ruijie(config-if)# inner-priority-trust enable Command Description Related show commands inner-priority-trust Platform description 12.1.4 switchport mode dot1q-tunnel Use this command to configure the interface as the dot1q-tunnel interface.
  • Page 229 S2600E/P CLI Reference Guide Chapter 12 QinQ Configuration Commands Command Description Related commands show vlan Platform The software version must be RGOS10.1 and later. description 12.1.5 switchport mode uplink Use this command to configure the interface as a uplink port. switchport mode uplink no switchport mode Parameter...
  • Page 230 S2600E/P CLI Reference Guide Chapter 12 QinQ Configuration Commands Parameter Description Tag-carried. tagged Parameter Not tag-carried. untagged description vlan id list. v_list Remove the settings. Default Allowed vlan 1,untagged. configuration Command Interface configuration mode. mode Here is an example of configuring vlan 3-6 of dot1q-tunnel port as allowed VLAN and outputting the frame with tag: Ruijie(config)#interface gigabitEthernet 0/1 Examples...
  • Page 231 S2600E/P CLI Reference Guide Chapter 12 QinQ Configuration Commands Default Vlan 1 configuration Command Interface configuration mode. mode Here is an example of configuring default vlan of dot1q-tunnel port as 8: Examples Ruijie(config)#interface gigabitEthernet 0/1 Ruijie(config-if)#switchport dot1q-tunnel native vlan 8 Ruijie(config)#end Command Description...
  • Page 232 S2600E/P CLI Reference Guide Chapter 12 QinQ Configuration Commands Here is an example of modifying the vid of the input messages whose vids in the tag ranges from 3 to 7 as 4 and forwarding it: Ruijie# configure Ruijie# vlan range 3-8 Examples Ruijie(config)# interface gigabitEthernet 0/1 Ruijie(config-if)# switchport mode trunk...
  • Page 233 S2600E/P CLI Reference Guide Chapter 12 QinQ Configuration Commands Ruijie(config-if)# switchport mode trunk Ruijie(config-if)# vlan-mapping-out vlan 3 remark 4 Ruijie(config-if)# end Command Description Related show interface commands [ intf-id ] vlan-mapping Platform The software version must be RGOS10.4 and later. description 12.1.10 l2protocol-tunnel Use this command to set the dot1q-tunnel port to receive L2 protocol message.
  • Page 234 S2600E/P CLI Reference Guide Chapter 12 QinQ Configuration Commands 12.1.11 l2protocol-tunnel proto-type enable Use this command to enable transparent transmission of L2 protocol message. l2protocol-tunnel {stp | gvrp} enable no l2protocol-tunnel {stp | gvrp} enable Parameter Description Transparently transmit message. Parameter description Transparently...
  • Page 235 S2600E/P CLI Reference Guide Chapter 12 QinQ Configuration Commands Parameter Description transparent transmission address. Parameter GVRP transparent gvrp description transmission address. Restore transparent transimission address default value. Command Global configuration mode. mode Here is an example of setting the MAC address for the L2-protocol transparent transmission function Examples Ruijie(config-if)# l2protocol-tunnel gvrp tunnel-dmac...
  • Page 236 S2600E/P CLI Reference Guide Chapter 12 QinQ Configuration Commands Command Privileged mode. mode Ruijie# show dot1q-tunnel Ports Dot1q-tunnel Examples ----- --------- Gi0/1 Enable Platform The software version must be RGOS10.3 and later. description 12.2.2 show frame-tag tpid Use this command to show the configuration of interface tpid. show frame-tag tpid [interface <intf-id>] Parameter Description...
  • Page 237 S2600E/P CLI Reference Guide Chapter 12 QinQ Configuration Commands Default Priority copy is disabled by default. configuration Command Privileged mode. mode Ruijie# show inner-priority-trust Port inner-priority-trust Examples ---- ---------- Gi0/1 enable Platform The software version must be RGOS10.1 and later. description 12.2.4 show interface dot1q-tunnel...
  • Page 238 S2600E/P CLI Reference Guide Chapter 12 QinQ Configuration Commands show interface intf-name remark Parameter Description Parameter description Default N/A. configuration Command Privileged mode. mode Ruijie# show interface intf-name remark Ports Type From value To value Examples ------------ ----------- ----------- -------- Gi0/1 Cos-To-Cos 3 Platform...
  • Page 239 S2600E/P CLI Reference Guide Chapter 12 QinQ Configuration Commands L2protocol-tunnel: Stp Enable Ruijie# show l2protocol-tunnel gvrp L2protocol-tunnel: gvrp Disable Platform The software version must be RGOS10.3 and later. description...
  • Page 240 IP Application...

  • Page 241: Ip Address Configuration

    S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands IP Address Configuration Commands Interface Address Configuration Commands 1.1.1 ip-address Use this command to configure the IP address of an interface. The no form of this command can be used to delete the IP address of the interface. ip address ip-address network-mask [ secondary ] | [ gateway ip-address] no ip address [ip-address network-mask [ secondary ] | [ gateway]] Parameter...
  • Page 242 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands guidelines it is configured with an IP address. After an IP address is configured for the interface, the interface is allowed to run the Internet Protocol (IP). The network mask is also a 32-bit value that identifies which bits among the IP address is the network portion.
  • Page 243 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands cannot appear on two or more interfaces of a device. In general, the layer-2 switch is configured a default gateway with default-gateway command. Sometimes the layer-2 switch may be managed through the telnet, and the management IP and default gateway of the layer-2 switch needed to be modified.
  • Page 244 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands no arp ip-address MAC-address type [ alias ] Parameter Description The IP address that corresponds to the MAC address. It includes four parts of ip-address numeric values in decimal format separated by dots.
  • Page 245 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands arp gratuitous-send interval seconds no arp gratuitous-send Parameter Description Parameter The time interval to send the free description ARP request message in the range seconds 1 to 3600 seconds Default This function is not enabled on the interface to send the configuration free ARP request regularly.
  • Page 246 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands description Time for retrying the ARP request message in the range of 1 to 3600 seconds seconds, 1 second by default. Default The retry interval of the ARP request is 1s. configuration Command Global configuration mode.

  • Page 247: Arp Timeout

    S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands If the ARP response message is not received, the ARP Default request message will be sent for 5 times, and then it will configuration be timed out. Command Global configuration mode. mode The switch sends the ARP request message frequently, and thus causing problems like network busy.
  • Page 248 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands Command mode Interface configuration mode. The ARP timeout setting is only applicable to the IP address and the MAC address mapping that are learned dynamically. The shorter the timeout, the truer the Usage mapping table saved in the ARP cache, but the more guidelines...
  • Page 249 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands mode If there are a large number of unresolved entries in the ARP cache table and they do not disappear after a period Usage of time, this command can be used to limit the quantity of guidelines the unresolved entries.

  • Page 250: Show Arp Counter

    S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands Command Description Related Add a static mapping record to the ARP commands cache table. Platform description 1.3.2 show arp counter Use this command to show the number of ARP entries in the ARP cache table. show arp counter Parameter N/A.
  • Page 251 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands Command Privileged mode. mode When an interface is available, RGOS will create a direct route in the routing table. The interface is available in that the RGOS software can receive and send packets through this interface.
  • Page 252 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands Proxy ARP is: OFF ARP packet input number: Request packet: Reply packet: Unknown packet: TTL invalid packet number: ICMP packet input number: Echo request: Echo reply: Unreachable: Source quench: Routing redirect: Description of fields in the results: Field Description...
  • Page 253 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands enabled, which will affect the route update behavior of the distance vector protocol. Help address is: Show the helper IP address. Show whether the agent ARP is Proxy ARP is: enabled.
  • Page 254 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands interfaces. Command mode Privileged mode. Usage guidelines Examples Command Description Related Configure the default gateway, which commands is only supported on the Layer 2 default-gateway switch. 1.3.5 show ip redirects Use this command to show the default gateway show arp timeout Parameter...
  • Page 255 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands mode The following is the output of the show ip redirectes command: Examples Ruijie# show ip redirects Default Gateway: 192.168.195.1 Command Description Related Configure the default gateway, which commands is only supported on the Layer 2 default-gateway switch.
  • Page 256 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands Example Note: Use the language {Chinese| English} command in the privileged mode to switchover the Chinese/English interface. Platform description 1.4.2 arp help (interface configuration mode) Use this command to show example information of the command beginning with the keyword arp in interface configuration mode.
  • Page 257 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands privileged mode to switchover the Chinese/English interface. Platform description 1.4.3 arp retry help Use this command to show example information of the command beginning with the keyword arp retry in global configuration mode. arp retry help Parameter description...
  • Page 258 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands Command mode Interface configuration mode. Example Note: Use the language {Chinese| English} command in the privileged mode to switchover the Chinese/English interface. Platform description 1.4.5 ip help (global configuration mode) Use this command to show example information of the command beginning with the keyword ip in global configuration mode.
  • Page 259 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands Example Note: Use the language {Chinese| English} command in the privileged mode to switchover the Chinese/English interface. Platform description 1.4.6 ip help (interface configuration mode) Use this command to show example information of the command beginning with the keyword ip in interface configuration mode.
  • Page 260 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands Example Note: Use the language {Chinese| English} command in the privileged mode to switchover the Chinese/English interface. Platform description Showing Main Status Commands 1.5.1 view arp Use this command to show the important and common used information about the ARP protocol.
  • Page 261 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands Command mode Privileged mode. Examples The description for the “Status” field of “ARP security”: The Enabled is shown as long as one port is enabled with Anti ARP spoofing. The Enabled is shown as long as one port is enabled with ARP check.
  • Page 262 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands 1.5.2 view ip Use this command to show the important and common used information about the IPv4 protocol. view ip The view ipv4 command is equivalent to the view ip. Parameter description N/A.
  • Page 263 S2600E/P CLI Reference Guide Chapter 1 IP Address Configuration Commands Platform description...

  • Page 264: Ip Service Configuration

    S2600E/P CLI Reference Guide Chapter 2 IP Service Configuration Commands IP Service Configuration Commands IP Service Configuration Commands 2.1.1 ip default-gateway Use this command to configure the default gateway on the Layer2 switch. Use the no form of this command to remove the default gateway. ip default-gateway no ip default-gateway Default...
  • Page 265 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands IPv6 Configuration Commands Configuration Related Commands 3.1.1 ipv6 address Use this command to configure an IPv6 address for a network interface. Use the no form of this command to delete the configured address. ipv6 address ipv6-address/prefix-length ipv6 address ipv6-prefix/prefix-length eui-64 ipv6 address prefix-name sub-bits/prefix-length [eui-64]...
  • Page 266 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands The general prefix name.Use the prefix-name specified general prefix to generate the interface address. The value of the sub-prefix bit and the host bit generates the interface sub-bits address combining with the general prefix.

  • Page 267: Ipv6 Address Autoconfig

    S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands 3.1.2 ipv6 address autoconfig Use this command to automatically configure an IPv6 stateless address for a network interface. Use the no form of this command to delete the auto-configured address. ipv6 address autoconfig[default] no ipv6 address autoconfig Parameter Description...
  • Page 268 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands 3.1.3 ipv6 enable Use this command to enable the IPv6 function on an interface. Use the no form of this command to disable this function. ipv6 enable no ipv6 enable Default configuration Disabled.
  • Page 269 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands The network prefix value of the pv6-prefix general-prefix following the format defined in RFC4291. prefix-length The length of the general prefix. Command mode Global configuration mode. It is convenient to number the network by using the general prefix, which defines a prefix so that many longer specified prefixes could refer to it.
  • Page 270 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Usage This command takes effect for the unicast messages only, not for multicast messages. guidelines Examples Ruijie(config)# ipv6 hop-limit 100 3.1.6 ipv6 neighbor Use this command to configure a static neighbor. Use the no form of this command to remove the setting.
  • Page 271 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Use show ipv6 neighbors to view the neighbor information. Ruijie(config)# ipv6 neighbor 2001::1 vlan Examples 00d0.f811.1111 Command Description show ipv6 Related Show the neighbor information. neighbors commands clear ipv6 Clear neighbors learned neighbors dynamically.
  • Page 272 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands IPv6 operations on the interface). In this case, you shall modify and configure a new address manually, and restart address collision check for the down/up interface. Whenever the state of an interface changes from down to up, the address collision check function of the interface will be enabled.
  • Page 273 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands 3.1.9 ipv6 nd other-config-flag Use this command to set “other stateful configuration” flag bit of the RA message. Use the no form of this command to delete the flag bit. ipv6 nd other-config-flag no ipv6 nd other-config-flag Parameter Description...
  • Page 274 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Parameter Description Parameter Interval for retransmitting NS in the description milliseconds range of 1000 to 429467295 milliseconds Default The default value in RA is 0 (unspecified); the interval for configuration retransmitting NS is 1000ms(1s). Command mode Interface configuration mode.
  • Page 275 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Set the dead line for the valid lifetime valid-date and that of the preferred lifetime, in preferred-date day, month, year, hour, minute. infinite Indicate that the prefix is always valid. Set the default perfix. default The prefix will not be advertised by the no-advertise...
  • Page 276 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands prefix default; only the prefix that uses all the default configurations can be modified with this command. at valid-date preferred-date The valid lifetime of a prefix can be specified in two ways. One way is to specify a fixed time for each prefix in the RA;...
  • Page 277 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Usage It is used to set the hopcount of the RA message. guidelines Examples Ruijie(config -if)# ipv6 nd ra-hoplimit 110 Command Description show ipv6 Show the interface information. interface Related ipv6 Set the lifetime of the device.
  • Page 278 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands to ensure other devices along the link occupies network bandwidth while sending the RA message, the actual interval for sending the RA message will be fluctuated 20% based on the set value. If the key word min-max is specified, the actual interval for sending the packet will be chosen between the range of minimum value and maximum value.
  • Page 279 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands value is set to 0, the device will not serve as the default device any longer. If it is not set to 0, it shall be larger than or equal to the interval of sending the RA (ra-interval). Examples Ruijie(conifig-if)# ipv6 nd ra-lifetime 2000 Command...
  • Page 280 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands ipv6 Set the lifetime of the device. ra-lifetime Set the interval of sending the RA ipv6 message. ra-interval ipv6 Set the hopcount of the RA message. ra-hoplimit 3.1.16 ipv6 nd reachable-time Use this command to set the reachable time after the interface checks the reachability of the neighbor dynamically learned through NDP.
  • Page 281 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Command Description Related show ipv6 commands Show the interface information. interface 3.1.17 ipv6 nd suppress-ra Use this command to disable the interface from sending the RA message. Use the no form of this command to enable the function. ipv6 nd suppress-ra no ipv6 nd suppress-ra Default...

  • Page 282: Ipv6 Redirects

    S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Command mode Global configuration mode. Usage guidelines None. Examples Ruijie(config)# no ipv6 ns-linklocal-src 3.1.19 ipv6 redirects Use this command to control whether to send ICMPv6 redirect message when the switch receives and forwards an IPv6 packet through an interface. Use the no form of this command to disable the function.
  • Page 283 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Parameter None. description Default configuration Disabled. Command mode Global configuration mode. Because of the potential security of the header of type 0 route, it’s easy for the device to suffer from the denial service attack.
  • Page 284 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands The response to the request sent is not received within a regulated time. The device has no route to the destination host. Parameter error. No system resource is available. The source IP address of the packet is not selected.
  • Page 285 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands show ipv6 Show the neighbor information. neighbors Platform description 3.2.2 show ipv6 address Use this command to show the IPv6 addresses. show ipv6 address [interface-name] Parameter Description Parameter description interface-name Interface name Command mode Privileged mode.

  • Page 286: Show Ipv6 Interface

    S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Platform description 3.2.3 show ipv6 general-prefix Use this command to show the information of the general prefix. show ipv6 general-prefix Command Privileged mode. mode Use this command to show the information of the general Usage prefix including the manually configured and learned from guidelines...
  • Page 287 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Parameter Description Interface (including Ethernet interface, Parameter interface-id aggregateport, or SVI) description Show the RA information of the ra-info interface. Command mode Privileged mode. Use this command to show the address configuration, ND Usage guidelines configuration and other information of an IPv6 interface.
  • Page 288 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Indicate that the DAD is underway. The TENTATIVE address is a tentative before the DAD is completed. DUPLICATED Indicate that a duplicate address exists. Indicate that the preferred lifetime of the DEPRECATED address expires.
  • Page 289 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands out: Indicate the number of the RAs that are sent. In: Indicate the number of the RAs that are RA(out/in/ received. inconsistent) inconsistent: Indicate the number of the received RAs in which the parameters are different from those contained in the RAs advertised by the device.

  • Page 290: Show Ipv6 Neighbors

    S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands L: Indicate that the on-link in the prefix is set. L | !L !L: Indicate that the on-link in the prefix is not set. A: Indicate that the auto-configure in the A | !A prefix is set.
  • Page 291 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Interface Interface the neighbor locates. State of the neighbor: state/H(R) The values of STATE are as below: INCMP (Incomplete): address resolution of the neighbor is underway, the NS is sent, but the NA is not received. REACH (Reachable): switch...
  • Page 292 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands The number of the NSs that are sent to the Asked neighbor for the resolution of the link address of the neighbor. Examples Ruijie# show ipv6 neighbors Command Description Related commands Configure a neighbor.
  • Page 293 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands The following example shows the statistics of the global neighbors. The following example shows the statistics of all neighbors. Examples Command Description Related commands Platform description 3.2.7 show ipv6 packet statistics Use this command to show the statistics of IPv6 packets.
  • Page 294 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Command mode Privileged mode. Usage guidelines The following example shows the total statistics of the Ipv6 packets and the statistics of each inerface. Example The following example shows the total statistics of the Ipv6 packets.
  • Page 295 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Showing Configuration Example Commands 3.3.1 ipv6 address help (global configuration mode) Use this command to show the example of the command that starts with ipv6 address in the interface configuration mode . ipv6 address help Parameter Description...
  • Page 296 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Platform description 3.3.2 ipv6 help (global configuration mode) Use this command to show the example of the command that starts with ipv6 in the global configuration mode. ipv6 help Parameter Description Parameter description Command...
  • Page 297 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands 3.3.3 ipv6 help (interface configuration mode) Use this command to show the example of the command that starts with ipv6 in the interface configuration mode. ipv6 help Parameter Description Parameter description Command Interface configuration mode mode...
  • Page 298 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Platform description 3.3.4 ipv6 nd help Use this command to show the example of the command that starts with ipv6 nd in the interface configuration mode. ipv6 nd help Parameter Description Parameter description Command...
  • Page 299 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Command Description Related commands Platform description 3.3.5 ipv6 route help Use this command to show the example of the command that starts with the ipv6 route in the global configuration mode. ipv6 route help Parameter Description...
  • Page 300 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Command Description Related commands Platform description Showing Status Commands 3.4.1 view ipv6 Use this command to show the information about the IPv6 addresses, IPv6 packet statistics, IPv6 neighbors and IPv6 route tables. view ipv6 Parameter Description...
  • Page 301 S2600E/P CLI Reference Guide Chapter 3 IPv6 Configuration Commands Examples Command Description Related commands Platform description...

  • Page 302: Dhcp Configuration

    S2600E/P CLI Reference Guide Chapter 4 DHCP Configuration Commands DHCP Configuration Commands DHCP Configuration Related Command 4.1.1 ip address dhcp Use this command to make the Ethernet interface or the PPP, HDLC and FR encapsulated interface obtain the IP address information by the DHCP in the interface configuration mode.
  • Page 303 S2600E/P CLI Reference Guide Chapter 4 DHCP Configuration Commands interface fastEthernet 0 ip address dhcp Command Description dns-server Define the DNS server of DHCP client. Related Define the name of the DHCP address commands ip dhcp pool pool and enter into the DHCP address pool configuration mode.
  • Page 304 S2600E/P CLI Reference Guide Chapter 4 DHCP Configuration Commands Parameter description N/A. Default N/A. Command mode Privileged mode. If the IP address is not defined, show the binding condition Usage of all addresses. If the IP address is defined, show the guidelines binding condition of this IP address.

  • Page 305: Dhcp Relay

    S2600E/P CLI Reference Guide Chapter 5 DHCP Relay Configuration Commands DHCP Relay Configuration Commands DHCP Relay Configuration Commands 5.1.1 ip dhcp relay check server-id Use this command to enable the ip dhcp relay check server-id function. The no form of this command is used to disable the ip dhcp relay check server-id function.
  • Page 306 S2600E/P CLI Reference Guide Chapter 5 DHCP Relay Configuration Commands Platform description This command is only supported by the switches. 5.1.2 ip dhcp relay information option dot1x Use this command to enable the dhcp option dot1x function.. The no form of the command is used to disable the dhcp option dot1x function.
  • Page 307 S2600E/P CLI Reference Guide Chapter 5 DHCP Relay Configuration Commands Command mode Global configuration mode. Usage Be sure that the ACL does not conflict with the existing guidelines ACE of the configured ACL on the interface. The following example enables the dhcp option dot1x acl function.

  • Page 308: Ip Dhcp Relay Information Option

    S2600E/P CLI Reference Guide Chapter 5 DHCP Relay Configuration Commands Command Description service dhcp Enable the DHCP Relay. Related ip dhcp relay commands Enable the DHCP option dot1x information function. option dot1x Platform description 5.1.4 ip dhcp relay information option82 Use this command to configure to enable the ip dhcp relay information option82 function.
  • Page 309 S2600E/P CLI Reference Guide Chapter 5 DHCP Relay Configuration Commands 5.1.5 ip dhcp relay suppression Use this command to enable the DHCP binding globally. The no form of this command disables the DHCP binding globally and enables the DHCP relay suppression on the port.

  • Page 310: Service Dhcp

    S2600E/P CLI Reference Guide Chapter 5 DHCP Relay Configuration Commands Default N/A. Command mode Global configuration mode, interface configuration mode. Up to 20 DHCP server can be configured globally or on a layer-3 interface. One DHCP request of this interface will be sent to these servers.
  • Page 311 S2600E/P CLI Reference Guide Chapter 5 DHCP Relay Configuration Commands The DHCP relay can forward the DHCP requests to other Usage servers, and the returned DHCP response packets to the guidelines DHCP client, serving as the relay for DHCP packets. In the following configuration example, the device has enabled the DHCP server and the DHCP relay.
  • Page 312 S2600E/P CLI Reference Guide Chapter 5 DHCP Relay Configuration Commands Example Use the language chinese/english command in the privileged mode to switchover the Chinese/English interface. Command Description Related commands view dhcp-relay Show the dhcp relay modules. Platform description Showing Example Commands 5.3.1 ip dhcp relay help Use this command to show the help information of DHCP relay configuration.
  • Page 313 S2600E/P CLI Reference Guide Chapter 5 DHCP Relay Configuration Commands Default Command mode Global/ interface configuration mode. Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines...
  • Page 314 S2600E/P CLI Reference Guide Chapter 5 DHCP Relay Configuration Commands Command Description Related commands Platform description 5.3.2 ip dhcp relay check help Use this command to show the help information of check server-id configuration. ip dhcp relay check help Default Command mode Global configuration mode.
  • Page 315 S2600E/P CLI Reference Guide Chapter 5 DHCP Relay Configuration Commands Platform description 5.3.3 ip dhcp relay information help Use this command to show the help information of adding the option. ip dhcp relay information help Default Command mode Global configuration mode. Currently, you can enter the question mark “?”...
  • Page 316 S2600E/P CLI Reference Guide Chapter 5 DHCP Relay Configuration Commands Platform description Showing Main Status Commands 5.4.1 view dhcp-relay Use this command to show the DHCP relay modules. view ip dhcp-relay Default Command mode Any mode. Currently, two commands should be used to show the related configuration and status information respectively and several commands are needed for showing various Usage...
  • Page 317 S2600E/P CLI Reference Guide Chapter 5 DHCP Relay Configuration Commands Platform description...
  • Page 318 S2600E/P CLI Reference Guide Chapter 6 UDP-Helper Module Configuration Commands UDP-Helper Module Configuration Commands Configuration Related Commands 6.1.1 ip forward-protocol Use this command to configure the UDP port to enable forwarding. Use the no form of this command to disable forwarding on the UDP port. ip forward-protocol udp [port | tftp | domain | time | netbios-ns | netbios-dgm | tacacs] no ip forward-protocol udp [port | tftp | domain | time | netbios-ns |...
  • Page 319 S2600E/P CLI Reference Guide Chapter 6 UDP-Helper Module Configuration Commands Forward the broadcast message from port 49. Default configuration N/A. Command mode Global configuration mode. Enabling the UDP-Helper function will forward the Usage broadcast message of the UDP ports 69,53,37,137,138,49 guidelines without any additional configuration, by default.
  • Page 320 S2600E/P CLI Reference Guide Chapter 6 UDP-Helper Module Configuration Commands addresses. Default N/A. configuration Command mode Interface configuration mode. Up to 20 destination servers can be configured on an interface. Once the forwarding destination server is configured someone an interface and UDP-Helper is enabled, the broadcast message of the specified port Usage received from this interface will be sent to the destination...
  • Page 321 S2600E/P CLI Reference Guide Chapter 6 UDP-Helper Module Configuration Commands Parameter description N/A. Default configuration Disabled. Command Global configuration mode. mode Enable the forwarding function of UDP-Helper. The UDP Usage broadcast messages from the port 69,53,37,137,138,49 guidelines are forwarded by default. The following is an example of enabling the UDP Examples forwarding function.
  • Page 322 S2600E/P CLI Reference Guide Chapter 7 DNS Module Configuration Commands Module Configuration Commands Configuring Related Commands 7.1.1 ip domain-lookup Use this command to enable the DNS to carry out the domain name resolution. Use the no form of this command to disable the DNS domain name resolution function.
  • Page 323 S2600E/P CLI Reference Guide Chapter 7 DNS Module Configuration Commands 7.1.2 ip host Use this command to configure the mapping of the host name and the IP address by manual. Use the no form of the command to remove the host list. ip host host-name ip-address no ip host host-name ip-address Parameter...

  • Page 324: Ipv6 Host

    S2600E/P CLI Reference Guide Chapter 7 DNS Module Configuration Commands Command mode Global configuration mode. Add the IP address of the DNS server. Once this command is executed, the equipment will add a DNS server. When the device cannot obtain the domain name Usage from a DNS server, it will attempt to send the DNS request guidelines...
  • Page 325 S2600E/P CLI Reference Guide Chapter 7 DNS Module Configuration Commands Command Description Related Show the DNS related configuration commands show hosts information. Show Related Commands 7.2.1 clear host Use this command to clear the dynamically learned host name in the privileged user mode.
  • Page 326 S2600E/P CLI Reference Guide Chapter 7 DNS Module Configuration Commands Command mode Privileged mode. Usage guidelines Show the DNS related configuration information. Ruijie# show hosts Name servers are: 192.168.5.134 static Examples Host type Address TTL(sec) switch static 192.168.5.243 www.ruijie.com dynamic 192.168.5.123 Command Description...

  • Page 327: Ftp Server Configuration

    S2600E/P CLI Reference Guide Chapter 8 FTP Server Configuration Commands FTP Server Configuration Commands Configuration Related Commands 8.1.1 debug ftp server Use this command to enable outputting the debugging messages in the FTP server. Use the no form of this command to disable this function. debug ftpserver no debug ftpserver Parameter...
  • Page 328 S2600E/P CLI Reference Guide Chapter 8 FTP Server Configuration Commands Ruijie# no debug ftpserver Platform description 8.1.2 ftp-server enable Use this command to enable the FTP server. Use the no form of this command to disable the FTP server. ftp-server enable no ftp-server enable Parameter Description...
  • Page 329 S2600E/P CLI Reference Guide Chapter 8 FTP Server Configuration Commands 8.1.3 ftp-server password Use this command to set the login password for the FTP server. Use the no form of this command to cancel the password configuration. ftp-server password [type] password no ftp-server password Parameter Description...
  • Page 330 S2600E/P CLI Reference Guide Chapter 8 FTP Server Configuration Commands  Caution Null password is not supported by the FTP server. Without the password configuration, the client fails to pass the identity verification of the server. The following example shows how to set the plain-text password as pass: Ruijie(config)# ftp-server password pass Ruijie(config)# ftp-server password 0 pass...
  • Page 331 S2600E/P CLI Reference Guide Chapter 8 FTP Server Configuration Commands guidelines of the files accessed by the client. Can the FTP client accesses to the files on the FTP server with the top directory correctly specified. Without this command configured, FTP client fails to access to any file or directory on the FTP server.
  • Page 332 S2600E/P CLI Reference Guide Chapter 8 FTP Server Configuration Commands The session idle time refers to the time for the FTP session between two FTP operations. The following example shows how to set the session idle timeout as 5m: Ruijie(config)# ftp-server timeout 5 Examples The following example shows how to restore the session idle timeout to the default value(30m):...
  • Page 333 S2600E/P CLI Reference Guide Chapter 8 FTP Server Configuration Commands server. The client fails to pass the identity verification if the username is removed. The following example shows how to set the username as user: Ruijie(config)# ftp-server username user Examples The following example shows how to remove the username configuration: Ruijie(config)# no ftp-server username...

  • Page 334: Platform Description

    S2600E/P CLI Reference Guide Chapter 8 FTP Server Configuration Commands The following example shows the related status information of the FTP server: Ruijie# show ftp-server ftp-server information ======================================= enable : Y topdir : / timeout: 20min username config : Y Examples password config : Y type: BINARY...
  • Page 335 Network Management and Monitoring...
  • Page 336 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command SNMP Configuration Command Configuration Related Commands 1.1.1 no snmp-server Use this command to disable the SNMP agent function in the global configuration mode. no snmp-server Default configuration Disabled. Command mode Global configuration mode. This command disables the SNMP agent services of all Usage guidelines...
  • Page 337 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command Default The default sequence number is 60FF60. configuration Command Global configuration mode. mode The SNMP system sequence number is generally the Usage sequence number of the machine to facilitate the device guidelines identification.
  • Page 338 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command NMS that are permitted to access the MIB. Name of the ACL, which specifies the aclname IPV4 address range of the NMS that are permitted to access the MIB. Name of the IPv6 ACL, which specifies ipv6-aclname the IPv6 address range of the NMS that are permitted to access the MIB...
  • Page 339 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command no snmp-server contact Parameter Description Parameter description text String describing the system contact. Default configuration N/A. Command mode Global configuration mode. The example below specifies the SNMP system contract i-net800@i-net.com.cn: Examples Ruijie(config)# snmp-server contact i-net800@i-net.com.cn Command...
  • Page 340 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command This command must work with the global configuration Usage command snmp-server host to send the SNMP Trap guidelines message. The example below enables the SNMP server to actively send the SNMP Trap message. Examples Ruijie(config)# snmp-server enable traps snmp Ruijie(config)# snmp-server host 192.168.12.219 public...
  • Page 341 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command are permitted to access the MIB. Name of the IPv6 ACL, which specifies ipv6_aclname the IPv6 address range of the NMS that are permitted to access the MIB writeview Associate with a read-write view. Default configuration N/A.
  • Page 342 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command Community string username community-string (SNMPv3 version) port-num Port of the SNMP host The type of the SNMP trap message notification-type sent actively, such as snmp. By default, no SNMP host is specified. Default If no type of the SNMP trap message is specified, all types configuration...
  • Page 343 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command no snmp-server location Parameter Description Parameter description text String describing the system Default configuration Null Command mode Global configuration mode. The example below specifies the system information: Examples Ruijie(config)# snmp-server location start-technology-city 4F of A Buliding Command Description...
  • Page 344 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command Command Description Related snmp-server Specify the length of the SNMP trap commands message queue. queue-length 1.1.10 snmp-server queue-length Use this command to specify the length of the SNMP trap message queue in the global configuration mode.
  • Page 345 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command snmp-server system-shutdown no snmp-server system-shutdown Default configuration Disabled. Command Global configuration mode. mode This command is used to enable the SNMP system restart Usage notification function. The RGOS sends the SNMP trap guidelines messages to the NMS to notify the system pending before the device is reloaded or rebooted.
  • Page 346 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command By default, the IP address of the interface where the NMP message is sent from is just the source address. For easy Usage management and identification, this command can be guidelines used to fix a local IP address as the SNMP source address.
  • Page 347 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command snmp-server Specify the length of the SNMP trap queue-length message queue. Specify the NMS host to send the snmp-server SNMP trap message. host 1.1.14 snmp-server user Use this command to set the SNMP name in the global configuration mode. The no form of this command is used to delete the user.
  • Page 348 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command Enable the MD5 authentication protocol. While enables authentication protocol. Sequence number of the ACL in the range of 1 to 99, which specifies the IPV4 aclnumber address range of the NMS that are permitted to access the MIB.
  • Page 349 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command Include the sub trees of the MIB object include in the view. Exclude the sub trees of the MIB object exclude from the view. Default configuration By default, a default view is set to access all MIB objects. Command mode Global configuration mode.
  • Page 350 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command The example below shows the SNMP information: Ruijie# show snmp Chassis: 60FF60 0 SNMP packets input 0 Bad SNMP version errors 0 Unknown community name 0 Illegal operation for community name supplied 0 Encoding errors 0 Number of requested variables 0 Number of altered variables...
  • Page 351 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command For current operation of the CLI, the configuration is realized by executing the single command one by one. As for the configuration and deployment of the specific functional module, current presentation of the CLI lacks some replicable typical configuration examples, therefore, users can only obtain the configuration help by other Usage...
  • Page 352 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command If the user enters number 2, the following information is displayed: Use the language chinese/english command in the global...
  • Page 353 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command configuration mode to switchover the interface between Chinese and English. Command Description Related Show the configuration and running commands view snmp status information about snmp modules. Platform description Supported by switches only. Showing Example Commands 1.4.1 snmp-server help...
  • Page 354 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command Example Use the language chinese/english command in the global configuration mode to switchover the interface between Chinese and English. Command Description Related Show typical configuration commands snmp help information about snmp modules. Platform description Supported by switches only.
  • Page 355 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines description of keywords, so they do not know how to continue the configuration in order to complete the...
  • Page 356 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines description of keywords, so they do not know how to continue the configuration in order to complete the...
  • Page 357 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command snmp-server group help Command mode Global configuration mode. Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines...
  • Page 358 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines description of keywords, so they do not know how to continue the configuration in order to complete the...
  • Page 359 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines description of keywords, so they do not know how to continue the configuration in order to complete the...
  • Page 360 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command Currently, multiple commands are needed to show the related configuration or status information of one function. The users do not know to use which command to show the main status information of this function. And several Usage commands are involved for showing various status guidelines...
  • Page 361 S2600E CLI Reference Guide Chapter 1 SNMP Configuration Command Platform description Supported by switches only.
  • Page 362 S2600E CLI Reference Guide Chapter 2 RMON Configuration commands RMON Configuration commands Configuration Related Commands 2.1.1 rmon alarm Use this command to monitor a MIB variable. The no form of this command cancels the logging. rmon alarm number variable interval {absolute | delta } rising-threshold value [event-number] falling-threshold...

  • Page 363: Rmon Collection History

    S2600E CLI Reference Guide Chapter 2 RMON Configuration commands rmon event number [log] [trap community] description string Add an event definition. [owner owner-string] 2.1.2 rmon collection history Use this command to log the history of an Ethernet interface. The no form of this command cancels the logging.

  • Page 364: Rmon Event

    S2600E CLI Reference Guide Chapter 2 RMON Configuration commands Command mode Interface configuration mode. Usage guidelines N/A. The example below enables monitoring the statistics of Ethernet port 1. Examples Ruijie(config)# interface fast-Ethernet 0/1 Ruijie(config-if)# rmon collection stats 1 zhansan Command Description rmon collection...

  • Page 365: Show Rmon Alarm

    S2600E CLI Reference Guide Chapter 2 RMON Configuration commands rmon alarm number variable interval {absolute | delta } rising-threshold value Add an alarm entry. [event-number] falling-threshold value [event-number] [owner ownername] Showing Related Commands 2.2.1 show rmon alarm Use this command to show the rmon alarm table. show rmon alarm Default N/A.
  • Page 366 S2600E CLI Reference Guide Chapter 2 RMON Configuration commands rmon alarm number variable interval {absolute | delta } rising-threshold value [event-number] Add an alarm entry. falling-threshold value [event-number] [owner ownername] 2.2.2 show rmon event Use this command to show the event information. show rmon event Default N/A.
  • Page 367 S2600E CLI Reference Guide Chapter 2 RMON Configuration commands 2.2.3 show rmon history Use this command to show the history information. show rmon history Default N/A. Command mode Privileged mode. Usage N/A. guidelines The example below shows the history information. Ruijie# show rmon history rmon history control table: index = 1...

  • Page 368: Show Rmon Statistics

    S2600E CLI Reference Guide Chapter 2 RMON Configuration commands Command Description rmon collection history index Related Add a history control [owner ownername] [buckets commands entry. bucket-number] [interval seconds] 2.2.4 show rmon statistics Use this command to show the statistics. show rmon statictics Default N/A.
  • Page 369 S2600E CLI Reference Guide Chapter 2 RMON Configuration commands packets128To255Octets = 229 packets256To511Octets = 3 packets512To1023Octets = 0 packets1024To1518Octets = 1200 Command Description Related rmon collection stats commands Add a statistical entry. index [owner owner-string]...
  • Page 370 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands Configuration Commands NTP Configuring Related Commands 3.1.1 no ntp Use this command to disable the ntp synchronization service with the time server and clear all configuration information of ntp. no ntp Parameter description N/A.
  • Page 371 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands 3.1.2 ntp access-group Use this command to configure the access control priority of the ntp service. Use the no form of this command to cancel the access control priority. access-group {peer serve serve-only query-only}...

  • Page 372: Ntp Authenticate

    S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands Use this command to configure the access control priority of the ntp service. NTP services access control function provides a minimal security measures (more secure way is to use the NTP authentication mechanism). When an access request arrives, NTP service matches the rules in accordance with the sequence from the smallest to the largest to access restriction, and the first matched rule...
  • Page 373 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands Parameter description N/A. Default Disabled. Command mode Global configuration mode. If the global security identification mechanism is not used, the synchronization communication is not encrypted. To enable encrypted communication on the server, enable the Usage security identification mechanism and configure other keys guidelines...

  • Page 374: Ntp Disable

    S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands not encrypted, 7 indicates the key is encrypted simply. Default N/A. Command mode Global configuration mode. Configure the global authentication key and adopt md5 for encryption. Each key presents the unique key-id identification.
  • Page 375 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands The NTP message received on any interface can be provided to the client to carry out the clock adjustment. The function can be set to shield the NTP message Usage received from the corresponding interface. guidelines Note: The interface that is configured with this command can receive and send IP packets.
  • Page 376 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands In general, the local system synchronizes the time from the external time source directly or indirectly. However, if the time synchronization of local system fails for the network connection trouble, ect, use the command to set the reliable reference source of the local time, providing the synchronized time for other devices.
  • Page 377 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands adopted when communication with the corresponding server. (Optional) Specify the corresponding prefer server as the prefer server. No NTP server is configured, by default. Default Command mode Global configuration mode. At present, our system only support clients other than servers, and the upeer limit of supported synchronous servers are 20.
  • Page 378 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands Parameter description N/A. Default N/A. Command mode Global configuration mode. 8 consecutive packets are synchronized for the first synchronization of NTP and each server. Then the Usage synchronization occurs every one minute. This command guidelines is used to complete the instant synchronization during the interval of auto-sync.
  • Page 379 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands The NTP communication parties must use the same Usage trusted key. The key is identified by ID and is not guidelines transmitted to improve security. The following configures an authentication key and sets it as the corresponding server trusted key.
  • Page 380 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands The following configures the NTP update calendar Examples periodically. Ruijie(config)# ntp update-calendar Showing and Monitoring Commands 3.2.1 debug ntp Use this command to show the NTP debugging information. debug ntp no debug ntp Parameter description N/A.
  • Page 381 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands If the NTP service of the system is enabled, show current Usage NTP information. This command will not print any guidelines information before the synchronization server is added for the first time. The example below shows the NTP information of current Examples system.
  • Page 382 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands When the user inputs 1, the following information is displayed. mple When the user inputs 2, the following information is displayed.
  • Page 383 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands Use the language chinese/english command in the privileged mode to switchover the Chinese/English interface. Command Description Related Show the configuration and running commands view ntp status information about ntp modules. Platform description Supported by switches only.
  • Page 384 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, users may not understand the meaning about the description of keywords, so they do not know how to continue the configuration in order to complete the Usage...
  • Page 385 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands 3.4.2 ntp server help Use this command to show the example information of the command beginning with the keyword ntp server. ntp server help Parameter description N/A. Default Command Global configuration mode. mode Currently, you can enter the question mark “?”...
  • Page 386 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands Platform description Supported by switches only. 3.4.3 ntp access-group help Use this command to show the example information of the command beginning with the keyword ntp access-group. ntp access-group help Parameter N/A.
  • Page 387 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands Show the typical configuration of ntp ntp help modules. Platform description Supported by switches only. 3.4.4 ntp authentication-key help Use this command to show the example information of the command beginning with the keyword ntp authentication-key.
  • Page 388 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands mode to switchover the Chinese/English interface. Command Description Related Show the typical configuration of ntp commands ntp help modules. Platform description Supported by switches only. Showing Main Status Commands 3.5.1 show ntp server Use this command to show the information about the ntp server.
  • Page 389 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands Platform description Supported by switches only. 3.5.2 view ntp Use this command to show the configuration and running status information about the ntp module. show ntp help Parameter N/A. description Default Command mode Any mode.
  • Page 390 S2600E CLI Reference Guide Chapter 3 NTP Configuration Commands Command Description Related Show the typical configuration of ntp commands ntp help modules. Platform description Supported by switches only.
  • Page 391 S2600E CLI Reference Guide Chapter 4 SNTP Configuration Commands SNTP Configuration Commands Configuring Related Commands 4.1.1 sntp enable Use this command to enable the SNTP function. Use the no form of this command to restore the default value. [no] sntp enable Default configuration Disabled...
  • Page 392 S2600E CLI Reference Guide Chapter 4 SNTP Configuration Commands 4.1.2 sntp interval Use this command to set the interval for the SNTP Client to synchronize its clock with the NTP/SNTP Server. sntp interva seconds no sntp interval Parameter Description Parameter Synchronization interval in 60 to 65535 description seconds...
  • Page 393 S2600E CLI Reference Guide Chapter 4 SNTP Configuration Commands 4.1.3 sntp server Use this command to set the SNTP server. Since the SNTP protocol is completely compatible with the NTP protocol, you can configure the SNTP server as the public NTP server on the Internet. sntp server ip-address no sntp server Parameter...
  • Page 394 S2600E CLI Reference Guide Chapter 4 SNTP Configuration Commands Command mode Privileged mode. Usage guidelines This command shows the parameters of SNTP. Ruijie# show sntp SNTP state : Enable Examples SNTP server : 192.168.4.12 SNTP sync interval : 60 Time zone : +8 Command Description...
  • Page 395 S2600E CLI Reference Guide Chapter 4 SNTP Configuration Commands For current operation of the CLI, the configuration is realized by executing the every single command. As for the configuration and deployment of a specific functional module, current CLI presentation lacks some replicable typical configuration examples, therefore, users can only ask for the configuration help by other means(such as Usage...
  • Page 396 S2600E CLI Reference Guide Chapter 4 SNTP Configuration Commands Showing Main Status Commands 4.4.1 view sntp Use this command to show the configuration and running status information about sntp modules. view sntp Command mode Any mode. Currently, multiple commands are needed to show the related configuration or status information of one function.

  • Page 397: Span Configuration

    S2600E CLI Reference Guide Chapter 5 SPAN Configuration Commands SPAN Configuration Commands Configuration Related Commands 5.1.1 monitor session Use this command to create a SPAN session and specify the destination port (monitoring port) and source port (monitored port). The no form of the command is used to delete the session or delete the source port or destination port separately.
  • Page 398 S2600E CLI Reference Guide Chapter 5 SPAN Configuration Commands Monitor only the inbounding frames. Monitor only the outbounding frames. Delete all sessions. Support the encapsulation function for the monitored port. Once this function is enabled, the encapsulation tag of the mirrored frame is peeled off forcibly. This function is disabled by default.

  • Page 399: Show Monitor

    S2600E CLI Reference Guide Chapter 5 SPAN Configuration Commands Use this command to display the SPAN show monitor configurations. Platform description 5.1.2 show monitor Use this command to display the SPAN configurations. show monitor [session session_number] Default configuration All SPAN sessions are displayed by default. Parameter Description Parameter...
  • Page 400 S2600E CLI Reference Guide Chapter 5 SPAN Configuration Commands Showing Configuration Example Commands 5.2.1 span help Use this command to display the typical configuration of span modules. span help Default configuration Parameter Description Parameter description Command Privileged mode. mode For current operation of the CLI, the configuration is realized by executing the single command one by one.
  • Page 401 S2600E CLI Reference Guide Chapter 5 SPAN Configuration Commands Command Description Related commands Showing Example Commands 5.3.1 monitor help Use this command to display the example information of the command beginning with the keyword monitor. monitor help Default configuration Parameter Description Parameter description...
  • Page 402 S2600E CLI Reference Guide Chapter 5 SPAN Configuration Commands Example Use the language chinese/english command in the privileged mode to switchover the interface between Chinese and English. Command Description Related commands 5.3.2 monitor session help Use this command to display the example information of the command beginning with the keyword monitor session.
  • Page 403 S2600E CLI Reference Guide Chapter 5 SPAN Configuration Commands Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or Usage parameter and related description. However, users may not understand the meaning about the description of keywords, so they guidelines do not know how to continue the configuration in order to complete the configuration task.
  • Page 404 S2600E CLI Reference Guide Chapter 5 SPAN Configuration Commands Parameter Description Parameter description Command mode Global configuration mode. Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or Usage parameter and related description.
  • Page 405 S2600E CLI Reference Guide Chapter 5 SPAN Configuration Commands Default configuration Parameter Description Parameter description Command mode Global configuration mode. Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or Usage parameter and related description.
  • Page 406 S2600E CLI Reference Guide Chapter 5 SPAN Configuration Commands Parameter Description Parameter description Command mode Global configuration mode. Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or Usage parameter and related description.
  • Page 407 S2600E CLI Reference Guide Chapter 5 SPAN Configuration Commands Default configuration Parameter Description Parameter description Command mode Any mode. Currently, multiple commands are needed to show the related configuration or status information of one function. The users do not know to use which command to show the main status information of Usage this function.
  • Page 408 S2600E CLI Reference Guide Chapter 5 SPAN Configuration Commands...
  • Page 409 S2600E CLI Reference Guide Chapter 6 RSPAN Configuration Commands RSPAN Configuration Commands Configuration Related Commands 6.1.1 monitor session Use this command to set RSPAN session. Set mirror device attribute: monitor session session_num {remote-destination | remote-source} Set destination mirror: monitor session session-num destination remote vlan vlan-id interface interface-name [switch] Set remote source mirror: monitor session session-num source interface interface-id [rx | tx | both]...
  • Page 410 S2600E CLI Reference Guide Chapter 6 RSPAN Configuration Commands The following example configures the source switch: Ruijie(config)# monitor session 2 remote-source Ruijie(config)# monitor session source interface gigabitEthernet Ruijie(config)# monitor session 2 destination remote vlan 7 interface gigabitEthernet 1/3 switch Examples Ruijie(config)# monitor session 2 destination remote vlan 7 reflector-port interface gigabitEthernet 1/1 switch The following example configures the destination switch:...
  • Page 411 S2600E CLI Reference Guide Chapter 6 RSPAN Configuration Commands Command Description Related commands show vlan Show VLAN information. Platform There is no need to configure the reflector port on the description S2600E series switches. Showing Configuration Example Command 6.2.1 rspan help Use this command to show the typical configuration of rspan modules.
  • Page 412 S2600E CLI Reference Guide Chapter 6 RSPAN Configuration Commands Input 1 to show the configuration example 1: Input 2 to show the configuration example 2:...
  • Page 413 S2600E CLI Reference Guide Chapter 6 RSPAN Configuration Commands Use the language chinese/english command in the privileged mode to switchover the interface between Chinese and English. Command Description Related commands Platform...
  • Page 414 S2600E CLI Reference Guide Chapter 6 RSPAN Configuration Commands description Showing Main Status Command 6.3.1 view rspan Use this command to show the configuration and running status information of the rspan related modules. view rspan Parameter description Command mode Any mode. Currently, multiple commands are needed to show the related configuration or status information of one function.
  • Page 415 S2600E CLI Reference Guide Chapter 6 RSPAN Configuration Commands Platform description...
  • Page 416 Multicast Commands...

  • Page 417: Igmp Snooping

    S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands IGMP Snooping Commands Conf iguration Related Commands 1.1.1 To den y the forwarding of the multicast streams in the range specified by the profile, execute the deny configuration command in the profile configuration ode.
  • Page 418 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands range Configure the multicast address range. 1.1.2 ip i gmp profile This is a mode navigation comm and. Use this command to select a profile and enter the IGMP profile configuration mode. ip igmp profile profile-number o ip igmp p rofile p...
  • Page 419 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands that the switch learns dynamically Default 300s. configuratio Command Global configuration mode. mode When the dynamic routing interfa ce learning function is Usage enabled, this command sets the aging time of the routing interface.
  • Page 420 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands After you execute this command to enable the fast-leave Usage function, the system will remove the corresponding multicast group on the corresponding interface upon the guidelines receipt of the IGMP leave message. The following example shows how to enable the fast leave function on the switch:...
  • Page 421 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands Command Description Related commands ip igmp profile Create a profile. 1.1.6 ip i gmp snooping ivgl To enable IGMP snoop ing and enter the IVGL mode, execute the ip igmp snooping ivgl comman d in the global configuration mode.
  • Page 422 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands 4294967294. Default N/A. Command mode Interface configuration mode. If a maximum number of multicast groups are configured, Usage the device will no longer receive and process IGMP Report messages when the number of multicast groups on this guidelines interface is beyond the range.
  • Page 423 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands disable this function and clear all routing interfaces learnt dynamically. With dynamic routing interface learning function disabled globally, the function of all vlans will be disabled. Beside, with this function enabled globally, if the function of specified vlan is disabled, the dynamic routing interface learning function of the corresponding vlan is disabled.
  • Page 424 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands Apply the IGMP Profile to a multicast preview function. When the user doesn't have access to the multicast streams (namely the user might be filtered by IGMP Usage Snooping filter), it can allow the use r to preview partial guidelines contents.
  • Page 425 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands Usage guidelines The following example sets the multicast preview interval as 100 s econds on th e 100M port of 0/ Examples Ruijie(config)# ip igmp snoop ing preview interval 100 Command Description Related Enable...
  • Page 426 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands Command Description Related Enable the querier ip igmp snoopi ng vlan commands querier function in VLAN 1.1.12 ip i gmp snooping querier address To enable the IGMP querier, you also need to specify a source IP address for query packets.
  • Page 427 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands Command Description Related Enable the sour ce IP ip igmp s nooping vlan querier commands address check in VLAN 1.1.13 ip igmp snooping querier max-response-time To configure the maximum response time advertised in query packets, execute global configuration command...
  • Page 428 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands commands Configure the maximum ip igmp snooping vlan querier response time to query max-response-time packets in VLAN 1.1.14 ip igmp snooping querier query-interval To specify the interval for IGMP querier to send query packets, execute the global configuration command of "ip igmp snooping querier query-interval".
  • Page 429 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands commands ip igmp snooping vlan querier Configure query query-interval interval in VLAN 1.1.15 ip igmp snooping querier timer expiry To specify the expiration timer for non-querier, execute the global configuration command of "ip igmp snooping querier timer expiry". Use no form of this command to restore to the default value.
  • Page 430 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands 1.1.16 ip igmp snooping querier version Currently, the IGMP Snooping querier supports IGMPv1 and IGMPv2. To specify the version, execute the global configuration command of "ip igmp snooping querier version". Use no form of this command to restore to the default setting.
  • Page 431 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands Parameter Description Parameter The aging time of the routing description inerface that the switch learns time dynamically. Default 10s. configuration Command Global configuration mode. mode You can specify the time for the switch to wait for the member join message after receiving the query message.
  • Page 432 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands Parameter description N/A. Default Disabled. Command Global configuration mode. mode The source port check function takes effect globally. Once Usage it is enabled, only the IPMC streams from the specified guidelines port are permitted.
  • Page 433 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands After you execute this command to enable the suppression Usage function, the switch begins to suppress the IGMP v1/v2 guidelines report messages. The following example shows how to enable IGMP snooping suppression on the device: Examples Ruijie(config)# ip igmp snooping suppression Related...
  • Page 434 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands requests of VLAN 10 are sent to port A, IGMP Snooping will create the multicast entry of VLAN 10 and forward the multicast requests to the router port of VLAN 10. 2nd way: Create multicast entries in the default VLAN to which the dot1q-tunnel ports belong, and forward multicast packets in the default...
  • Page 435 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands Default Disabled Command mode Global configuration mode. Use this command to enable or disable the IGMP snooping on the specified vlan. The pim snooping on the specified vlan works only when Usage the igmp snooping configured.
  • Page 436 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands When the source port check function is enabled, only the Usage multicast flows from the routing interface are forwarded, guidelines and other flows will be discarded. The following example demonstrates how to configure a multicast routing interface on the equipment: Examples Ruijie(config)# ip igmp snooping vlan 1 mrout erinterface...
  • Page 437 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands pim-dvmrp Command Description Enable the dynamic routing Related interface learning function on ip igmp snooping commands mrouter learn pim-dvmrp the multicast routing port globally 1.1.24 ip igmp snooping vlan querier To enable the IGMP querier function in VLAN, execute "ip igmp snooping vlan querier"...
  • Page 438 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands 1.1.25 ip igmp snooping vlan querier address To enable the IGMP querier, you also need to specify a source IP address for query packets in the corresponding VLAN. Execute the global configuration command of "ip igmp snooping vlan querier address".
  • Page 439 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands commands ip igmp snooping querier Globally enable address source IP check 1.1.26 ip igmp snooping vlan querier max-response-time To configure the maximum response time advertised in query packets of a specific VLAN, execute the global configuration command of "ip igmp snooping vlan querier max-response-time".
  • Page 440 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands commands Globally configure the ip igmp snooping querier maximum response max-response-time time to query packets. 1.1.27 ip igmp snooping vlan querier query-interval To specify the interval for IGMP querier to send query packets of a specific VLAN, execute the global configuration command of "ip igmp snooping vlan querier query-interval".
  • Page 441 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands commands ip igmp snooping querier Globally configure the query-interval query interval 1.1.28 ip igmp snooping vlan querier timer expiry To specify the expiration timer for non-querier, execute the global configuration command of "ip igmp snooping vlan querier timer expiry". Use no form of this command to restore to the default value.
  • Page 442 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands commands Globally configure ip igmp snooping querier non-querier expiration timer expiry timer 1.1.29 ip igmp snooping vlan querier version Currently, the IGMP Snooping querier supports IGMPv1 and IGMPv2. To specify the version for a specific VLAN, execute the global configuration command of "ip igmp snooping vlan querier version".
  • Page 443 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands 1.1.30 ip igmp snooping vlan static interface Once IGMP snooping is enabled, a port can receive a certain multicast frame without being afftected by various IGMP messges by executing the ip igmp snooping vlan static interface command in the global configuration mode.
  • Page 444 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands Parameter N/ A description The forwarding of the multicast streams in the range Default specified by the profile is denied. Command mode Profile configuration mode. First, configure the multicast range using the range Usage command in the profile configuration mode.
  • Page 445 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands Command mode Profile configuration mode. You can specify a behavior after configuring the address Usage range, for example deny by default. In addition, the profile must be applied to the interface in order to make the profile guidelines configuration take effect.
  • Page 446 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands 1.2.2 debug igmp-snp Use the following commands to turn on igmp service debug switch. The no form of this command closes debug switch. debug igmp-snp debug igmp-snp event debug igmp-snp packet debug igmp-snp msf debug igmp-snp warning undebug igmp-snp...

  • Page 447: Show Ip Igmp Snooping

    S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands Parameter Description Show configuration information of Parameter none all profiles. description Show configuration information of profile-number the designated profile. Command Privileged EXEC mode. mode Ruijie(config-if)# show ip igmp profile Profile Examples Permit range 224.0.1.0, 239.255.255.255...
  • Page 448 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands The following example demonstrates how to process 100 multicast group on the interface fa0/1: Ruijie(config-if)# ip igmp snooping gda-table Abbr:M - mrouter D – dynamic Examples S – static VLAN Address Member ports ------------------------------------------- 233.3.3.3...
  • Page 449 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands Example3: Example4:...
  • Page 450 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands...
  • Page 451 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands Note: Use the language chinese/english command in privileged EXEC mode to switchover the interface between Chinese/English. Command Description Related...
  • Page 452 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands commands Show the configuration and main status information of view igmp-snooping igmp-snooping modules. Showing Example Commands 1.4.1 ip igmp snooping help (global configuration mode) Use this command to show the example information of the command beginning with the keyword ip igmp snooping.
  • Page 453 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands main status information of igmp-snooping modules. 1.4.2 ip igmp snooping help (interface configuration mode) Use this command to show the example information of the command beginning with the keyword ip igmp snooping. ip igmp snooping help Parameter Description...
  • Page 454 S2600E/P CLI Reference Guide Chapter 1 IGMP Snooping Commands Showing Main Status Commands 1.5.1 view igmp-snooping Use this command to show the configuration and main status information of the igmp-snooping modules. view igmp-snooping Parameter Description Parameter description Command Any mode. mode Example Command...

  • Page 455: Mld Snooping

    S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands MLD Snooping Commands Conf iguration Related Commands 2.1.1 6 mld profile The MLD profile is used to set a serie s of the group filter. Before entering the profile mode, a profile must be configu red in the global configuration mode.
  • Page 456 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands Command Description Set the profile multicast address range lated range. commands deny Set the profile action deny. permit Set the profile action permit. 2.1.2 Use this command to specify the profile mult icast flow range, which can be one single multicast address, or can be the multicast a ddress within the specified...
  • Page 457 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands ipv6 mld profile Create one profile. deny Set the profile action deny. permit Set the profile action permit. 2.1.3 deny se this comm prevent the multicast flow profile within the specified rang e from be ing forwarded in the profile configuration mode.
  • Page 458 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands Parameter Description Paramete descriptio Default The default profile action is deny. Settings Command Profile configuration mode. mode Usage Before configuring this command, use the range command to set the multicast ran ge first.
  • Page 459 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands Command mode lobal configuration mode. In this mo de, the multicast flow between the VLANs are independent. The host can only request for receiving the Usage multicast flow from the route port in the same VLAN. When receiving the multicast flow from any VLAN, the guidelines switch forwards them to the member...
  • Page 460 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands 2.1.7 6 mld snooping query-max-response-time Use this command to set t the maximum response time of the MLD general query packet. Use th e no form of this com mand to resto re it to the default value.
  • Page 461 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands 2.1.8 ipv6 mld snooping vla se this comm and to enable the mld sn ooping function for the specified vlan. Use the no form of this command to disable this function. ipv6 mld snooping vlan vid o ipv6 m ld snooping vlan vid...
  • Page 462 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands Command mode Global configuration mode. The mrouter interface is the interface of the multicast device connected with the peer device. By default, the dynamically-learned mroute interface is enabled on the layer-2 multicast device. Use the no option to disable this function clear dynamically-learned...
  • Page 463 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands Command mode Global configuration mode. Use this command to set the static mrouter interface for the purpose that all IPv6 multicast data received on the Usage switch can b e forwarded. With the source port check guidelines function enabled, only the multicast flow through the mroute interface...
  • Page 464 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands Usage Use this command to set the interface as the member port guidelines of multiple s tatic multicast addresses. he followi ng example shows how to set the interface fastEthernet 0/1 as the static member port of the FF88::1 Examples group: Ruijie(config)#...
  • Page 465 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands 2.1.13 ipv6 mld snoopin s pp ression enable Use this command to enable the mld snooping suppression in the global onfigurat ion mode. Use the no form of this command to disable this function. pv6 mld sn ooping suppression enable no ipv6 mld snooping suppression enable...
  • Page 466 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands Parameter Description Parameter description Default Settings Command Global config uration mode. mode The MLD Snooping source port check function is to limit the MLD multicast flow through the interace strictly. With the source port check disabled, all video flow are illegal and forwarded to the registered member port according to the MLD Snooping forwarding list.
  • Page 467 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands Default Settings N/A. Command mode Interface configuration mode. You can configure an MLD Profile on an interface. If the MLD Report packets are received on the in terface, the layer-2 device will determine whether the multicast Usage guidelines...
  • Page 468 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands With this command configured, when the group number Usage exceeds the specified range on the interface, the switch guideline will not receive and deal with the MLD Report packets. The following example shows how to set the maximum 100 multicast group on the interface fastEthernet 0/1: Examples...
  • Page 469 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands ndebug mld Parameter Description Parameter description Default N/A. Settings Command mode Privileged EXEC mode. Usage Use this command to enable the mld service debugging guidelines tch. The following example shows how to enable the mld service debugging switch: Examples Ruijie# debug mld-snp...
  • Page 470 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands Default Settings N/A. Command mode Privileged EXEC mode. Usage Use this command to show the related mld snooping information. guidelines...
  • Page 471 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands The following example shows the mld snooping configurations using the show ipv6 mld snooping command: Ruijie# show ipv6 mld snooping MLD-snooping mode : IVGL SVGL vlan-id SVGL profile number Source check port : Disabled Query max respone time : 10(Seconds) The following example shows the mrouter interface of the mld...
  • Page 472 S2600E/P CLI Reference Guide Chapter 2 MLD Snooping Commands 2.2.2 show ipv6 mld profile Use this command to show the related MLD profile configurations. show ipv6 mld profile [profile-number] Parameter Description Show the configurations of all profiles. Parameter description Show configuration profile-number specified profile.

  • Page 473: Controllable Multicast

    S2600E/P CLI Reference Guide Chapter 3 Controllable Multicast Commands Controllable Multicast Commands Conf iguration Related Command 3.1.1 ip multicast control se this comm and to enable the IPv4 controllable multicast on the device. ip multicast control Parameter Description Parameter description Default Disable Command...
  • Page 474 S2600E/P CLI Reference Guide Chapter 3 Controllable Multicast Commands Parameter Description Parameter description Disabled. Default Command mode Global configuration mode. Usage guideline Examples Ruijie(config)# ipv6 multicast control Command Description Related Show IPv6 controllable show ipv6 multicast commands contr multicast users. Show ing Related Comman 3.2.1...
  • Page 475 S2600E/P CLI Reference Guide Chapter 3 Controllable Multicast Commands The following example shows the IPv4 controllable multicast users. Ruijie#show ip multicast control ip multicast-control : enable Interface IpGroup Examples ---- -------- ------------ Gi3/1 224.1.1.1 224.1.1.2 ..Gi3/2 224.1.1.1 Command Description Related show ipv6...
  • Page 476 S2600E/P CLI Reference Guide Chapter 3 Controllable Multicast Commands The following example shows the IPv6 controllable multicast users. Ruijie#show ipv6 multicast control ipv6 multicast-control : enable Interface Ipv6Group Examples ---- ----------- -------------- Gi3/1 FF02::1:FF00:1 FF02::1:FF00:2 ....Gi3/2 FF02::1:FF00:4 Command Description Related show Show the IPv4 controllable multicast...
  • Page 477 Security...
  • Page 478 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Configuration Commands 1.1 ID Authentication Related Command 1.1.1 aaa authentication dot1x Use this command to enable AAA authentication 802.1x and configure the 802.1x user authentication method list. The no form of this command is used to delete the 802.1x user authentication method list.
  • Page 479 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Command mode Global configuration mode. If the AAA 802.1x security service is enabled on the device, users must use AAA for 802.1x user authentication negotiation. You must use aaa authentication dot1x to Usage configure a default or optional method list for 802.1x user guidelines...
  • Page 480 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands table. One method list can contain up to four methods. Keyword Description local Use the local user name database for authentication. none Do not perform authentication. group Use the server group for authentication. At present, the RADIUS and TACACS+ server groups are supported.
  • Page 481 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands 1.1.3 aaa authentication login Use this command to enable AAA Login authentication and configure the Login authentication method list. The no form of this command is used to delete the authentication method list. aaa authentication login {default | list-name} method1 [method2...] no aaa authentication login {default | list-name} Parameter...
  • Page 482 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands following example defines Login authentication method list named list-1. authentication method list, first the RADIUS security server is used for authentication. If the RADIUS security server Examples does not respond, the local user database is used for authentication.
  • Page 483 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Default Command mode Global configuration mode. If the AAA PPP security service is enabled on the device, users must use AAA for PPP authentication negotiation. You must use aaa authentication ppp to configure a Usage default or optional method list for PPP user authentication.
  • Page 484 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Default Command mode Line configuration mode. Once the default login authentication method list has been configured, it will be applied to all the terminals automatically. If non-default login authentication method Usage list has been applied to the terminal, it will replace the guidelines default one.
  • Page 485 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands aaa authorization commands level {default | list-name} method1 [method2...] no aaa authorization commands level {default | list-name} Parameter Description level Command level to be authorized, 0-15. When this parameter is used, the following defined default method list is used as the default method for command authorization.
  • Page 486 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands group tacacs+ Command Description Related Enable the AAA security service. aaa new-model commands authorization Apply the command authorization for to commands the terminal line. 1.2.2 aaa authorization config-commands Use this command to authorize the configuration commands (including in the global configuration mode and its sub-mode ).
  • Page 487 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands commands 1.2.3 aaa authorization console Use this command to authorize the commands of the users who has logged in the console. The no form of this command is used to disable the authorization function. aaa authorization console no aaa authorization console Parameter...
  • Page 488 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands 1.2.4 aaa authorization exec Use this command to authorize the users logged in the NAS CLI and assign the authority level. The no form of this command is used to disable the aaa authorization exec function. aaa authorization exec {default | list-name} method1 [method2...] no aaa authorization exec {default | list-name} Parameter...
  • Page 489 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Ruijie(config)# aaa authorization exec default group radius Command Description aaa new-model Enable the AAA security service. Related Apply the command authorization to authorization commands the terminal line . exec username Define a local user database. 1.2.5 aaa authorization network...
  • Page 490 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Three different authorization methods can be specified. Like authorization, the next method can be used for authorization only when the current authorization method does not work. If the current authorization method fails, other subsequent authorization method is not used.

  • Page 491: Aaa Authorization Exec

    S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Command mode Line configuration mode. Once the default command authorization method list has been configured, it is applied to all terminals automatically. Once the non-default command authorization method list Usage has been configured, it is applied to the line instead of the guidelines default method list.
  • Page 492 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Parameter Description Parameter default Use the default method of Exec authorization. description Apply defined method list Exec list-name authorization. Default Disabled. Command Line configuration mode. mode Once the default execauthorization method list has been configured, it is applied to all terminals automatically.
  • Page 493 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands 1.3 Accounting Related commands At present, Ruijie supports network accounting using RADIUS. 1.3.1 aaa accounting commands Use this command to account users in order to count the network access fees or manage user activities.
  • Page 494 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands command; otherwise it is ineffective. The following example performs accounting of the network service requests from users using TACACS+, and configures the accounting command level to 15: Examples Ruijie(config)# accounting commands default start-stop group tacacs+ Command...
  • Page 495 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Command mode Global configuration mode. RGOS enables the exec accounting function after enabling the login authentication. After enabling the accounting function, it sends the account start information to the security server when the users log in the NAS CLI, and sends the account stop information to the security server when the users log out.
  • Page 496 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Perform accounting of resource related resource service requests. list-name Name of the accounting method list start-stop Send accounting messages at both the start time and the end time of access. Users are allowed to access the network, no matter whether the start accounting message...
  • Page 497 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands no aaa accounting update Parameter description N/A. Default Disabled. Command mode Global configuration mode. If the AAA security service is not enabled, the accounting Usage update function cannot be used. This command is used to guidelines set the accounting interval if the AAA security service has been enabled.

  • Page 498: Accounting Commands

    S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Default 5 minutes. Command mode Global configuration mode. If the AAA security service is not enabled, the accounting Usage update function cannot be used. This command is used to guidelines set the accounting interval if the AAA security service has been enabled.
  • Page 499 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Command mode Line configuration mode. Once the default command accouting method list has been configured, it is applied to all terminals automatically. Once the non-default command accounting method list has been Usage configured, it is applied to the line instead of the default guidelines...
  • Page 500 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands list-name Use a defined Exec accouting method list. Default Disabled. Command mode Line configuration mode. Once the default exec accouting method list has been configured, it is applied to all terminals automatically. Once the non-default exec accounting method list has been Usage configured, it is applied to the line instead of the default...
  • Page 501 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands 1.4.1 aaa domain Use this command to configure the domain attributes.The no form of this command is used to remove the setting. aaa domain {default | domain-name} no aaa domain {default | domain-name} Parameter Description Parameter...
  • Page 502 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands 1.4.2 aaa domain enable Use this command to enable domain-name-based AAA service, which is disabled by default. The no form of this command is used to disable the service. aaa domain enable no aaa domain enable Parameter N/A.
  • Page 503 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Default By default, no number of users is limited. Command mode Domain configuration mode. Usage guidelines This command limits the number of users for the domain. The following example sets the number of users as 20 for the domain named ruijie.com.

  • Page 504: Authentication Dot1X

    S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Usage Use this command to configure the Network accounting guidelines method list for the specified domain. The following example sets the Network accounting method list for the specified domain. Examples Ruijie(config)# aaa domain ruijie.com Ruijie(config-aaa-domain)# accounting network default Command Description...
  • Page 505 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands method list for the specified domain. Ruijie(config)# aaa domain ruijie.com Ruijie(config-aaa-domain)# authentication dot1x default Command Description aaa new-model Enable the AAA security service. Related Enable the domain-name-based commands aaa domain enable AAA service.
  • Page 506 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Command Description aaa new-model Enable the AAA security service. Related Enable the domain-name-based commands aaa domain enable AAA service. show aaa domain Show the domain configuration. 1.4.7 show aaa domain Use this command to show all current domain information show aaa domain [default | domain-name] Parameter Description...
  • Page 507 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands commands Enable the AAA security service. aaa new-model Enable the domain-name-based aaa domain enable AAA service. 1.4.8 state Use this command to set whether the configured domain is valid. The no form of this command restore it to the default setting.
  • Page 508 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands 1.4.9 username-format Use this command to configure the user name whether to be with the domain information when the NAS interacts with the servers. The no form of this command restores it to the default setting.
  • Page 509 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands 1.5 AAA Server Group Commands 1.5.1 aaa group server Use this command to configure the AAA server group. The no form of this command is used to delete the server group. aaa group server {radius | tacacs+} name no aaa group server {radius | tacacs+} name Parameter...
  • Page 510 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Parameter Description ip-addr IP address of the server Parameter description port1 Authentication port of the server port2 Accounting port of the server Default No server is configured. Command Server group configuration mode. mode Usage Add a server to the specified server group.
  • Page 511 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Parameter description N/A. Default N/A. Command mode Privileged EXEC mode. Usage N/A. guidelines The following example shows all the server groups configured for AAA. Ruijie# show aaa group Group Name: ss Group Type: radius Examples Referred:...
  • Page 512 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Command mode Global configuration mode. Usage guidelines Use this command to configure login attempt times. Ruijie #configure terminal Examples Ruijie (config)#aaa local authentication attempts 6 Command Description show Show the current configuration of the Related running-config switch.
  • Page 513 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Command Description show Show the current configuration of the Related running-config switch. commands show Show lockout configuration lockout parameter of current login. 1.6.3 aaa new-model Use this command to enable the RGOS AAA security service. The no form of this command is used to disable the AAA security service.
  • Page 514 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands 1.6.4 clear aaa local user lockout Use this command to clear the lockout user list. clear aaa local user lockout {all | user-name <word>} Parameter Description Parameter description word User ID. N/A.
  • Page 515 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands 1.6.6 show aaa method-list Use this command to show all AAA method lists. show aaa method-list Parameter description N/A. N/A. Default Command mode Privileged EXEC mode. Usage Use this command to show all AAA method lists. guidelines The following example shows the AAA method list.
  • Page 516 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands show aaa local user lockout {all | user-name <word>} Parameter Description Parameter description word User ID. Default N/A. Command mode Privileged EXEC mode. Usage Use this command to show the lockout user list and show guidelines how long the lockout-time is.
  • Page 517 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands guidelines realized by executing the single command one by one. As for the configuration and deployment of the specific functional module, current presentation of the CLI lacks some replicable typical configuration examples, therefore, users can only obtain the configuration help by other means(such as reading related manuals and going to our frontline engineers for help)
  • Page 518 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands language chinese/english command in the global configuration mode to switchover the interface between Chinese/English. Command Description Related Show main status commands view aaa configuration information modules. Platform Supported by switch products only. description 1.8 Showing Example Commands...
  • Page 519 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines description of keywords, so they do not know how to continue the configuration in order to complete the...
  • Page 520 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands modules. Platform Supported by switch products only. description 1.8.2 aaa authentication help Use this command to display the example information of the command beginning with the keyword aaa authentication. aaa authentication help Parameter Description Parameter...
  • Page 521 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Command Description Related Show main status commands view aaa configuration information modules. Platform description Supported by switch products only. 1.8.3 aaa authorization help Use this command to display the example information of the command beginning with the keyword aaa authorization.
  • Page 522 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Examples the language chinese/english command in the global configuration mode to switchover the interface between Chinese/English. Command Description Related Show main status commands view aaa configuration information modules. Platform description Supported by switch products only. 1.8.4 aaa accounting help Use this command to display the example information of the command beginning with the...
  • Page 523 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands keyword or parameter and related description. However, users may not understand the meaning about the description of keywords, so they do not know how to continue the configuration in order to complete the configuration task.
  • Page 524 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Default Command mode Line configuration mode. Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines...
  • Page 525 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands view aaa Parameter Description Parameter description Default Command Any mode. mode Currently, multiple commands are needed to show the related configuration or status information of one function. The users do not know to use which command to show the main status information of this function.
  • Page 526 S2600E CLI Reference Guide Chapter 1 AAA Configuration Commands Platform description Supported by switch products only.
  • Page 527 S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands RADIUS Configuration Commands 2.1 Configuration Related Commands 2.1.1 ip radius source-interface Use this command to specify the source IP address for the RADIUS packets. Use the no form of this command to delete the source IP address for the RADIUS packet. ip radius source-interface interface no radius source-interface Parameter...
  • Page 528 S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands Ruijie(config)# ip radius source-interface fastEthernet Command Description radius-server Related Define the RADIUS server. host commands Configure the IP address of the ip address interface. 2.1.2 radius-server attribute 31 Use this command to specify the MAC-based format of RADIUS Calling-Station-ID attribute in the global configuration mode.
  • Page 529 S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands The following example shows how to define the RADIUS Calling-Station-ID attribute as IETF format: Examples Ruijie(config)# radius-server attribute 31 mac format ietf Command Description Related radius-server commands Define the RADIUS server. host 2.1.3 radius-server host...
  • Page 530 S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands (Optional) Set the interval of sending the test packets to the reachable RADIUS security server, which is 60 idle-time time minutes by default and in the range of 1 to 1440 minutes (namely 24 hours). (Optional) Disable the detection to the authentication port on the RADIUS ignore-auth-port...
  • Page 531 S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands Define a shared password for the radius-server RADIUS security server. radius-server Define the number of RADIUS packet retransmit retransmissions. radius-server Define the timeout for the RADIUS timeout packet. 2.1.4 radius-server key Use this command to define a shared password for the network access server (device) to communicate with the RADIUS security server.
  • Page 532 S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands Define the number of RADIUS packet radius-server retransmissions. retransmit radius-server Define the timeout for the RADIUS timeout packet. 2.1.5 radius-server retransmit Use this command to configure the number of packet retransmissions before the device considers that the RADIUS security server does not respond.
  • Page 533 S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands 2.1.6 radius-server timeout Use this command to set the time for the device to wait for a response from the security server after retransmitting the RADIUS packet. The no format of this command is used to restore it to the default setting.
  • Page 534 S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands Parameter Description Configure the timeout value. If the device does not receive a correct response packet from the Radius server time seconds within the specified time, the Radius server is considered to be unreachable. Parameter The value is in the range of 1s to 120s.
  • Page 535 S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands 2.1.8 radius-server deadtime The global configuration command is used to configure the duration when a device stops sending any requests to an unreachable Radius server. The no form of this command is used to recover the default value.
  • Page 536 S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands no radius attribute {id |down-rate-limit | dscp | mac-limit | up-rate-limit} vendor-type Parameter Description Parameter Function ID in the range 1 to 255 description type Private attribute type Only the default configuration of private attributes in Ruijie is recognized. Function Type max down-rate...
  • Page 537 S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands user ip vlan-id. version to client net ip user name password file-directory file-count file-name-0 file-name-1 file-name-2 file-name-3 file-name-4 max up-rate version to server flux-max-high32 flux-max-low32 proxy-avoid dailup-avoid ip privilege login privilege limit to user number Command mode...
  • Page 538 S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands server as the cos value of the interface. 2.1.10 radius set qos cos Use this command to set the qos value sent by the RADIUS server as the cos value of the interface.

  • Page 539: Debug Radius

    S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands Parameter description N/A. Default Only the private vendor IDs of Ruijie are recognized. Command mode Global configuration mode. Usage Use this command to identify the attributes of all vendor IDs by type. guidelines The following example extends RADIUS not to differentiate Examples...
  • Page 540 S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands 2.2.2 show radius server Use this command to show the configuration of the RADIUS server. show radius server Parameter description N/A. N/A. Default Command mode Privileged EXEC mode. Usage guidelines N/A. Ruijie# show radius server erver IP: 192.168.4.12...
  • Page 541 S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands Dead: total time 0s, count 0 Statistics: Authen: request 0, timeouts 0 Author: request 0, timeouts 0 Account: request 20, timeouts 0 Command Description Define the RADIUS security radius-server host server. radius-server Define the number of RADIUS Related...

  • Page 542: Show Radius

    S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands Command Description radius-server Define the RADIUS security server. host radius-server Define the number of RADIUS packet Related retransmit retransmissions. commands radius-server Define a shared password for the RADIUS server. Define packet transmission radius-server timeout.
  • Page 543 S2600E CLI Reference Guide Chapter 2 RADIUS Configuration Commands file-directory file-count file-name-0 file-name-1 file-name-2 file-name-3 file-name-4 max-up-rate current-supplicant-v 17 ersion flux-max-high32 flux-max-low32 proxy-avoid dialup-avoid ip-privilege login-privilege ipv6-multicast-addre 79 ipv4-multicast-addre 87 Command Description radius-server Define the RADIUS security server. host radius-server Define the number of RADIUS packet Related retransmit...
  • Page 544 S2600E CLI Reference Guide Chapter 3 TACACS+ Configuration Commands TACACS+ Configuration Commands 3.1 Related Commands of TACACS+ Configuration 3.1.1 aaa group server tacacs+ Use this command to configure TACACS+ group server, dividing different TACACS+ servers to the different groups. aaa group server tacacs+ group-name no aaa group server tacacs+ group-name Parameter Description...
  • Page 545 S2600E CLI Reference Guide Chapter 3 TACACS+ Configuration Commands Command Description Configure server list of TACACS+ Related server server group. commands ip vrf Configure VRF name supported by TACACS+ server group. forwarding 3.1.2 server(TACACS+) Use this command to configure server address in TACACS+ group server. server ip-address no server ip-address Parameter...
  • Page 546 S2600E CLI Reference Guide Chapter 3 TACACS+ Configuration Commands Command Description aaa group Related Configure TACACS+ server group. server tacacs+ commands ip vrf Configure VRF name supported by TACACS+ server group. forwarding 3.1.3 ip tacacs source-interface Use this command to configure the source address of TACACS+ packet: ip tacacs source-interface interface no ip tacacs source-interface Parameter...
  • Page 547 S2600E CLI Reference Guide Chapter 3 TACACS+ Configuration Commands commands tacacs-server Define TACACS+ server. host ip address Configure ip address of the interface. 3.1.4 tacacs-server host Use this command to configure IP address of TACACS+ server host: tacacs-server host {ip-address | ipv6-address} [port integer] [timout integer] [key string] no tacacs-server host {ip-address | ipv6-address} Parameter Description...
  • Page 548 S2600E CLI Reference Guide Chapter 3 TACACS+ Configuration Commands Command Description Define AAA identity authentication authentication method list. Related tacacs-server Define shared password commands TACACS+ secure server globally. tacacs-server Define timeout timer of reply packet of timeout TACACS+ server globally. 3.1.5 tacacs-server key Use this command to configure global password of TACACS+ :...
  • Page 549 S2600E CLI Reference Guide Chapter 3 TACACS+ Configuration Commands TACACS+ secure server as aaa: Ruijie(config)# tacacs-server key aaa Command Description Define TACACS+ secure server Related tacacs-server host host. commands Define timeout timer tacacs-server TACACS+ packet. timeout 3.1.6 tacacs-server timeout Use this command to configure the global timeout time waiting for the server when communicatin with TACACS+ server : tacacs-server timeout seconds no tacacs-server timeout...
  • Page 550 S2600E CLI Reference Guide Chapter 3 TACACS+ Configuration Commands Command Description tacacs-server Related Define TACACS+ secure server host. host commands tacacs-server Define shared password TACACS+. 3.2 TACACS+ Privileged Command 3.2.1 debug tacacs+ Use this command to turn on the TACACS+ debugging switch. The no form of this command turns off the TACACS+ debugging switch.
  • Page 551 S2600E CLI Reference Guide Chapter 3 TACACS+ Configuration Commands Usage Use this command to show the interoperation condition guidelines with each TACACS+ server. Ruijie# show tacacs Tacacs+ Server : 172.19.192.80/49 Socket Opens: 0 Examples Socket Closes: 0 Total Packets Sent: 0 Total Packets Recv: 0 Reference Count: 0 Command...
  • Page 552 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands 802.1X Configuration Commands 4.1 dot1x Active Authentication Command 4.1.1 dot1x auto-req Use this command to configure 802.1X active authentication function in the global configuration command. The no form of this command disables the automatic authentication function.
  • Page 553 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands commands Show the automatic authentication show dot1x request information. auto-req 4.1.2 dot1x auto-req packet-num Use this command to set the number of authentication request messages that the device automatically sends. The no form is used to specify the default value. dot1x auto-req packet-num num no dot1x auto-req packet-num Parameter...
  • Page 554 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands 4.1.3 dot1x auto-req req-interval Use this command to set the interval of sending authentication request messages. The no form is used to specify the default value. dot1x auto-req req-interval interval no dot1x auto-req req-interval Parameter Description Parameter...

  • Page 555: Dot1X Timeout

    S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands no dot1x auto-req user-detect Parameter description N/A. Default Enabled. Command mode Global configuration mode. Usage Use the show dot1x auto-req command to view the guidelines setting of this function. The following example sets the device to stop sending authentication request messages after the user gets on line: Ruijie# configure terminal...
  • Page 556 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Parameter Description Time (in seconds) for the device to wait Parameter before reauthentication after description seconds authentication failure The range is from 0 to 65535, in seconds. Default 10 seconds. Command mode Global configuration mode.
  • Page 557 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands no form of the command to restore it to the default value. dot1x timeout re-authperiod seconds no dot1x timeout re-authperiod Parameter Description Parameter Period of authentication. The range is description seconds from 0 to 65535 seconds.
  • Page 558 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands 4.2.3 dot1x timeout server-timeout Use this command to set the authentication timeout between the device and the authentication server. Use the no form of the command to restore it to the default setting. dot1x timeout server-timeout seconds no dot1x timeout server-timeout Parameter...
  • Page 559 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Command Description Related commands show dot1x Show the information about 802.1x. 4.2.4 dot1x timeout supp-timeout Use this command to set the authentication timeout between the device and the supplicant. Use the no form of the command to restore it to the default setting. dot1x timeout supp-timeout seconds no dot1x timeout supp-timeout Parameter...
  • Page 560 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Client Oline Probe: Disabled Eapol Tag Enable: Disabled Authorization Mode: Group Server Command Description Related commands show dot1x Show the information about 802.1x. 4.2.5 dot1x timeout tx-period Use this command to set the interval of transmitting packets after the maximum number of retransmission times is configured.
  • Page 561 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Re-authen Max: 3 times Maximum Request: 3 times Filter Non-RG Supp: Disabled Client Oline Probe: Disabled Eapol Tag Enable: Disabled Authorization Mode: Group Server Command Description Related commands show dot1x Show the information about 802.1x. 4.3 dot1x Re-authentication Commands 4.3.1...
  • Page 562 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Command Description Related commands Show the information about 802.1x. show dot1x 4.3.2 dot1x re-authentication Use this command to enable periodic re-authentication. Use the no form of the command to restore it to the the default setting. [no] dot1x re-authentication Parameter N/A.
  • Page 563 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Authorization Mode: Group Server Command Description Related commands show dot1x Show the information about 802.1x. 4.3.3 dot1x reauth-max Use this command to set the maximum number of supplicant reauthentication. Use the no form of the command to restore it to the default value.
  • Page 564 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Client Oline Probe: Disabled Eapol Tag Enable: Disabled Authorization Mode: Group Server Command Description Related commands show dot1x Show the information about 802.1x. 4.4 dot1x Detection Function Commands 4.4.1 dot1x probe-timer Use this command to enable the probe timer on the client.
  • Page 565 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Command Description Related Show dot1x commands Show the probe timer information. probe-timer 4.4.2 dot1x client-probe enable Use this command to enable the online probe function of the client [no] dot1x client-probe enable Parameter N/A.

  • Page 566: Dot1X Authentication

    S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands commands Show the 802.1x configurations. show dot1x 4.5 Other dot1x Configuration Commands 4.5.1 dot1x authentication In case the AAA is enabled, the authentication with the AAA server must be performed for logon.
  • Page 567 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Command Description aaa new-model Enable the AAA security service. Related commands Configure the logon authentication authentication method list. dot1x 4.5.2 dot1x auth-address-table Use this command to set the IP address list that 802.1X authentication allows. Use the no form of the command to remove the allowed IP address list.
  • Page 568 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands 4.5.3 dot1x auth-fail max-attempt Use this command to set the maximum attempt times of entering the fail VLAN. dot1x auth-fail max-attepmt num no dot1x auth-fail max-attempt Parameter Description Parameter maximum attempt times description entering the fail VLAN, ranging from 1...
  • Page 569 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Default No fail VLAN by default. Command mode Interface configuration mode. Usage Use show dot1x interface command to show the guidelines configurations. The following example demonstrates how to set the 802.1X authentication fail vlan. Ruijie# configure terminal Examples Ruijie(config)# interface fa 0/1...

  • Page 570: Dot1X Critical

    S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands This example shows how to configure the 802.1X authentication mode: Ruijie# configure terminal Examples Ruijie(config)# dot1x auth-mode chap Ruijie(config)# end Ruijie# Command Description Related commands show dot1x Show the information about 802.1x. 4.5.6 dot1x critical If all RADIUS authentication servers have no response and no other methods are configured in...
  • Page 571 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands request. With the AAA multi-domain authentication enabled globally, the 802.1x user authentication will not use the globally configured method list. After all RADIUS servers in the 802.1x globally configured method list are checked to be invalid, the IAB will directly send the successful authentication to the user with no need to enter the username, the AAA multi-domain authentication on this...

  • Page 572: Dot1X Critical Vlan

    S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands need to reinitialize the authentication for all users that have accomplished the network access authorization through the inaccessible authentication bypass on ports in order to ensure the user legality. Ruijie# configure terminal Enter configuration commands, one per line.

  • Page 573: Dot1X Default

    S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Ruijie# configure terminal Enter configuration commands, one per line. End with CNTL/Z. Examples Ruijie(config)# interface fa 0/10 Ruijie(config-if)# dot1x port-control auto Ruijie(config-if)# dot1x critical vlan 100 Ruijie(config-if)# end Command Description Related commands 4.5.9 dot1x default...
  • Page 574 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands 4.5.10 dot1x dynamic-vlan enable Use this command to enable dynamic VLAN. Use the no form of the command to disable the function. dot1x dynamic-vlan enable no dot1x dynamic-vlan enable Parameter N/A. description Default Disabled.
  • Page 575 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Default Disabled. Command mode Interface configuration mode. Before using guest vlan, you need to execute dot1x dynamic-vlan enable command first,or the configured guest vlan does not take effect. Usage When configuring guest vlan, it is recommended not guidelines to modify L2 attribute of the port, especially not to add the port to a VLAN manually.
  • Page 576 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Command mode Global configuration mode. Usage Use the show dot1x command to show the 802.1X guidelines configuration. The following example tags the EAPOL frames: Ruijie# configure terminal Examples Ruijie(config)# dot1x eapol-tag Ruijie(config)# end Ruijie# Command...
  • Page 577 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Command Description Related show dot1x Show the information about 802.1x on commands port-control the interface . interface 4.5.14 dot1x mac-auth-bypass timeout-activity Use this command to set the 802.1x MAC bypass authenticastion online time. dot1x mac-auth-bypass timeout-activity value no dot1x mac-auth-bypass timeout-activity Parameter...
  • Page 578 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands 4.5.15 dot1x mac-auth-bypass violation Use this command to set the 802.1x MAC bypass authentication violation. dot1x mac-auth-bypass violation no dot1x mac-auth-bypass violation Parameter N/A. description Default No violation is processed by default. Command mode Interface configuration mode.
  • Page 579 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Command Global configuration mode. mode With this function enabled, the user that has passed the Usage 802.1x authentication is permitted to move to other ports. If guidelines this function is disabled, the user can not access the network after moving to the new port.
  • Page 580 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands The following example demonstrates how to set the maximum number of authentication requests to 7: Ruijie# configure terminal Examples Ruijie(config)# dot1x max-req 7 Ruijie(config)# end Ruijie# Command Description Related commands show dot1x Show the information about 802.1x.
  • Page 581 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Ruijie# Command Function Related show dot1x Show the information about commands private-supplicant-only the private supplicant. 4.5.19 dot1x port-control auto In the interface configuration mode, use this command to allow the port to participate in authentication.
  • Page 582 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands 4.5.20 dot1x port-control-mode By default, 802.1x adopts MAC address-based control mode. In this mode, only authenticated users have access to the network, while other users that connect to the same port cannot access the network.
  • Page 583 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Ruijie(config-if)# dot1x port-control-mode port-based Ruijie(config-if)# end Ruijie# The following example sets 802.1x authentication of single user port: Ruijie(config)# interface g 0/1 Ruijie(config-if)# dot1x port-control auto Ruijie(config-if)# dot1x port-control-mode port-based single-host Ruijie(config-if)# end Ruijie# Command Description...
  • Page 584 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Command Global configuration mode. mode This command must configured before user Usage authentication. Otherwise, you need re-authenticate all the guidelines users. The following example prevents the user from transiting from 802.1X port to other port: Ruijie# configure terminal Examples Ruijie(config)# dot1x stationarity enable...
  • Page 585 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands ruijie.net/web: Ruijie# configure terminal Ruijie(config)# dot1x redirect url http://ruijie.net/web Command Description dot1x redirect Set the specific destination port and special redirect the web request for the tcp-destination destiantion IP. port Related dot1x redirect Set the timeout time maintaining the commands...
  • Page 586 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Ruijie(config)# dot1x redirect for special tcp-destination port 8443 Command Description dot1x redirect Set the redirect url address. Set the timeout time maintaining the dot1x redirect Related redirect connection. time-out commands dot1x redirect Set the allowed number of redirect special connection of the same source.
  • Page 587 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands dot1x redirect Set the specific destination port and special redirect the web request for the tcp-destination destiantion IP. port dot1x redirect Set the allowed number of redirect special connection of the same source. source-ip show dot1x Show the dot1x redirection information.

  • Page 588: Show Dot1X

    S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands tcp-destination destiantion IP. port dot1x redirect Set the timeout time maintaining the time-out redirect connection. Show the dot1x redirection information. show dot1x 4.6 Show Related Commands 4.6.1 show dot1x Use this command to display the information about 802.1x setting. show dot1x Parameter description...
  • Page 589 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Ruijie# Command Description dot1x auth-mode Set the 802.1x authentication mode. Set the maximum number of dot1x max-req authentication request retransmissions. Set the port to participate in dot1x authentication. port-control auto dot1x Set the maximum number of the reauth-max supplicant re-authentications.
  • Page 590 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Command mode Privileged mode. Usage guidelines N/A. following example shows 802.1x authentication-allowed address table.: Ruijie# show dot1x auth-address-table Examples interface:g3/1 ----------------------------------- mac-addr 00D0.F800.0001 Ruijie# Command Description Set the 802.1x authentication mode. dot1x auth-mode maximum number...
  • Page 591 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands 4.6.3 show dot1x auto-req Use this command to show the configuration information of automatic 802.1x authentication. show dot1x auto-req Parameter description N/A. N/A. Default Command mode Privileged mode. Usage guidelines N/A. The following example shows the information about automatic 802.1x authentication: Ruijie# show dot1x auto-req...
  • Page 592 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Set the authentication timeout dot1x timeout between the device and server-timeout authentication server. Set the authentication timeout dot1x timeout between the device and the supp-timeout supplicant. dot1x timeout Set the retransmission period. tx-period 4.6.4 show dot1x...
  • Page 593 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands reauth-max supplicant re-authentications. dot1x Set the re-authentication attribute. re-authentication Set the time the device waits before dot1x timeout reauthentication. quiet-period dot1x timeout Set the re-authentication period for the re-authperiod supplicant. Set the authentication timeout dot1x timeout between the device and server-timeout...
  • Page 594 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands commands Set the 802.1x authentication mode. dot1x auth-mode Set the maximum number of dot1x max-req authentication request retransmissions. dot1x Set the port to participate in port-control auto authentication. dot1x Set the maximum number of the reauth-max supplicant re-authentications.
  • Page 595 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands The following example shows the ports that participate in the authentication: Ruijie# show dot1x port-control Interface Mode Dynamic-User Static-User Max-User Authened Mab Examples --------- ---------- ------------ ----------- -------- -------- --------- Fa0/5 mac-based 6000 disable...
  • Page 596 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Parameter description N/A. Default N/A. Command mode Privileged mode. Usage N/A. guidelines The following example shows the online probing configuration: Ruijie# show dot1x probe-timer Examples Hello Interval: 20 Seconds Hello Alive: 250 Seconds Ruijie# Related Command...
  • Page 597 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands dot1x timeout Set the retransmission period. tx-period 4.6.8 show dot1x re-authentication Use this command to show re-authentication configuration. show dot1x re-authentication Parameter description Default N/A. Command mode Privileged mode. Usage N/A. guidelines The following example shows the information about reauthentication:...
  • Page 598 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Set the re-authentication period for the dot1x timeout supplicant. re-authperiod Set the authentication timeout dot1x timeout between the device and server-timeout authentication server. Set the authentication timeout dot1x timeout between the device and the supp-timeout supplicant.

  • Page 599: Show Dot1X Summary

    S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands dot1x Set the maximum number of the reauth-max supplicant re-authentications. dot1x Set the re-authentication attribute. re-authentication dot1x timeout Set the time the device waits before quiet-period reauthentication. dot1x timeout Set the re-authentication period for the re-authperiod supplicant.
  • Page 600 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands --------------- ------------- ----------- --------- ------------------ ts-user 0023.aeaa.4286 Fa0/5 Authenticated Idle Authed static 0days 0h 8m 8s Ruijie# Command Description dot1x auth-mode Set the 802.1x authentication mode. maximum number dot1x max-req authentication request retransmissions.
  • Page 601 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Default N/A. Command mode Privileged mode. Usage guidelines N/A. The following example shows the information about the 802.1x authentication user: Ruijie# show dot1x user id 1 User name: caikov id: 1 Type: static Mac address is 0013.2049.8272 Vlan id is 217...
  • Page 602 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands re-authentication dot1x timeout Set the time the device waits before quiet-period reauthentication. Set the re-authentication period for the dot1x timeout supplicant. re-authperiod Set the authentication timeout dot1x timeout between the device and server-timeout authentication server.
  • Page 603 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Ruijie# Command Description dot1x auth-mode Set the 802.1x authentication mode. Set the maximum number of authentication dot1x max-req request retransmissions. dot1x Set the port to participate in authentication. port-control auto Set the maximum number of the supplicant dot1x reauth-max re-authentications.
  • Page 604 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands For current operation of the CLI, the configuration is realized by executing the every single command. As for the configuration and deployment of a specific functional module, current CLI presentation lacks some replicable typical configuration examples, therefore, users can only ask for the configuration help by other means(such as Usage...
  • Page 605 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Note: 1) Use the language chinese/english command in the global configuration mode switchover Chinese/English interface. 2) The keyword dot1x can be replaced with the 1x and 802.1x. Command Description Related Show main state commands...
  • Page 606 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands In the interface configuration mode: Note: 1) Use the language chinese/english command in the global configuration mode to switchover the Chinese/English interface. Command Description Related Show main state commands view dot1x configuration information of dot1x...
  • Page 607 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands modules. 4.8.2 dot1x auto-req help Use this command to show the example information of the command beginning with the keyword dot1x auto-req. dot1x auto-req help Parameter description N/A. Default N/A. Command mode Global configuration mode.
  • Page 608 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands interface. Command Description Related Show main state commands configuration information of dot1x view dot1x modules. 4.8.3 dot1x timeout help Use this command to show the example information of the command beginning with the keyword dot1x timeout.
  • Page 609 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Examples Note: Use the language chinese/english command in the global configuration mode to switchover the Chinese/English interface. Command Description Related Show main state commands view dot1x configuration information of dot1x modules. 4.8.4 dot1x reauth-max help Use this command to show the example information of the command beginning with the...
  • Page 610 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Command mode Global configuration mode. Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines...
  • Page 611 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines description of keywords, so they do not know how to continue the configuration in order to complete the...
  • Page 612 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Default N/A. Command mode Global configuration mode. Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines...
  • Page 613 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Command mode Global/interface configuration mode. Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines...
  • Page 614 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Parameter description N/A. Default N/A. Command mode Global configuration mode. Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines...
  • Page 615 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Parameter description N/A. Default N/A. Command mode Interface configuration mode. Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines...
  • Page 616 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands dot1x mac-move help Parameter description N/A. Default N/A. Command mode Gobal configuration mode. Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description.
  • Page 617 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Parameter description N/A. Default N/A. Command mode Global configuration mode. Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines...
  • Page 618 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Parameter description N/A. Default N/A. Command mode Any mode. Currently, two commands should be used to show the related configuration and status information respectively and several commands are needed for showing various status information that the user want, which is not Usage convenient for users.
  • Page 619 S2600E CLI Reference Guide Chapter 4 802.1X Configuration Commands Command Description Related Show the typical configuration or commands dot1x help example information dot1x function. 4.10 Showing default parameters...

  • Page 620: Web Authentication

    S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Authentication Configuration Commands Web Authentication Configuration Related Commands 5.1.1 http redirect This command is used to set the IP address for special access of the HTTP redirection, which is usually the server IP address of HTTP redirection. The no form of this command is used to delete the IP address for special access of the HTTP redirection.
  • Page 621 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands address and one IPv6 address can be configured for HTTP redirection. The IP address for special access of the HTTP redirection is a network resource of free-authentication, which is also available to unauthenticated users. To prevent attacks, however, the access device restricts users’...
  • Page 622 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands ip-mask IPv4 address mask of the network resource free authentication (optional) If the ARP CHECK is enabled on the access device, the keyword arp is needed for ARP binding of the network resources free...
  • Page 623 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands 5.1.3 http redirect classifier This command is used to create an HTTP redirection classifier and enter HTTP redirection configuration mode. The no form of this command is used to delete the HTTP redirection classifier. http redirect classifier classifier-id no http redirect classifier classifier-id Parameter...
  • Page 624 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands 5.1.4 http redirect homepage This command is used to set the address of the redirection homepage. The no form of this command is used to delete the address of redirection homepage.
  • Page 625 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands 5.1.5 http redirect port This command is used to redirect users’ HTTP redirection request to a certain destination port. The no form of this command is used to cancel HTTP redirection of the request to a certain destination port. http redirect port port-num no http redirect port port-num Parameter...
  • Page 626 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Command Description Related Commands View the HTTP redirection configuration. show http redirect Platform None Description 5.1.6 http redirect session-limit This command is used to set the total number of HTTP sessions that can be originated by an unauthenticated user, or the maximum number of HTTP sessions that can be originated by an unauthenticated user connected to each port.
  • Page 627 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands number of HTTP sessions by unauthenticated users must be limited on the access device. In addition to authentication, other programs may also occupy HTTP sessions. Therefore, it is not recommended that the maximum number of HTTP sessions by unauthenticated users be 1.
  • Page 628 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Example 1: Set the maximum number of HTTP sessions Configuration originated by an unauthenticated user to 4. Example Ruijie(config)# http redirect session-limit 4 Command Description Related Commands show http redirect View the HTTP redirection configuration.
  • Page 629 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands occupying TCP connections for long without sending any GET/HEAD packets. Example 1: Set the timeout for the redirection connection Configurati maintenance to 4. on Example Ruijie(config)# http redirect timeout 4 Command Description Related...
  • Page 630 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands authentication. To enable VLAN-based authentication, you need to enable Web authentication on the downlink port of the device and turn the port to the TRUNK mode. Example 1: Set authenticated VLANs to VLAN 1, VLAN 2, VLAN Configuration 3, and VLAN 5.
  • Page 631 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands If ARP CHECK is enabled on the access device, keyword arp is needed for ARP binding of the IP address used by users free of authentication (optional). necessary for IPv4 addresses only. Default No user is free of authentication.
  • Page 632 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Example 1: Set the user using the IP address 172.16.0.1 to be Configuration free of authentication. Example Ruijie(config)# web-auth direct-host 172.16.0.1 Command Description Related show web-auth View users free Commands direct-host authentication.
  • Page 633 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands user port is LinkDown and does not detect LinkUp in 60s, it considers that the user is offline. User traffic based check: The user’s traffic does not increase in 15 min, the user is considered offline. Methods 1 and 2 are mandatory, method 3 is optional.
  • Page 634 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Example 1: Enable user's online status check based on traffic. Configuration Example Ruijie(config)# web-auth offline-detect-mode flow Command Description Related View the online information of all users or Commands show web-auth user certain users.
  • Page 635 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Command Interface configuration mode Mode To use the Web function, the address of the authentication Use Guide homepage must be configured. Example 1: Enable Web authentication on port FastEthernet 0/14. Configuration Ruijie(config)# interface FastEthernet 0/14 Example...
  • Page 636 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Command Description Display authentication show web-auth information of the port. port-control Set the IP address of the authentication http redirect server. Related Commands http redirect Set the address of the authentication homepage homepage.
  • Page 637 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands To use the Web authentication function, the communication key Use Guide between the access device and the authentication server must be set. Example 1: Set the communication key between the access device Configuration and the authentication server to web-auth.
  • Page 638 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Command Description Set the IP address of the authentication http redirect server. Related http redirect Set the address of the authentication Commands homepage. homepage web-auth Enable the Web authentication on the port-control port.
  • Page 639 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands user information is updated. Example 1: Set the interval at which the online user information is Configuration updated to 30s. Example Ruijie(config)# web-auth update-interval 30 Command Description Related Commands Platform None Description Showing Related...
  • Page 640 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Example 1: Display the HTTP redirection configuration. Ruijie# show http redirect HTTP redirection settings: server: 192.168.32.123 port: 80 8000 homepage: http://192.168.32.123:8888/ePortal/index.jsp session-limit: 10 timeout: Direct sites: Address MASK ARP Binding ---------------- ---------------- ----------- 61.233.3.215 255.255.255.255...
  • Page 641 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands IP address of the network resource free of Address authentication IP address mask of the network resource Mask free of authentication ARP Binding Enable/Disable ARP binding Users free authentication: address user free Address...
  • Page 642 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands 5.2.2 show web-auth allow-vlan This command is used to display the VLAN list supporting VLAN-based Web authentication. show web-auth allow-vlan Parameter Description Parameter Description Default None Configuration Command Privileged mode Mode None Use Guide...
  • Page 643 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Command Privileged mode Mode None Use Guide Example 1: Display the users free of authentication. Ruijie# show web-auth direct-host Direct hosts: Address Mask Port ARP Binding ---------------- ---------------- ---------- ------------ 192.168.0.1 255.255.255.255 Fa0/2...
  • Page 644 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Command Description Related Commands Set the IP address free of authentication. web-auth direct-host Platform None Description 5.2.4 show web-auth port-control This command is used to display the authentication configuration and statistics of an interface.
  • Page 645 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Field Description Port Physical port of the access device. Control Enable/Disable Web authentication on the port...
  • Page 646 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Command Description Related Enable the Web authentication on the web-auth Commands port. port-control Platform None Description...
  • Page 647 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands 5.2.5 show web-auth user This command is used to display the online information, including IP address, interface, and online duration, of all users or the specified users. show web-auth user [ip-address | ipv6-address] Parameter Description Parameter...
  • Page 648 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands 00d0.f800.2233 Port Fa0/2 Online Time Limit 0d 01:00:00 Time Used 0d 00:15:10 Time Start 2009-02-22 20:05:10 Status Active Field Description Address IP address of the user MAC address of the user Access device port connected to the Port user...
  • Page 649 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Showing Configuration Example Commands 5.3.1 web-auth help This command is used to display the typical configuration information of web-auth modules. web-auth help Parameter Description Parameter Description Default None Configuration Command Privileged mode Mode For current operation of the CLI, the configuration is realized by...
  • Page 650 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Configuration Example Note: use the language Chinese/English command to switchover the interface between Chinese and English in global configuration mode.
  • Page 651 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Command Description Related Show the main status and configuration Commands view web-auth information of web-auth modules. Platform None Description Showing Configuration Example Commands 5.4.1 web-auth help This command is used to display the example information of the command beginning with the keyword web-auth.
  • Page 652 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Configuration Example Note: use the language Chinese/English command to switchover the interface between Chinese and English in global configuration mode.
  • Page 653 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Command Description Related Show the main status and configuration Commands view web-auth information of web-auth modules. Platform None Description 5.4.2 http redirect help This command is used to display the example information of the command beginning with the keyword http redirect.
  • Page 654 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Configuration Example Note: use the language Chinese/English command to switchover the interface between Chinese and English in global configuration mode.
  • Page 655 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Command Description Related Show the main status and configuration Commands view web-auth information of web-auth modules. Platform None Description Showing Main Status Commands 5.5.1 view web-auth This command is used to display the main status and configuration information of web-auth modules.
  • Page 656 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Configuration Example...
  • Page 657 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands Command Description Related Show typical configuration Commands web-auth help information of web-auth modules. Platform None Description Showing Default Parameters Configuration Showing Prompt for Feedback 1. If the trusted port of DHCP snooping has been enabled on the device port, the following prompt should be shown when enabling the web-auth controlled port.
  • Page 658 S2600E CLI Reference Guide Chapter 5 Web Authentication Configuration Commands 3. If the exceptional port binding has been configured globally on the device port, the following prompt should be shown when enabling the web-auth controlled port.
  • Page 659 S2600E CLI Reference Guide Chapter 6 GSN Configuration Commands GSN Configuration Commands Related Configuration Commands The GSN configuration commands include global configuration commands and interface mode configuration commands. 6.1.1 security address-bind enable Use this command to enable the security address-bind policy in the interface configuration mode.
  • Page 660 S2600E CLI Reference Guide Chapter 6 GSN Configuration Commands Parameter Description Parameter community community character string description interacting with the server. username V3 security community username. The security community is not configured. Default Command mode Global configuration mode. You shall configure an appropriate authentication name of the appropriate protocol version according to the server settings, when it is necessary to configure the Usage...
  • Page 661 S2600E CLI Reference Guide Chapter 6 GSN Configuration Commands Usage Use the show security event interval to view the configuration. guidelines Examples Ruijie# security event interval 10 Command Description Related show security View the minimum interval of security commands event interval event.
  • Page 662 S2600E CLI Reference Guide Chapter 6 GSN Configuration Commands Default No smp server is configured. Command mode Global configuration mode. Usage Use the show smp-server command to view the guidelines configuration. Examples Ruijie(config)# smp-server host 192.168.4.243 Command Description Related show commands View the snmp-server configuration.
  • Page 663 S2600E CLI Reference Guide Chapter 6 GSN Configuration Commands Command mode Privileged EXEC mode. Ruijie# show smp-server Examples smp-server IP: 192.168.20.30 Command Description Related smp-server Configure the IP address for the SNMP commands host server. Configuration Example Showing Commands 6.3.1 gsn help Use this command to show the typical configuration of gsn modules.
  • Page 664 S2600E CLI Reference Guide Chapter 6 GSN Configuration Commands Example Use the language chinese/english command in the global configuration mode switchover Chinese/English interface. Command Description Related Show the main status and configuration commands view gsn information of gsn modules.
  • Page 665 S2600E CLI Reference Guide Chapter 6 GSN Configuration Commands Example Showing Commands 6.4.1 security help Use this command to show the example information of the command beginning with the keyword security. security help Default N/A. Command Global/interface configuration mode mode Currently, you can enter the question mark “?”...
  • Page 666 S2600E CLI Reference Guide Chapter 6 GSN Configuration Commands Use the language chinese/english command in the global configuration mode switchover Chinese/English interface. Command Description Related Show the main status and configuration commands view gsn information of gsn modules. Main Status Showing Commands 6.5.1 view gsn Use this command to show the main status and configuration information of gsn modules.
  • Page 667 S2600E CLI Reference Guide Chapter 6 GSN Configuration Commands configuration. So showing the information combining the related configuration with running status information is necessary. Example More information, refer to:show gsn address-bind Command Description Related Show the typical configuration of gsn commands gsn help modules.
  • Page 668 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Port-based Flow Control Configuration Commands 7.1 Configuration Related Commands 7.1.1 storm-control Use this command to enable the storm suppression. Use the no form of the command to disable the storm suppression. storm-control {broadcast | multicast | unicast} [{level percent | pps p a c k e t s | rate-bps}] no storm-control {broadcast|multicast|unicast}[{level percent | pps p a c k e t s | rate-bps}] Parameter...

  • Page 669: Switchport Protected

    S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Command mode Interface configuration mode. Too many broadcast, multicast or unicast packets received on a port may cause storm and thus slow network and increase timeout. Protocol stack implementation errors or wrong network configuration may also lead to such storms.
  • Page 670 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands After these ports are set as the protected ports, they cannot switch on Usage L2 but can route on L3. A protected port can communicate with an guidelines unprotected port. Use show interfaces to display configuration. Ruijie(config)#interface gigabitethernet 1/1 Examples Ruijie(config-if)# switchport protected...
  • Page 671 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands With port security, you can strictly control the input on a specific port by restricting access to the MAC address and IP address (optional) of the port on the switch. After you configure some secure addresses for the port security-enabled port, only the packets from these addresses Usage can be forwarded.
  • Page 672 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Default configuration No secure address is aged. Command mode Interface configuration mode. In interface configuration mode, use no switchport port-security aging time to disable the aging for security addresses on the port. Usage Use the no switchport port-security aging static to apply the aging guidelines...
  • Page 673 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Command mode Interface configuration mode. Usage guidelines 1.This example shows how to bind the IP address 192.168.1.100 on the interface g 0/10: Ruijie(config)#inter g0/10 Ruijie(config-if)# switchport port-security binding 192.168.1.100 Examples 2.This example shows how to bind the IP address 192.168.1.100 and MAC address 00d0.f800.5555 with vlan id...
  • Page 674 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands [no] switchport port-security binding interface interface-id mac-address vlan vlan_id ipv4-address | ipv6-address [no] switchport port-security binding interface interface-id ipv4-address | ipv6-address Parameter Description interface-id nterface ID mac-address Binding source MAC address Parameter description Vlan_id...
  • Page 675 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Switchport Set the static secure address. port-security mac-address switchport aging time secure port-security address. aging 7.1.7 switchport port-security mac-address Use this command to configure manually the static secure address in the interface configuration mode.
  • Page 676 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands switchport Enable the port-security. port-security switchport Configure the secure address port-security binding binding. switchport Set the static secure address in port-security the privileged mode. mac-address interface switchport Set the aging time for the port-security aging secure address.
  • Page 677 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Command Description show port-security Show port security settings. switchport port-security Enable the port-security. switchport port-security Configure the secure address Related binding. binding commands Set the static secure address Switchport port-security in the interface configuration mac-address mode.
  • Page 678 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands The example below describes how to configure a static secure address 00d0.f800.5555 with VID 2 for the trunk port g 0/10: Ruijie(config)#inter g0/10 Ruijie(config-if)# switchport port-security mac-address 00d0.f800.5555 vlan 2 Examples The example below describes how to enable the Sticky MAC address learning on the interface g0/10...
  • Page 679 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Default configuration Command mode Interface configuration mode. The number of the secure address contains the sum of static secure address and dynamically learnt secure address, 128 by default. If the Usage number of the secure address you set is less than current number, it guidelines...
  • Page 680 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Default configuration Disabled. Command Interface configuration mode. mode Usage If the limited number of the IP address you set is less than bound guidelines number, it will prompt this setting fails. The example below describes how to set the limited number of the port IP address as 100 Examples...
  • Page 681 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Usage guidelines Examples Ruijie#show nac-author-user Command Description Related nac-auth-user Set the limited number of port IP commands maximum value address. 7.2.2 show port-security Use this command to show port security settings. show port-security [address] [interface interface-id] [all] Parameter Description...
  • Page 682 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Command Description switchport port-security Enable port security and configure the way to deal with violation. Related switchport port-security Specify the aging time fpr the commands aging secure address on the interface. switchport port-security Configure...
  • Page 683 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Parameter Description Parameter description Default configuration Command mode Privileged mode. For current operation of the CLI, the configuration is realized by executing the every single command. As for the configuration and deployment of a specific functional module, current CLI presentation lacks some replicable typical configuration examples, therefore, users can only ask for the...
  • Page 684 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Command Description Related view protected-ports Show main status commands configuration information protected-ports modules. 7.3.2 storm-control help Use this command to show the typical configuration of storm-control modules. storm-control help Parameter Description Parameter...
  • Page 685 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Examples the language chinese/english command in the privileged mode to switchover the Chinese/English interface. Command Description Related view storm-control Show main status commands configuration information storm-control modules. 7.3.3 port-security help Use this command to show the typical configuration of port-security modules.
  • Page 686 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands For current operation of the CLI, the configuration is realized by executing the every single command. As for the configuration and deployment of a specific functional module, current CLI presentation lacks some replicable typical configuration examples, therefore, users can only ask for the configuration help by other means(such as reading related Usage...
  • Page 687 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Parameter Description Parameter description Default configuration Command mode Privileged mode. For current operation of the CLI, the configuration is realized by executing the every single command. As for the configuration and deployment of a specific functional module, current CLI presentation lacks some replicable typical configuration examples, therefore, users can only ask for the...
  • Page 688 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Command Description Related view arp-check Show main status commands configuration information arp-check modules. 7.4 Main status Showing Commands 7.4.1 view protected-ports Use this command to show the main status or related configuration of the protected-ports function.
  • Page 689 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Command Description Related Show the typical configuration of protected-ports help commands protected-ports modules. 7.4.2 view storm-control Use this command to show the main status or related configuration of storm-control modules. view storm-control Parameter Description...
  • Page 690 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands 7.4.3 view arp-check Use this command to show the main status or related configuration of arp-check modules. view arp-check Parameter Description Parameter description Default configuration Command mode Any mode. Currently, multiple commands are needed to show the related configuration or status information of one function.
  • Page 691 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands 7.4.4 view port-security Use this command to show the main status or related configuration of port-security modules. view port-security Parameter Description Parameter description Default configuration Command mode Any mode. Currently, multiple commands are needed to show the related configuration or status information of one function.
  • Page 692 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Command Description Related port-security help Show the typical configuration of commands port-security modules. 7.5 Example Showing Commands 7.5.1 storm-control help Use this command to show the example information of the command beginning with the keyword storm-control.
  • Page 693 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Examples Use the language chinese/english command in the privileged mode to switchover the Chinese/English interface. Command Description Related view storm-control Show main status commands configuration information storm-control modules. 7.5.2 switchport help Use this command to show the example information of the command beginning with the keyword switchport.
  • Page 694 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or Usage parameter and related description. However, users may not guidelines understand the meaning about the description of keywords, so they do not know how to continue the configuration in order to complete...
  • Page 695 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Command mode Global/interface configuration mode. Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or Usage parameter and related description. However, users may not guidelines understand the meaning about the description of keywords, so they do not know how to continue the configuration in order to complete...
  • Page 696 S2600E CLI Reference Guide Chapter 7 Port-based Flow Control Configuration Commands Global configuration mode: Interface configuration mode: Example Use the language chinese/english command in the global configuration mode to switchover the Chinese/English interface. Command Description Related view port-security Show main status commands configuration...
  • Page 697 S2600E CLI Reference Guide Chapter 8 CPU Protection Configuration Commands Protection Configuration Commands Related Configuration Commands 8.1.1 cpu-protect type packet-type pps pps_value Use this command to set the bandwidth for the CPU port to receive the specified type of packets. cpu-protect type { arp | bpdu | dhcp | ipv6mc | igmp | rip | ospf | vrrp | pim | ttl1 | unknown-ipmc | dvmrp|…...
  • Page 698 S2600E CLI Reference Guide Chapter 8 CPU Protection Configuration Commands 8.1.2 cpu-protect type packet-type pri pri_num Use this command to set the priority for the specified type of packets the CPU port receives. cpu-protect type { arp | bpdu | dhcp | ipv6mc | igmp | rip | ospf | vrrp | pim | ttl1 | unknown-ipmc | dvmrp|…...
  • Page 699 S2600E CLI Reference Guide Chapter 8 CPU Protection Configuration Commands guidelines by CPU on the management board. The following example shows the statistics of the CPU protection on the S9610 management board. Ruijie# show cpu-protect mboard Type Total Drop ------------ -------- ------- --------- bpdu dhcp...
  • Page 700 S2600E CLI Reference Guide Chapter 8 CPU Protection Configuration Commands Ruijie(config)# show cpu-protect slot 2 Type Total Drop ----------- --------- --------- --------- bpdu dhcp gvrp ipv6-mc dvmrp igmp ospf vrrp unknown-ipmc 200 ttl1 Command Description Related show cpu-protect Show the CPU protect information commands mboard on the management board.
  • Page 701 S2600E CLI Reference Guide Chapter 8 CPU Protection Configuration Commands commands show Show the statistics of the packets of a cpu-protect specified type of CPU protection. type packet-type The “…” symbol in the CPP configuration commands means the unlisted CPP types. Caution Showing Configuration Example Commands...
  • Page 702 S2600E CLI Reference Guide Chapter 8 CPU Protection Configuration Commands Examples the language chinese/english command in the global configuration mode to switchover the Chinese/English interface. Command Description Related view Show the main status and configuration commands information of cpp modules. cpu-protect 8.3.2 cpp help...
  • Page 703 S2600E CLI Reference Guide Chapter 8 CPU Protection Configuration Commands Examples the language chinese/english command in the global configuration mode to switchover the Chinese/English interface. Command Description Related view Show the main status and configuration commands cpu-protect information of cpp modules. Showing Example Commands 8.4.1...
  • Page 704 S2600E CLI Reference Guide Chapter 8 CPU Protection Configuration Commands Examples the language chinese/english command in the global configuration mode to switchover the Chinese/English interface. Command Description Related view Show the main status and configuration commands cpu-protect information of cpp modules. Showing Main Status 8.5.1 view cpu-protect...
  • Page 705 S2600E CLI Reference Guide Chapter 8 CPU Protection Configuration Commands Examples Command Description Related cpu-protect Show the typical configuration of cpp commands help modules. Showing Default Parameters...
  • Page 706 S2600E CLI Reference Guide Chapter 9 DoS Protection Configuration Commands Protection Configuration Commands Configuration Related Commands 9.1.1 ip deny invalid-l4port Use this command to enable the anti-attack of the self-consumption. Use the no form of this command to disable this function. ip deny invalid-l4port no ip deny invalid-l4port Parameter...
  • Page 707 S2600E CLI Reference Guide Chapter 9 DoS Protection Configuration Commands show deny Show the state of anti-attack of the self-consumption. invalid-l4port 9.1.2 ip deny invalid-tcp Use this command to enable the anti-attack of the invalid TCP packets. Use the no form of this command to disable this function.
  • Page 708 S2600E CLI Reference Guide Chapter 9 DoS Protection Configuration Commands Parameter Description Parameter description Default Settings Disabled Command mode Global configuration mode. Usage N/A. guidelines The following example shows how to enable the anti-land-attack: Ruijie(config)# ip deny land Examples The following example shows how to disable the anti-land-attack: Ruijie(config)# no ip deny land Command...
  • Page 709 S2600E CLI Reference Guide Chapter 9 DoS Protection Configuration Commands Usage This command takes effect on only the layer 3 interfaces guidelines with network addresses configured. The following example shows how to enable the ingress filtering on the SVI port: Ruijie(config)# int vlan 1 Ruijie(config-if-vlan)# ip deny spoofing-source The following example shows how to disable the ingress...
  • Page 710 S2600E CLI Reference Guide Chapter 9 DoS Protection Configuration Commands Command mode Privileged EXEC mode. Usage guidelines N/A. Ruijie# show ip deny invalid-l4port DoS Protection Mode State Examples ------------------------------- ----- protect against invalid l4port attack Off 9.2.2 show ip deny invalid-tcp Use this command to show the state of the anti-attack of the invalid TCP packets.
  • Page 711 S2600E CLI Reference Guide Chapter 9 DoS Protection Configuration Commands 9.2.3 show ip deny land Use this command to show the anti-land-attack state. show ip deny land Parameter Description Parameter description Default Settings N/A. Command mode Privileged EXEC mode. Usage guidelines Ruijie# show ip deny land DoS Protection Mode...
  • Page 712 S2600E CLI Reference Guide Chapter 9 DoS Protection Configuration Commands Command Privileged mode. mode For current operation of the CLI, the configuration is realized by executing the every single command. As for the configuration and deployment of a specific functional module, current CLI presentation lacks some replicable typical configuration examples, therefore, users can only ask for the configuration help by other means(such as...
  • Page 713 S2600E CLI Reference Guide Chapter 9 DoS Protection Configuration Commands Platform description Showing Main Status 9.4.1 view dos-protect Use this command to show the main status and configuration of anti-DOS-attack modules. view dos-protect Parameter Description Parameter description Default Settings Command mode Any mode.
  • Page 714 S2600E CLI Reference Guide Chapter 9 DoS Protection Configuration Commands Command Description Related Show the typical configuration of commands dos-protect help anti-DOS-attack modules. Platform description...
  • Page 715 S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands DHCP Snooping Configuration Commands 10.1 DHCP Snooping Global Commands 10.1.1 ip dhcp snooping Use this command to enable the DHCP snooping function globally. The no form of this command will disable the DHCP snooping function globally. [no] ip dhcp snooping Parameter N/A.
  • Page 716 S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands DHCP snooping database write-delay time: 0 seconds DHCP snooping option 82 status: ENABLE DHCP Snooping Support Bootp bind status: ENABLE Interface Trusted Rate limit (pps) ------------------------ ------- --------------- Command Description show ip dhcp View the configuration information of Related...
  • Page 717 S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands Ruijie(config)# ip dhcp snooping vlan 1000 Ruijie(config)# end Command Description Related commands ip dhcp snooping Global switch of DHCP snooping. 10.1.3 ip dhcp snooping bootp-bind Use this command to enable DHCP snooping bootp bind function. The no form of this command will disable the function.

  • Page 718: Ip Dhcp Snooping Verify

    S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands Command Description Related show ip dhcp Show the configuration of the DHCP commands snooping snooping. 10.1.4 ip dhcp snooping verify mac-address Use this command to check whether the source MAC address of the DHCP request message matches against the client addr field of the DHCP message.
  • Page 719 S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands Command Description Related show ip dhcp View the configuration information of the commands snooping DHCP snooping. 10.1.5 ip dhcp snooping information option Use this command to add option82 to the DHCP request message. The no form of this command disables this function.
  • Page 720 S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands Command Function Related show dhcp commands Show the configuration of the snooping DHCP Snooping. 10.1.6 ip dhcp snooping information option format remote-id Use this command to set the option82’s sub-option remote-id as the customized character string.

  • Page 721: Ip Dhcp Snooping Database

    S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands 10.1.7 ip dhcp snooping database write-delay Use this command to configure the switch to write the dynamic user information of the DHCP snooping binding database into the flash periodically. The no form of this command will disable this function.

  • Page 722: Mode Commands

    S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands 10.1.8 ip dhcp snooping database write-to-flash Use this command to write the dynamic user information of the DHCP binding database into flash in real time. ip dhcp snooping database write-to-flash Parameter description N/A.

  • Page 723: Ip Dhcp Snooping Trust

    S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands Command Interface configuration mode. mode This command can deny all DHCP request messages Usage under the port, that is, all the users under the port are guidelines prohibited to request addresses through DHCP. The following is an example of setting fastethernet 0/2 to be suppression status: Ruijie# configure terminal...
  • Page 724 S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands Ruijie# configure terminal Ruijie(config)# interface fastEthernet 0/1 Ruijie(config-if)# ip dhcp snooping trust Ruijie(config-if)# end Ruijie# show ip dhcp snooping Switch DHCP snooping status: ENABLE DHCP snooping Verification of hwaddr field status: DISABLE DHCP snooping database write-delay time: 0 seconds DHCP snooping option 82 status: ENABLE DHCP Snooping Support Bootp bind status:ENABLE...
  • Page 725 S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands option82’s sub-option circuit-id to VLAN93: Ruijie# configure terminal Ruijie(config)# interface fastEthernet 0/1 Ruijie(config-if)# ip dhcp snooping vlan 4094 information option change-vlan-to vlan 4093 Ruijie(config-if)# end Command Description Related commands Platform description This command is supported on all switches.

  • Page 726: Ip Dhcp Snooping Limit Rate

    S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands The following is an example of adding the option82 to the DHCP request packets with the content of the sub-option circuit-id being port-name: Ruijie# configure terminal Examples Ruijie(config)# interface fastEthernet 0/1 Ruijie(config-if)# ip dhcp snooping vlan 4094 information option format-type circuit-id string port-name Ruijie(config-if)# end...

  • Page 727: Show Ip Dhcp Snooping

    S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands The following example sets rate limit of port 1 as 100: Ruijie# configure terminal Ruijie(config)# interface fastEthernet 0/1 Ruijie(config-if)# ip dhcp snooping limit rate 100 Ruijie(config-if)# end Ruijie# show ip dhcp snooping Switch DHCP snooping status: ENABLE Examples DHCP snooping Verification of hwaddr field status:...
  • Page 728 S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands guidelines Show the information of DHCP Snooping. Ruijie# show ip dhcp snooping Switch DHCP snooping status :ENABLE Verification of hwaddr field status :DISABLE Examples DHCP snooping database write-delay time: 0 seconds DHCP snooping option 82 status: ENABLE DHCP snooping Support Bootp bind status: ENABLE Interface...
  • Page 729 S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands guidelines Show the information of the DHCP Snooping binding database. Ruijie# show ip dhcp snooping binding Examples Total number of bindings: 1 MacAddress IpAddress Lease Type VLAN Interface 00d0.f801.0101 192.168.1.1 - static 1 fastethernet 0/1 Command Description ip dhcp...
  • Page 730 S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands The following example demonstrates how to clear the dynamic database information from the DHCP snooping binding database. Ruijie# clear ip dhcp snooping binding Examples Ruijie# show ip dhcp snooping binding Total number of bindings: 0 MacAddress IpAddress Lease(sec) Type VLAN Interface ---------- ---------- ---------- -------- ---- ---------...
  • Page 731 S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands Command mode Privileged mode. Usage This command is used to import the flash file information to guidelines the DHCP Snooping database in real time. The following example demonstrates how to import the Examples flash file information to the DHCP Snooping database.
  • Page 732 S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands Examples Note: 1) Use the language chinese/english command in the privileged mode to switchover the Chinese/English interface. Command Description Related commands 10.6 Example Showing Commands 10.6.1 ip dhcp help Use this command to show the configuration help of dhcp command. ip dhcp help Parameter description...
  • Page 733 S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines description of keywords, so they do not know how to continue the configuration in order to complete the...
  • Page 734 S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines description of keywords, so they do not know how to continue the configuration in order to complete the...
  • Page 735 S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands Examples Command Description Related commands...
  • Page 736 S2600E CLI Reference Guide Chapter 10 DHCP Snooping Configuration Commands Global configuration mode: Examples Interface configuration mode: Note: 1) Use the language chinese/english command in the privileged mode to switchover the Chinese/English interface. Command Description Related commands...
  • Page 737 S2600E CLI Reference Guide Chapter 11 DAI Configuration Commands Configuration Commands 11.1 Commands for Enabling and Disabling the DAI Inspection Function of the Specified VLAN 11.1.1 ip arp inspection vlan vlan-id Use this command to enable the DAI inspection function of the specified VLAN. The no option of this command disables the function of the specified VLAN.
  • Page 738 S2600E CLI Reference Guide Chapter 11 DAI Configuration Commands Command Description Related Show the information of the DAI show ip arp commands inspection function of the specified inspection vlan VLAN. 11.2 Commands for Configuring the L2 Port to a Trusted Port 11.2.1 ip arp inspection trust Use this command to configure the L2 port to a trusted port.The no option of this command will...
  • Page 739 S2600E CLI Reference Guide Chapter 11 DAI Configuration Commands On the NFPP-supported switches, interface rate is limited Platform by NFPP rather than DAI. Therefore, if you execute this description command on NFPP-supported switches, only the interface trust state will be displayed. 11.3 Showing Configuration Example Commands...
  • Page 740 S2600E CLI Reference Guide Chapter 11 DAI Configuration Commands Examples Use the language chinese/english command in the privileged user mode to switchover the interface between Chinese and English. Command Description Related Show the main status and commands view dai configuration information of DAI function.
  • Page 741 S2600E CLI Reference Guide Chapter 11 DAI Configuration Commands Default configuration Command mode Privileged user mode. Usage guidelines Examples Command Description Related Show typical commands dai help configuration. Platform description This command is supported on the layer 3 switches. 11.5 DHCP Snooping Database Related Configuration When the corresponding DAI funciton of the VLAN is enabled and the L2 port which receives...
  • Page 742 S2600E CLI Reference Guide Chapter 11 DAI Configuration Commands needed to check based on the DHCP Snooping database. If no configuration is carried out for the database, the ARP message passes the validity check. For the configuration on the DHCP Snooping, refer to the DHCP Snooping Configuration.

  • Page 743: Source Guard

    S2600E CLI Reference Guide Chapter 12 IP Source Guard Configuration Commands Source Guard Configuration Commands 12.1 IP Source Guard Global Command 12.1.1 ip source binding Use this command to add static user information to IP source address binding database. The no form of this command deletes the corresponding static user: [no] ip source binding mac-address vlan vlan-id ip-address [interface interface-id | ip-mac | ip-only]...

  • Page 744: Ip Source Guard

    S2600E CLI Reference Guide Chapter 12 IP Source Guard Configuration Commands The following example shows how to configure a static user: Ruijie# configure terminal Ruijie(config)# ip source binding 0000.0000.0001 vlan 1 1.1.1.1 interface FastEthernet 0/1 Ruijie(config)# end Ruijie# show ip source binding Examples MacAddress IpAddress...
  • Page 745 S2600E CLI Reference Guide Chapter 12 IP Source Guard Configuration Commands Command Interface configuration mode. mode This command enables IP Source Guard function on the interface to do IP-based or IP+MAC-based detection. Usage IP Source Guard takes effect only on DHCP Snooping guidelines untrusted port.
  • Page 746 S2600E CLI Reference Guide Chapter 12 IP Source Guard Configuration Commands corresponding ip. Show user binding information of mac-address corresponding mac. Show binding information of dynamic dhcp-snooping user. Show binding information of static static user. Show user binding information of vlan-id corresponding vlan.
  • Page 747 S2600E CLI Reference Guide Chapter 12 IP Source Guard Configuration Commands 12.3.2 show ip verify source Use this command to view user filtering entry of IP Source Guard. show ip verify source [interface interface-id] Parameter Description Parameter Show user filtering entry description Interface-id...
  • Page 748 S2600E CLI Reference Guide Chapter 12 IP Source Guard Configuration Commands interface. Platform This command is supported on all switches. description 12.3.3 debug ip source bind Use this command to turn on the debugging switch of IP Source Guard. debug ip source bind Default The debugging switch is turned off.
  • Page 749 S2600E CLI Reference Guide Chapter 12 IP Source Guard Configuration Commands For current operation of the CLI, the configuration is realized by executing the every single command. As for the configuration and deployment of a specific functional module, current CLI presentation lacks some replicable typical configuration examples, therefore, users can only ask for the configuration help by other means(such as Usage...
  • Page 750 S2600E CLI Reference Guide Chapter 12 IP Source Guard Configuration Commands 12.5 Main Status Showing Commands 12.5.1 view ipsource-guard Use this command to show the main status and configuration information of ipsource-guard modules. view ipsource-guard Parameter Description Parameter description Default configuration Command mode...
  • Page 751 S2600E CLI Reference Guide Chapter 12 IP Source Guard Configuration Commands Examples If the total number of bindings exceeds 3, only the first three entries are displayed. Command Description Related ipsource-guard Show the typical configuration of commands ipsource-guard modules. help Platform description...
  • Page 752 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands DHCPv6 Snooping Configuration Commands 13.1 Configuration Related Commands 13.1.1 ipv6 dhcp snooping Use this command to enable the DHCPv6 snooping function globally. The no form of this command will disable the DHCPv6 snooping function globally. [no] ipv6 dhcp snooping Parameter N/A.
  • Page 753 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands Platform description This command is supported on all switches. 13.1.2 ipv6 dhcp snooping binding-delay Use this command to add the DHCPv6 snooping binding delay entry to the hardware filtering list. The no form of this command will disable the function. ipv6 dhcp snooping binding-delay seconds no ipv6 dhcp snooping binding-delay Parameter...
  • Page 754 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands Parameter Description The interval at which the system Parameter writes the dynamic user information of description time the DHCP snooping database into the flash. Default Disabled Command mode Global configuration mode. This function can avoid loss of user information after Usage restart.
  • Page 755 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands Command mode Global configuration mode. Usage Use this command to write the dynamic user information of guidelines the DHCPv6 binding database into flash in real time. The following is an example of writing the dynamic user information of the DHCPv6 binding database into flash.
  • Page 756 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands Platform description This command is supported on all switches. 13.1.6 ipv6 dhcp snooping ignore dest-not-found Use this command to ignore the destination port not found. Use the no form of this command to restore the DHCPv6 reply packet port check.

  • Page 757: Information Option

    S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands 13.1.7 ipv6 dhcp snooping information option Use this command to enable the function of adding the option18/37 into the DHCPv6 request packets. The no form of this command will disable this funtion. [no] ipv6 dhcp snooping information option [standard-format] Parameter Description...
  • Page 758 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands show ipv6 View the configuration information of the dhcp DHCPv6 snooping. snooping Platform description This command is supported on all switches. 13.1.8 ipv6 dhcp snooping information option format remote-id Use this command to enable the function of adding the option37 remote-id customized character string into the DHCPv6 request packets in the global configuration mode.
  • Page 759 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands format remote-id hostname Platform description This command is supported on all switches. 13.1.9 ipv6 dhcp snooping link-detection Use this command to clear the dynamic binding entry on an interface when the interface links down.
  • Page 760 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands 13.1.10 ipv6 dhcp snooping trust Use this command to set the specified DHCPv6 Snooping ports as the trusted ports. The no form of this command sets the ports as untrust ports. ipv6 dhcp snooping trust no ipv6 dhcp snooping trust Parameter...
  • Page 761 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands Parameter Description Set the valid VLAN range, such vlan-list Parameter as 1,3-5,7,9-11. description vlan-min Minimum VLAN ID. vlan-max Maximum VLAN ID. By default, once the DHCPv6 Snooping is enabled globally, Default it takes effect for all VLANs.
  • Page 762 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands Command mode Interface configuration mode. With this command enabled, the option18 interface-id will be added into the DHCPv6 request packets and the VLAN Usage will be changed to the specified one and the DHCP server guidelines will assign the addresses according to the optionq8 information.
  • Page 763 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands Command mode Interface configuration mode. With this command configured, the option18 interface-id will be added into the DHCPv6 request packets with the Usage content being user-defined and the DHCPv6 server will guidelines assign addresses...

  • Page 764: Ipv6 Verify Source

    S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands binding only. Default N/A. Command mode Global configuration mode. For the users using the static IPv6 address but not obtaining the IPv6 address through the DHCPv6 Usage interaction, the administrator can add the static binding guidelines entry manually to enable the address binding on the port.
  • Page 765 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands Default Disabled Command mode Interface configuration mode. With the address-binding enabled, it can prevent the user from setting the private IPv6 address, and the user can Usage only obtain the IPv6 address through the DHCPv6 guidelines interaction, or it can manage the static binding users for the purpose of the normal communication.

  • Page 766: Show Ipv6 Dhcp Snooping

    S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands the DHCPv6 Snooping database. Ruijie# renew ipv6 dhcp snooping database Platform This command is supported on all switches. description 13.2 Showing Related Commands 13.2.1 show ipv6 dhcp snooping Use this command to view the setting of the DHCPv6 snooping. show ipv6 dhcp snooping Parameter N/A.
  • Page 767 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands 13.2.2 show ipv6 dhcp snooping binding Use this command to view the information of the DHCPv6 snooping binding database. show ipv6 dhcp snooping binding [ipv6-address] [mac-address] [vlan vlan_id] [interface interface_name] Parameter Description Show the IPv6 address binding...
  • Page 768 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands 13.2.3 show ipv6 dhcp snooping prefix Use this command to view all user information in the DHCPv6 snooping prefix list. show ipv6 dhcp snooping prefix [ipv6-prefix] [mac-address] [vlan vlan_id] [interface interface_name] Parameter Description...
  • Page 769 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands Parameter description N/A. Default N/A. Command mode Privileged EXEC mode. Usage N/A. guidelines Ruijie# show ipv6 dhcp snooping statistics Packets Processed by DHCPv6 Snooping = 0 Packets Dropped Because Received on untrusted ports Relay forward No binding entry Binding fail...
  • Page 770 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands hardware resources. unknown DHCP Unknown packet packets. packets unknown output interface. The MAC address for the Unknown output interface interface is not found or trust port configured. There enough No enough memory memory.
  • Page 771 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands static Show the static binding entry. Default N/A. Command mode Privileged EXEC mode. Usage N/A. guidelines Ruijie# show ipv6 source binding Total number of bindings: 1 Examples Mac Address Ipv6 Address Lease(s) type Vlan Interface ------------- -------------- --------...
  • Page 772 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands entry. vlan vlan_id Clear the VLAN binding entry. interface Clear the interface binding entry. interface_name Default Command mode Privileged EXEC mode. This command is used to clear the generated user Usage information in the dhcpv6 snooping binding database.
  • Page 773 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands Command mode Privileged EXEC mode. Usage This command is used to clear the generated user guidelines information in the dhcpv6 snooping prefix list. Examples Ruijie# clear ipv6 dhcp snooping prefix Platform This command is supported on all switches.
  • Page 774 S2600E CLI Reference Guide Chapter 13 DHCPv6 Snooping Configuration Commands 13.4 Debugging Related Commands  debug ipv6 dhcp snooping 13.4.1 debug ipv6 dhcp snooping Use this command to trurn on the debugging switch of the DHCPv6 snooping. debug ipv6 dhcp snooping {event | packet} no debug ipv6 dhcp snooping {event | packet} Parameter Description...
  • Page 775 S2600E CLI Reference Guide Chapter 14 Anti-arp-spoofing Configuration Commands Anti-arp-spoofing Configuration Commands 14.1 Related Configuration Commands 14.1.1 anti-arp-spoofing ip Use this command to enable anti-arp-spoofing. Use the no form of this command to disable this function. anti-arp-spoofing ip ip-address no anti-arp-spoofing ip ip-address Parameter Description Parameter...
  • Page 776 S2600E CLI Reference Guide Chapter 14 Anti-arp-spoofing Configuration Commands 14.2 Showing Commands 14.2.1 show anti-arp-spoofing Use this command to show the anti-arp-spoofing information on all interfaces. show anti-arp-spoofing Command mode Privileged EXEC mode. Ruijie# show anti-arp-spoofing Examples port Fa0/1 192.168.1.1 Command Description Related...
  • Page 777 S2600E CLI Reference Guide Chapter 14 Anti-arp-spoofing Configuration Commands users, increasing the usability of CLI. Examples Use the language chinese/english command in the global configuration mode to switchover the Chinese/English interface. Command Description Related Show main status view commands configuration information anti-arp-spoofing anti-arp-spoofing modules.
  • Page 778 S2600E CLI Reference Guide Chapter 14 Anti-arp-spoofing Configuration Commands Examples Use the language chinese/english command in the global configuration mode to switchover the Chinese/English interface. Command Description Related Show main status view commands configuration information anti-arp-spoofing anti-arp-spoofing modules. 14.5 Showing Main Status 14.5.1 view anti-arp-spoofing Use this command to show the main status and configuration information of...
  • Page 779 S2600E CLI Reference Guide Chapter 14 Anti-arp-spoofing Configuration Commands Example The top five anti-arp-spoofing addreddes configured are displayed. Command Description Related Show typical configuration anti-arp-spoofing commands information anti-arp-spoofing help modules.
  • Page 780 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands NFPP Configuration Commands 15.1.1 cpu-protect sub-interface {manage | protocol | route} pps Use this command to configure the traffic bandwidth of each type of packets. cpu-protect sub-interface {manage | protocol | route} pps pps_vaule Parameter Description Parameter...
  • Page 781 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands 15.1.2 cpu-protect sub-interface {manage | protocol | route} percent Use this command to configure the percent value of each type of packets occupied in the buffer area. cpu-protect sub-interface {manage | protocol | route} percent percent_vaule Parameter Description Parameter...
  • Page 782 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands threshold, the attack occurs. arp-guard attack-threshold {per-src-ip | per-src-mac | per-port} pps Parameter Description Set the attack threshold for each per-src-ip source IP address. Parameter Set the attack threshold for each per-src-mac description source MAC address.
  • Page 783 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands clear nfpp arp-guard Clear the isolated host. hosts 15.2.2 arp-guard enable Use this command to enable the anti-ARP guard function globally. arp-guard enable Parameter Description Parameter description Default Enabled. Settings Command mode NFPP configuration mode.
  • Page 784 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands permanent Permanent isolation. Default Settings The default isolate time is 0, which means no isolation. Command mode NFPP configuration mode. Usage guidelines Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# arp-guard isolate-period 180 Command Description nfpp arp-guard Set the isolate time on the Related...
  • Page 785 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands guidelines timeout time will be the monitor period. During the software monitoring, if the isolate period is not 0, the software-monitored attacker will be auto-isolated by the hardware and the timeout time will be the isolate period. The monitor period is valid with the isolate period 0.
  • Page 786 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands than 1000 and it will prompt the message that %ERROR:The value that you configured is smaller than current monitored hosts 1000, please clear a part of monitored to remind the administrator of the invalid hosts.
  • Page 787 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Usage guidelines Ruijie(config)# nfpp Ruijie(config-nfpp)# arp-guard rate-limit per-src-ip 2 Examples Ruijie(config-nfpp)# arp-guard rate-limit per-src-mac 3 Ruijie(config-nfpp)# arp-guard rate-limit per-port 50 Command Description Set the rate limit and the attack Related nfpp arp-guard policy threshold.
  • Page 788 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Ruijie(config-nfpp)# arp-guard scan-threshold 20 Command Description Set the scan threshold on the nfpp arp-guard port. scan-threshold show nfpp arp-guard Related Show the configurations. summary commands show nfpp arp-guard Show the ARP guard scan scan table.
  • Page 789 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands arp-guard Set the global attack threshold. attack-threshold Set the limit threshold and attack nfpp arp-guard policy threshold. show nfpp Show the monitored host. arp-guard hosts 15.2.9 clear nfpp arp-guard scan Use this command to clear ARP scanning table. clear nfpp arp-guard scan Parameter Description...
  • Page 790 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Parameter Description Parameter description Default The anti-ARP attack function is not enabled on the Settings interface. Command mode Interface configuration mode. The interface anti-ARP attack configuration is prior to the Usage global configuration.
  • Page 791 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Default Settings By default, the isolate period is not configured. Command mode Interface configuration mode. Usage guidelines Ruijie(config)# interface G0/1 Examples Ruijie(config-if)# nfpp arp-guard isolate-period 180 Command Description arp-guard Set the global isolate period. Related isolate-period commands...
  • Page 792 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Set the attack threshold with the attack-threshold-pps valid range of [1, 9999]. Default By default, the rate-limit threshold and the attack threshold Settings are not configured. Command Interface configuration mode. mode Usage The attack threshold value shall be equal to or greater guidelines...
  • Page 793 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Parameter Description Parameter Set the scan threshold with the valid description pkt-cnt range of [1, 9999]. Default By default, the sport-based scan threshold is not Settings configured. Command Interface configuration mode. mode Usage guidelines...
  • Page 794 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands dhcp-guard attack-threshold { per-src-mac | per-port} pps Parameter Description Set the attack threshold for each per-src-mac source MAC address. Parameter description per-port Set the attack threshold for each port. Set the attack threshold, in pps. The valid range is [1,9999].
  • Page 795 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Parameter Description Parameter description Default Settings Disabled Command mode NFPP configuration mode. Usage guidelines Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# dhcp-guard enable 15.3.3 dhcp-guard isolate-period Use this command to set the isolate time globally. dhcp-guard isolate-period {seconds | permanent} Parameter Description...
  • Page 796 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# dhcp-guard isolate-period 180 Command Description nfpp dhcp-guard Set the isolate time on the Related isolate-period interface. commands show nfpp Show the configurations. dhcp-guard summary 15.3.4 dhcp-guard monitor-period Use this command to configure the monitor time.
  • Page 797 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command Description show nfpp Show the configurations. dhcp-guard summary Related show nfpp commands Show the monitored host list. dhcp-guard hosts clear nfpp dhcp-guard Clear the isolated host. hosts 15.3.5 dhcp-guard monitored-host-limit Use this command to set the maxmum monitored host number.
  • Page 798 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command Description Related show nfpp dhcp-guard commands Show the configurations. summary 15.3.6 dhcp-guard rate-limit Use this command to set the rate-limit threshold globally. dhcp-guard rate-limit { per-src-mac | per-port} pps Parameter Description Set the rate limit for each source MAC per-src-mac...
  • Page 799 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands 15.3.7 clear nfpp dhcp-guard hosts Use this command to clear the monitored host isolation. clear nfpp dhcp-guard hosts [vlan vid] [interface interface-id] [mac-address] Parameter Description Set the VLAN ID. Parameter description interface-id Set the interface name and number.
  • Page 800 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Default The DHCP anti-attack function is not enabled on the interface. Settings Command mode Interface configuration mode. Usage The interface DHCP anti- attack configuration is prior to guidelines the global configuration. Ruijie(config)# interface G0/1 Examples Ruijie(config-if)# nfpp dhcp-guard enable...
  • Page 801 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command mode Interface configuration mode. Usage guidelines Ruijie(config)# interface G0/1 Examples Ruijie(config-if)# nfpp dhcp-guard isolate-period 180 Command Description dhcp-guard Set the global isolate period. Related isolate-period commands show nfpp dhcp-guard Show the configurations. summary 15.3.10 nfpp dhcp-guard policy...
  • Page 802 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command mode Interface configuration mode. Usage The attack threshold value shall be equal to or greater guidelines than the rate-limit threshold. Ruijie(config)# interface G 0/1 Ruijie(config-if)# nfpp dhcp-guard policy per-src-mac 3 Examples Ruijie(config-if)# nfpp dhcp-guard policy per-port 50 100 Command...
  • Page 803 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Set the attack threshold for each port. per-port Set the attack threshold, in pps. The valid range is [1,9999]. By default, the attack threshold for each source MAC Default address is 10pps; and the attack threshold for each port is Settings 300pps.
  • Page 804 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Default Settings Disabled Command mode NFPP configuration mode. Usage guidelines Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# dhcpv6-guard enable 15.4.3 dhcpv6-guard isolate-period Use this command to set the isolate time globally. dhcpv6-guard isolate-period {seconds | permanent} Parameter Description seconds...
  • Page 805 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command Description nfpp dhcpv6-guard Set the isolate time on the Related isolate-period interface. commands show nfpp dhcpv6-guard Show the configurations. summary 15.4.4 dhcpv6-guard monitor-period Use this command to configure the monitor time. dhcpv6-guard monitor-period seconds Parameter Description...
  • Page 806 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands show nfpp dhcpv6-guard Show the configurations. summary show nfpp Show the monitored host list. dhcpv6-guard hosts clear nfpp Clear the isolated host. dhcpv6-guard hosts 15.4.5 dhcpv6-guard monitored-host-limit Use this command to set the maxmum monitored host number. dhcpv6-guard monitored-host-limit number Parameter Description...
  • Page 807 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command Description Related show nfpp commands Show the configurations. dhcpv6-guard summary 15.4.6 dhcpv6-guard rate-limit Use this command to set the rate-limit threshold globally. dhcpv6-guard rate-limit { per-src-mac | per-port} pps Parameter Description Set the rate limit for each source MAC per-src-mac...
  • Page 808 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands show nfpp dhcpv6-guard Show the configurations. summary 15.4.7 clear nfpp dhcpv6-guard hosts Use this command to clear the monitored host isolation. clear nfpp dhcpv6-guard hosts [vlan vid] [interface interface-id] [mac-address] Parameter Description Set the VLAN ID.
  • Page 809 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands 15.4.8 nfpp dhcpv6-guard enable Use this command to enable the DHCPv6 anti-attack function on the interface. nfpp dhcpv6-guard enable Parameter Description Parameter description Default The DHCPv6 anti-attack function is not enabled on the interface.
  • Page 810 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands permanent Permanent isolation. Default Settings By default, the isolate period is not configured. Command mode Interface configuration mode. Usage guidelines Ruijie(config)# interface G0/1 Examples Ruijie(config-if)# nfpp dhcpv6-guard isolate-period 180 Command Description dhcpv6-guard Set the global isolate period.
  • Page 811 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands valid range of [1, 9999]. Default By default, the rate-limit threshold and the attack threshold Settings are not configured. Command mode Interface configuration mode. The attack threshold value shall be equal to or greater Usage guidelines than the rate-limit threshold.
  • Page 812 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands 15.5.1 icmp-guard attack-threshold Use this command to set the global attack threshold. When the packet rate exceeds the attack threshold, the attack occurs. icmp-guard attack-threshold { per-src-ip | per-port} pps Parameter Description Set the attack threshold for each per-src-ip...
  • Page 813 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands clear nfpp icmp-guard Clear the monitored host. hosts 15.5.2 icmp-guard enable Use this command to enable the ICMP anti-attack function. icmp-guard enable Parameter Description Parameter description Default Enabled Settings Command mode NFPP configuration mode.
  • Page 814 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands permanent Permanent isolation. Default Settings The default isolate time is 0, which means no isolation. Command mode NFPP configuration mode. The isolate period can be configured globally or based on the interface. For one interface, if the isolate period is not Usage set based on the interface, the global value shall be guidelines...
  • Page 815 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands When the attacker is detected, if the isolate period is 0, the attacker will be monitored by the software and the timeout time will be the monitor period. During the software monitoring, if the isolate period is not 0, the software-monitored attacker will be auto-isolated by the Usage hardware and the timeout time will be the isolate period.
  • Page 816 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands If the monitored host number has reached the default 1000, the administrator shall set the max-number smaller than 1000 and it will prompt the message that %ERROR:The value that you configured is smaller than current monitored hosts 1000, please clear a part of monitored Usage to remind the administrator of the invalid...
  • Page 817 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Usage guidelines Ruijie(config)# nfpp Ruijie(config-nfpp)# icmp-guard rate-limit per-src-ip Examples Ruijie(config-nfpp)# icmp-guard rate-limit per-port 800 Command Description nfpp icmp-guard Set the rate limit and the attack Related policy threshold. commands show nfpp Show the configurations.
  • Page 818 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands in one network segment free from monitoring. UP to 500 trusted hosts are supported. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# icmp-guard trusted-host 1.1.1.0 255.255.255.0 Command Description Related show nfpp commands icmp-guard Show the configurations. trusted-host 15.5.8 clear nfpp icmp-guard...
  • Page 819 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands icmp-guard Set the global attack threshold. attack-threshold Set the limit threshold and attack nfpp icmp-guard policy threshold. show nfpp Show the monitored host. icmp-guard hosts 15.5.9 nfpp icmp-guard enable Use this command to enable the ICMP anti-attack function on the interface. nfpp icmp-guard enable Parameter Description...
  • Page 820 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands 15.5.10 nfpp icmp-guard isolate-period Use this command to set the isolate period in the interface configuration mode. nfpp icmp-guard isolate-period {seconds | permanent} Parameter Description Set the isolate period, in second. The Parameter seconds valid range is 0, or [30, 86400].
  • Page 821 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Parameter Description Set the rate-limit threshold and the per-src-ip attack threshold for each source IP address. Set the rate-limit threshold and the Parameter per-port attack threshold for each port. description Set the rate-limit threshold with the rate-limit-pps valid range of [1, 9999].
  • Page 822 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands clear nfpp Clear the isolated host. icmp-guard hosts 15.6 ND-guard Configuration Commands The ND-guard configuration commands include: 15.6.1 nd-guard attack-threshold Use this command to set the global attack threshold. When the packet rate exceeds the attack threshold, the attack occurs.
  • Page 823 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command Description Show the rate-limit threshold Related nfpp ip-guard policy and attack threshold. commands show nfpp ip-guard Show the configurations. summary 15.6.2 nd-guard enable Use this command to enable the ND anti-attack function. nd-guard enable Parameter Description...
  • Page 824 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Parameter Description neighbor request ns-na neighbor advertisement. Parameter Set the router request. description Set the router advertisement and the ra-redirect redirect packets. Set the attack threshold, in pps. The valid range is [1,9999]. Default By default, the default rate-limit threshold for the ns-na, rs Settings...
  • Page 825 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Parameter Description Parameter description Default Settings The ND anti-attack function is not enabled on the interface. Command mode Interface configuration mode. The interface ND anti-attack configuration is prior to the Usage global configuration.
  • Page 826 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Set the attack threshold with the attack-threshold-pps valid range of [1, 9999]. Default By default, the rate-limit threshold and the attack threshold Settings are not configured. Command Interface configuration mode. mode The attack threshold value shall be equal to or greater than the rate-limit threshold.
  • Page 827 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands 15.7 Defined-guard Configuration Commands The defined-guard configuration commands include: 15.7.1 clear nfpp define name hosts Use this command to clear the monitored hosts. If the host is isolated, you need to disisolate it. clear nfpp define name hosts [vlan vid] [interface interface-id] [ip-address] [mac-address] [ipv6-address] Parameter...
  • Page 828 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Parameter Description Parameter description name Define guard name Default Settings Command mode NFPP configuration mode. This command takes effect only after the match, rate-out, Usage rate-limit and attack-threshold have been configured. guidelines Ruijie(config)# nfpp Examples...
  • Page 829 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands If the isolate time is not 0, the host with the packets rate Usage exceeding the attack threshold will be isolated and the guidelines packets sent by this host will be discarded. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# nfpp define tcp...
  • Page 830 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands sip_mask Source IPv4 address mask sipv6 Source IPv6 address sipv6_masklen Source IPv6 address mask Destination IPv4 address dip_mask Destination IPv4 address mask dipv6 Destination IPv6 address dipv6_masklen Length destination IPv6 address mask. sport Source port dport...
  • Page 831 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands monitored-host-limit number Parameter Description number Parameter maximum monitored host description number. valid range 1-4294967295. Default Settings 1000 Command mode NFPP define configuration mode If the monitored host number has reached the default 1000, the administrator shall set the max-number smaller than 1000 and it will prompt the message that %ERROR:The...
  • Page 832 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Parameter Description Parameter seconds Set the monitor time, in seconds. The description valid range is [180, 86400]. Default Settings 600s Command mode NFPP define configuration mode. When the attacker is detected, if the isolate period is 0, the attacker will be monitored by the software and the timeout time will be the monitor period.
  • Page 833 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Default Settings Command mode NFPP configuration mode. Usage Use this command to create a new user-defined guidelines anti-attack type. Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# nfpp define tcp Ruijie(config-nfpp-define)# Command Description Related Show user-defined show nfpp...
  • Page 834 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command NFPP define configuration mode. mode The administrator can use this command to set the trusted host free from monitoring. The ICMP packets are allowed to sent to the trusted host CPU without any rate-limit and warning configuration.
  • Page 835 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands packets. rate-limit-pps Set the rate-limit threshold. attack-threshold-pps Set the attack threshold. Default N/A. Settings Command mode NFPP define configuration mode. To create a user-defined anti-attack type, the classification rule for the rate statistics must be specified, that is, recognize the host based on the source IP address/ source MAC address for the user-defined packets rate statistics based on the user / port and specify the rate-limit...
  • Page 836 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands 15.7.10 nfpp define name enable Use this command to enable the user-defined anti-attack function on the interface. nfpp define name enable Parameter Description Parameter Name of the user-defined anti-attack description name type Default Settings...
  • Page 837 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Name of the user-defined anti-attack name type. permanent Permanent isolation. Default By default, the local isolate period is not configured. The Settings global isolate period is used. Command mode Interface configuration mode. Usage guidelines Ruijie(config)# interface G 0/1...
  • Page 838 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Set the attack threshold with the attack-threshold-pps valid range of [1, 9999]. Default By default, the rate-limit threshold and the attack threshold Settings are not configured. Command mode Interface configuration mode. Usage The attack threshold value shall be equal to or greater guidelines...
  • Page 839 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command mode Privileged EXEC mode. Usage guidelines Ruijie# clear nfpp log Examples 32 log-buffer entries were cleared. Command Description Related Show NFPP commands show nfpp log configurations buffer area. 15.8.2 log-buffer entries Use this command to set the NFPP log buffer area size.
  • Page 840 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands log-b uffer logs numb er_of Show the rate of _mes syslog sage generated from inter the NFPP buffer area. lengt h_in_ seco Show the NFPP log configuration nfpp or the log buffer area.
  • Page 841 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands rate of syslog generated from the NFPP log buffer area. Default By default, the number_of_message is 1 and the length_in_seconds is 30. Settings Command mode NFPP configuration mode. Usage guidelines Ruijie(config)# nfpp Examples Ruijie(config-nfpp)# log-buffer logs 2 interval 12 Command...
  • Page 842 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command mode NFPP configuration mode. Usage Use this command to filter the logs and records the logs guidelines within the specified VLAN range or the specified port. The following example shows the administrator how to record the logs in VLAN 1、VLAN 2、VLAN 3 and VLAN 5 only: Ruijie(config)# nfpp...
  • Page 843 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command mode Privileged EXEC mode. When the log buffer area is full, the subsequent logs are to be dropped, and an entry with all attributes ”-” is displayed in the log buffer area. The administrator shall increase the capacity of the log buffer area or improve the rate of generating the syslog.
  • Page 844 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Gi0/1 1.1.1.2 ISOLATE_FAI LED 2009-05-30 16:23:15 Gi0/1 0000.0000.0001 SCAN 2009-05-30 16:30:10 Gi0/2 PORT_ATTACK 2009-05-30 16:30:10 Field Description Protocol ARP, IP, ICMP, DHCP, DHCPv6, NS-NA, RS, RA-REDIRECT Reason 1. DoS 2. ISOLATED 3.
  • Page 845 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands mac-address The MAC address. Default Settings N/A. Command mode Privileged EXEC mode. Usage guidelines N/A. The following example shows the statistical information of the monitored host: Ruijie# show nfpp arp-guard hosts statistics success fail total...
  • Page 846 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands show nfpp arp-guard scan [statistics | [[vlan vid] [interface interface-id] [ip-address] [mac-address]]] Parameter Description Show the statistical information of the statistics ARP scan list. Parameter The VLAN ID. description interface-id The interface name. ip-address The IP address.
  • Page 847 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands 0000.0000.0001 VLAN interface IP address MAC address timestamp ---- -------- ---------- ----------- ------- Gi0/1 0000.0000.0001 2008-01-23 16:23:10 Total:1 record(s) Command Description arp-guard Set the global scan threshold. scan-threshold Related nfpp arp-guard commands Set the scan threshold.
  • Page 848 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Gi 0/1 Enable 180 5/-/- 8/-/- Gi 0/2 Disable 200 4/5/60 8/10/100 Maximum count of monitored hosts: 1000 Monitor period:300s Field Description Interface(Global) Global configuration Status Enable/Disable the anti-attack function. Rate-limit In the format of the rate-limit threshold for the source IP address/ the rate-limit threshold for the...
  • Page 849 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands nfpp arp-guard Set the isolate time. isolate-period nfpp arp-guard Set the rate-limit threshold and policy attack threshold. nfpp arp-guard Set the scan threshold. scan-threshold 15.10 DHCP-guard Showing Related Commands 15.10.1 show nfpp dhcp-guard hosts Use this command to show the monitored host.
  • Page 850 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Ruijie# show nfpp dhcp-guard hosts statistics success fail total ------- ---- ----- The following example shows the monitored host: Ruijie# show nfpp dhcp-guard hosts If column 1 shows '*', it means "hardware failed to isolate host".
  • Page 851 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Ruijie# show nfpp dhcp-guard summary (Format of column Rate-limit and Attack-threshold is p er-src-ip/per-src-mac/per-port.) Interface Status Isolate-period Rate-limit Attack-threshold Global Enable 300 -/5/150 -/10/300 Gi 0/1 Enable 180 -/6/- -/8/- Gi 0/2 Disable 200 -/5/30 -/10/50...
  • Page 852 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands nfpp dhcp-guard Enable DHCP anti-attack enable function on the interface. nfpp dhcp-guard Set the isolate time. isolate-period nfpp dhcp-guard Set the rate-limit threshold and policy attack threshold. 15.11 DHCPv6-guard Showing Related Commands 15.11.1 show nfpp dhcpv6-guard hosts...
  • Page 853 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Ruijie# show nfpp dhcpv6-guard hosts statistics success fail total ------- ---- ----- The following example shows the monitored host: Ruijie# show nfpp dhcpv6-guard hosts If column 1 shows '*', it means "hardware failed to isolate host".
  • Page 854 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Ruijie# show nfpp dhcpv6-guard summary (Format of column Rate-limit and Attack-threshold is p er-src-ip/per-src-mac/per-port.) Interface Status Isolate-period Rate-limit Attack-threshold Global Enable 300 -/5/150 -/10/300 Gi 0/1 Enable 180 -/6/- -/8/- Gi 0/2 Disable 200 -/5/30 -/10/50...
  • Page 855 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands nfpp Enable the DHCPv6 anti-attack dhcpv6-guard function on the interface. enable nfpp dhcpv6-guard Set the isolate time. isolate-period nfpp Set the rate-limit threshold and dhcpv6-guard attack threshold. policy 15.12 ICMP-guard Showing Related Commands 15.12.1 show nfpp icmp-guard...
  • Page 856 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands The following example shows the statistical information of the monitored host: Ruijie# show nfpp icmp-guard hosts statistics success fail total ------- ---- ----- The following example shows the monitored host: Examples Ruijie# show nfpp icmp-guard hosts If column 1 shows '*', it means "hardware failed to isolate host".
  • Page 857 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Ruijie# show nfpp icmp-guard summary (Format of column Rate-limit and Attack-threshold is p er-src-ip/per-src-mac/per-port.) Interface Status Isolate-period Rate-limit Attack-threshold Global Enable 300 4/-/60 8/-/100 Gi 0/1 Enable 180 5/-/- 8/-/- Gi 0/2 Disable 200 4/-/60 8/-/100...
  • Page 858 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands nfpp icmp-guard Enable ICMP anti-attack enable function on the interface. nfpp icmp-guard Set the isolate time. isolate-period nfpp icmp-guard Set the rate-limit threshold and policy attack threshold. 15.12.3 show nfpp icmp-guard trusted-host Use this command to show the trusted host free from being monitored.
  • Page 859 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands 15.13 ND-guard Showing Related Commands 15.13.1 show nfpp nd-guard trusted-host Use this command to show the configurations. show nfpp nd-guard summary Parameter Description Parameter description Default Settings N/A. Command mode Privileged EXEC mode. Usage guidelines N/A.
  • Page 860 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command Description nd-guard Set the global attack threshold. attack-threshold nd-guard enable Enable the ND anti-attack function. Related nd-guard rate-limit Set the global rate-limit threshold. commands nfpp nd-guard Enable anti-attack enable function on the interface. nfpp nd-guard Set the rate-limit threshold and policy...
  • Page 861 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Ruijie#show nfpp define hosts tcp statistics Define tcp: success fail total ------- ---- ----- The command execution as shown below means that there are 120 hosts monitored totally, wherein 100 hosts are isolated successfully, and 20 hosts fails.
  • Page 862 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command Privileged EXEC mode. mode This command can be used to show the configurations. Usage Without the name specified, all user-defined anti-attack guidelines types will be shown. Ruijie# show nfpp define summary tcp Define tcp summary: match etype 0x0800 protocol 0x06 Maximum count of monitored hosts: 1000...
  • Page 863 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands 15.14.3 show nfpp define trusted-host Use this command to show the trusted host free from monitoring. show nfpp define trusted-host name Parameter Description Parameter Name of the user-defined anti-attack description name type.
  • Page 864 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands nfpp help Parameter Description Parameter description Default Settings N/A. Command mode Privileged mode. Usage guidelines Examples Note: Use the language {Chinese| English} command in the privileged mode to switchover the Chinese/English interface. Command Description Related...
  • Page 865 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands 15.16 Showing Example Commands 15.16.1 arp-guard help Use this command to show the example information of the command beginning with the arp-guard in the NFPP configuration mode. arp-guard help Parameter Description Parameter description Default...
  • Page 866 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command Description Related commands 15.16.2 nfpp arp-guard help Use this command to show the example information of the command beginning with the nfpp arp-guard in the interface configuration mode. nfpp arp-guard help Parameter Description Parameter...
  • Page 867 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command Description Related commands 15.16.3 nfpp arp-guard policy help Use this command to show the example information of the command beginning with the nfpp arp-guard policy in the interface configuration mode. nfpp arp-guard policy help Parameter Description...
  • Page 868 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command Description Related commands 15.16.4 nfpp help Use this command to show the example information of the command beginning with the nfpp in the interface configuration mode. nfpp help Parameter Description Parameter description Default...
  • Page 869 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands 15.17 Showing Main Status Commands 15.17.1 view nfpp Use this command to show the main status information about NFPP. view nfpp Parameter Description Parameter description Default Settings N/A. Command mode Privileged mode. Usage guidelines Examples...
  • Page 870 S2600E CLI Reference Guide Chapter 15 NFPP Configuration Commands Command Description Related Show typical NFPP commands nfpp help configuration.

  • Page 871: Switch Security

    S2600E CLI Reference Guide Chapter 16 Ruijie Switch Security Compatible Mode Configuration Commands Ruijie Switch Security Compatible Mode Configuration Commands 16.1 Configuration Related Commands 16.1.1 rgos-security compatible Use this command to set the RGOS security function in the compatible mode. Use the no form of this command to cancel the setting.
  • Page 872 S2600E CLI Reference Guide Chapter 16 Ruijie Switch Security Compatible Mode Configuration Commands Platform description Version Description Command history 10.4 Newly-added command 16.2 Showing Related Commands 16.2.1 security-function help Use this command to show the typical configurations of the security modules. security-function help Parameter Description...
  • Page 873 S2600E CLI Reference Guide Chapter 16 Ruijie Switch Security Compatible Mode Configuration Commands Examples Use the language chinese/english command in the global configuration mode to switchover the Chinese/English interface.
  • Page 874 S2600E CLI Reference Guide Chapter 16 Ruijie Switch Security Compatible Mode Configuration Commands Command Description Related Show main status view commands configuratoins security security-function modules. Platform description Version Description Command history 10.4(3) Newly-added command 16.2.2 view security-function Use this command to show the main status and configurations of the security modules. view security-function Parameter Description...
  • Page 875 S2600E CLI Reference Guide Chapter 16 Ruijie Switch Security Compatible Mode Configuration Commands Examples Command Description Related security-function Show the typical configurations of commands the security modules. help Platform description Version Description Command history 10.4(3) Newly-added command 16.2.3 show resources Use this command to show the usage and available configuration of current resource on relevant function.
  • Page 876 S2600E CLI Reference Guide Chapter 16 Ruijie Switch Security Compatible Mode Configuration Commands Default Settings Command mode Any mode. Displaying the status or configuration of a certain function needs multiple commands, but users do not know which command to use for displaying the important status information of this function.
  • Page 877 S2600E CLI Reference Guide Chapter 16 Ruijie Switch Security Compatible Mode Configuration Commands...
  • Page 878 ACL&QOS...
  • Page 879 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Configuration Commands For IDs used in the following commands, refer to the command ID table below: Meaning Number of access list. Range: Standard IP ACL: 1 to 99, 1300 to 1999 Extended IP ACL: 100 to 199,2000 to 2699 Extended MAC ACL: 700 to 799 Extended expert ACL: 2700 to 2899...
  • Page 880 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Meaning flow-label Flow label in the range 0 to 1048575 Packet destination IP address (host address or network address) Destination IP address wildcard. It can be discontinuous, such as dst-wildcard 0.255.0.32 fragment Packet fragment filtering.
  • Page 881 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands UU UU VV VV VV VV WW WW WW WW XY ZZ aa aa bb bb The corresponding offset table is as follows: Letter Meaning Offset Letter Meaning Offset Destination MAC TTL field Source MAC Protocol number...
  • Page 882 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands access-list id {deny | permit} protocol {source source-wildcard | host source | any| interface idx } {destination destination-wildcard | host destination | any} [precedence precedence] [tos tos] [fragment] [range lower upper] [time-range time-range-name] 3.
  • Page 883 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands access-list id {deny | permit} tcp [VID [out][inner in]]{source source-wildcard | host Source | any} {host source-mac-address | any } [operator port [port] ] {destination destination-wildcard | host destination | any} {host destination-mac-address | any} [operator port [port] ] [precedence precedence] [tos tos] [fragment] [range lower upper] [time-range time-range-name] [match-all tcp-flag] User Datagram Protocol (UDP)
  • Page 884 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Specify destination destination address (host address network address). Wildcard of the destination IP address. destination-wildcard discontinuous, example, 0.255.0.32. Packet fragment filtering fragment Specify the packet priority. precedence Packet precedence value (0 to precedence Layer4 port number range of the range...
  • Page 885 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Match the specified VID. VID vid Ethernet type ethernet-type Match all the bits of the TCP match-all flag. Match the TCP flag. tcp-flag Remark information text Default configuration N/A. Command mode Global configuration mode.
  • Page 886 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands  The packet precedence is as below:  critical  flash  flash-override  immediate  internet  network  priority  routine The service types are as below:  max-reliability ...
  • Page 887 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands  net-tos-unreachable  net-unreachable  network-unknown  no-room-for-option  option-missing  packet-too-big  parameter-problem  port-unreachable  precedence-unreachable  protocol-unreachable  redirect  device-advertisement  device-solicitation  source-quench  source-route-failed  time-exceeded ...
  • Page 888 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands  login  nntp  pim-auto-rp  pop2  pop3  smtp  sunrpc  syslog  tacacs  talk  telnet  time  uucp  whois  The UDP ports are as follows. A UDP port can be specified by port name and port number.
  • Page 889 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands  time   xdmcp The Ethernet types are as below:  aarp  appletalk  decnet-iv  diagnostic  etype-6000  etype-8042   lavc-sca  mop-console  mop-dump  mumps ...
  • Page 890 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Ruijie(config)#access-list 702 deny host 00d0f8000c0c any aarp Ruijie(config)# interface gigabitethernet 1/1 Ruijie(config-if)# mac access-group 702 in 4. Example of the extended expert ACL The following example shows how to create and display an extended expert ACL.
  • Page 891 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Extended IP ACLs of some important protocols:  Internet Control Message Prot (ICMP) [sn] deny icmp {source source-wildcard | host source | any} {destination destination-wildcard | host destination | any} [icmp-type] [[icmp-type [icmp-code]] | [icmp-message]] [precedence precedence] [tos tos] [fragment] [time-range time-range-name] ...
  • Page 892 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands destination-wildcard | host destination | any} {host destination-mac-address | any} [precedence precedence] [tos tos] [fragment] [range lower upper] [time-range time-range-name] Extended expert ACLs of some important protocols:  Internet Control Message Protocol (ICMP) [sn] deny icmp [[VID [out][inner in]]] {source source-wildcard | host source | any} {host source-mac-address | any} {destination destination-wildcard | host destination | any} {host destination-mac-address | any} [icmp-type]...
  • Page 893 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Extended ipv6 ACLs of some important protocols:  Internet Control Message Protocol (ICMP) [sn]deny icmp {source-ipv6-prefix / prefix-length | any source-ipv6-address host} {destination-ipv6-prefix prefix-length host destination-ipv6-address | any} [icmp-type] [[icmp-type [icmp-code]] | [icmp-message]] [dscp dscp] [flow-label flow-label] [fragment] [time-range time-range-name] ...
  • Page 894 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Parameter Description ACL entry sequence number source-ipv6-prefix Source IPv6 network address or network type destination-ipv6-prefix Destination IPv6 network address or network type prefix-length Prefix mask length source-ipv6-address Source IPv6 address destination-ipv6-address Destination IPv6 address Parameter dscp...
  • Page 895 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Ruijie(config)#expert access-list extended 2702 Ruijie(config-exp-nacl)#deny tcp host 192.168.4.12 host 0013.0049.8272 any any Ruijie(config-exp-nacl)#permit any any any any Ruijie(config-exp-nacl)#show access-lists expert access-list extended 2702 10 deny tcp host 192.168.4.12 host 0013.0049.8272 any 20 permit any any any any Ruijie(config-exp-nacl)# This example shows how to use the extended IP ACL.
  • Page 896 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Ruijie(config-ext-nacl)# deny host 192.168.4.12 Ruijie(config-ext-nacl)#show access-lists ip access-list standard 34 10 deny host 192.168.4.12 Ruijie(config-ext-nacl)#exit Ruijie(config)# interface gigabitethernet 1/1 Ruijie(config-if)# ip access-group 34 in This example shows how to use the extended IPV6 ACL. The purpose is to deny the host with the IP address 192.168.4.12 and apply the rule to Interface gigabitethernet 1/1.
  • Page 897 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands expert access-group {id|name} {in|out} no expert access-group {id|name} {in|out} Parameter Description ID of the expert ACL (2700 to 2899) name Name of the expert ACL Parameter description Filter the inputting packets of the interface Filter the outputting packets of the interface...
  • Page 898 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands 1.1.4 expert access-list Use this command to create an extended expert ACL. Use the no form of the command to remove the ACL. expert access-list extended {id | name} no expert access-list extended {id | name} Parameter Description Parameter...
  • Page 899 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands 1.1.5 ip access-group Use this command to apply a specific ACL to an interface. The no form of this command cancels the application. ip access-group {id|name} {in|out} [unreflect | reflect] no ip access-group {id|name} {in|out} Parameter Description ID of the IP ACL (1 to 199, 1300 to...
  • Page 900 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands to 2699, 3000 to 3199). Platform The software version must be RGOS10.0 and higher. description 1.1.6 ip access-list Use this command to create a standard IP ACL or extended IP ACL. Use the no form of the command to remove the ACL.
  • Page 901 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Command Description Related Show the ACLs. show commands access-lists Platform description 1.1.7 ip access-list resequence Use this command to reassign the sequence of the IP ACL entries and enter the corresponding configuration mode. Use the no form of this command to restore it to the default configuration.
  • Page 902 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands 21 permit host 192.168.4.12 64 deny any any Command Description Related show Show the ACLs. commands access-lists Platform description The software version must be RGOS10.0 and higher. 1.1.8 ipv6 traffic-filter Use this command to apply the specified IPV6 ACL on the specified interface. Use the no form of the command to remove the application.
  • Page 903 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Command Description Related show Show the ACL configurations. commands access-group Platform description The software version must be RGOS10.0 and higher. 1.1.9 ipv6 access-list Use this command to create an extended IPV6 ACL. Use the no form of the command to remove the ACL.
  • Page 904 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands 1.1.10 lmac access-group Use this command to apply the specified MAC ACL on the specified interface. Use the no form of the command to remove the application. mac access-group {id|name}{in|out} no mac access-group {id|name}{in|out} Parameter Description ID of the MAC ACL (700 to 799)
  • Page 905 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands 1.1.11 mac access-list Use this command to create an extended MAC ACL. Use the no form of the command to remove the ACL. mac access-list extended { id|name } no mac access-list extended {id|name} Parameter Description Parameter...
  • Page 906 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands no <sn> Parameter Description Parameter description Sequence number of the ACL entry Command ACL configuration mode. mode Usage Use this command to delete an ACL entry in ACL guidelines configuration mode. Ruijie(config)# ipv6 access-list extended v6-acl Ruijie(config-ipv6-nacl)# permit ipv6 host ::192.168.4.12 any...
  • Page 907 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Use this command to set the permit rules. 1. Standard IP ACL [sn] permit {source source-wildcard | host source | any | interface idx } [time-range tm-range-name] 2. Extended IP ACL [sn] permit protocol source source-wildcard destination destination-wildcard [precedence precedence] [tos tos] [fragment] [time-range time-range-name]...
  • Page 908 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands  When you select the Ethernet-type field or cos field: [sn] permit {ethernet-type| cos [out] [inner in]} [VID [out][inner in]] {source source-wildcard | host source | any} {host source-mac-address | any } {destination destination-wildcard | host destination | any} {host destination-mac-address | any} [time-range time-range-name] ...
  • Page 909 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Extended IPv6 ACLs of some important protocols:  Internet Control Message Protocol (ICMP) [sn] permit icmp {source-ipv6-prefix / prefix-length | any source-ipv6-address | host} {destination-ipv6-prefix / prefix-length | host destination-ipv6-address | any} [icmp-type] [[icmp-type [icmp-code]] | [icmp-message]] [dscp dscp] [flow-label flow-label] [fragment] [time-range time-range-name] ...
  • Page 910 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands The following example shows how to create and display an Expert Extended ACL. This expert ACL permits all the TCP packets with the source IP address 192.168.4.12 and the source MAC address 001300498272. Ruijie(config)#expert access-list extended exp-acl Ruijie(config-exp-nacl)#permit tcp host 192.168.4.12 host 0013.0049.8272 any any...
  • Page 911 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands This example shows how to use the standard IP ACL. The purpose is to permit the host with the IP address 192.168.4.12 apply interface gigabitethernet 1/1. The configuration procedure is as below: Ruijie(config)#ip access-list standard std-acl Ruijie(config-std-nacl)#permit host 192.168.4.12...
  • Page 912 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Platform description The software version must be RGOS10.0 and higher. Showing Related Commands 1.2.1 show access-group Use this command to show the ACL configured on the interface. show access-group[interface <interface>] Parameter Description Parameter description...
  • Page 913 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Platform The software version must be RGOS10.0 and higher. description 1.2.2 show access-lists Use this command to show all ACLs or the specified ACL. show access-lists [id|name] Parameter Description Parameter ID of the IP ACL description name Name of the IP ACL...
  • Page 914 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands 1.2.3 show expert access-group Use this command to show the configured expert ACL of the interface. show expert access-group[interface <interface>] Parameter Description Parameter description Interface ID <interface> Command mode Privileged mode. Show the expert ACL configured on the interface.
  • Page 915 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Show the IP ACL configured of the interface. If no interface Usage is specified, the associated IP ACLs of all the interfaces guidelines will be shown. Ruijie# show ip access-group interface gigabitethernet Examples ip access-group aaa in Applied On interface GigabitEthernet 0/1.
  • Page 916 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Platform The software version must be RGOS10.0 and higher. description 1.2.6 show mac access-group Use this command to show the configured MAC ACL of the interface. show mac access-group[interface <interface>] Parameter Description Parameter description...
  • Page 917 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands 1.3.1 security global access-group Use this command to configure the global security channel. security global access-group { id | name } no security global access-group Parameter Description Parameter ACL ID description ACL name name Command...
  • Page 918 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands guidelines interface. Ruijie# security access-group 1 Examples Platform description 1.3.3 security uplink enable Use this command to configure the uplink port of the security channel on the interface. security uplink enable no security uplink enable Command mode...
  • Page 919 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Command mode Privileged mode Usage guidelines This command is used to show all security channels. Ruijie(config-if)#show secu-acl Ports Type access-group ---------- ---------- ------------ Examples Fa0/4 security Global security Fa0/6 uplink Command Description security global...
  • Page 920 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Showing Configuration Example Commands 1.4.1 access-list help Use this command to show the typical configuration of ACL modules. access-list help Parameter Description Parameter description Default configuration Command mode Privileged mode For current operation of the CLI, the configuration is realized by executing the every single command.
  • Page 921 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Examples Note: Use the language chinese/english command in the global configuration mode to switchover the Chinese/English interface. Command Description Related Show the configuration and main commands view access-list status information of ACL modules. Platform description 1.4.2...
  • Page 922 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Command Privileged mode mode For current operation of the CLI, the configuration is realized by executing the every single command. As for the configuration and deployment of a specific functional module, current CLI presentation lacks some replicable typical configuration examples, therefore, users can only ask for the configuration help by other means(such as Usage...
  • Page 923 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands commands Show the configuration and main view access-list status information of ACL modules. Platform description Showing Example Commands 1.5.1 ip access-list help Use this command to show the example information of the command beginning with the keyword ip access-list.
  • Page 924 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Example Note: Use the language chinese/english command in the global configuration mode to switchover the Chinese/English interface. Command Description Related Show the configuration and main commands view access-list status information of ACL modules. Platform description 1.5.2...
  • Page 925 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands description of keywords, so they do not know how to continue the configuration in order to complete the configuration task. Example Note: Use the language chinese/english command in the global configuration mode to switchover the Chinese/English interface.
  • Page 926 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines description of keywords, so they do not know how to continue the configuration in order to complete the...
  • Page 927 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Command mode Global configuration mode Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines...
  • Page 928 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Default configuration Command mode Interface configuration mode Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines...
  • Page 929 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Parameter Description Parameter description Default configuration Command mode Interface configuration mode Currently, you can enter the question mark “?” to display the configuration help with the configuration of the next keyword or parameter and related description. However, Usage users may not understand the meaning about the guidelines...
  • Page 930 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands 1.5.7 mac access-group help Use this command to show the example information of the command beginning with the keyword mac access-group. mac access-group help Parameter Description Parameter description Default configuration Command mode Interface configuration mode Currently, you can enter the question mark “?”...
  • Page 931 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Platform description 1.5.8 ipv6 traffic-filter help Use this command to show the example information of the command beginning with the keyword ipv6 traffic-filter. ipv6 traffic-filter help Parameter Description Parameter description Default configuration Command mode...
  • Page 932 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands commands Show the configuration and main view access-list status information of ACL modules. Platform description Showing Main Status Commands 1.6.1 view access-list Use this command to show the configuration and main status information of the ACL modules.
  • Page 933 S2600E CLI Reference Guide Chapter 1 ACL Configuration Commands Example Command Description Related Show the typical configuration of commands access-list help ACL modules. Platform description...

  • Page 934: Default Configuration

    S2600E CLI Reference Guide Chapter 2 QoS Configuration Command Configuration Command Default Configuration Before configuring QoS, you must have a full knowledge of these items related to QoS: 1. One interface can only be associated with one policy map at most. 2.
  • Page 935 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command Default CoS to DSCP mapping table CoS Value DSCP value Default IP Precedence to DSCP mapping table IP-Precedence DSCP Default DSCP to CoS mapping table DSCP Related Configuration Commands 2.2.1 mls qos trust Use this command to configure the trust mode on an interface.
  • Page 936 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command Command mode Interface configuration mode. Ruijie(config)# interface gigabitethernet 1/1 Examples Ruijie(config-if)# mls qos trust cos Related show mls qos interface interface-id commands Platform description 2.2.2 mls qos cos Use this command to configure the CoS value of an interface. Use the no form of this command to restore it to the default.
  • Page 937 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command no rate-limit Parameter Description input Input rate limit ouput Ouput rate limit Parameter description Limited bandwidth per second burst-size The dscp-list range varies with products Restore it to the default value. Default configuration Command...
  • Page 938 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command [no] match ip dscp dscp-value1 [dscp-value2 [dscp-valueN] ] [no] match ip precedence ip-pre-value1 [ip-pre-value2 [ip-pre-valueN] ] Parameter Description acl-name Name of the created ACL acl-id ID of the created ACL Name of the class map to be class-map-name created dscp-valueN...

  • Page 939: Policy Maps

    S2600E CLI Reference Guide Chapter 2 QoS Configuration Command Create the class-map naming cm-dscp and match the DSCP 8,16,24 and exit the setting Ruijie(config)# class-map cm-dscp Ruijie(config-cmap)# match ip dscp 8 16 24 Ruijie(config-cmap)# exit Command Description show map access-lists Related show ip commands...
  • Page 940 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command police rate-bps burst-byte [exceed-action {drop | dscp dscp-value | cos cos-value [none-tos] }] no police Parameter Description policy-map-name Name of the policy map to be created policy-map Delete the existed policy map. policy-map-name class-map-name Name of the created class map...
  • Page 941 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command Related show policy-map commands Platform description 2.2.6 service-policy Use this command to apply the policy map on the interface or the virtual-group. service-policy {input | output} policy-map-name no service-policy {input | output} Parameter Description policy-map-name...
  • Page 942 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command Parameter Description Set the output queue scheduling Parameter priority-queue algorithm to SP description Set the output queue scheduling priority-queue algorithm to WRR. Default The output queue scheduling algorithm is WRR. configuration Command mode Global configuration mode.
  • Page 943 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command Related show mls qos queuing commands 2.2.8 wrr-queue bandwidth Use this command to set the weight ratio for the WRR algorithm. Use the no form of the command to restore it to the default. wrr-queue bandwidth weight1 ...
  • Page 944 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command Default See the default configuration. configuration Command mode Global configuration mode Ruijie(config)# mls qo map cos-dscp 8 10 16 18 24 26 32 Examples Command Description Related show mls qos Show DSCP-COS, COS-DSCP and commands maps IP-prec-DSCP maps.
  • Page 945 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command 2.2.11 interface rate-limit Use this command to configure rate limitation on the interface. Use the no form of the command to restore it to the default. rate-limit {input | output} bps burst-size no rate-limit Parameter Description...
  • Page 946 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command Restore to the default value. Default configuration The queue scheduling algorithm is wrr by default. Command mode Global configuration mode. Examples Ruijie(config)# mls qos scheduler sp Related show mls qos scheduler. commands 2.2.13 drr-queue bandwidth...
  • Page 947 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command 2.2.14 mls qos map ip-prec-dscp Use this command to map the IP-precedence to the DSCP value. Use the no form of this command to disable the mapping. mls qos map ip-prec-dscp dscp1...dscp8 no mls qos map ip-prec-dscp Parameter Description...
  • Page 948 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command Command mode Interface configuration mode. The member port joined the virtual group must be physical port or Aggregate Port. The virtual group member ports must be in the same line card(for the chassis-shaped Usage switch) or in the same switch(for the box-shaped switch).
  • Page 949 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command Command mode Privileged EXEC mode. Examples Ruijie# show class-map 2.3.2 show policy-map Use this command to show the information of the policy map. show policy-map [ policy-name [class class-name ]] Parameter Description Parameter policy-name...
  • Page 950 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command Examples Ruijie# show mls qos interface fastEthernet 0/1 2.3.4 show mls qos queuing Use this command to show the QoS queuing information. show mls qos queueing Command mode Privileged EXEC mode. Examples Ruijie# show mls qos queueing Platform...
  • Page 951 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command Default configuration All QoS maps are shown by default. Command mode Privileged EXEC mode. Examples Ruijie# show mls qos maps 2.3.7 show mls qos rate-limit Use this command to show the information about rate limit on the interface. show mls qos rate-limit [interface interface-id] Parameter Description...
  • Page 952 S2600E CLI Reference Guide Chapter 2 QoS Configuration Command Command Description Related commands Enable the virtual group. virtual-group...
  • Page 953 Reliability...
  • Page 954 S2600E CLI Reference Guide Chapter 1 REUP Configuration Commands REUP Configuration Commands Related Configuration Commands The REUP configuration commands include global configuration commands and interface mode configuration commands. 1.1.1 link state track Use this command to enable the link state track group. The no form of this command is used to disable a link state track group link state track [num] no link state track [num]...

  • Page 955: Link State Group

    S2600E CLI Reference Guide Chapter 1 REUP Configuration Commands commands Add the port to the specified link state link state track group. group 1.1.2 link state group Use this command to add the port into the specified link state track group. The no form of this command is used to delete a port from the specified link state track group.
  • Page 956 S2600E CLI Reference Guide Chapter 1 REUP Configuration Commands 1.1.3 mac-address-table move update max-update-rate Use this command to configure the maximum number of MAC address update packets sent per second. mac-address-table move update max-update-rate pkts-per-second no mac-address-table move update max-update-rate Parameter Description Parameter...
  • Page 957 S2600E CLI Reference Guide Chapter 1 REUP Configuration Commands Parameter Description Parameter description Interface-id Interface ID of the backup link. Default N/A. Command mode Interface configuration mode. Enter the primary interface configuration mode, the Usage interface-id in the parameter is for the backup interface. guidelines When the active link fails, the backup link transmission is restored rapidly.
  • Page 958 S2600E CLI Reference Guide Chapter 1 REUP Configuration Commands The preemption function is disabled by default. Default The default preemption delay time is 35s. Command mode Interface configuration mode. The preemption mode includes forced, bandwidth and off. In the bandwidth preemption mode, the interface with high bandwidth has priority over other interfaces to transmit the data.
  • Page 959 S2600E CLI Reference Guide Chapter 1 REUP Configuration Commands Default Disabled. Command mode Global configuration mode. The dual link backup switchover will lead to the loss of downstream data flow, for the MAC address for the uplink switch has not been updated in time. Therefore, it is Usage necessary to update the MAC address table of the uplink guidelines...
  • Page 960 S2600E CLI Reference Guide Chapter 1 REUP Configuration Commands from processing MAC address update packets can still recover downlink data transmission of the uplink device using MAC address update packets, but the capability to provide convergence on link failure will be degraded. The following example configures VLANs processing MAC address update packets: Examples...
  • Page 961 S2600E CLI Reference Guide Chapter 1 REUP Configuration Commands 1.1.9 mac-address-table move update transit vlan Use this command to enable REUP to transmit the mac-address update messages. mac-address-table move update transit vlan vid no mac-address-table move update transit vlan Parameter Description Parameter ID of the VLAN transmitting MAC...
  • Page 962 S2600E CLI Reference Guide Chapter 1 REUP Configuration Commands The default group number is 1. Default By default, no mac-address-table update group is configured. Command mode Interface configuration mode. In order to reduce the flood due to the MAC address update and the influence on the normal data transmission Usage of the switch, Ruijie products add a configuration of MAC...

  • Page 963: Show Link State Group

    S2600E CLI Reference Guide Chapter 1 REUP Configuration Commands Command mode Interface configuration mode. Usage MSTP instance mapping can be used to modify the guidelines mapping between an instance and a VLAN. The following example configures VLAN load balancing on dual links.
  • Page 964 S2600E CLI Reference Guide Chapter 1 REUP Configuration Commands Link State Group:2 Status: Disabled, Down Upstream Interfaces : Downstream Interfaces : (Up):Interface up (Dwn):Interface Down (Dis):Interface disabled 1.2.2 show interfaces [interface-id] switchport backup [detail] Use this command to show the dual link backup information on the interfaces. show interfaces [interface-id] switchport backup [detail] Parameter Description...
  • Page 965 S2600E CLI Reference Guide Chapter 1 REUP Configuration Commands Parameter Description Parameter detail Show the detailed information about the description mac-address-table update group. Default Show the mac-address-table update group information. Command mode Privileged EXEC mode. Ruijie # configure terminal Ruijie (config)# mac-address-table move update receive Ruijie (config)# interface range gigabitEthernet 0/3-4 Ruijie (config-if-range)#...
  • Page 966 S2600E CLI Reference Guide Chapter 2 RLDP Configuration Command RLDP Configuration Command Configuration Related Commands The RLDP configuration commands include global configuration commands, interface mode configuration commands and privilege mode configuration commands. 2.1.1 rldp enable Use this command to enable RLDP globally. Use the no form of this command to disable the function.
  • Page 967 S2600E CLI Reference Guide Chapter 2 RLDP Configuration Command 2.1.2 rldp detect-interval Use this command to configure the interval at which the RLDP sends the detection message on the port. Use the no form of this command to restore it to the default value.
  • Page 968 S2600E CLI Reference Guide Chapter 2 RLDP Configuration Command Parameter Description Parameter Maximum number of detections in the description range 2 to 10 Default Command mode Global configuration mode. Usage This command is used together with the detection interval to specify the maximum number of detections. guidelines The following example shows how to set the maximum Examples...
  • Page 969 S2600E CLI Reference Guide Chapter 2 RLDP Configuration Command shutdown-port Shutdown the port. block Disable learning-forwarding function of the port. Default N/A. Command mode Interface configuration mode. Usage The RLDP detection on the port takes effect only when the guidelines global RLDP is enabled.
  • Page 970 S2600E CLI Reference Guide Chapter 2 RLDP Configuration Command Command Description Related commands rldp eanble Enable RIDP globally. Showing and Monitoring Commands 2.2.1 show rldp Use this command to show the RLDP information. show rldp [interface interface-id] Parameter Description Parameter description interface-id Interface ID...
  • Page 971 S2600E CLI Reference Guide Chapter 2 RLDP Configuration Command Parameter description N/A. Default Command mode Privileged mode. For current operation of the CLI, the configuration is realized by executing the every single command. As for the configuration and deployment of a specific functional module, current CLI presentation lacks some replicable typical configuration examples, therefore, users can only ask for the configuration help by other means(such as...
  • Page 972 S2600E CLI Reference Guide Chapter 2 RLDP Configuration Command Command Description Related commands Showing Example Commands 2.4.1 rldp help Use this command to show example information of the command beginning with the keyword rldp. rldp help Parameter N/A. description Default Command mode Global configuration mode.
  • Page 973 S2600E CLI Reference Guide Chapter 2 RLDP Configuration Command Example Use the language chinese/english command in the privileged mode to switchover the Chinese/English interface. Command Description Related commands 2.4.2 rldp port help Use this command to show example information of the command beginning with the keyword rldp port.
  • Page 974 S2600E CLI Reference Guide Chapter 2 RLDP Configuration Command continue the configuration in order to complete the configuration task. Example Use the language chinese/english command in the privileged mode to switchover the Chinese/English interface. Command Description Related commands Showing Main Status Commands 2.5.1 view rldp Use this command to show configuration and running status information about...
  • Page 975 S2600E CLI Reference Guide Chapter 2 RLDP Configuration Command Currently, two commands should be used to show the related configuration and status information respectively and several commands are needed for showing various Usage status information that the user want, which is not guidelines convenient for users.
  • Page 976 S2600E CLI Reference Guide Chapter 3 TPP Configuration Commands Configuration Commands Configuration Related Commands 3.1.1 topology guard In the global configuration command mode, use this command to enable the topology protection function. Use the no form of this command to disable the topology protection function.
  • Page 977 S2600E CLI Reference Guide Chapter 3 TPP Configuration Commands 3.1.2 tp-guard port enable Use this command to enable the topology protection function on the port. Use the no form of this command to disable the function. [no] tp-guard port enable Parameter description N/A.
  • Page 978 S2600E CLI Reference Guide Chapter 3 TPP Configuration Commands Parameter description N/A. Default configuration N/A. Command mode Privileged EXEC mode. Usage This command is used to view the current TPP guidelines configuration and port detection. The following example shows how to display information Examples about the topology protection function: Ruijie# show tpp...
  • Page 979 S2600E CLI Reference Guide Chapter 4 Warm Reload & Upgrade Configuration Commands Warm Reload & Upgrade Configuration Commands Configuration Related Commands 4.1.1 reload warm This command is used to reboot or upgrade the overall system via warm reload in the global configuration mode. reload [warm] [ text | in [ hh: ] mm [ text ] | at hh:mm [ month day | day month ] [ text ] | cancel ] Parameter...
  • Page 980 Verify the image .[ok] CURRENT PRODUCT INFORMATION : PRODUCT ID: 0x20110060 PRODUCT DESCRIPTION: Ruijie Gigabit Security & Intelligence Access Switch (S2652G-E) By Ruijie Networks SUCCESS: UPGRADING OK. Ruijie#reload warm Processed with reload? [no]y *Jun 22 13:59:44: %SYS-5-RELOAD: The device is reloading due to the execution of command reload.
  • Page 981 S2600E CLI Reference Guide Chapter 4 Warm Reload & Upgrade Configuration Commands Command Description warm-reload {enable | count count-value | Related Configure the warm reload function. uptime uptime-value] Commands Show the operation history, current show warm-reload state, and statistics of warm reload. None Platform Description...
  • Page 982 S2600E CLI Reference Guide Chapter 4 Warm Reload & Upgrade Configuration Commands Example 1: Enable the warm reload, set the maximum times to 10, and set the minimum time interval to 8 minutes. Ruijie(config)#warm-reload enable Configuration To activate warm-reload, please save the configuration and restart the system. Example And 2693212 Bytes of memory will be taken when warm-reload activated.
  • Page 983 S2600E CLI Reference Guide Chapter 4 Warm Reload & Upgrade Configuration Commands Command Description Related Show the operation history, current state, and statistics of Commands show warm-reload warm reload. None Platform Description Showing Related Commands 4.2.1 show warm-reload This command is used to show the operation history, current state, and statistics of warm reload in the global configuration mode.
  • Page 984 S2600E CLI Reference Guide Chapter 4 Warm Reload & Upgrade Configuration Commands Uptime: 234(s) Example 2: Show the details of warm reload when warm reload is enabled but is not running. Ruijie#show warm-reload Warm Reload configuration state: Warm reload is enabled. Max reload count: 10 Min uptime: 60(s) Warm Reload running state:...
  • Page 985 S2600E CLI Reference Guide Chapter 4 Warm Reload & Upgrade Configuration Commands Platform None Description...
  • Page 986 S2600E CLI Reference Guide Chapter 5 SRM Configuration Commands Configuration Commands Configuration Related Commands 5.1.1 In the srm-policy configuration mode, execute "cpu" command to enter the owner-cpu configuration mode. Parameter Description Parameter description Default Command srm-policy configuration mode mode Usage guidelines Example 1: In the srm-policy configuration mode, execute "cpu"...
  • Page 987 S2600E CLI Reference Guide Chapter 5 SRM Configuration Commands commands resource Enter the SRM configuration mode. manager policy Create the monitoring policy and policy-name enter the SRM-policy configuration [global] mode. Platform description 5.1.2 instance In the config-res-group configuration mode, execute "instance" command to add resource users into the group.
  • Page 988 S2600E CLI Reference Guide Chapter 5 SRM Configuration Commands Ruijie(config-srm)#user group rgos_group Router(config-res-group)#instance snmpd Command Description Related resource commands Enter the SRM configuration mode. manager Platform description 5.1.3 memory In the srm-policy configuration mode, execute "memory" command to enter the owner-memory configuration mode. memory Parameter Description...
  • Page 989 S2600E CLI Reference Guide Chapter 5 SRM Configuration Commands commands resource Enter the SRM configuration mode. manager policy Create the monitoring policy and enter policy-name the SRM-policy configuration mode. [global] Platform description 5.1.4 policy In the srm configuration mode, execute "policy" command to create the monitoring policy and enter the srm-policy configuration mode.
  • Page 990 S2600E CLI Reference Guide Chapter 5 SRM Configuration Commands Ruijie(config-srm-policy)# Example 2: Configure a user monitoring policy named rgos_policy. Ruijie(config)#resource manager Ruijie(config-srm)#policy rgos_policy Ruijie(config-srm-policy)# Command Description Related Enter commands resource manager configuration mode. Platform description 5.1.5 policy policy-name In the config-res-group configuration mode, execute "policy policy-name" command to associate the group with monitoring policy.
  • Page 991 S2600E CLI Reference Guide Chapter 5 SRM Configuration Commands Example 1: Configure a group named rgos_group and add snmpd into the group, and finally apply the policy to this group. Ruijie#configure terminal Examples Ruijie(config)#resource manager Ruijie(config-srm)#user group rgos_group Router(config-res-group)#instance snmpd Router(config-res-group)#policy rgos_policy Command Description...
  • Page 992 S2600E CLI Reference Guide Chapter 5 SRM Configuration Commands Example: Enter the SRM configuration mode. Ruijie(config)#resource manager Examples Ruijie(config-srm)# Command Description Related commands Platform description 5.1.7 rising In the owner-memory or owner-cpu configuration mode, execute rising command to configure monitoring waterlines. {critical | major | minor} rising rising-waterline-value [interval interval-value] [falling falling-waterline-value [interval interval-value]] no {critical | major | minor}...
  • Page 993 S2600E CLI Reference Guide Chapter 5 SRM Configuration Commands The rising waterline of major must Usage be greater than that of minor, and guidelines the rising waterline of critical must Caution be greater than that of major. Example 1: Configure critical waterline. Ruijie(config-srm-policy)#memory Examples Ruijie(config-owner-memory)#critical rising 80...
  • Page 994 S2600E CLI Reference Guide Chapter 5 SRM Configuration Commands resource-policy Name of monitor policy. -name Remove the association between resource user and monitoring policy. Default Command srm configuration mode. mode Usage guidelines Example 1: Configure a user monitoring policy named rgos_policy and apply to snmpd.
  • Page 995 S2600E CLI Reference Guide Chapter 5 SRM Configuration Commands user global global-policy-name no user global Parameter Description global-policy-na Name of global monitoring policy. Parameter description Remove the association between group resource user and monitoring policy. Default Command srm configuration mode mode Usage guidelines...

  • Page 996: User Group

    S2600E CLI Reference Guide Chapter 5 SRM Configuration Commands 5.1.10 user group In the srm configuration mode, execute "user group" command to create the resource user group and enter the config-res-group configuration mode. user group resource-group-name no user group resource-group-name Parameter Description Parameter...
  • Page 997 S2600E CLI Reference Guide Chapter 5 SRM Configuration Commands Showing Related Commands 5.2.1 show resource database Display the SRM database information, including information about resource owner, resource user group and resource users. show resource database [slot slot-id [subsystem subsystem-id]] Parameter Description slot slot-id Specify the board card to be displayed.
  • Page 998 S2600E CLI Reference Guide Chapter 5 SRM Configuration Commands Examples Example 1: Display the information of all SRM databases. Ruijie#show resource database Resource Owners ------------------------------------------------------- --------- Memory Resource Users Priority ------------------------------------------------------- --------- Ktimer PROT_TASK Atimer APP_TASK printk_task APP_TASK_TS waitqueue_process PROT_TASK tasklet_task PROT_TASK cmic_pause_detect...
  • Page 999 S2600E CLI Reference Guide Chapter 5 SRM Configuration Commands Task priority, divided into: PROT_TASK: core thread HAPP_TASK_TS: high priority user thread Priority APP_TASK: application thread APP_TASK_TS: application thread with time slice IDLE: exclusive for idle process Command Description Related commands Platform description 5.2.2...
  • Page 1000 S2600E CLI Reference Guide Chapter 5 SRM Configuration Commands Command Global configuration mode. mode Usage guidelines Example 1: Display statistics of all SRM monitoring notifications. Ruijie#show resource notification owner all Owner: cpu Global Global Notif.(cr(U/D):ma(U/D):mi(U/D)) ----------------------------------------------------- -------- global Not in monitored Multi-User Group User...

Table of Contents