Xyplex GFS3012 GFS3016

GigaFrame Switch (GFS)
GFS3012 / GFS3016
Users Manual
NBase-Xyplex Communications
Manual revision 1.04
May 1999
1. Products & Services - Hardware, Software licenses and
Services as listed on the then current applicable NBASE-XYPLEX
Price List. Or as otherwise made available by NBASE-XYPLEX in
the case of refurbished Product or Product made available by
NBASE-XYPLEX in connection with any type of Product swap
program. The price that applies to any Purchase Order shall be the
price in effect as of the date of Acceptance of the Purchase Order
by NBASE-XYPLEX.
2. Acceptance of Purchase Order - NBASE-XYPLEX may
reject any Purchase Order(s). The sole terms and conditions to
govern the purchase of any Product are as set forth in these Sales
Terms and Conditions unless issued pursuant to an existing
Agreement between Purchaser and NBASE-XYPLEX referenced
on the face of the Purchase Order. All Services purchased are
subject to the NBASE-XYPLEX Support Agreement(s) applicable to
such Service.
3. Payment Terms - Payment in full for all Products and
Services purchased is due net thirty (30) days from the date of the
NBASE-XYPLEX NETWORK invoice.
4. Shipments - All shipments shall be FOB point of Origin; risk of
loss passes to Purchaser upon delivery to the carrier. Purchaser
may request the manner of shipment and the carrier, but NBASE-
XYPLEX reserves the right to ultimately designate the manner and
means of any shipment(s). Freight charges, if not stated on the
Price List as being included in the Price, will be billed to Purchaser
separately.
5. Delivery - NBASE-XYPLEX will use reasonable efforts to ship
by the estimated ship date contained in the NBASE-XYPLEX
Purchase Order Acknowledgment, but will not be liable for any
failure to ship by that date, for whatever reason.
6. Title - Title to the Software (including any firmware) and to all
applicable licenses and documentation shall at all times remain in
NBASE-XYPLEX and, to the extent applicable, to its third party
licensors. Title to the Hardware products (excluding any firmware
content) shall pass to Purchaser on delivery, subject to the security
interest that NBASE-XYPLEX retains, and the Purchaser hereby
grants to NBASE-XYPLEX, regarding all Products purchased until
the required and applicable purchase price has been paid in full by
Purchaser.
7. Warranties - PURCHASER ACKNOWLEDGES THAT
NBASE-XYPLEX MAKES NO EXPRESS WARRANTIES
REGARDING PRODUCTS OR SERVICES, THAT ANY
WARRANTIES WHICH COULD BE IMPLIED, INCLUDING, BUT
NOT LIMITED TO ANY WARRANTY OF MERCHANTABILITY,
FITNESS FOR ANY PARTICULAR PURPOSE, COMPATIBILITY,
INTEROPERABILITY, NON-INFRINGEMENT, COMPLIANCE
WITH APPLICABLE SPECIFICATIONS, FREEDOM FROM
DEFECTS, AND ERROR-FREE UNINTERRUPTED OPERATION
ARE EXPRESSLY DISCLAIMED BY NBASE-XYPLEX. ALL
PRODUCTS ARE MADE AVAILABLE HEREUNDER BY NBASE-
XYPLEX ON AN AS-IS BASIS ONLY.
However, in the event of a Product Defect, if Purchaser provides
NBASE-XYPLEX with written notice of such Product Defect (as
well as with the model and serial number of that Product for
validation purposes) within the applicable period specified below.
NBASE-XYPLEX warrants that it will repair the Product Defect at
no charge, replace the defective Product at no charge, or refund
the net purchase price paid by Purchaser for the defective unit of
NBASE-XYPLEX Sales Terms and Conditions for
the Sale and Use of Products and Services Worldwide
Product. This shall be Purchasers sole and exclusive remedy, in
contract and at law, regarding that Product, and such warranty is
non-transferable.
a. Hardware - A Product Defect shall mean a defect in Product
materials and workmanship under normal use and service, or a
material failure of the Product to perform substantially in
accordance with the applicable Product specification in a standard
configuration environment, which is reported within one (1) year
(for new Product) or thirty (30) days (for refurbished or swap
Product), of the date it was first shipped by NBASE-XYPLEX to
Purchaser, provided that such failure is not due to any faulty
installation of the Product. NBASE-XYPLEX shall have the option,
but not an obligation, to repair, replace or grant a refund with
regard to the repaired or replaced Product during the remainder of
that same period. If Purchaser is provided with replacement
Product prior to Purchasers return to NBASE-XYPLEX of the
allegedly defective Product, NBASE-XYPLEX reserves the right to
invoice Purchaser for the replacement Product (and Purchaser
agrees to pay NBASE-XYPLEX in accordance with the
requirements of that invoice) if the Product being replaced is not
returned to NBASE-XYPLEX, freight prepaid, within thirty (30)
days of Purchasers receipt of the replacement Product.
b. Software or Firmware - A Product Defect shall mean a
defect in the media itself, which is reported to NBASE-XYPLEX by
Purchaser within ninety (90) days from the date it was first
shipped by NBASE-XYPLEX to Purchaser. NBASE-XYPLEX shall
have the option, but not an obligation, to repair, replace or grant a
refund with regard to the repaired or replaced Product during the
remainder of that same period.
c. Services - NBASE-XYPLEXs responsibility and liability for
any defective Service(s) is solely as set forth in the applicable
NBASE-XYPLEX Support Agreements. To the extent NBASE-
XYPLEX provides any Services without charge, such Services shall
be supplied on an AS-IS basis only, and NBASE-XYPLEX shall bear
no responsibility or liability for such Services.
8. Responsibility - NBASE-XYPLEX responsibility for
repairing, replacing or refunding the net purchase price paid by
Purchaser for Products with Product Defects applies only to
Product Defects present when shipped by NBASE-XYPLEX.
Accordingly, and for example, NBASE-XYPLEX is not responsible
for repairing, replacing or refunding the purchase price paid for
Products with Product Defects arising out of any accident, abuse,
misapplication, alteration, attached equipment, improper handling
or installation, improper operation, operation outside of the
environmental specifications for the Products, or, any other cause
outside of NBASE-XYPLEXs control.
9. Infringement - NBASE-XYPLEX retains the exclusive right
to defend Purchaser against any claim(s) based on a NBASE-
XYPLEX Product (excluding Third Party Product content)
infringing a patent or copyright. If Purchaser provides NBASE-
XYPLEX with prompt written notice of a claim(s) or any threat of
such a claim(s), and provided that Purchaser gives NBASE-
XYPLEX all assistance required in connection with such defense
and Purchaser is not in breach of its obligations hereunder, NBASE-
XYPLEX will pay all damages finally awarded. However, NBASE-
XYPLEX may, at its option, settle any such claim(s), purchase a
license under the allegedly infringed patent or copyright, replace or
modify the Product to avoid the infringement asserted, or grant
Purchaser a refund or credit not to exceed the purchase price paid
by Purchaser for the infringing unit(s) of Product. Subject to
Paragraph 10 below, NBASE-XYPLEXs responsibility or liability
with regard to infringement claim(s) shall apply only to the
infringement of a patent or copyright by the unmodified NBASE-
XYPLEX Product on a standalone basis. Accordingly, and for
example, NBASE-XYPLEX shall have no responsibility or liability for
any intellectual property infringement claim(s) arising out of the
combination, operation or use of any NBASE-XYPLEX Product(s)
with hardware, software or firmware not owned or licensed by
NBASE-XYPLEX hereunder.
10. Third Party Products - To the extent any Product
includes hardware, software or firmware purchased or licensed by
NBASE-XYPLEX from a third party (Third Party Products),
Purchasers right to use such third party content shall be subject to
the terms and conditions packaged with such contents. NBASE-
XYPLEX only responsibility and liability for any Third Party
Products shall be limited to passing through whatever warranty
protections, support, licensing and indemnification protections it is
entitled to pass through to Purchaser.
11. License - Subject to the provisions of Paragraph 10 above,
NBASE-XYPLEX grants Purchaser a non-transferable, non-
exclusive personal license to use the NBASE-XYPLEX Software at a
Purchaser facility that is owned and controlled by Purchaser, solely
to communicate to NBASE-XYPLEX Hardware at that same facility
for Purchasers own end-use purposes at such facilities. Such end-
use specifically excludes any right to, and Purchaser agrees not to
(i) decompile, reverse compile, disassemble, reverse engineer or
perform any other activity which has as its purpose or otherwise
results in the derivation of NBASE-XYPLEX Software source code;
(ii) copy except as authorized in Paragraph 13 below; (iii) modify; or
(iv) transfer, the NBASE-XYPLEX Software and/or any
documentation associated therewith. This license will terminate if,
as and when Purchaser fails to comply with any term or condition
of this Agreement.
12. Indemnification - Purchaser agrees to indemnify and
hereby holds NBASE-XYPLEX harmless from any liabilities, claims,
or damages, in contract and at law, arising out of any (i) any act or
omission of Purchaser (including but not limited to any use of a
Product), or (ii) NBASE-XYPLEXs compliance with Purchasers
instructions, specifications or requirements.
13. Backup - Purchaser may make one (1) single copy of the
NBASE-XYPLEX Software solely for backup purposes but provided
that all legends, notices and logos appearing on the original copy
supplied to Purchaser are accurately reproduced on the backup
copy.
14. Audit - NBASE-XYPLEX shall have the right to inspect the
Purchasers facility(s) where the NBASE-XYPLEX Products are
located, and to audit Purchasers records to satisfy itself that
Purchaser is complying with all requirements of this Agreement.
15. Product and Methods of Doing Business Changes
NBASE-XYPLEX reserves the right to modify as well as obsolete any
and all of its Products, associated Product offerings as well as the
basis of their availability, at any time and without notice.
16. Insolvency - In the event of any proceedings, voluntary or
involuntary, in bankruptcy or insolvency, brought by or against
Purchaser, including any proceeding under the applicable Federal
or State Bankruptcy law currently in effect, or in the event of the
appointment, with or without NBASE-XYPLEX consent, of any
assignee for the benefit of creditors or of a receiver, NBASE-
XYPLEX shall be entitled to accelerate the due date for payment of
any invoices then outstanding and to cancel any unfilled part of
any outstanding Purchase Order issued by Purchaser, without
liability or penalty.
17. Overshipment or Undershipment - Purchaser shall be
obligated and agrees to promptly pay for all Products in accordance
with Paragraph 3. Shipment to Purchases of less than the quantity
of Products ordered shall not entitle Purchaser to withhold
payment for those Products already received. Shipment of more
than the quantity of Products ordered shall entitle Purchaser to
withhold payment for Products not ordered, provided such
Products are shipped (prepaid) back to NBASE-XYPLEX in their
original, unopened containers, within ten (10) days of their receipt.
18. Data Rights - The NBASE-XYPLEX Software Products and
the software programs contained in any Third Party Products, as
well as the related documentation, are commercial computer
software or commercial computer software documentation.
Purchasers rights with respect to such NBASE-XYPLEX Products,
Third Party Products and documentation are limited by the
NBASE-XYPLEX terms and conditions set forth herein or which
are otherwise published, pursuant to FAR 12.212(a) and/or DFARS
227.7202-1(a), as applicable.
19. High-Risk - The NBASE-XYPLEX Products and Third Party
Products purchase hereunder are not fault-tolerant and are not
designed, certified, manufactured or intended for use in hazardous
environments requiring fail-safe or uninterrupted performance,
including without limitation, the operation of nuclear facilities,
aircraft navigation or communication systems, air traffic control,
direct life support machines, weapons systems, or disposal of
hazardous waste, in which the failure of such software programs
could lead, directly or indirectly, to death, personal injury, or severe
physical or environmental damage (High Risk Activities).
Purchaser agrees not to in any manner represent, directly or
indirectly, that any NBASE-XYPLEX Product or Third Party
Product is in any way suitable for such Activities. NBASE-XYPLEX
HAS NOT MADE ANY EXPRESS WARRANTIES, AND
SPECIFICALLY DISCLAIMS ALL WARRANTIES THAT COULD
BE IMPLIED, INCLUDING BUT NOT LIMITED TO WARRAN-
TIES OF FITNESS FOR ANY PARTICULAR PURPOSE SUCH AS
HIGH RISK ACTIVITIES. Purchaser shall, and agrees to
indemnify and hereby holds NBASE-XYPLEX harmless from and
against any and all claims for losses, costs, damages, expenses, or
liability that may arise out of, or be connected with, Purchasers
failure to comply with this obligation.
20. Limitation of Remedies - TO THE EXTENT
ENFORCEABLE, AND AS PART OF THE BARGAINED FOR
CONSIDERATION, NBASE-XYPLEXS LIABILITY, IN
CONTRACT AND AT LAW (IRRESPECTIVE OF FAULT OR
NEGLIGENCE), SHALL BE LIMITED TO DIRECT DAMAGES
SUFFERED BY PURCHASER AND SHALL BE LIMITED TO THE
PURCHASE PRICE PAID BY PURCHASER TO NBASE-XYPLEX
FOR THE NBASE-XYPLEX PRODUCT(S) THAT IS/ARE THE
SUBJECT OF A SPECIFIC CLAIM. IN NO EVENT SHALL
NBASE-XYPLEX BE RESPONSIBLE OR LIABLE TO PURCHASER
OR TO ANY THIRD PARTY FOR ANY DAMAGES, HOWEVER
CHARACTERIZED, WHICH EQUATE TO LOST PROFITS, LOST
SAVINGS, LOSS OF USE, LOSS OF BUSINESS OPPURTUNITES,
OR ARE PUNITIVE, INCIDENTAL, SPECIAL, INDIRECT, OR
CONSEQUENTIAL IN NATURE, OR WHICH OTHERWISE
ARISE OUT OF THE USE OF OR INABILITY TO USE ANY
NBASE-XYPLEX PRODUCT(S) OR THIRD PARTY PRODUCTS,
EVEN IF NBASE-XYPLEX WAS ADVISED OF THE POSSIBILITY
OF SUCH DAMAGE. IN NO EVENT SHALL NBASE-XYPLEXS
CUMULATIVE MAXIMUM AGGREGATE LIABILITY EXCEED
THE TOTAL PURCHASE PRICE PAID HEREUNDER BY
PURCHASER FOR NBASE-XYPLEXPRODUCTS.
21. Assignment of Rights - Purchaser shall not delegate any
duties nor assign any rights or claims under this contract or for
breach thereof without the prior written consent of NBASE-
XYPLEX, and no attempted delegation or assignment absent such
consent shall be binding on NBASE-XYPLEX.
22. Remedies - The rights and remedies provided to Purchaser
herein shall be exclusive and in lieu of any other rights and
remedies provided by law or equity (or provided under the
Uniform Commercial Code).
23. Waiver - Waiver of a breach of any of these terms and
conditions shall not constitute waiver of full compliance with such
provision, nor shall it be construed as a waiver of any other breach.
24. Governing Law - These terms and conditions shall be
interpreted, governed and enforced in all respects according to the
laws and by the courts of the Commonwealth of Massachusetts
(excluding its conflicts of law provisions).
25. Export - Purchaser agrees not to ship, transfer or export,
directly or indirectly, any Products nor any direct product thereof,
outside of the U.S. unless in full compliance with all applicable
export requirements, and in no event into any country prohibited
by the United States Export Administration Act and the regulations
thereunder.
26. Acknowledgment - PURCHASER REPRESENTS THAT IT
HAS READ AND UNDERSTANDS THIS AGREEMENT, HAS
HAD THE BENEFIT OF LEGAL COUNSEL IN THIS REGARD,
AND AGREES TO BE BOUND BY THESE TERMS AND
CONDITIONS. THIS AGREEMENT IS THE COMPLETE AND
EXCLUSIVE STATEMENT OF THE UNDERSTANDINGS
REACHED BETWEEN PURCHASER AND NBASE-XYPLEX AND
SUPERCEDES ALL PROPOSALS, AND PRIOR WRITINGS AND
AGREEMENTS, VERBAL OR WRITTEN, BETWEEN THESE
PARTIES RELATING TO THE SUBJECT MATTER OF THIS
AGREEMENT.
FCC Notice
WARNING:
This equipment has been tested and found to comply with the limits for a Class A digital
device, pursuant to Part 15 of the FCC Rules. These limits are designed to provide reasonable
protection against harmful interference when the equipment is operated in a commercial
environment. This equipment generates, uses, and can radiate radio frequency energy and, if
not installed and used in accordance with the instruction manual, may cause harmful interfer-
ence to radio communications. Operation of this equipment in a residential area is likely to
cause harmful interference in which case the user will be required to correct the interference at
his own expense.
The user is cautioned that changes and modifications made to the equipment without approval
of the manufacturer could void the users authority to operate this equipment
It is suggested that the user use only shielded and grounded cables when appropriate to ensure
compliance with FCC Rules.
This unit has no operator serviceable parts. Repair is for certified technicians.
Copyright NBase-Xyplex. All Rights Reserved. No part of this publication may be repro-
duced, transmitted, transcribed, stored in a retrieval system, or translated into any language,
in any form or by any means, electronic, mechanical, photocopying, recording or otherwise,
without the express written permission of NBase-Xyplex.
The digitally encoded software included with this product is copyrighted by NBase-Xyplex and
MultiPort Corporation. All Rights Reserved. This software may not be reproduced, modified,
displayed, transferred, or copied in any form or in any manner or on any media, in whole or
in part, without the express written permission of NBase-Xyplex, except in the normal use of
the software to make a backup copy.
Information in this manual is subject to change without notice and does not represent a
commitment on the part of NBase-Xyplex. The software described in this manual is furnished
under a license agreement and may only be used or copied in accordance with the terms of the
agreement.
All products and brand names are trademarks or registered trademarks of their respective
holders.
Nbase-Xyplex
295 Foster Street
Littleton, MA 01460-2016
Tech Support: (800) 435-7997
International Support: +978 952-4888
E-mail: support@nbase-xyplex.com
Fax: (978) 952-4880
URL: http://www.nbase-xyplex.com
Contents
Chapter 1: System Overview........................................................... 10
1. Description............................................................... 10
Features .................................................................................. 11
2. Typical Configurations ............................................ 13
Configuring Your Network......................................................... 13
Typical Network Applications ................................................... 13
3. Installing the GFS3012/GFS3016 Chassis and Modules ...... 17
Installing the GFS..................................................................... 17
Understanding the Front Panels ............................................... 18
4. Troubleshooting ...................................................... 22
5. Technical Specifications ........................................ 24
Chapter 2: Administrative Interface ................................................ 26
System Concepts ......................................................... 26
Overview.................................................................................. 26
The RS232 Interface................................................................ 26
Command Line Interface .......................................................... 26
Users, access rights, and Logging in and Out .......................... 29
First Time Login ....................................................................... 30
Telnet ....................................................................................... 30
Boot Sequence, and Restarting the System............................. 31
BOOTP and TFTP ................................................................... 31
Upgrading the system software ............................................... 32
Message Logging..................................................................... 32
NVRAM.................................................................................... 33
System Control ........................................................................ 33
Ping.......................................................................................... 33
Frame Generator ..................................................................... 34
Ports and Interfaces ................................................................ 34
The Private Interface ............................................................... 35
SLIP......................................................................................... 36
Parameter Upload/Download ................................................... 36
Learning Table / VLANs............................................... 37
Overview.................................................................................. 37
Learn Table .............................................................................. 37
Installing and Deleting Addresses ............................................ 38
Trustee Lists (Max 32) .......................................................... 38
Tag Lists (Max 32) ................................................................ 38
Policies (Max 32) .................................................................. 38
Virtual LANs (Max 64) ........................................................... 40
VLANs General Configuration Modes....................................... 41
Isvlan ............................................................................ 42
TCI ................................................................................. 42
Custom Filters (Max 32)............................................ 42
Port Mirroring (Max-8) ................................................. 43
Port Trunking or Ether Channel ................................. 44
Controlling SNMP ........................................................ 45
Overview.................................................................................. 45
Community Strings ................................................................... 45
Traps ....................................................................................... 45
Authentication........................................................................... 46
Spanning Tree.............................................................. 47
Overview.................................................................................. 47
Port States and Topology Changes.......................................... 47
Configuring ............................................................................... 48
Enhancements.......................................................................... 49
Chapter 3:Commands and Descriptions......................................... 50
Console Commands: ................................................... 50
System..................................................................................... 53
System Control ........................................................................ 59
Frame Generator ..................................................................... 63
IP ............................................................................................. 66
SNMP ...................................................................................... 71
Learn Table .............................................................................. 73
VLAN ....................................................................................... 76
ISVLAN .................................................................................... 91
TCI ........................................................................................... 93
Custom Filter ........................................................................... 95
Port Mirror ............................................................................... 99
Ether Channel or Port Trunking .............................................. 102
Port Configuration .................................................................. 104
Modules ................................................................................. 107
Statistics ................................................................................ 109
Spanning Tree ........................................................................ 111
Email ...................................................................................... 115
Console Command Line Reference ......................... 116
Console Commands ............................................................... 116
System Commands ................................................................ 116
System Control Commands ................................................... 117
Frame Generator Commands ................................................ 117
IP Commands ........................................................................ 118
SNMP Commands.................................................................. 118
Learn Table Commands ......................................................... 118
Virtual LAN Commands .......................................................... 119
ISLAN Commands.................................................................. 120
TCI Commands ...................................................................... 120
Custom Filter Commands....................................................... 120
Port Mirror Commands .......................................................... 120
Ether Channel or Port Trunking Commands ........................... 121
Port Configuration Commands ............................................... 121
Module Related Commands ................................................... 121
Statistics Commands ............................................................. 121
Spanning Tree Commands ..................................................... 122
Email Commands ................................................................... 122
Chapter 4: Using an SNMP Manager ............................................ 123
Configuring the GFS3012/GFS3016 with an SNMP Agent ..... 123
Global Setup .......................................................................... 123
IP Setup ................................................................................. 124
SNMP Setup .......................................................................... 125
Chapter 5: Troubleshooting........................................................... 126
Appendix A. System Default Values .............................................. 127
console .................................................................................. 127
system ................................................................................... 127
ip............................................................................................ 127
snmp ...................................................................................... 127
switch-db ............................................................................... 127
port configuration ................................................................... 127
spanning tree ......................................................................... 127
Appendix B. InterSwitch Virtual Networking ................................ 128
Overview .................................................................... 128
VLAN implementation: A technical overview: .......................... 129
NBase-Xyplex Networks InterSwitch Virtual Networking ........ 130
VLAN Example ....................................................................... 130
Spanning Tree and InterSwitch Virtual Networking ................. 131
Chapter 1: System Overview
1. Description
The GFS3012/GFS3016 Giga Frame Switch (GFS) is the second member in a family
of Gigabit switching products from NBase-Xyplex, and supports the requirements
of the next wave of networking; more bandwidth, elimination of bottlenecks, better
manageability, and dependable multimedia support.
The GFS is a store and forward Gigabit Ethernet switch. The GFS is available in a
4-slot or 6-slot chassis, and can accommodate a variety of different modules and
supports up to 16 gigabit ports or 62 10/100 ports, all with selectable half or full
duplex. The GFS provides a cost effective solution for high speed backbone
switching. It combines wire speed routing at gigabit rates, and its superior routing
capacity meets the needs of todays and tomorrows networks. A typical GFS
chassis includes a management module, and can support four additional modules.
Modules available include:
a. 4 Gigabit fiber-optic ports c. 8 100 Mbit/sec fiber-optic ports
b. 16 10/100 TX ports d. Frame processor module(FPM)
that supportsVLAN tagging and de-tagging
Broadcast and security domains may be defined, creating Virtual Networks that
allows secure workgroups and better management of network traffic. Any wire
speed filter can be defined based on: multicast/broadcast, source port, destination
port, MAC address, protocol, and VLAN tag.
The 6-slot GFS offers fault tolerant architecture with redundant power supplies and
hot-swappable fans module.
Each 1Gbps port supports a Gbps segment with fiber optic full duplex connectivity.
NBase-Xyplex offers several different fiber options to precisely meet your distance
requirements: links of up to 95Km are possible.
Delays in data transfer are eliminated through the GFSs unique store and forward
architecture with direct port to port transfer. Its proprietary hardware enables the
GFS to have a filter and forwarding rate of 5.4M packets per second.
11
The GFS can operate as an enterprise backbone switch in conjunction with any of
the NBase-Xyplex ethernet switching products such as the MegaSwitch II series
switches, the MegaSwitch 5000 series, the MegaSwitch G series, and the GigaHub.
The GFS does not require special network management software and can be
monitored and managed with any SNMP based network management software
(NMS) if so desired. However, NBase-Xyplex offers a comprehensive NMS,
MegaVision, which easily exploits the advanced features of all NBase-Xyplex
ethernet products through a graphical user interface. MegaVision is available for
several different operating systems. For more information on MegaVision, please
contact NBase-Xyplex, or download a demo from our web site (www.nbase-
xyplex.com).
Features
Three versions of the 19 rack mount chassis are:
GFS3012BU - 5.25 in. high version supports up to 3 port modules
GFS3012BU/R - 8.75 in. high version supports redundant power supplies and
up to 3 port modules
GFS3016BU - 8.5 in. high version supports up to 4 port modules, and has hot-
swappable fans and redundant power supplies.
Available port modules includes:
4 switched Gigabit Ethernet ports for 1000BaseLX or SX with multi or single
mode fiber
16 switched 10/100BaseTX ports
8 switched 100Base FX ports
Frame Processor Module (FPM) to support VLAN tagging and de-tagging
Auto ranging power supplies
Flow Control ensures zero packet loss
4096 MAC address cache entries
8Gbps bandwidth
256Kb buffer per port
Forwarding rate of 5.4M packets per second
Sytem Overview
12
Chapter 1
Class of Service (CoS) with a two level priority scheme per:
source and destination address
protocol
VLAN-ID
Multicast and Unicast frames
VLAN support based on:
Source port
MAC source and destination address
protocol type
tag per 802.1q
IP Multicast support
DirectIP layer 3 switching support
NBase-Xyplexs DirectIP implementation of layer 3 switching is designed for
complete standard compliance, offering the following benefits:
Wire speed switching for Gigabit Ethernet IP networks, scalable to any speed
(megabit to multi-gigabit pps)
Works with any third party network devices, supporting legacy networks
Patent-pending DirectIP technology works in conjunction with DHCP to
offer the ultimate in automatic IP network configuration.
Ethernet and serial terminal based administrative interface port on the
controller module, providing switch configuration and management
Downloadable system for software and hardware upgrades (serial or TFTP)
Full SNMP support
RMON support (Groups 1, 2, 3, and 9)
Spanning Tree
Telnet
System Overview
13
2. Typical Configurations
Configuring Your Network
Links to a file server and links between switches often create bandwidth bottle-
necks.
When a dedicated 100Mbps link is not fast enough, or when a network-wide
upgrade path is planned, Gigabit Ethernet is the most viable solution.
Typical Network Applications
Typical network applications for the GFS are:
Central backbone switch for buildings or campus environments, with Gigabit
speeds
Any application that needs a Gigabit Ethernet switch with up to 32 10/100 ports
Below is an example of a GFS3012 or GFS3016 as a Gigabit Ethernet backbone switch
with connectivity to either the MegaSwitch II, MegaSwitch 5000, or to GigaHub
switch with connections to Gigabit Ethernet server farms. The GFS is located in the
center of the switched network surrounded by edge devices using Gigabit Ethernet
uplink ports:
Typical Configurations
14
Chapter 1
Any combination of 10/100 Mbps and 1000Mbps ports
The Gigabit Ethernet ports are connected to centralized servers equipped with Gigabit
Ethernet adapters and the 100Base-FX ports are connected to 10/100 Mbps
MegaSwitch II series devices.
You can use theGFS3012 or GFS3016 as a gigabit Ethernet desktop switch for high-
end stations such as CAD/CAM, publishing, or backup servers. These stations
typically require short response time during the transmission of gigabyte files over the
switched network.
15
You can also use the GFS3012 or GFS3016 to migrate from a distributed Gigabit
Ethernet topology to a switched Gigabit Ethernet backbone as shown in the following
illustration:
16
Chapter 1
By using the Layer -2 VLANs and/or Layer- 3 switching features of the GFS, more
packet control and network security is added:
17
3. Installing the GFS3012/GFS3016 Chassis
and Modules
Installing the GFS
Complete the following step-by-step instructions to successfully install the
GFS3012/GFS3016 into your network:
1: Determine the best location for the GFS
Affix the GFS to a 19 rack using the enclosed rack mount ears, or place the unit on a
secure flat surface. Ensure that the unit is within reach of the necessary connections
(i.e. power outlet, Ethernet connections, and a PC, UNIX workstation, or modem, if
the Switch will be monitored via the serial port).
2: Plug in the Switch
Connect the power cord(s) to the switch and an outlet. Turn the power switch(es) to
the ON position. The power supply automatically adjusts to any outlet providing
between 90 VAC and 264 VAC at 50/60 Hz. Use the following types of power cords:
For a 115 Volt configuration - Minimum type SJT (SVT) 18/3, rated 250 AC, 10
Amps with a maximum length of 15 feet. One end terminated in an IEC 320 attach-
ment plug. The other end in a NEMA 5-15P plug. This is the cord normally sup-
plied with the GFS.
For a 230 Volt configuration - Minimum type SJT (SVT) 18/3, rated 250 Volts AC,
10 Amps with a maximum length of 15 feet. One end is terminated in an IEC 320
attachment plug. The other end terminated as required by the country where it will
be installed.
Le cable de transport denergie que doit etre utilis la configuration 230 Volts est le type
minimum SJT (SVT) 18/3, nominal 250 Volts AC, 10 Amps, 4.5m long maximum. Un
bout est raccorde comme exige par le pays ou il sera utilis.
Das Netzkabel ist das hauptsachliche Diskonnektionsmittel, es sollte in eine
leicht erreichbare steckdos gesteckt werden. Das Netzkabel kann mit einer 230
Volts Konfiguration verwonder werden vom typ: Minimum VDE or HAR, 3 X
Installation Guide
18
Chapter 1
1.00 mm
2
, 250 VAC, 10 Amps, maximal 4.5m long. Ein Ende ontspriche dem
Stecker IEC 320. Das andere Ende entspricht den Anfoderungen des
entsprechenden Landes.
The redundant power supply option is available in 2 of the 3 GFS chassis
options. No special operation action is required to support this option; just plug
in each power supply and turn it on. The power modules are hot swappable;
either one may be replaced without affecting operation of the GFS.
3: Connect the Ethernet Devices
For optimum performance, the Ethernet segments connected to the GFS must be
configured carefully. Generally, the segments should be configured so that
machines on a given port communicate primarily among themselves; i.e. most
traffic does not need to cross the switch. However, there are situations for which
this is not the best configuration.
Note: for configuration examples please refer to Section 2 of this Installation Guide.
4. What to do next
If you are using the GFS as a stand alone device please refer to Section 4 in the
Administrative Interface later in this manual.
If the GFS will be controlled by MegaVision, please refer to your MegaVision User
Guide for instructions on using the switch with MegaVision.
Understanding the Front Panels
Any version of the GFS3012 or GFS3016 Chassis includes a management module
and can accept several data modules. The available modules include:
1 . Management module
The Management Module has three connectors and status LEDs:
a. Two RJ-45 10BaseT connectors for out-of-band management. One is an MDI
connector for use with a straight cable to a management station. An MDI-X
connector is also provided to facilitate cabling.
The RJ-45 ports have 4 LEDs:
RX: Receive frames
TX: Transmit frames
Col: Collision indicator
Link: Valid link indication
*NOTE: If link LED is on; there is a valid link. If link LED is off; there is not a valid link. If link LED is
flashing; there is a mis-configuration.
19
b. One DB9 serial connector (male) for out-of-band connections.
The DB9 serial connector has 6 system LEDs adjacent to it:
Test: Self test active
Fault: Flashes when the self test fails
Pwr: System power is on
Act: Flashes when hardware configuration active
PS1 Ok: Main power supply active and ok
PS2 Ok: Secondary power supply active and ok
2 . Four port multi-mode Gigabit Module (EM3012GE (LX or SX)).
The four port gigabit module has two DSC fiber connectors and six LED indicators
per port:
Xmt: Transmit frames
Rx: Receive frames
Err: Receive error
Fc: Flow control active
Mgmt: on - spanning tree forwarding; off - spanning tree blocked/disabled;
flashing - listening and learning
The module also has two LEDs on the left side, which indicate:
Act: the GFS management is accessing the module, for purposes like statistical
operations, polling, or configuration changes
Err: this LED flashes when the self-test process has detected an error on this
module.
3. Sixteen port 10/100BaseTX Module (EM3012-16TP)
The sixteen port 10/100 module has 16 RJ-45 connectors, each with two built-in LEDs
the upper left LED indicates transmit/receive
the upper right LED indicates link speed (10Mbps is yellow, 100Mbps is green)
The module also has two LEDs on the left side, which indicate:
Installation Guide
20
Chapter 1
Act: the GFS management is accessing the module, for purposes like statistical
operations, polling, or configuration changes
Err: this LED flashes when the self-test process has detected an error on this
module.
4. Redundant Power Supply (RPS)
Each RPS module has a power good LED, and on/off switch, and a power cord.
The GFS will operate properly if either module:
is installed into the chassis
has a power cord installed, with 90-260VAC applied
is turned ON
has a power-good indicator illuminated
The modules are hot-swappable; if one module is plugged in and turned ON and
shows no power-good LED, it should be replaced with a good module.
5 . Eight Port Multi-mode 100Base FX Module
The eight port 100Base FX module has two DSC fiber connectors and 4 LED
indicators per port:
Rx: Receive frames
Fd: Full Duplex
21
The module also has two LEDs on the left side that indicates:
Act: The GFS management is accessing the module, for purposes like statistical
operations, polling, or cofiguration changes
Err: This LED flashes when the self-test process has detected an error on this
module
6. Frame Processor Module(EM3012FP)
The frame processor module adds and strips VLAN tags from the frames, and it has
eight LED indicators on the front panel.
Act: Indicates activity on the FPM module, or indicates activity on either of the
two uplink modules installed in the FPM module
Err: Error occured during self-test
Tx: FPM is sending data to the backplane
Rx: FPM is receiving data from the backplane
VLAN: Tag is being added or stripped
Nf: Indicates an IP frame that did not get routed
IP: Indicates a frame is being routed
7. Gigabit Module Uplink for the FPM:
The FPMs gigabit uplink module has two DSC fiber connectors and six LED
indicators per port:
Rx: Receive frames
Rx: Receive frames
Err: Receive error
Fc: Flow control active
Mgmt: On - spanning tree forwarding; Off - spanning tree blocked/disabled;
Flashing - listening and learning
Installation Guide
22
Chapter 1
4. Troubleshooting
The GFS is a highly reliable unit. If there are any operating problems, the fault
probably lies in some other aspect of the configuration. However, if after following
the troubleshooting steps below (in order), you find that the Switch is still not
functioning correctly, please contact your local NBase-Xyplex representative:
1. Ensure that the unit is plugged into a grounded, functioning AC outlet
providing between 90 VAC and 264 VAC at 50/60 Hz.
2. Review all link LEDs to ensure that those ports you believe should be
functioning are properly attached to a cable.
3. If you still have a problem with attaining link, verify that the fiber optic cable
budget is within the range specified in the technical specifications.
4. Review all link LEDs to ensure that those ports you believe should be
functioning are properly configured, and not disabled or partitioned. If the
suspect ports are disabled or do not seem configured properly, re-configure the
port through SNMP management or the Administrative Interface.
5. If the Flow Control LED shows excessive activity, refer to Chapter 1, Section 2
for a discussion of how to best configure your network for operation with a
switch.
6. If link LED is on there is a valid link. If link LED is off, there is not a valid link.
If link LED is flashing, there is a mis-configuration.
7. If there is trouble with link or with excessive errors on any Fiber Optic connec-
tion, ensure that the cable type matches the optic type of the port (multimode vs.
singlemode).
8. Ensure that the equipment attached to the switch is properly configured.
If you encounter any situations or problems you cannot solve, obtain, if possible,
the following information:
The serial number of your Switch and its hardware address.
The configuration of the equipment that is being interfaced with the Switch.
The sequence of events leading up to your problem.
Actions you have already taken.
23
When you have compiled the above information, contact your local NBase-Xyplex
representative or a Customer Service Representative. Customer support in the US is
available at 1-800-435-7997. International customers may call +978-952-4888.
E-mail: support@nbase-xyplex.com (US)
Visit the NBase-Xyplex web site at http://www.nbase-xyplex.com/ to:
Download the latest version of this document
(www.nbase-xyplex.com/pdf)
View NBase-Xyplex product data sheets
Download the latest version of NBase-Xyplexs Management
software
Download the latest flash upgrade
Look at application notes and white papers
Troubleshooting
24
Chapter 1
Standards Supported
IEEE802.3z GigaBit Ethernet
IEEE802.1q VLAN Tagging
Support
IEEE802.1d Bridge/Spanning
Tree
SNMP RFC 1157, etc.
MIB II RFC 1213, etc.
Bridge MIB RFC 1493
RMON Groups 1, 2, 3, and 9
Mounting
Tabletop or Standard 19 rack,
with mounting brackets.
Physical Connectors
Management cables:
a. RJ-45 (MDI and MDI-X)
b. DB9 serial cable
Data cables:
a. RJ-45 MDI-X (16 port module)
b. Dual SC (4-port gigabit
module and 8-port gigabit module
and gigabit uplink modules)
Environment
Operating temperature:
5 ~ 40 Celsius
Storage temperature:
-10 ~ 65 Celsius
<95% humidity (non-condensing)
Buffers
256KB per port (GB Board)
Addresses
4096 MAC Addresses
Addresses Filtering
Transparent, automatic self learning
at full wire speed. Cache aging time
manageable. Custom filtering by MAC
address, port, and protocol.
Store-and-Forward Switching
Provides complete runt and error
filtering on all packets. Flow control
prevents packet loss.
Network Management
In-band and out-of-band SNMP, all
standard MIBs, private MIB, RMON
MIB (4 groups), and out of band serial
console support.
Filter/Forward Rate
5,400,000 pps
Learning Rate
5,400,000 pps
Boot and Configuration
NVRAM configuration is loaded on
power up and is fully downloadable.
Firmware is local/remote
downloadable.
Interfaces
Management: UTP RJ-45 and RS-232
DB-9. Three or four slots for port
modules.
5. Technical Specifications
25
Emissions & Safety
FCC Part 15, Class A
TUV GS Mark
CE Mark
EN 60950
IEC 950
EN 55022, Class A
VCC I, Class A
UL 1950
CSA 22.2
Cooling
Redundant DC Fans for electronics modules
One DC fan per power supply module
Optical Specifications
Gigabit modules are available in the following configurations:
Wavelength Mode Distance
850nm multi 0-500m
1310nm multi 0-500m
1310nm single 0-6km
1550nm single 0-50km*
1550nm single 15-95km*
*contact NBase-Xyplex for details
Technical Specifications
26
Chapter 2: Administrative Interface
System Concepts
Overview
This section describes some useful system concepts for dealing with the on-board SNMP agent,
and administrative interface of the device.
The Administrative Interface provides the following:
a. Configuration of system parameters, including the serial line and/or the consoles parameters
b. Configuration of the Switchs SNMP Agent parameters
c. Configuration of the ports physical and bridging parameters
d. Network performance monitoring
e. A fail-safe backup for in-band management
The RS232 Interface
The device has an RS232 interface, which may be used for a serial connection to the Administra-
tive Interface, to run SLIP, or to download firmware in the event of Flash corruption (using Z-
modem or Y-modem).
The serial parameters for the RS232 interface are: 8 data bits, 1 stop bit, no parity, and no flow
control, at 9600 baud.
Command Line Interface
Access to the Administrative Interface is via a command-line-interface, meaning that in order to
ask the device to perform some operation, simply type the appropriate command.
27
To execute a command, simply type the command, followed by the parameters that the com-
mand requires (see the Reference Guide, or online help), and press <return>. You must type the
correct number of parameters. If you do not, then the Administrative Interface will inform you
whether you have typed too many or too few arguments, and will repeat the command as it was
previously typed. If you entered too many parameters, the Administrative Interface will delete
the extra parameters when re-displaying the line. Simply hit <return> if the new command is as
desired, or change the command line as necessary.
Of course, the backspace (<^h> or <del>) keys work on the command line. You may not,
however, use the arrow keys. There are several additional keys that are useful:
Key function
Ctrl-h Backspace
Delete Backspace
Return Enter the command
? On-line help (displays the parameters for the entered command)
! Repeat previous command
Ctrl-p Repeat previous command
Ctrl-w Delete previous word
Ctrl-n Repeat next command (if you have already used Ctrl-p or !)
Ctrl-u Erase line
Tab Command completion (see below)
Quotation Enclose an argument containing spaces in quotation marks to include the spaces in
the argument
The <Tab> key has a special purpose. If you type some text and then press the <Tab> key, the
Administrative Interface searches for commands that begin with the text entered. If it finds a
single match, then that command will be automatically displayed. If more than one command
matches the entered text, then the system will display as much text as is shared by all the
commands which share the already entered text, and will beep. After this, you may type the rest
of the desired command name, or you may press <Tab> again. If you press <Tab> again, then
the list of commands that match the text entered will be displayed.
For example, suppose that the command line interface consisted only of the commands get-lt-
filter, and get-lt-16. Then, if you typed ge<Tab>, the system would respond by filling in get-
lt-. If you pressed <Tab> again, then the two commands would be listed. If you continued by
typing f<Tab>, then the system would finish the command get-lt-filter.
28
The Administrative Interface assumes that any space between text is to separate parameters.
When a parameter is a text string, and you want to include a space inside the text string, enclose
the entire parameter in quotation marks, as follows:
Set-prompt My Prompt:
The system maintains a history list of up to 20 commands, which have been typed in by the user.
To move backwards through this list, use <Ctrl-p> or <!>. To move forwards, use <Ctrl-n>.
If you enter a command incorrectly, a message is displayed indicating the type of error that
occurred. For example, typing a nonexistent command gives the following message:
SYS_console> pin
command <pin> not found
If the command exists but the number of parameters is incorrect, the following message is
displayed:
SYS_console> ping
too few arguments
The Administrative Interface provides a history of the last commands. In order to obtain the last
command in the command history, press <!> or Ctrl-P at the prompt.
29
SYS_console> ip
IP related commands
--------------------------------------------------------------
get-ip show current IP address
set-ip set IP address
get-ip-conf show current IP configuration
set-ip-conf set IP address , netmask and broadcast
set-slip set slip IP address
get-slip get slip IP address
get-slip-conf show current IP configuration
set-slip-conf set IP address , netmask and broadcast
get-gatew show default gateway
set-gatew define default gateway
get-arp-tbl display the ARP table
del-arp-entry deletes an entry/all entries(*) of the ARP tbl
add-arp-entry add an entry to the ARP table
get-bootp retrieves the state of the BOOTP process
set-bootp enables or disables the BOOTP process
ping IP traffic generator
ping-stop stop the ping process
get-def-ttl Retrieves the running default TTL value
Hit any key for more... (type 'q' to quit)
SYS_console> _
Finally, the user may press <Tab> to see the list of commands which start with the text he has
already typed, e.g.:
SYS_console> get-c
Commands matching <get-c>
--------------------------------------------------------------
get-comm show current read or/and write community
get-con-matrix retrieves the VLAN connectivity matrix
get-colls-cnt gets the collision dist. counters per port
SYS_console>
Users, access rights, and Logging in and Out
The Administrative Interface allows up to ten different users. Each user has a username, a
password, a prompt, and a user access level. When the device is shipped from the factory (or the
cli-clr-nvram command is used), there are two users, name superuser (the supervisor) and user (a
default user).
Access rights define what commands are available to the user. There are three access levels:
Limited Read-only access to non-sensitive commands
30
Normal Read/Write access to non-sensitive commands
Supervisor Full access to all commands
The term Non-Sensitive commands refers to those commands that cannot have a fatal impact
on managing the system if entered incorrectly. For example, only the supervisor is allowed to set
the IP configuration of the device.
The supervisor can add or remove users and change the access level of the users on the system.
However, users cannot be promoted to supervisor status, and the supervisor cannot reduce his
access rights.
To change users, simply log out of the current session, using the login or logout command, and
enter the new username and password. Any user can change his password with the set-passwd
command. Note that the supervisor does not need to know the password of a user to delete the
account. Thus if a normal user forgets his password, the supervisor can simply delete and re-add
the user to the system. The supervisor password when the device is shipped is super, just like
the username. Use the set-passwd command the first time you log in as supervisor to change this
password. Do not forget the supervisor password.
First Time Login
The following parameters should be set up the first time you log in. (Log in with username
super and password super):
Change the supervisor password, using the set-passwd command
Set up the IP configuration, using the set-ip, set-prv-ip, and set-gatew commands
Set the SNMP Community strings, using the set-comm command
Enable or disable BOOTP, as desired, and set the TFTP server IP address (set-bootp, set-tftp-srvr)
Telnet
Once an IP address is set, the Administrative Agent can be contacted using the Telnet protocol (a
TCP/IP terminal interface protocol). The interface looks and operates exactly the same whether
using the RS232 interface or Telnet.
The telnet protocol can be run through the switching ports, the private interface, or the RS232
serial interface via SLIP.
To exit the Administrative Interface without closing the Telnet session (for instance, to change
users), use the login command. To exit the Administrative Interface and close the Telnet connec-
tion, use the logout command.
Up to 5 Telnet sessions can be active at any one time, either with the same users or with different
users. There is no restriction on how many times a particular user can log in.
31
Boot Sequence, and Restarting the System
The bootup sequence of the device is as follows:
1. BOOTROM initializes the CPU, and displays the version number.
2. BOOTROM loads the Operating System from the Flash. If this fails, then the BOOTROM will
attempt to execute Z-modem, or Y-modem to get the firmware across the serial line.
3. Operating System executes the self-test.
4. Self-test loads the hardware, and executes if the self-test level is not none
5. Operating System executes the BOOTP process if enabled
6. Operating System executes the SNMP Agent software.
To restart the device, there are two options, cold-reset and warm-reset. Cold resetting the device
will cause a full re-initialization from step 1. Warm resetting the device will simply exit the
SNMP Agent and resume from step 6.
BOOTP and TFTP
TFTP, or Trivial File Transfer Protocol, is a method to read or write data from or to an embedded
system. TFTP works by sending IP/UDP frames between a client and server, passing the data as
needed. The SNMP agent contains both a TFTP client and TFTP server. When the device is acting
as a TFTP server, a remote client (UNIX, or a windows-based application, usually) must send or
get a file. If the agent is acting as a client, there must be a server configured to send or receive the
data. The system supports both netascii and binary transfer modes. To configure the SNMP
agent to act as a TFTP client, use the set-tftp-srvr, set-rsw-file, and sw-dnld commands. To act
as a server, only the set-sw-file command is needed.
When a TFTP request is received which matches the filename shown by get-sw-file, the system will
record the contents of the file, and upon successful completion, reboot the device. After sw-dnld
has successfully completed, the device will also be restarted. In addition to these mechanisms,
there is a third way to use TFTP, via the BOOTP process.
BOOTP is a protocol for initializing a devices IP and other configuration, and perhaps for
initiating a firmware download. A BOOTP server must be present on the network, connected to
the private interface, and BOOTP must be enabled on the device for the protocol to operate. The
BOOTP client (the device) sends a broadcast frame about once every second for 30 seconds unless
a response from a server is received. If no response is received, then the previous IP configuration
(if any) will be installed when the SNMP agent is loaded.
32
If a response is received, then the IP configuration of the system will be set from the BOOTP
response, and the new configuration saved. In addition, the BOOTP response can tell the system
to upgrade the device firmware using the TFTP protocol. To do this, the BOOTP server must
specify a TFTP server IP address and a filename. In addition, the feature must be enabled from
the system (set-bootp-swdnld), and the filename must match the system firmware filename
nh3012.rev. For BOOTP/TFTP operation, this filename is permanent, that is, it cannot be
changed by any user. Any firmware upgrades released will have this filename.
After the TFTP process is finished, when started from BOOTP, the new SNMP agent will be
loaded immediately.
Upgrading the system software
When the system software is working properly, and a simple upgrade is desired, the easiest way
to proceed is with a TFTP client on a PC. Simply check that the filename on the device matches
the filename on the PC, and use TFTP send (either binary or netascii). After the process is
finished, the system will automatically reboot and the new software will be loaded.
If the system software somehow gets corrupted, there are two possibilities. First, if only the
SNMP agent or self-test are corrupted, then the Operating System can be used as either a TFTP
client or server to load new software via the private interface. Connect a terminal to the serial
port, and follow the stated instructions. If the Operating System itself is corrupted, then the
BOOTROM will force the user to select between Z-modem and Y-modem. Simply answer the
question, and connect a host using the appropriate software transfer protocol to the serial line.
Send the file nh3012.rev using the stated protocol. After the process is complete, the device will
boot automatically.
Message Logging
The SNMP Agent software has a message logging feature to record, display, or send SNMP Traps
in response to certain conditions detected by the system. The default parameters for this message
logging system are sufficient for normal operation.
There are five different databases in the message logging system. The display database simply
refers to displaying messages in the Administrative Interface. This display is typically left off
except for serious errors. Fatal errors will also cause the device to reboot. The running log
database is a log of those messages that have occurred during the current running session of the
SNMP Agent (i.e., since the last boot). This log is cleared every time the switch is rebooted.
Typically only severe errors are logged in this database. The NVRAM database is a log in the
NVRAM, which contains the 30 most recent messages including one each time the device boots.
The purpose of this database is to record fatal errors to be reported to Technical Support. To
access the list of messages in either log, use the disp-msg-log or disp-msg command.
The fourth database, the Traps database, issues an SNMP Trap instead of logging the message.
This allows a network administrator to get an immediate notification of errors.
33
If necessary, you can change the threshold of any of these databases. If the severity of a message
is higher than the threshold of any given database, then that database will get a copy of the
message. By default, all thresholds are set at the error level. In addition, there are three security
levels: informational, warning, and fatal levels.
The fifth database sends an email message to the preconfigured recipients. Recipients are either
added or deleted by the user with supervisor status. When network events goes over the pre-
configured threshold of the fifth database, the fifth database sends the email to the recipient.
NVRAM
The device has a Non-Volatile RAM (NVRAM) to store configuration parameters. This NVRAM
is split into several sections, including data for IP, the system, Spanning Tree, port configuration,
VLANs, and the CLI. Each of these sections can be cleared individually, or all together with the
init-nvram command.
When new firmware is loaded into the device, an attempt is made to upgrade each section to the
most recent version. In the case where this operation is not successful, only the affected section
will be reset to the default values. The other sections will be unaffected.
In addition, there is a section devoted to the Operating System, which shares some information
with the system and IP sections (for use in the BOOTP/TFTP process by the OS). The values in
this special power-up section override any values in the corresponding SNMP Agent section.
When an adjustment is made to a parameter from the SNMP Agent (either via SNMP or the
Administrative Interface), the corresponding entry in the power-up block is also set. The informa-
tion in the power-up block includes the private IP address, gateway, TFTP server, self-test level,
BOOTP enable, and some few other parameters.
System Control
The system control provides a way to configure the temperature, voltage, and fan settings of the
GFS chassis. By using the system control related commands, the user with administrative rights
can set the maximum and minimum threshold setting of either the temperature, fan count, or
voltage levels at 2.5V, 3.3V, and 5V. Any user can get the current status of the temperature, fan
count, or voltage level. If the minimum or maximum threshold setting of either the temperature,
voltage, or fan is exceeded, a message is sent to the appropriate message database. * Note: The
system control features are not available in all control boards.
Ping
In order to check the IP connectivity between the SNMP Agent and any external device, the system
provides a ping capability. Ping is an ICMP/IP protocol, which sends an echo request from one
host and expects a reply from the other. After a 1-second timeout, a new request will be sent. If
the device receives a response before the timeout, then it will wait about 1 second before sending
34
another request. If there is a logical and physical connection between the device and the destina-
tion, then all of the requests will be answered, and only responses will be seen. If there are no
responses at all, this implies that either the IP configuration is not correct on the device or
destination, or there is no connection (check link, etc.). If there are some responses and some
timeouts, then there is likely an intermittent cabling problem check the error statistics. To start
pinging a host, use the ping command. Simply type the destination IP address (in dotted decimal
notation, e.g. 192.168.1.1), and the number of requests to send. SNMP can also be used to ping a
remote host while watching from an NMS. You can ping up to 5 hosts simultaneously. To view
the status of the various ping sessions, use the get-ping-info command. If the Administrative
Interface ping command is used, then the results of the ping are displayed on the console as they
are received (either responses or timeouts). To stop a ping session, use the ping-stop command.
To stop all ping sessions registered for the current Administrative Interface session, use <Ctrl-c>.
Frame Generator
If ping does not give enough information about the physical connections, then another feature,
known as a frame generator, can be used to check more thoroughly. The frame generator is a
simple mechanism that sends one or more frames out the various ports of the device to be
checked by an external agent (such as a network analyzer). The contents of these frames can be
controlled from SNMP or the Administrative Interface, and the sender can be started and stopped
as needed.
The frame contents that are configurable are the source and destination MAC, the ether-type (or
802.3 length), a background pattern, the frame length, and the sending rate. You can also
determine which port or ports the frame will be sent, and how many to send.
The frame generator process has a database of up to 5 sessions, each of which operates indepen-
dently, using different parameters. To initialize a new frame generator, use the init-fg command.
This will allocate the necessary resources and return a database ID. Now you can use the set-fg-
frame, set-fg-type, and set-fg-pat commands to fill in the details of the frame. To look at what
parameters will be used for a frame generator, use the get-fg-tbl and get-fg-entry commands. To
start and stop a frame generator, use the start-fg and stop-fg commands respectively. If you
stop a frame generator, or if the frame generator finishes sending the number of frames requested,
it will remain in the database for future use. You can modify any parameter except the frame
length, and destination group, and then restart the frame generator. If you are done with the
frame generator, use the del-fg command to release the resources.
Ports and Interfaces
The system software automatically detects what ports are on which slots, and begins numbering
the ports from 1. In addition, the system automatically detects the manageable interfaces, and
numbers those from 1. An interface is a direct representation of the MIB-II interfaces table, and
interface number 3 will be third in that table. Ports are bridging ports and match the port
numbers in the Bridge MIB (RFC 1473).
35
The detection of both ports and interfaces starts from the control board and works top to bottom,
left to right, so that the bridging port number one is the left most port on the first port board
installed in the system (regardless of which slot the board is installed). This means that there is an
offset of 2 between port numbers and interface numbers.
Interface # Description
1 Private interface
2 System interface
3 Port 1
4 Port 2
and so on...
Interface number 1 is always the Private Interface (the 10Base-T port on the control board).
Interface number 2 is typically the system interface. Interface 3 typically corresponds to port 1,
and so on. The sys-stat command lists the interfaces installed in the system, the description, and
the state (up or down). The get-port-cfg command lists the ports installed in the system and the
current configuration of each. All command line parameters that specify a port refer to a
bridging port (from get-port-cfg). Parameters that specify interface require a MIB-II interface
ID (from sys-stat).
Under SNMP, most standard MIBs use the interface ID to distinguish ports. The Private MIB,
and the Bridge MIB typically use the port number. Refer to the text of the MIB to decide whether
the ID in question is a bridging port ID or a MIB-II interface ID.
The terms bridging ports and switching ports both mean the ports on port boards connected
to the bottom three slots of the device. There are no bridging ports on the control board. The
term switching interface refers to the connection of the bridging ports to the management of the
device.
The Private Interface
The device control board is equipped with a private management interface. This is a 10Base-T
connection, with two physical interfaces, one is MDI (to connect to a hub) and the other MDI-X (to
connect directly to an end-station). They are the same interface, and only one can be used at a
time. This interface is specifically designed to allow a connection to the device when you do not
want to use any of the bridging ports to connect. For example, if you only have Gigabit Ethernet
ports, and you want to connect a laptop directly to the device, you can use a 10Base-T connection
directly from the laptop to the control board. The private interface fully supports SNMP, Telnet,
and TFTP as needed. In addition, this interface is used for BOOTP purposes.
The private interface is basically a Network Interface Card attached directly to the CPU of the
device. It has no interaction whatsoever with the bridging ports. The device maintains a separate
(if desired) IP address for the private interface. This IP address is also used by the Operating
System when the SNMP Agent is not running. In that case, the bridging ports are disabled
completely and only the private interface is functional. To look at management statistics for the
private interface, it fully supports the Interfaces MIB, and has interface ID 1.
36
SLIP
SLIP stands for Serial Line Internet Protocol (or Serial Line IP). It is a protocol to run IP over a
serial (RS232 for example) physical connection. The SNMP Agent allows the RS232 port to be
configured to run SLIP. In this case, a separate IP address must be installed for the SLIP
interface (set-slip-cfg). To connect to this port, a standard null-modem serial cable must be used,
and the PC must be configured to run SLIP.
Any IP protocol can be run across the SLIP interface, including Telnet, TFTP, and SNMP. The
purpose of this feature is to connect a laptop or other device to send data (TFTP) or manage the
device using SNMP (most often under a graphical NMS), when an Ethernet connection is unavail-
able.
Parameter Upload/Download
The GFS has the capability of easily storing and reproducing its configuration details; in this
fashion it is possible to duplicate the functions of a master GFS system in another location with
minimal operator effort. Storing the configuration of a GFS is done using the par-upld and par-
dnld commands, described later in this manual.
37
Learning Table / VLANs
Overview
The hardware of the device keeps a learning table, or cache of MAC addresses. When frames are
received from the various ports, the source MAC address is automatically learned to be on the
source port. This information is used, together with VLAN information, to determine whether
and where to forward frames.
There are several basic concepts that are crucial to the Virtual Networking capability of the device.
A Trustee List is simply a list of MAC addresses, when seen as a source MAC address, deter-
mines how to forward frames. A Tag List is simply a list of 802.1q VLAN Frame Tags. A policy
is a set of information, which determines, together with the source port, on which VLAN the frame
is supposed to be. Virtual LANs are sets of ports and policies inside of which data may flow.
Data will not flow from one VLAN to another without the interference of a router. ISVLAN is a
simplified version of 802.1q based VLAN that automatically configures the database, but has
limited functions that only allows specification of the ports and tags of the VLAN. TCI(Tag
Control Information) configures the Frame Processor Module to generate 802.1q tags and 802.1p
priorities into frames. A Custom Filter is basically a VLAN for a particular destination MAC
address. Data flow to that MAC address may be allowed or disallowed, or may be redirected.
Port Mirroring is a concept in conjunction with a network analyzer, can be used to monitor the
status of data anywhere on the switch. Ether Channel or Port-Trunking, is a concept to share
several ports for a single fat connection directly between two switches, thus increasing the
capacity for data-flow between important devices.
Learn Table
The device automatically learns addresses as they are seen on the various ports. If a station stops
communicating, then the space used in the table for its address can be reclaimed for use on an
active station. This process is called aging. The length of time for which an address may stay in
the cache without an access is called the aging time. To configure this time, use the set-lt-age
command. The default is 5 minutes, which is reasonable for a network where the number of
stations is less than the address space.
38
Installing and Deleting Addresses
Sometimes it is necessary to install an address directly into the learning table, so that the address
will remain on one port, and not be relearned. To do this, use the add-lt-entry command, with the
lock-on parameter. This address will not be aged out, and will not be relearned even if the station
sends a frame.
To remove an address from the cache, use the del-lt-entry or del-lt-addr commands. This may be
useful when running setup tests to allow the address to be relearned on a different port.
Trustee Lists (Max 32)
A Trustee List is simply a list of MAC addresses. To create a new Trustee List, use the new-tl
command. This command will return a Trustee List ID for use in other VLAN commands. A
particular MAC address can be on only one Trustee List at a time. The MAC addresses on
Trustee Lists will be installed into the learning table automatically, but until the address is seen as
a source address, the port on which the address is located is unknown. In the interim, the MAC
address, when seen as a destination, will behave as if it is unknown, even though it is installed in
the learning table. When MAC addresses are removed from Trustee Lists, or Trustee Lists are
uninstalled, the MAC address will be unlocked in the learn table, and will age out as normal if not
currently in use by any station.
Tag Lists (Max 32)
A Tag List is simply a list of 802.1q VLAN Frame Tags. To create a new Tag List, use the new-
tagl command. This command will return a Tag List ID for use in other VLAN commands. A
particular Tag can be on only one Tag List at a time.
Policies (Max 32)
A policy is basically a description of a traffic flow. The policy can be one of two types, 802.1q
Tag based, or MAC address based. Both types of policies can be in use at the same time, but a
policy can be only one type. If the policy is 802.1q Tag based, then you can enter a Tag List to be
associated with the policy. Frames with Tags on the given Tag List will belong to VLANs that use
the policy and contain the source port. Otherwise, you can specify that the policy be a default
policy. This indicates to the system that this policy number should be used for any Tags that do
not belong to other policies. Note that this default only applies to the protocols for the policy that
is installed. If the policy is MAC address based, then you can enter a Trustee List ID to be
associated with the policy. Frames whose source MAC address matches any of the MAC
addresses on the Trustee List will belong to VLANs that use the policy and contain the source
port. Or, the user may specify that this policy should be a default. This means that all MAC
addresses that do not belong to any Trustee List (in another policy) will use this policy number.
Again, this default applies only to the protocols for the policy that is installed.
39
The Tag Detection process must be enabled by the user to allow detection of 802.1q Tags (use the
set-vlan-enb command). Each port may separately detect Tags. If Tag Detection is not enabled,
then any policy, which is a tag type policy, will be ignored. If Tag Detection is enabled, then
address type policies will only be used in the case where no VLAN tag is detected on the frame.
To use guarantee that the source MAC address will be used to determine the policy of a frame,
you must disable Tag Detection.
Protocol Detection may be enabled or disabled per protocol, except for the Other protocol type. If
IP frames are received, and the IP protocol is disabled, then they will be treated as Other. The
same is true for IPX and AppleTalk frames. Use the set-proto-enb command to enable and
disable protocol detection. Protocols are one or more of the following: IP, IPX, AppleTalk,
OTHER. A Policy will only match a frame if the protocol type of the frame is one of those listed
for the Policy. For each Type (above), you may only have one Default (below) Policy for any
Protocol. Thus, if there already exists a Default IP Policy for Tags, you may NOT create a
Default IP/IPX Policy for Tags. You may, however, create a Default IP/IPX Policy for Ad-
dresses.
Type can be one of address-based or 802.1q tag-based. If the Type is address-based, then this
Policy will only match frames that does not have 802.1q Tags in them, and frames arriving on
ports with 802.1q Tag Detection disabled. If the Type is tag-based, then this Policy will only
match frames that are 802.1q tagged and arrive on ports with 802.1q Tag Detection enabled. A
policy can be only one type (not both), in other words, Tag Policies and Address Policies are
mutually exclusive.
A Policy can be a Default Policy for the Type/Protocols specified. If any frame that matches the
Type/Protocols and DOES NOT MATCH ANY NON-DEFAULT POLICY will match the Default
Policy. If a Policy is non-default, then you may specify a Tag List (if the Type is tag-based) or a
Trustee List (if the type is address-based). In this case, an incoming frame will match the Policy if
and only if the Protocol/Type matches and either the source MAC address is on the specified
Trustee List (if the frame and Policy are address-based) or the 802.1q Tag in the frame is on the
specified Tag List (if the frame and Policy are tag-based). If the Policy is non-default, and you do
not specify a Tag List or Trustee List, then the Policy CANNOT match any frame. For reference
purposes, a name can be stored with the Policy (usually to match the corresponding VLAN
name). Policies are used to match the contents of frames, so that the contents of the frame can be
used to determine how/where the frame is forwarded. A frame can only match one Policy, thus
all Policies must be mutually exclusive (this is guaranteed by the system). You will get an
Overlap error if you try to generate another Policy that would match a frame and an existing
Policy. When used as part of a VLAN, the Policy limits the scope of the VLAN to apply only to
those frames that match the Policy. Other frames ARE NOT AFFECTED by that VLAN. When
used as part of a Port Mirror, the Policy limits the scope of the Port Mirror to apply only to those
40
frames that match the Policy. Other frames ARE NOT MIRRORED by that Port Mirror. When
used as part of a Custom Filter Entry, the Policy limits the scope of that Entry to apply only to
frames that match the Policy. Other frames ARE NOT AFFECTED by that entry.
Virtual LANs (Max 64)
A Virtual LAN is a list of ports together with a policy. Any frames that match the criteria set in
the policy that come from one of the ports in the VLAN will be forwarded only to the remaining
ports in the VLAN. Thus, you may create an IP VLAN for ports 1, 2 and 3. In that case IP
frames from port 1 may go to ports 2, 3, and etc. Frames that do not match the criteria set in the
policy for a particular VLAN will not be affected by that VLAN. Thus an IPX VLAN could
contain ports 2, 3, and 4 and not conflict with the above IP VLAN. For frames that do not match
the criteria in any VLAN, the system may be configured one of two ways. Either these frames will
be dropped, or the system will create remainder VLANs as necessary. These VLANs will
contain, for each possible policy, the ports that are not on any VLAN for that policy. Thus, if the
user configured only a single IP VLAN, ports 1 to 4 (on an 8-port box), the system will install two
default-VLANs. First, an IP VLAN with ports 5-8 will be installed, and second, a VLAN for the
other protocols, ports 1-8 will be installed. These extra VLANs are invisible to the user. It is
possible to share ports between different VLANs, i.e., IP 1,2,3 and IP 3,4 are valid simultaneous
VLANs. In this case, the switch will forward IP data from port 1 and 2 to ports 1,2, and 3
(excluding the source port, obviously). IP data from port 4 will be forwarded only to port 3, and
IP data from port 3 will be forwarded to 1,2, and 4. In general, data will be forwarded from port
A to port B under policy P if there is at least one VLAN, using policy P that contains ports A and
B. If the system is configured to generate default-VLANs (see above), then in addition data will
be forwarded from port A to port B under policy P if there is no VLAN that contains either port A
or port B or both for that policy. You can specify in addition, a priority associated with each
VLAN. In the case where data matches more than one VLAN, the priority of the highest priority
VLAN will be used. The GFS supports Security (standard) VLANs, and also Virtual Broadcast
Domains. To create a Virtual Broadcast Domain, use the command set-vbc-domain. Virtual
Broadcast Domains act as VLANs only for the Ethernet Broadcast address. Security Virtual
LANs act on all addresses, including the Broadcast Address. A frame can only match a Virtual
Broadcast Domain if the Destination MAC Address is ff-ff-ff-ff-ff-ff. A frame Matches a VLAN
if it matches the VLANs Policy and arrives on one of the listed Ports. A frame also matches a
VLAN if the VLAN uses ALL Policies, and the frame arrives on one of the listed Ports. Frames
will be forwarded to all of the Ports on all of the VLANs they match except the original source
port. If Default Forwarding Mode is enabled: if a frame does not match any VLAN, then the
frame will be forwarded to all of the ports that are not on ANY VLAN using the Policy that the
frame matches, and also are not on ANY VLAN that uses ALL Policies. Otherwise, frames that
does not match any VLAN will be dropped. If a frame is bound for exactly one destination port,
and matches at least one VLAN with high Unicast Priority, then the frame will be given backplane
priority (will not ever be dropped by the backplane of the switch). If the frame matches VLANs
with only low Unicast Priority then the frame will not be given backplane priority (may be
dropped during peak traffic times by the backplane). If the frame does not match any VLAN,
41
then the backplane priority is determined by the Default Unicast Priority mode. If a frame is
bound for more than one destination port, and matches at least one VLAN with high Multicast
Priority, then the frame will be given backplane priority. If the frame matches VLANs with only
low Multicast Priority, then the frame will not be given backplane priority. If the frame does not
match any VLAN, then the backplane priority is determined by the Default Multicast Priority
mode.
Summary of key words:
Policy Either a specific Policy or ALL Policies. If specific, then this VLAN will only
affect the behavior of frames which match the Policy (see Matching).
If ALL, then the VLAN affects the behavior of every frame.
Type Virtual Broadcast Domain only affects the behavior of Broadcast Frames
which also match the Policy.
Security Virtual LAN affects the behavior of all frames which match the
Policy.
Name To keep track of VLANs you may store a Name with the VLAN.
VLANs General Configuration Modes
Default Unicast Priority is backplane priority used for frames not matching any VLAN that are
bound for only one port. Also used to set Unicast Priority of new VLANs.
Default Multicast Priority is backplane priority used for frames not matching any VLAN that
are bound for more than one port. Also used to set Multicast Priority of new VLANs.
Default Forward Mode determines whether or not to forward frames that do not match any
VLAN. If no, then these frames will all be dropped. If yes then frames not matching any VLAN
will be forwarded to all ports that are not in any VLAN for the Policy that the frame matches and
are also not in any VLAN for ALL policies. This mode is also used for Custom Filters. If no, then
frames matching policies not specified in the Custom Filter, or from source ports not specified in
the Custom Filter will be dropped. Otherwise, these frames will be forwarded to all the ports that
are not specified as source ports for the matching policy, and are also not specified as source
ports for ALL policies.
Ether Channel Maximum Ports specifies the maximum number of ports that can be on any
Ether Channel. May be 1 (disabled), 2, 4, or 8. In order to maximize the available number of
Policies, you should keep this number to be the smallest necessary.
Protocol Detection of ATALK, IP, IPX can allow or disallow detection of that protocol. Frames
of a protocol that is not enabled will show up as OTHER.
Tag Detection for each Queue of the system, we can allow or disallow tag detection. This is
automatically set by the port ISVP mode. If a ports Queue does not have tag detection allowed,
then any frames, including those with 802.1q tags will be treated as if they do not have tags, that
is, they will match only MAC Address Policies, not Tag Policies.
42
Isvlan
Isvlans are a shortcut for 802.1q based VLANs. These commands allow a simple user interface that
limits the functionality of the engine. Please avoid using TCI, Tag Lists, Policies, and VLANs when
using Isvlans. Setting up ISVLANs is exactly the same as setting up TCI, Tag Lists, Policies and VLANs,
except that ISVLANs set the other databases up automatically. You may not delete Tag Lists, Policies, or
VLANs that were created by the Isvlan Engine, but you may overwrite TCI entries if desired (not
recommended). The basic purpose of Isvlans is to provide a method of constucting Inter-switch VLANs
that are purely port-based. You may specify only the ports and the Tag of the VLAN using this interface.
To specify more completely the VLAN behavior, do not use Isvlans, use the other databases directly.
Isvlans have no behavior by themselves. The frame behavior determined by the Policies and VLANs that
the Isvlan Engine Creates. When you create a new ISVLAN, a Tag List is created automatically. This
Tag List contains the specified tag. A Policy is created for that Tag List, and two VLANs are created: one
for local switching (using ALL policies) and the other to specify the behavior of the switch when
receiving tagged frames from a trunk port (using the created Policy). The names of the VLANs
and Policies created will be the same as the name specified for the ISVLAN. Finally, a TCI entry
will be created for ALL policies that generates the specified tag from the listed ports.
TCI
The Tag Control Information(TCI) database configures the FPM to generate 802.1q tags and
802.1p priorities into frames. The tag or priority can be specified based on port and policy. If
there is a TCI entry for the source port that uses a Policy that matches the frame, then the TCI
from that entry will be placed in the frame. If there is no specific TCI entry for the source port and
Policy, but there is a source port entry with Default Policy, then that entry will be used. If there is
no matching TCI entry whatsoever, then the system default (tag 1, prio 0) will be used. Note that
there are two logical TCI databases, one for Tags and one for Priority. Thus you may specify the
priority and the tag separately. For example, you may say all IP frames are priority 1, all IPX
frames are priority 2, but IP/IPX frames from port 1 get tag 2, IP/IPX frames from port 2 get tag
3. The Policy must be matched by frames to match this TCI entry. The Policy may also be
Default, meaning that if no other TCI entry for the source port matches the Policy, then this
entry will match. This is a method of implementing source-port-only based TCI.
*Note: 1) When using the isv-set-tci command if there exist a policy that has a tag and port assigned to
it,then setting a tag to that policy is not allowed. 2) It is not recommended to use the TCI and the ISVLAN
together, because the ISVLAN engine will create the neccessary Tag List, Policies, and VLANs.
Custom Filters (Max 32)
A Custom Filter is basically a VLAN for some particular destination MAC addresses. For each policy you
can specify a custom filter defining what forwarding information will be used for frames sent to any of
the list of MAC addresses. By default the system installs three Custom Filters. First, the Ethernet
broadcast address (ff-ff-ff-ff-ff-ff) is installed and forwarded to every port. Second, the private
43
management MAC address for each port is installed, and all frames to these addresses are sent to the
management interface. Finally, if Spanning Tree is enabled, the Bridge Spanning Tree Group Address
(01-c2-80-00-00-00) is installed, and frames are sent to the
Spanning Tree engine. Changing the VLANs in the system modifies the Custom Filter for the broadcast
address. Basically, the broadcast address follows the same rules as the VLANs. In addition, you can
modify the broadcast address behavior directly. Use Virtual Broadcast Domains for this purpose, the
user cannot modify the Broadcast Custom Filter directly. You can also set a priority for any Custom
Filter. Custom Filters allow you to completely specify what the switch should do when it sees a frame
with a certain Destination MAC Address. A frame will Match a Custom Filter if the Destination MAC of
the Frame is on the list of MACs in the Custom Filter, thus each MAC can only be in one Custom Filter.
If a frame matches a Custom Filter, then the Custom Filter Entries (also known as Filters) in that Custom
Filter will completely determine how the frame is forwarded. If there is a Filter containing the source port
for All Policies, then the frame will be forwarded to the Destination Ports on that filter. Otherwise, If
there is a Filter containing the source port, whose Policy matches the frame, then the frame will be
forwarded to the Destination Ports in that Filter. Otherwise, if VLAN Default Forwarding Mode is
enabled, the frame will be forwarded to ALL ports that does not appear on the Source Port List of any
Filters that matches the policy (or use ALL policies) for this Custom Filter. If VLAN Default Forwarding
Mode is disabled, then frames not matching any Filter will be dropped. Frames which match Custom
Filters that get sent to the backplane will be sent with the backplane priority specified by the Custom
Filter.
Port Mirroring (Max-8)
Port Mirroring allows you to send a copy of certain data to a monitoring port. You should attach a
network analyzer to this port. The data to be monitored is specified by giving a port, and a policy
number. Any frames that match the stated policy criteria, and are either received on, or forwarded to the
test port will be sent to the monitoring probe port (in addition, of course, to the normal forwarding
process). You should use care in assigning port monitors, because the amount of data could be quite
large. Try to use selective policy criteria (frames only from a certain MAC address, etc). The Policy that
frames must match if the Port Mirror should affect the behavior. If ALL Policies, then any frame that
comes from or goes to Test Port will be sent to Probe Port. Is the Port Mirror currently active or is it just in
the database. Note: in the NVRAM database, this parameter refers to whether or not the Port Mirror will
be automatically activated on the next bootup. Port Mirrors send the data to a Probe Port in addition to
wherever it was supposed to go originally. If a frame arrives on or is destined for a port that the Test Port
of
some Port Mirror, then the frames behavior will be modified if either the Port Mirror uses ALL Policies,
or the Port Mirrors Policy matches the frame. If the Port Mirror modifies the behavior of a frame, the
frame will be sent out the Probe Port in addition to whichever destinations it was supposed to have gone
originally. The Probe Port and the Test Port must be different ports.
44
Port Trunking or Ether Channel
Port Trunking is a mechanism that uses several ports to simulate one big port. To configure port
trunking, simply group several ports into one Ether Channel. Data that is sent to any of the ports
in the Etherchannel will be split up efficiently between the ports. The system will modify the
VLANs engine and forwarding process automatically to make use of the port Trunks. More than
one Trunk can be defined on the same switch. The device uses an efficient algorithm to determine which
port to use to forward frames, so that the data can be split approximately evenly between the various
ports in the Trunk. To determine which port the data will be transmitted, the system examines the source
MAC, destination MAC, and source port, and if necessary (because some of the other information is not
available), the frame type (Policy). Because the MAC addresses determine the output port, the engine is
most efficient under a random load of data from various sources to various destinations. If a frame
enters the switch from an Ether Channel port and is bound for another Ether Channel, then the source
port number determines for the most part which port to have the frame sent. This makes the Ether
Channel rely on the previous device for forwarding decisions. As the engine recognizes MAC Ad-
dresses, the behavior changes to account for new information, thus the system optimizes itself as it goes.
This means the a few seconds after a MAC Address is learned by the switch, there may be a shift in
which port it uses. VLANs can co-exist with Ether Channel as long as either all ports or no ports from a
given Ether Channel are on any VLAN. Ether Channel operates with Spanning Tree in the following
manner: only the lowest numbered active port on the Ether Channel will send BPDUs, and only the
lowest port should receive BPDUs. If all the ports on the Ether Channel are inactive, then the entire
channel will be Disabled by the Spanning Tree engine. When Spanning Tree changes the state of the
channel, ALL the ports change together. As the Ether Channel gains and loses ports (link detections),
the Path Cost is automatically adjusted (unless the lowest Requested Port has a user-defined Path Cost)
to reflect the width of the Ether Channel. It is strongly recommended that the Ether Channel configura-
tion be set up before the ports are connected, and that ports be disconnected before changing the Ether
Channel configuration. This will prevent network loops, and save Spanning Tree the effort of topology
changes. You MUST connect the ports on two switches together lowest-to-lowest and highest-to-highest
for proper Ether Channel operation.
45
Controlling SNMP
Overview
SNMP, Simple Network Management Protocol, is a standard mechanism used to manage networking
devices, including switches. SNMP works by splitting the management task into two pieces. The
Manager is the software residing on a PC, which sends SNMP requests to the Agent, which is the
software residing on the device. The format of these requests is a standard, containing a request type
(get, set, etc.), and Object ID (what do we want to look at), and a value (if we want to make a change). The
definition of Object IDs and what values they take is referred to as a Management Information Base
(MIB).
There are many standard MIBs. The Interfaces MIB is a list of logical interfaces on the device, including
description, statistics and status. The Bridge MIB contains information about MAC addresses and how
the device will forward frames. The Ethernet MIB contains statistics relevant to a CSMA/CD Ethernet
port. The SNMP Agent on board the device is fully SNMP compliant, and supports these and other
standard MIBs, as well as an extensive Private MIB. The Private MIB includes information that has not
been incorporated into any standard and information that is proprietary to the particular type of device.
Community Strings
For security purposes, SNMP defines access Community Strings, which are text strings used as
passwords. A particular Community String may provide read access or full access. The SNMP
Agent on this device defines two Community Strings, one for read-only access, and one for full
access. Use the set-comm command to adjust these strings.
Traps
SNMP also defines a Trap, which is sent from an Agent to a Manager. A Trap can be sent under
any circumstances, but typical examples include link up or down, and cold restart.
To add a Manager to the list of recipients of SNMP Traps, use the add-trap command. In
addition to the IP address, a Community String must be entered, which will be passed to the
Manager.
46
Most NMS (Network Management System) applications will record the traps received from various
devices in some sort of log, to be reviewed as needed. In addition, if the NMS has a graphical representa-
tion (icon) of the device, the color may change to reflect the severity of the Trap.
Authentication
When an SNMP message is received whose Community String does not match any registered Commu-
nity String, or when the Community String does not provide privileges to perform the requested
operation, the SNMP Agent will not respond to the request at all. This condition is called an Authentica-
tion Failure. If desired, an SNMP Trap may be issued to notify the proper network manager of this illegal
access attempt.
47
Spanning Tree
Overview
Spanning Tree is a standard (802.1d) protocol defined by the IEEE to allow redundant connections in a
bridged network. The operation of the protocol is complicated, but is summarized below.
First, the devices on the network agree amongst themselves on a root device. This decision is arbitrary,
but may impact network performance. The root device by default is the device on the network with the
lowest MAC address. Modifying the Bridge Priority of the various devices on the network can change
this behavior. The device with the lowest Bridge Priority will be the root device. In the case of a tie, the
lowest MAC address of the lowest Bridge Priority device will be selected.
Once this is done, each device begins to calculate the distance to the root device for hosts connected to
each port on the device. If there is more than one path to root for a particular bridge, then the path with
the lowest cost will be opened, and the other paths will be blocked. The cost, here, is the sum of the Port
Path Costs of each port through which frames must be sent to get to the root device.
In the case where there is a tie between to paths, there are several tiebreakers. First, the next-hop will be
the bridge with the lowest Bridge Priority of the tied paths. If two or more ports on the same bridge
represent the next hop, then the Port Priority will be used (again, lower is better), and finally the port
number.
The end result of this action is to leave exactly one path open between any device and the root device,
and thus only one path open between any two devices. This eliminates network loops. After this
stabilization, the devices continue to communicate using Hello Packets (which transfer the required
information). If at any time, a better path is detected than an existing open path, then the open path will
be closed, and the new path will be opened. If an open path fails for some reason, then the next best path
will be opened. This process typically takes about 1 minute.
Port States and Topology Changes
During the normal Spanning Tree port wake-up process, there are three port states through which each
port will traverse before data will be allowed to flow through the port. The port will wait for the length of
the fowarding delay before moving from one state to another. This is to allow the Spanning Tree process
to spread information about which paths are the best around the network. If at any time during this
process, or after, a better path to root is found, the port will immediately be moved to blocking. A port
that is blocking will wait the length of the message age time before moving to listening. It will only make
this transition if no better path to root exists. This might occur if a device fails.
48
Blocking This port will not forward data, and will not learn addresses
Listening This port will not forward data, and will not learn addresses
Learning This port will not forward data, but will learn addresses
Forwarding This port will forward data
If a port moves to forwarding, or to blocking, then a Topology Change is detected. This means that the
network configuration has changed (one or more paths have opened or closed). The devices on the
network must all age out any addresses learned before the Topology Change started before the Topology
Change ends. The reason for this feature is so that any MAC address that has moved as a result of the
Topology Change may be relearned on a new ports. The Topology Change will end when there are no
new state changes for a period equal to the Forward Delay plus the Max Age Time. After this period, the
network is again stable.
Configuring
There are many configurable Spanning Tree parameters, but some care must be used when modifying
them. If you are not completely familiar with the operation of Spanning Tree, it is strongly recommended
that the parameters all be left at the default values.
Parameter Range Default Description
Bridge Priority 1 to 65535 32768 Used to distinguish bridges with
the same cost to root. Lower number means higher priority
Bridge Forward Delay 4 to 30 15 When root, length of time to wait
between changing port states.
Bridge Hello Time 1 to 10 2 When root, length of time between
Hello Packets.
Bridge Max Age 6 to 40 20 When root, maximum message age
Port Priority 0 to 255 128 Used to distinguish ports on the
same next-hop bridge. Lower
number means higher priority.
Port Path Cost 1 to 10000 See table in Appendix
Increment to add to root cost for
paths using this port. Strongly
recommended to leave the default.
49
Enhancements
The Spanning Tree engine may be enabled or disabled as desired. The only reason to disable the engine
is to prevent the small number of hello packets from being present on the network. If there are any
redundant connections on the network, DO NOT DISABLE SPANNING TREE.
If a port, which is operating normally, loses link, for example if a cable is unplugged, then the port will
be disabled immediately. When the port regains link, the port will be re-enabled. From this point the
port will go through the normal Spanning Tree wake-up process.
There are two additional Port Enable States that are allowed in the Spanning Tree engine. Fast Forward
(fastf) means that the port will be placed immediately into forwarding as soon as the Spanning Tree
engine initializes. The Link State of the port will be ignored. The other state is Ignore. This means that
Spanning Tree will not operate on this port. The port will be placed in forwarding (irrespective of Link
State), and no Spanning Tree frames will be transmitted out the port. Additionally, any Spanning Tree
frames received by the port will be ignored.
50
Chapter 3
Chapter 3:Commands and Descriptions
Console Commands:
Command Console (Any User)
Description Display the commands relating to interaction with the console (logging in and out, user
control, display and prompt control, etc.)
Command Help-kbd (Any User)
Description Display keyboard shortcuts.
! or ^p: repeat previous command
^n: undo ! or ^p operation
<tab>: command completion
^w: erase word
^u: erase line
: The user may enclose an argument containing spaces in quotes, to include the spaces in the
argument
Command Banner (Any User)
Description Clear the screen and display the console banner.
Command Clear (Any User)
Description Clear the screen.
Command Login (Any User)
Description Exit the administrative interface, and return to the login: prompt.
Under telnet, this will NOT disconnect the telnet session (allows the user to log in as a different user)
51
Commands and Descriptions
Command Logout (Any User)
Description Exit the administrative interface, disconnecting the telnet session if applicable.
Command Set-passwd (Any User)
Description Set the password for the current user.
The console will prompt for the old password first. If there was no old password, just type <return>.
Then the console will prompt twice for the new password, to ensure that it was typed properly. Please
remember your password, and ensure its security.
Command Set-prompt <new-prompt> (Any User)
Description Change the prompt for the current user.
Parameters New-prompt: any text
Use quotation marks if a space is needed inside of the prompt. A trailing space will be added
automatically.
Command Add-user <new-username> (SUPERVISOR ONLY)
Description Add a new user into the system.
Parameters new-username: up to 8 characters
The prompt for the new user will be defaulted to USER> , and the password for the new user will
default to no password (just <return>). To change either of these parameters, please log in as the new
user, and use the appropriate command.
Command Delete-user <username> (SUPERVISOR ONLY)
Description Remove a user from the system.
Parameters username: valid user name
The user will no longer be able to log in after this command is completed. You cannot remove the
supervisor, but you may remove all other users.
Command List-users (SUPERVISOR ONLY)
Description Show the users known by the system.
This command will show each user, together with the access level of the user, and the prompt that the
user will see.
52
Chapter 3
Command cli-clr-nv (SUPERVISOR ONLY)
Description Clear the NVRAM database for the administrative interface.
This command will reset the parameters for the CLI to their default values. This includes exactly two
users, super and user. The passwords for these two users are as the device is shipped, and the prompts
are SUPER> , and USER> respectively.
Command Set-access <username> <new-access> (SUPERVISOR ONLY)
Description Change the access rights for a user.
Parameters username: valid user name
New-access: limited, normal, super
There are three access levels, super (allowing access to all commands listed herein), normal (allowing
access to commands not marked SUPERVISOR ONLY), and limited (allowing access only to read the
system databases, but not to modify). You may not set the access rights of any user to super, and the
supervisors access rights may not be changed.
Command Set-full-sec <security> (SUPERVISOR ONLY)
Description Disable the backdoor password and TFTPS.
Parameters Security: enable, disable
This command disables the backdoor password and TFTPs, except for parameter and software
revisions.
53
System
Command System (Any User)
Description Display the commands pertaining to the system database.
Command sys-clr-nv (SUPERVISOR ONLY)
Description Clears system NVRAM
Command init-nvram (SUPERVISOR ONLY)
Description Initializes the NVRAM of the GFS to default values.
Command Sys-stat (Any User)
Description Show the system status.
This command displays the system SNMP Object ID, the system MAC Address, the status of the
ports attached to the device, and the system uptime (in ticks and days/hours/minutes/seconds).
Also displays the firmware and hardware version.
Command Warm-reset (SUPERVISOR ONLY)
Description Reset the system software.
The software will reinitialize itself after this command is executed, and the device will reboot. The
system hardware will also be reinitialized.
Command Cold-reset (SUPERVISOR ONLY)
Description Reset the device.
This is almost the same as turning the device off and on. The self-test (if any) will execute and the
system software will reload.
Command Get-sw-file (Any User)
Description Show the local System Software Filename.
This filename will be used as a sort of password for the on-board TFTP server. When the server
receives a file matching this filename, the server will assume that it is the system software and will
store the file, and reboot upon successful completion of the TFTP session.
System Commands
54
Chapter 3
Command Set-sw-file <new-filename> (SUPERVISOR ONLY)
Description Set the local System Software Filename.
Parameters new-filename: filename with extension .rev
This filename will be used as a sort of password for the on-board TFTP server. When the server receives
a file matching this filename, the server will assume that it is the system software and will store the file,
and reboot upon successful completion of the TFTP session.
Command Get-rsw-file (Any User)
Description Show the remote System Software Filename.
The on-board TFTP client will use this filename when requesting software from the given TFTP server, by
using the sw-dnld command (see set-tftp-srvr and sw-dnld).
Command Set-rsw-file <new-filename> (SUPERVISOR ONLY)
Description Set the remote System Software Filename.
Parameters new-filename: filename with extension .rev
The on-board TFTP client will use this filename when requesting software from the given TFTP server, by
using the sw-dnld command (see set-tftp-srvr and sw-dnld).
Command Get-tftp-srvr (Any User)
Description Show the IP address of the known TFTP server.
The on-board TFTP client will use this IP address to send TFTP requests for the purposes of software
upload and download.
Command Set-tftp-srvr <ip-address> (SUPERVISOR ONLY)
Description Set the IP address of the known TFTP server.
Parameters ip-address: TFTP Server IP Address
The on-board TFTP client will use this IP address to send TFTP requests for the purposes of software
upload and download.
Command Sw-dnld (SUPERVISOR ONLY)
Description Start the software download process.
55
System Commands
This command will start the on-board TFTP client. The client will send a request to the known TFTP
server (see set-tftp-srvr) to get the Remote System Software filename (see set-rsw-file). Upon successful
completion, the system will reboot, as per a cold-reset.
Command Get-stst-level (SUPERVISOR ONLY)
Description Show the self-test level.
This command displays the self-test level.
Command Set-stst-level <new-level> (SUPERVISOR ONLY)
Description Set the self-test level.
Parameters new-level: none, short, long
The system self-test operates in one of three modes: none (skip self-test entirely), short (perform
minimum self-test to assure proper operation), long (extended self-test). Obviously the self-test level
will not take effect until the next boot (cold-reset or power off/on); on the next operation of the self-
test itself.
Command Disp-msg-log <database> (Any User)
Description Show the message log for the running or permanent log.
Parameters database: run, nvram
The only databases that are actually logs are run and nvram. The running database is cleared on
each boot, but the nvram database remains permanently until cleared by del-msg-log. The
message log, in either case, will show the message type, the source, and the severity, as well as the
uptime when it occurred. The permanent log will have a record, in addition, of the booting of the
device.
Command Msg-clr-nv (SUPERVISOR ONLY)
Description Clears all message log in nvram
This command will clear all message log and reset all message log parameters to factory defaults.
Command Del-msg-log <database> (SUPERVISOR ONLY)
Description Clear the message log for the running or permanent log.
This command will reinitialize the given message log (run or nvram). The running log will be
cleared on each boot in any case.
56
Chapter 3
Command Disp-msg <database> <msg-id> (Any User)
Description Show a particular message from the running or permanent log.
Msg-id: message number 1 to database size
Command get-fan-sts (Normal User)
Description Gets fan status
Parameters none required
Gets the status of the internal fans.
Command set-fan-sts <enable/disable> (Normal User)
Description Sets the fan reporting status
Parameters enable - { yes | no }
Enables/disables fan status checking.
Command get-rps-sts (Normal User)
Description Gets redundant power supple (RPS) status
This command is only applicable if you have an RPS unit installed. Queries the RPS unit for
status.
Command set-rpar-file (Supervisor Only)
Description Sets the configuration parameters remote file name
Parameters { SNMP Agent Software remote file name }
Command get-rpar-file (Any User)
Description Gets the configuration parameters remote file name
Command set-par-file <filename> (Supervisor Only)
Description Sets the configuration parameters file name
Parameters { SNMP Agent Software file name }
57
System Commands
Command get-par-file (Any User)
Description Gets the configuration parameters file name
Command set-rmon-tx <enable/disable> (Supervisor Only)
Description Set enable/disable RMON count of transmitted frames
Parameters { enable | disable }
Command get-rmon-tx (Supervisor Only)
Description Displays enable/disable status of RMON count of transmitted frames
Command set-bc-thresh <new-threshold> (Supervisor Only)
Description Sets the broadcast receive (RX) threshold
Parameters New threshold { frames per second }
Command get-bc-thresh (Normal User)
Description Gets the broadcast receive (RX) threshold
Command set-mg-thresh <new threshold> (Supervisor Only)
Description Sets the management receive (RX) threshold
Parameters New threshold { frames per second }
Command get-mg-thresh (Normal User)
Description Displays the management receive (RX) threshold in frames per second
Command par-dnld (Supervisor Only)
Description Starts the Configuration Parameters dowload from the pre-defined server
58
Chapter 3
Command par-upld (Supervisor Only)
Description Starts the Configuration Parameters upload to the pre-defined server
59
System Control
Command Sysctl (Any User)
Description Shows the system control related commands.
Command Sysctl-clr-nv (SUPERVISOR ONLY)
Description Resets the system control nvram to default status.
This command resets the system control settings to the factory defaults. Note that init-nvram
also does this operation.
Command Get-sysctl-temp (Any User)
Description Displays the current temperature value of the chassis.
This command displays the current Celsius temperature value of the chassis.
Command Get-sysctl-v3.3 (Any User)
Description Displays the current 3.3 voltage value of the chassis.
This command displays the current 3.3 voltage value of the chassis.
Command Get-sysctl-v5 (Any User)
Description Displays the current 5 voltage value of the chassis.
This command displays the current 5 voltage value of the chassis.
Command Get-sysctl-v2.5 (Any User)
Description Displays the current 2.5 voltage value of the chassis.
This command displays the current 2.5 voltage value of the chassis.
Command Get-sysctl-fan <fan number> (Any User)
Description Displays the current fan count of the chassis.
Par amet er s fan number: the fan number in the chassis.
This command displays the current fan count of the chassis. *Note 4-Slot chassis has less number
of fans than 6-Slot chassis.
System Control Commands
60
Chapter 3
Command Get-sysctl-v3.3-max (Normal User)
Description Displays the upper 3.3 voltage threshold value of the chassis.
This command displays the upper 3.3 voltage threshold value of the chassis.
Command Get-sysctl-v5-max (Normal User)
Description Displays the upper 5 voltage threshold value of the chassis.
This command displays the upper 5 voltage threshold value of the chassis.
Command Get-sysctl-v2.5-max (Normal User)
Description Displays the upper 2.5 voltage threshold value of the chassis.
This command displays the upper 2.5 voltage threshold value of the chassis.
Command Get-sysctl-v3.3-min (Normal User)
Description Displays the lower 3.3 voltage threshold value of the chassis.
This command displays the lower 3.3 voltage threshold value of the chassis.
Command Get-sysctl-v5-min (Normal User)
Description Displays the lower 5 voltage threshold value of the chassis.
This command displays the lower 5 voltage threshold value of the chassis.
Command Get-sysctl-v2.5-min (Normal User)
Description Displays the lower 2.5 voltage threshold value of the chassis.
This command displays the lower 2.5 voltage threshold value of the chassis.
Command Get-sysctl-temp-max (Normal User)
Description Displays the upper temperature threshold setting of the chassis.
This command displays the upper Celsius temperature threshold value of the chassis. Once this
value is cross, a message is sent to the appropriate message database.
61
Command Get-sysctl-temp-min (Normal User)
Description Displays the lower temperature threshold setting of the chassis.
This command displays the lower Celsius temperature threshold value of the chassis. Once this value is
cross, a message is sent to the appropriate message database.
Command Get-sysctl-fan-max (Normal User)
Description Displays the upper fan count threshold value of the chassis.
This command displays the upper fan count threshold value of the chassis.
Command Set-sysctl-fan-max <fan count> (SUPERVISOR ONLY)
Description Changes the upper fan count threshold value of the chassis.
Par amet er s fan count: the fan turn rate with a range from 0 to 255.
This command sets the upper fan count threshold value ranging from 0 to 255.
Command Set-sysctl-temp-max <temperature value> (SUPERVISOR ONLY)
Description Changes the upper temperature threshold value of the chassis.
Par amet er s temperature value: the temperature range from -127 to 127.
This command sets the upper temperature threshold value ranging from -127 to 127 Celsius.
Once this value is cross, a message is sent to the appropriate message database.
Command Set-sysctl-temp-min <temperature value> (SUPERVISOR ONLY)
Description Changes the lower temperature threshold value of the chassis.
Par amet er s temperature value: the temperature range from -127 to 127.
This command sets the lower temperature threshold value ranging from -127 to 127 Celsius.
Once this value is cross, a message is sent to the appropriate message database.
Command Set-sysctl-v5-min <voltage value> (SUPERVISOR ONLY)
Description Changes the lower 5 voltage threshold value of the chassis.
Par amet er s voltage value: the voltage threshold range from 0 to 255.
This command sets the lower 5 voltage threshold value ranging from 0 to 255. Once this value is
cross, a message is sent to the appropriate message database.
62
Chapter 3
Command Set-sysctl-v5-max <voltage value> (SUPERVISOR ONLY)
Description Changes the upper 5 voltage threshold value of the chassis.
Parameters voltage value: the voltage threshold range from 0 to 255.
This command sets the upper 5 voltage threshold value ranging from 0 to 255. Once this value is cross, a
message is sent to the appropriate message database.
Command Set-sysctl-v3.3-min <voltage value> (SUPERVISOR ONLY)
Description Changes the lower 3.3 voltage threshold value of the chassis.
This command sets the lower 3.3 voltage threshold value ranging from 0 to 255. Once this value
is cross, a message is sent to the appropriate message database.
Command Set-sysctl-v3.3-max <voltage value> (SUPERVISOR ONLY)
Description Changes the upper 3.3 voltage threshold value of the chassis.
This command sets the upper 3.3 voltage threshold value ranging from 0 to 255. Once this value
Command Set-sysctl-v2.5-min <voltage value> (SUPERVISOR ONLY)
Description Changes the lower 2.5 voltage threshold value of the chassis.
This command sets the lower 2.5 voltage threshold value ranging from 0 to 255. Once this value
Command Set-sysctl-v2.5-max <voltage value> (SUPERVISOR ONLY)
Description Changes the upper 2.5 voltage threshold value of the chassis.
This command sets the upper 2.5 voltage threshold value ranging from 0 to 255. Once this value
63
Frame Generator
Command Frm-gen (Any User)
Description Show the system frame-generator commands.
Command Get-fg-tbl (Any User)
Description Show the system frame-generator table.
The frame generator is an engine, which allows you to send pre-determined frames from the agent
out any particular port or group of ports. The agent may hold several frame generators at once
(either active or suspended). This command lists the status of all the configured frame
generators, including to which group the frames will be sent, whether the generator is active, and
how many frames have been sent.
Command New-fg <frame-length> <dest-port-list> (Normal User)
Description Make a new frame generator session.
Parameters frame-length: in bytes w/o CRC 60 to 1514
Dest-port-list: from get-grp-tbl
This command will allocate the resources necessary for a frame generator session. You must
specify the size of the frames to be sent, and the group-id of the group of ports to which the
frames will be sent. Use the other frame generator commands to fill in the necessary frame
contents. The administrative interface will display the number of the newly allocated frame
generator session. Note: no frames will be sent as a result of this command you must use the
start-fg command to begin transmission.
Command Get-fg-entry <id> (Any User)
Description Get the frame generator information for a particular entry.
Parameters id: from get-fg-tbl
If the given frame generator id is an allocated number, then this command will show the contents
of the frame, including source and destination MAC address, frame type or 802.3 length,
background fill pattern, and size. In addition, the number of frames sent and the rate at which
they are being sent will be displayed.
Frame Generator Commands
64
Chapter 3
Command Del-fg-entry <id> (Normal User)
Description Remove the resources for a frame generator.
Par amet er s id: from get-fg-tbl
This command will remove the frame generator from the system.
Command Start-fg <id> <number> <rate> (Normal User)
Description Start a frame generator.
Number: how many frames to send
Rate: frames per second
The given frame generator (if allocated) will be started with the already specified parameters. The
frame rate is in frames per second, and the generator will remain active until the specified number
of frames is sent. At this point, the frame generator is still available to restart (using start-fg
again), or may be removed if desired (by using del-fg-entry).
Command Stop-fg <id> (Normal User)
Description Stop a frame generator
The stated frame generator (if active) will be stopped immediately, as if it had sent all of the
requested frames. Note: the frame generator, while inactive, is still available for starting or
removing.
Command Set-fg-frame <id> <dest-MAC> <src-MAC> (Normal User)
Description Set the MAC addresses for a frame generator frame.
Dest-MAC: xx-xx-xx-xx-xx-xx MAC address in hex format
Src-MAC: xx-xx-xx-xx-xx-xx MAC address in hex format
The MAC addresses for the stated frame generator (from new-fg) will be modified. This
command may only be used while the frame generator is inactive (see stop-fg, start-fg).
65
Command Set-fg-type <id> <type> (Normal User)
Description Set the ether-type or 802.3 length for a frame generator frame.
Par amet er s id: from get-fg-tbl
Type: 0x(type) or length
If the type argument begins with 0x, then the type will be read in hexadecimal format,
otherwise in decimal format. Thus to enter the type corresponding to IP frames, use 0x0800,
for ARP 0x0806, and to specify an 802.3 length of 100 bytes, just use 100. If an 802.3 length
is specified (the default), then the actual length of the frame will be placed in the length field,
regardless of what the user enters here. If an ether-type is specified, then that type will be placed
directly in the type field. Note: the 802.3 length field overlaps with the ether-type field. The
distinction is that any number bigger than 0x600 is typically an ether-type and smaller numbers
are considered 802.3 lengths.
Command Set-fg-pat <id> <pattern> (Normal User)
Description Set the fill-pattern for a frame generator frame.
Pattern: xx-xx-xx-xx background pattern in hex format
The fill pattern will be written into the bytes other that the first 14 (DA, SA, and TYPE).
66
Chapter 3
IP
Command Ip (Any User)
Description Show the IP commands.
Command Ip-clr-nv (SUPERVISOR ONLY)
Description Clear the IP NVRAM database.
All IP parameters will be reset to the system defaults, including IP addresses, gateway, etc.
Command Get-prv-ip-cfg (Any User)
Description Show the full IP configuration of the private interface.
The private interface (the 10Base-T attachment on the control board) has its own IP configuration.
In cases where IP commands take port numbers, prv can usually be substituted to refer to this
interface. This command will list the IP address, sub-net mask, and IP broadcast for the private
interface.
Command Get-prv-ip (Any User)
Description Show the private interface IP address.
Command Set-prv-ip <ip-address> (SUPERVISOR ONLY)
Description Set the private interface IP address.
Parameters ip-address: dotted decimal for new IP address
Enter the IP address in dotted-decimal notation, e.g. 192.168.1.1. If there is no private IP
address already set for the device, then the change will take effect immediately. Otherwise, the
change will not take effect until the next software start. The net mask and broadcast address are
calculated based on the IP address.
Command Set-prv-ip-cfg <ip> <netmask> <broadcast> (SUPERVISOR ONLY)
Description Set the private interface IP configuration.
Parameters ip: new IP address in dotted decimal notation
Netmask: new IP netmask
Broadcast: new IP broadcast
Enter all three addresses in dotted decimal notation. If there is no private IP address already set for the
67
device, then the change will take effect immediately. Otherwise, the change will take effect on the next
software start.
Broadcast: new IP broadcast
Enter all three addresses in dotted decimal notation. If there is no IP address already set for the
switching ports on the device, then the change will take effect immediately. Otherwise, the change will
not take effect until the next software start.
Command Get-ip-cfg (Any User)
Description Show the full IP configuration of the switching ports.
The switching ports share a single IP address, which can be displayed with this command. In
addition, this command will show the sub-net mask and IP broadcast address shared by these
ports. *Note: this IP configuration is completely separate from the private interface IP
configuration, and can be on the same or different sub-nets, with the same or different addresses.
Command Get-ip (Any User)
Description Show the IP address of the switching ports.
Command Set-ip <ip-address> (SUPERVISOR ONLY)
Description Set the IP address of the switching ports.
Parameters: ip-address: new IP address in dotted decimal notation.
Enter the IP address in dotted decimal notation, e.g. 192.168.200.4. If there is no IP address
already set for the switching ports on the device, then the change will take effect immediately.
Otherwise, the change will not take effect until the next software start. The net mask and
broadcast address are calculated based on the IP address.
Command Set-ip-cfg <ip> <netmask> <broadcast> (SUPERVISOR ONLY)
Description Set the IP configuration of the switching ports.
Parameters ip: new IP address in dotted decimal notation
Netmask: new IP netmask
Command Get-bootp (Any User)
Description Display the state of the BOOTP machine.
BOOTP is a protocol by which a networking device can get IP and other configuration from a server that
responds to the ethernet broadcast address. The device runs BOOTP after the self-test operation, but
before loading the SNMP agent software. The BOOTP process can be enabled or disabled.
IP Commands
68
Chapter 3
Command Set-bootp <enable/disable> (SUPERVISOR ONLY)
Description Set the state of the BOOTP machine.
Parameters Enable: enable, disable
You can either enable or disable the BOOTP process with this command. On the next boot of
the device (cold-reset or power off/on), the BOOTP process will only run if enabled.
Command Set-gatew <gw-ip> (SUPERVISOR ONLY)
Description Set the default gateway of the device.
Parameters gw-ip: new default gateway IP address
This IP address will be used as the default gateway to reach hosts that are on neither the sub-net
of the private interface nor the sub-net of the switching ports. The address should be on the sub-
net of either the private interface or the switching ports.
Command Get-gatew (Any User)
Description Show the default gateway of the device.
If the stated gateway is 000.000.000.000, then the device will not use a default gateway, and will
be unable to communicate with other devices which are not on the sub-net of either the private
interface or the switching ports.
Command Get-arp-tbl (Any User)
Description Show the ARP table of the device.
The ARP protocol translates an IP address into the MAC address to which to send ethernet
frames. The table will show the interface (from MIB-II) on which the entry is learned in addition
to the addresses. Also, the physical port number corresponding to that interface will be listed. In
the case that the ARP entry was learned on the private interface, the port number will show prv.
Command Del-arp-entry <ip-address> (Normal User)
Description Delete the ARP entry associated with the given IP address.
Parameters ip-address: Address of ARP entry to delete, or * for all entries
If you type *, then all ARP entries will be deleted. If the device does not have an ARP entry for
a host to which it needs to send data, then the device must issue an ARP request. When the
response is received, the table will be updated and the data will be sent.
69
IP Commands
Command Add-arp-entry <ip-address> <MAC-address> <port> (Normal User)
Description Add an ARP entry.
Parameters ip-address: IP address of ARP entry to add
MAC-address: physical address to associate with given IP address
Port: port number to install ARP entry on, or prv for the private interface
The IP address should be on the same sub-net as either the private interface or the switching ports. If it is
necessary to add an ARP entry for a host that is connected to the private interface, then the port
argument should be prv. Use get-arp-tbl to verify that the entry was installed properly.
Command Get-def-ttl (Any User)
Description Show the default TTL.
The Time-To-Live (TTL) is a parameter in IP, which specifies the maximum router hop-count that a frame
may travel. The default TTL will be used on frames generated by the SNMP agent (such as SNMP
response frames, SNMP Traps, TFTP frames, etc.). Under most situations, the default value of 20 is
sufficient.
Command Set-def-ttl <new-ttl> (Normal User)
Description Set the default TTL.
Parameters new-ttl: New Time-To-Live parameter 5 to 255
If it is necessary to change the TTL, use this command. The only situation under which it might be
necessary is if there are many routers between the management station and the device being managed
(such as connections across the Internet).
Command Ping <ip-address> <number> (Any User)
Description Start a ping process.
Parameters ip-address: IP address of host to ping
Number: how many frames to send (1 per second)
The system can support multiple simultaneous ping processes. The destination will be pinged about
once per second until the requested number (or forever for the number 0). To stop a ping, use ^c or ping-
stop. The administrative interface will display either response received or response timed out. The
timeout is one second.
Command Ping-stop <ip-address> (Any User)
Description Stop a ping process.
70
Chapter 3
Parameters ip-address: IP address of station to stop pinging
This command will stop a ping process to the stated IP address. If more than one session is currently
pinging the stated address, only the first one will be stopped. The command may be repeated (! Or ^p),
or you can use ^c to stop ALL pings from the current log-in session.
Command Get-ping-info (Any User)
Description Show the currently active ping sessions.
This command will show what ping sessions are currently active. Use ping-stop or ^c to stop active
sessions. The information displayed includes the number of frames sent and received.
71
SNMP
Command Snmp (Any User)
Description Show the SNMP commands.
Command snmp-clr-nv (Normal User)
Description Clears the SNMP nvram.
This command clears the SNMP nvram
Command Get-traps (Normal User)
Description Show the SNMP Trap table.
This table lists the recipients of any SNMP traps, and the communities that will be sent to those
hosts. SNMP Traps are issued on particular conditions, some are warnings and some are
informational only. Examples include: Cold Restart, Link Up/Down, Topology Change, and
others.
Command Add-trap <ip-address> <community> (Normal User)
Description Add a host to the SNMP Traps table.
Parameters ip-address: IP address of host to add to trap table
Community: community string to send to host
This command allows the user to add a new host to the list of recipients of SNMP Traps. Also,
use this command to change the community associated with an installed host.
Command Del-trap <ip-address> (Normal User)
Description Remove a host from the SNMP Traps table.
Parameters ip-address: IP address of host to remove from traps table
SNMP Traps will no longer be sent to the address listed.
Command Get-comm <community> (SUPERVISOR ONLY)
Description Show an SNMP Community String.
Parameters community: read, write or *
SNMP Commands
72
Chapter 3
SNMP Community Strings are like passwords. There are two available strings, read, and write. An
SNMP manager may use the read community string to get information from the device. To modify any
configuration, the user must use the write community string. To display both the read and write strings,
enter *.
Command Set-comm <community > <new-string> (SUPERVISOR ONLY)
Description Adjust an SNMP Community String.
Parameters community: read or write
New-string: any text up to 15 characters
The user must modify only one Community String at a time, either read or write. If the user
wants to put any spaces inside the string, use quotation marks around the text.
Command set-auth <auth-mode > (SUPERVISOR ONLY)
Description Modifies the traps authentication mode.
Parameters Auth-mode: enable, disable
This command enables or disables the SNMP authenication traps when an invalid community
string is received.
Command get-auth (Any User)
Description Displays the traps authentication mode.
Parameters Auth-mode: enable, disable
This command displays the contents of the traps authentication mode.
73
Learn Table
Command Switch-db (Any User)
Description Show the commands related to the switching database, or learning table of the device.
Command Get-lt-16 <start> (Any User)
Description Display 16 learn-table entries.
Parameters start: index in learning table to start dump from
The device keeps a MAC address cache, which is known as a learn-table. This cache tells the device how
to forward each receive frame. The information displayed with each entry in the learn-table includes the
MAC address itself, whether the address is locked in the table (i.e., will be deleted only manually), and
the destination port. In some cases, the term Custom Filter will be used for an address. This means
that the address was not learned normally by the switch, but was instead installed directly either by the
SNMP Agent or by a user. The get-lt-filter command may be used to find out how the switch will
forward frames with this address.
Command Get-lt-filter <MAC-address> (Any User)
Description Show the filter associated with the given address.
Parameters MAC-address: xx-xx-xx-xx-xx-xx MAC address in hex format
The filter is a list of which destination ports will get any frames sent to the given MAC address. There is
a different filter for the MAC address coming from each (source) port. Thus, for example, a frame sent to
a MAC address that is learned on port 5 would be forwarded to only port 5 if the source port is not port
5. If the source port is port 5, then the frame will be filtered (dropped) by the switch. If the MAC address
is not in the learning table of the switch, the filter displayed will be the filter used for unknown
addresses.
Command Add-lt-entry <MAC-address> <lock> <port> (Normal User)
Description Add an entry to the learning table.
Lock: lock-on or lock-off
Port: port number
This command will place the given MAC address into the learning table at the first available spot. If
lock-on is specified, the address will be locked in the cache, and not deleted by the system (except for a
reset). A user can, of course, delete this address by using del-lt-entry or del-lt-addr. If lock-off is
specified, then the address will be aged out automatically at the end of the next aging period. The
address will be installed as if it had been learned on the given port.
Learn Table Commands
74
Chapter 3
Command get-lt-mfilter (Any User)
Description Gets the filter for the mac address for the stated module
Parameters MAC-address { xx-xx-xx-xx-xx-xx } in hex format
Module Number { 1..4 }
Command Get-lt-age (Any User)
Description Show the current aging time.
The aging time of the device is the maximum length of time any unlocked address will be kept in the
learning table. Deleting old addresses makes room for new addresses, and so if the size of the network
(number of hosts) is larger than the learning table size, a smaller aging time is preferable. However, in
most situations, the number of devices on the LAN is smaller than the number of available entries in the
cache. The Spanning Tree Process (IEEE 802.1d) can change the aging time temporarily to allow the
network devices to clear old information following a topology change.
Command Set-lt-age <database> <new-time> (Normal User)
Description Set the aging time.
Parameters database: run, nvram, or all
New-time: 10 to 11000, in seconds
There are three options for the database parameter. run specifies that only the current aging time will
be modified. In this case the change will take effect immediately unless there is a Spanning Tree
topology change in process. In that case the new aging time will take effect after the topology change is
finished. nvram specifies only to save the information to the permanent database. The change will
not take effect until the next boot. all will save the information to the permanent database and also
change the active aging time (subject to the same Spanning Tree limitation).
Command Find-lt-addr <MAC-address> (Any User)
Description Query the learning table to find a MAC address.
If the given MAC address is in the learning table, the entry for it will be shown. This command
may be used to check if the switch knows a particular address. Use add-lt-entry to install new
addresses if necessary.
75
Command Del-lt-entry <index> (Normal User)
Description Delete a learning table entry by index.
Parameters index: from get-lt-16, find-lt-addr, or get-lt-filter
The entry number to give when using this command is displayed by the find-lt-addr, get-lt-filter, and get-
lt-16 commands. This command may be used to remove any locked address, except those owned by the
SNMP agent itself (e.g., the broadcast address ff-ff-ff-ff-ff-ff, and the private management addresses of the
various ports).
Command Del-lt-addr <MAC-address> (Normal User)
Description Delete a learning table entry by MAC address.
Parameters MAC-address: { xx-xx-xx-xx-xx-xx } MAC address in hex format
This command is a shortcut for find-lt-addr plus del-lt-entry.
76
Chapter 3
VLAN
The VLAN Engine commands all follow the same formula. There are six database types: Trustee Lists,
Tag Lists, Policies, VLANs, Custom Filters, and Port Mirrors. In addition, each database type is kept
both in a running database and the NVRAM database. In each case there are several commands. First
there are creation and deletion commands (new-xxx, and del-xxx). Second, there are information
commands. Get-xxx-tbl shows a list of all of the entries in the particular database, with some useful
information about each. Get-xxx-entry lists detailed information about a particular entry in the given
database. There are several xxx-yyy commands, which adjust the data in the database. Finally, there are
some additional commands for backwards-compatibility or for system control, e.g. set-sec-vlan and vlan-
clr-nv.
Command Get-tl-tbl <dbase> (Any User)
Description Show the list of Trustee Lists
Parameters Dbase: run, nvram
This command shows the Trustee Lists that have been configured on the system. You may look at either
the NVRAM database or the Running database (but not both at the same time). The table shows the ID of
each entry, whether or not the entry is in use by any Policy, and how many MAC addresses are on the
list.
Command Get-tl-entry <dbase> <id> (Any User)
Description Show the Trustee List Contents
Id: valid Trustee List ID (from get-tl-tbl)
This command displays the full contents of a particular Trustee List entry. You may look at an entry
from either the Running or NVRAM databases. The information shown includes the ID of the Trustee
List (as typed by the user), whether it is in use by any Policy, and how many MAC addresses are on the
list. In addition, the full list of MAC addresses on the Trustee List will be shown.
Command New-tl <dbase> <mac> (SUPERVISOR ONLY)
Description Make a new Trustee List
Parameters Dbase: run, nvram, all
Mac: Initial MAC address to add to new List (xx-xx-xx-xx-xx-xx)
Use this command to create a new Trustee List. The user may create the new list in the Running
database, the NVRAM database, or in both at the same time (using all). The user must give a MAC
address with which to start the list. A new list will be created and the stated MAC address will be added
77
to it in whichever database(s) you specify. See tl-add-mac for details on this process. A MAC address
may be on only one Trustee List at a time. If the user enters a MAC address that is already on a Trustee
List in the specified database, an empty list will be created. An error message will be returned, stating
Object is already/still in use. This error means that there is already a Trustee List that contains the
specified MAC address. The new Trustee List entries are created individually in the two databases if
all is specified. In this case, an error which affects the Running Database will not cause any problem
with the NVRAM database i.e., the entry will be added to each database irrespective of the success of
the other database. *Note: the Trustee List may have a different ID for the Running Database as for the
NVRAM Database, depending on the preexisting configuration.
Command Del-tl <dbase> <id> (SUPERVISOR ONLY)
Description Delete a Trustee List
Id: Valid Trustee List ID
This command removes the resources used by a Trustee List. First, all of the MAC addresses on the
Trustee List will be removed. See tl-del-mac for further details on this process. After the list is cleared of
MAC addresses, it will be deleted from the requested database. The user may delete lists from the
Running or NVRAM database, or both at the same time, using all. If the Trustee List is in use (see get-
tl-tbl) by any Policy, then the user may not delete it. First remove the Trustee List from the Policies that
are using it, and then the user may safely remove the Trustee List itself. See pol-set-tl and del-pol for
further details. In the case where all is specified, the entries are deleted from the two databases
separately. That is, any error removing the list from the Running Database will not affect removal from
the NVRAM database.
Command Tl-add-mac <dbase> <id> <mac> (SUPERVISOR ONLY)
Description Add a MAC Address to a Trustee List
Mac: Unique MAC Address (xx-xx-xx-xx-xx-xx)
Use this command to create the list of MAC addresses needed in the stated Trustee List. As in new-tl, a
MAC address can only belong to one Trustee List at a time. The command will fail if this Trustee List or
another Trustee List already owns the MAC address. Use the get-tl-tbl and get-tl-entry commands to see
which MAC addresses are in use. The user may add a MAC address to a Trustee List in the Running
Database, the NVRAM database, or both, using all. In the case where the MAC address is added to the
Running database, some extra processing is done. If the MAC address is already known by the system, it
will be locked into the system database. Otherwise, the MAC address will be installed into the system
with a special marker, Unlearned. If the station using that MAC address moves, the system will learn
the new location. This type of locking is used only for Trustee List MAC addresses. In simple terms, the
VLAN Commands
78
Chapter 3
address is learned, but not aged. If the user enter an address into the Learn Table locked (this means no
relearning and no aging), the process of adding it to a Trustee List will not affect the entry in the Learn
Table. If all is used, and there is an error adding the MAC address to one database, the MAC address
will still be added to the other database.
Command Tl-del-mac <dbase> <id> <mac> (SUPERVISOR ONLY)
Description Remove a MAC Address from a Trustee List
Mac: MAC Address on IDs List (xx-xx-xx-xx-xx-xx)
This command may be used to remove a MAC address from a Trustee List in either the Running or
NVRAM databases, or both. If the MAC address is on the Trustee List in only one of the databases, and
all is used, it will still be cleared from the other database. Use the get-tl-tbl and get-tl-entry commands
to see what MAC addresses are on which Trustee Lists. If a MAC address is removed from a Trustee List
in the Running database, its entry in the Learning Table will be unlocked, but the entry will remain. This
means that the entry will behave as a normal learned address from that point forward. It will be
relearned, and aged out as normal. Note that this means that if the user enter an address into the Learn
Table, locked, and then add it to a Trustee List, and then remove it from a Trustee List, it will become
unlocked, and subject to aging, but not relearning. Use caution in assigning MAC addresses to Trustee
Lists. In general, simply allow the system to determine the locking of MAC addresses on Trustee Lists.
Command Get-tagl-tbl <dbase> (Any User)
Description Show the list of Tag Lists
This command shows the list of Tag Lists in the specified database. The user may look at either the
Running database or the NVRAM database, but not both at the same time. The Tag List Table shows the
ID of each Tag List, whether the Tag List is in use by any Policy, and how many Tags are on the Tag List.
Command Get-tagl-entry <dbase> <id> (Any User)
Description Show the Tag List Contents
Id: Valid Tag List ID
This command shows the contents of a single Tag List entry in either the Running or NVRAM database.
The information displayed includes the database ID as given by the user, whether the Tag List is in use
by any Policy, and the number of Tags on the Tag List. In addition, a detailed list of which Tags are used
by this Tag List is displayed.
79
VLAN Commands
Command New-tagl <dbase> <tag> (SUPERVISOR ONLY)
Description Make new Tag List
Tag: Valid Unique VLAN Tag (2-4094)
Use this command to make a new Tag List. The command will return a Tag List ID for each database
entered. This number will be used in the other Tag List commands, as well as in pol-set-tl. *Note: The
Tag List may have a different ID for the Running Database as for the NVRAM Database, depending on
the preexisting configuration. The user may create the Tag List in the Running Database, the NVRAM
database, or both (using all). The user must specify an initial Tag to add to the new Tag List. See tagl-
add-tag for details on what is a valid VLAN tag.). A Tag may only be on one Tag List at a time, so if the
given Tag is already in use by another Tag List, the message Object is already/still in use will appear,
indicating that the Tag in question is already in use by another Tag List. In this case, an empty Tag List
will be added to the stated database. If an error occurs in one database while writing to both, then the
other database will contain the full Tag List information.
Command Del-tagl <dbase> <id> (SUPERVISOR ONLY)
Description Delete a Tag List
This command removes the resources used by the stated Tag List. <tagl-id> is the one returned from the
new-tagl command, or may be taken from the get-tagl-tbl command. The user may delete the Tag List
from the Running database, the NVRAM database, or both at the same time, using all. If the Tag List is
currently in use by a Policy, then the deletion will be prohibited. Use the del-pol or pol-set-tl command
before del-tagl. *Note: a Tag List in the Running Database may be identical to a Tag List in the NVRAM
Database, with a different <tagl-id>. This command will delete the Tag List with the specified <tagl-id>
regardless of the content of that List, so be careful when deleting from all databases.
Command Tagl-add-tag <dbase> <id> <tag> (SUPERVISOR ONLY)
Description Add a Tag to a Tag List
Tag: Valid Unique VLAN Tag (2-4094)
Use this command to add new Tags to a Tag List. The user can add Tags to Tag Lists in the Running
database, the NVRAM database, or both. A Tag can be on only one Tag List at a time, so if the stated Tag
List already owns the Tag, or another Tag List owns the Tag, then the command will fail. The user may
type in any valid 802.1Q VLAN Tag. This means a decimal number from 2 to 4094. The IEEE reserves
80
Chapter 3
tags 0 and 1 for internal use. If the tagl-add-tag command cannot add a Tag to the Tag List in only one of
the two databases (when using all), the Tag will be added to the Tag List in the other database
successfully.
Command Tagl-del-tag <dbase> <id> <tag> (SUPERVISOR ONLY)
Description Remove a Tag from a Tag List
Tag: Tag from ID (2-4094)
This command removes a Tag from a Tag List. The user may perform this operation in the Running
database, the NVRAM database, or both. Obviously, the stated database(s) must contain the Tag to be
deleted. If, however, only one of the databases has the Tag, and the user request all, then the Tag will
be deleted from the database that owns the Tag. The other database will be unaffected.
Command Get-pol-tbl <dbase> (Any User)
Description Show list of Policies
This command shows the list of Policies currently installed in the system. The user may look at the
Running or NVRAM database, but not both at the same time. The information shown in the table
includes the database ID, whether or not the Policy is in use specifically by any VLAN, Custom Filter, or
Port Mirror, the type of Policy (adr -> Address Based, or tag -> 802.1Q Tag based), and which protocols
are included in the Policy. In addition, if the Policy is a default Policy for the type and protocols listed,
this will be indicated by the term (Def) added after the type string. If the Policy is not a default Policy,
and is using a Tag List (for type tag) or Trustee List (for type adr), then the ID of the Tag/Trustee List
will be placed in parentheses after the type string.
Command Get-pol-entry <dbase> <id> (Any User)
Description Show Policy Contents
Id: Valid Policy ID
This command shows the full contents of a Policy in either the Running database or the NVRAM
database. The information shown includes the database ID (as given by the user), whether or not the
Policy is in use by a VLAN, Custom Filter, or Port Mirror, what type the Policy is, address based (adr)
or 802.1Q Tag based (tag), and which protocols are included in the Policy. In addition if the Policy is a
default Policy for the type and protocols, then this will be indicated by the term (Def) after the type
string. Otherwise, if there is a Tag or Trustee List associated with the Policy; this will be shown along
with a list of which MAC addresses or Tags are on the associated Tag/Trustee List.
81
VLAN Commands
Command New-pol <dbase> <type> <proto> <default> (SUPERVISOR ONLY)
Description Make a new Policy
Type: adr (address based), tag (802.1q Tag based)
Proto: List of protocols (ip-ipx-atalk-other, or all)
Default: yes, no
This command makes a new Policy in the Running database, the NVRAM database, or both. the user
must enter the type of the Policy, either Source MAC Address Based (adr), or IEEE 802.1Q Tag Based
(tag). The user must also provide the list of which protocols the Policy will use. Remember to enable
any protocol that is being used, with the set-proto-enb command. Finally, if the Policy should be a
default Policy for the type and protocols, then enter yes for the default parameter. Otherwise, enter
no. If yes is entered, there will not be able to set a Trustee List or Tag List for this Policy. This Policy
will encompass any frame that matches the type and protocols and does not have a representation in a
Tag List or Trustee List. If no is entered for the default parameter, the new Policy will not have any
impact on existing traffic. The user must specify a Tag List ID or Trustee List ID. Then this Policy will
encompass any frames that match the type and protocol criteria, and also match the criteria from the
Tag/Trustee List. The user may not enter overlapping default Policies. In other words, you may not add
an adr ip-ipx yes Policy and then also add an adr ip-atalk yes Policy. Instead, if a similar
behavior is desired, create individual Policies for ip, ipx, and atalk, and add them to VLANs as desired.
If a Policy is entered as a default Policy when there is already a Policy acting as a default Policy for the
type and any of the protocols, then the error message, This Element would overlap with an existing
one will appear. The user may change any parameter of a Policy later, except for the type. If a 802.1Q
Tag based Policies is maded, remember to enable the Tag Detection process, using the set-vlan-enb
command. *Note: the Policy may have a different ID for the Running Database as for the NVRAM
Database, depending on the preexisting configuration.
Command Del-pol <dbase> <id> (SUPERVISOR ONLY)
Description Delete a Policy
Id: Valid Policy ID
This command removes the resources allocated for a Policy. The user may delete Policies in either the
Running or NVRAM database or both at the same time. If the Policy is in use by any VLAN, Custom
Filter, or Port Mirror, the user may not delete it. If the Policy uses a Trustee List or a Tag List, then
deleting the Policy will free up the Tag/Trustee List for deletion. *Note: a Policy in the Running
Database may be identical to a Policy in the NVRAM Database, with a different <pol-id>. This
command will delete the Policy with the specified <pol-id> regardless of the content of the Policy, so be
careful when deleting from all databases. A Policy may not deleted that is in use by a Port Mirror,
VLAN, TCI, or Custom Filter
82
Chapter 3
Command Pol-set-tl <dbase> <id> <tl-id> (SUPERVISOR ONLY)
Description Set Tag/Trustee List for a Policy
Id: Valid Policy ID
Tl-id: Valid Tag/Trustee List ID, or none
Use this command, if the Policy is not a default Policy, to set the Tag List or Trustee List that the Policy
will use. You may make this adjustment in the Running or NVRAM database, or both. If the type of the
Policy is Source MAC Address Based (see get-pol-tbl, get-pol-entry, new-pol), then the tl-id must be a
Trustee List ID. If the type of the Policy is IEEE 802.1Q Tag Based, then the tl-id must be a Tag List ID.
The user may also enter none for the Tag/Trustee List ID. In this case, the Policy will remain in the
system, but will not match any incoming data. If the Policy already had a Trustee/Tag List associated
with it, then this list will become free for deletion or for use in another Policy. Information may not
overlap between two Policies. For example, if some other Policy shares a protocol with this Policy, the
user may not set the Tag/Trustee List to the same one as the other Policy has (obviously this is irrelevant
if the other Policy is a default). The user may use the same Trustee/Tag List on more than one Policy;
provided that these Policies do not share any protocols. If the Policy is already a default Policy, then you
may not set the Tag/Trustee List. Use the command pol-set-def to make the Policy not a default Policy
first, and then you may use this command.
Command Pol-set-proto <dbase> <id> <proto> (SUPERVISOR ONLY)
Description Set Protocol List for Policy
Id: Valid Policy ID
Proto: List of protocols (ipx-ip-atalk-other, or all)
This command modifies which protocols the Policy will contain. You may set this in the Running
database, the NVRAM database, or both. Overlapping Policy information are not allowed. That is, if by
changing the protocols on this Policy, it would overlap with another, then the operation will be
prohibited. To determine if two Policies will overlap, use the following algorithm. If the two Policies
have the same type (adr, tag), share at least one protocol, and are both default, then overlap occurs.
If the two Policies have the same type, share at least one protocol, neither is default, and they both use the
same Tag or Trustee List, then overlap also occurs. If this command would create an overlap, the
statement, This Element would overlap with an existing one will be displayed. Remember to use the
set-proto-enb command to enable the detection of whichever protocols are being used in Policies.
83
VLAN Commands
Command Pol-set-name <dbase> <id> <name> (Normal User)
Description Set the Name of the Policy
Id: Valid Policy ID
Name: A text string
This command may be used to set the name of a particular Policy specified by <pol-id> in database.
Command Pol-set-def <dbase> <id> <default> (SUPERVISOR ONLY)
Description Set Policy to default, or non-default
Id: Valid Policy ID
Default: yes, no
This command may be used to set a Policy to be a default Policy, or to be a non-default Policy.
The user may make this change in the Running Database, the NVRAM database, or both. If the
Policy is set to be a default Policy, it may not overlap with any existing default Policy, that is, it
may not share protocols with other default Policies which are of the same type. Use the pol-set-
proto command to change the protocols which a Policy is using. After setting a Policy to be a
non-default Policy, there will be no data which matches the Policy definition, until a Trustee List
or Tag List is assigned to the Policy.
Command Set-proto-enb <dbase> <proto> <enable> (Normal User)
Description Enable/Disable Protocol Detection
Proto: List of Protocols (ip-ipx-atalk, or all)
Enable: yes, no
This command enables or disables the detection of the various protocols. The system is capable of
recognizing Internet Protocol (ip) frames, Internet Packet Exchange (ipx) frames, and AppleTalk (atalk)
frames. The VLAN Engine will treat a frame that arrives on the switch with a protocol that is disabled as
other. To ensure that the VLAN Engine handles the protocols separately, use this command to enable
them. This process may be enabled separately in the NVRAM and Running databases, or both at the
same time. If the enable parameter is yes, then
each protocol in the list of protocols will be enabled in the specified database(s). The other
protocols (those not listed) will not be modified. If the enable parameter is no, then each
protocol in the list of protocols will be disabled in the specified database(s). The other protocols
(those not listed) will not be modified. After the command completes, the configuration of the
requested database(s) will be listed.
84
Chapter 3
Command Get-proto-enb <dbase> (Any User)
Description Show Protocol Detection Enable State
Use this command to see what the current status of the various protocols in the Running or NVRAM
database.
Command Set-vlan-enb <dbase> <port-list> <enable> (Normal User)
Description Enable/Disable VLAN Tag Detection
Port-list: List of Ports (1,2..5)
Enable: yes, no
This command adjusts the VLAN Tag Detection process for some or all of the ports on the device. This
parameter can be adjusted in the Running Database, the NVRAM database, or both. If the enable state is
yes, then for each port in the list of ports, the VLAN Tag Detection process will be enabled in the
specified database(s). If enable is no, then the VLAN Tag Detection process will be disabled. In either
case, ports not listed will not be affected. The information stored in the NVRAM database is attached to
the physical location of the port on the unit. That is, if you move a card from one slot to another, the
configuration will stay in the same slot on the unit, and will not move with the card. After this command
completes, the state of all the ports on the device will be shown for the database(s) that changed.
Command Get-vlan-enb <dbase> (Any User)
Description Show VLAN Tag Detection Enable State
This command shows the VLAN Tag Detection process state for the Running or NVRAM database for all
the ports.
Command Get-vlan-tbl <dbase> (Any User)
Description Show the list of VLANs
This command shows the list of VLANs enabled on the system. The user may see the list in either the
Running or NVRAM database, but not both. The information shown with each entry includes the
database ID, the type of the VLAN (Virtual Broadcast Domain VBC, or Security Virtual LAN SVLAN),
and the name of the VLAN.
85
VLAN Commands
Command Get-vlan-entry <dbase> <id> (Any User)
Description Show the VLAN Contents
ID: Valid VLAN ID
This command shows the contents of the specified VLAN, either in the Running database or the
NVRAM database. The information displayed includes the database ID (as entered by the user), the
type of the VLAN (VBC or SVLAN), and the name of the VLAN. In addition, the priority of the
VLAN is displayed, as is the Policy ID this VLAN uses. If the VLAN applies to all policies, then this
will be shown as well. Finally, the list of ports on the VLAN is displayed. The operation of a
VLAN is as follows. If a frame which matches the criteria in the VLAN (including Policy and
source port), then the VLAN owns the frame. It will then be forwarded to its destination only if
the destination port is on the VLAN. If the frame is unknown or broadcast, then it will be
forwarded to all the other ports (except the source port) on the VLAN. The difference between
Security VLANs and Virtual Broadcast Domains is that Virtual Broadcast Domains only apply to
the Ethernet Broadcast MAC Address (ff-ff-ff-ff-ff-ff). Security Virtual LANs apply to any MAC
address for which there is not a Custom Filter, and affect the Broadcast Address.
Command New-vlan <dbase> <name> <policy> <port-list> (SUPERVISOR ONLY)
Description Make a new VLAN
Name: up to 15 characters
Policy: ID of a Policy, or all
This command adds a VLAN to the Running database, the NVRAM database, or both. The user must
provide a name for the VLAN (or for no name), a Policy ID for the VLAN to use (or all to make the
VLAN apply to all frames), and a list of ports who are members of the VLAN. This command creates a
Security Virtual LAN with the specified parameters. There is a shortcut command, set-sec-vlan which
creates a Security Virtual LAN with no name, and applying to all frames. VLANs may overlap as
desired, meaning that you may create a Virtual LAN for Policy number 1, ports 1,2, and 3, and another
VLAN for Policy 1 for ports 3 and 4. This will have the effect that frames from ports 1 and 2 which match
the criteria set out in Policy 1 will be forwarded to their destinations on ports 1,2 and 3. Frames from
port 4 will only go to port 3, and frames from port 3 may go to any port 1 through 4. In general, if there
exists at least one VLAN for the Policy that the frame matches that shares both the source port and the
destination port in the Learn Table, then the frame will be forwarded. For unknown frames and
broadcast frames, the frame will be forwarded to every port which shares at least one VLAN with the
source port and whose Policy matches the Policy of the frame. For VLANs using all Policies, the
Policy of the VLAN matches any data in the frame.
86
Chapter 3
Command Del-vlan <dbase> <id> (SUPERVISOR ONLY)
Description Delete a VLAN
Id: Valid VLAN ID
This command removes a VLAN from the system, in the Running, NVRAM or both databases. If the
VLAN uses a Policy, then that Policy will be freed up for deletion, unless it is still owned by another
VLAN or Custom Filter or Port Mirror. Delete the VLAN specified by <vlan-id> from <database>. Note
that there may be a VLAN in the Running Database which is identical to a VLAN in the NVRAM
Database but with a different ID, so be careful when deleting from both databases. Some VLANs are
configured by the system, including DirectIP and Isvlans and deletion of these VLANs are not allowed.
Command Vlan-set-name <dbase> <id> <name> (SUPERVISOR ONLY)
Description Change the Name of a VLAN
Id: Valid VLAN ID
Name: up to 15 characters
Use this command to change the name of a VLAN in the Running or NVRAM database, or in
both. The user may enter to have no name at all. The VLAN switching Engine ignores the
name. It is useful for keeping track of many VLANs. The user may share the same name
between more than 1 VLAN.
Command Vlan-set-prio <dbase> <id> <prio> (SUPERVISOR ONLY)
Description Set the Priority of a VLAN
Id: Valid VLAN ID
Prio: high, low
This command sets the Unicast priority of a VLAN. The user may set the priority in the Running
database, the NVRAM database, or both. This priority is used to determine how frames will be
treated inside the switch. If a frame is owned by at least one VLAN with high priority, the frame
will be treated with high priority. If no VLAN with high priority owns the frame, then the priority
will be low. The switch guarantees transfer for High priority frames to any and all destinations
inside the switch. Low priority frames may, if resources are unavailable, be dropped to one or
more destinations. New VLANs are created, by default, with high priority. Use this command to
adjust the priorities as desired.
87
VLAN Commands
Command Vlan-set-mcprio <dbase> <id> <prio> (SUPERVISOR ONLY)
Description Sets the Multicast priority for a policy
Id: Valid VLAN ID (from get-vlan-tbl)
Prio: high, low
Similar to Vlan-set-prio, this command sets the Multicast priority of a VLAN.
Command Vlan-set-ports <dbase> <id> <port-list> (SUPERVISOR ONLY)
Description Change the Port List of a VLAN
Id: Valid VLAN ID (from get-vlan-tbl)
This command adjusts which ports are members of a particular VLAN. The user may make this
change in the Running or NVRAM database, or both. As long as all the ports in the port list are
valid ports on the device, this command will always succeed.
Command Vlan-set-pol <dbase> <id> <policy> (SUPERVISOR ONLY)
Description Change the Policy for a VLAN
Par amet er s Dbase: run, nvram, all
Id: Valid VLAN ID
Policy: Valid Policy ID, or all
Use this command to change which Policy a VLAN uses. The user may change this parameter in the
Running database, the NVRAM database, or both. If the user want the VLAN to apply to ALL frames,
type all for the Policy ID. This will cause the VLAN to take ownership of any frame that arrives on one
of the member ports, regardless of frame content. The only exception is that Custom Filters override the
VLAN for the particular MAC addresses in them.
Command Set-sec-vlan <dbase> <port-list> (SUPERVISOR ONLY)
Description Make a Security VLAN (same as new-vlan)
This shortcut command meaning exactly: New-vlan <dbase> all <port-list>
88
Chapter 3
Command Set-vbc-domain <dbase> <port-list> (SUPERVISOR ONLY)
Description Make a Virtual Broadcast Domain
This command creates a Virtual Broadcast Domain with no name (), using all policies and owning the
stated ports. The VBC Domain may be created in the Running or NVRAM database or in both. This
command is the only way to add VBC Domains into the system. Once the VLAN is created, the user may
adjust the parameters as normal, including setting the Policy, the priority, the name, and the port list.
Virtual Broadcast Domains allow broadcast connectivity beyond that allowed by the Security Virtual
LANs. For purposes of the Ethernet Broadcast Frame, all SVLANs and VBC Domains are considered
VLANs. For other frames, only SVLANs are considered. The user may delete a VBC Domain with the
del-vlan command, as normal.
Command vlan-clr-nv (SUPERVISOR ONLY)
Description Reset NVRAM Defaults for the VLAN Engine
This command resets the NVRAM defaults for the VLAN Engine. By default, there are no
VLANs, Port Mirrors, Trustee Lists, Tag Lists, or Policies installed. The Custom Filters that are installed
by default are installed only in the Running database, so the NVRAM Custom Filter database will also
be cleared. Note that init-nvram also does this operation.
Command vlan-get-defaults (Supervisor Only)
Description Displays the default Vlan priorities
Parameters Dbase: {run, nvram}
This command shows the default Vlan priorities in the run and nvram databases
Command vlan-set-defaults <dbase> <prio> <prio> <forward data> (SUPERVISOR ONLY)
Description sets the default Vlan priorities
Priority for Unicast: low, high
Priority for Multicast: low, high
Forward Data on No VLAN: yes, no
This command sets the default Vlan priorities in the run and nvram databases.
89
VLAN Commands
Command vlan-set-deffwd <dbase> <protol><enable> (SUPERVISOR ONLY)
Description Allows a protocol to be forwarded or not
Enable: yes, no
If yes for XXX protocol, then the GFS should forward frames with XXX protocol by DEFAULT (without
any VLANS). If false, then the GFS should drop any frames with the XXX protocl by DEFAULT (without
any VLANS). This flag also applies to receiving TAGGED frames on ACCESS ports, or receiving
UNTAGGED frames on TRUNK ports (drop these if Default Forward is false for the protocol, and
forward them unmodified if DefFwd is true for the protocol).
* Note: In order for this flag to have the proper effect, there must be a policy for the protocol. If the
protocol is combined with other protocols, then the true flag ALWAYS overrides (i.e., if ANY protocol in
the policy has the flag true, then the whole policy acts as if the flag is true).
Command vlan-set-trunk <dbase> <protol><enable> (SUPERVISOR ONLY)
Description Allows trunk mode for protocols enabled
Enable: yes, no
If true for protocol XXX, then the GFS allows TRUNK mode for the protocol. This means that the ISVP
mode of ports is used to determine which ports are ACCESS and which ports are TRUNK for frames with
the XXX protocol. If false, then no port will be TRUNK for XXX protocol (regardless of ISVP mode).
* Note: In order for this flag to have the proper effect, there must be a policy for the protocol. If the
protocol is combined with other protocols, then the true flag ALWAYS overrides (i.e., if ANY protocol in
the policy has the flag true, then the whole policy acts as if the flag is true).
Command get-pol-filter (Any User)
Description gets the filter for the given MAC address
Policy id (from get-pol-tbl)
This command displays the filter information of a given MAC address.
90
Chapter 3
Command get-pol-mfilter (Any User)
Description gets the filter for the given MAC address and module
Policy id (from get-pol-tbl)
Module number { 1..4 }
This command displays the filter information for a given MAC address and module.
91
ISVLAN Commands
ISVLAN
Command new-isvlan <dbase> <port-list> <tag><name>(SUPERVISOR ONLY)
Description Creates a new vlan with database automatically configured
Name: name of new VLAN
This commands creates a new ISVLAN in <database> with the specified parameters. If the
ISVLAN is created in the Running Database, then automatically performs the following in
addition: creates a new Tag list, policy, assign the Tag list using the policy, set the name of the
policy, create a new VLAN using the policy, create another VLAN using an unspecified or Default
policies, and set the Tag Control Information(TCI). These steps are also done on bootup when
loading from NVRAM. This command returns the ID of the ISVLAN for use in the following
commands.
Command del-isvlan <dbase> <isvlan-id>(SUPERVISOR ONLY)
Description Deletes an isvlan with database automatically configured
ISVLAN: The ID of the ISVLAN to be deleted.
This command removes the isvlan-id from the database. If the Running Database is specified,
then deletes the following: Tag Control Information(TCI), VLAN that uses the Default policy,
VLAN that belongs to the Tag list, Policy to the specified Tag list, and Tag list. Thus returning
the system to the state without the ISVLAN installed.
Command get-isvlan-tbl <dbase> (Any User)
Description Shows a list of ISVLANs
This command shows the ISVLANs installed in the database. The Information displayed shows
the database ID, the Tag ID, and the name of the ISVLAN
Command get-isvlan-entry <dbase> <isvlan-id> (Any User)
Description Shows the ISVLANs content
92
Chapter 3
This command shows the detailed information about isvlan-id in the database. Displays the data
shown in get-isvlan-tbl, and additionally shows Port List, and if the ISVLAN is in the Running
Database, shows the IDs of the local VLAN, the tag VLAN, the Policy, and the Tag List used by
this ISVLAN.
Command isvlan-set-ports <dbase> <isvlan-id> <port-list> (Supervisor Only)
Description Change the Port List of a VLAN
ID: ID of the ISVLAN to set
This command adjusts the ports used by isvlan-id in the database. If the ISVLAN is in the
Running Database, then this command first does: changes the Ports that are members of VLAN
of the default Policy, changes the Ports that are members of VLAN of the Tagged Policy, deletes
the TCI entry, and then sets the TCI entry.
Command isvlan-set-name <dbase> <isvlan-id> <name> (Supervisor Only)
Description Sets the name of the ISVLAN
Name: A text string name of the ISVLAN
This command sets the name of isvlan-id in the database. If the ISVLAN is in the Running
Database, then this command additionally does: set the name of the VLAN with the Default or
unspecified Policy, set the name of the VLAN with the Tagged Policy, and set the name of the
Policy of that Tag list.
Command isvlan-set-tag <dbase> <isvlan-id> <tag> (Supervisor Only)
Description Sets the tag of the ISVLAN
This command sets the Tag used by isvlan-id in the database. If the ISVLAN is in the Running Database,
then this command additionally changes the TCI entry.
93
TCI Commands
TCI
Command isv-set-tci <dbase> <port-list> <policy> <tag> <prio> (Supervisor Only)
Description Change the TCI entry
Policy: Valid Policy ID or, all
Prio: high, low
This command adjusts the TCI for ports in the database. First, all the ports will be removed from
TCI entries that uses Policy. If the tag is specified (not none), then these ports will be removed
from the Ports Valid for Tag, and if priority is not none, these ports will be removed from Ports
Valid for Priority. Second, the ports will be installed into the TCI database with Policy into the
Ports Valid for Tag (if the tag is not none) to use Tag in the TCI. Finally, the ports will be
installed into the TCI database with Policy into the Ports Valid for Priority if <prio> is not none.
If policy is default, then the tag and priority (if specified) will be installed as the default entry
for ports.
Command isv-del-tci <dbase> <port-list> <policy> <tag> <prio> (Supervisor Only)
Description Delete the TCI entry
Prio: high, low
This command removes the TCI entry for ports from the database for the policy. If there is a tag,
then the ports will be removed from Ports Valid for Tag, and if priority is high then the ports will
be removed from Ports Valid for Priority. After this command is executed, any frame arriving on
one of the ports will use the system default TCI unless there is a port-default TCI installed for the
source port. If the Policy is default, then the Default Port TCI entry will be removed, and the
ports will use the system default (tag 1, prio 0) for a port default.
94
Chapter 3
Command isv-get-tci <dbase> <port-list> <policy> (Supervisor Only)
Description Shows the TCI contents
This command shows the TCI entry associated with port and Policy in the database. If Policy is default,
then it will show the port-based default for Port. If there is no port-based default, then the system default
TCI will be shown (tag 1, prio 0).
Command set-sys-tagging <dbase><enable> (Supervisor Only)
Description Enables or disables system tagging feature.
Enable: yes, no
This command enables or disables System Tag Generation.
Command get-sys-tagging <dbase> (Supervisor Only)
Description Shows enable/disable state of sys-tagging feature.
This command displays the System Tag Generation State.
Command isv-set-systci <dbase> <tag> <prio> (Supervisor Only)
Description Sets TCI to be used by system tagging feature.
Prio: high, low
This command sets the TCI to be used for system tagging feature.
Command isv-get-systci <dbase> (Supervisor Only)
Description Shows TCI to be used by system tagging feature.
This command displays the TCI to be used for system tagging feature.
95
Custom Filter Commands
Custom Filter
Command Get-cf-tbl <dbase> (Any User)
Description Show list of Custom Filters
This command shows the list of Custom Filters in either the Running or NVRAM database. The
information displayed shows simply the database ID, and one of the MAC addresses using the
Custom Filter.
Command Get-cf-entry <dbase> <id> (Any User)
Description Show Custom Filter Contents
Id: Valid Custom Filter ID
This command shows the full contents of a Custom Filter. The user may look at either a Running
database or a NVRAM database entry. The information displayed is the database ID (as typed
by the user), the list of MAC addresses using this Custom Filter, the priority for this Custom
Filter, and a list of Filters applying to those MAC addresses. The list of Filters in the Custom
Filter is a list of Policy plus source port list equals destination port list groups. The Custom Filter
applies to any MAC address in the Custom Filter, arriving on the switch as a destination MAC
address. If the frame contents match the Policy of one of the filters on the Filter List, and the
source port is one of the ports on the source port list, then the frame will be forwarded to every
port on the destination port list. If the frame contents do not match any Policy in the list, or if the
source port is not on the list whose Policy does match the frame contents, then the frame will be
dropped (filtered). If the frame is to be forwarded, the priority will be determined by the priority
of the Custom Filter. The default priority for Custom Filters is low. The user may not add
overlapping Filters to a Custom Filter. See cf-add-filter for details. There are several Custom
Filters used by the system that may not be adjusted by the user. First, there is a Broadcast
Custom Filter (for the Ethernet Broadcast Address). To modify the broadcast behavior, use
SVLANs and VBC Domains (above). Then, there is a Management Custom Filter that contains all
the MAC addresses to which the SNMP Agent will respond, and finally, if Spanning Tree is
enabled, there is a Spanning Tree Custom Filter, containing the Bridge Group Addresses specified
by the 802.1D Spanning Tree standard.
96
Chapter 3
Command New-cf <dbase> <mac> <lock> (SUPERVISOR ONLY)
Description Make a new Custom Filter
Mac: MAC Address for Custom Filter (xx-xx-xx-xx-xx-xx)
Lock: lock-on, lock-off (ignored in NVRAM database)
This command creates a new Custom Filter in the system. The user may create a Custom Filter in the
Running Database, the NVRAM database, or in both. The user must provide a MAC address to add to
the Custom Filter. In addition, the user may specify whether the MAC address should be locked into the
Learn Table or not. Keeping all Custom Filter entries locked in the Learn Table is STRONLGY
recommended. If a Custom Filter entry is not locked, then the MAC address is subject to aging. The lock
parameter may not be stored in NVRAM. If a MAC address is added to a Custom Filter in NVRAM, then
it will be locked in the Learn Table automatically on each boot. The new Custom Filter will have no Filter
Entries in it, so the switch will drop all frames for this MAC address until the cf-add-filter command is
used. If a Custom Filter is created in the Running database, then the MAC address will be added
immediately to the Learn Table, passing the lock parameter as in add-lt-entry (above).
Command Del-cf <dbase> <id> (SUPERVISOR ONLY)
Description Delete Custom Filter
This command removes a Custom Filter from the specified database. The user may act on the Running
database or the NVRAM database, or on both. Before removing the Custom Filter, all of the Filter Entries
will be removed, and then all of the MAC addresses on the Custom Filter will be deleted from the Learn
Table. *Note that there may be an identical Custom Filter in the Running Database and the NVRAM
Database, but with different IDs, so caution must be taken when deleting from both databases.
Command Cf-set-prio <dbase> <id> <prio> (SUPERVISOR ONLY)
Description Set the Priority for a Custom Filter
Prio: high, low
Use this command to set the priority of a Custom Filter. The user may change the Running or NVRAM
database or both. The switch will forward any frames that match the Custom Filter parameters (see
above), with the priority specified by the Custom Filter.
97
Command Cf-add-filter <dbase> <id> <policy> <src-plist> <dest-plist> (SUPERVISOR
ONLY)
Description Add a Filter Entry to a Custom Filter
Src-plist: List of Source Ports (1,2..4)
Dest-plist: List of Destination Ports (6,7)
This command adds a Filter Entry to a Custom Filter. The user may add an entry to the Running or
NVRAM database or both. A Custom Filter Entry is a policy plus a list of source ports and destination
ports. If a frame that matches the Custom Filter MAC addresses also matches a policy on a Custom Filter
Entry in the Custom Filter will be forwarded according to the particular Custom Filter Entry Policy
which it matches. If the source port is on the source port list of the particular Custom Filter Entry, then
the frame will be forwarded to all of the destination ports in that Entry, with the priority specified by the
Custom Filter itself. If the frame does not match the Policy of any Custom Filter Entry in the Custom
Filter, then the frame will be dropped. In addition, if the source port is not in the source port list of the
Custom Filter Entry whose Policy the frame does match, it will also be dropped. You may not enter
overlapping Custom Filter Entries for the same Custom Filter. This means that if, for a particular Policy,
there is already a Custom Filter Entry whose source port list contains any of the ports in the given source
port list, the request will be denied. If this happens, the error message Object is already/still in use
will appear. Use get-cf-entry to see the list of Entries on this Custom Filter. Note that you may add a
Filter Entry with all Policies. This means that any frame whose destination MAC address matches the
Custom Filter and whose source port is in the source port list will be forwarded to all of the port on the
destination port list. Obviously, this means that you may not specify overlapping all Policy Custom
Filter Entries.
Command Cf-del-filter <dbase> <id> <policy> <src-plist> (SUPERVISOR ONLY)
Description Remove Filter Entries from a Custom Filter
Src-plist: List of Source Ports (1,2..4)
This command removes ports from Custom Filter Entries in a Custom Filter. The user may make this
change in the Running database, the NVRAM database, or both. When this command is typed, the
Engine checks each Custom Filter Entry in the stated Custom Filter. If the Policy of the Custom Filter
Entry matches the entered Policy, then the given ports will be removed from that Custom Filter Entrys
source port list. If, after this, the source port list of any Custom Filter Entry is completely clear, then the
98
Chapter 3
Custom Filter Entry itself will be removed. It is important to note that all Policies always match
everything. This means that the user can remove all the Custom Filter Entries from a Custom Filter by
using all for the Policy parameter, and * for the port list parameter.
Command Cf-add-mac <dbase> <id> <mac> <lock> (SUPERVISOR ONLY)
Description Add a MAC Address to a Custom Filter
Mac: New MAC Address to add (xx-xx-xx-xx-xx-xx)
Lock: lock-on, lock-off (ignored in NVRAM database)
This command adds a MAC address to the list of MAC addresses in use by a Custom Filter. You may
change the Running Database, the NVRAM database, or both. A MAC address may belong to only one
Custom Filter at a time, so the user may not add a MAC address to a Custom Filter if it already belongs to
another Custom Filter. The new MAC address will be installed in the Learn Table, as if add-lt-entry had
been typed, with the lock parameter specified by the user. This parameter is ignored in NVRAM. All
MAC addresses in NVRAM Custom Filters will be installed locked in the Learn Table when the switch
boots. *Note: that a MAC Address may only belong to one Custom Filter.
Command Cf-del-mac <dbase> <id> <mac> (SUPERVISOR ONLY)
Description Remove a MAC Address from a Custom Filter
Mac: MAC Address to Remove (xx-xx-xx-xx-xx-xx)
This command removes a MAC address from a Custom Filter. The user may do this in the Running
database, the NVRAM database, or both. If the change is made to the Running database, the MAC
address will be deleted from the Learn Table.
99
Port Mirror Commands
Port Mirror
Command Get-pm-tbl <dbase> (Any User)
Description Show the list of Port Mirrors
This command shows the list of Port Mirrors in the requested database. The user may look at the
Running or NVRAM database. The information shown includes the database ID, whether the Port
Mirror is currently active (or will be active on the next boot, if in the NVRAM database), the
Monitor Port (also called Probe port), the Policy that this Port Mirror is looking at, and the Test
Port (the port which is being monitored). A Port Mirror may be kept in the database even if not
active. In this case, the Port Mirror does not affect any traffic flow. This is useful in the case
where you want to switch between several Port Mirrors using the same Monitor Port. The Policy
may say all. This indicates that all traffic of any kind will be forwarded according to the Port
Mirror. Otherwise, only traffic that matches the stated Policys criteria will be forwarded. The
Port Mirror process adds the Monitor Port to the ports to data that will be forwarded for frames
that arrive on, or are forwarded to the Test Port. This means that any frame that matches the
stated Policy and appears on the segment attached to the Test Port, will also appear on the
segment attached to the Monitor Port. This includes frames to stations that are learned on the
Test Port, which arrive on the switch at the Test Port.
Command New-pm <dbase> <probep> <policy> <testp> (SUPERVISOR ONLY)
Description Make and Activate a new Port Mirror
Probep: Probe (monitor) port number
Testp: Test Port number
This command creates a new Port Mirror. The user may create it in the Running Database, the
NVRAM database, or both. The new Port Mirror will automatically be activated. The Monitor
Port is the port the mirrored data will be sent. The Policy specifies the criteria of which frames
must match to be forwarded according to the Port Mirror. The Test Port is the port that the Port
Mirror is monitoring.
Command Del-pm <dbase> <id> (SUPERVISOR ONLY)
Description Delete a Port Mirror
Id: Valid Port Mirror ID
100
Chapter 3
This command removes a Port Mirror. The user may delete Port Mirrors in the Running database, the
NVRAM database, or both. Obviously, the Port Mirror will no longer affect the traffic flow in the switch.
Use pm-set-active to stop the Port Mirroring process without removing the Port Mirror from the
databases.
Command Set-mon-port <dbase> <id> <probep> (SUPERVISOR ONLY)
Description Change the Probe (monitor) Port of a Port Mirror
Probep: New Probe Port number
This command sets the Monitor Port of a Port Mirror. The user may adjust this parameter in the Running
database, the NVRAM database, or both. If the Port Mirror is currently active (and the modification is in
the Running database), the new Probe Port will immediately begin receiving the Mirrored data. The user
may not set the Monitor Port to be the same as the Test Port. If this occrurs, an error message of Type
Mismatch will be displayed.
Command Pm-set-port <dbase> <id> <probep> (SUPERVISOR ONLY)
Description Change the Probe (monitor) Port of a Port Mirror
Probep: New Probe Port number
This command is exactly the same as set-mon-port.
Command Pm-set-tport <dbase> <id> <policy> <testp> (SUPERVISOR ONLY)
Description Change the Policy and Test Port of a Port Mirror
Testp: Test Port number
This command sets the Test Port and Policy parameters of a Port Mirror. The user may change the
Running Database, the NVRAM database, or both. If the change is made in the Running database, and
the Port Mirror is active, then the Monitor Port will begin receiving the new data immediately. The user
may not set the Test Port to be the same port as the Monitor Port. If this occurs, an error message of Type
Mismatch will be displayed.
101
Command Pm-set-active <dbase> <id> <active> (SUPERVISOR ONLY)
Description Activate/Deactivate a Port Mirror
Active: yes, no
This command activates or deactivates a Port Mirror. The user may change the Running database, the
NVRAM database, or both. If the change is made to the Running database, then the Probe Port will
immediately start or stop receiving mirrored data. If a Port Mirror is deactivated
in the NVRAM database, then it will be entered into the Running database on the next switch boot,
but the Port Mirror will remain inactive until pm-set-active is issued.
102
Chapter 3
Ether Channel or Port Trunking
Command ec-set-maxports <dbase> <port-list> (SUPERVISOR ONLY)
Description Sets the maximum number of ports for Ether Channel
Maximum ports: 1, 2, 4, 8
This command sets the number of maximum ports available for Ether Channel
Command ec-get-maxports <dbase> (Any User)
Description Displays the maximum number of ports for Ether Channel
This command displays the maximum number of ports available on the Ether Channel.
Command new-ec <dbase> <name> <port-list> (SUPERVISOR ONLY)
Description Creates a new EtherChannel
Name: name of new EtherChannel
Port list: Port-list: List of Ports (1,2..4)
This command will also enable the Etherchannel ports if Spanning Tree is running. This command
will return the ID of the new Etherchannel to be used in the following commands.
Command del-ec <dbase> <name> (SUPERVISOR ONLY)
Description Deletes an Ether Channel
Name: name of the EtherChannel (from get-ec-tbl)
This commands deletes the Ether Channel ID from the database. *Note: That if the ports are still
connected, the user must have Spanning Tree running to prevent network loops.
Command get-ec-tbl <dbase> (Any User)
Description Displays an Ether Channel Table
This commands show the Ether Channels Information displayed is:
103
ID: the <ec-id> of the Etherchannel
Name: the name of the Etherchannel
Current Ports: a list of ports that are currently active (may have duplicate numbers).
If no ports are active, then only zeros will be displayed. If <database> is NVRAM, then only
zeros will be displayed.
Command get-ec-entry <dbase> <name> (Any User)
Description Displays the detailed configuration of an EtherChannel
Name: name of the EtherChannel (from get-ec-tbl)
This command shows the Ether Channel ID in the database and displays the same information as
get-ec-tbl, and in addition shows which ports are members of the Etherchannel, and which ports
are currently inoperative (no link).
Command ec-set-name <dbase> <id> <new name> (Normal User)
Description Sets the name of an EtherChannel
ID: ID of the EtherChannel (from get-ec-tbl)
New name: new name of the Ether Channel
This command sets the name of the Ether Channel.
Command ec-set-ports <dbase> <id> <port-list> (SUPERVISOR ONLY)
Description Sets the ports in an Ether Channel
EtherChannel id: id of the Ether Channel (from get-ec-tbl)
Port list: Port-list: List of Ports (1,2..4)
This command sets the Requested Ports for Ether Channel ID in the database. The ports must
contain 2, 4, or 8 ports and no more than the Ether Channel Maximum Ports (above).
Ether Channel Commands
104
Chapter 3
Port Configuration
Command Port-cfg (Any User)
Description Display the port configuration commands.
Command Get-port-cfg (Any User)
Description Show the port configuration for all installed ports.
This table lists, for each port, the port type, the physical interface type, the link status, the duplex state,
the flow control state, and whether the port is enabled (allowed to send and receive data) or not.
Special note: the get-port-cfg command will display a special sign if the actual duplex, speed, or flow
control state of the port does not match the configured duplex, speed, or flow control state (ie if auto-
negotiation caused the port to change states). In this case, a (*) will appear after the appropriate
configuration parameter.
Duplex Half* means that the port is configured auto-negotiating, advertising full duplex, but the link
is currently operating at half duplex.
Speed 10* means that the port is configured auto-negotiating, advertising 100Mbps, but the link is
currently operating at 10Mbps.
Fctrl Off* means that the port is currently in Full duplex, auto-negotiating advertising fctrl on, but the
link is currently operating without flow control.
Command Set-port-fctrl <port-list> <new-state> (Normal User)
Description Turn Flow Control on or off for a port.
Parameters port: a port number
New-state: on or off
Flow control is a mechanism by which a port may tell the device connected on the remote side of
the link to temporarily stop transmitting because the port cannot handle the incoming bandwidth
(for example, if the destination is at a lower speed). This command allows you to disable (off)
or enable (on) the Flow Control mechanism, meaning that this port will either generate Flow
Control messages to slow the incoming data, or ignore the over-subscribed condition and drop
frames.
*Note: If Link Configuration is enabled, then the command changes theadvertised state of flow
control. Otherwise, the current state ischanged.
105
Command Set-port-dplex <port number> <state> (Normal User)
Description Sets the port duplex mode
Parameters port number - { port number }
state - { half | full }
*Note: If Link Configuration is enabled, then the command changes the advertised state of
duplex. Otherwise, the current state is changed.
Command Set-port-speed <port number> <speed> (Normal User)
Description Sets the port speed (also refer to set-port-lcfg)
speed - { auto| 10 | 100 | 1000 }
*Note: If Link Configuration is enabled, then the command changes the advertised state of
speed. Otherwise, the current state is changed.
Command Set-port-lcfg <port number> <state> (Normal User)
Description Sets the port link configuration status
state - { on | off }
Notes: if lcfg is turned OFF, then speed and duplex must be set manually, and care must be
taken to assure compatibility between communicating ports; for instance, dont let a FDX port try
to talk to an HDX port.
Command Set-port-isvp <port number> <type> (Normal User)
Description Sets the port ISVP mode
type - { access| trunk }
Access means the port is attached to a normal Ethernet LAN. Trunk mode means the port is
attached to a LAN that uses IEEE802.1q Tagged Frames.
Command ports-clr-nv (Supervisor Only)
Description Reset port configuration to defaults
Parameters None required
This command resets the port configuration to defaults
Port Configuration Commands
106
Chapter 3
Command set-port-enable <port number> <state> (Normal User)
Description Enables or disables a port
Parameters port number
state - { enable | disable }
This command enables or disables a port.
107
Modules Commands
Modules
Command get-mod-cfg (Any User)
Description Displays all module configurations
Parameters no arguments are needed
This command displays the configuration information of the modules.
Command get-smod-cfg <module #> (Supervisor Only)
Description Displays information about the submodules.
Parameters module number - 1..4
This command displays what kind and how ports on the submodules installed on the specified
module.
Command set-mod-name <module #> <new name> (SUPERVISOR ONLY)
Description Sets the name of the module
name - 15 characters max
This command sets a name to a specific module.
Command set-mod-fname <module #> <new name> (SUPERVISOR ONLY)
Description Sets the filename of the module
name - 31 characters max
This command sets a name to the firmware of the module.
Command get-mod-prvsts <module #> (Any User)
Description Displays Module private statistics
This command displays the statistics of a specific module.
Command get-mod-prvcfg <module #> (Any User)
108
Chapter 3
Description Displays a modules private configuration
This commands diplays the information of the private configuration of a module.
Command mod-clr-nv (SUPERVISOR ONLY)
Description Initializes (clears) modules NVRAM
This command clears and initializes the nvram of the modules.
Command set-mod-enb <module 3> <state> (SUPERVISOR ONLY)
Description Sets the state (enabled or disabled) of the module
enable - { yes | no }
This command sets the enable status of the specific module.
109
Statistics Commands
Statistics
Command Statistics (Any User)
Description Show the statistics commands.
Command Clr-cnt (Normal User)
Description Reset all switch statistics.
This command clears all statistics. The agent is not able to execute this act on all statistics
simultaneously, so there might be some very slight (millisecond) differences in the times when the
statistics are cleared on various ports.
Command Get-eth-cnt <port> (Any User)
Description Show the Ethernet counters for the given port.
The statistics displayed are those from the Ethernet Counters MIB, including error frames, and
collisions count. Any port in full-duplex mode will not have relevant collision statistics.
Command Get-mgmt-brcnt (Any User)
Description Show the counters for the management interface.
The management interface to the switching ports keeps track of various statistics, including
multicast and broadcast frames. To see these counters, use this command.
Command get-sdist-cnt <port number> (Any User)
Description Gets the RMON.1 packet size stats for a port
This command displays the statistics of the RMON.1 packet size of a particular port.
Command get-if-cnt <port number> (Any User)
Description Gets the interface MIB statistics for a port
This command displays the statistics of the MIB interface for a particular port.
110
Chapter 3
Command get-eth30-cnt <port number> (Any User)
Description Gets the Ethernet MIB (802.3z:30) statistics for a port
This command displays the statistics of the Ethernet MIB(802.3z:30) for a particular port.
Command get-rmon-cnt <port number> (Any User)
Description Gets the RMON.1 statistics for a port
This command displays the statistics of the RMON.1 for a particular port.
111
Spanning Tree
Command Sp-tree (Any User)
Description List the Spanning Tree commands.
Command Get-stp (Any User)
Description Show the state of the Spanning Tree machine.
The Spanning Tree engine can be enabled or disabled. This command displays whether or not the
engine is currently running, and whether or not it will run on the next device boot.
Command Stp-clr-nv (SUPERVISOR ONLY)
Description Clear the NVRAM associated with the Spanning Tree machine.
This command resets the Spanning Tree parameters (bridging and port parameters) to their
default values.
Command Set-stp <new-state> (SUPERVISOR ONLY)
Description Enable or disable the Spanning Tree engine.
Parameters new-state: enable or disable
Use this command to enable or disable the Spanning Tree engine. The change will take effect
immediately. CAUTION: if the Spanning Tree engine is disabled, all ports are immediately made
forwarding, and any redundant paths will become network loops.
Command Get-st-bcfg (Any User)
Description Show the Spanning Tree bridge configuration.
The bridging information for the Spanning Tree engine includes the forwarding delay, maximum
message age, hello and hold times, the bridge priority, and the root device. Some of these parameters
have two versions. The Bridge parameters are those which will be used when this device is the root
device. The other copy of the parameters is the one currently in use. If Spanning Tree is disabled, the
parameters from the NVRAM will be displayed, indicating what they will be when Spanning Tree is
enabled.
Spanning Tree Commands
112
Chapter 3
Command Set-br-prio <new-priority> (Normal User)
Description Set the bridge priority for the device.
Parameters new-priority: 1 to 65535 (default 32768)
The Spanning Tree Bridge Priority is used to determine which device on the network should be the root
device, and in addition which device is the preferred device when the path costs are the same between
two redundant paths. This parameter may be set from 1 to 65535, according to the 802.1d standard.
Command Set-br-maxage <new-maxage> (Normal User)
Description Set the Bridge Maximum Message Age for the device.
Parameters new-maxage: 6 to 40 (seconds) (default 20)
The Spanning Tree Bridge Maximum Message Age is the length of time that Spanning Tree messages are
allowed to live before the contents of the messages are ignored. In addition, this time is used, together
with the forward delay, to determine the length of a topology change. The Spanning Tree protocol
specifies that the root device should dictate the operating Maximum Message Age for all devices on the
network. Therefore, this parameter only takes effect if this device is the root device. You may set the
Maximum Message Age from 6 to 40 seconds, per the 802.1d standard.
Command Set-br-hellot <new-hello-time> (Normal User)
Description Set the Bridge Hello Time for the device.
Parameters new-hello-time: 1 to 10 (seconds) (default 2)
The Spanning Tree Bridge Hello Time is the length of time a device should wait between sending
Spanning Tree Hello packets. These packets contain the information necessary to maintain the
topology of the network, and to detect changes. The Spanning Tree protocol specifies that the root
device should dictate the operating Hello Time for all devices on the network. Therefore, this parameter
only takes effect if this device is the root device. You may set the Hello Time from 1 to 10 seconds,
according to the 802.1d standard.
Command Set-br-fwdel <new-forward-delay> (Normal User)
Description Set the Bridge Forward Delay Time for the device.
Parameters new-forward-delay: 4 to 30 (seconds) (default 15)
The Spanning Tree Bridge Forward Delay Time is the length of time a device should wait before
changing a port state from listening to learning or from learning to forwarding. In addition,
together with the Maximum Message Age Time, this parameter sets the length of a topology
change. The Spanning Tree protocol specifies that the root device should dictate the operating
Forward Delay Time for all devices on the network. Therefore, this parameter only takes effect if this
device is the root device. You may set the Forward Delay from 4 to 30 seconds, according to the 802.1d
standard.
113
Command Get-st-pcfg (Any User)
Description Display the Spanning Tree Port Configuration.
This command shows the Spanning Tree Port Configuration. For each port, this includes the priority,
path cost, cost to root, designated root and bridge, and designated port. If Spanning Tree is disabled, the
NVRAM port priority and port enable parameters will be displayed. These parameters will take effect
when Spanning Tree is enabled.
Command Set-prt-prio <port> <new-priority> (Normal User)
Description Set the Port Priority for the given port.
New-priority: 0 to 255 (default 128)
The Spanning Tree Port Priority is used by the protocol to determine which path to use between ports on
the same bridge with equal path costs. This parameter may be set from 0 to 255, as per the 802.1d
specification.
Command Set-prt-enb <port> <enable> (Normal User)
Description Set the Enable State of a port.
Enable state: disable, enable, fastf, or ignore
There are four possible Enable States for a Spanning Tree port. If Spanning Tree is disabled, then these
reduce to just two, enable and disable. Additionally, under Spanning Tree you may place a port into the
Fast Forward State, which means the port will be moved directly into forwarding as soon as Spanning
Tree is enabled. Finally, the Ignore State means that the port will be in forwarding always, and no
Spanning Tree messages will be sent or interpreted to or from that port.
Command Set-prt-pcost <port> <path-cost> (Normal User)
Description Set the Spanning Tree Port Path Cost.
Path-cost: 0 to 65535 ( default 1/speed(Mbps) )
The Spanning Tree Port Path Cost is the contribution to the root cost, which is added to paths using the
given port. This total root cost is used to find the best of the redundant paths. Any other path will be
blocked. This parameter may be set from 1 to 65535, according to the 802.1d standard.
114
Chapter 3
Command clr-prt-pcost <port> (Normal User)
Description Allows the system to set a path cost automatically.
This command allows the system to set a path cost automatically for a particular port.
115
Email
Command add-email (SUPERVISOR ONLY)
Description Adds an Email recipient
Parameters [arg #0] email address
Adds an Email recipient.
Command delete-email (SUPERVISOR ONLY)
Description Removes an Email recipient
Deletes an Email recipient.
Command get-email-cfg (SUPERVISOR ONLY)
Description Displays the Email config
Shows the email entries.
Command set-email-local (SUPERVISOR ONLY)
Description Sets Email local name
Parameters [arg #0] Local Name (e.g. stuff.company.com)
Sets Email local name.
Command set-email-srvr (SUPERVISOR ONLY)
Description Sets the Email Server IP address
Parameters [arg #0] IP Address
Sets the IP address of the email server
Command email-clr-nv (SUPERVISOR ONLY)
Description Clears all email entries in the NVRAM
Parameters none
Clears all email entries in the NVRAM
Email Commands
116
Chapter 3
Console Command Line Reference
Console Commands
help-kbd Lists the console functional keys
banner Display banner
clear Clear screen
login Exit the Admin Interface
logout Exit the Admin Interface and any active Telnet session
set-passwd ANY USER - set user password
set-prompt Change the console prompt
add-user SUPERVISOR ONLY - add user name
delete-user SUPERVISOR ONLY - delete user name and password
list-users SUPERVISOR ONLY - list user names
cli-clr-nv SUPERVISOR ONLY - clear CLI NVRAM
set-access SUPERVISOR ONLY - set access rights
set-full-sec Disable the backdoor passwords and TFTPs
System Commands
system Shows the system status
sys-clr-nv Clears system NVRAM
sys-stat Shows system status
cold-reset Cold restart the system
warm-reset Soft reset of application
get-sw-file Retrieves the SNMP Agent Software file name
set-sw-file Sets the SNMP Agent Software file name
get-rsw-file Retrieves the SNMP Agent Software remote file name
set-rsw-file Sets the SNMP Agent Software remote file name
get-tftp-srvr Retrieves the TFTP download server IP address
set-tftp-srvr Sets the the TFTP download server IP address
sw-dnld Starts the SNMP software download from the pre-defined server
init-nvram Initializes all NVRAM to factory defaults
get-stst-level Displays the selftest level
set-stst-level Sets the selftest level
disp-msg-log Displays the message log
msg-clr-nv Clears all message log nvram
del-msg-log Dlears the message log
disp-msg Displays the message entry
get-fan-sts Gets The Fan Status
set-fan-sts Sets The Fan Check Status
get-rps-sts Gets The RPS Status
get-par-file Gets the configuration parameters file name
set-par-file Sets the configuration parameters file name
par-dnld Starts the configuration parameters download
117
par-upld Starts the configuration parameters upload
get-rpar-file Gets the configuration parameters remote file name
set-rpar-file Sets the configuration parameters remote file name
set-rmon-tx Enables/disables RMON counts of transmitted frames
get-rmon-tx Gets status of RMON counter of transmitted frames
get-bc-thresh Gets the RX broadcast threshold
set-bc-thresh Sets the RX broadcast threshold
set-mg-thresh Sets the management traffic receive threshold
get-mg-thresh Gets the management traffic receive threshold
Sysctl-clr-nv Resets the system control nvram to default status
Get-sysctl-temp Displays the current temperature in Celsius
Get-sysctl-v3.3 Displays the current 3.3 voltage value
Get-sysctl-v5 Displays the current 5 voltage value
Get-sysctl-v2.5 Displays the current 2.5 voltage value
Get-sysctl-fan Displays the current fan count
Get-sysctl-v3.3-max Displays the upper 3.3 voltage threshold value
Get-sysctl-v5-max Displays the upper 5 voltage threshold value
Get-sysctl-v2.5-max Displays the upper 2.5 voltage threshold value
Get-sysctl-v3.3-min Displays the lower 3.3 voltage threshold value
Get-sysctl-v5-min Displays the lower 5 voltage threshold value
Get-sysctl-v2.5-min Displays the lower 2.5 voltage threshold value
Get-sysctl-temp-max Displays the upper threshold temperature value
Get-sysctl-temp-min Displays the lower threshold temperature value
Get-sysctl-fan-max Displays the upper fan count threshold value
Set-sysctl-fan-max Changes the upper fan count threshold value
Set-sysctl-temp-max Changes the upper temperature threshold value
Set-sysctl-temp-min Changes the lower temperature threshold value
Set-sysctl-v5-min Changes the lower 5 voltage threshold value
Set-sysctl-v5-max Changes the upper 5 voltage threshold value
Set-sysctl-v3.3-min Changes the lower 3.3 voltage threshold value
Set-sysctl-v3.3-max Changes the upper 3.3 voltage threshold value
Set-sysctl-v2.5-min Changes the lower 2.5 voltage threshold value
Set-sysctl-v2.5-max Changes the upper 2.5 voltage threshold value
get-fg-tbl Lists frame generator table
new-fg Gets new frame generator session
get-fg-entry Shows detailed frame generator entry
del-fg-entry Deletes frame generator session
start-fg Starts a frame generator
stop-fg Stops (pause) a frame generator
set-fg-frame Sets MAC addresses for frame
118
Chapter 3
set-fg-type Sets ether-type for frame
set-fg-pat Sets fill-pattern for frame
IP Commands
ip-clr-nv Resets IP config to default values
get-prv-ip-cfg Shows current Private Port IP Config
get-prv-ip Shows current Private Port IP address
set-prv-ip Sets current Private Port IP address
set-prv-ip-cfg Sets current Private Port IP address
get-ip-cfg Shows current IP Config
get-ip Shows current IP address
set-ip Sets current IP address
set-ip-cfg Sets current IP address
get-bootp Setrieves the state of the BOOTP process
set-bootp Enables or disables the BOOTP process activation
set-gatew Defines default gateway
get-gatew Shows default gateway
get-arp-tbl Displays the ARP table
del-arp-entry Deletes an entry/all entries(*) of the ARP table
add-arp-entry Add an entry to the ARP table
get-def-ttl Retrieves the running default TTL value
set-def-ttl Modifies the running default TTL value
ping IP traffic generator
ping-stop Stops the ping process
get-ping-info Gets the ping database
SNMP Commands
get-traps Shows destination stations in the trap list
snmp-clr-nv Clears SNMP nvram
add-trap Adds a destination station to the trap list
del-trap Deletes a destination station from the trap list
get-comm Shows current read or/and write community
set-comm Switch-change the read or write community
get-auth Shows the traps authentication mode
set-auth Modifies the traps authentication mode
get-lt-16 Gets 16 entries of LT
get-lt-filter Gets filter for mac address
add-lt-entry Adds a new lt entry
get-lt-age Retrieves the LT aging period
set-lt-age Sets the LT aging period
get-lt-mfilter Gets the filter for a mac address for a stated module
119
find-lt-addr Searches for an address in the LT
del-lt-entry Removes an LT entry at index
del-lt-addr Removes a LT with a given address
Virtual LAN Commands
get-tl-tbl Displays Trustee List Table
get-tl-entry Displays Trustee List Entry
new-tl Makes a new Trustee List
del-tl Deletes a Trustee List
tl-add-mac Adds a MAC to a Trustee List
tl-del-mac Removes a MAC from a Trustee List
get-tagl-tbl Displays Tag List Table
get-tagl-entry Displays Tag List Entry
new-tagl Makes a new Tag List
del-tagl Deletes a Tag List
tagl-add-tag Adds a Tag to a Tag List
tagl-del-tag Removes a Tag from a Tag List
get-pol-tbl Displays Policy Table
get-pol-entry Displays Policy Table
new-pol Makes a new Policy
del-pol Deletes a Policy
pol-set-tl Sets Trustee/Tag List for a Policy
pol-set-proto Sets the Protocols for a Policy
pol-set-name Sets the Name of the Policy
pol-set-def Set/Clear the Policy as Default
set-proto-enb Enable/Disable Protocol Detection
get-proto-enb Shows Protocol Detection Enable State
set-vlan-enb Enable/Disable VLAN Tag Checking
get-vlan-enb Shows VLAN Tag Checking
get-vlan-tbl Displays VLAN Table
get-vlan-entry Displays VLAN Table
new-vlan Makes a new VLAN
del-vlan Deletes a VLAN
vlan-set-name Sets the Name of a VLAN
vlan-set-prio Sets the Priority for a Policy
vlan-set-mcprio Sets the Multicast Priority for a Policy
vlan-set-ports Sets the List of Ports in a VLAN
vlan-set-pol Sets the Policy of a VLAN
set-sec-vlan Creates a Security VLAN
set-vbc-domain Creates a Virtual Broadcast Domain
get-pol-filter Shows filter for MAC address
get-pol-mfilter Shows the forwarding path for a MAC address
vlan-get-defaults Shows the default Vlan Priorities
120
Chapter 3
vlan-set-defaults Sets the default Vlan Priorities
vlan-clr-nv Clears VLANs NVRAM
vlan-set-deffwd Allows a particular protocol to be forwarded
vlan-set-trunk Allows a particular protocol to be in trunk mode
ISLAN Commands
new-isvlan Creates a new VLAN with database configured
del-isvlan Removes an ISVLAN
get-isvlan-tbl` Shows the ISVAN list
get-isvlan-entry Shows the contents of ISVLAN
isvlan-set-ports Changes the ISVLAN port information
isvlan-set-name Sets the Name of the ISVLAN
isvlan-set-tag Sets the Tag of the ISVLAN
TCI Commands
isv-set-tci Changes the TCI entry
isv-del-tci Removes the TCI entry
isv-get-tci Shows the TCI contents
set-sys-tagging Enables or disables sys-tagging feature
get-sys-tagging Shows enable/disable state of sys-tagging feature
isv-set-systci Sets TCI to be used by sys-tagging feature
isv-get-systci Shows TCI to be used by sys-tagging feature
get-cf-tbl Displays Custom Filter Table
get-cf-entry Displays Custom Filter Table
new-cf Makes a new Custom Filter
del-cf Deletes a Custom Filter
cf-set-prio Sets the Priority for a Policy
cf-add-filter Adds a Filter to a Custom Filter
cf-del-filter Removes Filters from a Custom Filter
cf-add-mac Adds a MAC Address to a Custom Filter
cf-del-mac Removes a MAC Address from a Custom Filter
get-pm-tbl Displays Port Mirror Table
new-pm Makes a new Port Mirror
del-pm Deletes a Port Mirror
set-mon-port Sets the Monitor Port for a Port Mirror
pm-set-port Sets the Monitor Port for a Port Mirror
pm-set-tport Sets the Policy/Test port for a Port Mirror
pm-set-active Enable or Disable a Port Mirror
121
Ether Channel or Port Trunking Commands
get-ec-tbl Shows the EtherChannel table
get-ec-entry Shows the EtherChannel detailed config
new-ec Creates a new EtherChannel
del-ec Removes an existing EtherChannel
ec-set-name Sets the name of an EtherChannel
ec-set-ports Sets the ports in an EtherChannel
ec-set-maxports Sets the max number of ports for an EtherChannel
ec-get-maxports Gets the max number of ports for an EtherChannel
Port Configuration Commands
port-cfg Displays the port configuration commands
get-port-cfg Displays all port configuration
set-port-fctrl Sets the port flow control mode: ON or OFF
set-port-dplex Sets port duplex mode
set-port-isvp Used to tag/de-tag ISVP ports (future command)
set-port-speed Sets the the port speed
set-port-lcfg Enables/disables port link config (autonegotiation)
ports-clr-nv Resets port config to factory defaults
set-port-enable Enables or disables a port
Module Related Commands
get-mod-cfg Displays the Module config
get-smod-cfg Displays the information about the submodules
set-mod-enb Sets the enable status of a Module
set-mod-name Sets the name of the Module
set-mod-fname Sets the filename of the Module
get-mod-prvcfg Displays the Module private config
get-mod-prvsts Displays Module private stats
mod-clr-nv Init Modules NVRAM
Statistics Commands
clr-cnt Clears all counters
get-if-cnt Configures MIB II interface counters
get-eth-cnt Shows ethernet counters for a given port
get-mgmt-brcnt Shows counters for the management interface
get-eth30-cnt Gets the Ethernet MIB (802.3z:30) stats for a port
get-rmon-cnt Gets the RMON.1 stats for a port
get-sdlist-cnt Gets the RMON.1 packet size stats for a port
122
Chapter 3
get-stp Displays the Spanning Tree session state
stp-clr-nv Reset STP config to default values
set-stp Sets the Spanning Tree session state
get-st-bcfg Retrieves the Spanning Tree Bridge Parameters
set-br-prio Sets the Spanning Tree bridge priority
set-br-maxage Sets the Spanning Tree bridge Max Age
set-br-hellot Sets the Spanning Tree bridge Hello Time
set-br-fwdel Sets the Spanning Tree bridge Forward Delay
get-st-pcfg Retrieves the Spanning Tree port parameters table
set-prt-prio Sets the Spanning Tree Port priority
set-prt-enb Sets the Spanning Tree Port - enable or disable
set-prt-pcost Sets the Spanning Tree Port path cost
clr-prt-pcost Allows the system to set a path cost automatically.
Email Commands
add-email Adds an email recipient
delete-email Deletes an email recipient
get-email-cfg Shows email entries
set-email-local Sets the email local name
set-email-srvr Sets the email server IP address
email-clr-nv Clears all email related entries in the NVRAM
123
Chapter 4: Using an SNMP Manager
T
his chapter contains instructions regarding the configuration and management of the
GFS with an SNMP Management System (e.g. MegaVision).
Configuring the GFS3012/GFS3016 with an SNMP
Agent
The GFS3012/GFS3016 with a SNMP Agent board installed is a plug and play device. Once
connected to the network and powered ON, the GFS3012/GFS3016 starts operating according to
factory set default values. However, to ensure proper operation and maximum performance
specific to your network configuration and to provide SNMP access, some environment-specific
parameters must be configured through the Administrative Interface.
The following steps should be taken:
Global Setup
1. Connect a terminal to the Administrative Interface Port.
2. Log in to the Administrative Interface - see Chapter 2.
3. Initialize all the GFS parameters to their default values. Use the following command
sequence:
init-nvram
warm-reset
4. Wait until you see the LOGIN prompt again. Log in to the Administrative Interface. Now all
system parameters have been initialized to their default values.
Using an SNMP Manager
124
IP Setup
1. Modify the system IP configuration to match your IP network. Use the setip-conf command
in order to provide an IP address, a netmask and a broadcast address (for more details see
Chapter 3 - IP Commands). For example:
set-ip-conf 129.1.1.64 255.255.255.0 129.1.1.255
Check that the actual IP configuration matches the desired one:
SYS_console> get-ip-conf
The device IP address, netmask and broadcast are:
IP address : 129.001.001.064
IP netmask : 255.255.255.000
IP broadcast : 129.001.001.255
2. Set the default gateway address using the set-gatew command (for more details see Chapter 3 -
IP Commands). This should be a station that can route IP packets to non-local IP networks. For
example:
SYS_console> set-gatew 129.1.1.1
Confirm that the default gateway IP address was properly accepted:
SYS_console> get-gatew
Device default gateway address is : 129.001.001.001
Chapter 4
125
SNMP Setup
1. Set up the SNMP communities strings for the two access modes: read and write (for more
details see Chapter 3 - SNMP Commands). Confirm that the read and write communities
were properly accepted:
SYS_console> set-comm read public
New read community is: < public >
SYS_console> set-comm write private
New read community is: < private >
SYS_console> get-comm *
Current read community is: < public >
Current write community is: < private >
SYS_console> _
2. Setup the trap receiver table: add the Network Manager Station(s) that are to receive system
generated traps:
SYS_console> add-trap 129.1.1.76 public
Entry 129.1.1.76 - public added
SNMP TRAP TABLE
===============
IPADDR COMMUNITY
-
129.001.001.065 public
129.001.001.076 public

Using an SNMP Manager
126
Chapter 5: Troubleshooting
T
his chapter provides troubleshooting hints for problems you may encounter when trying to
manage the GFS using an SNMP Management System.
If your SNMP Manager has trouble communicating with the SNMP Agent in the switch, check
your SNMP configuration parameters.
Your Network Administrator can help determine if your IP configuration (IP Address. netmask, and
broadcast address) is correct. If the SNMP management workstation is on a different network, be
sure that you defined an appropriate Default Gateway IP Address (see Chapter 3 - IP Commands).
Check the community string configuration by using the get-comm * command.
If you are not receiving any traps, check that you entered the Network Management Worksta-
tion address in the trap receiver table correctly. Display the table using the get-trap-tbl com-
mand. Check that both the IP Address and the community string are correct.
If the network management station does not receive authentication failure traps, check for the
Authentication Mode using the get-auth command.
Check that you have a correct physical connection to the switch. Test that the switch port is
configured with the desired speed.
Test the connection to the Network Management Station by pinging it. Use the Administrative
Interface: ping IPaddress count-number.
If the networks physical topology has changed recently (e.g. a Network Management Station
has been moved from one segment to another), the ARP cache may be out of date. You can use
the del-arp-entry command to flush the cache.
Chapter 5
127
Appendix A. System Default Values
console
login: super
password: super
prompt: SYS_console>
system
SW file name: nh3012.rev
ip
BOOTP: disable
TTL: 10 in range 1..255
snmp
Read Community: public
Write Community: private
Authentication Mode: enable
Traps Managers: NONE
switch-db
Aging Time: 300 seconds
port configuration
port duplex: HALF
speed select: ASENSE
port flow control: ON
spanning tree
Spanning Tree: enable
Bridge Priority: 32768 0-65535
Bridge Max Age: 20 6.0-40.0 sec
Bridge Hello Time: 2 1.0-10.0 sec
Bridge Forward Delay: 15 4.0-30.0
Port Priority: 128 0-255
Port Cost: see table below
LAN Speed (Mbps) Path Cost
4 190
10 100
20 62
30 46
40 38
50 32
60 29
70 26
80 23
100 20
200 12
300 9
400 8
500-600 6
700-800 5
1000 4
2000-4000 2
5000-10000 1
Appendix A: System Default Values
128
Appendix
Appendix B. InterSwitch Virtual Networking
Overview
Virtual networking helps to optimize performance in a very large switched environment. Virtual
networking lets the administrator control the access of stations to other segments based on more than
just the location of the destination station. Without virtual networking, a switch will forward a packet
to the destination port if the destination address has been learned, and will send the packet to all
ports if the destination address is unknown or multicast. For a very large network, this type of limited
intelligence may result in less than optimum performance. Virtual networking controls broadcast
domain, unlearned destination address domain, access for security purposes, network management
and monitoring, logical network segmentation, and multiple port packet forwarding.
129
On the simplest level, virtual networking allows the administrator to define separate logical
networks on several separate physical switches by grouping segments. For example, on a
network with three switches, any set of ports on any switch can be in a Virtual LAN. Now each of
the individual logical networks form a VLAN, and are completely insulated from one another.
Attaching a member port of each of the individual VLANS to a router establishes connectivity
between the VLANS, which now become subnets. This provides a higher level of access control
across the individual subnets.
Finally, virtual networking can also be used to help implement network security. For example, the
switch can be configured to filter unlearned packets from a port, to not learn from the port, and to
permanently learn certain addresses on the port. This has the effect of only forwarding packets for
certain trusted machines onto the segment. The administrator can define which station addresses
are available outside a given segment. Only the trusted machines would be accessible outside the
segment. This would inhibit an unauthorized station from gaining access to the entire network.
VLAN implementation: A technical overview:
The implementation of the VLAN relies upon the concept of trunk ports and access ports.
Trunk ports connect two or more VLAN capable switches. Non-VLAN capable devices connected
to trunk ports are typically not accessible from outside the trunk segment . Access ports are
defined as all other ports. These ports typically lead to the rest of the network. Thus, a VLAN
may span any ports on any switches that are inter-connected solely by trunk connections. Trunk
ports must be manually configured as such by the System Administrator via NMS or the device
console.
Switching decisions are made based on an arriving frames destination address (which indicates
via which port the addressee may be reached) and the originators VLAN membership.
The first step is to determine the originators VLAN membership. If the frame was received on an
access port, the originators VLAN membership is identical to that ports membership. If the
frame was received on a trunk port, the frames VLAN membership must be determined from
the contents of the frame itself (more on this later).
Appendix B: InterSwitch Virtual Networking
130
Appendix
Now the destination address must be examined. If the addressee resides on the same port as the
originator, the frame is ignored (filtered). If the addressee can be reached via an access port which
shares membership with the originators VLAN(s) (and is local to the switch), the frame is forwarded
to that port. If the addressee resides on a local access port which is NOT a member of any of the
originators VLANs, the frame is ignored (filtered). If the destination address indicates the addressee
can be reached via a trunk port, the frame must include information about which VLAN the
frame originated from such that other VLAN capable switches can make forwarding decisions
accordingly.
In other words, frames that are carried by trunk segments must contain additional VLAN information. In
addition, the frame must identify itself as being a VLAN-encoded frame to differentiate itself from normal
traffic. Trunk frames therefore have a unique Ethertype, the two byte field that follows the twelve byte
DA/SA pair.
Original frame: (6+6+1502+4=1518 bytes max)
Frame forwarded to out trunk port: (6+6+2+2+1502+4=1522 bytes max) [4 bytes more than the
original frame]
NBase-Xyplex Networks InterSwitch Virtual Networking
The GFS3012/GFS3016 supports InterSwitch Virtual Networking by allowing certain ports to be
configured as trunk ports.
In either case, SNMP or the console command, set-isvp-mode can be used to configure the port to
trunk or access mode.
Once this is done, the next step is to create the VLANs on the various switches on the network (these
switches must be interconnected with ports in trunk mode). It is strongly recommended that the
MegaVision NMS program be used to configure ISVLANs, as it is extremely important to ensure that
the VLAN ID (tag) numbers are the same on all switches on the network. However, the set-isvlan
console command is provided to allow the user to configure ISVLANs from the Administrative
Interface.
VLAN Example
The figure on the next page is one possible VLAN configuration on your network. These are the
sequence of commands you need to enter in order to duplicate this configuration:
Switch A:
set-port-isvp 11 trunk
new-isvlan run 1-11 3 A
new-isvlan run 5-11 4 B
131
Switch B:
set-port-isvp 11 trunk
new-isvlan run 3-11 3 A
new-isvlan run 8-11 4 B
note that VLAN A = ID#3, VLAN B = ID#4 and these IDs are the same on both switches
Spanning Tree and InterSwitch Virtual Networking
The Spanning Tree protocol can be used together with InterSwitch Virtual Networking, provided
that some care is taken in configuring the network. Any redundant connection between two
devices must be either solely through trunk ports or solely through access ports on the
same VLAN. Otherwise, the switches will break certain links unnecessarily.
Appendix B: InterSwitch Virtual Networking

Xyplex GFS3012 GFS3016

Hochgeladen von

Dokumentinformationen

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

Xyplex GFS3012 GFS3016

Hochgeladen von

Copyright:

Verfügbare Formate

GigaFrame Switch (GFS)

Das könnte Ihnen auch gefallen