Вы находитесь на странице: 1из 930

.465255.

040-



-2--0925

-3000
. II
.465255.040

-3000
. II

.465255.040

....................................................... 29
1.1 ............................................................. 29
1.2 CLI ............................................................................... 30
1.2.1
....................................................... 30
1.2.2
................................................... 30
1.2.3
......................................... 31
1.2.4
...................................... 31
1.3 (CLI) .......................... 32
1.3.1
CLI .................................... 32
1.3.2
CLI Telnet ......................................... 32
1.4 ....................... 33
1.5 ..................................................................... 33
1.5.1
........................................................... 34
1.5.2
............................................................... 34
1.6 ............................................................................................ 35
1.7 ....................................................................... 35
1.8 ........................................................................ 36
1.9 IPv6z- ................................................................... 36
....................................................................................................... 38
2.1 ............................................. 38
2.1.1
enable ....................................................................................... 38
2.1.2
disable ...................................................................................... 38
2.1.3
login ......................................................................................... 39
2.1.4
configure .................................................................................. 39
2.1.5
exit (Configuration) .................................................................. 40
2.1.6
exit ( ).............................................. 40
2.1.7
end............................................................................................ 40
2.1.8
help........................................................................................... 41
2.1.9
history....................................................................................... 41
2.1.10
history size................................................................................ 42
2.1.11
terminal history......................................................................... 43
2.1.12
terminal history size.................................................................. 43
2.1.13
terminal datadump .................................................................... 45
2.1.14
terminal width........................................................................... 45
2.1.15
terminal prompt ........................................................................ 46

3.1.0.3 16.05.2013 .

-3000
. II

2.2

2.3

.465255.040

2.1.16
debug-mode.............................................................................. 46
2.1.17
show history ............................................................................. 47
2.1.18
show privilege .......................................................................... 47
2.1.19
do ............................................................................................. 48
2.1.20
banner exec............................................................................... 48
2.1.21
banner login.............................................................................. 50
2.1.22
banner motd.............................................................................. 52
2.1.23
exec-banner .............................................................................. 53
2.1.24
login-banner ............................................................................. 54
2.1.25
motd-banner ............................................................................. 55
2.1.26
show banner.............................................................................. 55
....................................................................................... 56
2.2.1
macro name .............................................................................. 56
2.2.2
macro........................................................................................ 59
2.2.3
macro description ..................................................................... 61
2.2.4
macro global............................................................................. 62
2.2.5
macro global description........................................................... 64
2.2.6
show parser macro .................................................................... 65
.................................................................... 66
2.3.1
ping .......................................................................................... 66
2.3.2
traceroute.................................................................................. 70
2.3.3
telnet......................................................................................... 73
2.3.4
resume ...................................................................................... 76
2.3.5
hostname .................................................................................. 77
2.3.6
reload........................................................................................ 77
2.3.7
show reload .............................................................................. 79
2.3.8
service cpu-utilization............................................................... 79
2.3.9
show cpu utilization.................................................................. 80
2.3.10
clear cpu counters ..................................................................... 80
2.3.11
service cpu-counters ................................................................. 81
2.3.12
show cpu counters .................................................................... 81
2.3.13
show users ................................................................................ 82
2.3.14
show sessions ........................................................................... 83
2.3.15
show system ............................................................................. 84
2.3.16
show version............................................................................. 84
2.3.17
show version md5..................................................................... 84
2.3.18
show system resources.............................................................. 85
2.3.19
set system mode........................................................................ 85
3.1.0.3 16.05.2013 .

-3000
. II

2.4

2.5

.465255.040

2.3.20
show system mode.................................................................... 86
2.3.21
show system tcam utilization .................................................... 87
2.3.22
show system defaults ................................................................ 87
2.3.23
show services tcp-udp............................................................... 90
2.3.24
show tech-support..................................................................... 91
2.3.25
show system id ......................................................................... 92
2.3.26
service spu-input-rate................................................................ 93
2.3.27
show cpu input rate................................................................... 93
..................................................... 93
2.4.1
clock set.................................................................................... 93
2.4.2
clock source.............................................................................. 94
2.4.3
clock timezone.......................................................................... 95
2.4.4
clock summer-time ................................................................... 96
2.4.5
clock dhcp timezone ................................................................. 97
2.4.6
sntp authentication-key ............................................................. 98
2.4.7
sntp authenticate ....................................................................... 99
2.4.8
sntp trusted-key ...................................................................... 100
2.4.9
sntp client poll timer ............................................................... 100
2.4.10
sntp broadcast client enable .................................................... 101
2.4.11
sntp anycast client enable ....................................................... 102
2.4.12
sntp client enable .................................................................... 102
2.4.13
sntp client enable ( ) ........................... 103
2.4.14
sntp unicast client enable ........................................................ 104
2.4.15
sntp unicast client poll ............................................................ 104
2.4.16
sntp server .............................................................................. 105
2.4.17
sntp port.................................................................................. 106
2.4.18
show clock.............................................................................. 106
2.4.19
show sntp configuration.......................................................... 107
2.4.20
show sntp status...................................................................... 108

.......................................................................................... 110
2.5.1
copy........................................................................................ 110
2.5.2
write memory ......................................................................... 115
2.5.3
write ....................................................................................... 115
2.5.4
delete ...................................................................................... 115
2.5.5
dir ........................................................................................... 117
2.5.6
more ....................................................................................... 117
2.5.7
rename.................................................................................... 118

3.1.0.3 16.05.2013 .

-3000
. II

2.6

2.7

2.8

.465255.040

2.5.8
boot system............................................................................. 119
2.5.9
show running-config............................................................... 120
2.5.10
show startup-config ................................................................ 122
2.5.11
show bootvar .......................................................................... 122
2.5.12
service mirror-configuration ................................................... 123
2.5.13
show mirror-configuration service .......................................... 124
....................................... 124
2.6.1
boot host auto-config.............................................................. 124
2.6.2
boot host auto-update.............................................................. 125
2.6.3
boot host dhcp ........................................................................ 126
2.6.4
boot host auto-save ................................................................. 126
2.6.5
show boot ............................................................................... 127
2.6.6
ip dhcp tftp-server ip address .................................................. 130
2.6.7
ip dhcp tftp-server file ............................................................ 131
2.6.8
show ip dhcp tftp-server ......................................................... 131
ACL.................................................................. 132
2.7.1
management access-list .......................................................... 132
2.7.2
permit (Management) ............................................................. 133
2.7.3
deny (Management)................................................................ 134
2.7.4
management access-class........................................................ 135
2.7.5
show management access-list ................................................. 135
2.7.6
show management access-class .............................................. 136
SNMP.................................................................................. 136
2.8.1
snmp-server server.................................................................. 136
2.8.2
snmp-server community ......................................................... 137
2.8.3
snmp-server community-group ............................................... 139
2.8.4
snmp-server view.................................................................... 140
2.8.5
show snmp views.................................................................... 141
2.8.6
snmp-server group .................................................................. 142
2.8.7
show snmp groups .................................................................. 143
2.8.8
snmp-server user..................................................................... 145
2.8.9
show snmp users..................................................................... 146
2.8.10
snmp-server filter.................................................................... 148
2.8.11
show snmp filters.................................................................... 149
2.8.12
snmp-server host..................................................................... 149
2.8.13
snmp-server engineID local .................................................... 151
2.8.14
snmp-server engineID remote................................................. 152
2.8.15
show snmp engineID .............................................................. 153
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

2.8.16
snmp-server enable traps ........................................................ 154
2.8.17
snmp-server trap authentication .............................................. 154
2.8.18
snmp-server contact ................................................................ 155
2.8.19
snmp-server location............................................................... 155
2.8.20
snmp-server set....................................................................... 156
2.8.21
show snmp.............................................................................. 157
2.9 ............... 159
2.9.1
crypto key generate dsa........................................................... 160
2.9.2
crypto key generate rsa ........................................................... 161
2.9.3
crypto key import ................................................................... 162
2.9.4
show crypto key...................................................................... 163
2.9.5
crypto certificate generate....................................................... 164
2.9.6
crypto certificate request......................................................... 166
2.9.7
crypto certificate import.......................................................... 167
2.9.8
show crypto certificate............................................................ 172
2.10 web- ........................................................ 173
2.10.1
ip http server........................................................................... 173
2.10.2
ip http port .............................................................................. 174
2.10.3
ip http timeout-policy ............................................................. 174
2.10.4
ip http secure-server................................................................ 175
2.10.5
ip http secure-port................................................................... 176
2.10.6
ip https certificate ................................................................... 176
2.10.7
show ip http ............................................................................ 177
2.10.8
show ip https........................................................................... 177
2.10.9
ssl version............................................................................... 178
2.10.10 show ssl version...................................................................... 179
2.11 Telnet, SSH Slogin ........................................... 179
2.11.1
ip telnet server ........................................................................ 179
2.11.2
ip ssh server............................................................................ 180
2.11.3
ip ssh port ............................................................................... 180
2.11.4
ip ssh password-auth............................................................... 181
2.11.5
ip ssh pubkey-auth.................................................................. 182
2.11.6
crypto key pubkey-chain ssh................................................... 183
2.11.7
user-key .................................................................................. 184
2.11.8
key-string................................................................................ 185
2.11.9
show ip ssh ............................................................................. 186
2.11.10 show crypto key pubkey-chain ssh.......................................... 187
2.12 .................. 188
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

2.12.1
line ......................................................................................... 188
2.12.2
speed ...................................................................................... 188
2.12.3
autobaud ................................................................................. 189
2.12.4
exec-timeout ........................................................................... 189
2.12.5
show line ................................................................................ 190
2.13 (, )... 191
2.13.1
aaa authentication login .......................................................... 191
2.13.2
aaa authentication enable ........................................................ 193
2.13.3
login authentication ................................................................ 195
2.13.4
enable authentication .............................................................. 196
2.13.5
ip http authentication .............................................................. 196
2.13.6
show authentication methods.................................................. 198
2.13.7
password................................................................................. 198
2.13.8
enable password ..................................................................... 199
2.13.9
service password-recovery...................................................... 200
2.13.10 username ................................................................................ 201
2.13.11 show user accounts ................................................................. 203
2.13.12 aaa accounting login ............................................................... 203
2.13.13 aaa accounting dot1x .............................................................. 205
2.13.14 show accounting ..................................................................... 207
2.13.15 passwords min-length ............................................................. 207
2.13.16 passwords aging ..................................................................... 208
2.13.17 passwords history ................................................................... 209
2.13.18 passwords lockout .................................................................. 210
2.13.19 aaa login-history file............................................................... 211
2.13.20 set username active................................................................. 211
2.13.21 set line active .......................................................................... 212
2.13.22 set enable-password active...................................................... 212
2.13.23 show passwords configuration ................................................ 212
2.14 RADIUS .............................................................. 213
2.14.1
radius-server host.................................................................... 213
2.14.2
radius-server key .................................................................... 216
2.14.3
radius-server retransmit .......................................................... 217
2.14.4
radius-server source-ip............................................................ 217
2.14.5
radius-server source-ipv6........................................................ 218
2.14.6
radius-server timeout .............................................................. 219
2.14.7
radius-server deadtime............................................................ 219
2.14.8
show radius-servers ................................................................ 220
7

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

2.15 TACACS+ ............................................................ 220


2.15.1
tacacs-server host.................................................................... 220
2.15.2
tacacs-server key .................................................................... 222
2.15.3
tacacs-server timeout .............................................................. 223
2.15.4
tacacs-server source-ip............................................................ 223
2.15.5
tacacs-server source-ipv6........................................................ 224
2.15.6
show tacacs............................................................................. 225
2.16 Syslog ................................................................... 226
2.16.1
logging on............................................................................... 226
2.16.2
logging host ............................................................................ 226
2.16.3
logging console....................................................................... 228
2.16.4
logging buffered ..................................................................... 228
2.16.5
clear logging ........................................................................... 229
2.16.6
logging file ............................................................................. 230
2.16.7
clear logging file..................................................................... 230
2.16.8
aaa logging ............................................................................. 231
2.16.9
file-system logging ................................................................. 231
2.16.10 management logging............................................................... 232
2.16.11 logging aggregation on ........................................................... 233
2.16.12 logging aggregation aging-time .............................................. 233
2.16.13 show logging .......................................................................... 234
2.16.14 show logging file .................................................................... 234
2.16.15 show syslog-servers ................................................................ 235
2.17 RMON .......................................................................... 236
2.17.1
show rmon statistics................................................................ 236
2.17.2
rmon collection stats ............................................................... 238
2.17.3
show rmon collection stats...................................................... 239
2.17.4
show rmon history .................................................................. 239
2.17.5
rmon alarm ............................................................................. 242
2.17.6
show rmon alarm-table ........................................................... 244
2.17.7
show rmon alarm .................................................................... 245
2.17.8
rmon event.............................................................................. 246
2.17.9
show rmon events ................................................................... 247
2.17.10 show rmon log ........................................................................ 248
2.17.11 rmon table-size ....................................................................... 249
2.18 802.1.................................................................. 250
2.18.1
aaa authentication dot1x ......................................................... 250
2.18.2
clear dot1x statistics................................................................ 251
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

2.18.3
dot1x auth-not-req .................................................................. 251
2.18.4
dot1x guest-vlan ..................................................................... 252
2.18.5
dot1x guest-vlan enable .......................................................... 253
2.18.6
dot1x guest-vlan timeout ........................................................ 253
2.18.7
dot1x host-mode ..................................................................... 254
2.18.8
dot1x max-req ........................................................................ 255
2.18.9
dot1x port-control................................................................... 256
2.18.10 dot1x radius-attributes errors filter-id ..................................... 257
2.18.11 dot1x radius-attributes filter-id ............................................... 258
2.18.12 dot1x radius-attributes vlan..................................................... 258
2.18.13 dot1x re-authenticate .............................................................. 259
2.18.14 dot1x reauthentication ............................................................ 260
2.18.15 dot1x system-auth-control ...................................................... 260
2.18.16 dot1x timeout quiet-period...................................................... 261
2.18.17 dot1x timeout reauth-period.................................................... 262
2.18.18 dot1x timeout server-timeout.................................................. 263
2.18.19 dot1x timeout supp-timeout .................................................... 263
2.18.20 dot1x timeout tx-period .......................................................... 264
2.18.21 dot1x traps authentication quiet .............................................. 265
2.18.22 dot1x traps mac-authentication failure .................................... 266
2.18.23 dot1x traps mac-authentication success .................................. 266
2.18.24 dot1x violation-mode.............................................................. 267
2.18.25 show dot1x ............................................................................. 268
2.18.26 show dot1x advanced.............................................................. 270
2.18.27 show dot1x statistics............................................................... 271
2.18.28 show dot1x users .................................................................... 273
2.19 Ethernet ..................................... 273
2.19.1
interface.................................................................................. 273
2.19.2
interface range ........................................................................ 274
2.19.3
shutdown ................................................................................ 274
2.19.4
operation time......................................................................... 275
2.19.5
description .............................................................................. 276
2.19.6
speed ...................................................................................... 276
2.19.7
duplex..................................................................................... 277
2.19.8
negotiation.............................................................................. 278
2.19.9
flowcontrol ............................................................................. 279
2.19.10 mdix ....................................................................................... 279
2.19.11 back-pressure.......................................................................... 280
9

3.1.0.3 16.05.2013 .

-3000
. II

2.20

2.21

2.22

2.23

.465255.040

2.19.12 port jumbo-frame.................................................................... 280


2.19.13 clear counters.......................................................................... 281
2.19.14 set interface active .................................................................. 281
2.19.15 errdisable recovery cause........................................................ 282
2.19.16 errdisable recovery interval..................................................... 283
2.19.17 show interfaces configuration ................................................. 283
2.19.18 show interfaces status ............................................................. 284
2.19.19 show interfaces advertise ........................................................ 285
2.19.20 show interfaces description..................................................... 286
2.19.21 show interfaces counters......................................................... 287
2.19.22 show ports jumbo-frame ......................................................... 289
2.19.23 show errdisable recovery ........................................................ 289
2.19.24 show errdisable interfaces....................................................... 290
2.19.25 storm-control broadcast enable ............................................... 291
2.19.26 storm-control broadcast level kbps ......................................... 291
2.19.27 storm-control include-multicast .............................................. 292
2.19.28 show storm-control ................................................................. 292
........................................ 293
2.20.1
test cable-diagnostics tdr......................................................... 293
2.20.2
show cable-diagnostics tdr...................................................... 294
2.20.3
show cable-diagnostics cable-length ....................................... 295
2.20.4
show fiber-ports optical-transceiver........................................ 295
Green Ethernet ....................................................................................... 297
2.21.1
green-ethernet energy-detect ( ) .... 297
2.21.2
green-ethernet energy-detect ( ) ... 297
2.21.3
green-ethernet short-reach ( )........ 298
2.21.4
green-ethernet short-reach ( )....... 298
2.21.5
green-ethernet short-reach force ............................................. 299
2.21.6
green-ethernet short-reach threshold ....................................... 299
2.21.7
green-ethernet power-meter reset............................................ 300
2.21.8
show green-ethernet................................................................ 301
Port-channel......................................................... 302
2.22.1
channel-group ......................................................................... 302
2.22.2
port-channel load-balance....................................................... 303
2.22.3
show interfaces port-channel .................................................. 304
.......................................................... 304
2.23.1
bridge multicast filtering......................................................... 304
2.23.2
bridge multicast mode............................................................. 305

3.1.0.3 16.05.2013 .

10

-3000
. II

.465255.040

2.23.3
bridge multicast address ......................................................... 307
2.23.4
bridge multicast forbidden address ......................................... 309
2.23.5
bridge multicast ip-address ..................................................... 310
2.23.6
bridge multicast forbidden ip-address ..................................... 311
2.23.7
bridge multicast source group ................................................. 312
2.23.8
bridge multicast forbidden source group................................. 313
2.23.9
bridge multicast ipv6 mode..................................................... 314
2.23.10 bridge multicast ipv6 ip-address ............................................. 316
2.23.11 bridge multicast ipv6 forbidden ip-address ............................. 317
2.23.12 bridge multicast ipv6 source group ......................................... 318
2.23.13 bridge multicast ipv6 forbidden source group ......................... 319
2.23.14 bridge multicast unregistered .................................................. 320
2.23.15 bridge multicast forward-all.................................................... 321
2.23.16 bridge multicast forbidden forward-all.................................... 322
2.23.17 bridge unicast unknown .......................................................... 323
2.23.18 show bridge unicast unknown................................................. 323
2.23.19 mac address-table static .......................................................... 324
2.23.20 clear mac address-table........................................................... 326
2.23.21 mac address-table aging-time ................................................. 327
2.23.22 port security............................................................................ 327
2.23.23 port security mode .................................................................. 328
2.23.24 port security max .................................................................... 330
2.23.25 port security routed secure-address ......................................... 331
2.23.26 show mac address-table .......................................................... 332
2.23.27 show mac address-table count................................................. 333
2.23.28 show bridge multicast mode ................................................... 333
2.23.29 show bridge multicast address-table ....................................... 334
2.23.30 show bridge multicast address-table static .............................. 337
2.23.31 show bridge multicast filtering ............................................... 339
2.23.32 show bridge multicast unregistered......................................... 339
2.23.33 show ports security ................................................................. 340
2.23.34 show ports security addresses ................................................. 341
2.23.35 bridge multicast reserved-address ........................................... 341
2.23.36 show bridge multicast reserved-addresses............................... 343
2.24 ............................................ 343
2.24.1
port monitor............................................................................ 343
2.24.2
show ports monitor ................................................................. 345
2.24.3
port monitor mode .................................................................. 346
11

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

2.25 sFlow ................................................................... 347


2.25.1
sflow receiver ......................................................................... 347
2.25.2
sflow flow-sampling ............................................................... 348
2.25.3
sflow counters-sampling ......................................................... 348
2.25.4
clear sflow statistics................................................................ 349
2.25.5
show sflow configuration........................................................ 349
2.25.6
show sflow statistics ............................................................... 350
2.26 LLDP................................................................... 351
2.26.1
lldp run ................................................................................... 351
2.26.2
lldp transmit............................................................................ 352
2.26.3
lldp receive ............................................................................. 352
2.26.4
lldp timer ................................................................................ 353
2.26.5
lldp hold-multiplier................................................................. 354
2.26.6
lldp reinit ................................................................................ 355
2.26.7
lldp tx-delay............................................................................ 355
2.26.8
lldp optional-tlv ...................................................................... 356
2.26.9
lldp management-address ....................................................... 357
2.26.10 lldp notifications..................................................................... 358
2.26.11 lldp notifications interval ........................................................ 359
2.26.12 lldp lldpdu .............................................................................. 359
2.26.13 lldp med enable ...................................................................... 360
2.26.14 lldp med.................................................................................. 361
2.26.15 lldp med notifications topology-change .................................. 361
2.26.16 lldp med fast-start repeat-count............................................... 362
2.26.17 lldp med network-policy ( ) ................. 363
2.26.18 lldp med network-policy ( ) ................ 364
2.26.19 clear lldp table ........................................................................ 365
2.26.20 lldp med location .................................................................... 365
2.26.21 show lldp configuration .......................................................... 366
2.26.22 show lldp med configuration................................................... 368
2.26.23 show lldp local tlvs-overloading ............................................. 370
2.26.24 show lldp local........................................................................ 370
2.26.25 show lldp neighbors................................................................ 372
2.26.26 show lldp statistics.................................................................. 377
2.27 Spanning Tree ............................................................... 378
2.27.1
spanning-tree .......................................................................... 378
2.27.2
spanning-tree mode................................................................. 378
2.27.3
spanning-tree forward-time..................................................... 379
3.1.0.3 16.05.2013 .

12

-3000
. II

.465255.040

2.27.4
spanning-tree hello-time ......................................................... 380
2.27.5
spanning-tree max-age............................................................ 381
2.27.6
spanning-tree priority ............................................................. 381
2.27.7
spanning-tree disable .............................................................. 382
2.27.8
spanning-tree cost................................................................... 382
2.27.9
spanning-tree port-priority ...................................................... 383
2.27.10 spanning-tree portfast ............................................................. 384
2.27.11 spanning-tree link-type ........................................................... 384
2.27.12 spanning-tree pathcost method................................................ 385
2.27.13 spanning-tree bpdu ( ).......................... 386
2.27.14 spanning-tree bpdu ( )......................... 387
2.27.15 spanning-tree guard root ......................................................... 388
2.27.16 spanning-tree bpduguard......................................................... 389
2.27.17 clear spanning-tree detected-protocols.................................... 390
2.27.18 spanning-tree mst priority....................................................... 390
2.27.19 spanning-tree mst max-hops ................................................... 391
2.27.20 spanning-tree mst port-priority ............................................... 392
2.27.21 spanning-tree mst cost ............................................................ 392
2.27.22 spanning-tree mst configuration.............................................. 393
2.27.23 instance ( MST) ..................................................... 394
2.27.24 name ( MST).......................................................... 395
2.27.25 revision ( MST) ..................................................... 395
2.27.26 show (MST)............................................................................ 396
2.27.27 exit ( MST) ............................................................ 396
2.27.28 abort ( MST) .......................................................... 397
2.27.29 show spanning-tree ................................................................. 397
2.27.30 show spanning-tree bpdu ........................................................ 405
2.27.31 spanning-tree loopback-guard................................................. 406
2.28 VLAN.................................................................. 407
2.28.1
vlan database .......................................................................... 407
2.28.2
vlan......................................................................................... 407
2.28.3
show vlan ............................................................................... 408
2.28.4
interface vlan .......................................................................... 410
2.28.5
interface range vlan ................................................................ 411
2.28.6
name....................................................................................... 411
2.28.7
switchport protected-port........................................................ 412
2.28.8
show interfaces protected-ports .............................................. 413
2.28.9
switchport community ............................................................ 413
13

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

2.28.10 switchport ............................................................................... 414


2.28.11 switchport mode ..................................................................... 415
2.28.12 switchport access vlan ............................................................ 416
2.28.13 switchport trunk allowed vlan................................................. 417
2.28.14 switchport trunk native vlan.................................................... 418
2.28.15 switchport general allowed vlan.............................................. 419
2.28.16 switchport general pvid........................................................... 420
2.28.17 switchport general ingress-filtering disable............................. 421
2.28.18 switchport general acceptable-frame-type............................... 422
2.28.19 switchport customer vlan ........................................................ 422
2.28.20 switchport protected ............................................................... 423
2.28.21 map protocol protocols-group ................................................. 424
2.28.22 switchport general map protocols-group vlan ......................... 425
2.28.23 show vlan protocols-groups .................................................... 426
2.28.24 map mac macs-group.............................................................. 426
2.28.25 switchport general map macs-group vlan................................ 427
2.28.26 show vlan macs-groups........................................................... 428
2.28.27 map subnet subnets-group....................................................... 428
2.28.28 switchport general map subnets-group vlan ............................ 429
2.28.29 show vlan subnets-groups ....................................................... 429
2.28.30 switchport forbidden vlan ....................................................... 430
2.28.31 show interfaces switchport...................................................... 431
2.28.32 show interfaces switchport...................................................... 432
2.28.33 ip internal-usage-vlan ............................................................. 434
2.28.34 show vlan internal usage......................................................... 435
2.28.35 switchport access multicast-tv vlan......................................... 436
2.28.36 switchport customer multicast-tv vlan .................................... 436
2.28.37 show vlan multicast-tv ............................................................ 437
2.29 IGMP Snooping ................................................... 438
2.29.1
ip igmp snooping ( ) ............................ 438
2.29.2
ip igmp snooping vlan ............................................................ 439
2.29.3
ip igmp snooping vlan mrouter ............................................... 440
2.29.4
ip igmp snooping vlan mrouter interface................................. 441
2.29.5
ip igmp snooping vlan forbidden mrouter ............................... 441
2.29.6
ip igmp snooping vlan static ................................................... 442
2.29.7
ip igmp snooping vlan multicast-tv ......................................... 443
2.29.8
ip igmp snooping map cpe vlan .............................................. 444
2.29.9
ip igmp robustness .................................................................. 445
3.1.0.3 16.05.2013 .

14

-3000
. II

.465255.040

2.29.10 ip igmp query-interval ............................................................ 445


2.29.11 ip igmp query-max-response-time .......................................... 446
2.29.12 ip igmp last-member-query-interval........................................ 447
2.29.13 ip igmp snooping vlan immediate-leave.................................. 447
2.29.14 show ip igmp snooping mrouter.............................................. 448
2.29.15 show ip igmp snooping interface ............................................ 448
2.29.16 show ip igmp snooping groups ............................................... 449
2.29.17 show ip igmp snooping multicast-tv ....................................... 451
2.29.18 show ip igmp snooping cpe vlans ........................................... 451
2.30 IPv6 MLD Snooping............................................ 452
2.30.1
ipv6 mld snooping ( ) ................... 452
2.30.2
ipv6 mld snooping vlan .......................................................... 452
2.30.3
ipv6 mld robustness ................................................................ 453
2.30.4
ipv6 mld snooping vlan mrouter ............................................. 454
2.30.5
ipv6 mld snooping vlan mrouter ............................................. 455
2.30.6
ipv6 mld snooping vlan forbidden mrouter ............................. 455
2.30.7
ipv6 mld snooping vlan static ................................................. 456
2.30.8
ipv6 mld query-interval .......................................................... 457
2.30.9
ipv6 mld query-max-response-time ........................................ 458
2.30.10 ipv6 mld last-member-query-interval...................................... 459
2.30.11 ipv6 mld snooping vlan immediate-leave................................ 459
2.30.12 show ipv6 mld snooping mrouter............................................ 460
2.30.13 show ipv6 mld snooping interface .......................................... 460
2.30.14 show ipv6 mld snooping groups ............................................. 461
2.31 LACP................................................................... 462
2.31.1
lacp system-priority ................................................................ 462
2.31.2
lacp port-priority..................................................................... 463
2.31.3
lacp timeout............................................................................ 464
2.31.4
show lacp................................................................................ 464
2.31.5
show lacp port-channel ........................................................... 466
2.32 GVRP .................................................................. 467
2.32.1
gvrp enable ( ) ..................................... 467
2.32.2
gvrp enable ( ).............................. 467
2.32.3
garp timer ............................................................................... 468
2.32.4
gvrp vlan-creation-forbid........................................................ 469
2.32.5
gvrp registration-forbid........................................................... 470
2.32.6
clear gvrp statistics ................................................................. 470
2.32.7
show gvrp configuration ......................................................... 471
15

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

2.32.8
show gvrp statistics................................................................. 471
2.32.9
show gvrp error-statistics........................................................ 472
2.33 VLAN .............................................. 473
2.33.1
voice vlan state ....................................................................... 473
2.33.2
voice vlan id ........................................................................... 473
2.33.3
voice vlan oui-table ................................................................ 474
2.33.4
voice vlan cos mode ............................................................... 476
2.33.5
voice vlan cos ......................................................................... 476
2.33.6
voice vlan aging-timeout ........................................................ 477
2.33.7
voice vlan enable .................................................................... 477
2.33.8
voice vlan secure .................................................................... 478
2.33.9
show voice vlan ...................................................................... 479
2.34 ................................ 480
2.34.1
loopback-detection enable ( )............... 480
2.34.2
loopback-detection enable ( )....... 481
2.34.3
loopback-detection mode........................................................ 482
2.34.4
loopback-detection interval..................................................... 482
2.34.5
show loopback-detection ........................................................ 483
2.35 DHCP Snooping ARP ......................... 483
2.35.1
ip dhcp snooping..................................................................... 483
2.35.2
ip dhcp snooping vlan............................................................. 484
2.35.3
ip dhcp snooping trust............................................................. 485
2.35.4
ip dhcp snooping information option allowed-untrusted ......... 485
2.35.5
ip dhcp snooping verify .......................................................... 486
2.35.6
ip dhcp snooping database ...................................................... 486
2.35.7
ip dhcp snooping database update-freq ................................... 487
2.35.8
ip dhcp snooping binding........................................................ 488
2.35.9
clear ip dhcp snooping database.............................................. 489
2.35.10 show ip dhcp snooping ........................................................... 489
2.35.11 show ip dhcp snooping binding............................................... 490
2.35.12 ip source-guard ....................................................................... 490
2.35.13 ip source-guard binding .......................................................... 491
2.35.14 ip source-guard tcam retries-freq ............................................ 492
2.35.15 ip source-guard tcam locate .................................................... 493
2.35.16 show ip source-guard configuration ........................................ 494
2.35.17 show ip source-guard status .................................................... 494
2.35.18 show ip source-guard inactive................................................. 495
2.35.19 show ip source-guard statistics ............................................... 496
3.1.0.3 16.05.2013 .

16

-3000
. II

.465255.040

2.35.20 ip arp inspection ..................................................................... 497


2.35.21 ip arp inspection vlan.............................................................. 497
2.35.22 ip arp inspection trust ............................................................. 498
2.35.23 ip arp inspection validate ........................................................ 499
2.35.24 ip arp inspection list create ..................................................... 500
2.35.25 ip mac..................................................................................... 500
2.35.26 ip arp inspection list assign ..................................................... 501
2.35.27 ip arp inspection logging interval............................................ 502
2.35.28 show ip arp inspection ............................................................ 502
2.35.29 show ip arp inspection list ...................................................... 503
2.35.30 show ip arp inspection statistics.............................................. 503
2.35.31 clear ip arp inspection statistics .............................................. 504
2.36 DHCP Relay ........................................................ 504
2.36.1
ip dhcp relay enable ( ) ................. 504
2.36.2
ip dhcp relay enable ( ) ................ 505
2.36.3
ip dhcp relay address ( )................ 505
2.36.4
ip dhcp information option ..................................................... 507
2.36.5
show ip dhcp information option ............................................ 507
2.37 IP-................................................ 507
2.37.1
ip address................................................................................ 507
2.37.2
ip address dhcp ....................................................................... 509
2.37.3
renew dhcp ............................................................................. 509
2.37.4
ip default-gateway .................................................................. 510
2.37.5
show ip interface .................................................................... 511
2.37.6
arp .......................................................................................... 511
2.37.7
arp timeout ( )...................................... 512
2.37.8
arp timeout ............................................................................. 513
2.37.9
ip arp proxy disable ................................................................ 513
2.37.10 ip proxy-arp ............................................................................ 514
2.37.11 clear arp-cache........................................................................ 514
2.37.12 show arp ................................................................................. 515
2.37.13 show arp configuration ........................................................... 516
2.37.14 interface ip.............................................................................. 516
2.37.15 directed-broadcast................................................................... 517
2.37.16 broadcast-address ................................................................... 517
2.37.17 ip helper-address..................................................................... 518
2.37.18 show ip helper-address ........................................................... 520
2.37.19 source-precedence .................................................................. 520
17

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

2.37.20 ip domain lookup .................................................................... 521


2.37.21 ip domain name ...................................................................... 521
2.37.22 ip name-server ........................................................................ 522
2.37.23 ip host..................................................................................... 523
2.37.24 clear host ................................................................................ 524
2.37.25 clear host dhcp........................................................................ 524
2.37.26 show hosts .............................................................................. 525
2.38 ............................................................. 525
2.38.1
interface tunnel ....................................................................... 525
2.38.2
tunnel destination.................................................................... 526
2.38.3
tunnel mode ipv6ip ................................................................. 527
2.38.4
tunnel source .......................................................................... 528
2.38.5
show ipv6 tunnel..................................................................... 529
2.39 DHCP- .................................................... 529
2.39.1
ip dhcp server ......................................................................... 529
2.39.2
ip dhcp pool host .................................................................... 530
2.39.3
ip dhcp pool network .............................................................. 531
2.39.4
address ( DHCP-)................................... 531
2.39.5
address ( DHCP Network)............................... 532
2.39.6
lease........................................................................................ 533
2.39.7
client-name ............................................................................. 534
2.39.8
default-router .......................................................................... 535
2.39.9
dns-server ............................................................................... 535
2.39.10 domain-name .......................................................................... 536
2.39.11 netbios-name-server................................................................ 536
2.39.12 netbios-node-type ................................................................... 537
2.39.13 next-server.............................................................................. 538
2.39.14 next-server-name .................................................................... 538
2.39.15 bootfile ................................................................................... 539
2.39.16 time-server.............................................................................. 539
2.39.17 option ..................................................................................... 540
2.39.18 ip dhcp excluded-address........................................................ 541
2.39.19 ip dhcp ping enable................................................................. 542
2.39.20 ping enable ............................................................................. 543
2.39.21 ip dhcp ping count .................................................................. 543
2.39.22 ip dhcp ping timeout ............................................................... 544
2.39.23 clear ip dhcp binding .............................................................. 545
2.39.24 show ip dhcp........................................................................... 545
3.1.0.3 16.05.2013 .

18

-3000
. II

.465255.040

2.39.25 show ip dhcp excluded-addresses ........................................... 546


2.39.26 show ip dhcp pool host ........................................................... 546
2.39.27 show ip dhcp pool network ..................................................... 547
2.39.28 show ip dhcp binding.............................................................. 548
2.39.29 show ip dhcp server statistics.................................................. 549
2.39.30 show ip dhcp allocated............................................................ 550
2.39.31 show ip dhcp declined ............................................................ 551
2.39.32 show ip dhcp expired.............................................................. 552
2.39.33 show ip dhcp pre-allocated ..................................................... 553
2.40 ACL..................................................................... 554
2.40.1
ip access-list (IP extended) ..................................................... 554
2.40.2
permit ( IP) ..................................................... 554
2.40.3
deny ( IP) ........................................................ 557
2.40.4
ipv6 access-list (IPv6 extended) ............................................. 561
2.40.5
permit ( IPv6).................................................. 562
2.40.6
deny ( IPv6) .................................................... 564
2.40.7
mac access-list........................................................................ 567
2.40.8
permit ( MAC) ................................................ 568
2.40.9
deny ( MAC).......................................................... 569
2.40.10 service-acl input ..................................................................... 570
2.40.11 service-acl output.................................................................... 571
2.40.12 time-range .............................................................................. 572
2.40.13 absolute .................................................................................. 573
2.40.14 periodic................................................................................... 574
2.40.15 show time-range ..................................................................... 575
2.40.16 show access-lists..................................................................... 576
2.40.17 show interfaces access-lists..................................................... 577
2.40.18 clear access-lists counters ....................................................... 577
2.40.19 show interfaces access-lists counters ...................................... 578
2.41 QoS...................................................................... 579
2.41.1
qos.......................................................................................... 579
2.41.2
qos advanced-mode trust ........................................................ 579
2.41.3
show qos................................................................................. 580
2.41.4
class-map................................................................................ 581
2.41.5
show class-map....................................................................... 582
2.41.6
match...................................................................................... 582
2.41.7
policy-map.............................................................................. 583
2.41.8
class........................................................................................ 584
19

3.1.0.3 16.05.2013 .

-3000
. II

2.41.9
2.41.10
2.41.11
2.41.12
2.41.13
2.41.14
2.41.15
2.41.16
2.41.17
2.41.18
2.41.19
2.41.20
2.41.21
2.41.22
2.41.23
2.41.24
2.41.25
2.41.26
2.41.27
2.41.28
2.41.29
2.41.30
2.41.31
2.41.32
2.41.33
2.41.34
2.41.35
2.41.36
2.41.37
2.41.38
2.41.39
2.41.40
2.41.41
2.41.42
2.41.43
2.41.44
2.41.45
2.41.46

.465255.040

show policy-map .................................................................... 585


trust ........................................................................................ 586
set ........................................................................................... 587
police...................................................................................... 588
service-policy ......................................................................... 589
qos aggregate-policer.............................................................. 589
show qos aggregate-policer..................................................... 591
police aggregate...................................................................... 591
wrr-queue cos-map ................................................................. 592
wrr-queue bandwidth .............................................................. 593
priority-queue out num-of-queues........................................... 594
traffic-shape............................................................................ 595
traffic-shape queue ................................................................. 595
rate-limit (Ethernet) ................................................................ 596
rate-limit (VLAN)................................................................... 597
qos wrr-queue wrtd ................................................................. 598
show qos wrr-queue wrtd........................................................ 598
show qos interface .................................................................. 598
wrr-queue ............................................................................... 603
qos wrr-queue threshold.......................................................... 604
qos map policed-dscp ............................................................. 604
qos map dscp-queue................................................................ 605
qos map dscp-dp ..................................................................... 606
qos trust ( ) ................................... 606
qos trust ( )................................... 607
qos cos.................................................................................... 608
qos dscp-mutation................................................................... 609
qos map dscp-mutation ........................................................... 609
show qos map ......................................................................... 610
clear qos statistics ................................................................... 612
qos statistics policer................................................................ 612
qos statistics aggregate-policer ............................................... 612
qos statistics queues................................................................ 613
show qos statistics .................................................................. 614
security-suite deny syn-fin ...................................................... 615
security-suite enable ............................................................... 615
security-suite dos protect ........................................................ 617
security-suite dos syn-attack ................................................... 618

3.1.0.3 16.05.2013 .

20

-3000
. II

.465255.040

2.41.47 security-suite deny martian-addresses..................................... 619


2.41.48 security-suite deny syn ........................................................... 621
2.41.49 security-suite deny icmp ......................................................... 622
2.41.50 security-suite deny fragmented ............................................... 623
2.41.51 show security-suite configuration ........................................... 624
2.41.52 set vlan ................................................................................... 625
2.41.53 send ........................................................................................ 626
2.42 VRRP .................................................................. 627
2.42.1
show vrrp................................................................................ 627
2.42.2
vrrp description....................................................................... 629
2.42.3
vrrp ip..................................................................................... 630
2.42.4
vrrp preempt ........................................................................... 631
2.42.5
vrrp priority ............................................................................ 632
2.42.6
vrrp shutdown......................................................................... 633
2.42.7
vrrp source-ip ......................................................................... 633
2.42.8
vrrp timers advertise ............................................................... 634
2.42.9
vrrp version ............................................................................ 635
2.43 SSH-....................................................... 636
2.43.1
ip ssh-client authentication ..................................................... 636
2.43.2
ip ssh-client change server password ...................................... 637
2.43.3
ip ssh-client key...................................................................... 638
2.43.4
ip ssh-client password............................................................. 640
2.43.5
ip ssh-client server authentication ........................................... 641
2.43.6
ip ssh-client server fingerprint ................................................ 642
2.43.7
ip ssh-client username ............................................................ 643
2.43.8
show ip ssh-client ................................................................... 643
2.43.9
show ip ssh-client server......................................................... 645
2.44 , IP.................. 646
2.44.1
accept-lifetime........................................................................ 646
2.44.2
clear ip prefix-list ................................................................... 648
2.44.3
distance ( IP).......................................................... 648
2.44.4
ip prefix-list ............................................................................ 651
2.44.5
ip route ................................................................................... 654
2.44.6
ip routing ................................................................................ 655
2.44.7
key-string................................................................................ 656
2.44.8
key ( Key-Chain) ............................................ 656
2.44.9
key-chain ................................................................................ 658
2.44.10 send-lifetime........................................................................... 658
21

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

2.44.11 show distance ......................................................................... 660


2.44.12 show ip prefix-list................................................................... 660
2.44.13 show ip protocols.................................................................... 662
2.44.14 show ip route .......................................................................... 663
2.44.15 show ip route summary........................................................... 666
2.44.16 show key chain ....................................................................... 667
2.45 RIP....................................................................... 668
2.45.1
clear rip statistics .................................................................... 668
2.45.2
default-information originate .................................................. 668
2.45.3
default-metric ......................................................................... 669
2.45.4
ip rip authentication key-chain................................................ 670
2.45.5
ip rip authentication mode ...................................................... 671
2.45.6
ip rip authentication-key ......................................................... 672
2.45.7
ip rip default-information originate......................................... 673
2.45.8
ip rip distribute-list in ............................................................. 673
2.45.9
ip rip distribute-list out ........................................................... 674
2.45.10 ip rip offset ............................................................................. 675
2.45.11 ip rip passive-interface............................................................ 676
2.45.12 ip rip shutdown ....................................................................... 677
2.45.13 network................................................................................... 677
2.45.14 passive-interface ( RIP).......................................... 678
2.45.15 redistribute ( RIP) .................................................. 679
2.45.16 router rip................................................................................. 683
2.45.17 show ip rip database ............................................................... 684
2.45.18 show ip rip peers..................................................................... 687
2.45.19 show ip rip statistics ............................................................... 688
2.45.20 shutdown ................................................................................ 688
2.46 IPv6-......................................... 689
2.46.1
clear ipv6 neighbors................................................................ 689
2.46.2
clear ipv6 prefix-list................................................................ 689
2.46.3
ipv6 address............................................................................ 690
2.46.4
ipv6 address anycast ............................................................... 691
2.46.5
ipv6 address autoconfig .......................................................... 692
2.46.6
ipv6 address eui-64 ................................................................. 693
2.46.7
ipv6 address link-local ............................................................ 694
2.46.8
ipv6 default-gateway .............................................................. 695
2.46.9
ipv6 distance........................................................................... 697
2.46.10 ipv6 enable ............................................................................. 699
3.1.0.3 16.05.2013 .

22

-3000
. II

.465255.040

2.46.11 ipv6 hop-limit......................................................................... 699


2.46.12 ipv6 host................................................................................. 700
2.46.13 ipv6 icmp error-interval .......................................................... 701
2.46.14 ipv6 link-local default zone .................................................... 702
2.46.15 ipv6 mld version..................................................................... 703
2.46.16 ipv6 nd advertisement-interval................................................ 704
2.46.17 ipv6 nd dad attempts............................................................... 704
2.46.18 ipv6 nd hop-limit .................................................................... 706
2.46.19 ipv6 nd managed-config flag .................................................. 707
2.46.20 ipv6 nd ns-interval .................................................................. 708
2.46.21 ipv6 nd other config-flag ........................................................ 708
2.46.22 ipv6 nd prefix ......................................................................... 709
2.46.23 ipv6 nd ra interval................................................................... 713
2.46.24 ipv6 nd ra lifetime .................................................................. 714
2.46.25 ipv6 nd ra suppress ................................................................. 715
2.46.26 ipv6 nd reachable-time ........................................................... 716
2.46.27 ipv6 nd router-preference........................................................ 717
2.46.28 ipv6 neighbor.......................................................................... 718
2.46.29 ipv6 prefix-list ........................................................................ 720
2.46.30 ipv6 redirect............................................................................ 723
2.46.31 ipv6 route ............................................................................... 724
2.46.32 ipv6 unicast-routing ................................................................ 725
2.46.33 ipv6 unreachables ................................................................... 726
2.46.34 show ipv6 distance ................................................................. 727
2.46.35 show ipv6 interface................................................................. 727
2.46.36 show ipv6 link-local default zone ........................................... 729
2.46.37 show ipv6 mtu ........................................................................ 729
2.46.38 show ipv6 nd prefix ................................................................ 730
2.46.39 show ipv6 neighbors............................................................... 731
2.46.40 show ipv6 prefix-list............................................................... 732
2.46.41 show ipv6 protocols................................................................ 734
2.46.42 show ipv6 route ...................................................................... 735
2.46.43 show ipv6 route summary....................................................... 736
2.46.44 show ipv6 static ...................................................................... 736
2.47 OpenFlow ............................................................ 739
2.47.1
openflow enable ..................................................................... 739
2.47.2
openflow forward_action........................................................ 739
2.47.3
openflow ip-address................................................................ 740
23

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

2.47.4
openflow protocol................................................................... 741
2.47.5
show openflow ....................................................................... 741
2.48 OSPFv3 ............................................................... 742
2.48.1
area default-cost...................................................................... 742
2.48.2
area filter-list .......................................................................... 743
2.48.3
area nssa ................................................................................. 745
2.48.4
area range ............................................................................... 746
2.48.5
area shutdown......................................................................... 748
2.48.6
area stub ................................................................................. 748
2.48.7
area virtual-link ...................................................................... 750
2.48.8
clear ipv6 ospf process............................................................ 752
2.48.9
default-metric (IPv6 OSPF) .................................................... 753
2.48.10 ipv6 ospf area ......................................................................... 754
2.48.11 ipv6 ospf cost.......................................................................... 755
2.48.12 ipv6 ospf dead-interval ........................................................... 756
2.48.13 ipv6 ospf hello-interval........................................................... 757
2.48.14 ipv6 ospf mtu-ignore............................................................... 758
2.48.15 ipv6 ospf neighbor.................................................................. 759
2.48.16 ipv6 ospf priority .................................................................... 760
2.48.17 ipv6 ospf retransmit-interval ................................................... 761
2.48.18 ipv6 ospf shutdown................................................................. 762
2.48.19 ipv6 ospf transmit-delay ......................................................... 762
2.48.20 ipv6 router ospf ...................................................................... 763
2.48.21 no area .................................................................................... 764
2.48.22 passive-interface (IPv6) .......................................................... 765
2.48.23 redistribute (OSPFv3)............................................................. 766
2.48.24 router-id (IPv6)....................................................................... 770
2.48.25 show ipv6 ospf........................................................................ 771
2.48.26 show ipv6 ospf database ......................................................... 773
2.48.27 show ipv6 ospf interface ......................................................... 781
2.48.28 show ipv6 ospf neighbor......................................................... 783
2.48.29 show ipv6 ospf router-id ......................................................... 784
2.48.30 show ipv6 ospf snmp .............................................................. 785
2.48.31 show ipv6 ospf virtual-links.................................................... 786
2.48.32 shutdown (IPv6 OSPF) ........................................................... 787
2.48.33 snmp-process ipv6 ospf .......................................................... 788
2.48.34 snmp-server enable traps ipv6 ospf ......................................... 789
2.48.35 snmp-server enable traps ipv6 ospf errors............................... 789
3.1.0.3 16.05.2013 .

24

-3000
. II

.465255.040

2.48.36 snmp-server enable traps ipv6 ospf lsa.................................... 791


2.48.37 snmp-server enable traps ipv6 ospf rate-limit ......................... 792
2.48.38 snmp-server enable traps ipv6 ospf retransmit ........................ 793
2.48.39 snmp-server enable traps ipv6 ospf state-change .................... 794
2.49 OSPF ................................................................... 795
2.49.1
area default-cost ..................................................................... 795
2.49.2
area filter-list .......................................................................... 797
2.49.3
area nssa ................................................................................. 798
2.49.4
area range ............................................................................... 800
2.49.5
area shutdown......................................................................... 801
2.49.6
area stub ................................................................................. 802
2.49.7
area virtual-link ...................................................................... 804
2.49.8
clear ip ospf process ............................................................... 806
2.49.9
ip ospf authentication.............................................................. 807
2.49.10 ip ospf authentication key-chain ............................................. 808
2.49.11 ip ospf authentication-key....................................................... 809
2.49.12 ip ospf cost ............................................................................. 810
2.49.13 ip ospf dead-interval ............................................................... 811
2.49.14 ip ospf hello-interval............................................................... 812
2.49.15 ip ospf mtu-ignore .................................................................. 813
2.49.16 ip ospf passive-interface ......................................................... 813
2.49.17 ip ospf priority........................................................................ 814
2.49.18 ip ospf retransmit-interval....................................................... 815
2.49.19 ip ospf shutdown .................................................................... 816
2.49.20 ip ospf transmit-delay ............................................................. 816
2.49.21 network area ........................................................................... 817
2.49.22 no area.................................................................................... 818
2.49.23 passive-interface (OSPF) ........................................................ 819
2.49.24 redistribute (OSPF)................................................................. 820
2.49.25 router ospf .............................................................................. 825
2.49.26 router-id.................................................................................. 825
2.49.27 show ip ospf ........................................................................... 826
2.49.28 show ip ospf database ............................................................. 829
2.49.29 show ip ospf interface............................................................. 835
2.49.30 show ip ospf neighbor............................................................. 837
2.49.31 show ip ospf router-id............................................................. 838
2.49.32 show ip ospf snmp .................................................................. 839
2.49.33 show ip ospf virtual-links ....................................................... 840
25

3.1.0.3 16.05.2013 .

-3000
. II

2.50

2.51

2.52

2.53

.465255.040

2.49.34 shutdown (OSPF) ................................................................... 840


2.49.35 snmp-process ospf .................................................................. 841
2.49.36 snmp-server enable traps ospf................................................. 842
2.49.37 snmp-server enable traps ospf errors....................................... 842
2.49.38 snmp-server enable traps ospf lsa............................................ 844
2.49.39 snmp-server enable traps ospf rate-limit ................................. 845
2.49.40 snmp-server enable traps ospf retransmit ................................ 846
2.49.41 snmp-server enable traps ospf state-change ............................ 847
................................. 848
2.50.1
system router resources........................................................... 848
2.50.2
show system router resources ................................................. 851
MLD .................................................................... 852
2.51.1
clear ipv6 mld counters........................................................... 852
2.51.2
ipv6 mld access-group ............................................................ 852
2.51.3
ipv6 mld last-member-query-interval...................................... 854
2.51.4
ipv6 mld query-interval .......................................................... 854
2.51.5
ipv6 mld query-max-response-time ........................................ 855
2.51.6
ipv6 mld robustness ................................................................ 856
2.51.7
ipv6 mld version ..................................................................... 856
2.51.8
show ipv6 mld counters .......................................................... 857
2.51.9
show ipv6 mld groups............................................................. 858
2.51.10 show ipv6 mld groups summary ............................................. 859
2.51.11 show ipv6 mld interface.......................................................... 860
IGMP................................................................... 860
2.52.1
clear ip igmp counters............................................................. 860
2.52.2
ip igmp access-group .............................................................. 861
2.52.3
ip igmp last-member-query-interval........................................ 863
2.52.4
ip igmp query-interval ............................................................ 863
2.52.5
ip igmp query-max-response-time .......................................... 864
2.52.6
ip igmp robustness .................................................................. 865
2.52.7
ip igmp version ....................................................................... 866
2.52.8
show ip igmp counters ............................................................ 866
2.52.9
show ip igmp groups............................................................... 867
2.52.10 show ip igmp groups summary ............................................... 868
2.52.11 show ip igmp interface............................................................ 869
IPv4 IPM ................................. 870
2.53.1
ip multicast-routing................................................................. 870
2.53.2
ip multicast ttl-threshold ......................................................... 871

3.1.0.3 16.05.2013 .

26

-3000
. II

.465255.040

2.53.3
show ip mroute ....................................................................... 871
2.53.4
show ip multicast.................................................................... 874
2.54 IPv6 IPM................................. 875
2.54.1
ipv6 multicast-routing............................................................. 875
2.54.2
ipv6 multicast hop-threshold................................................... 876
2.54.3
show ipv6 mroute ................................................................... 877
2.54.4
show ipv6 multicast ................................................................ 878
2.55 IPv4 PIM ............................................................. 880
2.55.1
clear ip pim counters............................................................... 880
2.55.2
ip pim ..................................................................................... 880
2.55.3
ip pim accept-register ............................................................. 881
2.55.4
ip pim bsr-border .................................................................... 882
2.55.5
ip pim bsr-candidate ............................................................... 883
2.55.6
ip pim dr-priority .................................................................... 884
2.55.7
ip pim hello-interval ............................................................... 885
2.55.8
ip pim join-prune-interval ....................................................... 885
2.55.9
ip pim neighbor-filter.............................................................. 886
2.55.10 ip pim rp-address .................................................................... 887
2.55.11 ip pim rp-candidate................................................................. 889
2.55.12 ip pim ssm .............................................................................. 891
2.55.13 show ip pim bsr ...................................................................... 891
2.55.14 show ip pim counters.............................................................. 893
2.55.15 show ip pim group-map .......................................................... 894
2.55.16 show ip pim interface ............................................................. 895
2.55.17 show ip pim neighbor ............................................................. 897
2.55.18 show ip pim rp mapping ......................................................... 898
2.56 IPv6 PIM ............................................................. 899
2.56.1
clear ipv6 pim counters........................................................... 899
2.56.2
ipv6 pim ................................................................................. 899
2.56.3
ipv6 pim accept-register ......................................................... 900
2.56.4
ipv6 pim bsr-border ................................................................ 900
2.56.5
ipv6 pim bsr-candidate ........................................................... 901
2.56.6
ipv6 pim dr-priority ................................................................ 902
2.56.7
ipv6 pim hello-interval ........................................................... 903
2.56.8
ipv6 pim join-prune-interval ................................................... 904
2.56.9
ipv6 pim neighbor-filter.......................................................... 905
2.56.10 ipv6 pim rp-address ................................................................ 906
2.56.11 ipv6 pim rp-candidate ............................................................. 908
27

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

2.56.12 ipv6 pim rp-embedded ............................................................ 909


2.56.13 ipv6 pim ssm .......................................................................... 910
2.56.14 show ipv6 pim bsr .................................................................. 911
2.56.15 show ipv6 pim counters .......................................................... 913
2.56.16 show ipv6 pim group-map ...................................................... 913
2.56.17 show ipv6 pim interface.......................................................... 914
2.56.18 show ipv6 pim neighbor ......................................................... 917
2.56.19 show ipv6 pim rp mapping ..................................................... 917
2.57 IGMP/MLD Proxy............................................... 919
2.57.1
ip igmp-proxy ......................................................................... 919
2.57.2
ip igmp-proxy downstream protected...................................... 919
2.57.3
ipv6 mld-proxy ....................................................................... 920
2.57.4
ipv6 mld-proxy downstream protected.................................... 921
2.57.5
show ip igmp-proxy interface ................................................. 921
2.57.6
show ipv6 mld-proxy interface ............................................... 923
2.58 DNS- ...................................................... 924
2.58.1
clear host ................................................................................ 924
2.58.2
ip domain lookup .................................................................... 925
2.58.3
ip domain name ...................................................................... 926
2.58.4
ip host..................................................................................... 927
2.58.5
ip name-server ........................................................................ 927
2.58.6
show hosts .............................................................................. 928

3.1.0.3 16.05.2013 .

28

-3000
. II

.465255.040


1.1

1

;

15
.

( 15)
,
1 15.
()
:
enable
password
encrypted-password}

[level

privilege-level]{password|encrypted

,
enable
15.
.
disable .

username.
15
.

15 (
):
switchxxxxxx#configure
switchxxxxxx<conf># enable password level 15 level15@abc
switchxxxxxx<conf>#

1:
switchxxxxxx#configure
switchxxxxxx<conf> username john password john1234 privilege 1
switchxxxxxx<conf>

29

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

, :
switchxxxxxx#
switchxxxxxx# enable
Enter Password: ****** ( 15 - level15@abc)
switchxxxxxx#

1.2

CLI
(CLI)
.
. ,
, (?)
.

: (),
,
.
,
.
,
.

.
.

1.2.1


,
.

.

: console> (console ,
hostname
).
1.2.2


,

.
.
3.1.0.3 16.05.2013 .

30

-3000
. II

.465255.040

.

disable.
1.2.3


, .

configure
Enter.
,
: console(config)#.
exit,
end Ctrl+Z.
1.2.4


:

(,
line speed, timeout settings ..).

line;

VLAN
VLAN.
VLAN
vlan database;


.

management
access-list;
Port-Channel
port channels, , ,
VLAN Port-channel.
Port-Channel
port-channel;

31

SSH Public Key-Chain


SSH
. SSH Public KeyChain crypto key
pubkey-chain ssh;
3.1.0.3 16.05.2013 .

-3000
. II

1.3

.465255.040


Ethernet.

interface.

(CLI)

Telnet.

CLI.

Telnet, , CLI, ,
IP-,
, ,
, .

1.3.1

1.3.2

CLI


.
,
console>.

, .

quit
exit.

CLI Telnet

telnet IP- .
.
IP- 192.168.1.239.

.
.
admin, admin.

, .

quit
exit.

login
.
.

3.1.0.3 16.05.2013 .

32

-3000
. II

1.4

.465255.040


1
:
1

1.5

[]

{}


.
(|).
. :
flowcontrol {auto|on|off} ,
flowcontrol auto, on
off.


CLI :
- . :

GigabitEthernet (10/100/1000)
GigabitEthernet, gi GE;
TenGigabit Ethernet (10000)
TenGigabitEthernet, te xg;

LAG (Port Channel) PortChannel po.

VLAN VLAN;

tunnel tu;

- : Port, LAG, tunnel VLAN ID.


:
{<ethernet-type>[ ][<unit-number>/]<slot-number>/<port-number>} |
{port-channel | po | ch}[ ]<port-channel-number> |
{tunnel | tu}[ ]<tunnel-number> | vlan[ ]<vlan-id>

33

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
console(config)#interface GigabitEthernet 1/1/1
console(config)#interface GE 1/1/1
console(config)#interface gi1/1/1
console(config)#interface FastEthernet 1/2/1
console(config)#interface fe1/2/1
console(config)#interface po1
console(config)# interface vlan 1

1.5.1


.
:
<interface-range> ::=
{<port-type>[ ][/<first-port-number>[ - <last-port-number]} |
port-channel[ ]<first-port-channel-number>[ - <last-port-channel-number>] |
tunnel[ ]<first-tunnel-number>[ - <last-tunnel-number>] |
vlan[ ]<first-vlan-id>[ - <last-vlan-id>]

:
console#configure
console(config-if)#interface range gi1/1/1-1/1/5

1.5.2


:
<range-list> ::= <interface-range> | <range-list>, < interface-range>

.

Port-Channel, VLAN. /PortChannel VLAN.
.

(,).

3.1.0.3 16.05.2013 .

34

-3000
. II

.465255.040

:
console#configure
console(config)#interface range gi1/1/1-1/1/5, vlan 1-2

1.6


CLI .
, .
, show interfaces status gi0/5
show, interfaces status; gi
, , 0/5
, .
, ,
. ,
:
console(config)# username admin password smith.
:

1.7

? ()

.


?
.


CLI
. , ,
FIFO (First In First Out
). , ,
, , .

. ,
, 2.
,
.

history.
10 (
256).
, , .

history size.

35

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


show history.
1.8



.
CLI
Tab.
,
? ,
.

.
, ,
, .
,
:
(config)#interface
%missing mandatory parameter
(config)#interface

1.9

,
. ,
.

,
.
, .

Ctrl+A

Ctrl+E
Ctrl+Z / End

.

CLI.

Backspace

IPv6z-
IPv6z- IPv6-.
IPv6z-: <ipv6-link-local-address>%<egress-interface>,

3.1.0.3 16.05.2013 .

36

-3000
. II

.465255.040

egress-interface ( zone) = vlan<vlan-id> | po <number> | tunnel


<number> | port<number> | 0
,
. 0
, .
:

37

ipv6_address%egress-interface;

ipv6_address%0;

ipv6_address.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

2.1
2.1.1


enable

.
.
:
enable [privilege-level]
:
privilege-level

,
1 15.


15.

.
:
switchxxxxxx# enable
enter password:**********
switchxxxxxx#Accepted

2.1.2

disable

:
disable [privilege-level]
:
privilege-level

3.1.0.3 16.05.2013 .

.
,
1.

38

-3000
. II

.465255.040


1.

.
:
switchxxxxxx# disable 1
switchxxxxxx#

2.1.3

login

.
.
:
login

.
:
switchxxxxxx# login
User Name:bob
Password:*****
switchxxxxxx#

2.1.4

configure

.
.
:
configure [terminal]
:
terminal

39

,
.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
:
switchxxxxxx# configure
switchxxxxxx(config)#

2.1.5

exit (Configuration)


CLI.
:
exit

.
:
switchxxxxxx(config-if)# exit
switchxxxxxx(config)# exit

2.1.6

exit ( )

.
.
:
exit

.
:
switchxxxxxx# exit

2.1.7

end

:
end

.
3.1.0.3 16.05.2013 .

40

-3000
. II

.465255.040

:
switchxxxxxx(config)# end
switchxxxxxx#

2.1.8

help

.
:
help

.
:
switchxxxxxx# help
Help may be requested at any point in a command by entering a question
mark '?'. If nothing matches the currently entered incomplete command,
the help list is empty. This indicates that there is no command matching
the input as it currently appears. If the request is within a command,
press the Backspace key and erase the entered characters to a point
where the request results in a match.
Help is provided when:
1. There is a valid command and a help request is made for entering a
parameter or argument (e.g. 'show ?'). All possible parameters or
arguments for the entered command are then displayed.
2. An abbreviated argument is entered and a help request is made for
arguments matching the input (e.g. 'show pr?').

2.1.9

history

.
.

:
history
no history
no
.

.

.

41

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


/Telnet/SSH.


terminal history size.
history size

.
:
switchxxxxxx(config)# line telnet
switchxxxxxx(config-line)# history

2.1.10

history size

.

.
:
history size number-of-commands
no history size

.

no

:
number-of-commands ,

, 10 207.

10 .

.


.
3.1.0.3 16.05.2013 .

42

-3000
. II

.465255.040


/Telnet/SSH.

terminal
history size.
,
, .
,

.
:
switchxxxxxx(config)# line telnet
switchxxxxxx(config-line)# history size 100

2.1.11

terminal history

.

. ,
.
:
terminal history
terminal no history
terminal no history
.


history.

.
:
switchxxxxxx# terminal no history

2.1.12

terminal history size

.
.
,
.
43

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
terminal history size number-of-commands
terminal no history size

.

no

:
number-of-commands

,

, 10
207.



history size.

.

terminal history size

.
, ,

history.
,
207.
:
switchxxxxxx#terminal history size 20

3.1.0.3 16.05.2013 .

44

-3000
. II

2.1.13

.465255.040

terminal datadump

.
show
.
:
terminal datadump
no terminal datadump
no terminal datadump
.

show .

.

More
, 24.
Enter,

.
terminal datadump
show.
.
:
switchxxxxxx# terminal datadump

2.1.14

terminal width

.
, , CLI
.

.
:
terminal width number-of-characters
terminal no width

45

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
number-of-characters

,
, CLI
. : 0,
70-512.

.
terminal no width
.

77.

.
:
switchxxxxxx# terminal width 100

2.1.15

terminal prompt

. .

.
:
terminal prompt
terminal no prompt
terminal no prompt .

.

.
:
switchxxxxxx# terminal no prompt

2.1.16

debug-mode

. .
:
debug-mode
3.1.0.3 16.05.2013 .

46

-3000
. II

.465255.040


.
:
switchxxxxxx# debug-mode

2.1.17

show history

.
.

:
show history

.


. ,
.

.
:
switchxxxxxx# show version
SW version 3.131 (date 23-Jul-2005 time 17:34:19)
HW version 1.0.0
switchxxxxxx# show clock
15:29:03 Jun 17 2005
switchxxxxxx# show history
show version
show clock
show history
3 commands were logged (buffer size is 10)

2.1.18

show privilege

:
show privilege
47

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
:
switchxxxxxx# show privilege
Current privilege level is 15

2.1.19

do



.
:
do command
:
command

,
.


.
:
switchxxxxxx# do show vlan
Vlan

Name

Ports

Type

Authorization

---- -------- ---------------------

--------

----------

other

Required

gi0/1-3,Po1,Po2,
Po3,Po4,Po5,Po6,Po7,Po8

2.1.20

gi0/1

dynamicGvrp

Required

10

v0010

gi0/1

permanent

Not Required

11

V0011

gi0/1,gi0/3

permanent

Required

banner exec

.
-,
.
CLI: ,
Telnet SSH.
:
banner exec d message-text d
no banner exec
3.1.0.3 16.05.2013 .

48

-3000
. II

.465255.040

no .
:
d
, ,
, (#).
- .
message-text
-.
. -
.
-

: $(token),

. 2000
( 510-
Enter
).


.


.


-.
, .

$(token).
3.
3

$(hostname)
$(domain)
$(bold)

$(inverse)

$(contact)
$(location)
$(mac-address)
49

,
.
.
.

.
.

.
.
.
- .
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

-

no banner exec.
:
switchxxxxxx# banner exec %
Enter TEXT message. End with the character '%'.
$(bold)Session activated.$(bold) Enter commands at the prompt.
%
When a user logs on to the system, the following output is
displayed:
Session activated. Enter commands at the prompt.

2.1.21

banner login

.
(-),
, .

CLI: , Telnet SSH.
:
banner login d message-text d
no banner login
no -.
:
d

, , (#).
.

message-text

-.
. -
.
: $(token),

.
2000
( 510-
Enter
).

3.1.0.3 16.05.2013 .

50

-3000
. II

.465255.040


- .

.


-.
, .

$(token).
4.
4 -

$(hostname)

$(domain)

$(bold)

.

.

$(inverse)

.

.

$(contact)

$(location)

$(mac-address)

- .

-

no banner login.
:
switchxxxxxx# banner login %
Enter TEXT message. End with the character '%'.
You have entered $(hostname).$(domain)
%
When the login banner is executed, the user will see the
following banner:
You have entered host123.ourdomain.com

51

3.1.0.3 16.05.2013 .

-3000
. II

2.1.22

.465255.040

banner motd

.
(MOTD).
-.
:
banner motd d message-text d
no banner motd
no .
:
d

, , (#).

.
message-text
.
.
.
-

: $(token),

. 2000
( 510-
Enter
).

.

.


-.
, .

(MOTD), -
.
-.

3.1.0.3 16.05.2013 .

52

-3000
. II

.465255.040


$(token).
5.
5

$(hostname)

$(domain)

$(bold)

.

.

$(inverse)

.

.

$(contact)

$(location)

$(mac-address)

- .



no banner motd.
:
switchxxxxxx# banner motd %
Enter TEXT message. End with the character '%'.
$(bold)Upgrade$(bold) to all devices begins at March 12
%
When the login banner is executed, the user will see the
following banner:
Upgrade to all devices begins at March 12

2.1.23

exec-banner

.
-,
(exec banners).
:
exec-banner
no exec-banner
no -.

- .
53

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
:
switchxxxxxx# configure
switchxxxxxx(config)# line console
switchxxxxxx(config-line)# exec-banner
switchxxxxxx(config-line)# exit
switchxxxxxx(config)# line telnet
switchxxxxxx(config-line)# exec-banner
switchxxxxxx(config-line)# exit
switchxxxxxx(config)# line ssh
switchxxxxxx(config-line)# exec-banner

2.1.24

login-banner

.
(-), ,
.
:
login-banner
no login-banner
no -.

- .

.
:
switchxxxxxx# configure
console(config)# line console
switchxxxxxx(config-line)# login-banner
switchxxxxxx(config-line)# exit
switchxxxxxx(config)# line telnet
switchxxxxxx(config-line)# login-banner
switchxxxxxx(config-line)# exit
switchxxxxxx(config)# line ssh
switchxxxxxx(config-line)# login-banner

3.1.0.3 16.05.2013 .

54

-3000
. II

2.1.25

.465255.040

motd-banner

.
(MOTD).
:
motd-banner
no motd-banner
no
.

.
:
switchxxxxxx# configure
switchxxxxxx(config)# line console
switchxxxxxx(config-line)# motd-banner
switchxxxxxx(config-line)# exit
switchxxxxxx(config)# line telnet
switchxxxxxx(config-line)# motd-banner
switchxxxxxx(config-line)# exit
switchxxxxxx(config)# line ssh
switchxxxxxx(config-line)# motd-banner

2.1.26

show banner

. .
:
show banner motd
show banner login
show banner exec

.
:
switchxxxxxx# show banner motd
Banner: MOTD
Line SSH: Enabled
Line Telnet: Enabled

55

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Line Console: Enabled


10000 giga ports switch
switchxxxxxx# show banner login
------------------------------------------------------------Banner: Login
Line SSH: Enabled
Line Telnet: Enabled
Line Console: Enabled
switchxxxxxx# show banner exec

Banner: EXEC
Line SSH: Enabled
Line Telnet: Enabled
Line Console: Enabled
You have logged on

2.2
2.2.1

macro name

.
,
.
:
macro name [macro-name]
no macro name [macro-name]
no .
:
macro name


.

,
CLI , .
3000 200 .

3.1.0.3 16.05.2013 .

56

-3000
. II

.465255.040


():


, ;


macro name;

@;


# .

, #
,
. :

#macro key description


/.
:
#macro key description $keyword1 description1 $keyword2
description2 $keyword3 description3
$.

#macro keywords
CLI.
. CLI
.
,

macro macro global. 2


3, ,
CLI.
:
#macro keywords $keyword1 $keyword2 $keyword3,
$keywordn .

57

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

, .
.

.


,
.
,
,
exit, end, or interface interface-id.
,
.
,
(
VLAN).
:
switchxxxxxx(config)# macro name dup
Enter macro commands one per line. End with the character @.
#macro description dup
duplex full
negotiation
@

switchxxxxxx(config) # macro name duplex


Enter macro commands one per line. End with the character @.
duplex $DUPLEX
no negotiation
speed $SPEED
#macro keywords $DUPLEX $SPEED
@

3.1.0.3 16.05.2013 .

58

-3000
. II

.465255.040

switchxxxxxx(config-if)#interface gi1
switchxxxxxx(config-if)#macro apply duplex ?
WORD <1-32> Keyword to replace with value e.g. $DUPLEX, $SPEED
<cr>
switchxxxxxx(config-if)#macro apply duplex $DUPLEX ?
WORD<1-32> First parameter value
<cr>
switchxxxxxx(config-if)#macro apply duplex $DUPLEX full $SPEED ?
WORD<1-32> Second parameter value
switchxxxxxx(config-if)#macro apply duplex $DUPLEX full $SPEED 100

2.2.2

macro

.
.
:
macro {apply | trace} macro-name [parameter-name1 {value}]
[parameter-name2 {value}] [parameter-name3 {value}]
:

59

apply

trace

macro-name

..

parametername value


.
-.
.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

macro trace ,
.

.
- ,

.
,
, ,
. macro apply macro-name
?
(
#macro keywords).
.

,

,
,
.

macro description
.
.
show parser macro
.
,
.

.

,
.

3.1.0.3 16.05.2013 .

60

-3000
. II

.465255.040

:
switchxxxxxx(config) # interface gi0/1
switchxxxxxx<config-if> # macro trace dup $DUPLEX full $SPEED 100
Applying command duplex full
Applying command speed 100
switchxxxxxx<config-if> #

switchxxxxxx(config) # interface gi0/1


switchxxxxxx<config-if> # macro apply dup $DUPLEX full $SPEED 100
switchxxxxxx<config-if> #

switchxxxxxx(config-if)#macro trace dup


Applying command...'duplex full'
Applying command...'speed auto'
% bad parameter value

2.2.3

macro description

. ,
, ,
.

macro description
.
.
:
macro description text
no macro description
no
.
:
text

160 .


.

,

, .
61

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

,
, show parser macro.
:
switchxxxxxx(config)#interface gi0/2
switchxxxxxx(config-if)#macro apply dup
switchxxxxxx(config-if)#exit
switchxxxxxx(config)#interface gi0/3
switchxxxxxx(config-if)#macro apply duplex $DUPLEX full $SPEED 100
switchxxxxxx(config-if)#macro description dup
switchxxxxxx(config-if)#macro description duplex
switchxxxxxx(config-if)#end
switchxxxxxx#show parser macro description
Global Macro(s):
Interface

Macro Description(s)

------------ -------------------------------------------------gi0/2

dup

gi0/3

duplex | dup | duplex

-------------------------------------------------------------switchxxxxxx#configure
switchxxxxxx(config)#interface gi0/2
switchxxxxxx(config-if)#no macro description
switchxxxxxx(config-if)#end
switchxxxxxx#show parser macro description
Global Macro(s):
Interface Macro Description(s)
--------- ----------------------------------------------------gi3

duplex | dup | duplex

-------------------------------------------------------------switchxxxxxx#

2.2.4

macro global



).

.
(

:
macro global {apply | trace} macro-name [parameter-name1 {value}]
[parameter-name2 {value}] [parameter -name3 {value}]
:
apply
trace
3.1.0.3 16.05.2013 .

.

.

62

-3000
. II

macro-name
parametername value

.465255.040

..
,
.
-.


.

- ,

.
.

,

,
,
.
,
, ,
.
?
.
#macro
keywords.


macro description .

.
show parser macro.

63

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# macro name console-timeout
Enter macro commands one per line. End with the character @.
line console
exec-timeout $timeout-interval
@
switchxxxxxx(config)# macro global trace console-timeout
$timeout-interval 100
Applying command line console
Applying command exec-timeout 100
switchxxxxxx(config)#

2.2.5

macro global description

.
, .
:
macro global description text
no macro global description
no ,
.
:
text

160 .

.

,
, .

show parser
macro description.
:
switchxxxxxx(conf)# macro global description "set console timeout
interval"

3.1.0.3 16.05.2013 .

64

-3000
. II

2.2.6

.465255.040

show parser macro

.

.
:
show parser macro [{brief | description [interface interface-id |
detailed] | name macro-name}]
:
brief
.
description [interface

interface-id]

.
name macro-name

.

detailed

.

.
:
switchxxxxxx# show parser macro
Total number of macros = 6
-------------------------------------------------------------Macro name : cisco-global
Macro type : default global
# Enable dynamic port error recovery for link state
# failures
<output truncated>
-------------------------------------------------------------Macro name : cisco-desktop
Macro type : default interface
# macro keywords $AVID
# Basic interface - Enable data VLAN only
# Recommended value for access vlan (AVID) should not be 1
switchport access vlan $AVID
switchport mode access
<output truncated>

65

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

switchxxxxxx# show parser macro standard-switch10


Macro name : standard-switch10
Macro type : customizable
macro description standard-switch10
# Trust QoS settings on VOIP packets
auto qos voip trust
# Allow port channels to be automatically formed
channel-protocol pagp

switchxxxxxx# show parser macro brief


default global : cisco-global
default interface: cisco-desktop
default interface: cisco-phone
default interface: cisco-switch
default interface: cisco-router
customizable : snmp

switchxxxxxx# show parser macro description


Global Macro(s): cisco-global

switchxxxxxx# show parser macro description interface gi0/2


Interface Macro Description
-------------------------------------------------------------gi0/2 this is test macro

2.3
2.3.1


ping

. ICMP -
(IP- ).

3.1.0.3 16.05.2013 .

66

-3000
. II

.465255.040

:
ping [ip] {ipv4-address | hostname} [size packet_size] [count
packet_count] [timeout time_out]
ping ipv6 {ipv6-address | hostname} [size packet_size] [count
packet_count] [timeout time_out]
:
IPv4
ip
.
IPv6
ipv6
.
ipv4-address
IPv4- -.
ipv6-address
IPv6-
-. IPv6-
link-local (
,


.
, .

link-local),
. . IPv6z.
hostname
( 160 ,
63 ).
packet_size
VLAN.
64 ( IPv4:
64 1518 , IPv6: 68 1518 ).
packet_count

1 65535. 4 .
0,
(65535).
time-out
- 50
65535 .
2000 .

67

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

-
Esc.
ping:

Destination does not respond (


) , 10
no answer from host.

Destination unreachable ( )
,
.

Network or host unreachable (


)
.

. IPv6z-.
ping ipv6

IPv6Z.
,
.
-
ping ipv6
.
:
switchxxxxxx# ping ip 10.1.1.1
Pinging 10.1.1.1 with 64 bytes of data:
64 bytes from 10.1.1.1: icmp_seq=0. time=11 ms
64 bytes from 10.1.1.1: icmp_seq=1. time=8 ms
64 bytes from 10.1.1.1: icmp_seq=2. time=8 ms
64 bytes from 10.1.1.1: icmp_seq=3. time=7 ms
----10.1.1.1 PING Statistics---4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 7/8/11

3.1.0.3 16.05.2013 .

68

-3000
. II

.465255.040

switchxxxxxx# ping ip yahoo.com


Pinging yahoo.com [66.218.71.198] with 64 bytes of data:
64 bytes from 10.1.1.1: icmp_seq=0. time=11 ms
64 bytes from 10.1.1.1: icmp_seq=1. time=8 ms
64 bytes from 10.1.1.1: icmp_seq=2. time=8 ms
64 bytes from 10.1.1.1: icmp_seq=3. time=7 ms
----10.1.1.1 PING Statistics---4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 7/8/11

switchxxxxxx# ping ipv6 3003::11


Pinging 3003::11 with 64 bytes of data:
64 bytes from 3003::11: icmp_seq=1. time=0 ms
64 bytes from 3003::11: icmp_seq=2. time=50 ms
64 bytes from 3003::11: icmp_seq=3. time=0 ms
64 bytes from 3003::11: icmp_seq=4. time=0 ms
----3003::11 PING Statistics---4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/12/50

switchxxxxxx# ping ipv6 FF02::1


Pinging FF02::1 with 64 bytes of data:
64 bytes from 3003::11: icmp_seq=1. time=0 ms
64 bytes from 3003::33: icmp_seq=1. time=70 ms
64 bytes from 3003::11: icmp_seq=2. time=0 ms
64 bytes from 3003::55: icmp_seq=1. time=1050 ms
64 bytes from 3003::33: icmp_seq=2. time=70 ms
64 bytes from 3003::55: icmp_seq=2. time=1050 ms
64 bytes from 3003::11: icmp_seq=3. time=0 ms
64 bytes from 3003::33: icmp_seq=3. time=70 ms
64 bytes from 3003::11: icmp_seq=4. time=0 ms
64 bytes from 3003::55: icmp_seq=3. time=1050 ms
64 bytes from 3003::33: icmp_seq=4. time=70 ms
64 bytes from 3003::55: icmp_sq=4. time=1050 ms
---- FF02::1 PING Statistics---4 packets transmitted, 12 packets received

69

3.1.0.3 16.05.2013 .

-3000
. II

2.3.2

.465255.040

traceroute

.
.
:
traceroute ip {ipv4-address | hostname} [size packet_size] [ttl max-ttl]
[count packet_count] [timeout time_out] [source ip-address] [tos tos]
traceroute ipv6 {ipv6-address | hostname} [size packet_size] [ttl maxttl] [count packet_count] [timeout time_out] [source ip-address] [tos
tos]
:
ip

IPv4 .

ipv6

IPv6 .

ipv4-address

IPv4- .

ipv6-address

IPv6- .

hostname

(
160 , 63
).

packet_size

VLAN.
64 (
IPv4: 64 1518 , IPv6: 68
1518 ).

ttl max-ttl


(TTL), ,
1 255.

30.

traceroute

TTL.

count
packet_count

,
TTL, 1 10.
3.

timeout time_out


1 60 .
3 .

source ip-address ,
.

(:
3.1.0.3 16.05.2013 .

70

-3000
. II

.465255.040

IP-).
tos tos

Type-Of-Service IP-
0 255.


.

, ,
TTL .

TTL, 1. ,

. traceroute

TTL,
( , roundtrip time).
traceroute
, 2 .
time exceeded ,

. destination unreachable
,
,
.
traceroute (*).
traceroute ,
,
TTL
Esc.
traceroute
IPv6.

71

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx# traceroute ip umaxp1.physics.lsa.umich.edu
Type Esc to abort.
Tracing the route to umaxp1.physics.lsa.umich.edu (141.211.101.64)
1 i2-gateway.stanford.edu (192.68.191.83) 0 msec 0 msec 0 msec
2 STAN.POS.calren2.NET (171.64.1.213) 0 msec 0 msec 0 msec
3 SUNV--STAN.POS.calren2.net (198.32.249.73) 1 msec 1 msec 1 msec
4 Abilene--QSV.POS.calren2.net (198.32.249.162) 1 msec 1 msec 1 msec
5 kscyng-snvang.abilene.ucaid.edu (198.32.8.103) 33 msec 35 msec 35 msec
6 iplsng-kscyng.abilene.ucaid.edu (198.32.8.80) 47 msec 45 msec 45 msec
7 so-0-2-0x1.aa1.mich.net (192.122.183.9) 56 msec 53 msec 54 msec
8 atm1-0x24.michnet8.mich.net (198.108.23.82) 56 msec 56 msec 57 msec
9 * * *
10 A-ARB3-LSA-NG.c-SEB.umnet.umich.edu(141.211.5.22)58 msec 58msec 58
msec
11 umaxp1.physics.lsa.umich.edu (141.211.101.64) 62 msec 63 msec 63 msec
Trace completed

6 , .
6

i2-gateway.stanford.edu

192.68.191.83

IP- .

1 msec 1 msec 1 msec

, round-trip
time.

7 ,
traceroute.

3.1.0.3 16.05.2013 .

72

-3000
. II

.465255.040

7 ,
traceroute

2.3.3

"Don`t Fragment".

telnet

.
Telnet.
:
telnet {ip-address | hostname} [port] [keyword ...]
:
ip-address

IP- .

hostname

( 160 ,
63 ).

port

TCP- ,
10.

keyword

,
9.


Telnet 23.

.

73

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


Telnet
. Telnet
Ctrl-shift-6 ,
Telnet.
8

Telnet

Ctrl-shift-6-b

Break

Ctrl-shift-6-c

, ,
(IP)

Ctrl-shift-6-h

(EC)

Ctrl-shift-6-o

.
Synch ()

Ctrl-shift-6-t

,
(AYT)

Ctrl-shift-6-u

(EL)


Telnet ?/help.

.
Telnet:
Console> Ctrl-shift-6 ?
[Special telnet escape help]
^^ B sends telnet BREAK
^^ C sends telnet IP
^^ H sends telnet EC
^^ O sends telnet AO
^^ T sends telnet AYT
^^ U sends telnet EL
Ctrl-shift-6 x suspends the session (return to system command
prompt)

Telnet
.
,
Ctrl-shift-6-
.
telnet.

3.1.0.3 16.05.2013 .

74

-3000
. II

.465255.040

9 telnet

/echo

/quiet

/source-interface

/stream

TCP
Telnet.
Telnet

UUCP (UNIX-to-UNIX Copy Program)
, Telnet.

Ctrl-shift-6

10

75

BGP

Border Gateway Protocol

chargen

Character Generator Protocol

19

cmd

514

daytime

DAYTIME

13

discard

Discard

DNS

Domain Name Service

53

echo

ECHO

exec

Exec

512

finger

Finger

79

ftp

FTP

21

ftp-data

FTP

20

gopher

Gopher

70

hostname

NIC hostname server

101

ident

Ident Protocol

113

irc

Internet Relay Chat

194

klogin

Kerberos login

543

kshell

Kerberos shell

544

login

Login

513

lpd

Printer service

515

179

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

10

nntp

Network News Transport Protocol

119

pim-auto-rp

PIM Auto-RP

496

pop2

Post Office Protocol v2

109

pop3

Post Office Protocol v3

110

smtp

Simple Mail Transport Protocol

25

sunrpc

Sun Remote Procedure Call

111

syslog

Syslog

514

tacacs

TAC Access Control System

49

talk

Talk

517

telnet

Telnet

23

time

Time protocol

37

uucp

Unix-to-Unix Copy Program

540

whois

Nickname

43

www

World Wide Web

80

:
switchxxxxxx# telnet 176.213.10.50

2.3.4

resume

.
Telnet.
:
resume [connection]
:
connection

1 4.


.

.
:
switchxxxxxx# resume 1

3.1.0.3 16.05.2013 .

76

-3000
. II

2.3.5

.465255.040

hostname

.
, .
:
hostname name
no hostname

.

no

:
name

,

( 160 ,
63 ).
, ,

,
.


.

.
:
switchxxxxxx# hostname enterprise
enterprise(config)#

2.3.6

reload

:
reload [[in [hhh:mm | mmm] | at hh:mm [day month]] | cancel]
:
in hhh:mm

77



.
24 .
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

at hh:mm


( 24-
). ,

.
,
(
)
(
). 00:00
.
24 .

day

1 31.

month

cancel


.

at ,
.

SNTP.

show reload.

:
switchxxxxxx# reload
This command will reset the whole system and disconnect your current
session. Do you want to continue? (y/n) [Y]

switchxxxxxx# reload in 10
This command will reset the whole system and disconnect your current
session. Reload is scheduled for 11:57:08 UTC Fri Apr 21 2012 (in 10
minutes). Do you want to continue? (y/n) [Y]

switchxxxxxx# reload at 13:00


This command will reset the whole system and disconnect your current
session. Reload is scheduled for 13:00:00 UTC Fri Apr 21 2012 (in 1 hour
and 3 minutes). Do you want to continue? (y/n) [Y]

3.1.0.3 16.05.2013 .

78

-3000
. II

.465255.040

switchxxxxxx# reload cancel


Reload cancelled.

2.3.7

show reload

.
.
:
show reload

.

show reload
.

reload cancel.
:
switchxxxxxx# show reload
Reload scheduled for 00:00:00 UTC Sat April 20 (in 3 hours and 12 minutes)

2.3.8

service cpu-utilization

.
CPU.
:
service cpu-utilization
no service cpu-utilization
no
.


CPU .

79

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

CPU

show cpu utilization.
:
switchxxxxxx(config)# service cpu-utilization

2.3.9

show cpu utilization

CPU.

:
show cpu utilization

.

CPU
service cpuutilization.
:
switchxxxxxx# show cpu utilization
CPU utilization service is on.
CPU utilization
-------------------------------------------------five seconds: 5%; one minute: 3%; five minutes: 3%

2.3.10

clear cpu counters

.
CPU.

:
clear cpu counters

3.1.0.3 16.05.2013 .

80

-3000
. II

.465255.040


.
:
switchxxxxxx# clear cpu counters

2.3.11

service cpu-counters

.
, CPU.
:
service cpu-counters
no service cpu-counters
no .

.

, CPU,
show cpu counters.
:
switchxxxxxx# service cpu-counters

2.3.12

show cpu counters

.
, CPU.
:
show cpu counters

.

, CPU,
service cpu counters.

81

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx# show cpu counters
CPU counters are active.
In Octets: 987891
In Unicast Packets: 3589
In Multicast Packets: 29
In Broadcast Packets: 8
Out Octets: 972181
Out Unicast Packets: 3322
Out Multicast Packets: 22
Out Broadcast Packets: 8

2.3.13

show users

.
.
:
show users

.
:
switchxxxxxx# show users
Username

Protocol

Location

-----------

-------------

------------

Bob
John

Serial
SSH

172.16.0.1

Robert

HTTP

172.16.0.8

Betty
Sam

Telnet

172.16.0.7
172.16.0.6

3.1.0.3 16.05.2013 .

82

-3000
. II

2.3.14

.465255.040

show sessions

.
Telnet.
:
show sessions

.

telnet-
,
telnet. telnet-
, telnet,
.
:
Console# show sessions
Connection

Host

Address

Port

Byte

----------

---------

-----------

-------

-------

Remote router

172.16.1.1

23

89

172.16.1.2

172.16.1.2

23

11 , .
11

Connection
Host
Address
Port
Byte

83

.
,
Telnet.
IP- .
- Telnet.
, ,
.

3.1.0.3 16.05.2013 .

-3000
. II

2.3.15

.465255.040

show system

.
.
:
show system

.
2.3.16

show version

.
.
:
show version [md5]
:

.

md5

MD5


.
:
switchxxxxxx# show version
SW Version

1.1.0.5 ( date 15-Sep-2010 time 10:31:33 )

Boot Version 1.1.0.2 ( date 04-Sep-2010 time 21:51:53 )


HW Version

2.3.17

V01

show version md5

. MD5 .
:
show version md5

.

3.1.0.3 16.05.2013 .

84

-3000
. II

.465255.040

:
switchxxxxxx# show version md5
Filename Status

MD5 Digest

-------- -------

----------------------------------

image1

Active

23FA000012857D8855AABC7577AB5562

image2

Not Active

23FA000012857D8855AABEA7451265456

boot

23FA000012857D8855AABC7577AB8999

image1

Not Active

23FA000012857D8855AABC757FE693844

image2

Active

23FA000012857D8855AABC7577AB5562

boot

2.3.18

23FA000012857D8855AABC7577AC9999

show system resources

:
show system resources {routing | tcam}
:
routing

, IP
.

tcam


TCAM .


.
2.3.19

set system mode

.
.
:
set system mode openflow {active | inactive} egress_acl {active |
inactive}
:
openflow {active | inactive}

Openflow.

egress_acl {active | inactive}

Egress ACL.

85

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


Egress ACL.

.

.
,
.
,

,
.
.

, ,
,
. :


(, copy tftp),
, ,
;


, ,
, ,

.

:
switchxxxxxx# set system mode openflow active egress-acl inactive

2.3.20

show system mode

:
show system mode

.
3.1.0.3 16.05.2013 .

86

-3000
. II

.465255.040

:
switchxxxxxx# show system mode
Feature State
----------- --------Egress_acl: Active
Openflow: Inactive

2.3.21

show system tcam utilization

.
(Ternary Content Addressable Memory).
:
show system tcam utilization

.
:
switchxxxxxx# show system tcam utilization
TCAM utilization: 58%

2.3.22

show system defaults

:
show system defaults [session]
:
session


. : management,
802.1x, port, fdb, port-mirroring, spanning-tree,
vlan, voice-vlan, ip-addressing, network-security
qos-acl.

87

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx# show system defaults
System Mode: Router
# Management defaults
Telnet: Enabled (Maximum 4 sessions, shared with SSH)
SSH server: Enabled (Maximum 4 sessions, shared with Telnet)
SCP: Enabled (1 session)
HTTP: Enabled, port 80 (Maximum 11 sessions)
HTTPS: Disabled
SNMP: Enabled.
User: first
SNMP version: V3
SNMP Local Engine ID: 0000000001
SNMP Notifications: Enabled
SNMP Authentication Notifications: Enabled
Console: Enabled.
Cryptographic keys are generated
HTTPS certificate is generated
Management ACL: No ACL is defined
AAA Telnet authentication login: Local user data base
AAA HTTP authentication login: Local data base
AAA HTTPS authentication login: Local data base
Radius accounting: Disabled
Radius: No server is defined
Tacacs: No server is defined
Syslog: No server is defined
Logging: Enabled
Logging to console: Informational messages
Logging to internal buffer: Informational messages
Logging to file: Error messages
Logging to remote server: Informational messages
Maximum no. of syslog messages: 200
SNTP: supported
SNTP Port No.: 123
SNTP Interface: Enabled
IP Domain Naming System: Enabled
DHCP Server: Enabled
DHCP Auto Configuration: Enabled
DHCP Option 67: Enabled
DHCP Option 82: Disabled
# IPv6 defaults
MLD Version: version 2
# 802.1x defaults
802.1X is disabled
Mode: Multiple session
Guest VLAN: Not defined
Port Authentication Auto Recovery: Disabled

3.1.0.3 16.05.2013 .

88

-3000
. II

.465255.040

# Interface defaults in present unit


20 GE regular
2 10G fiberOptics
4 GE combo
Duplex: Full
Negotiation: Enabled
Flow control: Off
Mdix mode: auto
LAGs: No LAG is defined
Storm control: Disabled
Storm control mode: unknown unicast, broadcast, multicast
Port security: Disabled
Port security Auto Recovery: Disabled
LLDP: Enabled
LLDPDU Handeling: Filtering
Jumbo frames: Disabled
Port-Channel Load Balancing: Layer 2,3 & 4
# Bridging defaults
Maximum 16K entries
Aging time: 5 minutes
Loopback Detection: Disabled
Loopback Detection mode: Source MAC Address
Loopback Detection Auto Recovery: Disabled
# Multicast defaults
Multicast filtering: Disabled
IGMP snooping: Disabled
Unregistered Multicast Addresses: disabled
MLD snooping: Disabled
Multicast TV Vlan Interface: disabled
# Port monitoring defaults
Port monitor is not defined
Maximum source port: 8
Maximum destination ports for mirroring: 1
# Spanning tree defaults
Spanning tree is Enabled
Spanning tree mode is Classic
Spanning tree interface: Enabled
Port fast: Disabled
BPDU handling: Flooding
BPDU Guard: Disabled
BPDU Guard Auto Recovery: Disabled
Loopback Guard: Disabled
Loopback Guard Auto Recovery: Disabled
# Vlan defaults
Maximum Vlans: 4094
Default VLAN: Enabled
Default VLAN id: 1

89

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

GVRP: Disabled
Port mode: Access
PVID: 1
VLAN membership: 1
PVE: Disabled
# Voice vlan defaults
Voice VLAN: Disabled
Cos: 6 with no remark
OUI table:
00:E0:BB 3COM
00:03:6B Cisco
00:E0:75 Veritel
00:D0:1E Pingtel
00:01:E3 Simens
00:60:B9 NEC/Philips
00:0F:E2 Huawei-3COM
00:09:6E Avaya
# Network security defaults
DHCP snooping: Disabled
IP source guard: Disabled
ARP inspection: Disabled
ARP inspection Validation: Disabled
# DOS attacks
Security Suite: Enabled
# IP addressing defaults
No IP interface is defined
# QOS and ACLs defaults
QoS mode is basic
QoS Basic Trust Mode: CoS
QoS Advanced Trust Mode: CoS-DSCP
ACL Auto Recovery: Disabled
Queue default mapping:
cos qid:
0 3
1 1
2 2
3 4
4 5
5 6
6 7
7 8

2.3.23

show services tcp-udp

.
TCP- UDP-.

3.1.0.3 16.05.2013 .

90

-3000
. II

.465255.040

:
show services tcp-udp

.

,
TCP- UDP-.
:
switchxxxxxx# show services tcp-udp
Type

Local IP Address

Remote IP address

Service Name

State

---- ------------------ ------------------- ------------- --------TCP

All:22

SSH

LISTEN

TCP

All:23

Telnet

LISTEN

TCP

All:80

HTTP

LISTEN

TCP

All:443

HTTPS

LISTEN

TCP

172.16.1.1:23 172.16.1.18:8789

Telnet

ESTABLISHED

TCP6

All-23

Telnet

LISTEN

TCP6

fe80::200:b0ff:fe00:0-23

Telnet

fe80::200:b0ff:fe00:0-8999
UDP

ESTABLISHED

All:161 SNMP

UDP6A ll-161 SNMP

2.3.24

show tech-support

.
,
.
:
show tech-support [config] [memory]
:
memory
config

.
,
CLI,
.


show,
.

91

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

. ,
.

.

.

!
show
tech-support
, ..
, STP.
show tech-support ,
,
- . ,
- 0

-.
show tech-support , ..
.
, Esc.
memory,
show tech-support :
- flash- (dir, , flash mapping);
- show bootvar;
- ( print os buff);
- ( print os mem);
- ( print os tasks);
- ;
- show cpu utilization.
:
switchxxxxxx# show tech-support

2.3.25

show system id

.
.
3.1.0.3 16.05.2013 .

92

-3000
. II

.465255.040

:
show system id

.
:
switchxxxxxx# show system id
Serial number : 17

2.3.26

service spu-input-rate

.
CPU, (pps).
:
service cpu-input-rate

.
:
switchxxxxxx(conf)# service cpu-input-rate

2.3.27

show cpu input rate

.
CPU, (pps).
:
show cpu input rate

.
:
switchxxxxxx# show cpu input rate
Input Rate to CPU is 1030 pps.

2.4
2.4.1


clock set

. .

93

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
clock set hh:mm:ss {[day month] | [month day]} year
:
hh:mm:ss

day
month
year

: :MM: (: :
0 23 , : 0 59 , : 0
59 ).
1 31.
: Jan, Feb, Mar, Apr,
May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.
2000 2037.


.

.
:
switchxxxxxx# clock set 13:32:00 7 Mar 2005

2.4.2

clock source

.
.
:
clock source sntp
no clock source
no
.
:
sntp

SNTP-
.

3.1.0.3 16.05.2013 .

94

-3000
. II

.465255.040


.
:
switchxxxxxx# clock source sntp

2.4.3

clock timezone

.

.
:
clock timezone zone hours-offset [minutes-offset]
no clock timezone

.

no

:
zone


4 : PST, EST.

hours-offset

UTC
-12 +13.

minutes-offset

UTC
0 59.

0,


.

UTC,

.
:
switchxxxxxx# clock timezone abc +2 minutes 32

95

3.1.0.3 16.05.2013 .

-3000
. II

2.4.4

.465255.040

clock summer-time

.
.
:
clock summer-time zone recurring {usa | eu | {week day month
hh:mm week day month hh:mm}} [offset]
clock summer-time zone date day month year hh:mm date month year
hh:mm [offset]
clock summer-time zone date month day year hh:mm month date year
hh:mm [offset]
no clock summer-time
no
.
:
zone


4 .

recurring

,
.

date

,

.

usa

eu

week

.
1 4, first
last.

day

: Mon, Tue, Wed, Thu, Fri, Sat,


Sun.

date

1 31.

month

: Jan,
Feb, Mar, Apr, May, Jun, Jul, Aug, Sep, Oct, Nov, Dec.

year


2000 2097.

hh:mm


: (: : 0 23 , : 0

3.1.0.3 16.05.2013 .

96

-3000
. II

.465255.040

59 ).
offset


1 1440.
60 .


.

.

(
recurring),
, .
.
.

.
, ,
.
:
switchxxxxxx(config)# clock summer-time abc date apr 1 2010 09:00 aug 2
2010 09:00

2.4.5

clock dhcp timezone

.

, DHCP-.
:
clock dhcp timezone
no clock dhcp timezone
no .

.

.

97

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


TimeZone, DHCP-,

TimeZone. DHCP-
TimeZone, .
SummerTime, DHCP-,

SummerTime. DHCP-
SummerTime, .
IP-
TimeZone SummerTime .

TimeZone SummerTime, DHCP, .


no
TimeZone SummerTime DHCP-.
DHCP ,
, DHCPv6 ,
DHCPv4.
DHCP-,
DHCP-TimeZone,

TimeZone SummerTime.
:
switchxxxxxx(config)# clock dhcp timezone

2.4.6

sntp authentication-key

.
SNTP (Simple Network Time
Protocol).
:
sntp authentication-key key-number md5 key-value
no sntp authentication-key key-number
no
SNTP.
:
key-number

1 4294967295.

key-value

8 .

3.1.0.3 16.05.2013 .

98

-3000
. II

.465255.040


.

.
:
switchxxxxxx(config)# sntp authentication-key 8 md5 ClkKey
switchxxxxxx(config)# sntp authentication-key 8 md5 ClkKey
switchxxxxxx(config)# sntp trusted-key 8
switchxxxxxx(config)# sntp authenticate

2.4.7

sntp authenticate

.
, SNTP.
:
sntp authenticate
no sntp authenticate
no .

.

.

,
.
:
switchxxxxxx(config)# sntp authenticate
switchxxxxxx(config)# sntp authentication-key 8 md5 ClkKey
switchxxxxxx(config)# sntp trusted-key 8

99

3.1.0.3 16.05.2013 .

-3000
. II

2.4.8

.465255.040

sntp trusted-key

.
SNTP.

:
sntp trusted-key key-number
no sntp trusted-key key-number
no
SNTP.
:

1 4294967295.

key-number


.

.
:
switchxxxxxx(config)# sntp trusted-key 8
switchxxxxxx(config)# sntp authentication-key 8 md5 ClkKey
switchxxxxxx(config)# sntp trusted-key 8
switchxxxxxx(config)# sntp authenticate

2.4.9

sntp client poll timer

.
SNTP-.
:
sntp client poll timer seconds
no sntp client poll timer

.

no

:
seconds

3.1.0.3 16.05.2013 .

60
86400.

100

-3000
. II

.465255.040


1024 .

.
:
switchxxxxxx(config)# sntp client poll timer 120

2.4.10

sntp broadcast client enable

.
SNTP-.

:
sntp broadcast client enable [both | ipv4 | ipv6]
no sntp broadcast client enable
no SNTP.
:
SNTP-
both
IPv4 IPv6. ,
.
SNTP-
ipv4
IPv4.
SNTP-
ipv6
IPv6.

SNTP- .

.

sntp client enable
SNTP-
.

clock source snmp. ,

.
101

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# sntp broadcast client enable

2.4.11

sntp anycast client enable


SNTP-.

:
sntp anycast client enable [both | ipv4 | ipv6]
no sntp anycast client enable
no SNTP.
:
SNTP- IPv4
both
IPv6. ,
.
SNTP- IPv4.
ipv4
SNTP- IPv6.
ipv6

SNTP- .

.
:
switchxxxxxx(config)# sntp anycast client enable

2.4.12

sntp client enable

SNTP-
.
:
sntp client enable {interface-id}
no sntp client enable {interface-id}
no SNTP-.
:
interface-id
3.1.0.3 16.05.2013 .

: Ethernet, Portchannel VLAN.


102

-3000
. II

.465255.040


SNTP- .

.

sntp broadcast client
enable

.
sntp anycast client
enable .
:
switchxxxxxx(config)# sntp client enable gi0/3

2.4.13

sntp client enable ( )

(Ethernet, Port-channel, VLAN).


SNTP .
:
sntp client enable
no sntp client enable
no SNTP-.

SNTP- .

(Ethernet, Port-channel, VLAN).

sntp broadcast client
enable
.
sntp anycast client
enable .
:
switchxxxxxx(config-if)# sntp client enable

103

3.1.0.3 16.05.2013 .

-3000
. II

2.4.14

.465255.040

sntp unicast client enable

.
SNTP-.

:
sntp unicast client enable
no sntp unicast client enable
no
SNTP-.

SNTP- .

.

SNTP-
sntp server.
:
switchxxxxxx(config)# sntp unicast client enable

2.4.15

sntp unicast client poll

.
SNTP-.
:
sntp unicast client poll
no sntp unicast client poll
no
SNTP-.

.

.


sntp client poll timer.
3.1.0.3 16.05.2013 .

104

-3000
. II

.465255.040

:
switchxxxxxx(config)# sntp unicast client poll

2.4.16

sntp server

SNTP- NTP (Network Time


Protocol).
:
sntp server {ip-address | hostname} [poll] [key keyid]
no sntp server {ip-address | hostname}
no SNTP.
:
ip-address

IP- (IPv4, IPv6 IPv6z-).


. IPv6z-.

hostname

158 .
63 .
IPv4-.

poll

,

( 1 4294967295).

key keyid


.

.

8 SNTP-.
sntp unicast client
enable SNTP-.
sntp anycast client
enable .

105

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# sntp server 192.1.1.1 poll

2.4.17

sntp port

. UDP SNTP.
:
sntp port port-number
no sntp port
no SNTP,
.
:
port-number

UDP-,
, 1 65535.

SNTP-


123.

.
:
switchxxxxxx(config)# sntp port 321

2.4.18

show clock

.
.
:
show clock [detail]
:
detail


/ .

3.1.0.3 16.05.2013 .

106

-3000
. II

.465255.040

:
switchxxxxxx# show clock
15:29:03 PDT(UTC-7) Jun 17 2002
Time source is SNTP

switchxxxxxx# show clock detail


15:22:55 SUN Apr 23 2012
Time source is sntp
Time zone (DHCPv4 on VLAN1):
Acronym is RAIN
Offset is UTC+2
Time zone (Static):
Offset is UTC+0
Summertime (DHCPv4 on VLAN1):
Acronym is SUN
Recurring every year.
Begins at first Sunday of Apr at 02:00.
Ends at first Tuesday of Sep at 02:00.
Offset is 60 minutes.
Summertime (Static):
Acronym is GMT
Recurring every year.
Begins at first Sunday of Mar at 10:00.
Ends at first Sunday of Sep at 10:00.
Offset is 60 minutes.
DHCP timezone: Enabled

2.4.19

show sntp configuration


SNTP .

:
show sntp configuration

.

107

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx# show sntp configuration
SNTP port : 123
Polling interval: 1024 seconds
MD5 Authentication Keys
----------------------------------2

John123

Alice456

----------------------------------Authentication is not required for synchronization.


No trusted keys
Unicast Clients: enabled
Unicast Clients Polling: enabled
Server: 1.1.1.121
Polling: disabled
Encryption Key: disabled
Server: 3001:1:1::1
Polling: enabled
Encryption Key: disabled
Server: dns_server.comapany.com
Polling: enabled
Encryption Key: disabled
Broadcast Clients: enabled for IPv4 and IPv6
Anycast Clients: disabled
No Broadcast Interfaces

2.4.20

show sntp status

.
SNTP-.
:
show sntp status

.

3.1.0.3 16.05.2013 .

108

-3000
. II

.465255.040

:
switchxxxxxx# show sntp status
Clock is synchronized, stratum 4, reference is 176.1.1.8, unicast
Reference time is afe2525e.70597b34 (00:10:22.438 PDT Jul 5 1993)
Unicast servers:
Server: 176.1.1.8
Source: DHCPv4 on VLAN 1
Status: Up
Last response: 19:58:22.289 PDT Feb 19 2005
Stratum Level: 1
Offset: 7.33mSec
Delay: 117.79mSec
Server: dns_server.comapany.com
Source: static
Status: Unknown
Last response: 12:17.17.987 PDT Feb 19 2005
Stratum Level: 1
Offset: 8.98mSec
Delay: 189.19mSec
Server: 3001:1:1::1
Source: DHCPv6 on VLAN 2
Status: Unknown
Last response:
Offset: mSec
Delay: mSec
Server: dns1.company.com
Source: DHCPv6 on VLAN 20
Status: Unknown
Last response:
Offset: mSec
Delay: mSec
Anycast servers:
Server: 176.1.11.8
Interface: VLAN 112
Status: Up
Last response: 9:53:21.789 PDT Feb 19 2005
Stratum Level: 10
Offset: 9.98mSec
Delay: 289.19mSec
Broadcast servers:
Server: 3001:1::12
Interface: VLAN 101
Last response: 9:53:21.789 PDT Feb 19 2005
Stratum Level: 255

109

3.1.0.3 16.05.2013 .

-3000
. II

2.5

2.5.1

.465255.040

copy

. .
:
copy source-url destination-url
:
source-url
URL-
-

( 12)
1 160 .
destination-url
URL-

( 12)
1 160 .
-/
"Flash://"
-;
, URL .
12 URL

running-config

startup-config

image

. -
, - .

boot

tftp://

URL- TFTP-,

(tftp://host/[directory]/filename). host
IP-, .
URL- SCP-,
. :
scp://[username:password@]host/[directory]/filename.
host IP-,
.

Xmodem.

scp

xmodem:

3.1.0.3 16.05.2013 .

110

-3000
. II

.465255.040

12

null:

mirror-config


.
SYSLOG-.

WORD<1-128.

(, backup-config).


, .

.

URL-
.

.
IPv6z-
IP- IPv6Z-,
. IPv6Z-:
{ipv6-link-local-address}%{interface-id}. :
ipv6-link-local-address IPv6-.
interface-id {<port-type>[ ]<port-number>}|{port-channel |
po}[]<port-channel-number> | {tunnel | tu}[ ]<tunnel-number> |
vlan[ ]<vlan-id>.
,
. :

111

ipv6_address%egress-interface;

ipv6_address%0;

ipv6_address.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

,
:
;
xmodem: .
image,
boot null:;
tftp://
;
*.prv ;

mirror-config
.

13 ,

,
.
( 512 ).

- .


-
copy source-url flash://image
- .

.

.
.
-
copy source-url boot
-.


copy source-url running-config

.
,

(CLI).

.
3.1.0.3 16.05.2013 .

112

-3000
. II

.465255.040


.

,
copy source-url startup-config
,
. ,

.
,
,
copy running-config destination-url
TFTP.
copy startup-config destination-url
, ,
.
,

copy running-config startup-config
,
.

,
copy running-config file
.

copy startup-config file

, ,
.
,
,

copy running-config flash://file_name


.
copy startup-config flash://file_name
, ,
.

copy mirror-config startup-config copy
mirror-config running-config
113

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
SCP

SCP:
scp://host/[directory]/filename
SSH (
) CLI (ip ssh-client
authentication, ip ssh-client key-type ip ssh-client
password/username,
).
scp://username:password@.host/[directory]/filename..
SSH

SCP ( ).
:
switchxxxxxx# copy tftp://172.16.101.101/file1 image
Accessing file 'file1' on 172.16.101.101...
Loading file1 from 172.16.101.101:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!! [OK]
Copy took 0:01:11 [hh:mm:ss]

switchxxxxxx# copy tftp://172.16.101.101/file1 flash://image


Accessing file 'file1' on 172.16.101.101...
Loading file1 from 172.16.101.101:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!! [OK]
Copy took 0:01:11 [hh:mm:ss]

switchxxxxxx# copy mirror-config startup-config

switchxxxxxx# copy scp://jeff:admin1@102.1.2.2/file1 startup-config

3.1.0.3 16.05.2013 .

114

-3000
. II

2.5.2

.465255.040

write memory

.
.

:
write memory

.
:
switchxxxxxx# write memory
Overwrite file [startup-config] ?[Yes/press any key for no]....15-Sep-2010
11:27
:48 %COPY-I-FILECPY: Files Copy - source URL running-config destination
URL flash://startup-config
15-Sep-2010 11:27:50 %COPY-N-TRAP: The copy operation was completed
successfully
Copy succeeded

2.5.3

write

.
, .
:
write [memory]

.
:
switchxxxxxx# write
Overwrite file [startup-config] ?[Yes/press any key for no]....15-Sep-2010
11:27
:48 %COPY-I-FILECPY: Files Copy - source URL running-config destination
URL flash://startup-config
15-Sep-2010 11:27:50 %COPY-N-TRAP: The copy operation was completed
successfully
Copy succeeded

2.5.4

delete

. .
115

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
delete url
:
url

URL-

,
1 160 .

"Flash://"

-/
-; ,
URL .

14 URL-

startup-config

, .

WORD

(, backup-config).


.

mirrir-config, *.sys, *.prv, image-1 image-2
.
:
switchxxxxxx# delete flash://backup-config
Delete flash:backup-config? [confirm]

3.1.0.3 16.05.2013 .

116

-3000
. II

2.5.5

.465255.040

dir

.
-.
:
dir [directory-path]
:
(,
config
).

directory-path


.
:
Total size of flash: 33292288 bytes
Free size of flash: 20708893 bytes
switchxxxxxx# dir
Directory of flash:
File Name Permission Flash Size Data Size Modified
--------- ---------- ---------- --------- --------backup-config

rw

524288

104

01-Jan-2010 05:35:04

image-1

rw

10485760 10485760 01-Jan-2010 06:10:23

image-2

rw

10485760 10485760 01-Jan-2010 05:43:54

mirror-config

rw

524288

104

01-Jan-2010 05:35:04

dhcpsn.prv

--

262144

--

01-Jan-2010 05:25:07

sshkeys.prv

--

262144

--

04-Jan-2010 06:05:00

syslog1.sys

r-

524288

--

01-Jan-2010 05:57:00

syslog2.sys

r-

524288

--

01-Jan-2010 05:57:00

directry.prv

--

262144

--

01-Jan-2010 05:25:07

startup-config rw

786432

1081

01-Jan-2010 10:05:34

Total size of flash: 66322432 bytes


Free size of flash: 42205184 bytes

2.5.6

more

:
more url
117

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
url

URL-

,
1 160 .
-/
-;
, URL .

"Flash://"

15 URL-

startup-config

.
,
.

mirror-config

WORD

(, backup-config).

running-config


.

ASCII,
, .
*.prv .
:
switchxxxxxx# more running-config
no spanning-tree
interface range gi0/1-4
speed 1000
exit
no lldp run
line console
exec-timeout 0
exit

2.5.7

rename

. .
:
rename url new-url
3.1.0.3 16.05.2013 .

118

-3000
. II

.465255.040

:
url

URL 1 160 .

new-url

URL
160 .

"Flash://"

-/
-; ,
URL .

16 URL-

(, backup-config).

WORD<1-128>


.

mirror-config, *.sys *.prv
.
:
Console# rename configuration.bak m-config.bak

2.5.8

boot system

. ,
.
:
boot system {image-1 | image-2}
:

119

image-1

image-1
.

image-2

image-2
.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

.

show bootvar .
:
switchxxxxxx# boot system image-1
switchxxxxxx#show bootvar
Image Filename Version

Date

Status

----- --------- --------- --------------------- ----------1

image-1

1.1.0.73

19-Jun-2011 18:10:49

Not active*

image-2

1.1.0.73

19-Jun-2011 18:10:49

Active

"*" designates that the image was selected for the next boot

2.5.9

show running-config

.
.
:
show running-config [interface interface-id-list | detailed | brief]
:
interface-id-list

(
Ethernet, Port-Channel VLAN).

detailed

, SSL- SSH.

brief

SSL- SSH-.

3.1.0.3 16.05.2013 .

120

-3000
. II

.465255.040


.
detailed brief ,
detailed.

.
:
switchxxxxxx# show running-config
config-file-header
SG500X-SA
v1.2.5.76 / R750_NIK_1_2_584_002
CLI v1.0
no spanning-tree
interface range gi0/1-4
speed 1000
exit
no lldp run
interface vlan 1
ip address 1.1.1.1 255.0.0.0
exit
line console
exec-timeout 0
exit
switchxxxxxx#

121

3.1.0.3 16.05.2013 .

-3000
. II

2.5.10

.465255.040

show startup-config

.
, .
:
show startup-config

.
:
switchxxxxxx# show startup-config
config-file-header
SG500X-SA
v1.2.5.76 / R750_NIK_1_2_584_002
CLI v1.0
no spanning-tree
interface range gi0/1-4
speed 1000
exit
no lldp run
interface vlan 1
ip address 1.1.1.1 255.0.0.0
exit
line console
exec-timeout 0
exit
switchxxxxxx#

2.5.11

show bootvar

.
, ,
,
.
:
show bootvar

.
3.1.0.3 16.05.2013 .

122

-3000
. II

.465255.040

:
switchxxxxxx# show bootvar
Image

filename

Version

Date

Status

-----

--------

-------

-----------

-----------

image-1

1.1.04

23-Jul-2010

Active

image-2

1.1.0.5

22-Jan-2010

Not active*

"*": Designates that the image was selected for the next boot.

2.5.12

service mirror-configuration

.
.
:
service mirror-configuration
no service mirror-configuration
no .

.

.

(
,
24 ).
.

. , .

.

:
switchxxxxxx(config)# no service mirror-configuration
This operation will delete the mirror-config file if exists. Do you
want to continue? (Y/N) [N]

123

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

switchxxxxxx(config)# service mirror-configuration


Service is enabled.
Note that the running-configuration must be first copied to the startupconfiguration in order to initiate backing up the startup-config to the
mirror-config.

2.5.13

show mirror-configuration service

.
,
service mirror-configuration.
:
show mirror-configuration service

.
:
switchxxxxxx#show mirror-configuration service
Mirror-configuration service is enabled

2.6
2.6.1


boot host auto-config

DHCP TFTP- SCP.

3.1.0.3 16.05.2013 .

124

-3000
. II

.465255.040

:
boot host auto-config [tftp | scp | auto [extension]]
no boot host auto-config
no
DHCP-.
:
tftp
TFTP-.
scp

SCP-.

auto

TFTP- SCP-

.
;

extension

SCP 0 128.
,
scp.


auto.

.
:
boot host auto-config auto scon

boot host auto-config auto

boot host auto-config scp

2.6.2

boot host auto-update

DHCP-.

125

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
boot host auto-updated
no boot host auto-updated
no
DHCP-.

.

.
:
switchxxxxxx(conf)# boot host auto-update

2.6.3

boot host dhcp


.
:
boot host dhcp
no boot host dhcp

.

no


.

.

.
:
switchxxxxxx(conf)# boot host dhcp

2.6.4

boot host auto-save

,
.
3.1.0.3 16.05.2013 .

126

-3000
. II

.465255.040

:
boot host auto-save
no boot host auto-save
no
.


.

.
:
switchxxxxxx(conf)# boot host auto-save

2.6.5

show boot

DHCP-.
:
show boot

.

127

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx show boot
Auto Config
-----------Config Download via DHCP: enabled
Download Protocol Mode is SCP
SCP extension is scp
Next Boot Config Download via DHCP: default
Auto Config
----------Config Download via DHCP: enable
Next Boot Config Download via DHCP: force
Auto Config State: Finished
Server IP address: 1.2.20.2
Configuration filename: /config/configfile1.cfg
Auto Update
----------Image Download via DHCP: enabled

switchxxxxxx# show boot


Auto Config
----------Config Download via DHCP: enable
Next Boot Config Download via DHCP: default
Auto Config State: Opening <hostname>-config file
Auto Update
------------Image Download via DHCP: enabled

switchxxxxxx# show boot


Auto Config
----------Config Download via DHCP: enable
Next Boot Config Download via DHCP: default
Auto Config State: Downloading configuration file
Auto Update
----------Image Download via DHCP: enabled

3.1.0.3 16.05.2013 .

128

-3000
. II

.465255.040

switchxxxxxx# show boot


Auto Config
----------Config Download via DHCP: enable
Next Boot Config Download via DHCP: default
Auto Config State: Searching hostname in indirect configuration
file
Auto Update
Image Download via DHCP: enabled

switchxxxxxx# show boot


Auto Config
----------Config Download via DHCP: enable
Next Boot Config Download via DHCP: default
Auto Config State: Quit failed all steps of finding existing
configuration file
Auto Update
----------Image Download via DHCP: enabled

switchxxxxxx# show boot


Auto Config
----------Config Download via DHCP: enable
Next Boot Config Download via DHCP: default
Auto Update
----------Image Download via DHCP: enabled
Auto Update State: Downloaded indirect image file

switchxxxxxx# show boot


Auto Config
----------Config Download via DHCP: enable
Next Boot Config Download via DHCP: default
Auto Update
----------Image Download via DHCP: enabled
Auto Update State: Downloading image file

129

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

switchxxxxxx# show boot


Auto Config
----------Config Download via DHCP: enable
Next Boot Config Download via DHCP: default
Auto Config State: Finished
Server IP address: 1.2.20.2
Configuration filename: /config/configfile1.cfg
Auto Update
----------Image Download via DHCP: enabled
Auto Update State: Downloading image file

2.6.6

ip dhcp tftp-server ip address

. IP-
TFTP
SCP-.

,
DHCP-.
:
ip dhcp tftp-server ip address ip-addr
no ip dhcp tftp-server ip address

.

no

:
ip-addr

IPv4/IPv6- DNS- TFTP SCP-.


IP- .

.

TFTP-.
SCP-.
:
switchxxxxxx(conf)# ip dhcp tftp-server ip address 10.5.234.232

3.1.0.3 16.05.2013 .

130

-3000
. II

.465255.040

switchxxxxxx(conf)# ip dhcp tftp-server ip address 3000:1::12

switchxxxxxx(conf)# ip dhcp tftp-server ip address tftp-server.company.com

2.6.7

ip dhcp tftp-server file

.
TFTP- SCP-,
DHCP-.
:
ip dhcp tftp-server file file-path
no ip dhcp tftp-server file
no .
:
file-path


.

.
:
switchxxxxxx(conf)# ip dhcp tftp-server file conf/conf-file

2.6.8

show ip dhcp tftp-server

.
TFTP-.
:
show ip dhcp tftp-server

.
:
switchxxxxxx# show ip dhcp tftp-server
server address
active 1.1.1.1 from sname
manual 2.2.2.2
file path on tftp server
file path on server
active conf/conf-file from option 67

131

3.1.0.3 16.05.2013 .

-3000
. II

2.7
2.7.1

.465255.040

ACL
management access-list

.
; ACL.
:
management access-list name
no management access-list name
no .
:
name


32 .


.


ACL ( deny)
( permit).
,
deny.

.
management access-class
.

.
IPv6-, IPv4
, ACL
IPv4- (
), IPv6-.

3.1.0.3 16.05.2013 .

132

-3000
. II

.465255.040

:
switchxxxxxx(config)# management access-list mlist
Switchxxxxxx(config-macl)# permit gi0/1
Switchxxxxxx(config-macl)# permit gi0/4
Switchxxxxxx(config-macl)# exit
Switchxxxxxx(config)# management access-class mlist

Switchxxxxxx(config)# management access-list mlist


Switchxxxxxx(config-macl)# deny gi0/1
Switchxxxxxx(config-macl)# deny gi0/4
Switchxxxxxx(config-macl)# permit
Switchxxxxxx(config-macl)# exit
Switchxxxxxx(config)# management access-class mlist

2.7.2

permit (Management)

permit ACL.
.
:
permit [interface-id] [service service]
permit ip-source {ipv4-address | ipv6-address/ipv6-prefix-length}
[mask {mask | prefix-length}] [interface-id] [service service]
:
interface-id

: Ethernet, Portchannel VLAN.

service service : Telnet, SSH, HTTP, HTTPS SNMP.


ipv4-address

IPv4- .

ipv6address/ipv6prefix-length

IPv6- IPv6 .
/. .

mask mask

, ,
IPv4-.

mask prefix- IPv4-


length
0 32 .
(/). IPv4.

133

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

ACL.

Ethernet, VLAN port-channel
, IP.
:
switchxxxxxx(config)# management access-list mlist
switchxxxxxx(config-macl)# permit

2.7.3

deny (Management)

ACL.
.
:
deny [interface-id] [service service]
deny ip-source {ipv4-address | ipv6-address/ipv6-prefix-length} [mask
{mask | prefix-length}] [interface-id] [service service]
:
interface-id

: Ethernet, Portchannel VLAN.

service service : Telnet, SSH, HTTP, HTTPS SNMP.


ipv4-address

IPv4- .

ipv6address/ipv6prefix-length

IPv6- IPv6 .
/. .

mask mask

, ,
IPv4-.

mask prefix- IPv4-


length
0 32 .
(/). IPv4.

.
3.1.0.3 16.05.2013 .

134

-3000
. II

.465255.040


ACL.

Ethernet, VLAN port-channel
, IP.
:
switchxxxxxx(config)# management access-list mlist
switchxxxxxx(config-macl)# deny

2.7.4

management access-class

.

.
:
management access-class {console-only | name}
no management access-class
no
.

:
console-only

name


32 .


.

.
:
switchxxxxxx(config)# management access-class mlist

2.7.5

show management access-list

.
.
135

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
show management access-list [name]
:
name


32 .


.

.
:
switchxxxxxx# show management access-list mlist
m1
-deny service telnet
permit gi0/1 service telnet
! (Note: all other access implicitly denied)
console(config-macl)#

2.7.6

show management access-class

.
.

:
show management access-class

.
:
switchxxxxxx# show management access-class
Management access-class is enabled, using access list mlist

2.8
2.8.1

SNMP
snmp-server server

.
SNMP.
3.1.0.3 16.05.2013 .

136

-3000
. II

.465255.040

:
snmp-server server
no snmp-server server
no
SNMP.

.

.
:
switchxxxxxx(config)# snmp-server server

2.8.2

snmp-server community

.
SNMP (v1 and v2).
:
snmp-server community community-string [ro | rw | su] [ip-address |
ipv6-address] [mask mask | prefix prefix-length] [view view-name]
no snmp-server community community-string [ip-address]
no .
:
communitystring

20
SNMP.

snmp-server user SNMP v3.

ro

(read-only);
.

rw

(read-write).

su

().

view-name


snmp-server view (
30 ).
,
.
SU,

137

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

MIB, .
, ,
community-table, SNMPv3
.
ip-address

IP- (IPv4-, IPv6-


IPv6z-). IP-. .
IPv6z-.

mask

IPv4- ( ,
,

IP-).
255.255.255.255. ,
, IPv4- .

prefix-length

IPv4- .

32
.

, ,
IPv4- .


.

.

(,
IP-). IP- ,
, All-IPs. ,
, IP-.
view-name
. view-name
:


SNMPv1 SNMPv2 ;


SNMPv1 SNMPv2 (viewname) ( read-view notify-view,
- rw write-view).

3.1.0.3 16.05.2013 .

138

-3000
. II

.465255.040

:
switchxxxxxx(config)# snmp-server community abcd su 1.1.1.121 mask
255.0.0.0

2.8.3

snmp-server community-group

.
.
.
SNMPv1 SNMPv2.
:
snmp-server community-group community-string group-name [ipaddress | ipv6-address] [mask mask | prefix prefix-length]
:
community-string


SNMP 20
.

snmp-server user SNMPv3.

ip-address

IP- (
IP-). IPv4-,
IPv6- IPv6z-. . .
IPv6z-.

mask

IPv4- ( ,
,

IP-).
255.255.255.255.
,
, IPv4- .

prefix-length

IPv4- .
32 .
,
, IPv4- .

group-name

30 (
snmp-server group
v1 v2).
, .


.
139

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

group-name
. group-name
:
- ;
-
SNMPv1 SNMPv2 .
:
switchxxxxxx(config)# snmp-server community-group tom abcd 1.1.1.122
prefix 8

2.8.4

snmp-server view

. /
SNMP-.
:
snmp-server view view-name oid-tree {included | excluded}
no snmp-server view view-name [oid-tree]
no SNMP-.
:
view-name


, 30 .

oid-tree

OID

ASN.1,

.
,
, 1.3.6.2.4, ,
System.
,
*,
, 1.3.*.4.
MIB.

included

excluded

3.1.0.3 16.05.2013 .

140

-3000
. II

.465255.040



Default DefaultSuper:

Default MIB, ,
SNMP-;

DefaultSuper MIB.


.


.
view-name,
oid-tree.
view-name oid-tree.

64.
Default DefaultSuper
.
:
switchxxxxxx(config)# snmp-server view user-view system included
switchxxxxxx(config)# snmp-server view user-view system.7 excluded
switchxxxxxx(config)# snmp-server view user-view ifEntry.*.1 included

2.8.5

show snmp views

.
SNMP-.

:
show snmp views [viewname]
:
viewname

30 .


viewname ,
.

.
141

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx# show snmp views

2.8.6

Name

OID Tree

Type

---------

------------------

------------

Default

iso

Included

Default

snmpNotificationMIB

Excluded

DefaultSuper

iso

Included

snmp-server group

.
SNMP.
SNMP- ( snmpserver user).
:
snmp-server group groupname {v1 | v2 | v3 {noauth | auth | priv}
[notify notifyview]} [read readview] [write writeview]
no snmp-server group groupname {v1 | v2 | v3 [noauth | auth | priv]}
no SNMP.
:
groupname

30 .

v1

SNMP v1.

v2

SNMP v2.

v3

SNMP v3.

noauth

.

SNMP v3.

auth

.

SNMP v3.

priv

.

SNMP v3.

notify notifyview


inform trap,
30 .
SNMP v3.

read readview

3.1.0.3 16.05.2013 .

142

-3000
. II

.465255.040

, 30 .
write writeview

,
, 30
.


.
notifyview ,
notify view .
readview , ,
community-table, SNMPv3
.
writeview ,
write view .

.

, ,
snmp-server user .

, .
groupname, snmp-version, securitylevel. SNMP v1/v2
noauth.
:
switchxxxxxx(config)# snmp-server group user-group v3 priv read
user-view
switchxxxxxx(config)# snmp-server user tom user-group v3

2.8.7

show snmp groups

.
SNMP-.

:
show snmp groups [groupname]
:
groupname
143

30 .
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

.
:
switchxxxxxx# show snmp groups

Name

Security

View

Mode1

Level

Read

Write

Notify

-----------

-------

------

------

-------

---------

user-group

v3

priv

Default

""

""

managers-group

v3

priv

Default

Default

""

17

SNMP
(v1, v2c v3).

.

SNMPv3.

Read


. ,
,

, SNMPv3
, .

Write

,

.

Notify ,
inform trap.

3.1.0.3 16.05.2013 .

144

-3000
. II

2.8.8

.465255.040

snmp-server user

.
SNMP-.
:
snmp-server user username groupname {v1 | v2c | [remote host]
v3[auth { md5 | sha} auth-password [priv priv-password] ]}
no snmp-server user username [remote host]
no .
:
username

,
( 20 ). SNMP v1
v2c

,
snmp-server host.

groupname

,
( 30 ).
snmpserver group v1 v2c.

remote host

IP- (IPv4, IPv6 IPv6z)


SNMP. .
IPv6z-.

v1

SNMPv1.

v2c

SNMPv2.

v3

SNMPv3.

auth

md5

HMAC-MD5-96.

sha

HMAC-SHA-96.

auth-password


32 .

priv-password

(
DES) 64 .


SNMPv3 .

.
145

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


SNMP v1 v2 ,
snmp-server community-group ,
snmp-server community-group
v1 v2 .
v1 v2 .
show running-config
SNMP- .
,
, show snmp user.
SNMP EngineID
SNMPv3- (
snmp-server engineID local snmp-server engineID
remote).
snmpEngineID
SNMPv3-.
Username.

, .

.
, IP SNMP- ,
. ,
, SNMP
engine ID snmp-server engineID remote.
engine ID SNMP

. engine ID ,
.
:
switchxxxxxx(config)# snmp-server user tom acbd v1
switchxxxxxx(config)# snmp-server user tom acbd v2c
switchxxxxxx(config)# snmp-server user tom acbd v3

2.8.9

show snmp users

.
SNMP-.
:
show snmp users [username]
3.1.0.3 16.05.2013 .

146

-3000
. II

.465255.040

:
30 .

username

.
:
switchxxxxxx#show snmp users
User name

: u1rem

Group name

: group1

Authentication Algorithm : None


Privacy Algorithm

: None

Remote

:11223344556677

Auth Password

Priv Password

User name

: qqq

Group name

: www

Authentication Algorithm : MD5


Privacy Algorithm

: None

Remote

Auth Password

: helloworld1234567890987665

Priv Password

User name

: hello

Group name

: world

Authentication Algorithm : MD5


Privacy Algorithm

: DES

Remote

Auth Password (encrypted): Z/tC3UF5j0pYfmXm8xeMvcIOQ6LQ4GOACCGYLRdAgOE6XQKTC


qMlrnpWuHraRlZj
Priv Password (encrypted) : kN1ZHzSLo6WWxlkuZVzhLOo1gI5waaNf7Vq6yLBpJdS4N68tL
1tbTRSz2H4c4Q4o
User name

: u1noAuth

Group name

: group1

Authentication Algorithm : None


Privacy Algorithm : None
Remote

Auth Password (encrypted):


Priv Password (encrypted) :
User name

: u1OnlyAuth

Group name

: group1

Authentication Algorithm : SHA


Privacy Algorithm

: None

Remote

Auth Password (encrypted): 8nPzy2hzuba9pG3iiC/q0451RynUn7kq94L9WORFrRM=


Priv Password (encrypted) :

147

3.1.0.3 16.05.2013 .

-3000
. II

2.8.10

.465255.040

snmp-server filter

.
SNMP-.

:
snmp-server filter filter-name oid-tree {included | excluded}
no snmp-server filter filter-name [oid-tree]
no SNMP.
:
filter-name


( 30 ).

oid-tree

OID , ASN.1,
.

, , 1.3.6.2.4,
, System.
,
*,
, 1.3.*.4.

included

excluded


.

.


.
,
.
filter-name, oid-tree.
:
switchxxxxxx(config)# snmp-server filter f1 system included
switchxxxxxx(config)# snmp-server filter f2 system.7 excluded
switchxxxxxx(config)# snmp-server filter f3 ifEntry.*.1 included

3.1.0.3 16.05.2013 .

148

-3000
. II

2.8.11

.465255.040

show snmp filters

SNMP-.

:
show snmp views [filtername]
:
30 .

filtername


, .

.
:
switchxxxxxx# show snmp filters

2.8.12

Name

OID Tree

Type

-------------

----------------------

--------------

user-filter

1.3.6.1.2.1.1

Included

user-filter

1.3.6.1.2.1.1.7

Excluded

user-filter

1.3.6.1.2.1.2.2.1.*.1

Included

snmp-server host


SNMP-.

:
snmp-server host {host-ip | hostname} [traps | informs] [version {1 |
2c | 3 [auth | noauth | priv]}] community-string [udp-port port] [filter
filtername] [timeout seconds] [retries retries]
no snmp-server host {ip-address | hostname} [traps | informs]
[version {1 | 2c | 3}]
no .
:

149

host-ip

IP- ().
IP-.
IPv4- IPv6- IPv6z-. .
IPv6z-.

hostname

() 158
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

(
63 ).
trap

traps (
).

informs

informs .

traps SNMPv1.

2c


SNMPv2.

traps

informs


SNMPv3.

traps

informs

communitystring

,
notify ( 20 ). v1 v2
.
v3
,
snmp-server user v3.

SNMP v3.
:
noauth

auth

priv

udp-port port

UDP-
1 65535.
162.

filter filtername


30 .
, .

snmp-server filter.

timeout seconds

( informs)

informs 1
300 .
15 .

retries retries

( informs)

inform, ,
0 255.
3.

3.1.0.3 16.05.2013 .

150

-3000
. II

.465255.040


: SNMP V1
: Traps
udp-port: 162
informs, retries 3
-: 15

.

ipaddress/hostname, traps/informs, version.
SNMPv1 SNMPv2

MIB.
SNMPv3
.
,

snmp-server user, snmp-server group snmpserver community active .


:
switchxxxxxx(config)# snmp-server host 1.1.1.121 abc

2.8.13

snmp-server engineID local

. engineID
SNMP v3.
:
snmp-server engineID local {engineid-string | default}
no snmp-server engineID local
no engineID.
:
engineid-string

151

engineID
.
.
.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

.
5 32 (

),

64 .
default

engineID
-.


engineID :

4 : 1,
IANA Enterprise 674;

: 3 ,
-.

6 : - .


.

SNMPv3 engineID
.
,
- .
engineID
,
engineID.
snmpEngineID
SNMPv3-.
EngineID 0x0,
0xF 0x000000001.
:
switchxxxxxx(config)# snmp-server engineid local default
The engine-id must be unique within your administrative domain.
Do you wish to continue? [Y/N]Y
The SNMPv3 database will be erased. Do you wish to continue? [Y/N]Y

2.8.14

snmp-server engineID remote

.
engineID SNMP-.
3.1.0.3 16.05.2013 .

152

-3000
. II

.465255.040

:
snmp-server engineID remote {ip-address} engineid-string
no snmp-server engineID remote {ip-address}
no engineID.
:
ip-address

IPv4- IPv6- IPv6z-


. . IPv6z.

engineid-string

EngineID

,
.
5
32
(

), 9 64 .


engineID .

.

EngineID
inform SNMPv3. EngineID

, .
2.8.15

show snmp engineID

. SNMP
engineID.
:
show snmp engineID

.
153

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx # show snmp engineID
Local SNMP engineID: 08009009020C0B099C075878
IP address Remote SNMP engineID
----------- ------------------------------172.16.1.1 08009009020C0B099C075879

2.8.16

snmp-server enable traps

.
SNMP-.
:
snmp-server enable traps
no snmp-server enable traps
no SNMP.

SNMP- .

.

no snmp-server enable traps,
SNMP-
snmp-server trap authentication,
.
:
switchxxxxxx(config)# snmp-server enable traps
switchxxxxxx(config)# no snmp-server trap authentication

2.8.17

snmp-server trap authentication

.
SNMP- .
:
snmp-server trap authentication
no snmp-server trap authentication

3.1.0.3 16.05.2013 .

154

-3000
. II

.465255.040

no SNMP-
.


.

SNMP-


.

snmp-server enable traps
, .
, (
), snmpserver trap authentication.
:
switchxxxxxx(config)# no snmp-server enable traps
switchxxxxxx(config)# snmp-server trap authentication

2.8.18

snmp-server contact

.
( sysContact).
:
snmp-server contact text
no snmp-server contact
no .
:
text


168 .


.
:
switchxxxxxx(config)# snmp-server contact Technical_Support

2.8.19

snmp-server location

.
.
155

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
snmp-server location text
no snmp-server location
no
.

160 .

text


.
:
switchxxxxxx(config)# snmp-server location New_York

2.8.20

snmp-server set

. MIB
SNMP.
:
snmp-server set variable-name name value [name2 value2 ...]
:
variable-name

MIB SNMP,
.

name value

-.

. MIB
-.
,


.

CLI ,

SNMP-
MIB,
3.1.0.3 16.05.2013 .

156

-3000
. II

.465255.040

.
, snmp-server set.
:
switchxxxxxx(config)# snmp-server set sysName sysname TechSupp

2.8.21

show snmp

. SNMP.
:
show snmp

.
:
switchxxxxxx# show snmp
SNMP is enabled
Community-String Community-Access View name

IP Address

Mask

---------------- ---------------- ------------

----------

----

public

read only

user-view

All

private

read write

Default

172.16.1.1/10

private

su

DefaultSuper

172.16.1.1

Community-string Group name

IP address

Mask

---------------- ----------

----------

------

public

All

Router

user-group

type

Traps are enabled.


Authentication trap is enabled.
Version 1,2 notifications
Target Address

Type

Community

Version

UD Pport

Filter

TO

Retries

name

Sec

-----

---

------

--------------

-----

---------

------

-------

192.122.173.42

Trap

public

162

15

192.122.173.42

Inform

public

162

15

Filter

TO

Retries

name

Sec

-----

---

------

15

Version 3 notifications
Target Address

Type

Username

Security

UD Pport

Level

157

--------------

----

-------

------

--------

192.122.173.42

Inform

Bob

Priv

162

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

System Contact: Robert


System Location: Marketing

17 , .
17

Community-string

,
SNMP.

Community-access

: (read only),
(read-write),
(super access).

IP Address

IP- .

Target Address

IP- .

Version

SNMP (v1 v2c) .

3.1.0.3 16.05.2013 .

158

-3000
. II

2.9

.465255.040


RSA/DSA
:

/.


RSA/DSA ,

SSL- SSH-.

.
.
18 /.
18 , show

show
show c
detailed
detailed

/.

.
(

).
CLI ( , .

.
,

.
)

19 /
(
copy).

159

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

19 /

/ .
/,
(

1,2.

).

. /,

2.
(

. /,
).

2.

CLI
(


)
:

1.
( ),
;
2.
, .

2.9.1

crypto key generate dsa

.
DSA.
:
crypto key generate dsa

.

.

3.1.0.3 16.05.2013 .

160

-3000
. II

.465255.040


DSA : DSA
DSA.
DSA (
),
.

, ,
(
).
.
.
:
switchxxxxxx(config)# crypto key generate dsa
The SSH service is generating a private DSA key.
This may take a few minutes, depending on the key size.
..........

2.9.2

crypto key generate rsa

. RSA-.
:
crypto key generate rsa

.

.

RSA- : RSA-
RSA-.
RSA-,

.
.
.

161

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# crypto key generate rsa
Replace Existing RSA Key [y/n]? N
switchxxxxxx(config)#

2.9.3

crypto key import


DSA/RSA.
:
crypto key import {dsa | rsa}

DSA RSA .

.

DSA/RSA :
DSA/RSA DSA/RSA.
DSA/RSA,

.
.
:
switchxxxxxx(config)# crypto key import rsa
Replace Existing RSA Key [y/n]? Y
-----BEGIN RSA PRIVATE KEY----MIICWQIBAAKBgQDM3fV+7nopIQ5l2sZU8gkekCzwbw0MiQF2pnarRA+IoKcs/DReyT21NU
podlDmMltefzVBmmiVo8skggfcHVxz3oPsgV9WRs9sxFvPbh2m5aY9VUtSVDLmcIp0MK6L
kopUPrOPeCm6EuEwmivsCMAC7l4GsiLYi7AxUm5qTkzT3wIBIwKBgAu06XT3rzWM3EBVpO
7pQlmElNqKAL7jQemF2uU3FtSbd0RmLuDYTKtE364ypYl/OGvMwTby4Wei9apQkrwe71b5
08eYGCr80QrPWWUE/6FeMDqnJQeZJ8lWHSw5qwAut+wOJ9yHyAQTG2pPas6lM2VYP19HMb
YwBmB3H47zjjfrAkEA8CYFRVHNLWpZ9wEXSGTJe4QIdk8w2SUBNTxrsqrzylo89yuyV/K8
qzvPuXO0rondozPEXd8iBqDir+qLI6Nv9wJBANpjwlZmmNEa1aC+UE4/VXnWMnH0HILVod
hPgozTFJaddE/OSdgKthlFnHLrFw8yt8LVPvZdwjyftn3bmYRwkVkCQHSkwLtE/UHx0+0A
h6bR3jSt2Dl269cvOxnbhMR+63DqAFrMFMuhyVp8IxDvDp3rMSNiSW9sYPvnvo/1lAn+7T
0CQBj1dUuz9DUno2LT6+uvd3ujc3q80A7z1/t2zRdolKN/tYV2qVqE4Zx8++/gWmgjDa/d
209bLCQvgpIKd/Hg+qsCQC3KSMwNTQ11Slsf/iA0QkMrunMsBha59wo+tMfdk3/kZkTdQT
knkRQxydFB7pQBojzbqfYL5Zl/R5HR+2r38Tc=

3.1.0.3 16.05.2013 .

162

-3000
. II

.465255.040

-----END RSA PRIVATE KEY---------BEGIN RSA PUBLIC KEY----MIGHAoGBAMzd9X7ueikhDmXaxlTyCR6QLPBvDQyJAXamdqtED4igpyz8NF7JPbU1Smh2UO


YyW15/NUGaaJWjyySCB9wdXHPeg+yBX1ZGz2zEW89uHablpj1VS1JUMuZwinQwrouSilQ+
s494KboS4TCaK+wIwALuXgayItiLsDFSbmpOTNPfAgEj
-----END RSA PUBLIC KEY-----

encrypted crypto key import rsa


---- BEGIN SSH2 ENCRYPTED PRIVATE KEY ---Comment: RSA Private Key
84et9C2XUfcRlpemuGINAygnLwfkKJcDM6m2OReALHScqqLhi0wMSSYNlT1IWFZP1kEVHH
Fpt1aECZi7HfGLcp1pMZwjn1+HaXBtQjPDiEtbpScXqrg6ml1/OEnwpFK2TrmUy0Iifwk8
E/mMfX3i/2rRZLkEBea5jrA6Q62gl5naRw1ZkOges+GNeibtvZYSk1jzr56LUr6fT7Xu5i
KMcU2b2NsuSD5yW8R/x0CW2elqDDz/biA2gSgd6FfnW2HV48bTC55eCKrsId2MmjbExUdz
+RQRhzjcGMBYp6HzkD66z8HmShOU+hKd7M1K9U4Sr+Pr1vyWUJlEkOgz9O6aZoIGp4tgm4
VDy/K/G/sI5nVL0+bR8LFUXUO/U5hohBcyRUFO2fHYKZrhTiPT5Rw+PHt6/+EXKG9E+TRs
lUADMltCRvs+lsB33IBdvoRDdl98YaA2htZay1TkbMqCUBdfl0+74UOqa/b+bp67wCYKe9
yen418MaYKtcHJBQmF7sUQZQGP34VPmOMyZzon68S/ZoT77cy0ihRZx9wcI1yYhJnDiYxP
dgXHYhW6kCTcTj6LrUSQuxCJ9su89ZIWNn5OwdgonLSpvfnabv2GHmmelaveL7JJ/7UcfO
61q5D4PJ67Vk2xL7PqyHXN931rseTzPuJplkSLCFZ5uqTMbWWyQEKmHDlOx35vlGou5tky
9LgIwG4d+9edctZZaggeq5cgjnsZWJgUoB4Bn4hIreyOdHDiFUPPRxkoyhGOGnJuvxC9T9
K6BF1wBTdDQS+Gu47/0/gRoD/50q4sGkzqHsRJJ53WOT0Q1bHMTMLPpwn2nXzvfGxWL/bu
QhZZSqRonG6MX1cP7KT7i4TPq2w2k3TGtNBnVYHx6OoNcaTHmg1N2s5OgRsyXD9tF++6nY
RfMN8CsV+9jQKQP7ZaGc8Ju+d72jvSwppSr032HY+IpzZ4ujkK+/X5oawZL5NnkaEQTQKX
RSL55S4O5NPOjS/pC9hg7GaVjoY2mQ7HDpSUBeTIDTlvOwC2kskA9C6aF/Axj2dXLweQd5
lxk7m0/mMNaiJsNk6y33LcuKjIxpNNjK9n9KzRPkGNMFObprfenWKteDftjQ==
---- END SSH2 PRIVATE KEY ------- BEGIN SSH2 PUBLIC KEY ---Comment: RSA Public Key
AAAAB3NzaC1yc2EAAAABIwAAAIEAvRHsKry6NKMKymb+yWEp9042vupLvYVq3ngt1sB9JH
OcdK/2nw7lCQguy1mLsX8/bKMXYSk/3aBEvaoJQ82+r/nRf0y3HTy4Wp9zV0SiVC8jLD+7
7t0aHejzfUhr0FRhWWcLnvYwr+nmrYDpS6FADMC2hVA85KZRye9ifxT7otE=
---- END SSH2 PUBLIC KEY ----

2.9.4

show crypto key

. SSH ( , ,
).
:
show crypto key [mypubkey] [rsa | dsa]
163

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
mypubkey

rsa

RSA-.

dsa

DSA-.


.

.
.
:
switchxxxxxx# show crypto key mypubkey dsa
---- BEGIN SSH2 PUBLIC KEY ---Comment: RSA Public Key
AAAAB3NzaC1yc2EAAAABIwAAAIEAzN31fu56KSEOZdrGVPIJHpAs8G8NDIkB
dqZ2q0QPiKCnLPw0Xsk9tTVKaHZQ5jJbXn81QZpolaPLJIIH3B1cc96D7IFf
VkbPbMRbz24dpuWmPVVLUlQy5nCKdDCui5KKVD6zj3gpuhLhMJor7AjAAu5e
BrIi2IuwMVJuak5M098=
---- END SSH2 PUBLIC KEY ---Public Key Fingerprint:
6f:93:ca:01:89:6a:de:6e:ee:c5:18:82:b2:10:bc:1e

2.9.5

crypto certificate generate

( ,
) HTTPS.
:
crypto certificate number generate [key-generate [length]] [cn
common- name] [ou organization-unit] [or organization] [loc
location] [st state] [cu country] [duration days]
:
number

(1 2).

key-generate
length

RSA SSL
RSA SSL ( 512
2048).

.
.
3.1.0.3 16.05.2013 .

164

-3000
. II

cn common-name

.465255.040

URL IP-
64 . ,
IP ( ).

ou organization-
unit
64 .
or organization

64 .

loc location


64 .

st state


64 .

cu country

64 .

duration days

, 30
3650.


RSA SSL 1024.
cn common-name,
IPv6- (
) IPv4-,
IPv6-, 0.0.0.0,
IP-.
duration days,
365 .

.

RSA- ,
key-generate.
1 2,
ip https certificate
.
.
.

;
.

165

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# crypto certificate 1 generate key-generate 2048

2.9.6

crypto certificate request

.
HTTPS.
:
crypto certificate number request [cn common- name] [ou
organization-unit] [or organization] [loc location] [st state] [cu
country]]
:
number

(1 2).

.
.
cn common-name

URL IP-
64 . ,
IP ( ).

ou organization-
unit
64 .
or organization

64 .

loc location


64 .

st state


64 .

cu country

64 .


cn common-name,
IPv6- (
) IPv4-,
IPv6-, 0.0.0.0,
IP-.

Certification Authority
( ).
Base64-encoded X.509.
3.1.0.3 16.05.2013 .

166

-3000
. II

.465255.040



crypto certificate
generate .
.

(Certification Authority)
crypto certificate import
.
.

.
:
switchxxxxxx# crypto certificate 1 request
-----BEGIN CERTIFICATE REQUEST----MIwTCCASoCAQAwYjELMAkGA1UEBhMCUFAxCzAJBgNVBAgTAkNDMQswCQYDVQQH
EwRDEMMAoGA1UEChMDZGxkMQwwCgYDVQQLEwNkbGQxCzAJBgNVBAMTAmxkMRAw
DgKoZIhvcNAQkBFgFsMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQC8ecwQ
HdML0831i0fh/F0MV/Kib6Sz5p+3nUUenbfHp/igVPmFM+1nbqTDekb2ymCu6K
aKvEbVLF9F2LmM7VPjDBb9bb4jnxkvwW/wzDLvW2rsy5NPmH1QVl+8Ubx3GyCm
/oW93BSOFwxwEsP58kf+sPYPy+/8wwmoNtDwIDAQABoB8wHQYJKoZIhvcNAQkH
MRDjEyMwgICCAgICAICAgIMA0GCSqGSIb3DQEBBAUAA4GBAGb8UgIx7rB05m+2
m5ZZPhIwl8ARSPXwhVdJexFjbnmvcacqjPG8pIiRV6LkxryGF2bVU3jKEipcZa
g+uNpyTkDt3ZVU72pjz/fa8TF0n3
-----END CERTIFICATE REQUEST-----

2.9.7

crypto certificate import

. ,
(Certification Authority)
HTTPS. , RSA
.
:
crypto certificate number import
:
number

(1 2).


.
167

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


(
) .

,

crypto certificate request.


, ,
, SSL RSA
, .
, , ,
, RSA-,
.
.
.
.
:
switchxxxxxx(config)# crypto certificate 1 import
Please paste the input now, add a period (.) on a separate line
after the
input,and press Enter.
-----BEGIN CERTIFICATE----MIIBkzCB/QIBADBUMQswCQYDVQQGEwIgIDEKMAgGA1UECBMBIDEKMAgGA1UEBxMB
IDEVMBMGA1UEAxMMMTAuNS4yMzQuMjA5MQowCAYDVQQKEwEgMQowCAYDVQQLEwEg
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDK+beogIcke73sBSL7tC2DMZrY
OOg9XM1AxfOiqLlQJHd4xP+BHGZWwfkjKjUDBpZn52LxdDu1KrpB/h0+TZP0Fv38
7mIDqtnoF1NLsWxkVKRM5LPka0L/ha1pYxp7EWAt5iDBzSw5sO4lv0bSN7oaGjFA
6t4SW2rrnDy8JbwjWQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAuqYQiNJst6hI
XFDxe7I8Od3Uyt3Dmf7KE/AmUV0Pif2yUluy/RuxRwKhDp/lGrK12tzLQz+s5Ox7
Klft/IcjzbBYXLvih45ASWG3TRv2WVKyWs89rPPXu5hKxggEeTvWqpuS+gXrIqjW
WVZd0n1fXhMacoflgnnEmweIzmrqXBs=
.
-----END CERTIFICATE----Certificate imported successfully.
Issued by : C= , ST= , L= , CN=0.0.0.0, O= , OU=
Valid From: Jan 24 18:41:24 2011 GMT
Valid to: Jan 24 18:41:24 2012 GMT
Subject: C=US , ST= , L= , CN=router.gm.com, O= General Motors, OU=
SHA1 Finger print: DC789788 DC88A988 127897BC BB789788

3.1.0.3 16.05.2013 .

168

-3000
. II

.465255.040

switchxxxxxx(config)# crypto certificate 1 import


Please paste the input now, add a period (.) on a separate line after
the
input,and press Enter.
-----BEGIN RSA PRIVATE KEY----ACnrqImEGlXkwxBuZUlAO9nHq9IGJsnkf7/MauGPVqxt5vfDf77uQ5CPf49JWQhu07cVXh
2OwrBhJgB69vLUlJujM9p1IXFpMk8qR3NS7JzlInYAWjHKKbEZBMsKSA6+t/UzVxevKK6H
TGB7vMxi+hv1bL9zygvmQ6+/6QfqA51c4nP/8a6NjO/ZOAgvNAMKNr2Wa+tGUOoAgL0b/C
11EoqzpCq5mT7+VOFhPSO4dUU+NwLv1YCb1Fb7MFoAa0N+y+2NwoGp0pxOvDA9ENYl7qsZ
MWmCfXu52/IxC7fD8FWxEBtks4V81Xqa7K6ET657xS7m8yTJFLZJyVawGXKnIUs6uTzhhW
dKWWc0e/vwMgPtLlWyxWynnaP0fAJ+PawOAdsK75bo79NBim3HcNVXhWNzqfg2s3AYCRBx
WuGoazpxHZ0s4+7swmNZtS0xI4ek43d7RaoedGKljhPqLHuzXHUon7Zx15CUtP3sbHl+XI
B3u4EEcEngYMewy5obn1vnFSot+d5JHuRwzEaRAIKfbHa34alVJaN+2AMCb0hpI3IkreYo
A8Lk6UMOuIQaMnhYf+RyPXhPOQs01PpIPHKBGTi6pj39XMviyRXvSpn5+eIYPhve5jYaEn
UeOnVZRhNCVnruJAYXSLhjApf5iIQr1JiJb/mVt8+zpqcCU9HCWQqsMrNFOFrSpcbHu5V4
ZX4jmd9tTJ2mhekoQf1dwUZbfYkRYsK70ps8u7BtgpRfSRUr7g0LfzhzMuswoDSnB65pkC
ql7yZnBeRS0zrUDgHLLRfzwjwmxjmwObxYfRGMLp4=
-----END RSA PRIVATE KEY---------BEGIN RSA PUBLIC KEY----MIGHAoGBAMVuFgfJYLbUzmbm6UoLD3ewHYd1ZMXY4A3KLF2SXUd1TIXq84aME8DIitSfB2
Cqy4QB5InhgAobBKC96VRsUe2rzoNG4QDkj2L9ukQOvoFBYNmbzHc7a+7043wfVmH+QOXf
TbnRDhIMVrZJGbzl1c9IzGky1l21Xmicy0/nwsXDAgEj
-----END RSA PUBLIC KEY---------BEGIN CERTIFICATE----MIIBkzCB/QIBADBUMQswCQYDVQQGEwIgIDEKMAgGA1UECBMBIDEKMAgGA1UEBxMB
IDEVMBMGA1UEAxMMMTAuNS4yMzQuMjA5MQowCAYDVQQKEwEgMQowCAYDVQQLEwEg
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDK+beogIcke73sBSL7tC2DMZrY
OOg9XM1AxfOiqLlQJHd4xP+BHGZWwfkjKjUDBpZn52LxdDu1KrpB/h0+TZP0Fv38
7mIDqtnoF1NLsWxkVKRM5LPka0L/ha1pYxp7EWAt5iDBzSw5sO4lv0bSN7oaGjFA
6t4SW2rrnDy8JbwjWQIDAQABoAAwDQYJKoZIhvcNAQEEBQADgYEAuqYQiNJst6hI
XFDxe7I8Od3Uyt3Dmf7KE/AmUV0Pif2yUluy/RuxRwKhDp/lGrK12tzLQz+s5Ox7
Klft/IcjzbBYXLvih45ASWG3TRv2WVKyWs89rPPXu5hKxggEeTvWqpuS+gXrIqjW
WVZd0n1fXhMacoflgnnEmweIzmrqXBs=
-----END CERTIFICATE----.
Certificate imported successfully.
Issued by : C= , ST= , L= , CN=0.0.0.0, O= , OU=
Valid From: Jan 24 18:41:24 2011 GMT
Valid to: Jan 24 18:41:24 2012 GMT
Subject: C=US , ST= , L= , CN=router.gm.com, O= General Motors, OU=
SHA1 Finger print: DC789788 DC88A988 127897BC BB789788

-----BEGIN RSA ENCRYPTED PRIVATE KEY-----

169

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

wJIjj/tFEI/Z3GFkTl5C+SFOeSyTxnSsfssNo9CoHJ6X9Jg1SukjtXU49kaUbTjoQVQatZ
AdQwgWM5mnjUhUaJ1MM3WfrApY7HaBL3iSXS9jDVrf++Q/KKhVH6Pxlv6cKvYYzHg43Unm
CNI2n5zf9oisMH0U6gsIDs4ysWVD1zNgoVQwD7RqKpL9wo3+YVFVS6XCB7pDb7iPePefa6
GD/crN28vTLGf/NpyKoOhdAMRuwEQoapMo0Py2Cvy+sqLiv4ZKck1FPlsVFV7X7sh+zVa3
We84pmzyjGiY9S0tPdBSGhJ2xDNcqTyvUpffFEJJYrdGKGybqD0o3tD/ioUQ3UJgxDbGYw
aLlLoavSjMYiWkdPjfcbn5MVRdU5iApCQJXWv3MYC8GQ4HDa6UDN6aoUBalUhqjT+REwWO
DXpJmvmX4T/u5W4DPvELqTHyETxgQKNErlO7gRi2yyLcybUokh+SP+XuRkG4IKnn8KyHtz
XeoDojSe6OYOQww2R0nAqnZsZPgrDzj0zTDL8qvykurfW4jWa4cv1Sc1hDEFtHH7NdDLjQ
FkPFNAKvFMcYimidapG+Rwc0m3lKBLcEpNXpFEE3v1mCeyN1pPe6eSqMcBXa2VmbInutuP
CZM927oxkb41g+U5oYQxGhMK7OEzTmfS1FdLOmfqv0DHZNR4lt4KgqcSjSWPQeYSzB+4PW
Qmy4fTF4wQdvCLy+WlvEP1jWPbrdCNxIS13RWucNekrm9uf5Zuhd1FA9wf8XwSRJWuAq8q
zZFRmDMHPtey9ALO2alpwjpHOPbJKiCMdjHT94ugkF30eyeni9sGN6Y063IvuKBy0nbWsA
J0sxrvt3q6cbKJYozMQE5LsgxLNvQIH4BhPtUz+LNgYWb3V5SI8D8kRejqBM9eaCyJsvLF
+yAI5xABZdTPqz0l7FNMzhIrXvCqcCCCx+JbgP1PwYTDyD+m2H5v8Yv6sT3y7fZC9+5/Sn
Vf8jpTLMWFgVF9U1Qw9bA8HA7K42XE3R5Zr1doOeUrXQUkuRxLAHkifD7ZHrE7udOmTiP9
W3PqtJzbtjjvMjm5/C+hoC6oLNP6qp0TEn78EdfaHpMMutMF0leKuzizenZQ==
-----END RSA PRIVATE KEY---------BEGIN RSA PUBLIC KEY----MIGJAoGBAMoCaK+b9hTgrzEeWjdz55FoWwV8s54k5VpuRtv1e5r1zp7kzIL6mvCCXk6J9c
kkr+TMfX63b9t5RgwGPgWeDHw3q5QkaqInzz1h7j2+A++mwCsHui1BhpFNFY/gmENiGq9f
puukcnoTvBNvz7z3VOxv6hw1UHMTOeO+QSbe7WwVAgMBAAE=
-----END RSA PUBLIC KEY---------BEGIN CERTIFICATE----MIICHDCCAYUCEFCcI4/dhLsUhTWxOwbzngMwDQYJKoZIhvcNAQEEBQAwTzELMAkG
A1UEBhMCICAxCjAIBgNVBAgTASAxCjAIBgNVBAcTASAxEDAOBgNVBAMTBzAuMC4w
LjAxCjAIBgNVBAoTASAxCjAIBgNVBAsTASAwHhcNMTIwNTIxMTI1NzE2WhcNMTMw
NTIxMTI1NzE2WjBPMQswCQYDVQQGEwIgIDEKMAgGA1UECBMBIDEKMAgGA1UEBxMB
IDEQMA4GA1UEAxMHMC4wLjAuMDEKMAgGA1UEChMBIDEKMAgGA1UECxMBIDCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAygJor5v2FOCvMR5aN3PnkWhbBXyzniTl
Wm5G2/V7mvXOnuTMgvqa8IJeTon1ySSv5Mx9frdv23lGDAY+BZ4MfDerlCRqoifP
PWHuPb4D76bAKwe6LUGGkU0Vj+CYQ2Iar1+m66RyehO8E2/PvPdU7G/qHDVQcxM5
475BJt7tbBUCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBOknTzas7HniIHMPeC5yC0
2rd7c+zqQOe1e4CpEvV1OC0QGvPa72pz+m/zvoFmAC5WjQngQMMwH8rNdvrfaSyE
dkB/761PpeKkUtgyPHfTzfSMcJdBOPPnpQcqbxCFh9QSNa4ENSXqC5pND02RHXFx
wS1XJGrhMUoNGz1BY5DJWw==
-----END CERTIFICATE----.
Certificate imported successfully.
Issued by : C= , ST= , L= , CN=0.0.0.0, O= , OU=
Valid From: Jan 24 18:41:24 2011 GMT
Valid to: Jan 24 18:41:24 2012 GMT
Subject: C=US , ST= , L= , CN=router.gm.com, O= General Motors, OU=

3.1.0.3 16.05.2013 .

170

-3000
. II

.465255.040

SHA1 Finger print: DC789788 DC88A988 127897BC BB789788


Example 3 - Import certificate with encrypted key
encrypted crypto certificate 1 import
-----BEGIN RSA ENCRYPTED PRIVATE KEY----wJIjj/tFEI/Z3GFkTl5C+SFOeSyTxnSsfssNo9CoHJ6X9Jg1SukjtXU49kaUbTjoQVQatZ
AdQwgWM5mnjUhUaJ1MM3WfrApY7HaBL3iSXS9jDVrf++Q/KKhVH6Pxlv6cKvYYzHg43Unm
CNI2n5zf9oisMH0U6gsIDs4ysWVD1zNgoVQwD7RqKpL9wo3+YVFVS6XCB7pDb7iPePefa6
GD/crN28vTLGf/NpyKoOhdAMRuwEQoapMo0Py2Cvy+sqLiv4ZKck1FPlsVFV7X7sh+zVa3
We84pmzyjGiY9S0tPdBSGhJ2xDNcqTyvUpffFEJJYrdGKGybqD0o3tD/ioUQ3UJgxDbGYw
aLlLoavSjMYiWkdPjfcbn5MVRdU5iApCQJXWv3MYC8GQ4HDa6UDN6aoUBalUhqjT+REwWO
DXpJmvmX4T/u5W4DPvELqTHyETxgQKNErlO7gRi2yyLcybUokh+SP+XuRkG4IKnn8KyHtz
XeoDojSe6OYOQww2R0nAqnZsZPgrDzj0zTDL8qvykurfW4jWa4cv1Sc1hDEFtHH7NdDLjQ
FkPFNAKvFMcYimidapG+Rwc0m3lKBLcEpNXpFEE3v1mCeyN1pPe6eSqMcBXa2VmbInutuP
CZM927oxkb41g+U5oYQxGhMK7OEzTmfS1FdLOmfqv0DHZNR4lt4KgqcSjSWPQeYSzB+4PW
Qmy4fTF4wQdvCLy+WlvEP1jWPbrdCNxIS13RWucNekrm9uf5Zuhd1FA9wf8XwSRJWuAq8q
zZFRmDMHPtey9ALO2alpwjpHOPbJKiCMdjHT94ugkF30eyeni9sGN6Y063IvuKBy0nbWsA
J0sxrvt3q6cbKJYozMQE5LsgxLNvQIH4BhPtUz+LNgYWb3V5SI8D8kRejqBM9eaCyJsvLF
+yAI5xABZdTPqz0l7FNMzhIrXvCqcCCCx+JbgP1PwYTDyD+m2H5v8Yv6sT3y7fZC9+5/Sn
Vf8jpTLMWFgVF9U1Qw9bA8HA7K42XE3R5Zr1doOeUrXQUkuRxLAHkifD7ZHrE7udOmTiP9
W3PqtJzbtjjvMjm5/C+hoC6oLNP6qp0TEn78EdfaHpMMutMF0leKuzizenZQ==
-----END RSA PRIVATE KEY---------BEGIN RSA PUBLIC KEY----MIGJAoGBAMoCaK+b9hTgrzEeWjdz55FoWwV8s54k5VpuRtv1e5r1zp7kzIL6mvCCXk6J9c
kkr+TMfX63b9t5RgwGPgWeDHw3q5QkaqInzz1h7j2+A++mwCsHui1BhpFNFY/gmENiGq9f
puukcnoTvBNvz7z3VOxv6hw1UHMTOeO+QSbe7WwVAgMBAAE=
-----END RSA PUBLIC KEY---------BEGIN CERTIFICATE----MIICHDCCAYUCEFCcI4/dhLsUhTWxOwbzngMwDQYJKoZIhvcNAQEEBQAwTzELMAkG
A1UEBhMCICAxCjAIBgNVBAgTASAxCjAIBgNVBAcTASAxEDAOBgNVBAMTBzAuMC4w
LjAxCjAIBgNVBAoTASAxCjAIBgNVBAsTASAwHhcNMTIwNTIxMTI1NzE2WhcNMTMw
NTIxMTI1NzE2WjBPMQswCQYDVQQGEwIgIDEKMAgGA1UECBMBIDEKMAgGA1UEBxMB
IDEQMA4GA1UEAxMHMC4wLjAuMDEKMAgGA1UEChMBIDEKMAgGA1UECxMBIDCBnzAN
BgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAygJor5v2FOCvMR5aN3PnkWhbBXyzniTl
Wm5G2/V7mvXOnuTMgvqa8IJeTon1ySSv5Mx9frdv23lGDAY+BZ4MfDerlCRqoifP
PWHuPb4D76bAKwe6LUGGkU0Vj+CYQ2Iar1+m66RyehO8E2/PvPdU7G/qHDVQcxM5
475BJt7tbBUCAwEAATANBgkqhkiG9w0BAQQFAAOBgQBOknTzas7HniIHMPeC5yC0
2rd7c+zqQOe1e4CpEvV1OC0QGvPa72pz+m/zvoFmAC5WjQngQMMwH8rNdvrfaSyE
dkB/761PpeKkUtgyPHfTzfSMcJdBOPPnpQcqbxCFh9QSNa4ENSXqC5pND02RHXFx
wS1XJGrhMUoNGz1BY5DJWw==
-----END CERTIFICATE----.
Certificate imported successfully.
Issued by : C= , ST= , L= , CN=0.0.0.0, O= , OU=

171

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Valid From: Jan 24 18:41:24 2011 GMT


Valid to: Jan 24 18:41:24 2012 GMT
Subject: C=US , ST= , L= , CN=router.gm.com, O= General Motors, OU=
SHA1 Finger print: DC789788 DC88A988 127897BC BB789788

2.9.8

show crypto certificate

. SSL ((
, , )).
:
show crypto certificate [mycertificate] [number]
:
number

(1 2).


1.

.
:
switchxxxxxx# show crypto certificate mycertificate
Certificate 1:
Certificate Source: Default
-----BEGIN CERTIFICATE----dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS
nnH/xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr
yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw
CwR0PBAQDAgFGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAf4MT9BRD47
ZvKBAEL9Ggp+6MIIBNgYDVR0fBIIBLTCCASkwgdKggc+ggcyGgclsZGFwOi8v
L0VByb3h5JTIwU29mdHdhcmUlMjBSb290JTIwQ2VydGlmaWVyLENOPXNlcnZl
-----END CERTIFICATE----Issued by: www.verisign.com
Valid from: 8/9/2003 to 8/9/2004
Subject: CN= router.gm.com, 0= General Motors, C= US
Fingerprint: DC789788 DC88A988 127897BC BB789788
Certificate 2:
Certificate Source: User-Defined
-----BEGIN CERTIFICATE----dHmUgUm9vdCBDZXJ0aWZpZXIwXDANBgkqhkiG9w0BAQEFAANLADBIAkEAp4HS
nnH/xQSGA2ffkRBwU2XIxb7n8VPsTm1xyJ1t11a1GaqchfMqqe0kmfhcoHSWr

3.1.0.3 16.05.2013 .

172

-3000
. II

.465255.040

yf1FpD0MWOTgDAwIDAQABo4IBojCCAZ4wEwYJKwYBBAGCNxQCBAYeBABDAEEw
CwR0PBAQDAgFGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYEFAf4MT9BRD47
ZvKBAEL9Ggp+6MIIBNgYDVR0fBIIBLTCCASkwgdKggc+ggcyGgclsZGFwOi8v
L0VByb3h5JTIwU29mdHdhcmUlMjBSb290JTIwQ2VydGlmaWVyLENOPXNlcnZl
-----END CERTIFICATE----Issued by: www.verisign.com
Valid from: 8/9/2004 to 8/9/2005
Subject: CN= router.gm.com, 0= General Motors, C= US
Fingerprint: DC789788 DC88A988 127897BC BB789788

2.10
2.10.1

web-
ip http server

.
:
ip http server
no ip http server
no .

HTTP- .

.
:
switchxxxxxx(config)# ip http server

173

3.1.0.3 16.05.2013 .

-3000
. II

2.10.2

.465255.040

ip http port

. TCP, HTTP-.
:
ip http port port-number
no ip http port

.

no

:
portnumber

,
0 65534.

HTTP-,


80.

.
:
switchxxxxxx(config)# ip http port 100

2.10.3

ip http timeout-policy

.
http/https-
.
:
ip http timeout-policy seconds
no ip http timeout-policy

.

3.1.0.3 16.05.2013 .

no

174

-3000
. II

.465255.040

:
seconds


,
0 86400 .


600 .

.

,
ip http timeout-policy 0.
:
switchxxxxxx(config)# ip http timeout-policy 1000

2.10.4

ip http secure-server

.
, ,
.
:
ip http secure-server
no ip http secure-server
no .

.

.

crypto certificate generate
HTTPS.
:
switchxxxxxx(config)# ip http secure-server

175

3.1.0.3 16.05.2013 .

-3000
. II

2.10.5

.465255.040

ip http secure-port

. TCP -.
:
ip http secure-port port-number
no ip http secure-port
no .
:
port-number , HTTPS-,
0 65534.

443.

.
:
switchxxxxxx(config)# ip http secure-port 1234

2.10.6

ip https certificate

.
HTTPS.
:
ip https certificate number
no ip https certificate

.

no

:
number

,
1 2.


1.

.
3.1.0.3 16.05.2013 .

176

-3000
. II

.465255.040


-, crypto certificate generate
HTTPS.
.
:
switchxxxxxx(config)# ip https certificate 2

2.10.7

show ip http

.
HTTP-.
:
show ip http

.
:
switchxxxxxx# show ip http
HTTP server enabled
Port: 80
Interactive timeout: 10 minutes

2.10.8

show ip https


HTTPS-.

:
show ip https

.

177

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx# show ip https
HTTPS server enabled
Port: 443
Interactive timeout: Follows the HTTP interactive timeout (10
minutes)
Certificate 1 is active
Issued by: www.verisign.com
Valid from: 8/9/2003 to 8/9/2004
Subject: CN= router.gm.com, 0= General Motors, C= US
Finger print: DC789788 DC88A988 127897BC BB789788
Certificate 2 is inactive
Issued by: self-signed
Valid from: 8/9/2003 to 8/9/2004
Subject: CN= router.gm.com, 0= General Motors, C= US
Finger print: 1873B936 88DC3411 BC8932EF 782134BA

2.10.9

ssl version


SSL.

:
ssl version {v2&v3 | v3}
no ssl version

.

no

:
v2&v3

SSLv2 SSLv3.

v3

, SSLv3.


v3.

.
:
switchxxxxxx# ssl version v3&v3

3.1.0.3 16.05.2013 .

178

-3000
. II

2.10.10

.465255.040

show ssl version

.
SSL.
:
show ssl version

.
:
switchxxxxxx# show ssl version
Current supported version: SSLv2 and SSLv3

2.11
2.11.1

Telnet, SSH Slogin


ip telnet server

.
Telnet-,
Telnet-. Telnet-
Telnet-.
:
ip telnet server
no ip telnet server
no .

.

.


SSH- Telnet-.

SSH ( Telnet), .. SSH
Telnet. SSH
ip ssh server.
179

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# ip telnet server

2.11.2

ip ssh server

.
SSH-,
SSH-. SSH-
SSH-.
:
ip ssh server
no ip ssh server
no .

.

.

SSH-
.
SSH-
crypto key generate
dsa crypto key generate rsa.
:
switchxxxxxx(config)# ip ssh server
switchxxxxxx(config)# ip ssh password-auth

2.11.3

ip ssh port

. TCP-,
SSH-.
:
ip ssh port port-number
no ip ssh port

.
3.1.0.3 16.05.2013 .

no

180

-3000
. II

.465255.040

:
port-number

TCP-,

, 1 65535.

SSH-


TCP- 22.

.
:
switchxxxxxx(config)# ip ssh port 8080

2.11.4

ip ssh password-auth

.
SSH- .

:
ip ssh password-auth
no ip ssh password-auth
no .


.

SSH-


.


SSH- SSH-.
SSH-
SSH SSH-,
.
, SSH-
, , ,

.
SSH , SSH, ,
.
181

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# ip ssh password-auth

2.11.5

ip ssh pubkey-auth

.
SSH- .
:
ip ssh pubkey-auth [auto-login]
no ip ssh pubkey-auth
no .
:
auto-login

, AAA
( CLI)
.
SSH.

SSH-


.


SSH- SSH-.
SSH-
SSH, SSH-
.
SSH-
,
AAA .
SSH , SSH AAA
.
auto-login
SSH ,
, SSH
SSH .
3.1.0.3 16.05.2013 .

182

-3000
. II

.465255.040

AAA
.
,
, AAA
, SSH.
auto-login ,
,
SSH, AAA
. SSH
, ,
AAA
. SSH ,
SSH ,
, .
:
Console(config)# ip ssh pubkey-auth

2.11.6

crypto key pubkey-chain ssh

.
SSH.
,
SSH-.
:
crypto key pubkey-chain ssh

.

.
:
switchxxxxxx(config)# crypto key pubkey-chain ssh
switchxxxxxx(config-pubkey-chain)# user-key bob rsa
switchxxxxxx(config-pubkey-key)# key-string
AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl
Al4kpqIw9GBRonZQZxjHKcqKL6rMlQ+
ZNXfZSkvHG+QusIZ/76ILmFT34v7u7ChFAE+
Vu4GRfpSwoQUvV35LqJJk67IOU/zfwOl1g
kTwml75QR9gHujS6KwGN2QWXgh3ub8gDjTSq
muSn/Wd05iDX2IExQWu08licglk02LYciz
+Z4TrEU/9FJxwPiVQOjc+KBXuR0juNg5nFYsY
0ZCk0N/W9a/tnkm1shRE7Di71+w3fNiOA
6w9o44t6+AINEICBCCA4YcF6zMzaT1wefWwX6f+

183

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Rmt5nhhqdAtN/4oJfce166DqVX1gWmN
zNR4DYDvSzg0lDnwCAC8Qh
Fingerprint: a4:16:46:23:5a:8d:1d:b5:37:59:eb:44:13:b9:33:e9

2.11.7

user-key

SSH.
SSH-,
.
:
user-key username {rsa | dsa}
no user-key username
no SSH
.
:
username


48 .

rsa

RSA-
.

dsa

DSA-
.

SSH-


SSH- .

SSH-.

( ),
, .
, user-key
key-string.
:
switchxxxxxx(config)# crypto key pubkey-chain ssh
switchxxxxxx(config-pubkey-chain)# user-key bob rsa
switchxxxxxx(config-pubkey-key)# key-string row
AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl

3.1.0.3 16.05.2013 .

184

-3000
. II

2.11.8

.465255.040

key-string

SSH.
SSH- .
:
key-string [row key-string]
:
row


. 160
.

key-string

UU-
DER.
authorized_keys,
OpenSSH.


.

SSH.

, SSH-
,
SSH key-string
row.
.
SSH-
SSH key-string
row. key-string
row.
:
switchxxxxxx(config)# crypto key pubkey-chain ssh
switchxxxxxx(config-pubkey-chain)# user-key bob rsa
switchxxxxxx(config-pubkey-key)# key-string
AAAAB3NzaC1yc2EAAAADAQABAAABAQCvTnRwPWl
Al4kpqIw9GBRonZQZxjHKcqKL6rMlQ+
ZNXfZSkvHG+QusIZ/76ILmFT34v7u7ChFAE+
Vu4GRfpSwoQUvV35LqJJk67IOU/zfwOl1g
kTwml75QR9gHujS6KwGN2QWXgh3ub8gDjTSq

185

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

muSn/Wd05iDX2IExQWu08licglk02LYciz
+Z4TrEU/9FJxwPiVQOjc+KBXuR0juNg5nFYsY
0ZCk0N/W9a/tnkm1shRE7Di71+w3fNiOA
6w9o44t6+AINEICBCCA4YcF6zMzaT1wefWwX6f+
Rmt5nhhqdAtN/4oJfce166DqVX1gWmN
zNR4DYDvSzg0lDnwCAC8Qh
Fingerprint: a4:16:46:23:5a:8d:1d:b5:37:59:eb:44:13:b9:33:e9
switchxxxxxx(config)# crypto key pubkey-chain ssh
switchxxxxxx(config-pubkey-chain)# user-key bob rsa
switchxxxxxx(config-pubkey-key)# key-string row AAAAB3Nza
switchxxxxxx(config-pubkey-key)# key-string row C1yc2

2.11.9

show ip ssh


SSH-.

:
show ip ssh

.
:
switchxxxxxx# show ip ssh
SSH server enabled. Port: 22
RSA key was generated.
DSA (DSS) key was generated.
SSH Public Key Authentication is enabled with auto-login.
SSH Password Authentication is enabled.
Active incoming sessions:
IP

SSH

Version

Cipher

Auth code

address

username

-------172.16.0.1

---------

----------

------

-----------

John Broun

1.5

3DES

HMAC-SHA1

20

IP address

IP- .

SSH username

Version

SSH.

Cipher

(3DES, Blowfish, RC4).

Auth code


HMAC-SHA1) .

3.1.0.3 16.05.2013 .

(HMAC-MD5,
186

-3000
. II

2.11.10

.465255.040

show crypto key pubkey-chain ssh

.
SSH-, .

:
show crypto key pubkey-chain
[fingerprint {bubble-babble | hex}]

ssh

[username

username]

:
username username
fingerprint
{bubblebabble | hex}
bubble-babble
hex

SSH 1 48 .
.
Bubble
Babble.


.
:
switchxxxxxx# show crypto key pubkey-chain ssh
Username

Fingerprint

----------- ------------------------------------------------------bob

9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86

john

98:F7:6E:28:F2:79:87:C8:18:F8:88:CC:F8:89:87:C8

switchxxxxxx# show crypto key pubkey-chain ssh username bob


Username

Fingerprint

----------- ------------------------------------------------------bob

187

9A:CC:01:C5:78:39:27:86:79:CC:23:C5:98:59:F1:86

3.1.0.3 16.05.2013 .

-3000
. II

2.12
2.12.1

.465255.040


line

.
.
:
line {console | telnet | ssh}
:
console

telnet

Telnet.

ssh

SSH.


.
:
switchxxxxxx(config)# line telnet
switchxxxxxx(config-line)#

2.12.2

speed

:
speed bps
no speed

.

no

:
bps

: 4800, 9600,
19200, 38400, 57600 115200.


115200 /.

.
3.1.0.3 16.05.2013 .

188

-3000
. II

.465255.040


,
autobaud () .
.
:
switchxxxxxx(config-line)# speed 9600

2.12.3

autobaud

.
(autobaud).
:
autobaud
no autobaud
no .

.

.


:
Enter.
.
:
switchxxxxxx(config)# line console
switchxxxxxx(config-line)# autobaud

2.12.4

exec-timeout

.
, ,
.
:
exec-timeout minutes [seconds]
no exec-timeout

189

3.1.0.3 16.05.2013 .

-3000
. II

no

.465255.040

:
minutes

0 65535.

seconds

0 59.


10 .

.

exectimeout 0 0.
:
switchxxxxxx(config)# line
switchxxxxxx(config-line)# exec-timeout 20 10

2.12.5

show line

.
.
:
show line [console | telnet | ssh]
:
console

telnet

Telnet.

ssh

SSH.


, ,
.

.

3.1.0.3 16.05.2013 .

190

-3000
. II

.465255.040

:
switchxxxxxx# show line
configuration:
Interactive timeout: Disabled
History: 10
Baudrate: 9600
Databits: 8
Parity: none
Stopbits: 1
Telnet configuration:
Telnet is enabled.
Interactive timeout: 10 minutes 10 seconds
History: 10
SSH configuration:
SSH is enabled.
Interactive timeout: 10 minutes 10 seconds
History: 10

2.13
2.13.1

(,

aaa authentication login

.
.

list-name, login
authentication aaa authentication enable.
:
aaa authentication login {default | list-name} method1 [method2...]
aaa authentication login list-name method1 method2...
no aaa authentication login {default | list-name}
no
.

191

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
default

,
(
).

list-name

,
,
12 .

method
[method2 ...]

,
(, RADIUS
).

,
, none
.

21

enable

enable .

line

line .

local

none

radius

RADIUS .

tacacs

TACACS+ .


,
(
aaa authentication login local).
,
.

.

, aaa
authentication login, login
authentication.
3.1.0.3 16.05.2013 .

192

-3000
. II

.465255.040

no aaa authentication login list-name


, .
:
switchxxxxxx (config)# aaa authentication login authen-list radius local
none
switchxxxxxx (config)#line console
switchxxxxxx (config-line)#login authentication authen-list

2.13.2

aaa authentication enable

.

. ,
,
.
:
aaa authentication enable {default | list-name} method [method2...]}
no aaa authentication enable {default | list-name}
no
.

:

default

.
list-name

,

, 12
.
method
,
[method2 ...] .
,

(, RADIUS ).
,
,
none
.

193

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

22

enable

enable .

line

line .

none

radius

RADIUS .

tacacs

TACACS+ .


enable password
( aaa authentication enable
default enable).
, enable
password. ,
. aaa
authentication enable default enable none.

.

aaa authentication enable
list-name method1 [method2...], list-name
; method ,

.
,
aaa authentication enable, enable
authentication.
aaa authentication enable,
RADIUS,
$enabx$., .
aaa authentication enable,
TACACS+, ,
.
no aaa authentication enable list-name
, .

3.1.0.3 16.05.2013 .

194

-3000
. II

.465255.040

:
switchxxxxxx(config)# aaa authentication enable enable-list radius none
switchxxxxxx(config)# line console
switchxxxxxx(config-line)# enable authentication enable-list

2.13.3

login authentication

.
Telnet-
.
:
login authentication {default | list-name}
no login authentication
no
.

:
default

aaa
authentication
login

list-name

,
aaa authentication login.


,
aaa authentication login.

.
:
switchxxxxxx(config)# line console
switchxxxxxx(config-line)# login authentication default

switchxxxxxx (config)# aaa authentication login authen-list radius local


none
switchxxxxxx (config)#line console
switchxxxxxx (config-line)#login authentication authen-list

195

3.1.0.3 16.05.2013 .

-3000
. II

2.13.4

.465255.040

enable authentication

.

telnet- .
:
enable authentication {default | list-name}
no enable authentication

.

no

:
default

,
aaa authentication enable.

list-name

,
aaa authentication enable.


,
aaa authentication enable.

.
:
switchxxxxxx(config)# line console
switchxxxxxx(config-line)# enable authentication default

switchxxxxxx(config)# aaa authentication enable enable-list radius none


switchxxxxxx(config)# line console
switchxxxxxx(config-line)# enable authentication enable-list

2.13.5

ip http authentication

.
HTTP-.
:
ip http authentication aaa login-authentication method1 [method2...]
no ip http authentication aaa login-authentication

.
3.1.0.3 16.05.2013 .

no

196

-3000
. II

.465255.040

:
method
[method2 ...]

,
.
,

(, RADIUS ).
,
,
none
.

23

local

none

radius

RADIUS .

tacacs

TACACS+ .



( ip http
authentication local).

.

HTTP HTTPS.
:
switchxxxxxx(config)# ip http authentication aaa login-authentication
radius local none

197

3.1.0.3 16.05.2013 .

-3000
. II

2.13.6

.465255.040

show authentication methods

.
.

:
show authentication methods

.
:
switchxxxxxx# show authentication methods
Login Authentication Method Lists
--------------------------------Default: Radius, Local, Line
Console_Login: Line, None
Enable Authentication Method Lists
---------------------------------Default: Radius, Enable
Console_Enable: Enable, None
Line

Login Method List

Enable Method List

--------------

-----------------

------------------

Console

Console_Login

Console_Enable

Telnet

Default

Defaul

SSH

Default

Defaul

HTTP: Radius, local


HTTPS: Radius, local
Dot1x: Radius

2.13.7

password

.
, ,
Telnet.
:
password password [encrypted]
no password

.

3.1.0.3 16.05.2013 .

no

198

-3000
. II

.465255.040

:
password

0
159 .

encrypted


.

.
:
switchxxxxxx(config)# line console
switchxxxxxx(config-line)# password secret

2.13.8

enable password


.
enable
password
.
,
encrypted .
,
(, ),
(, ),
enable
encrypted
. ,
.
:
enable password [level privilege-level] {unencrypted-password |
encrypted encrypted-password}
no enable password [level level]

.

199

no

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
level level

, ,
1 15.
, 15.

unencryptedpassword

0
159 .

encryptedpassword

.
,
(, ,
.
(: 1 40)


15.
.

.
:
switchxxxxxx(config)# enable password level 15 encrypted
4b529f21c93d4706090285b0c10172eb073ffebc4

2.13.9

service password-recovery

.
.
,
,

no service
password-recovery.
, -
.
,
.
: All the configuration and user
files were removed.
:
service password-recovery
no service password-recovery
no
.
3.1.0.3 16.05.2013 .

200

-3000
. II

.465255.040


.

.

,

.
.

,

.
.


,
(Secure Sensitive Data),

,
.

:
switchxxxxxx(config)# no service password recovery
Note that choosing to use Password recovery option in the Boot Menu during
the boot process will remove the configuration files and the user files.
Would you like to continue ? Y/N.

2.13.10

username

.
.
:
username name {nopassword | password password | privilege
privilege-level | unencrypted-password | encrypted encryptedpassword}
username name
no username name
no .

201

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
name

20 .

nopassword

unencryptedpassword


159 .

encryptedpassword

MD5- .
,

(,
,

. (: 1 40)

privilege-level


1 15. ,
15.


.

.

. . 1.1
.

15 ( ,
)
.

15 ( ,
)
.

:
switchxxxxxx(config)# username tom privilege 15 password 1234

switchxxxxxx(config)# username jerry privilege 15 encrypted


4b529f21c93d4706090285b0c10172eb073ffebc4

3.1.0.3 16.05.2013 .

202

-3000
. II

2.13.11

.465255.040

show user accounts

.
.
:
show user accounts

.
:
switchxxxxxx# show users accounts
Password
Username

Privilege

Expiry date

Lockout

--------

---------

-----------

---------

Bob

15

Jan 18 2005

01

Robert

15

Jan 19 2005

LOCKOUT

Smith

15

24

2.13.12

Username

Privilege

Password Expiry date

Lockout



.
,
LOCKOUT.

aaa accounting login

.
.
:
aaa accounting login start-stop group {radius | tacacs+}
no aaa accounting login start-stop
no .

.

203

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.


(Telnet, web-,
SNMP).

(,
, line, ).

start/stop RADIUS /
.

RADIUS/TACACS+
RADIUS/TACACS+.
25
RADIUS.
25 RADIUS

User-Name (1)
NAS-IP-Address
(4)

Class (25)

Called-Station-ID
(30)
Calling-Station-ID
(31)
Acct-Session-ID
(44)
Acct-Authentic
(45)
Acct-Session-Time
(46)
Acct-TerminateCause (49)
3.1.0.3 16.05.2013 .

start
stop

IP-
,

RADIUS.

IP-
,

.

IP- .


.
,


.
.

204

-3000
. II

.465255.040

26 TACACS+


start
stop

task_id

user

IP- .

rem-addr
elapsed-time
reason

,
.

:
switchxxxxxx(config)# aaa accounting login start-stop group tacacs

2.13.13

aaa accounting dot1x

.
802.1x.
:
aaa accounting dot1x start-stop group radius
no aaa accounting dot1x start-stop group radius
no .

.

.

802.1x.
,
start/stop RADIUS
.

RADIUS RADIUS.
,
stop start .

205

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

(dot1x multiple-hosts
authentication) start/stop
.
(dot1x multiple-hosts)
start/stop ,
.
start/stop,
.
start/stop ,

VLAN.
27
RADIUS, .
27 RADIUS

User-Name (1)
NAS-IP-Address (4)

Start

Stop

NAS-Port (5)

.
IP-
,


RADIUS.
,
,
.

Class (25)

,

.

Called-Station-ID
(30)
Calling-Station-ID
(31)
Acct-Session-ID
(44)
Acct-Authentic (45)

- .

- .

Acct-Session-Time
(46)

Acct-TerminateCause (49)
Nas-Port-Type (61)

3.1.0.3 16.05.2013 .

206

-3000
. II

.465255.040

:
switchxxxxxx(config)# aaa accounting dot1x start-stop group radius

2.13.14

show accounting

.
.
:
show accounting

.
:
switchxxxxxx# show accounting
Login: Radius
802.1x: Disabled

2.13.15

passwords min-length

.
.
:
passwords min-length length
no passwords min-length
no
.
:
length

, 8
64 .



, .

.


, line enable.
207

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040



.
,
,
.
,
, .
:
switchxxxxxx (config)# passwords min-length 8

2.13.16

passwords aging

.
.
:
passwords aging days
no passwords aging

.

no

:
days

, ,
, 0
365. 0


.

.


15
enable 15.

3.1.0.3 16.05.2013 .

208

-3000
. II

.465255.040

:
switchxxxxxx (config)# passwords aging 24

2.13.17

passwords history

.
,
.
:
passwords history number
no passwords history
no .
:
number

,
1 8.


.

.

,
line enable.

.
,
.

.

209

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# passwords history 10

2.13.18

passwords lockout

.
,
.
:
passwords lockout number
no passwords lockout
no
.
:
number

,
,
1 5.


.

.


, line enable.

15
set
username active, set enable-password active set line active.
.

.

.

3.1.0.3 16.05.2013 .

210

-3000
. II

.465255.040

:
switchxxxxxx(config)# passwords lockout 3

2.13.19

aaa login-history file

.
log- .
:
aaa login-history file
no aaa login-history file
no log-.

log- .

.


.
:
switchxxxxxx(config)# aaa login-history file

2.13.20

set username active

.
.

:
set username name active
:
name

20 .


.
:
switchxxxxxx# set username Bob active

211

3.1.0.3 16.05.2013 .

-3000
. II

2.13.21

.465255.040

set line active

:
set line {console | telnet | ssh} active
:
console

telnet

telnet-.

ssh

ssh-.


.
:
switchxxxxxx# set line telnet active

2.13.22

set enable-password active

.
.

:
set enable-password level active
:
level

,
, 1 15.


.
:
switchxxxxxx# set enable-password 1 active

2.13.23

show passwords configuration

:
show passwords configuration
3.1.0.3 16.05.2013 .

212

-3000
. II

.465255.040


.
:
switchxxxxxx#show passwords configuration
Passwords aging is enabled with aging time 180 days.
Passwords complexity is enabled with the following attributes:
Minimal length: 3 characters
Minimal classes: 3
New password must be different than the current: Enabled
Maximum consecutive same characters: 3
New password must be different than the user name: Enabled
New password must be different than the manufacturer name: Enabled
switchcc293e#

28

Minimal length
Minimal character
classes

2.14
2.14.1

.

( , ..) .

Maximum number
of repeated
characters

Level

Aging

RADIUS
radius-server host

. ,
RADIUS-.
:
radius-server host {ip-address | hostname} [auth-port auth-portnumber] [acct-port acct-port-number] [timeout timeout] [retransmit
retries] [deadtime deadtime] [key key-string] [source {source-ip}]
[priority priority] [usage {login | 802.1x | all}]
no radius-server host {ip-address | hostname}
no RADIUS.

213

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
ip-address

IP- RADIUS- (IPv4-,


IPv6- IPv6z-). . .
IPv6z-.

hostname

RADIUS-,
158 .
63 .

IPv4-.

auth-port-

0
65535.
0,
.
.
acct-port-number
0,
.
,
1813.
timeout timeout
- 1
30 .

auth-port
number

retransmit retries

1 15.

deadtime deadtime

,
RADIUS

, 0
2000 .

key key-string


RADIUS
RADIUS 0 128 .

,

RADIUS-.

, "".
,

radius.
, keystring, .

key encrypted-key-string
3.1.0.3 16.05.2013 .

214

-3000
. II

.465255.040

source source-ip

IPv4- IPv6- ,

.
0.0.0.0
IP-
.

priority priority


0 65535, 0
.

usage {login | 802.1x | all}

RADIUS-.
:

login

RADIUS-

.

802.1x

RADIUS-
802.1.

all

RADIUS-


802.1.


1812.
timeout,
( radius-server timeout).
retransmit,
( radius-server retransmit).
key-string,
( radius-server key).
source,
( radius-server source-ip
radius-server source-ipv6).

,
. , -
radius-server timeout,
- radius-server
timeout.
RADIUS- all.

215

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.


.
source (IPv4 IPv6)
IP- .
:
switchxxxxxx(config)# radius-server host 192.168.10.1 auth-port 20
timeout 20

2.14.2

radius-server key

.
RADIUS-
RADIUS daemon.
:
radius-server key [key-string]
no radius-server key

.

no

:
key-string

RADIUS-

RADIUS-
128 .
,
RADIUS-.


.

.
:
switchxxxxxx(config)# radius-server key enterprise-server

3.1.0.3 16.05.2013 .

216

-3000
. II

2.14.3

.465255.040

radius-server retransmit

.

RADIUS-.
:
radius-server retransmit retries
no radius-server retransmit

.

no

:

1 15.

retries

3
RADIUS-.

.
:
switchxxxxxx(config)# radius-server retransmit 5

2.14.4

radius-server source-ip

. IP-
, RADIUS-.
:
radius-server source-ip {source-ip-address}
no radius-server source-ip {source-ip-address}

.

no

:
source-ip-address

IP- .


IP- .

217

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

IP-
, IP-
.
:
switchxxxxxx(config)# radius-server source-ip 10.1.1.1

2.14.5

radius-server source-ipv6

. IPv6 , RADIUS-.
:
radius-server source-ipv6 {source}
no radius-server source-ipv6 {source}

.

no

:
source

IPv6- .


IP-
IP-.

.

IP-
, IP-
.
:
switchxxxxxx(config)# radius-server source-ipv6
3ffe:1900:4545:3:200:f8ff:fe21:67cf

3.1.0.3 16.05.2013 .

218

-3000
. II

2.14.6

.465255.040

radius-server timeout

.
,
.
:
radius-server timeout timeout-seconds
no radius-server timeout

.

no

:
1 30 .

timeout-seconds

3 .

.
:
switchxxxxxx(config)# radius-server timeout 5

2.14.7

radius-server deadtime

.
, RADIUS
.
,
.
:
radius-server deadtime deadtime
no radius-server deadtime

.

no

:
deadtime

219

, RADIUS
, 0
2000 .

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

0.
:
switchxxxxxx(config)# radius-server deadtime 10

2.14.8

show radius-servers


RADIUS-.

:
show radius-servers

.
:
switchxxxxxx# show radius-servers
Port

Port

IP address Auth

Acct

TimeOut Retransmit Deadtime Sorce IP Priority Usage

---------- ---

---

-----

--------

-------

-------

------

172.16.1.1 1812

1813

Global

Global

Global

Global

All

172.16.1.2 1812

1813

11

Global

Global

All

----

Global values
-------------TimeOut: 3
Retransmit: 3
Deadtime: 0
Source IP: 172.16.8.1

2.15
2.15.1

TACACS+
tacacs-server host

.
() TACACS+.

3.1.0.3 16.05.2013 .

220

-3000
. II

.465255.040

:
tacacs-server host {ip-address | hostname} [single-connection] [port
port-number] [timeout timeout] [key key-string] [source {source-ip}]
[priority priority]
no tacacs-server host {ip-address | hostname}
no TACACS+.
:
IP- TACACS+- (IPv4-, IPv6-
ip-address
IPv6z-).
hostname
TACACS+-
158 .
63 .

221

single-connection

, / TCP
.

port-number

0
65535.

timeout

1 30 .

key-string


TACACS+
TACACS+- 0 128
.

,
TACACS+-.
"".
,
(
tacacs-server key).

source-ip

IPv4- IPv6- .
,
IP-.

priority

TACACS+-
0 65535, 0
.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


TACACS+ .
port-number 1812.
timeout ,
( tacacs-server timeout).
key-string ,
( tacacs-server key).
source ,
( tacacs-server source-ip).

,
. , -
tacacs-server timeout,
- tacacs-server
timeout.

.


tacacs-server host.
:
switchxxxxxx(config)# tacacs-server host 172.16.1.1

2.15.2

tacacs-server key

.
,
TACACS+ daemon.
:
tacacs-server key key-string
no tacacs-server key
no .
:
key-string

3.1.0.3 16.05.2013 .


TACACS+-
TACACS+- 0 128
.
222

-3000
. II

.465255.040

,
daemon.

TACACS+


.

.
:
switchxxxxxx(config)# tacacs-server key enterprise

2.15.3

tacacs-server timeout

.
,
TACACS+-.
:
tacacs-server timeout timeout
no tacacs-server timeout

.

no

:
timeout

1 30 .


5 .

.
:
switchxxxxxx(config)# tacacs-server timeout 30

2.15.4

tacacs-server source-ip

. IP-
TACACS+-.
:
tacacs-server source-ip {source}
no tacacs-server source-ip {source}
223

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

no

:
IP- (: IPsource
).

IP-
IP-.

.

IP-
IP-,
IP-.
:
switchxxxxxx(config)# tacacs-server source-ip 172.16.8.1

2.15.5

tacacs-server source-ipv6

. IPv6-
TACACS+-.
:
tacacs-server source-ipv6 {source}
no tacacs-server source-ipv6 {source}

.

no

:
source

IPv6- .


IP-
IP-.

.

3.1.0.3 16.05.2013 .

224

-3000
. II

.465255.040


IP-
IP-,
IP-.
:
switchxxxxxx(config)# tacacs-server source-ipv6
3ffe:1900:4545:3:200:f8ff:fe21:67cf

2.15.6

show tacacs

.
TACACS+-.
:
show tacacs [ip-address]
:
ip-address IP- TACACS+-.

.

ip-address ,
TACACS+-.
:
switchxxxxxx# show tacacs
IP address

Status

Port

Single

TimeOut

Connection

Source Priority
IP

----------

---------

-----

---------- -------- -----

172.16.1.1

Connected

49

No

Global

-------

Global 1

Global values
------------TimeOut: 3
Source IP: 172.16.8.1

225

3.1.0.3 16.05.2013 .

-3000
. II

2.16
2.16.1

.465255.040

Syslog
logging on

.
/
.
:
logging on
no logging on
no .

.

.


, ,
syslog-.

logging buffered, logging file logging on.
logging on ,
. .
:
switchxxxxxx(config)# logging on

2.16.2

logging host

.
syslog-.
:
logging host {ip-address | ipv6-address | hostname} [port port]
[severity level] [facility facility] [description text]
no logging host {ipv4-address | ipv6-address | hostname}
no syslog-
syslog-.
3.1.0.3 16.05.2013 .

226

-3000
. II

.465255.040

:
ip-address

IP- (IPv4-, IPv6- IPv6z-) ,


syslog-. . .
IPv6z-.

hostname

, syslog, 158 .
63 .
IPv4-.

port

syslog
1 65535. ,
514.

level

,
syslog-: (emergencies),
(alerts), (critical), (errors),

(warnings),

(notifications), (informational),
(debugging).

facility

, ;
: local0,
local1, local2, local3, local4, local5, local6, local7.
,
local7.

text

syslog- 64 .


syslog-.
severity level ,
informational.

.


syslog-.
:
switchxxxxxx(config)# logging host 1.1.1.121

switchxxxxxx(config)# logging host 3000::100/SYSLOG1

227

3.1.0.3 16.05.2013 .

-3000
. II

2.16.3

.465255.040

logging console

.
, ,
.
:
logging console level
no logging console

.

no

:
level

, .
:
(emergencies), (alerts),
(critical), (errors),
(warnings),

(notifications),

(informational),

(debugging).


.

.
:
switchxxxxxx(config)# logging console errors

2.16.4

logging buffered

.
syslog- .
.
:
logging buffered [buffer-size] [severity-level | severity-level-name]
no logging buffered
no syslog-
.
:
buffer-size
3.1.0.3 16.05.2013 .

,
228

-3000
. II

.465255.040

, 20
400.
severity-level

,
: 1 7.

severity-levelname

, ,
: (emergencies),
(alerts), (critical), (errors),

(warnings),

(notifications), (informational),
(debugging).


severity-level-name
.
buffer-size 200.

.

syslog- .
,
.
:
switchxxxxxx(config)# logging buffered debugging
switchxxxxxx(config)# logging buffered 100 7

2.16.5

clear logging

:
clear logging

.
:
switchxxxxxx# clear logging
Clear logging buffer [confirm]

229

3.1.0.3 16.05.2013 .

-3000
. II

2.16.6

.465255.040

logging file

. syslog,
.
:
logging file level
no logging file
no
.
:
level

syslog-, ,
: (emergencies), (alerts),

(critical),

(errors),
(warnings), (notifications),
(informational), (debugging).


errors.

.
:
switchxxxxxx(config)# logging file alerts

2.16.7

clear logging file

.
.
:
clear logging file

.
:
switchxxxxxx# clear logging file
Clear Logging File [y/n]

3.1.0.3 16.05.2013 .

230

-3000
. II

2.16.8

.465255.040

aaa logging

.
AAA login.

:
aaa logging {login}
no aaa logging {login}
no
AAA login.
:
login

,
AAA login,
.


AAA login .

.

,
AAA login,
.
:
switchxxxxxx(config)# aaa logging login

2.16.9

file-system logging

.
.

:
file-system logging {copy | delete-rename}
no file-system logging {copy | delete-rename}
no
.
:
copy
231

,
.
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

,
.

delete-rename



.

.
:
switchxxxxxx(config)# file-system logging copy

2.16.10

management logging

, ACL-.
:
management logging {deny}
no management logging {deny}
no ,
ACL-.
:
deny

, ACL.


, ACL, .

.

ACL-

:
switchxxxxxx(config)# management logging deny

3.1.0.3 16.05.2013 .

232

-3000
. II

2.16.11

.465255.040

logging aggregation on

.
syslog-. , logging (
, logging aggregation
aging-time).
:
logging aggregation on
no logging aggregation on

.

no

syslog-


syslog- .

.
:
switchxxxxxx(config)# no logging aggregation on

2.16.12

logging aggregation aging-time

.
syslog-.

:
logging aggregation aging-time sec
no logging aggregation aging-time

.

no

:
sec


3600 .

15


300 .

.
233

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# logging aggregation aging-time 300

2.16.13

show logging

.
syslog-,
.
:
show logging

.
:
switchxxxxxx# show logging
Logging is enabled.
Console Logging: Level info. Console Messages: 0 Dropped.
Buffer Logging: Level info. Buffer Messages: 61 Logged, 61 Displayed, 200
Max.
File Logging: Level error. File Messages: 898 Logged, 64 Dropped.
4 messages were not logged
Application filtering control
Application

Event

Status

-------------------- -------------------- --------AAA

Login

Enabled

File system

Copy

Enabled

File system

Delete-Rename

Enabled

Management ACL

Deny

Enabled

Aggregation: Disabled.
Aggregation aging time: 300 Sec
01-Jan-2010 05:29:46 :%INIT-I-Startup: Warm Startup
01-Jan-2010 05:29:02 :%LINK-I-Up: Vlan 1
01-Jan-2010 05:29:02 :%LINK-I-Up: SYSLOG6
01-Jan-2010 05:29:02 :%LINK-I-Up: SYSLOG7
01-Jan-2010 05:29:00 :%LINK-W-Down: SYSLOG8

2.16.14

show logging file

.
syslog-,
.

3.1.0.3 16.05.2013 .

234

-3000
. II

.465255.040

:
show logging file

.
:
switchxxxxxx# show logging file
Logging is enabled.
Console Logging: Level info. Console Messages: 0 Dropped.
Buffer Logging: Level info. Buffer Messages: 61 Logged, 61 Displayed, 200
Max.
File Logging: Level error. File Messages: 898 Logged, 64 Dropped.
4 messages were not logged
Application filtering control
Application

Event

Status

-------------------- -------------------- --------AAA

Login

Enabled

File system

Copy

Enabled

File system

Delete-Rename

Enabled

Management ACL

Deny

Enabled

Aggregation: Disabled.
Aggregation aging time: 300 Sec
01-Jan-2010 05:57:00 :%SSHD-E-ERROR: SSH error: key_read: type mismatch:
encoding error
01-Jan-2010 05:56:36 :%SSHD-E-ERROR: SSH error: key_read: type mismatch:
encoding error
01-Jan-2010 05:55:37 :%SSHD-E-ERROR: SSH error: key_read: type mismatch:
encoding error
01-Jan-2010 05:55:03 :%SSHD-E-ERROR: SSH error: key_read: key_from_blob
bgEgGnt9
z6NHgZwKI5xKqF7cBtdl1xmFgSEWuDhho5UedydAjVkKS5XR2... failed
01-Jan-2010 05:55:03 :%SSHD-E-ERROR: SSH error: key_from_blob: invalid key
type.
01-Jan-2010 05:56:34 :%SSHD-E-ERROR: SSH error: bad sigbloblen 58 !=
SIGBLOB_LEN
console#

2.16.15

show syslog-servers


syslog-.

:
show syslog-servers

235

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
:
switchxxxxxx# show syslog-servers
Device Configuration
IP address

Port Facility

Severity

------------- ---- --------- --------

2.17
2.17.1

1.1.1.121

514

local7

info

3000::100

514

local7

info

Description
--------------

RMON
show rmon statistics

. RMON Ethernet.
:
show rmon statistics {interface-id}
:
interface-id

(Ethernet Portchannel).


.
:
switchxxxxxx# show rmon statistics gi0/1
Port gi0/1
Dropped: 0
Octets: 0
Packets: 0
Broadcast: 0
Multicast: 0
CRC Align Errors: 0
Collisions: 0
Undersize Pkts: 0
Oversize Pkts: 0
Fragments: 0
Jabbers: 0
64 Octets: 0
65 to 127 Octets: 1
128 to 255 Octets: 1
256 to 511 Octets: 1
512 to 1023 Octets: 0
1024 to max Octets: 0

3.1.0.3 16.05.2013 .

236

-3000
. II

.465255.040

29

Dropped

,
- .
,
,

,
.
Octets
(
), (
, FCS).
Packets
(
,
).
Broadcast
,
.
.
Multicast
,
.

CRC Align Errors (
, FCS)
64 1518 , FCS (Frame Check
Secuence) FCS
(Alignment Error).
Collisions
Ethernet.
Undersize Pkts

64
( , FCS).
Oversize Pkts

1518
( , FCS).
Fragments

64 ( ,
FCS), FCS
FCS
(Alignment Error).
Jabbers

1518 ( ,
FCS), FCS
FCS
(Alignment Error).
64 Octets
(
) 64 (
, FCS).
65 to 127 Octets
(
) 65
127 ( ,
FCS).

237

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

29

128 to 255 Octets

256 to 511 Octets

512 to 1023
Octets

1024 to max

2.17.2

(
) 128
255 ( ,
FCS).
(
) 256
511 ( ,
FCS).
(
) 512
1023 ( ,
FCS).
(
) 1024

( , FCS).

rmon collection stats

(Ethernet, Portchannel). MIB RMON (Remote


Monitoring) .
:
rmon collection stats index [owner ownername] [buckets bucketnumber] [interval seconds]
no rmon collection stats index
no
RMON.
:
index
1
65535.
RMON
owner
ownername
(: ).
,
.
buckets bucket,
number
,
RMON, 1
50. ,
50.
interval seconds 1
3600 . ,
1800.
3.1.0.3 16.05.2013 .

238

-3000
. II

.465255.040


(Ethernet, Port-channel).
.
2.17.3

show rmon collection stats

.
RMON.

:
show rmon collection stats [interface-id]
:
interface-id

( Ethernet
Port-channel).


.
:
switchxxxxxx# show rmon collection stats
Index

Interface

Interval

Requested

Granted

Samples

Samples

Owner

-----

--------

-------

--------

--------

------

gi0/1

30

50

50

CLI

gi0/1

1800

50

50

Manager

30

2.17.4

Index

,
.

Interface

Ethernet.

Interval

Requested Samples

Granted Samples

Owner

, .

show rmon history

.
RMON Ethernet.

239

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
show rmon history index {throughput | errors | other} [period
seconds]
:
index

1 65535.

throughput
.
.
errors

other
.
period seconds

1 2147483647 .

.
:
switchxxxxxx# show rmon history 1 throughput
Sample Set: 1
Owner: CLI
Interface: gi0/1
Interval: 1800
Requested samples: 50
Granted Samples: 50
Maximum table size: 500
Time
Octets
------------------------Jan 18 2005 21:57:00
303595962
Jan 18 2005 21:57:30
287696304

Packets
------357568
275686

Broadcasts
-------3289
2789

Multicast
-------7287
5878

Until
----19%
20%

switchxxxxxx# show rmon history 1 errors


Sample Set: 1
Interface: gi0/1

Owner: Me
Interval: 1800

Requested samples: 50

Granted Samples: 50

Maximum table size: 500 (800 after reset)


CRC
Time
---------------

Align
----

Undersize
-------

Oversize
-------

Fragments Jabbers
-------- ------

Jan 18 2005 21:57:00


Jan 18 2005 21:57:30

1
1

1
1

0
0

49
27

3.1.0.3 16.05.2013 .

0
0

240

-3000
. II

.465255.040

switchxxxxxx# show rmon history 1 other


Sample Set: 1
Interface: gi0/1

Owner: Me
Interval: 1800

Requested samples: 50
Maximum table size: 500

Granted Samples: 50

Time

Dropped

Collisions

-------------Jan 18 2005 21:57:00

------3

---------0

Jan 18 2005 21:57:30

31

241

Time

Octets

(
), (
, FCS) .

Packets

(
, )
.

Broadcast

,
.

Multicast

,
.
.

Utilization


,
.

CRC Align

(
, FCS)
64 1518 , FCS (Frame Check Sequence)
( FCS), FCS
(Alignment Error).

Undersize


64
( , FCS).

Oversize


1518
( , FCS).

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

31

2.17.5

Fragments


64 ( ,
FCS), FCS
FCS (Alignment Error).

Jabbers


1518 ( ,
FCS), FCS
FCS (Alignment Error).

Dropped

,
- . ,
,
,
, .

Collisions

Ethernet .

rmon alarm

.
.
:
rmon alarm index mib-object-id interval rising-threshold fallingthreshold rising-event falling-event [type {absolute | delta}] [startup
{rising | rising-falling | falling}] [owner name]
no rmon alarm index
no .
:
index

1 65535.

mib-object-id

OID .

interval

,

, 1
4294967295 .

rising-threshold

0
4294967295.

fallingthreshold

0
4294967295.

rising-event

,
,
0 65535.

3.1.0.3 16.05.2013 .

242

-3000
. II

243

.465255.040

falling-event

,
,
0 65535.

type {absolute |
delta}

,

. :

absolute

delta

startup {rising |
rising-falling |
falling}

,
,

rising

,
(
),
rising-threshold, single rising
alarm (
).

risingfalling

,
(
),
rising-threshold, single rising
alarm (
). ,
(
),

falling-threshold,
single falling alarm (
).

falling

,
(
),
falling-threshold, single falling
alarm (
).

owner name

,
.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


absolute.
startup risingfalling.

.

owner name ,
.
:
switchxxxxxx(config)# rmon alarm 1000 1.3.6.1.2.1.2.2.1.10.1 360000
1000000 1000000 10 20

2.17.6

show rmon alarm-table

.
.
:
show rmon alarm-table

.
:
switchxxxxxx# show rmon alarm-table
Index

OID

Owner

-------

--------------

-------------

1.3.6.1.2.1.2.2.1.10.1

CLI

1.3.6.1.2.1.2.2.1.10.1

Manager

1.3.6.1.2.1.2.2.1.10.9

CLI

32

Index

OID

OID

Owner

3.1.0.3 16.05.2013 .

244

-3000
. II

2.17.7

.465255.040

show rmon alarm

.
.

:
show rmon alarm number
:
1 65535.

number

.
:
switchxxxxxx# show rmon alarm 1
Alarm 1
------OID: 1.3.6.1.2.1.2.2.1.10.1
Last sample Value: 878128
Interval: 30
Sample Type: delta
Startup Alarm: rising
Rising Threshold: 8700000
Falling Threshold: 78
Rising Event: 1
Falling Event: 1
Owner: CLI

33

245

Alarm

OID

OID .

Last Sample Value


. ,
delta,

. absolute,

.

Interval

,

.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

33

2.17.8

Sample Type

,
.
absolute,

.
delta, ,
, ,
.

Startup Alarm

, ,
. ,
,
startup alarm rising rising-falling,
rising. ,
,
, startup alarm
falling rising-falling,
falling.

Rising Threshold

.
,
,
,
.

Falling Threshold

.
,
,
,
.

Rising Event

,
.

Falling Event

,
.

Owner

,
.

rmon event

:
rmon event index {none | log | trap | log-trap} [community text]
[description text] [owner name]
no rmon event index
no .
3.1.0.3 16.05.2013 .

246

-3000
. II

.465255.040

:
index

1 65535.

none

log

trap


SNMP-
.

log-trap


SNMP
.

community text

(),
SNMP-, 0 127
(octet string).

description text

0 127 .

owner name

,
.


.

owner name ,
.
:
switchxxxxxx(config)# rmon event 10 log

2.17.9

show rmon events

.
RMON.
:
show rmon events

.
247

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx# show rmon events
Index

Description

Type

Community

Owner

Last time sent

-----

---------

----

---------

-----

-------------------

Errors

Log

router

CLI

Jan 18 2006 23:58:17

High

Log

Manager

Jan 18 2006 23:59:48

Broadcast

Trap

34

2.17.10

Index

, .

Description

Type

,
(none, log, trap, log-trap).
log
. trap
SNMP-
.

Community

SNMP-,
SNMP-, .

Owner

, .

Last time sent

,
.
, 0.

show rmon log

.
RMON.
:
show rmon log [event]
:
event

0 65535.

3.1.0.3 16.05.2013 .

248

-3000
. II

.465255.040

:
switchxxxxxx# show rmon log 1
Maximum table size: 500 (800 after reset)
Event
----

Description
--------------

Time
-----------

MIB Var.:
1.3.6.1.2.1.2.2.1.10.

Jan 18 2006 23:48:19

53, Delta, Rising,


Actual Val: 800,
Thres.Set: 100,
Interval (sec):1

2.17.11

rmon table-size

.
RMON.

:
rmon table-size {history entries | log entries}
no rmon table-size {history | log}

.

no

:
history entries


20 270.

log entries


20 100.


270 .
200 .

.


.
:
switchxxxxxx(config)# rmon table-size history 100

249

3.1.0.3 16.05.2013 .

-3000
. II

2.18
2.18.1

.465255.040

802.1
aaa authentication dot1x

. ,

802.1X.
:
aaa authentication dot1x default {radius | none | {radius none}}
no aaa authentication dot1x default

.

no

:
radius

RADIUS-
.

none


Radius.

.

RADIUS-,
(none) .
none

, RADIUS-
.
:
switchxxxxxx(config)# aaa authentication dot1x default radius none

3.1.0.3 16.05.2013 .

250

-3000
. II

2.18.2

.465255.040

clear dot1x statistics

802.1.

:
clear dot1x statistics [interface-id]
:
interface-id

Ethernet.


.

.

, show dot1x
statistics.
:
switchxxxxxx# clear dot1x statistics

2.18.3

dot1x auth-not-req

(VLAN).
VLAN.
:
dot1x auth-not-req
no dot1x auth-not-req
no VLAN.

.

251

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


(VLAN).

access
VLAN.

Native-VLAN
VLAN.

trunk

general PVID
VLAN (,
).
:
switchxxxxxx(config)# interface vlan 5
switchxxxxxx(config-if)# dot1x auth-not-req

2.18.4

dot1x guest-vlan

(VLAN).
(guest) VLAN.
:
dot1x guest-vlan
no dot1x guest-vlan

.

no


VLAN .


VLAN
dot1x guest-vlan enable.
VLAN.
VLAN VLAN
.
:
switchxxxxxx(config)# interface vlan 2
switchxxxxxx(config-if)# dot1x guest-vlan

3.1.0.3 16.05.2013 .

252

-3000
. II

2.18.5

.465255.040

dot1x guest-vlan enable

.
VLAN.
:
dot1x guest-vlan enable
no dot1x guest-vlan enable
no .

.

.

VLAN.
VLAN
dot1x guest-vlan.
:
switchxxxxxx(config)# interface gi0/4
switchxxxxxx(config-if)# dot1x guest-vlan enable

2.18.6

dot1x guest-vlan timeout

.
802.1 (
) VLAN.
:
dot1x guest-vlan timeout timeout
no dot1x guest-vlan timeout

.

no

:
timeout

253

802.1
VLAN
30 180 .

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

VLAN


.

,
VLAN . -
802.1
VLAN.
:
switchxxxxxx(config)# dot1x guest-vlan timeout 60

2.18.7

dot1x host-mode

(Ethernet).
()
IEEE 802.1x-.
:
dot1x host-mode {multi-host | single-host | multi-sessions}

.

no

:
multi-host

single-host

multi-sessions


multi-host.

(Ethernet).



. ,
.
3.1.0.3 16.05.2013 .

254

-3000
. II

.465255.040


.
, ,
-.

.

User Logout
, Logoff.


.
:
switchxxxxxx(config)# interface gigabitethernet 0/1
switchxxxxxx(config-if)# dot1x host-mode multi-host
switchxxxxxx(config-if)# dot1x host-mode single-host
switchxxxxxx(config-if)# dot1x host-mode multi-sessions

2.18.8

dot1x max-req

(Ethernet).

/ (, )
.
:
dot1x max-req count
no dot1x max-req

.

no

:
count


/

1 10.


2.

(Ethernet).
255

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040



(
,
).
:
switchxxxxxx(config)# interface gi0/4
switchxxxxxx(config-if)# dot1x max-req 6

2.18.9

dot1x port-control

(Ethernet).
.
:
dot1x
port-control
{auto
|
force-authorized
unauthorized}[time-range time-range-name]

force-

no dot1x port-control

.

no

:
auto

802.1 ;

,
802.1
.

force-authorized

802.1

- .

802.1.

force-unauthorized


.
.
time-range-name

3.1.0.3 16.05.2013 .

1
32 . Time Range
,
Unauthorized.
256

-3000
. II

.465255.040


force-authorized.

(Ethernet).

Spanning Tree
Spanning Tree PortFast 802.1 (
auto, )
.
:
switchxxxxxx(config)# interface gi0/4
switchxxxxxx(config-if)# dot1x port-control auto

2.18.10

dot1x radius-attributes errors filter-id

.
RADIUS.
:
dot1x radius-attributes errors filter-id resources {accept | reject}
no dot1x radius-attributes errors filter-id resources

.

no

:
accept

, Filter-ID
- .
Filter-ID
, .

reject

, Filter-ID
.


reject.

.
:
switchxxxxxx(config-if)# dot1x radius-attributes errors filter-id resources accept

257

3.1.0.3 16.05.2013 .

-3000
. II

2.18.11

.465255.040

dot1x radius-attributes filter-id

(Ethernet).
ACL/QoS .
:
dot1x radius-attributes filter-id
no dot1x radius-attributes filter-id
no ACL/QoS
.

.

(Ethernet).

ACL/QoS

802.1.
,
Forced Authorized Forced
Unauthorized.
:
switchxxxxxx(config-if)# dot1x radius-attributes filter-id

2.18.12

dot1x radius-attributes vlan

. VLAN
, .
:
dot1x radius-attributes vlan [reject | vlan-id]
no dot1x radius-attributes vlan
no VLAN
.
:
reject

3.1.0.3 16.05.2013 .

RADIUS- ,

VLAN
,

. ,
.
258

-3000
. II

.465255.040

vlan-id

RADIUS- ,

VLAN ,
VLAN
.

static

RADIUS- ,

VLAN
,


reject.

(Ethernet).

,
Forced Authorized.
RADIUS
( ).
RADIUS Radius accept
VLAN ,
.
.

VLAN.
VLAN.
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# dot1x radius-attributes vlan
switchxxxxxx(config-if)# exit

switchxxxxxx(config)# interface gi0/1


switchxxxxxx(config-if)# dot1x radius-attributes vlan 100
switchxxxxxx(config-if)# exit

2.18.13

dot1x re-authenticate

.
802.1
802.1.

259

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
dot1x re-authenticate [interface-id]
:
interface-id

( Ethernet).


, .

.
:
switchxxxxxx# dot1x re-authenticate gi0/4

2.18.14

dot1x reauthentication

.
.

:
dot1x reauthentication
no dot1x reauthentication

.

no


(Ethernet).
:
switchxxxxxx(config)# interface gigabitethernet 0/1
switchxxxxxx(config-if)# dot1x reauthentication

2.18.15

dot1x system-auth-control


802.1.

:
dot1x system-auth-control
3.1.0.3 16.05.2013 .

260

-3000
. II

.465255.040

no dot1x system-auth-control

.

no


.

.
:
switchxxxxxx(config)# dot1x system-auth-control

2.18.16

dot1x timeout quiet-period

(Ethernet).
,
(,
).
:
dot1x timeout quiet-period seconds
no dot1x timeout quiet-period

.

no

:
seconds

,

, 0 65535 .


60 .

(Ethernet).


.

(
261

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

,
).

,
.
802.1x.
:
switchxxxxxx(config)# interface gi0/4
switchxxxxxx(config-if)# dot1x timeout quiet-period 3600

2.18.17

dot1x timeout reauth-period

(Ethernet).

.
:
dot1x timeout reauth-period seconds
no dot1x timeout reauth-period

.

no

:
seconds


30 4294967295 .


3600 .

(Ethernet).

802.1x.
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# dot1x timeout reauth-period 5000

3.1.0.3 16.05.2013 .

262

-3000
. II

2.18.18

.465255.040

dot1x timeout server-timeout

(Ethernet).
,
.
:
dot1x timeout server-timeout seconds
no dot1x timeout server-timeout

.

no

:
seconds

,
,
1 65535 .


- 30 .

(Ethernet).

- ,
dot1x timeout server-timeout,
,
radius-server retransmit, -,
radius-server retransmit.
.
:
switchxxxxxx(config)# interface gi0/4
switchxxxxxx(config-if)# dot1x timeout server-timeout 3600

2.18.19

dot1x timeout supp-timeout

(Ethernet).
,

.
:
dot1x timeout supp-timeout seconds
263

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

no dot1x timeout supp-timeout



.

no

:
seconds
,


, 1 65535 .

- 30 .

(Ethernet).


(
,
).
802.1x.
:
switchxxxxxx(config)# interface gi0/4
switchxxxxxx(config-if)# dot1x timeout supp-timeout 3600

2.18.20

dot1x timeout tx-period

(Ethernet).
,
/
.
:
dot1x timeout tx-period seconds
no dot1x timeout tx-period

.

no

:
seconds
3.1.0.3 16.05.2013 .

,
/

264

-3000
. II

.465255.040

, 30 65535 .

30 .

(Ethernet).


(
,
).
:
switchxxxxxx(config)# interface gi0/4
switchxxxxxx(config-if)# dot1x timeout tx-period 60

2.18.21

dot1x traps authentication quiet

.
,

.
:
dot1x traps authentication quiet [802.1x] [web]
dot1x traps authentication quiet [802.1x]
no dot1x traps authentication quiet
no .
:
802.1x
web

,
802.1X.
,
WEB.


.

.

265

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


,

.
:
switchxxxxxx(config)#interface gi15
switchxxxxxx(config-if)#dot1x traps authentication quiet 802.1x

2.18.22

dot1x traps mac-authentication failure

.
- 802.1X macauthentication access control.
:
dot1x traps mac-authentication failure
no dot1x traps mac-authentication failure
no .

.

.
:
switchxxxxxx(config)#interface gi0/5
switchxxxxxx(config-if)#dot1x traps mac-authentication failure

2.18.23

dot1x traps mac-authentication success

.
- 802.1X macauthentication access control.
:
dot1x traps mac-authentication success
no dot1x traps mac-authentication success
no .

.
3.1.0.3 16.05.2013 .

266

-3000
. II

.465255.040


.
:
switchxxxxxx(config)#interface gi0/5
switchxxxxxx(config-if)#dot1x traps mac-authentication success

2.18.24

dot1x violation-mode

(Ethernet).
, , , -
- ,
.
:
dot1x violation-mode {restrict | protect | shutdown}
no dot1x violation-mode

.

no

:
restrict

protect
shutdown

SNMP-, MAC-
,
, - .
SNMP 1 . ,
.
,
.
,
,
.


protect.

(Ethernet).

.
BPDU, - -
, protect.
267

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

BPDU, - -
,
shutdown.
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# dot1x violation-mode protect

2.18.25

show dot1x

.
802.1 .

:
show dot1x [interface interface-id | detailed]
:
interface-id

( Ethernet).

detailed


.
show dot1x:
switchxxxxxx# show dot1x
802.1x is enabled
Port

Admin

Oper

Reauth

Reauth

Username

Mode

Mode

Control

Period

---gi0/1

-----Auto

---------Authorized

-----Ena

------3600

------Bob

gi0/2

Auto

Authorized

Ena

3600

John

gi0/3

Auto

Unauthorized

Ena

3600

Clark

gi0/4

Force-auth

Authorized

Dis

3600

n/a

* Port is down or not present.

3.1.0.3 16.05.2013 .

268

-3000
. II

.465255.040

show dot1x interface gi0/3:


switchxxxxxx# show dot1x interface gi0/3
802.1x is enabled
Port

Admin

Oper

Reauth

Reauth

Mode

Mode

Control

Period

----

------

----------

------

-------

-------

gi0/3

Auto

Unauthorized

Ena

3600

Clark

Time-range:

work-hours (Inactive now)

Quiet period:

60 seconds

Tx period:

30 seconds

Max req:

Supplicant timeout:

30 seconds

Username

Server timeout:

30 seconds

Session Time (HH:MM:SS):

08:19:17

MAC Address:

00:08:78:32:98:78

Authentication Method:

Remote

Termination Cause:

Supplicant logoff

Authenticator State Machine


State:

HELD

Backend State Machine


State:

IDLE

Authentication success:

Authentication fails:

35

269

Port

Admin mode

. :
Force-auth, Force-unauth, Auto.

Oper mode

. : Authorized,
Unauthorized, Down.

Reauth Control

Reauth Period

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

35

2.18.26

Username

,
. ,
auto.
Authorized,
. Unauthorized,

.

Quiet period

,
-
(,
).

Tx period

,
/
.

Max req


(, )

Supplicant
timeout

,

.

Server timeout

,

.

Session Time

(::) .

MAC address

- .

Authentication
Method

,
.

Termination
Cause

State

Authenticator PAE state machine


Backend state machine.

Authentication
success

success
.

Authentication
fails

failure

show dot1x advanced

.
802.1
.
3.1.0.3 16.05.2013 .

270

-3000
. II

.465255.040

:
show dot1x advanced [interface-id | detailed]
:
interface-id

Ethernet.

detailed


.
2.18.27

show dot1x statistics

. 802.1
.
:
show dot1x statistics interface interface-id
:
interface-id

Ethernet.


.
:
Console# show dot1x statistics interface gi0/1
EapolFramesRx: 11
EapolFramesTx: 12
EapolStartFramesRx: 1
EapolLogoffFramesRx: 1
EapolRespIdFramesRx: 3
EapolRespFramesRx: 6
EapolReqIdFramesTx: 3
EapolReqFramesTx: 6
InvalidEapolFramesRx: 0
EapLengthErrorFramesRx: 0
LastEapolFrameVersion: 1
LastEapolFrameSource: 00:08:78:32:98:78

271

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

36

EapolFramesRx

EAPOL
,
.

EapolFramesTx

EAPOL ,
.

EapolStartFramesRx

EAPOL Start,
.

EapolLogoffFramesRx

EAPOL Logoff,
.

EapolRespIdFramesRx

EAPOL Resp/Id,
.

EapolRespFramesRx

EAPOL Response
(
Resp/Id),

EapolReqIdFramesTx

EAPOL Req/Id,
.

EapolReqFramesTx

EAPOL Request ( Req/Id),


.

InvalidEapolFramesRx

EAPOL,
,
.

EapLengthErrorFramesRx EAPOL,
, Packet
Body Length .
LastEapolFrameVersion

,
EAPOL.

LastEapolFrameSource

- ,
EAPOL.

3.1.0.3 16.05.2013 .

272

-3000
. II

2.18.28

.465255.040

show dot1x users

.
, 802.1,
.
:
show dot1x users [username username]
:
160 .

username


.

.
:
switchxxxxxx# show dot1x users username Bob
Port

2.19
2.19.1

Username

Session

Auth

MAC

Time

Method

Address

VLAN

-----

--------

---------- ------- -------------

----

gi0/1

Bob

1d 09:07:38 Remote

0008.3b79.8787

Ethernet
interface

.
.
:
interface interface-id
:
interface-id

( Ethernet, Portchannel, VLAN, , IP-


).

273

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)#

switchxxxxxx(config)# interface po1


switchxxxxxx(config-if)#

2.19.2

interface range

.
.
:
interface range interface-id-list
:
interface-id-list

ID ( Ethernet, VLAN
Port-channel).


(Ethernet, Port-channel
VLAN).


.
,

.
:
switchxxxxxx(config)# interface range gi0/1-5
switchxxxxxx(config-if-range)#

2.19.3

shutdown

( Ethernet, Portchannel). .
:
shutdown
no shutdown
no .
3.1.0.3 16.05.2013 .

274

-3000
. II

.465255.040


.

( Ethernet, Port-channel).
:
switchxxxxxx(config)# interface gi0/4
switchxxxxxx(config-if)# shutdown
switchxxxxxx(config-if)#

switchxxxxxx(config)# interface gi0/4


switchxxxxxx(config-if)# no shutdown
switchxxxxxx(config-if)

2.19.4

operation time

(Ethernet).
.
:
operation time time-range-name
no operation time
no .
:
time-range-name


32 .
, .



.

(Ethernet).

Spanning Tree
Spanning Tree PortFast 802.1 (
auto, )
, FORWARDING
.
275

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

,
. ,
, ,
.
,
.
:
Console(config)# interface gi1/1/15
Console(config-if)# operation time morning

2.19.5

description

( Ethernet, Portchannel). .
:
description string
no description
no .
:
string

64 .


.

( Ethernet, Port-channel).
:
switchxxxxxx(config)# interface gi0/4
switchxxxxxx(config-if)# description SW#3

2.19.6

speed

( Ethernet, Portchannel). Ethernet


, .
:
speed {10 | 100 | 1000 | 10000}
no speed
3.1.0.3 16.05.2013 .

276

-3000
. II

.465255.040

no

:
10

10 /.

100

100 /.

1000

1000 /.

10000

10000 /.


( Ethernet, Port-channel).

no speed Port-channel
Port-channel
.
:
switchxxxxxx(config)# interface gigabitethernet 0/4
switchxxxxxx(config-if)# speed 100

2.19.7

duplex

( Ethernet, Portchannel).
Ethernet, .
:
duplex {half | full}
no duplex

.

no

:
half
.
full
.

.
277

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


(Port-channel).
:
switchxxxxxx(config)# interface gigabitethernet 0/4
switchxxxxxx(config-if)# duplex full
switchxxxxxx(config-if)#

2.19.8

negotiation

(Ethernet, Portchannel).
, master/slave
.
:
negotiation [capability [capability2... capability5]] [preferred {master |
slave}]
no negotiation
no .
:
capability

,
. :
10h, 10f, 100h, 100f, 1000f. ,

.

preferred

master/slave:

master

master.

slave

slave.


capability ,
master.

( Ethernet, Port-channel).
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# negotiation

3.1.0.3 16.05.2013 .

278

-3000
. II

2.19.9

.465255.040

flowcontrol

( Ethernet, Portchannel).
.
:
flowcontrol {auto | on | off}
no flowcontrol
no .
:
auto

on

off


.

( Ethernet, Port-channel).


negotiation.
:
Switchxxxxxx(config)# interface gi0/1
Switchxxxxxx(config-if)# flowcontrol on

2.19.10

mdix

(Ethernet).
.
:
mdix {on | auto}
no mdix
no .
:
on
279


(MDIX).
3.1.0.3 16.05.2013 .

-3000
. II

auto

.465255.040

(MDI/MDIX).


on.

(Ethernet).
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# mdix auto.

2.19.11

back-pressure

(Ethernet).
.
:
back-pressure
no back-pressure
no
.


.

(Ethernet).
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# back-pressure

2.19.12

port jumbo-frame

.
Jumbo- .
:
port jumbo-frame
no port jumbo-frame
no Jumbo-.
3.1.0.3 16.05.2013 .

280

-3000
. II

.465255.040


Jumbo- .

.


.
:
switchxxxxxx(config)# port jumbo-frame

2.19.13

clear counters

.
.
:
clear counters [interface-id]
:
interface-id

( Ethernet
Port-channel).


.

.
:
switchxxxxxx# clear counters gi0/1

2.19.14

set interface active

.
.
:
set interface active { interface-id }
:
interface-id
281

( Ethernet
Port-channel).
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

,
, .
:
switchxxxxxx# set interface active gi0/1

2.19.15

errdisable recovery cause

.
-
(Err-Disable).
:
errdisable recovery cause {all | port-security | dot1x-src-address | acldeny |stp-bpdu-guard | stp-loopback-guard }
no errdisable recovery cause {all | port-security | dot1x-src-address |
acl-deny | stp-bpdu-guard | stp-loopback-guard }

.

no

:
all

port-security


Port security ErrDisable.

dot1x-src-address


802.1x Err-Disable.

acl-deny


ACL Deny Err-Disable.

stp-bpdu-guard


STP BPDU Guard ErrDisable.

stp-loopbackguard


STP Loopback Guard
Err-Disable.

3.1.0.3 16.05.2013 .

282

-3000
. II

.465255.040


.

.
:
switchxxxxxx(config)# errdisable recovery cause loopback-detection

2.19.16

errdisable recovery interval

. -
.
:
errdisable recovery interval seconds
no errdisable recovery interval

.

no

:
seconds

-
30 86400 .


300 .

.
:
switchxxxxxx(config)# errdisable recovery interval 600

2.19.17

show interfaces configuration

.

.
:
show interfaces configuration [interface-id | detailed]
:
interface-id
283

( Ethernet
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Port-channel).


.

detailed


.
detailed ,
.

.
:
switchxxxxxx# show interfaces configuration
Flow
Port

Type

Duplex Speed Neg

Admin Back

Mdix

control State Pressure Mode

------- --------- ------ ----- -------- ------- ----- -------- --gi0/1

1G-Copper Full

10000 Disabled Off

Up

Disabled Off

gi0/2

1G-Copper Full

1000

Up

Disabled Off

Ch

Type

------- -------

Flow

Admin

Speed

Neg

control

State

-----

--------

-------

-----

Disabled

Off

Up

Po1

2.19.18

Disabled Off

show interfaces status

.
.
:
show interfaces status [interface-id | detailed]
:
interface-id

( Ethernet Portchannel).

detailed


.
detailed ,
.
3.1.0.3 16.05.2013 .

284

-3000
. II

.465255.040


.
:
switchxxxxxx# show interfaces status

Port

Type

Duplex

Speed Neg

Flow

Link

ctrl

State Pressure Mode

Mdix

------- --------- ------

----- -------- ----

----

------

gi0/1

1G-Copper Full

1000

Disabled

Off

Up

Disabled Off

gi0/2

1G-Copper --

--

--

--

Down

--

Flow
Ch

2.19.19

Back

Type

control State

------- -------

------ ----- --------

------- -----------

Po1

Full

Off

10000 Disabled

--

Link

Duplex Speed Neg

1G

---

Up

show interfaces advertise

.

.
:
show interfaces advertise [interface-id | detailed]
:
interface-id

( Ethernet
Port-channel).

detailed


.
detailed ,
.

.

285

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx# show interfaces advertise
Port

Type

Neg

Operational Link Advertisement

----

--------

-------

-------------------------

gi0/1

1G-Copper

Enable

1000f, 100f, 10f, 10h

gi0/2

1G-Copper

Enable

1000f

switchxxxxxx# show interfaces advertise gi0/1


Port:gi0/1
Type: 1G-Copper
Link state: Up
Auto Negotiation: enabled
10h

10f

100h

100f

1000f

---

---

---

---

----

Admin Local link Advertisement

yes

yes

yes

yes

yes

Oper Local link Advertisement

yes

yes

yes

yes

yes

Remote Local link Advertisement

no

no

yes

yes

yes

Priority Resolution

yes

Switchxxxxxx# show interfaces advertise gi0/1


Port: gi0/1
Type: 1G-Copper
Link state: Up
Auto negotiation: disabled.

2.19.20

show interfaces description

.
:
show interfaces description [interface-id | detailed]
:
interface-id

( Ethernet
Port-channel).

detailed

3.1.0.3 16.05.2013 .

286

-3000
. II

.465255.040


.
detailed ,
.

.
:
switchxxxxxx# show interfaces description
Port

Description

gi0/1

-----------------------------------------------------

gi0/2

Port that should be used for management only

gi0/3
gi0/4

2.19.21

PO

Description

----

----------

Po1

Output

show interfaces counters

.
,
.
:
show interfaces counters [interface-id | detailed]
:
interface-id

( Ethernet
Port-channel).

detailed


.
detailed ,
.

.
287

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx# show interfaces counters gi0/1
Port

InUcastPkts

InMcastPkts

InBcastPkts

InOctets

-------

-----------

------------

------------

---------

gi0/1

Port

OutUcastPkts

OutMcastPkts

OutBcastPkts

OutOctets

------gi0/1

----------0

-----------1

-----------35

--------7051

Alignment Errors: 0
FCS Errors: 0
Single Collision Frames: 0
Multiple Collision Frames: 0
SQE Test Errors: 0
Deferred Transmissions: 0
Late Collisions: 0
Excessive Collisions: 0
Carrier Sense Errors: 0
Oversize Packets: 0
Internal MAC Rx Errors: 0
Symbol Errors: 0
Received Pause Frames: 0
Transmitted Pause Frames: 0

37

InOctets

InUcastPkts

unicast-.

InMcastPkts

multicast-.

InBcastPkts

broadcast-.

OutOctets

OutUcastPkts

unicast-.

OutMcastPkts

multicast-.

OutBcastPkts

broadcast-.

FCS Errors

,
,
FCS.

Single Collision Frames

,
,
.

Multiple Collision Frames

,
,
.

3.1.0.3 16.05.2013 .

288

-3000
. II

.465255.040

37

2.19.22

SQE Test Errors

SQE
TEST ERROR. SQE TEST ERROR

SQE PLS Carrier Sense


Function IEEE 802.3,
(2000 ., . 7.2.4.6).

Deferred Transmissions

,
-
.

Late Collisions


, slotTime .

Excessive Collisions

,
.

Oversize Packets

,

.

Internal MAC Rx Errors

, .

Received Pause Frames

MAC Control,
PAUSE.

Transmitted Pause Frames

MAC Control,
PAUSE.

show ports jumbo-frame

.
Jumbo-.
:
show ports jumbo-frame

.
:
switchxxxxxx# show ports jumbo-frame
Jumbo frames are disabled
Jumbo frames will be enabled after reset

2.19.23

show errdisable recovery

.
Err-Disable.
289

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
show errdisable recovery

.
:
switchxxxxxx# show errdisable recovery
Timer interval: 300 Seconds
Reason

2.19.24

Automatic Recovery

----------------------

-----------------

port-security

Disable

dot1x-src-address

Disable

acl-deny

Enable

stp-bpdu-guard

Disable

stp-loopback-guard

Disable

show errdisable interfaces

.
Err-Disable.
:
show errdisable interfaces [interface-id]
:
interface

port-channel-number

Port channel.


.

.
:
switchxxxxxx# show errdisable interfaces
Interface

Reason

---------

---------------

gi0/1

stp-bpdu-guard

3.1.0.3 16.05.2013 .

290

-3000
. II

2.19.25

.465255.040

storm-control broadcast enable

(Ethernet).
.
:
storm-control broadcast enable
no storm-control broadcast enable

no


.

(Ethernet).

multicast-
unicast-,
,
storm-control include-multicast.
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# storm-control broadcast enable

2.19.26

storm-control broadcast level kbps

(Ethernet).

.
:
storm-control broadcast level kbps kbps
no storm-control broadcast level

.

no

:
kbps

291

/.
(3500-10G)

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


1000.

(Ethernet).

storm-control broadcast enable.


20
Ethernet (+SFD+IPG).
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# storm-control broadcast level kbps 12345

2.19.27

storm-control include-multicast

(Ethernet).
.
:
storm-control include-multicast
no storm-control include-multicast

no


.

(Ethernet).
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# storm-control include-multicast

2.19.28

show storm-control

.
-
.

3.1.0.3 16.05.2013 .

292

-3000
. II

.465255.040

:
show storm-control [interface-id | detailed]
:
interface-id

Ethernet.

detailed


.
detailed ,
.

.

storm-control broadcast enable.


20
Ethernet (+SFD+IPG).

,

,
.
:
switchxxxxxx# show storm-control
Port

State

Rate [Kbits/Sec]

------ -------- --------------gi0/1

Enabled

12345

Included

-----------------------Broadcast, Multicast,
Unknown unicast

gi0/2

2.20
2.20.1

Disabled

100000

Broadcast


test cable-diagnostics tdr

.
TDR (Time Domain Reflectometry)
,
.
:
test cable-diagnostics tdr interface interface-id
293

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
interface-id

( Ethernet).


.

- (
).

- .
TDR 120 .
:
switchxxxxxx# test cable-diagnostics tdr interface gi0/3
Cable is open at 64 meters

switchxxxxxx# test cable-diagnostics tdr interface gi0/3


Fiber ports are not supported

2.20.2

show cable-diagnostics tdr

.
TDR-
.
:
show cable-diagnostics tdr [interface interface-id | detailed]
:
interface-id

( Ethernet).

detailed


.
detailed ,
.

.
3.1.0.3 16.05.2013 .

294

-3000
. II

.465255.040


TDR- 120 .
:
switchxxxxxx# show cable-diagnostics tdr

2.20.3

Port

Result

Length (meters)

Date

----

-------

--------------

----------------------------

gi0/1

OK

gi0/2

Short

50

13:32:00 23 July 2010

gi0/3

Test has not been performed

gi0/4

Open

64

13:32:00 23 July 2010

show cable-diagnostics cable-length

.
,
.
:
show cable-diagnostics cable-length [interface interface-id | detailed]
:
interface-id

( Ethernet).

detailed


.

100 1000 .
:
switchxxxxxx# show cable-diagnostics cable-length

2.20.4

Port

Length [meters]

----

------------------

gi0/1

< 50

gi0/2

Copper not active

gi0/3

110-140

show fiber-ports optical-transceiver

.
.
295

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
show fiber-ports optical-transceiver [interface interface-id | detailed]
:
interface-id

( Ethernet).

detailed


.
detailed ,
.

.
:
switchxxxxxx# show fiber-ports optical-transceiver
Port
Temp Voltage Current Output Input LOS
Power Power
--------- ----- ------- ------- ------ ----- --gi0/1
W
OK
OK
OK
OK
OK
gi0/2
OK
OK
OK
E
OK
OK
Temp
- Internally measured transceiver temperature
Voltage
- Internally measured supply voltage
Current
- Measured TX bias current
Output Power - Measured TX output power in milliWatts
Input Power - Measured RX received power in milliWatts
LOS
- Loss of signal
N/A - Not Available, N/S - Not Supported, W - Warning, E Error

switchxxxxxx# show fiber-ports optical-transceiver detailed


Port

Temp
[C]

Voltage
[Volt]

-----

-----

gi0/1
gi0/2

Copper
Copper

------

gi0/3
gi0/4
Temp

28
29

Current
[mA]

Output
Power

Input
Power

LOS

-------

[mWatt] [mWatt]
------ ------- ----

3.32
7.26
3.53
3.68
No
3.33
6.50
3.53
3.71
No
- Internally measured transceiver temperature

Voltage

- Internally measured supply voltage

Current

- Measured TX bias current

Output Power - Measured TX output power in milliWatts


Input Power - Measured RX received power in milliWatts

3.1.0.3 16.05.2013 .

296

-3000
. II
LOS

.465255.040

- Loss of signal

N/A - Not Available, N/S - Not Supported, W - Warning, E - Error

2.21
2.21.1

Green Ethernet
green-ethernet energy-detect ( )

.
Green-Ethernet Energy-Detect .
:
green-ethernet energy-detect
no green-ethernet energy-detect
no Green-Ethernet
Energy-Detect.

.
:
switchxxxxxx(config)# green-ethernet energy-detect

2.21.2

green-ethernet energy-detect ( )

(Ethernet).
Green-Ethernet Energy-Detect .
:
green-ethernet energy-detect
no green-ethernet energy-detect
no Green-Ethernet
Energy-Detect .

(Ethernet).

Energy-Detect
.
, Energy-Detect
.
5 ,
.
297

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# green-ethernet energy-detect

2.21.3

green-ethernet short-reach ( )

.
Green Ethernet Short-Reach .
:
green-ethernet short-reach
no green-ethernet short-reach
no Green Ethernet ShortReach.

Green Ethernet Short-Reach .

.
:
switchxxxxxx(config)# green-ethernet short-reach

2.21.4

green-ethernet short-reach ( )

(Ethernet).
Green Ethernet Short-Reach .
:
green-ethernet short-reach
no green-ethernet short-reach
no Green Ethernet ShortReach .

Green Ethernet Short-Reach .

(Ethernet).

Short-Reach ,
,
3.1.0.3 16.05.2013 .

298

-3000
. II

.465255.040

VCT (Virtual Cable Tester). VCT


1000 /.
,
1000 /, Short-Reach
( green-ethernet short-reach
force), Short-Reach .
enhanced,
VCT
,
. ,
, PHY .
EEE ,
Short-Reach.
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# green-ethernet short-reach

2.21.5

green-ethernet short-reach force

(Ethernet).
Short-Reach .
:
green-ethernet short-reach force
no green-ethernet short-reach force

.

no


Short-Reach
.

(Ethernet).
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# green-ethernet short-reach force

2.21.6

green-ethernet short-reach threshold

.
Short-Reach.

299

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
green-ethernet short-reach threshold cable-length
no green-ethernet short-reach threshold

.

no

:
cable-length

, VCT,
Short-Reach,
0 70 .


40 .

.

,
+/-10 ,
30
20 40 .
(link partner signal),
Short-Reach.

50 .

.
0 , ,
, Short-Reach ,
.
2.21.7

green-ethernet power-meter reset

:
green-ethernet power-meter reset

.
3.1.0.3 16.05.2013 .

300

-3000
. II

.465255.040

:
switchxxxxxx# green-ethernet power-meter reset

2.21.8

show green-ethernet


Green Ethernet.

:
show green-ethernet [interface-id | detailed]
:
interface-id

( Ethernet).

detailed


.


Short-Reach Energy-Detect.
EEE , ..
.
38 ,
.
,
.
38 Energy-detect
Energy-detect

301

NP

LT


, )

LU

NA

(-

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

39 Short-Reach
Short-Reach

NP

LT

LS

(100,
10, 10G)

LL

, VCT Test,

LD

NA

(-

:
switchxxxxxx# show green-ethernet
Energy-Detect mode: Enabled
Short-Reach mode: Disabled
Power Savings: 24% (1.08W out of maximum 4.33W)
Cumulative Energy Saved: 33 [Watt*Hour]
Short-Reach cable length threshold: 50m
Port
----

2.22
2.22.1

Energy-Detect
Short-Reach
VCT Cable
Admin Oper Reason Admin Force Oper Reason Length
----- ---- ------- ---- ----- ---- ------- ------

gi0/1
gi0/2

on
on

on
off

LU

off
on

off
off

off
off

gi0/3

on

off

LU

off

off

off

< 50

Port-channel
channel-group

(Ethernet).
.
:
channel-group port-channel mode {on | auto}
no channel-group
no .

3.1.0.3 16.05.2013 .

302

-3000
. II

.465255.040

:
port-channel
mode {on | auto}
on
auto


.
.
:

LACP.

LACP.


.

(Ethernet).
:
switchxxxxxx(config)# interface gi 0/1
switchxxxxxx(config-if)# channel-group 1 mode on

2.22.2

port-channel load-balance

.
Port Channel.
:
port-channel load-balance {src-dst-mac| src-dst-ip | src-dst-mac-ip}
no port-channel load-balance
no
.
:
src-dst-mac
Port Channel

MAC-

.
Port Channel
src-dst-ip
MAC- IP-
.
Port Channel
src-dst-mac-ip
IP- .

src-dst-mac.
303

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

srcdst-mac-ip-port
.
:
switchxxxxxx(config)# port-channel load-balance src-dst-mac
switchxxxxxx(config)# port-channel load-balance src-dst-mac-ip

2.22.3

show interfaces port-channel

.

.
:
show interfaces port-channel [interface-id]
:
interface-id

(Port Channel).


.
:
switchxxxxxx# show interfaces port-channel
Load balancing: src-dst-mac.
Gathering information...
Channel Ports
------- -----

2.23
2.23.1

Po1

Active: gi0/1,Inactive: gi0/2

Po2

Active: gi0/3 Inactive: gi0/4


bridge multicast filtering

.
.

3.1.0.3 16.05.2013 .

304

-3000
. II

.465255.040

:
bridge multicast filtering
no bridge multicast filtering

no


.
.

.

( ) .


.
: IGMP
Snooping bridge multicast forward-all.
:
switchxxxxxx(config)# bridge multicast filtering

2.23.2

bridge multicast mode

(VLAN).
.
:
bridge multicast mode {mac-group | ip-group | ip-src-group}
no bridge multicast mode

.

305

no

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
mac-group


VLAN - .

ip-group


VLAN - ,
IPv4-, VLAN IPv4 IPv4-.

ip-src-group


VLAN - ,
IPv4-; VLAN, IPv4 IPv4-
IPv4-.


mac-group.

mac-group
(Network Management System),
MIB, -.
ipv4-group
ipv4-src-group,
IPv4-.
FDB (Forwarding Data Base)
CLI
FDB, 40.
40 CLI
FDB
FDB

CLI

mac-group

bridge multicast address

ipv4-group

bridge multicast ip-address bridge multicast forbidden ipaddress

ipv4-src-group

bridge multicast source


group

3.1.0.3 16.05.2013 .

bridge multicast forbidden address

bridge multicast forbidden source


group

306

-3000
. II

.465255.040

41

FDB, IGMP,
.
41 FDB
FDB

IGMP 2

IGMP 3

mac-group

ipv4-group

IP-

IP-

ipv4-src-group

(*)

IP-

(*) (*,G) FDB


ipv4-src-group. FDB ,
(S,G) (
), .
FDB ipv4-group mac-group
IGMP 2.
(*, G), FDB
ipv4-group.
:
switchxxxxxx(config)# interface vlan 2
switchxxxxxx(config-if)# bridge multicast mode ipv4-group

2.23.3

bridge multicast address

(VLAN).
-
.
:
bridge multicast address {mac-multicast-address | ipv4-multicastaddress} [[add | remove] {ethernet interface-list | port-channel portchannel-list}]
no bridge multicast address {mac-multicast-address}
no -.

307

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
mac-multicast .
address|
ipv4multicast-address
add

remove

ethernet interface- Ethernet (


list
;
).
port-channel port- (
channel-list
;
).

.
ethernet interface-list port-channel portchannel-list add remove,
add.

(VLAN).


port channels
mac-multicast-address.

VLAN.
VLAN.
:
switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast address 01:00:5e:02:02:03

switchxxxxxx(config)# interface vlan 8


switchxxxxxx(config-if)# bridge multicast address 01:00:5e:02:02:03 add
gi0/1-2

3.1.0.3 16.05.2013 .

308

-3000
. II

2.23.4

.465255.040

bridge multicast forbidden address

(VLAN).

.
:
bridge multicast forbidden address {mac-multicast-address | ipv4multicast-address} {add | remove} {ethernet interface-list | portchannel port-channel-list}
no bridge multicast forbidden address {mac-multicast-address}

.

no

:
mac-multicast .
address | ipv4multicast-address
add

remove

ethernet interface- Ethernet


list
.
.
port-channel port-
channel-list
.
.

.
add.

(VLAN).


bridge multicast
address.
VLAN.

309

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast address 0100.5e.02.0203
switchxxxxxx(config-if)# bridge multicast forbidden address 0100.5e02.0203
add gi0/4

2.23.5

bridge multicast ip-address

(VLAN).
IP .
.
:
bridge multicast ip-address ip-multicast-address [[add | remove]
{ethernet interface-list | port-channel port-channel-list}]
no bridge multicast ip-address ip-multicast-address
no IP-.
:
ip-multicastaddress

IP- .

add

remove

ethernet interface- Ethernet


list
.
.
port-channel port-
channel-list
.
.

.
add.

(VLAN).



ip-multicast-address.
3.1.0.3 16.05.2013 .

310

-3000
. II

.465255.040


VLAN.
VLAN.
:
switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast ip-address 239.2.2.2

switchxxxxxx(config)# interface vlan 8


switchxxxxxx(config-if)# bridge multicast ip-address 239.2.2.2 add
gi0/4

2.23.6

bridge multicast forbidden ip-address

(VLAN).
IP .
:
bridge multicast forbidden ip-address {ip-multicast-address} {add |
remove} {ethernet interface-list | port-channel port-channel-list}
no bridge multicast forbidden ip-address {ip-multicast-address}

.

no

:
ip-multicastaddress

IP- .

add

remove

ethernet interface- Ethernet


list
.
.
port-channel port-
channel-list
.
.

.

(VLAN).
311

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


, ,
.
VLAN.
:
switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast ip-address 239.2.2.2
switchxxxxxx(config-if)# bridge multicast forbidden ip-address 239.2.2.2
add gi0/4

2.23.7

bridge multicast source group

(VLAN).
IP- IP-
.
- (source-group).
:
bridge multicast source ip-address group ip-multicast-address [[add |
remove] {ethernet interface-list | port-channel port-channel-list}]
no bridge multicast source ip-address group ip-multicast-address
no sourcegroup.
:
ip-address

IP- .

ip-multicastaddress

IP- .

add


IP- .

remove


IP- .

ethernet interface- Ethernet


list
.
.
port-channel port-
channel-list
.
.

.
3.1.0.3 16.05.2013 .

312

-3000
. II

.465255.040

add.

(VLAN).

VLAN.
:
switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast source 239.2.2.2 group 239.2.2.2

2.23.8

bridge multicast forbidden source group

(VLAN).
IP-
IP- .
:
bridge multicast forbidden source ip-address group ip-multicastaddress {add | remove} {ethernet interface-list | port-channel portchannel-list}
no bridge multicast forbidden source ip-address group ip-multicastaddress

.

no

:
ip-address

IP- .

ip-multicastaddress

IP- .

add


IP- .

remove


IP- .

ethernet interface- Ethernet


list
.
.
port-channel port-
channel-list
.
.

313

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

(VLAN).


.
VLAN.
:
switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast source 13.16.1.1 group
239.2.2.2
switchxxxxxx(config-if)# bridge multicast forbidden source
13.16.1.1 group 239.2.2.2 add gi0/4

2.23.9

bridge multicast ipv6 mode

(VLAN).


IPv6.
:
bridge multicast ipv6 mode {mac-group | ip-group | ip-src-group}
no bridge multicast ipv6 mode

.

no

:
mac-group

bridging,
VLAN - .

ip-group

bridging,
VLAN IPv6-
IPv6-.

ip-src-group

bridging,
VLAN IPv6-
IPv6- IPv6.


mac-group.
3.1.0.3 16.05.2013 .

314

-3000
. II

.465255.040


(VLAN).

mac-group
(Network Management System),
MIB, -.

FDB

CLI
IPv6- FDB ( 42).
42 CLI
IPv6- FDB
FDB

CLI

mac-group

bridge multicast address

bridge multicast forbidden address

ipv6-group

bridge multicast ipv6 ipaddress

bridge multicast ipv6 forbidden ipaddress

ipv6-src-group

bridge multicast ipv6


source group

bridge multicast ipv6 forbidden


source group

43 ,
FDB MLD, .
43 FDB
FDB

MLD 1

MLD 2

mac-group

ipv6-group

IPv6-

IP-

ipv6-src-group

(*)

IP-

(*) (*,G) FDB


ip-src-group. FDB ,
(S,G) ( ),
.
(*,G), FDB
ip-group.
VLAN.
:
switchxxxxxx(config)# interface vlan 2
switchxxxxxx(config-if)# bridge multicast ipv6 mode ip-group

315

3.1.0.3 16.05.2013 .

-3000
. II

2.23.10

.465255.040

bridge multicast ipv6 ip-address

(VLAN).

IPv6-

.
.
:
bridge multicast ipv6 ip-address ipv6-multicast-address [[add |
remove] {ethernet interface-list | port-channel port-channel-list}]
no bridge multicast ipv6 ip-address ip-multicast-address
no IPv6-.
:
ipv6-multicastaddress

IPv6- .

add

remove

ethernet interface- Ethernet


list
.
.
port-channel port-
channel-list
.
.

.
add.

(VLAN).


port channels
ipv6-multicast-address.

VLAN.
VLAN.

3.1.0.3 16.05.2013 .

316

-3000
. II

.465255.040

:
switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast ipv6 ip-address FE02:0:0:0:4:4:4

switchxxxxxx(config)# interface vlan 8


switchxxxxxx(config-if)# bridge multicast ipv6 ip-address FE02:0:0:0:4:4:4
add gi0/1-2

2.23.11

bridge multicast ipv6 forbidden ip-address

(VLAN).
IPv6-
.
:
bridge multicast ipv6 forbidden ip-address {ipv6-multicast-address}
{add | remove} {ethernet interface-list | port-channel port-channellist}
no bridge multicast ipv6 forbidden ip-address {ipv6-multicastaddress}

.

no

:
ipv6-multicastaddress

IPv6- .

add

remove

ethernet interface- Ethernet


list
.
.
port-channel port-
channel-list
.
.

.
add.

(VLAN).
317

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


,
.
VLAN.
:
switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast ipv6 ip-address FE02:0:0:0:4:4:4
switchxxxxxx(config-if)# bridge multicast ipv6 forbidden ip-address
FE02:0:0:0:4:4:4 add gi0/4

2.23.12

bridge multicast ipv6 source group

(VLAN).
IPv6- IPv6-
.
- (source-group).
:
bridge multicast ipv6 source ipv6-source-address group ipv6multicast-address [[add | remove] {ethernet interface-list | portchannel port-channel-list}]
no bridge multicast ipv6 source ipv6-address group ipv6-multicastaddress
no sourcegroup.
:
ipv6-source-address IPv6- .
ipv6-multicastaddress

IPv6- .

add


IPv6- .

remove


IPv6- .

ethernet interface- Ethernet


list
.
.
port-channel port-
channel-list
.
.
3.1.0.3 16.05.2013 .

318

-3000
. II

.465255.040


.
add.

(VLAN).

VLAN.
:
switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast source FE02:0:0:0:4:4:4 group
FE02:0:0:0:4:4:4

2.23.13

bridge multicast ipv6 forbidden source group

(VLAN).
IPv6-
.
:
bridge multicast ipv6 forbidden source ipv6-source-address group
ipv6-multicast-address {add | remove} {ethernet interface-list | portchannel port-channel-list}
no bridge multicast ipv6 forbidden source ipv6-address group ipv6multicast-address

.

no

:
ipv6-source-address IPv6- .
ipv6-multicastaddress

IPv6- .

add


IPv6- .

remove


IPv6- .

interface-list

Ethernet
.
.

port-channel port-
319

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

.
.

channel-list


.

(VLAN).

VLAN.
:
switchxxxxxx(config)# interface vlan 8
switchxxxxxx(config-if)# bridge multicast source FE02:0:0:0:4:4:4 group
FE02:0:0:0:4:4:4
switchxxxxxx(config-if)# bridge multicast forbidden source FE02:0:0:0:4:4:4
group FE02:0:0:0:4:4:4 add gi0/4

2.23.14

bridge multicast unregistered

(Ethernet, PortChannel).

.
:
bridge multicast unregistered {forwarding | filtering}
no bridge multicast unregistered

.

no

:
forwarding

filtering

3.1.0.3 16.05.2013 .

320

-3000
. II

.465255.040


(Ethernet, Port-channel).

, 224.0.0.

IGMP
224.0.0..
VLAN.
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# bridge multicast unregistered filtering

2.23.15

bridge multicast forward-all

(VLAN).

.
:
bridge multicast forward-all {add | remove} {ethernet interface-list |
port-channel port-channel-list}
no bridge multicast forward-all

.

no

:
add

remove

ethernet interface- Ethernet


list
.
.
port-channel port-
channel-list
.
.

321

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

(VLAN).
:
switchxxxxxx(config)# interface vlan 2
switchxxxxxx(config-if)# bridge multicast forward-all add gi0/4

2.23.16

bridge multicast forbidden forward-all

(VLAN).
.
:
bridge multicast forbidden forward-all {add | remove} {ethernet
interface-list | port-channel port-channel-list}
no bridge multicast forbidden forward-all

.

no

:
add

remove

ethernet interface- Ethernet


list
.
.
port-channel port-
channel-list
.
.


.
all.

(VLAN).
3.1.0.3 16.05.2013 .

322

-3000
. II

.465255.040


(,
IGMP) .
.
:
switchxxxxxx(config)# interface vlan 2
switchxxxxxx(config-if)# bridge multicast forbidden forward-all add
ethernet gi0/1

2.23.17

bridge unicast unknown

.
unicast- , MAC-
.
:
bridge unicast unknown {filtering | forwarding}
no bridge unicast unknown

.

no

:
filtering

unicast.

forwarding

unicast.


.

.
:
switchxxxxxx(config)# interface vlan 2
switchxxxxxx(config-if)# bridge unicast unknown filtering

2.23.18

show bridge unicast unknown

.
unicast-.
:
show bridge unicast unknown [interface-id]
323

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Ethernet Port-channel).

interface-id


.
:
Console # show bridge unicast unknown
Port

Unregistered

------ -------------

2.23.19

1/1

Forward

1/2

Filter

1/3

Filter

mac address-table static

.
MAC- -.

:
mac address-table static mac-address vlan vlan-id interface
interface-id [permanent | delete-on-reset | delete-on-timeout |
secure]
no mac address-table static [mac-address] vlan vlan-id
no MAC- .
:
mac-address

MAC- (: ).

vlan-id

VLAN.

interface-id

( Ethernet
Port-channel).

permanent

-.
.

delete-on-reset

-,
.

delete-on-timeout

-,
.

secure

-.

3.1.0.3 16.05.2013 .

324

-3000
. II

.465255.040


,
permanent.

.

MAC c
MAC- .
MAC- MAC-
: .
:

permanent MAC- ,
;

delete-on-reset MAC-
;

delete-on-timeout MAC-,
.

static MAC-,
,
:
permanent;
delete-on-reset;
delete-on-timeout.
MAC-
.

secure MAC-,
. MAC mac address-table static
secure. MAC-
.
MAC-
.

325

dynamic MAC-,
. deleteon-timeout.
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(conf)# mac address-table static 00:3f:bd:45:5a:b1 vlan 1
gi0/1

switchxxxxxx(conf)mac address-table static 00:3f:bd:45:5a:b2 vlan 1


interface gi0/1 delete-on-reset

switchxxxxxx(conf)mac address-table static 00:3f:bd:45:5a:b2 vlan 1


interface gi0/1 delete-on-timeout

switchxxxxxx(conf)mac address-table static 00:3f:bd:45:5a:b2 vlan 1


interface gi0/1 secure

2.23.20

clear mac address-table

.
.

:
clear mac address-table dynamic interface interface-id
clear mac address-table secure interface interface-id
:
dynamic interface
interface-id

()
interface-id ( Ethernet
Port-channel).
,
.

secure interface
interface-id

,
.


.
:
switchxxxxxx# clear mac address-table dynamic

switchxxxxxx# clear mac address-table secure interface gi1

3.1.0.3 16.05.2013 .

326

-3000
. II

2.23.21

.465255.040

mac address-table aging-time

.
MAC- .

:
mac address-table aging-time seconds
no mac address-table aging-time

.

no

:
-
10 630 .

seconds


10-630.
:
switchxxxxxx(config)# mac address-table aging-time 600

2.23.22

port security

(Ethernet, Portchannel). .
:
port security [forward | discard | discard-shutdown] [trap seconds]
no port security
no
.
:

327

forward


,
.

discard

discardshutdown

trap seconds

SNMP-



3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

1 1000000 .

.
discard.
seconds ,
trap,
.

(Ethernet, Port-channel).

,
(
MAC-).
MAC- ( )
bridge unicast unknown.
lock
port security , ,
permanent secure.
, lock,
port security ,
, .

no port security ,
, (dynamic) .
port security ,
, MAC .
:
switchxxxxxx(config)# gi0/1
switchxxxxxx(config-if)port security mode lock
switchxxxxxx(config-if)port security forward trap 100
switchxxxxxx(config-if)exit

2.23.23

port security mode

(Ethernet, Portchannel). .
3.1.0.3 16.05.2013 .

328

-3000
. II

.465255.040

:
port security mode {max-addresses | lock | secure permanent
|secure delete-on-reset}
port security mode {max-addresses | lock | secure permanent
|secure delete-on-reset}
no port security mode

.

no

:
max-addresses

MAC-.
MAC-

bridge unicast unknown.

lock

MAC-.
MAC-

bridge unicast unknown.

secure
permanent


MAC-
permanent.
MAC-
mac
address-table static.

secure deleteon-reset


MAC-
delete-on-reset.
MAC-
mac address-table
static.


lock.

(Ethernet, Port-channel).

.

. MAC-
329

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

bridge unicast
unknown.
,
(
MAC-).
port security mode
port
security.
:
switchxxxxxx(config)interface gi0/1
switchxxxxxx(config-if)port security mode lock
switchxxxxxx(config-if)port security
switchxxxxxx(config-if)exit

2.23.24

port security max

(Ethernet, Portchannel). ,
,
max-addresses.
:
port security max {max-addr}
no port security max

.

no

:
max-addr

,
, 0
256.


1.

(Ethernet, Port-channel).

,
(
MAC-).
3.1.0.3 16.05.2013 .

330

-3000
. II

.465255.040


port security.
:
switchxxxxxx(config)#interface gi0/1
switchxxxxxx(config-if)port security mode max
switchxxxxxx(config-if)port security max 20
switchxxxxxx(config-if)port security
switchxxxxxx(config-if)exit

2.23.25

port security routed secure-address

(Ethernet, Portchannel).

.
:
port security routed secure-address mac-address
no port security routed secure-address [mac-address]

.

no

C-

:
mac-address

-.


.

(Ethernet, Port-channel).
.

-
.
,
. ,

.
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# port security routed secure-address
66:66:66:66:66:66

331

3.1.0.3 16.05.2013 .

-3000
. II

2.23.26

.465255.040

show mac address-table

.
- -.
:
show mac address-table [dynamic | static| secure] [vlan vlan]
[interface interface-id] [address mac-address]
:
dynamic -
-.
static
-.
secure
VLAN.
vlan
interface- ( Ethernet Portid
channel).
mac-.
address

, .

.

VLAN

(VLAN,

)
, , VLAN ID.
:
switchxxxxxx# show mac address-table
Aging time is 300 sec
VLAN
MAC Address
Port
Type
-------- --------------------- ---------- ---------1
00:00:26:08:13:23
0
self
1
00:3f:bd:45:5a:b1
gi0/1
static
1
00:a1:b0:69:63:f3
gi0/3
dynamic
2
00:a1:b0:69:63:f3
gi0/4
dynamic
switchxxxxxx# show mac address-table 00:3f:bd:45:5a:b1
Aging time is 300 sec
VLAN
MAC Address
Port
Type
-------- --------------------- ---------- ---------1
00:3f:bd:45:5a:b1
static
gi0/1

3.1.0.3 16.05.2013 .

332

-3000
. II

2.23.27

.465255.040

show mac address-table count

.
- FDB.
:
show mac address-table count [vlan vlan | interface interface-id]
:
vlan
VLAN.
interface-id
( Ethernet
Port-channel).

.
:
switchxxxxxx# show mac address-table count
This may take some time.
Capacity : 16384
Free : 16379
Used : 5
Secure : 0
Dynamic : 2
Static : 2
Internal : 1
console#

2.23.28

show bridge multicast mode

.
VLAN
VLAN.
:
show bridge multicast mode [vlan vlan-id]
:
VLAN.
vlan-id

.

333

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx# show bridge multicast mode
VLAN

2.23.29

IPv4 Multicast mode

IPv6 Multicast mode

Admin

Oper

Admin

Oper

-----

-------

-----

------

-------

MAC-GROUP

MAC-GROUP

MAC-GROUP

MAC-GROUP

11

IPv4-GROUP

IPv4-GROUP

IPv6-GROUP

IPv6-GROUP

12

IPv4-SRC-GROUP

IPv4-SRC-GROUP

IPv6-SRC-GROUP

IPv6-SRC-GROUP

show bridge multicast address-table

.
- IP.
:
show bridge multicast address-table [vlan vlan-id] [address {macmulticast-address | ipv4-multicast-address | ipv6-multicast-address}]
[format {ip | mac}] [source {ipv4-source-address | ipv6-sourceaddress}
:
vlan vlan-id
address
mac-multicastaddress
ipv4-multicastaddress
ipv6-multicastaddress
format

VLAN.

.
:
-.

IPv4-.
IPv6-.

.
:

ip
IP-.

mac
-.
. :
source
ipv4-source-address IPv4- .
ipv6-source-address IPv6- .

3.1.0.3 16.05.2013 .

334

-3000
. II

.465255.040


,
MAC- ( macmulticast-address).
VLAN ,
VLAN.
MAC- IP- ,
.

.

- IP,
- 0100.5e00.0000
0100.5e7f.ffff.

(
)
.
, bridge
multicast forbidden forward-all,
.

, FDB
, - FDB-.
:
switchxxxxxx# show bridge multicast address-table
Multicast address table for VLANs in MAC-GROUP bridging mode:
Vlan

MAC Address

Type

Ports

---- ----------------- -------------- ----8

01:00:5e:02:02:03

Static

gi0/1-2

Forbidden ports for multicast addresses:


Vlan

MAC Address

---- ----------------8

Ports
-----

01:00:5e:02:02:03 gi0/3

Multicast address table for VLANs in IPv4-GROUP bridging mode:


Vlan

335

MAC Address

Type

Ports

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

---- ----------------- -------------- ----1

224.0.0.251

Dynamic

gi0/4

Forbidden ports for multicast addresses:


Vlan

MAC Address

Ports

---- ----------------- ----1

232.5.6.5

233.22.2.6

Multicast address table for VLANs in IPv4-SRC-GROUP bridging mode:


Vlan

Group Address

Source address

Type

Ports

---- --------------- --------------- -------------- ----1

224.2.2.251

11.2.2.3

Dynamic

gi0/1

Forbidden ports for multicast addresses:


Vlan

Group Address

Source Address

Ports

---- --------------- --------------- -------------8

239.2.2.2

gi0/2

239.2.2.2

1.1.1.11

gi0/2

Multicast address table for VLANs in IPv6-GROUP bridging mode:


VLAN IP/MAC Address

Type

Ports

---- ----------------- -------------- --------------------------8

ff02::4:4:4

Static

gi0/1-2,gi0/3,Po1

Forbidden ports for multicast addresses:


VLAN IP/MAC Address

Ports

---- ----------------- ---------------------------------------8

ff02::4:4:4

gi0/4

Multicast address table for VLANs in IPv6-SRC-GROUP bridging mode:


Vlan Group Address

Source address

Type

Ports

---- -------------- --------------- ----------- --------------------8

ff02::4:4:4

Static

ff02::4:4:4

fe80::200:7ff:f

Static

gi0/1-2,gi0/3,Po1

e00:200
Forbidden ports for multicast addresses:

3.1.0.3 16.05.2013 .

336

-3000
. II
Vlan

Group Address

.465255.040
Source address

Ports

---- --------------- --------------- -----------------------------8

ff02::4:4:4

gi0/2

ff02::4:4:4

fe80::200:7ff:f

gi0/2

e00:200

2.23.30

show bridge multicast address-table static

.
.

:
show bridge multicast address-table static [vlan vlan-id] [address
mac-multicast-address | ipv4-multicast-address | ipv6-multicastaddress] [source ipv4-source-address | ipv6-source-address] [all | mac
| ip]
:
vlan vlan-id
address
mac-multicastaddress
ipv4-multicastaddress
ipv6-multicastaddress
source
ipv4-source-address

VLAN.

.
:
-.

IPv4-.
IPv6-.
. :
IPv4- .

ipv6-source-address IPv6- .

all/mac/ip ,
(mac ip).


.

- IP,
- 0100.5e00.0000
0100.5e7f.ffff.
337

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx# show bridge multicast address-table static
MAC-GROUP table
VLAN
MAC Address
Ports
------------------------1
0100.9923.8787
gi0/1, gi0/2
Forbidden ports for multicast addresses:
VLAN
MAC Address
Ports
------------------------IPv4-GROUP
VLAN
----1
19
19

Table
IP Address
-------------231.2.2.3
231.2.2.8
231.2.2.8

Ports
-------gi0/1, gi0/2
gi0/1-2
gi0/3-4

Forbidden ports for multicast addresses:


VLAN
IP Address
Ports
------------------------1
231.2.2.3
gi0/3
19
231.2.2.8
gi0/2
IPv4-SRC-GROUP Table:
VLAN
Group Address
------------------

Source Address
--------------

Ports
--------

Forbidden ports for multicast addresses:


VLAN
-----

Group Address
--------------

IPv6-GROUP
VLAN
----191

Table
IP Address
-------------FF12::8

Source Address
--------------

Ports
--------

Ports
-------gi0/1-2

Forbidden ports for multicast addresses:


VLAN
IP Address
Ports
------------------------11
FF12::3
gi0/3
191
FF12::8
gi0/3
IPv6-SRC-GROUP Table:
VLAN
Group Address
-----------------192
FF12::8

Source Address
-------------FE80::201:C9A9::FE40:
8988

Ports
-------gi0/1-2

Forbidden ports for multicast addresses:

3.1.0.3 16.05.2013 .

338

-3000
. II
VLAN
----192

.465255.040

Group Address
-------------FF12::3

Source Address
-------------FE80::201:C9A9::FE40:

Ports
-------gi0/3

8988

2.23.31

show bridge multicast filtering

.
.
:
show bridge multicast filtering vlan-id
:

VLAN
VLAN).

vlan-id

(:


.
:
switchxxxxxx# show bridge multicast filtering 1
Filtering: Enabled
VLAN: 1
Forward-All

2.23.32

Port

Static

Status

-----

-----------

-------

gi0/1

Forbidden

Filter

gi0/2

Forward

Forward (s)

gi0/3

Forward (d)

show bridge multicast unregistered

.

.
:
show bridge multicast unregistered [interface-id]
:
interface-id ( Ethernet Portchannel).

.
339

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
:
switchxxxxxx# show bridge multicast unregistered

2.23.33

Port

Unregistered

-------

------------

gi0/1

Forward

gi0/2

Filter

gi0/3

Filter

show ports security

.
.
:
show ports security [interface-id | detailed]
:
interface-id ( Ethernet Portchannel).

detailed
.

.
:
switchxxxxxx# show ports security
Port

Status

Learning

Action

Maximum Trap

Frequency

------- -------- -------------

------

------- ------

------

gi0/1

Enabled

Discard

Enabled

100

gi0/2

Disabled Max-Addresses

128

gi0/3

Enabled

Discard, 8

Disabled

Max-Addresses
Lock

Shutdown

3.1.0.3 16.05.2013 .

340

-3000
. II

.465255.040

44

2.23.34

Port

Status

.
.

Action

Maximum

,
max-address.

Trap

SNMP-.
: .

Frequency

show ports security addresses

.

(locked ports).
:
show ports security addresses [interface-id | detailed]
:
interface-id ( Ethernet Portchannel).

detailed
.

.
:
switchxxxxxx# show ports security addresses

2.23.35

Port

Status

Learning

Current

Maximum

----

------

---------

-------

-------

gi0/1

Enabled

Max-addresses

gi0/2

Disabled

Max-addresses

128

gi0/3

Enabled

Lock

NA

NA

bridge multicast reserved-address

. ,

.
341

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
bridge multicast reserved-address mac-multicast-address [ethernetv2 ethtype | llc sap | llc-snap pid] {discard | bridge}
no bridge multicast reserved-address
[ethernet-v2 ethtype | llc sap | llc-snap pid]

.

no

mac-multicast-address

:
mac-multicastaddress

-
- (:
01-80-C2-00-00-00 01-80-C2-00-00-02
01-80-C2-00-00-2F).

ethernet-v2 ethtype

Ethernet v2 ,
Ethernet (16
) (:
0x0600 0xFFFF).

llc sap

LLC ,

DSAP-SSAP
(16

) (:
0xFFFF).

llc-snap pid

LLC-SNAP,

PID
(40

) (:
llc-snap pid0 0xFFFFFFFFFF).

discard

bridge

() .

, , (
-, , (LLC))
, ,
.

MAC- 01-80-C2-00-00-00, 01-80C2-00-00-02 01-80-C2-00-00-0F

discard;

3.1.0.3 16.05.2013 .

342

-3000
. II

.465255.040

MAC- 00-80-C2-00-00-10 01-80C2-00-00-2F


bridge.


.

/ ,
-.
( )
, (
-).
ACL.
, ,
,

/
(STP,
LLDP

..),
.
2.23.36

show bridge multicast reserved-addresses

.
.
:
show bridge multicast reserved-addresses

.
:
switchxxxxxx # show bridge multicast reserved-addresses
MAC Address

2.24
2.24.1

Frame Type

Protocol

Action

------------------ ----------- --------------

------------

01-80-C2-00-00-00

Bridge

LLC-SNAP

00-00-0C-01-29


port monitor

(Ethernet).
.

343

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
port monitor src-interface-id [rx | tx]
no port monitor src-interface-id
port monitor vlan vlan-id
no port monitor vlan vlan-id
no .
:
rx

, .

tx

vlan vlan-id

, .
VLAN.

src-interface-id

( Ethernet).


,
.

(Ethernet).
.

, ,
.

.

.
VLAN
VLAN
.
- :

,
:
3.1.0.3 16.05.2013 .

344

-3000
. II

.465255.040

port-channel;

IP ;

GVRP;

- VLAN, VLAN
( VLAN
);

L2 :
LLDP, CDP, LBD, STP, LACP.

:
1.
. :

2 ,
4;

2 4 VLAN 3;

, VLAN 3,
4 :
,
2;

, 2
VLAN 3, 4 ,
( ,
).

2. 802.1 auto,
,
802.1x. ,
( )
.
3. STP,
STP,
.
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# port monitor gi0/3

2.24.2

show ports monitor

.
.
345

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
show ports monitor

.
:
switchxxxxxx# show ports monitor
Source port Destination Port

Type

Status

----------- ---------------- -------- --------

2.24.3

gi0/3

gi0/1

RX,TX

Active

gi0/2

gi0/1

RX,TX

Active

gi0/4

gi0/1

Rx

Active

VLAN 9

gi0/1

N/A

Active

port monitor mode

.
.
:
port monitor mode {monitor-only | network}
no port monitor mode
no
.

:
monitor-only

.
.

network


, .


monitor-only.

.

.

no port monitor mode.
3.1.0.3 16.05.2013 .

346

-3000
. II

.465255.040

:
switchxxxxxx(config)# port monitor mode network

2.25
2.25.1

sFlow
sflow receiver


sFlow.

:
sflow receiver index {ipv4-address | ipv6-address | hostname} [port
port] [max-datagram-size bytes]
no sflow receiver index
no
sFlow.
:
index

1 8.

ipv4-address

IPv4- ,
sFlow.

ipv6-address

IPv6- ,
sFlow. IPv6-
(IPv6Z-),
.

hostname

,
sFlow.
IPv4-.

port

syslog
1 65535. ,
6343.

bytes


. ,
1400 .


.

.

347

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


IP- sFlow 0.0.0.0,
sFlow .
2.25.2

sflow flow-sampling

(Ethernet).
sFlow .
:
sflow flow-sampling rate receiver-index [max-header-size bytes]
no sflow flow-sampling
no sFlow.
:
rate

. : 1, 1024
1073741823.

receiver-index

sFlow 0
8.

bytes

,
20 256 .
,
128.


.

(Ethernet).


.
2.25.3

sflow counters-sampling

(Ethernet).
sFlow
.
:
sflow counters-sampling interval receiver-index
no sflow counters-sampling
3.1.0.3 16.05.2013 .

348

-3000
. II

.465255.040

no sFlow.
:
interval

. :
1, 1586400 .

receiver-index

sFlow 0
8.


.

(Ethernet).
2.25.4

clear sflow statistics

sFlow.

:
clear sflow statistics [interface-id]
:
interface-id

( Ethernet).


.

,
sFlow (
). ,
.
2.25.5

show sflow configuration

.
sFlow ,
sFlow sFlow.

349

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
show sflow configuration [interface-id]
:
interface-id

( Ethernet).


.
:
switchxxxxxx # show sflow configuration
Receivers
Index

IP Address

Port

Max Datagram Size

----- -------------------- -------- ---------------1

0.0.0.0

6343

1400

172.16.1.2

6343

1400

0.0.0.0

6343

1400

0.0.0.0

6343

1400

0.0.0.0

6343

1400

0.0.0.0

6343

1400

0.0.0.0

6343

1400

0.0.0.0

6343

1400

Interfaces
Interface Flow

Counters Max Header

Sampling Sampling Size

Flow

Counters

Collector Index Collector Index

--------- -------- -------- --------- --------------- --------------

2.25.6

gi0/1

1/2048

60 sec

128

gi0/2

1/4096

Disabled 128

show sflow statistics

.
sFlow ,
/.
:
show sflow statistics [interface-id]

3.1.0.3 16.05.2013 .

350

-3000
. II

.465255.040

Ethernet).

interface-id


.
:
switchxxxxxx # show sflow statistics
Total sFlow datagrams sent to collectors: 100

Interface

2.26
2.26.1

Packets sampled

datagrams sent to collector

------------- ------------------

---------------------------

gi0/1

30

50

gi0/2

30

50

gi0/3

30

50

LLDP
lldp run

.
LLDP (Link Layer Discovery Protocol).
:
lldp run
no lldp run
no LLDP.

LLDP .

351

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
:
switchxxxxxx(config)# lldp run

2.26.2

lldp transmit

(Ethernet).
LLDP (Link Layer Discovery Protocol)
.
:
lldp transmit
no lldp transmit
no LLDP
.

LLDP .

(Ethernet).

LLDP
LAG ( ).
LLDP STP .
LLDP .
802.1x, LLDP ,
.
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# lldp transmit

2.26.3

lldp receive

(Ethernet).
LLDP (Link Layer Discovery Protocol)
.
:
lldp receive
3.1.0.3 16.05.2013 .

352

-3000
. II

.465255.040

no lldp receive
no LLDP.

LLDP .

(Ethernet).

LLDP, LAG,
.
LLDP STP .
LLDP .
802.1x, LLDP
.
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# lldp receive

2.26.4

lldp timer

.
, LLDP.
:
lldp timer seconds
no lldp timer

.

no

:
seconds

,
LLDP, 5 32768 .


30 .

.

353

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# lldp timer 60

2.26.5

lldp hold-multiplier

.
,
LLDP .
:
lldp hold-multiplier number
no lldp hold-multiplier

.

no

:
number

,

LLDP , 2
10.
,
LLDP.


4.

.

TTL LLDP :
TTL = min(65535, LLDP-Timer * LLDP-HoldMultiplier).
, LLDP 30 ,
LLDP 4, TTL
LLDP 120.
:
switchxxxxxx(config)# lldp timer 30
switchxxxxxx(config)# lldp hold-multiplier 3

3.1.0.3 16.05.2013 .

354

-3000
. II

2.26.6

.465255.040

lldp reinit

LLDP
LLDP.
:
lldp reinit seconds
no lldp reinit

.

no

:
LLDP
LLDP
1 10 .

seconds


2 .

.
:
switchxxxxxx(config)# lldp reinit 4

2.26.7

lldp tx-delay

LLDP,
MIB
LLDP.
:
lldp tx-delay seconds
no lldp tx-delay

.

355

no

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
seconds


LLDP,
MIB LLDP,
1 8192 .


2 .

.


0,25 LLDP.

:
switchxxxxxx(config)# lldp tx-delay 10

2.26.8

lldp optional-tlv

(Ethernet).
TLV.
802.1 . lldp optional-tlv 802.1.
:
lldp optional-tlv tlv [tlv2 tlv5 | none]
:
tlv

TLV, .
TLV: port-desc, sys-name, sys-desc, sys-cap, 802.3mac-phy, 802.3-lag, 802.3-max-frame-size.

none

TLV .

802.1, . .

TLV .

(Ethernet).

3.1.0.3 16.05.2013 .

356

-3000
. II

.465255.040

:
switchxxxxxx(config)# interface gi0/2
switchxxxxxx(config-if)# lldp optional-tlv port-desc

2.26.9

lldp management-address

(Ethernet).
, .
:
lldp management-address {ip-address | none | automatic [interfaceid]}
no lldp management-address
no
.
:

357

ip-address

none

automatic



IP-. IP IP-

IP-.

,
IP- IP.

automatic
interface-id


IP-,
. IP-
IP-
IP- .
,
IP- IP-
. ID
: Ethernet, Port-channel
VLAN. ,
Port-channel VLAN,
IP-, ,
VLAN.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


IP- .
automatic.

(Ethernet).

IP-.
:
switchxxxxxx(config)# interface gi0/2
switchxxxxxx(config)# lldp management-address automatic

2.26.10

lldp notifications

(Ethernet).
/ LLDP .
:
lldp notifications {enable | disable}
no lldp notifications

.

no

:
enable

LLDP.

disable

LLDP.


LLDP .

(Ethernet).
:
switchxxxxxx(config)# interface gi0/4
switchxxxxxx(config)# lldp notifications enable

3.1.0.3 16.05.2013 .

358

-3000
. II

2.26.11

.465255.040

lldp notifications interval

.
LLDP.

:
lldp notifications interval seconds
no lldp notifications interval

.

no

:
seconds


5 3600 .


5 .

.
:
switchxxxxxx(config)# lldp notification interval 10

2.26.12

lldp lldpdu

.
LLDP , LLDP
.
:
lldp lldpdu {filtering | flooding}
no lldp lldpdu

.

no

:
filtering
LLDP ,
() LLDP.
flooding
LLDP ,
LLDP
( ).
359

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


LLDP ,
LLDP.

.

STP MSTP, LLDP
(flooding).
STP MSTP,
LLDP (flooding).
LLDP
LLDP flooding, LLDP
:

VLAN
LLDP. LLDP ,
STP forwarding;

(deny all)
LLDP;
VLAN
LLDP. LLDP ,
STP forwarding;

LLDP .

:
switchxxxxxx(config)# lldp lldpdu flooding

2.26.13

lldp med enable

(Ethernet).
LLDP MED (Media Endpoint Discovery) .
:
lldp med enable [tlv tlv4]
no lldp med enable
no LLDP MED .
:
tlv

3.1.0.3 16.05.2013 .

TLV, .
TLV: network-policy, location, poe-pse, inventory.
TLV, (capabilities),
360

-3000
. II

.465255.040

, LLDP-MED.

LLDP MED .

(Ethernet).
:
switchxxxxxx(config)# interface gi0/3
switchxxxxxx(config)# lldp med enable location

2.26.14

lldp med

(Ethernet).
LLDP MED .
:
lldp med {enable [tlv tlv4] | disable}
no lldp med

.

no

:
enable
tlv

disable

LLDP MED.
TLV, .
TLV: network-policy, location, inventory.
TLV , LLDP
MED.
LLDP MED .


LLDP MED .

(Ethernet).
:
switchxxxxxx(config)# interface gi0/3
switchxxxxxx(config-if)# lldp med enable location

2.26.15

lldp med notifications topology-change

(Ethernet).
LLDP MED.
361

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
lldp med notifications topology-change {enable | disable}
no lldp med notifications topology-change

.

no

:
enable
disable


LLDP MED.

LLDP MED.


disable.

(Ethernet).
:
switchxxxxxx(config)# interface gi0/2
switchxxxxxx(config)# lldp med notifications topology-change enable

2.26.16

lldp med fast-start repeat-count

.
.
:
lldp med fast-start repeat-count number
no lldp med fast-start repeat-count

.

no

:
number
LLDPDU

1 10.

3.

.
3.1.0.3 16.05.2013 .

362

-3000
. II

.465255.040

:
switchxxxxxx(config)# lldp med fast-start repeat-count 4

2.26.17

lldp med network-policy ( )

.
LLDP MED.
lldp
med network-policy voice auto.
lldp med network-policy ,
lldp med
network-policy ( ).
:
lldp med network-policy number application [vlan id] [vlan-type
{tagged | untagged}] [up priority] [dscp value]
no lldp med network-policy number
no LLDP
MED.
:
number


1 32.

application

,
.
: voice, voicesignaling,
guest-voice,
guest-voice-signaling,
softphone-voice, video-conferencing, streaming-video,
video-signaling.

vlan id

VLAN .

vlan-type

VLAN: VLAN VLAN .

up priority

( 2),
.

dscp value

DSCP,
.


.

.
363

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040



lldp
med network-policy.
32 .
:
console(config)# lldp med network-policy 1 voice-signaling vlan 1
vlan-type untagged up 1 dscp 2
Console(config)# interface gi0/1
Console(config-if)# lldp med network-policy add 1

2.26.18

lldp med network-policy ( )

(Ethernet).
LLDP MED .
:
lldp med network-policy {add | remove} number
no lldp med network-policy number
no LLDP
MED .
:
number


1 32.

add

remove


.

(Ethernet).


(voice, voice-signaling ..).

3.1.0.3 16.05.2013 .

364

-3000
. II

.465255.040

:
console(config)# lldp med network-policy 1 voice-signaling vlan 1
vlan-type untagged up 1 dscp 2
Console(config)# interface gi0/1
Console(config-if)# lldp med network-policy add 1

2.26.19

clear lldp table

.
.
:
clear lldp table [interface-id]
:
interface-id


,
.

.
:
console# clear lldp table gi0/1

2.26.20

lldp med location

(Ethernet).
LLDP MED .
:
lldp med location {{coordinate data} | {civic-address data} | {ecs-elin
data}}
no lldp med location {coordinate | civic-address | ecs-elin}
no .
:

365

coordinate
data


16 .

civic-address
data

6 160
.
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

ecs-elin data

ECS ELIN (Emergency Call Service Emergency


Location
Identification
Number)

. 10
25 .

data

ANSI/TIA 1057:

.
.
.


.

(Ethernet).
:
console(config)# interface gi0/2
console(config-if)# lldp med location civic-address 616263646566

2.26.21

show lldp configuration

.
LLDP .
:
show lldp configuration [interface-id | detailed]
:
interface-id

detailed


.
:
Switch# show lldp configuration
State: Enabled
Timer: 30 Seconds
Hold multiplier: 4
Reinit delay: 2 Seconds
Tx delay: 2 Seconds

3.1.0.3 16.05.2013 .

366

-3000
. II

.465255.040

Notifications interval: 5 seconds


Port

State Optional TLVs

Address

Notifications

----

----- --------------

-------

-------------

gi0/1

RX,TX PD, SN, SD, SC

172.16.1.1

Disabled

gi0/2

TX PD, SN

172.16.1.1

Disabled

gi0/3

RX,TX PD, SN, SD, SC

None

Disabled

gi0/4

RX,TX D, SN, SD, SC

automatic

Disabled

Switch# show lldp configuration gi0/1


State: Enabled
Timer: 30 Seconds
Hold multiplier: 4
Reinit delay: 2 Seconds
Tx delay: 2 Seconds
Notifications interval: 5 seconds
LLDP packets handling: Filtering
Port State Optional TLVs Address Notifications
-------------- -------------- -----------------------gi0/1 RX, TX PD, SN, SD, SC 72.16.1.1 Disabled
802.3 optional TLVs: 802.3-mac-phy, 802.3-lag, 802.3-max-frame-size
802.1 optional TLVs
PVID: Enabled
PPVIDs: 0, 1, 92
VLANs: 1, 92
Protocols: 802.1x

Switch# show lldp configuration gi0/1


State: Enabled
Timer: 30 Seconds
Hold multiplier: 4
Reinit delay: 2 Seconds
Tx delay: 2 Seconds
Notifications interval: 5 seconds
Port

State Optional TLVs Address Notifications

-------------- -------------- ------------------------

367

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

gi0/1 RX, TX PD, SN, SD, SC 72.16.1.1 Disabled


802.3 optional TLVs: 802.3-mac-phy, 802.3-lag, 802.3-max-frame-size
802.1 optional TLVs
PVID: Enabled
PPVIDs: 0, 1, 92
VLANs: 1, 92
Protocols: 802.1x

45

Timer

LLDP.

Hold multiplier

( ,
),
LLDP .

Reinit timer


LLDP.

Tx delay


LLDP,
MIB.

Port

State

LLDP .

Optional TLVs

TLV:

LLDP

PD ;
SN ;
SD ;
SC .

2.26.22

Address

Notifications

, LLDP.

PVID

PVID.

PPVID

PPVID.

Protocols

show lldp med configuration

.
LLDP MED .
:
show lldp med configuration [interface-id | detailed]

3.1.0.3 16.05.2013 .

368

-3000
. II

.465255.040

:
interface-id

detailed


,
.
detailed ,
.


.
:
console# show lldp med configuration
Fast Start Repeat Count: 4.
Network policy 1
------------------Application type: voiceSignaling
VLAN ID: 1 untagged
Layer 2 priority: 0
DSCP: 0
Port

Capabilities Network policy Location Notifications Inventory

------ ------------ -------------- -------- ------------- ------gi0/1

Yes

Yes

Yes

Enabled

Yes

gi0/2

Yes

Yes

No

Enabled

No

gi0/3

No

No

No

Enabled

No

switchxxxxxx# show lldp med configuration gi0/1


Port

Capabilities Network policy Location Notifications Inventory

------ ------------ -------------- -------- ----------

-----

gi0/1

Yes

Yes

Yes

Yes

Enabled

Network policies:
Location:
Civic-address: 61:62:63:64:65:66

369

3.1.0.3 16.05.2013 .

-3000
. II

2.26.23

.465255.040

show lldp local tlvs-overloading

.
TLV LLDP
.
, LLDP
.
:
show lldp local tlvs-overloading [interface-id]
:
interface-id


.

LLDP-,
LLDP.
:
Switch# show lldp local tlvs-overloading gi0/1
TLVs Group

Bytes

Status

------------

------

------------------

Mandatory

31

Transmitted

LLDP-MED Capabilities

Transmitted

LLDP-MED Location

200

Transmitted

802.1

1360

Overloading

Total: 1600 bytes


Left: 100 bytes

2.26.24

show lldp local

.
LLDP,
.
:
show lldp local interface-id
:
interface-id
3.1.0.3 16.05.2013 .

.
370

-3000
. II

.465255.040


.
:
Switch# show lldp local gi0/1
Device ID: 0060.704C.73FF
Port ID: gi0/1
Capabilities: Bridge
System Name: ts-7800-1
System description:
Port description:
Management address: 172.16.1.8
802.3 MAC/PHY Configuration/Status
Auto-negotiation support: Supported
Auto-negotiation status: Enabled
Auto-negotiation Advertised Capabilities: 100BASE-TX full duplex,
1000BASE-T full duplex
Operational MAU type: 1000BaseTFD
802.3 Link Aggregation
Aggregation capability: Capable of being aggregated
Aggregation status: Not currently in aggregation
Aggregation port ID: 1
802.3 Maximum Frame Size: 1522
802.3 EEE
Local Tx: 30 usec
Local Rx: 25 usec
Remote Tx Echo: 30 usec
Remote Rx Echo: 25 usec
802.1 PVID: 1
802.1 PPVID: 2 supported, enabled
802.1 VLAN: 2 (VLAN2)
802.1 Protocol: 88 8E 01
LLDP-MED capabilities: Network Policy, Location Identification
LLDP-MED Device type: Network Connectivity
LLDP-MED Network policy
Application type: Voice
Flags: Tagged VLAN
VLAN ID: 2
Layer 2 priority: 0

371

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

DSCP: 0
LLDP-MED Power over Ethernet
Device Type: Power Sourcing Entity
Power source: Primary Power Source
Power priority: High
Power value: 9.6 Watts
LLDP-MED Location
Coordinates: 54:53:c1:f7:51:57:50:ba:5b:97:27:80:00:00:67:01
LLDP-MED Inventory
Hardware Revision: B1
Firmware Revision: A1
Software Revision: 3.8
Serial number: 7978399
Manufacturer name: Manufacturer
Model name: Model 1
Asset ID: Asset 123
Switch# show lldp local gi0/2
LLDP is disabled.

2.26.25

show lldp neighbors

.
,
LLDP, .
:
show lldp neighbors [interface-id]
:
interface-id


,
.

.

TLV,
ASCII, .

3.1.0.3 16.05.2013 .

372

-3000
. II

.465255.040

:
Switch# show lldp neighbors
System capability legend:
B - Bridge; R - Router; W - Wlan Access Point; T - telephone;
D - DOCSIS Cable Device; H - Host; r - Repeater;
TP - Two Ports MAC Relay; S - S-VLAN; C - C-VLAN; O - Other
Port
Device ID
------- ------------------

Port ID System Name Capabilities TTL


-------- ---------- ----------- ----

gi0/1

00:00:00:11:11:11

gi0/1

ts-7800-2

90

gi0/1
gi0/2

00:00:00:11:11:11
00:00:26:08:13:24

gi0/1
gi0/3

ts-7800-2
ts-7900-1

B
B, R

90
90

gi0/3

00:00:26:08:13:24

gi0/2

ts-7900-2

90

Switch# show lldp neighbors gi0/1


Device ID: 00:00:00:11:11:11
Port ID: gi0/1
System Name: ts-7800-2
Capabilities: B
System description:
Port description:
Management address: 172.16.1.1
Time To Live: 90 seconds
802.3 MAC/PHY Configuration/Status
Auto-negotiation support: Supported.
Auto-negotiation status: Enabled.
Auto-negotiation Advertised Capabilities: 100BASE-TX full duplex,
1000BASE-T full duplex.
Operational MAU type: 1000BaseTFD
802.3 Power via MDI
MDI Power support Port Class: PD
PSE MDI Power Support: Not Supported
PSE MDI Power State: Not Enabled
PSE power pair control ability: Not supported.
PSE Power Pair: Signal
PSE Power class: 1
802.3 Link Aggregation
Aggregation capability: Capable of being aggregated
Aggregation status: Not currently in aggregation
Aggregation port ID: 1
802.3 Maximum Frame Size: 1522
802.3 EEE
Remote Tx: 25 usec

373

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Remote Rx: 30 usec


Local Tx Echo: 30 usec
Local Rx Echo: 25 usec
802.1 PVID: 1
802.1 PPVID: 2 supported, enabled
802.1 VLAN: 2(VLAN2)
802.1 Protocol: 88 8E 01
LLDP-MED capabilities: Network Policy.
LLDP-MED Device type: Endpoint class 2.
LLDP-MED Network policy
Application type: Voice
Flags: Unknown policy
VLAN ID: 0
Layer 2 priority: 0
DSCP: 0
LLDP-MED Power over Ethernet
Device Type: Power Device
Power source: Primary power
Power priority: High
Power value: 9.6 Watts
LLDP-MED Inventory
Hardware revision: 2.1
Firmware revision: 2.3
Software revision: 2.7.1
Serial number: LM759846587
Manufacturer name: VP
Model name: TR12
Asset ID: 9
LLDP-MED Location
Coordinates: 54:53:c1:f7:51:57:50:ba:5b:97:27:80:00:00:67:01

Switch# show lldp neighbors gi0/1


Device ID: 00:00:00:11:11:11
Port ID: gi0/1
System Name: ts-7800-2
Capabilities: B
System description:
Port description:
Management address: 172.16.1.1
Time To Live: 90 seconds
802.3 MAC/PHY Configuration/Status
Auto-negotiation support: Supported.

3.1.0.3 16.05.2013 .

374

-3000
. II

.465255.040

Auto-negotiation status: Enabled.


Auto-negotiation Advertised Capabilities: 100BASE-TX full duplex,
1000BASE-T full duplex.
Operational MAU type: 1000BaseTFD
802.3 Power via MDI
MDI Power support Port Class: PD
PSE MDI Power Support: Not Supported
PSE MDI Power State: Not Enabled
PSE power pair control ability: Not supported.
PSE Power Pair: Signal
PSE Power class: 1
802.3 Link Aggregation
Aggregation capability: Capable of being aggregated
Aggregation status: Not currently in aggregation
Aggregation port ID: 1
802.3 Maximum Frame Size: 1522
802.3 EEE
Remote Tx: 25 usec
Remote Rx: 30 usec
Local Tx Echo: 30 usec
Local Rx Echo: 25 usec
802.1 PVID: 1
802.1 PPVID: 2 supported, enabled
802.1 VLAN: 2(VLAN2)
802.1 Protocol: 88 8E 01
LLDP-MED capabilities: Network Policy.
LLDP-MED Device type: Endpoint class 2.
LLDP-MED Network policy
Application type: Voice
Flags: Unknown policy
VLAN ID: 0
Layer 2 priority: 0
DSCP: 0
LLDP-MED Power over Ethernet
Device Type: Power Device
Power source: Primary power
Power priority: High
Power value: 9.6 Watts
LLDP-MED Inventory
Hardware revision: 2.1
Firmware revision: 2.3
Software revision: 2.7.1
Serial number: LM759846587
Manufacturer name: VP
Model name: TR12
Asset ID: 9
LLDP-MED Location
Coordinates: 54:53:c1:f7:51:57:50:ba:5b:97:27:80:00:00:67:01

375

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

46

Port

Device ID

ID () - .

Port ID

ID .

System name

Capabilities

:
B ;
R ;
W ;
T ;
D DOCSIS;
H ;
r ;
O .

System description

Port description

Management
address

Auto-negotiation
support

( ).

Auto-negotiation
status

(
).

Auto-negotiation
Advertised
Capabilities

//
.

Operational MAU MAU .


type
LLDP MED
Capabilities

LLDP-MED .

Device type

: .
,
.

LLDP MED Network Policy


Application type

,
.

Flags

:
Unknown policy: ,
.
Tagged VLAN:
VLAN .
Untagged VLAN:
VLAN .

3.1.0.3 16.05.2013 .

376

-3000
. II

.465255.040

46

VLAN ID

VLAN .

Layer 2 priority

L2,
.

DSCP

DSCP,
.

LLDP MED Power Over Ethernet


Power type

. :
(PSE)
(PD).

Power Source

, PSE/PD. PSE:

. PD: ,
,
.

Power priority

. PSE .
PD . :
Critical, High Low.

Power value

,
PD PSE,
PSE,
.

LLDP MED Location


Coordinates, Civic .
address,
ECS
ELIN.

2.26.26

show lldp statistics

.
LLDP .
:
show lldp statistics [interface-id | detailed]
:
interface-id

detailed


,
.
377

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

detailed ,
.


.
:
switchxxxxxx# show lldp statistics
Tables Last Change Time: 14-Oct-2010 32:08:18
Tables Inserts: 26
Tables Deletes: 2
Tables Dropped: 0
Tables Ageouts: 1
TX Frames
Port

Total

RX Frames

RX

TLVs

Total Discarded Errors Discarded Unrecognized Total

------- ------- ----- --------- ------ --------- ----------

2.27
2.27.1

RX Ageouts
--------

gi0/1

730

850

gi0/2

gi0/3

730

gi0/4

Spanning Tree
spanning-tree

. STP.
:
spanning-tree
no spanning-tree
no STP.

STP .

.
:
switchxxxxxx(config)# spanning-tree

2.27.2

spanning-tree mode

.
Spanning Tree.
3.1.0.3 16.05.2013 .

378

-3000
. II

.465255.040

:
spanning-tree mode {stp | rstp | mst}
no spanning-tree mode

.

no

:
stp

STP.

rstp

RSTP.

mst

MSTP.


RSTP.

.

RSTP STP,
STP.
MSTP RSTP,
RSTP,
STP, STP.
:
switchxxxxxx(config)# spanning-tree mode mstp

2.27.3

spanning-tree forward-time

.
(FORWARDING)
STP.
:
spanning-tree forward-time seconds
no spanning-tree forward-time

.

no

:
seconds
379

4 30 .
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


15 .

.


:
2*(Forward-Time - 1) >= Max-Age
:
switchxxxxxx(config)# spanning-tree forward-time 25

2.27.4

spanning-tree hello-time

.
hello.
:
spanning-tree hello-time seconds
no spanning-tree hello-time

.

no

:
seconds

hello
1 10 .


2 .

.

hello
:
Max-Age >= 2*(Hello-Time + 1)
:
switchxxxxxx(config)# spanning-tree hello-time 5

3.1.0.3 16.05.2013 .

380

-3000
. II

2.27.5

.465255.040

spanning-tree max-age

.
.
:
spanning-tree max-age seconds
no spanning-tree max-age

.

no

:

6 40 .

seconds


20 .

.


:
2*(Forward-Time - 1) >= Max-Age
Max-Age >= 2*(Hello-Time + 1)
:
switchxxxxxx(config)# spanning-tree max-age 10

2.27.6

spanning-tree priority

.
, .
:
spanning-tree priority priority
no spanning-tree priority

.

no

:
priority
381

0 61440
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

4096.

32768.

.


.

,
MAC-.
:
switchxxxxxx(config)# spanning-tree priority 12288

2.27.7

spanning-tree disable

(Ethernet, Portchannel). Spanning Tree .


:
spanning-tree disable
no spanning-tree disable
no Spanning Tree
.

Spanning Tree .

(Ethernet, Port-channel).
:
switchxxxxxx(config)# interface gi0/5
switchxxxxxx(config-if)# spanning-tree disable

2.27.8

spanning-tree cost

(Ethernet, Portchannel). .
3.1.0.3 16.05.2013 .

382

-3000
. II

.465255.040

:
spanning-tree cost cost
no spanning-tree cost

.

no

:
cost

1 200 000 000.



(long short),
47.
47

Long

Short

Port-channel

20 000

TenGigabit Ethernet
(10 000 M/)

2 000

Gigabit Ethernet
(1000 M/)

20 000

Ethernet (10 M/)

2 000 000

100


(Ethernet, Port-channel).
:
switchxxxxxx(config)# interface gi0/4
switchxxxxxx(config-if)# spanning-tree cost 35000

2.27.9

spanning-tree port-priority

(Ethernet, Portchannel). .
:
spanning-tree port-priority priority
no spanning-tree port-priority

.

383

no

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
0 240
16.

priority


128.

(Ethernet, Port-channel).
:
switchxxxxxx(config)# interface gi0/4
switchxxxxxx(config-if)# spanning-tree port-priority 96

2.27.10

spanning-tree portfast

(Ethernet, Portchannel). PortFast. PortFast



.
:
spanning-tree portfast [auto]
no spanning-tree portfast
no PortFast.
:
auto

3 (
BPDU)
PortFast.


PortFast .

(Ethernet, Port-channel).
:
switchxxxxxx(config)# interface gi0/4
switchxxxxxx(config-if)# spanning-tree portfast

2.27.11

spanning-tree link-type

(Ethernet, Port 3.1.0.3 16.05.2013 .

384

-3000
. II

.465255.040

channel). ,
, RSTP
.
:
spanning-tree link-type {point-to-point | shared}
no spanning-tree spanning-tree link-type
no .
:
point-to-point

-.

shared



.
, -.
, .

(Ethernet, Port-channel).
:
switchxxxxxx(config)# interface gi0/4
switchxxxxxx(config-if)# spanning-tree link-type shared

2.27.12

spanning-tree pathcost method

.
.
:
spanning-tree pathcost method {long | short}
no spanning-tree pathcost method

.

no

385

long


1 200 000 000.

short


1 65 535.
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


long.

.

Spanning Tree
.

short,
100.

long,
20 000.

:
switchxxxxxx(config)# spanning-tree pathcost method long

2.27.13

spanning-tree bpdu ( )

.
BPDU, Spanning Tree
.
:
spanning-tree bpdu {filtering | flooding}
no spanning-tree bpdu

.

no

:
filtering

BPDU, Spanning Tree


.

flooding

BPDU (
VLAN) ,
Spanning Tree ,
BPDU flooding.
BPDU .


flooding.

3.1.0.3 16.05.2013 .

386

-3000
. II

.465255.040


.

filtering flooding , Spanning Tree
.
:
switchxxxxxx(config)# spanning-tree bpdu flooding

2.27.14

spanning-tree bpdu ( )

(Ethernet, Portchannel). BPDU, Spanning Tree


.
:
spanning-tree bpdu {filtering | flooding}
no spanning-tree bpdu

.

no

:
filtering

BPDU, Spanning Tree


.

flooding

BPDU (
VLAN) ,
Spanning Tree
BPDU flooding.
BPDU .

spanning-tree

bpdu


(Ethernet, Port-channel).
:
switchxxxxxx(config)# interface gi0/3
switchxxxxxx(config-if)# spanning-tree bpdu flooding

387

3.1.0.3 16.05.2013 .

-3000
. II

2.27.15

.465255.040

spanning-tree guard root

(Ethernet, Portchannel). root guard Spanning Tree


. Root guard
.
:
spanning-tree guard root
no spanning-tree guard root
no root guard .

root guard .

(Ethernet, Port-channel).

Root guard ,
STP, RSTP MSTP.
root guard ,
, Spanning Tree
.
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# spanning-tree guard root

3.1.0.3 16.05.2013 .

388

-3000
. II

2.27.16

.465255.040

spanning-tree bpduguard

(Ethernet, Portchannel). ,
BPDU.
:
spanning-tree bpduguard {enable | disable}
no spanning-tree bpduguard

.

no

:
enable

BPDU Guard .

disable

BPDU Guard .


BPDU Guard .

(Ethernet, Port-channel).

, Spanning Tree
( , PortFast)
.
:
switchxxxxxx(config)# interface gi0/4
switchxxxxxx(config-if)# spanning-tree bpduguard enable

389

3.1.0.3 16.05.2013 .

-3000
. II

2.27.17

.465255.040

clear spanning-tree detected-protocols

.
( )
.
:
clear spanning-tree detected-protocols [interface interface-id]
:
interface-id

: ( Ethernet Portchannel).



.

.


RSTP MSTP.
:
switchxxxxxx# clear spanning-tree detected-protocols

2.27.18

spanning-tree mst priority

.
(instance)
Spanning Tree.
:
spanning-tree mst instance-id priority priority
no spanning-tree mst instance-id priority

.

no

:
instance-id


1 15.

priority


Spanning Tree 0 61440

3.1.0.3 16.05.2013 .

Spanning

Tree

390

-3000
. II

.465255.040

4096. ,
,
.

32768.

.


Spanning Tree.
:
switchxxxxxx(config)# spanning-tree mst 1 priority 4096

2.27.19

spanning-tree mst max-hops

.
(hops) MST , BPDU
.
:
spanning-tree mst max-hops hop-count
no spanning-tree mst max-hops

.

no

:
hop-count

(hops) MST
, BPDU ,
1 40.


20.

.
:
switchxxxxxx(config)# spanning-tree mst max-hops 10

391

3.1.0.3 16.05.2013 .

-3000
. II

2.27.20

.465255.040

spanning-tree mst port-priority

(Ethernet,
MSTP.

Port-channel).

:
spanning-tree mst instance-id port-priority priority
no spanning-tree mst instance-id port-priority

.

no

:
instance-id


1 15.

priority

0 240
16.

Spanning

Tree


128.

(Ethernet, Port-channel).
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# spanning-tree mst 1 port-priority 144

2.27.21

spanning-tree mst cost

(Ethernet, Portchannel). MST (Multiple Spanning


Tree). Spanning Tree
.
:
spanning-tree mst instance-id cost cost
no spanning-tree mst instance-id cost

.

no

:
instance-id
3.1.0.3 16.05.2013 .


1 15.

Spanning

Tree

392

-3000
. II

.465255.040

1
200 000 000.

cost



(long short),
48.
48

Long

Short

Port-channel

20 000

TenGigabit Ethernet
(10 000 M/)

2 000

Gigabit Ethernet
(1000 M/)

20 000

Ethernet (10 M/)

2 000 000

100


(Ethernet, Port-channel).
:
switchxxxxxx(config)# interface gi0/4
switchxxxxxx(config-if)# spanning-tree mst 1 cost 4

2.27.22

spanning-tree mst configuration

.
MST MST (Multiple
Spanning Tree).
:
spanning-tree mst configuration

.


MST, VLAN
,
.

393

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# spanning-tree mst configuration
switchxxxxxx(config-mst)# instance 1 vlan 10-20
switchxxxxxx(config-mst)# name region1
switchxxxxxx(config-mst)# revision 1

2.27.23

instance ( MST)

MST. VLAN
MST.
:
instance instance-id vlan vlan-range
no instance instance-id vlan vlan-range

.

no

:
instance-id

MST 1 15.

vlan-range

VLAN 1
4094.


VLAN Spanning
Tree (CIST) ( 0).

MST.

VLAN, MST,
Spanning Tree (CIST)
( 0) .

MST,
VLAN ,
.

3.1.0.3 16.05.2013 .

394

-3000
. II

.465255.040

:
switchxxxxxx(config)# spanning-tree mst configuration
switchxxxxxx(config-mst)# instance 1 vlan 10-20

2.27.24

name ( MST)


MST.

MST.

:
name string
no name

.

no

:
string

MST 32 .


MAC- .

MST.
:
switchxxxxxx(config)# spanning-tree mst configuration
switchxxxxxx(config-mst)# name region1

2.27.25

revision ( MST)

MST.
MST.
:
revision value
no revision

.

no

:
value

395

MST 0
65535 .

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


0.

MST.
:
switchxxxxxx(config) # spanning-tree mst configuration
switchxxxxxx(config-mst) # revision 1

2.27.26

show (MST)

MST.
MST.
:
show {current | pending}
:
current


MST.

pending


MST.


MST.
:
switchxxxxxx(config-mst)# show pending
Gathering information ..........
Current MST configuration
Name: Region1
Revision: 1

2.27.27

Instance

Vlans Mapped

State

--------

----------

-------

1-4094

Disabled

exit ( MST)

MST.
MST region .
:
exit
3.1.0.3 16.05.2013 .

396

-3000
. II

.465255.040


MST.
:
switchxxxxxx(config)# spanning-tree mst configuration
switchxxxxxx(config-mst)# exit
switchxxxxxx(config)#

2.27.28

abort ( MST)

MST.
MST .
:
abort

MST.
:
switchxxxxxx(config)# spanning-tree mst configuration
switchxxxxxx(config-mst)# abort

2.27.29

show spanning-tree

.
STP.
:
show spanning-tree [interface-id] [instance instance-id]
show spanning-tree [detail] [active | blockedports] [instance
instance-id]
show spanning-tree mst-configuration
:

397

instance-id

Spanning Tree
1 15.

detail

active

blockedports

mst-configuration

MST.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

( Ethernet
Port-channel).

interface-id


,
.

.

, MST.
:
Switchxxxxxx# show spanning-tree
Spanning tree enabled mode RSTP
Default port cost method: long
Loopback guard: Disabled
Root ID

Priority

32768

Address

00:01:42:97:e0:00

Path Cost

20000

Root Port

gi0/1

Hello Time 2 sec


Bridge ID

Max Age 20 sec Forward Delay 15 sec

Priority

36864

Address

00:02:4b:29:7a:00

Hello Time 2 sec

Max Age 20 sec Forward Delay 15 sec

Interfaces
Name

State

-------- --------

Prio.Nbr Cost

Sts

Role

PortFast Type

------- ------ ---- ----- --------

--------

gi0/1

Enabled

128.1

20000

FWD

Root

No

P2p (RSTP)

gi0/2

Enabled

128.2

20000

FWD

Desg

No

Shared (STP)

gi0/3

Disabled 128.3

20000

gi0/4

Enabled

20000

BLK

Altn

No

Shared (STP)

128.4

Switchxxxxxx# show spanning-tree


Spanning tree enabled mode RSTP
Default port cost method: long
Root ID

Priority

36864

Address

00:02:4b:29:7a:00

This switch is the Root.


Hello Time 2 sec

Max Age 20 sec Forward Delay 15 sec

Interfaces

3.1.0.3 16.05.2013 .

398

-3000
. II
Name

State

.465255.040

Prio.Nbr Cost

Sts

Role

PortFast Type

-------- -------- -------- ------ ----- ----- ------- --------gi0/1

Enabled

128.1

20000

FWD

Desg

No

P2p (RSTP)

gi0/2

Enabled

128.2

20000

FWD

Desg

No

Shared (STP)

gi0/3

Disabled 128.3

20000

gi0/4

Enabled

20000

FWD

Desg

No

Shared (STP)

128.4

Switchxxxxxx# show spanning-tree


Spanning tree disabled (BPDU filtering) mode RSTP
Default port cost method: long
Root ID

Bridge ID

Priority

N/A

Address

N/A

Path Cost

N/A

Root Port

N/A

Hello Time

N/A Max Age N/A Forward Delay N/A

Priority

36864

Address

00:02:4b:29:7a:00

Hello Time 2 sec

Max Age 20 sec Forward Delay 15 sec

Interfaces
Name

State

Prio.Nbr Cost

Sts

Role

PortFast Type

-------- -------- -------- ------ ----- ---- --------- --------gi0/1

Enabled

128.1

20000

gi0/2

Enabled

128.2

20000

gi0/3

Disabled 128.3

20000

gi0/4

Enabled

20000

128.4

Switchxxxxxx# show spanning-tree active


Spanning tree enabled mode RSTP
Default port cost method: long
Root ID

Priority

32768

Address

00:01:42:97:e0:00

Path Cost

20000

Root Port

gi0/1

Hello Time 2 sec


Bridge ID

Max Age 20 sec Forward Delay 15 sec

Priority

36864

Address

00:02:4b:29:7a:00

Hello Time 2 sec

Max Age 20 sec Forward Delay 15 sec

Interfaces
Name

399

Prio.Nbr Cost

Sts

Role

PortFast Type

-------- -------

State

-------

----

---

----

---------------------

gi0/1

Enabled

128.1

20000

FWD

Root

No

P2p (RSTP)

gi0/2

Enabled

128.2

20000

FWD

Desg

No

Shared (STP)

3.1.0.3 16.05.2013 .

-3000
. II
gi0/4

Enabled

128.4

.465255.040
20000

BLK

Altn

No

Shared (STP)

Switchxxxxxx# show spanning-tree blockedports


Spanning tree enabled mode RSTP
Default port cost method: long
Root ID

Priority

32768

Address

00:01:42:97:e0:00

Path Cost

20000

Root Port

gi0/1

Hello Time 2 sec


Bridge ID

Max Age 20 sec Forward Delay 15 sec

Priority

36864

Address

00:02:4b:29:7a:00

Hello Time 2 sec

Max Age 20 sec Forward Delay 15 sec

Interfaces
Name

Prio.Nbr Cost

Sts

Role

PortFast Type

-------- -------

State

-------

----

---

----

---------------------

gi0/4

128.4

20000

BLK

Altn

No

Enabled

Shared (STP)

Switchxxxxxx# show spanning-tree detail


Spanning tree enabled mode RSTP
Default port cost method: long
Root ID

Priority

32768

Address

00:01:42:97:e0:00

Path Cost

20000

Root Port

gi0/1

Hello Time 2 sec


Bridge ID

Max Age 20 sec Forward Delay 15 sec

Priority

36864

Address

00:02:4b:29:7a:00

Hello Time 2 sec

Max Age 20 sec Forward Delay 15 sec

Number of topology changes 2 last change occurred 2d18h ago


Times:

hold 1, topology change 35, notification 2


hello 2, max age 20, forward delay 15

Port 1 (gi0/1) enabled


State: Forwarding

Role: Root

Port id: 128.1

Port cost: 20000

Type: P2p (configured: auto) RSTP

Port Fast: No (configured:no)

Designated bridge Priority: 32768

Address: 00:01:42:97:e0:00

Designated port id: 128.25

Designated path cost: 0

Guard root: Disabled

BPDU guard: Disabled

Number of transitions to forwarding state: 1

3.1.0.3 16.05.2013 .

400

-3000
. II

.465255.040

BPDU: sent 2, received 120638


Port 2 (gi0/2) enabled
State: Forwarding

Role: Designated

Port id: 128.2

Port cost: 20000

Type: Shared (configured: auto) STP

Port Fast: No (configured:no)

Designated bridge Priority: 32768

Address: 00:02:4b:29:7a:00

Designated port id: 128.2

Designated path cost: 20000

Guard root: Disabled

BPDU guard: Disabled

Number of transitions to forwarding state: 1


BPDU: sent 2, received 170638
Port 3 (gi0/3) disabled
State: N/A

Role: N/A

Port id: 128.3

Port cost: 20000

Type: N/A (configured: auto)

Port Fast: N/A (configured:no)

Designated bridge Priority: N/A

Address: N/A

Designated port id: N/A

Designated path cost: N/A

Guard root: Disabled

BPDU guard: Disabled

Number of transitions to forwarding state: N/A


BPDU: sent N/A, received N/A
Port 4 (gi0/4) enabled
State: Blocking

Role: Alternate

Port id: 128.4

Port cost: 20000

Type: Shared (configured:auto) STP

Port Fast: No (configured:no)

Designated bridge Priority: 28672

Address: 00:30:94:41:62:c8

Designated port id: 128.25

Designated path cost: 20000

Guard root: Disabled

BPDU guard: Disabled

Number of transitions to forwarding state: 1


BPDU: sent 2, received 120638

Switchxxxxxx# show spanning-tree ethernet gi0/1


Port 1 (gi0/1) enabled
State: Forwarding

Role: Root

Port id: 128.1

Port cost: 20000

Type: P2p (configured: auto) RSTP

Port Fast: No (configured:no)

Designated bridge Priority: 32768

Address: 00:01:42:97:e0:00

Designated port id: 128.25

Designated path cost: 0

Guard root: Disabled

BPDU guard: Disabled

Number of transitions to forwarding state: 1


BPDU: sent 2, received 120638

Switchxxxxxx# show spanning-tree mst-configuration

401

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Name: Region1
Revision: 1
Instance

Vlans mapped

State

--------

------------

-------

1-9, 21-4094

Enabled

10-20

Enabled

Switchxxxxxx# show spanning-tree


Spanning tree enabled mode MSTP
Default port cost method: long
###### MST 0 Vlans Mapped: 1-9
CST Root ID

Priority 32768
Address 00:01:42:97:e0:00
Path cost 20000
Root Port gi0/1
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

IST Master ID

Priority
Address
32768
00:02:4b:29:7a:00
This switch is the IST master.
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Max hops 20

Interfaces
Name
State
-------- ------gi0/1
Enabled
gi0/2
Enabled
gi0/3
Enabled
gi0/4

Prio.Nbr
------128.1
128.2
128.3

Enabled 128.4

Cost
---20000
20000
20000

Sts
--FWD
FWD
FWD

Role
---Root
Desg
Desg

PortFast Type
-------- -----------No
No
P2p Bound (RSTP)
No
Shared Bound

20000

FWD

Desg

No

Root ID

Priority 24576
Address 00:02:4b:29:89:76
Path cost 20000
Root Port gi0/4
Rem hops 19

Bridge ID

Priority 32768

(STP)
P2p
P2p

Address 00:02:4b:29:7a:00
Interfaces
Name
State
-------- ------gi0/1
Enabled
gi0/2
Enabled

3.1.0.3 16.05.2013 .

Prio.Nbr
------128.1
128.2

Cost
---20000
20000

Sts
--FWD
FWD

Role
---Boun
Boun

PortFast Type
-------- -----------No
No
P2p Bound (RSTP)

402

-3000
. II
gi0/3
gi0/4

Enabled 128.3
Enabled 128.4

.465255.040
20000
20000

BLK
FWD

Altn
Root

No
No

Shared Bound
(STP)
P2p
P2p

Switchxxxxxx# show spanning-tree detail


Spanning tree enabled mode MSTP
Default port cost method: long
###### MST 0 Vlans Mapped: 1-9
CST Root ID

Priority 32768
Address 00:01:42:97:e0:00
Path Cost 20000
Root Port gi0/1
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

IST Master ID

Priority 32768
Address 00:02:4b:29:7a:00
Path Cost 20000
This switch is the IST master.
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Max hops 20
Number of topology changes 2 last change occurred 2d18h ago
Times: hold 1, topology change 35, notification 2
hello 2, max age 20, forward delay 15

Port 1 (gi0/1) enabled


State: Forwarding
Port id: 128.1
Type: P2p (configured: auto) Boundary RSTP
Designated bridge Priority: 32768
Designated port id: 128.25
Number of transitions to forwarding state: 1
BPDU: sent 2, received 120638

Role: Root
Port cost: 20000
Port Fast: No (configured:no)
Address: 00:01:42:97:e0:00
Designated path cost: 0

Port 2 (gi0/2) enabled


State: Forwarding
Role: Designated
Port id: 128.2
Port cost: 20000
Type: Shared (configured: auto) Boundary STP Port Fast: No (configured:no)
Designated bridge Priority: 32768
Address: 00:02:4b:29:7a:00
Designated port id: 128.2
Designated path cost: 20000
Number of transitions to forwarding state: 1
BPDU: sent 2, received 170638
Port 3 (gi0/3) enabled
State: Forwarding
Port id: 128.3
Type: Shared (configured: auto) Internal
Designated bridge Priority: 32768

Role: Designated
Port cost: 20000
Port Fast: No (configured:no)
Address: 00:02:4b:29:7a:00

Designated port id: 128.3


Designated path cost: 20000
Number of transitions to forwarding state: 1
BPDU: sent 2, received 170638

403

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Port 4 (gi0/4) enabled


State: Forwarding
Port id: 128.4

Role: Designated
Port cost: 20000

Type: Shared (configured: auto) Internal


Designated bridge Priority: 32768

Port Fast: No (configured:no)


Address: 00:02:4b:29:7a:00

Designated port id: 128.2


Designated path cost: 20000
Number of transitions to forwarding state: 1
BPDU: sent 2, received 170638
###### MST 1 Vlans Mapped: 10-20
Root ID

Priority 24576
Address 00:02:4b:29:89:76
Path Cost 20000
Root Port gi0/4
Rem hops 19

Bridge ID

Priority 32768
Address 00:02:4b:29:7a:00
Number of topology changes 2 last change occurred 1d9h ago
Times: hold 1, topology change 2, notification 2
hello 2, max age 20, forward delay 15

Port 1 (gi0/1) enabled


State: Forwarding

Role: Boundary

Port id: 128.1


Type: P2p (configured: auto) Boundary RSTP

Port cost: 20000


Port Fast: No (configured:no)

Designated bridge Priority: 32768


Designated port id: 128.1

Address: 00:02:4b:29:7a:00
Designated path cost: 20000

Number of transitions to forwarding state: 1


BPDU: sent 2, received 120638
Port 2 (gi0/2) enabled
State: Forwarding

Role: Designated

Port id: 128.2


Port cost: 20000
Type: Shared (configured: auto) Boundary STP Port Fast: No (configured:no)
Designated bridge Priority: 32768
Designated port id: 128.2

Address: 00:02:4b:29:7a:00
Designated path cost: 20000

Number of transitions to forwarding state: 1


BPDU: sent 2, received 170638
Port 3 (gi0/3) disabled
State: Blocking

Role: Alternate

Port id: 128.3


Type: Shared (configured: auto) Internal

Port cost: 20000


Port Fast: No (configured:no)

Designated bridge Priority: 32768


Designated port id: 128.78

Address: 00:02:4b:29:1a:19
Designated path cost: 20000

Number of transitions to forwarding state: 1


BPDU: sent 2, received 170638
Port 4 (gi0/4) enabled

3.1.0.3 16.05.2013 .

404

-3000
. II

.465255.040

State: Forwarding
Port id: 128.4

Role: Designated
Port cost: 20000

Type: Shared (configured: auto) Internal


Designated bridge Priority: 32768

Port Fast: No (configured:no)


Address: 00:02:4b:29:7a:00

Designated port id: 128.2


Designated path cost: 20000
Number of transitions to forwarding state: 1
BPDU: sent 2, received 170638

Switchxxxxxx# show spanning-tree


Spanning tree enabled mode MSTP
Default port cost method: long
###### MST 0 Vlans Mapped: 1-9
CST Root ID

Priority

32768

Address
00:01:42:97:e0:00
Path Cost 20000
Root Port gi0/1
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
IST Master ID

Priority
Address
Path Cost
Rem hops

32768
00:02:4b:19:7a:00
10000
19

Bridge ID

Priority 32768
Address 00:02:4b:29:7a:00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Max hops 20

Switchxxxxxx# show spanning-tree


Spanning tree enabled mode MSTP
Default port cost method: long
###### MST 0 Vlans Mapped: 1-9
CST Root ID

Priority 32768
Address 00:01:42:97:e0:00
This switch is root for CST and IST master.
Root Port gi0/1
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Max hops 20

2.27.30

show spanning-tree bpdu

.
BPDU, Spanning
Tree .
:
show spanning-tree bpdu [interface-id | detailed]
405

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
interface-id

: Ethernet Portchannel.

detailed


.
detailed ,
.

.
:
switchxxxxxx# show spanning-tree bpdu
The following is the output if the global BPDU handling
command is not supported.
Interface

Admin Mode

Oper Mode

---------

-----------

---------

gi0/1

Filtering

Filtering

gi0/2

Filtering

Filtering

gi0/3

Filtering

Guard

The following is the output if both the global BPDU


handling command and the per-interface BPDU handling
command are supported.
Global: Flooding

2.27.31

Interface

Admin Mode

Oper Mode

---------

-----------

---------

gi0/1

Global

Flooding

gi0/2

Global

STP

gi0/3

Flooding

STP

spanning-tree loopback-guard

.

(Loopback detection BPDU).
:
spanning-tree loopback-guard
no spanning-tree loopback-guard
3.1.0.3 16.05.2013 .

406

-3000
. II

.465255.040

no


.
:
switch (config)# spanning-tree loopback-guard

2.28
2.28.1

VLAN
vlan database

.
VLAN.
VLAN VLAN .
exit
.
:
vlan database

VLAN 1 .

.
:
switchxxxxxx(config)# vlan database
switchxxxxxx(config-vlan)# vlan 1972
switchxxxxxx(config-vlan)# exit
switchxxxxxx(config)#

2.28.2

vlan

VLAN
. VLAN (
VLAN).

407

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
vlan vlan-range
no vlan vlan-range
no VLAN.
:
vlan-range

VLAN
2 4094.

.

name

VLAN 32 .

VLAN .


VLAN 1 .

.
VLAN.
:
switchxxxxxx(config)#vlan database
switchxxxxxx(config-vlan)#vlan 1972 Marketing
switchxxxxxx(config-vlan)#

2.28.3

show vlan

.
VLAN VLAN
VLAN:

VLAN;

VLAN;

VLAN;

VLAN ( );

VLAN.

:
show vlan [tag vlan-id | name vlan-name]

3.1.0.3 16.05.2013 .

408

-3000
. II

.465255.040

:
tag vlan-id

VLAN.

name vlan-name

VLAN
32 .


VLAN.

.
:
switchxxxxxx# show vlan
VLAN

Name

Ports

Type

Authorization

----

----------

--------

-------

--------------

default

gi0/1-2

Other

Required

10

VLAN0010

gi0/3-4

dynamic

Required

11

VLAN0011

gi0/1-2

static

Required

20

VLAN0020

gi0/3-4

static

Required

21

VLAN0021

static

Required

30

VLAN0030

static

Required

31

VLAN0031

static

Required

91

VLAN0091

gi0/1-2

static

Not Required

3978

Guest VLAN

gi0/1

static

Guest

switchxxxxxx# show vlan tag 1

409

VLAN

Name

Ports

Type

Authorization

----

----------

--------

-------

--------------

default

gi0/1-2

Defaults Required

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

switchxxxxxx# show vlan name Marketing

2.28.4

VLAN

Name

Ports

Type

Authorization

----

----------

--------

-------

--------------

Marketing

gi0/3-4

static

Required

interface vlan

.
(VLAN) VLAN.
VLAN.
VLAN interface
range vlan.
:
interface vlan vlan-id
:
vlan-id

VLAN.


.

VLAN (ghost VLAN),
(VLAN).
,
ghost VLAN:

IGMP Snooping;

bridge multicast.

VLAN,

:
switchxxxxxx (config)# interface vlan 1
switchxxxxxx (config-if)# ip address 131.108.1.27 255.255.255.0

3.1.0.3 16.05.2013 .

410

-3000
. II

2.28.5

.465255.040

interface range vlan

.
VLAN.

:
interface range vlan vlan-range
:
vlan-range

VLAN
. VLAN
.


.


.
,
,
.
:
switchxxxxxx(config)# interface range vlan 221-228, vlan 889
switchxxxxxx(config-if)#

2.28.6

name

(VLAN).
VLAN.
:
name string
no name
no VLAN.
:
string

VLAN 32 .


VLAN .

411

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


(VLAN).

.

VLAN .
:
switchxxxxxx(config)# interface vlan 19
switchxxxxxx(config-if)# name Marketing

2.28.7

switchport protected-port

(Ethernet, Portchannel).

2
.
:
switchport protected-port
no switchport protected-port
no .

.

(Ethernet, Port-channel).

,
2
(
, ) .
,
FDB .

switchport community.
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# switchport protected-port

3.1.0.3 16.05.2013 .

412

-3000
. II

2.28.8

.465255.040

show interfaces protected-ports

.
.
:
show interfaces protected-ports [interface-id | detailed]
:
interface-id

: Ethernet Portchannel.

detailed



. detailed ,
.

.
:
switchxxxxxx# show interfaces protected-ports
Interface

State

Community

--------- ------------- --------gi0/1

Protected

gi0/2

Protected

Isolated

gi0/3

Unprotected

20

gi0/4

Unprotected

Isolated

Community
,
Protected.
2.28.9

switchport community

(Ethernet, Portchannel). .
:
switchport community community
no switchport community

.
413

no

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
community

1 30.


.

(Ethernet, Port-channel).

,
.

switchport protected-port.
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# switchport community 1

2.28.10

switchport

.
3
2.
:
switchport
no switchport
no
3.

2.

(Ethernet, Port-channel).
:
switchxxxxxx(config)# interface gi1
switchxxxxxx(config-if)#switchport

switchxxxxxx(config)# interface gi1

3.1.0.3 16.05.2013 .

414

-3000
. II

.465255.040

switchxxxxxx(config-if)#no switchport

2.28.11

switchport mode

(Ethernet, Portchannel). VLAN.


:
switchport mode {access | trunk | general | customer}
no switchport mode

.

no

:
access

VLAN 2.

trunk

VLAN 2.

general

VLAN,
802.1Q.

customer

. ,
.

private-vlan
promiscuous

VLAN.

private-vlan host

VLAN.


access.

(Ethernet, Port-channel).


.
access, access-VLAN
, -
VLAN.

415

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# switchport mode access
switchxxxxxx(config-if)# switchport access vlan 2

2.28.12

switchport access vlan


VLAN.

access
VLAN.
:
switchport access vlan vlan-id
no switchport access vlan

.

no

:
vlan-id

VLAN.


VLAN .

(Ethernet, Port-channel).

VLAN
VLAN.
:
switchxxxxxx(config)# interface gi0/2
switchxxxxxx(config-if)# switchport mode access
switchxxxxxx(config-if)# switchport access vlan 2

3.1.0.3 16.05.2013 .

416

-3000
. II

2.28.13

.465255.040

switchport trunk allowed vlan

(Ethernet, Portchannel). VLAN ,


trunk.
,

trunk,

VLAN , ,
VLAN.
:
switchport trunk allowed vlan {add vlan-list | remove vlan-list}
:
add vlan-list

VLAN ID
. VLAN
.

remove vlan-list VLAN ID


. VLAN
.

, trunk,
VLAN .

(Ethernet, Port-channel).

VLAN,
VLAN.
("An interface
cannot become a member of a forbidden VLAN. This message will
only be displayed once"),
, VLAN.
:
switchxxxxxx(config)# interface range gi0/1-3
switchxxxxxx(config-if)# switchport mode trunk
switchxxxxxx(config-if)# switchport trunk allowed vlan add 2-3,100
switchxxxxxx(config-if)#

417

3.1.0.3 16.05.2013 .

-3000
. II

2.28.14

.465255.040

switchport trunk native vlan

(Ethernet, Portchannel). native-VLAN,


trunk.
,
trunk, native-VLAN .
:
switchport trunk native vlan vlan-id
no switchport trunk native vlan

.

no

:
vlan-id

native-VLAN.


VLAN native-VLAN.

(Ethernet, Port-channel).

VLAN.
VLAN ( native-VLAN),
VLAN.
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# switchport trunk native vlan 2
Port 1: Port is Trunk in VLAN 2.
switchxxxxxx(config-if)# switchport trunk allowed vlan remove 2
switchxxxxxx(config-if)# switchport trunk native vlan 2
switchxxxxxx(config-if)#

switchxxxxxx(config)# interface gi0/1


switchxxxxxx(config-if)# switchport mode trunk
switchxxxxxx(config-if)# switchport trunk native vlan 2
switchxxxxxx(config-if)#

3.1.0.3 16.05.2013 .

418

-3000
. II

.465255.040

switchxxxxxx(config)# interface gi0/1


switchxxxxxx(config-if)# switchport mode trunk
switchxxxxxx(config-if)# switchport trunk allowed vlan add 2
switchxxxxxx(config-if)#

2.28.15

switchport general allowed vlan

(Ethernet, Portchannel). VLAN


( ).
.
:
switchport general allowed vlan {[add vlan-list [tagged | untagged]]
| [remove vlan-list]}
:
add vlan-list
VLAN
. VLAN
.

tagged
VLAN ( ).

untagged
VLAN.
remove vlan-list VLAN
. VLAN
.

- VLAN.
.

(Ethernet, Port-channel).

(,
VLAN VLAN )
VLAN .
VLAN,
VLAN.
("An interface
cannot become a member of a forbidden VLAN. This message will
only be displayed once"),
, VLAN.
419

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general allowed vlan add 2-3 tagged

2.28.16

switchport general pvid

(Ethernet, Portchannel). PVID (Port VLAN ID) ,


general.
:
switchport general pvid vlan-id
no switchport general pvid

.

no

:
vlan-id

PVID .


VLAN PVID.

(Ethernet, Port-channel).
:
switchxxxxxx(config)# interface gi0/2
switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general pvid 234

switchxxxxxx(config)# interface gi0/4


switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general allowed vlan add 2-3
tagged
switchxxxxxx(config-if)# switchport general allowed vlan add 100
untagged
switchxxxxxx(config-if)# switchport general pvid 100
switchxxxxxx(config-if)# no switchport general pvid
switchxxxxxx(config-if)#

3.1.0.3 16.05.2013 .

420

-3000
. II

.465255.040

switchxxxxxx(config)# interface gi0/4


switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general pvid 2
switchxxxxxx(config-if)# switchport general allowed vlan add 2 untagged
switchxxxxxx(config-if)#

switchxxxxxx(config)# interface gi0/5


switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general pvid 2
switchxxxxxx(config-if)# switchport general allowed vlan add 2 tagged
switchxxxxxx(config-if)#

switchxxxxxx(config)# interface gi0/5


switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general allowed vlan add 2 tagged
switchxxxxxx(config-if)#

switchxxxxxx(config)# interface gi0/3


switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general allowed vlan add 2 tagged
switchxxxxxx(config-if)#

2.28.17

switchport general ingress-filtering disable

(Ethernet, Portchannel). .
:
switchport general ingress-filtering disable
no switchport general ingress-filtering disable

.

no


.

(Ethernet, Port-channel).

421

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# interface gigabitethernet 0/1
switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general ingress-filtering disable

2.28.18

switchport general acceptable-frame-type

(Ethernet, Portchannel). (
).
:
switchport general acceptable-frame-type {tagged-only | untaggedonly | all}
no switchport general acceptable-frame-type

.

no

:
tagged-only

untagged-only

VLAN (
).

all


.

(Ethernet, Port-channel).
:
switchxxxxxx(config)# interface gi0/3
switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general acceptable-frame-type
tagged-only

2.28.19

switchport customer vlan

(Ethernet, Portchannel). VLAN ,


customer ( switchport mode).

3.1.0.3 16.05.2013 .

422

-3000
. II

.465255.040

customer,
QinQ.
VLAN (PVID) .
QinQ,
, customer.
:
switchport customer vlan vlan-id
no switchport customer vlan

.

no

:
vlan-id

customer-VLAN.


VLAN .

(Ethernet, Port-channel).
:
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# switchport mode customer
switchxxxxxx(config-if)# switchport customer vlan 5

2.28.20

switchport protected

(Ethernet, Portchannel). MAC-


(FDB) ,
uplink .
:
switchport protected {interface-id}
no switchport protected
no .
:
interface-id

423

: Ethernet
Port-channel.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

(Ethernet, Port-channel).

MAC-
(FDB) uplink.
,
.

.

VLAN

IP-

:
switchxxxxxx(config)# interface gi0/2
switchxxxxxx(config-if)# switchport protected gi0/3

2.28.21

map protocol protocols-group

VLAN.
.

switchport general map protocols-group vlan.
, ,

VLAN.
:
map protocol protocol [encapsulation-value] protocols-group group
no map protocol protocol [encapsulation]
no .
:
protocol

16-
,
, 0x0600 0xFFFF.

encapsulation-value

: Ethernet,
rfc1042, llcOther.

protocols-group
group


1 2147483647.

3.1.0.3 16.05.2013 .

424

-3000
. II

.465255.040


Ethernet.

VLAN.

0x8100
Ethernet.

Ethernet:

ip;

arp;

ipv6;

ipx.

:
switchxxxxxx(config)# vlan database
switchxxxxxx(config-vlan)# map protocol ip protocols-group 213

2.28.22

switchport general map protocols-group vlan

(Ethernet, Portchannel). , ,
( ).
:
switchport general map protocols-group group vlan vlan-id
no switchport general map protocols-group group
no
.

:
group

, map
protocol protocols-group, 1 65535.

vlan-id

VLAN .


(Ethernet, Port-channel).

VLAN:
425

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

MAC-based VLAN ( );

Subnet-based VLAN ( );

Protocol-based VLAN;

PVID.

:
switchxxxxxx(config-if)# switchport general map protocols-group 1
vlan 8

2.28.23

show vlan protocols-groups

.
.

:
show vlan protocols-groups

.
:
switchxxxxxx# show vlan protocols-groups

2.28.24

Encapsulation

Protocol

Group ID

-------------

-------------

--------

Ethernet

0x800 (IP)

Ethernet

0x806 (ARP)

Ethernet

0x86dd (IPv6)

Ethernet

0x8898

map mac macs-group

VLAN. -
- -.

switchport general map macs-group vlan.
, MAC-,
MAC-
VLAN.
:
map mac mac-address {prefix-mask | host} macs-group group
no map mac mac-address {prefix-mask | host}
no MAC-.
3.1.0.3 16.05.2013 .

426

-3000
. II

.465255.040

:
mac-address

- .

prefix-mask

host

group

1 2147483647.


VLAN.
:
switchxxxxxx(config)# vlan database
switchxxxxxx(config-vlan)# map mac 0000.1111.0000 32 macs-group 1
switchxxxxxx(config-vlan)# map mac 0000.0000.2222 host macs-group 2
switchxxxxxx(config-vlan)# exit
switchxxxxxx(config)# interface gi0/1
switchxxxxxx(config-if)# switchport mode general
switchxxxxxx(config-if)# switchport general map macs-group 1 vlan 2
switchxxxxxx(config-if)# switchport general map macs-group 2 vlan 3

2.28.25

switchport general map macs-group vlan

(Ethernet, Portchannel). -.
:
switchport general map macs-group group vlan vlan-id
no switchport general map macs-group group
no .
:
group

1 2147483647.

vlan-id

VLAN .


(Ethernet, Port-channel).

VLAN -

.
VLAN:
427

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

1. MAC-based VLAN ( );
2. Subnet-based VLAN ( );
3. Protocol-based VLAN;
4. PVID.
:
Console (config-if)# switchport general map mac-group 1 vlan 8

2.28.26

show vlan macs-groups

.
-.
:
show vlan macs-groups

.
:
console# show vlan macs-groups
Mac Address

Mask

Group Id

--------------------- --------------------- ---------------------

2.28.27

00:12:34:56:78:90

20

22

00:60:70:4c:73:ff

40

map subnet subnets-group

VLAN. IP-
IP-.
:
map subnet ip-address prefix-mask subnets-group group
no map subnet ip-address prefix-mask
no IP-.
:
ip-address

IP- .

prefix-mask

group

1 2147483647.

3.1.0.3 16.05.2013 .

428

-3000
. II

.465255.040


VLAN.
:
Console (config-vlan)# map subnet 172.16.1.1 24 subnets-group 4

2.28.28

switchport general map subnets-group vlan

(Ethernet, Portchannel).
.
:
switchport general map subnets-group group vlan vlan-id
no switchport general map subnets-group group
no
.
:
group

1 2147483647.

vlan-id

VLAN .


(Ethernet, Port-channel).

VLAN:
1. MAC-based VLAN ( );
2. Subnet-based VLAN ( );
3. Protocol-based VLAN;
4. PVID.
:
Console (config-if)# switchport general map subnets-group 1 vlan 8

2.28.29

show vlan subnets-groups

.
.
:
show vlan subnets-groups
429

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
:
console# show vlan subnets-groups
Ip Subnet Address

Mask

Group Id

----------------- ----------- --------------

2.28.30

1.1.1.1

32

172.16.2.0

24

switchport forbidden vlan

(Ethernet, Portchannel). VLAN


.
:
switchport forbidden vlan {add vlan-list | remove vlan-list}
no switchport forbidden vlan {add vlan-list | remove vlan-list}

.

no

:
add vlan-list

VLAN ID
. VLAN
.

remove vlan-list VLAN ID


. VLAN
.

VLAN.

(Ethernet, Port-channel).
:
Console(config)# interface ethernet fa0/7
Console(config-if)# switchport mode trunk
Console(config-if)# switchport forbidden vlan add 234-256

3.1.0.3 16.05.2013 .

430

-3000
. II

2.28.31

.465255.040

show interfaces switchport


.
:
show interfaces switchport [interface-id]
:
interface-id

: Ethernet Portchannel.


.
:
console# show interfaces switchport gigabitethernet 0/1
Port : gi0/1
Port Mode: General
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 4
Protected: Disabled
Port is member in:
Vlan

Name

Egress rule

Port Membership Type

---- ---------------- -----------

---------------------

Tagged

Static

Untagged

Static

Forbidden VLANS:
Vlan

Name

---- -------------------------------5

Classification rules:
Protocol based VLANs:

431

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Group ID Vlan ID
-------- ------1

Mac based VLANs:


Group ID Vlan ID
-------- ------1

Subnet based VLANs:


Group ID Vlan ID
-------- ------1

2.28.32

show interfaces switchport

.
VLAN .
:
show interfaces switchport { interface-id }
:
: Ethernet
Port-channel.

interface-id

.
:
Console> show interfaces switchport ethernet 1/1
Port 1/1:
VLAN Membership mode: General
PVID: 1 (default)
Ingress Filtering: Enabled
Acceptable Frame Type: All
GVRP status: Enabled
Protected: Enabled, Uplink is 1/9.
Port 1/1 is member in:
VLAN

Name

3.1.0.3 16.05.2013 .

Egress ruleType

432

-3000
. II

.465255.040

----

--------

---------------

default

untaggedSystem

VLAN008

taggedDynamic

11

VLAN0011

taggedStatic

19

IPv6VLAN

untaggedStatic

72

VLAN0072

untaggedStatic

Forbidden VLANS:
VLAN

Name

---- --------73

Out

Classification rules:
Classification type GroupVLAN
-----------------------------Protocol based VLANs 219
Protocol based VLANs 372
Console> show interfaces switchport ethernet 1/2
Port 1/2:
VLAN Membership mode: General
Operating parameters:
PVID: 4095 (discard vlan)
Ingress Filtering: Enabled
Acceptable Frame Type: All
GVRP status: Enabled
Protected: Disabled
Port 1/1 is member in:
VLAN

Name

Egress ruleType

---- -----------91

----------------

IP Telephony

taggedStatic

Protected: Disabled
Port 1/2 is statically configured to:
VLAN

Name

---- ---------

433

Egress rule
-----------

3.1.0.3 16.05.2013 .

-3000
. II
8

VLAN0072

untagged

91

IP Telephony

tagged

.465255.040

Forbidden VLANS:
VLAN

Name

---- --------73

Out

Console> show interfaces switchport ethernet 1/2


Port 1/2:
VLAN Membership mode: Access
Access VLAN: Dynamic
PVID: 9
Ingress Filtering: Enabled
Acceptable Frame Type: All
GVRP status: Enabled
VLAN Membership:
VLAN

Name

Egress rule

---- --------- ----------8

2.28.33

VLAN0072

untagged

ip internal-usage-vlan

(Ethernet, Portchannel). VLAN


.
:
ip internal-usage-vlan vlan-id
no ip internal-usage-vlan

.

no

:
vlan-id

VLAN .


(Ethernet, Port-channel).
.

3.1.0.3 16.05.2013 .

434

-3000
. II

.465255.040


VLAN , IP Ethernet Port-channel.
, VLAN
.
VLAN ,
VLAN.
VLAN ,

VLAN,
:
1) IP-, VLAN IP;
2)
VLAN .
:
Console(config)# interface gigabitethernet 0/3
Console(config-if)# ip internal-usage-vlan 200

2.28.34

show vlan internal usage

.
VLAN,
.
:
show vlan internal usage

.
:
Console# show vlan internal usage

435

VLAN

Usage

IP address

Reserved

--------

--------

----------

--------

1007

Eth 1/21

Active

No

1008

Eth 1/22

Inactive

Yes

1009

Eth 1/23

Active

Yes

3.1.0.3 16.05.2013 .

-3000
. II

2.28.35

.465255.040

switchport access multicast-tv vlan

Use the switchport access multicast-tv vlan interface configuration


(Ethernet, Port-channel) mode command to enable receiving multicast
transmissions from a VLAN that is not the Access port VLAN, while
keeping the L2 segregation with subscribers on different Access port
VLANs.
Syntax:
switchport access multicast-tv vlan vlan-id
no switchport access multicast-tv vlan
Use the no form of this command to disable receiving multicast
transmissions.
Parameters:
vlan-id

Specifies the Multicast TV VLAN ID.

Default configuration
Receiving multicast transmissions is disabled.
Command mode
Interface configuration (Ethernet, Port-channel) mode.
User guidelines
The user cannot transmit multicast transmissions on the multicast TV
VLAN.
A multicast TV VLAN cannot be enabled if a Guest VLAN is enabled
on the interface.
Example:
Console(config)# interface gigabitethernet 0/4
Console(config-if)# switchport access multicast-tv vlan 11

2.28.36

switchport customer multicast-tv vlan

(Ethernet, Portchannel). VLAN,


customer-VLAN,
customer-VLAN.

3.1.0.3 16.05.2013 .

436

-3000
. II

.465255.040

:
switchport customer multicast-tv vlan {add vlan-list | remove vlanlist}
:
add vlan-list

TV

VLAN

remove vlan-list

TV

VLAN


TV
VLAN.

(Ethernet, Port-channel).


TV VLAN.
TV VLAN , Guest
VLAN .
:
Console(config)# interface gigabitethernet 0/1
Console(config-if)# switchport customer multicast-tv vlan add 5-7

2.28.37

show vlan multicast-tv

.

TV VLAN.
:
show vlan multicast-tv vlan vlan-id
:
vlan-id

VLAN.

437

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
Console # show vlan multicast-tv vlan 1000
Source ports

Receiver Ports

-------------

----------------------

1/8, 1/9

2/1-18, 3/1-18, 4/1-18

49

2.29
2.29.1

Source ports

,
VLAN.

Receiver ports

,
VLAN.

IGMP Snooping
ip igmp snooping ( )

. IGMP
Snooping.
:
ip igmp snooping
no ip igmp snooping
no IGMP Snooping.

IGMP Snooping .

.
:
Console(config)# ip igmp snooping

3.1.0.3 16.05.2013 .

438

-3000
. II

2.29.2

.465255.040

ip igmp snooping vlan

. IGMP
Snooping VLAN.
:
ip igmp snooping vlan vlan-id
no ip igmp snooping vlan vlan-id
no IGMP Snooping
VLAN.
:
vlan-id

VLAN.


IGMP Snooping .

.

IGMP Snooping
VLAN.
IGMP Snooping: IGMPv1,
IGMPv2 IGMPv3.
IGMP Snooping
bridge multicast filtering.
(VLAN)
bridge multicast mode ,
FDB IGMP, .
:
console(config)# ip igmp snooping vlan 2

439

3.1.0.3 16.05.2013 .

-3000
. II

2.29.3

.465255.040

ip igmp snooping vlan mrouter

,
.
:
ip igmp snooping vlan vlan-id mrouter learn pim-dvmrp
no ip igmp snooping vlan vlan-id mrouter learn pim-dvmrp
no .
:
vlan vlan-id

VLAN.


pim-dvmrp.

.

:

, ;

PIM/PIMv2, ;

DVMRP, ;

MRDISC, ;

MOSPF, .

VLAN.
:
switchxxxxxx(config)# ip igmp snooping vlan 1 mrouter learn pim-dvmrp

3.1.0.3 16.05.2013 .

440

-3000
. II

2.29.4

.465255.040

ip igmp snooping vlan mrouter interface

. ,
.
:
ip igmp snooping vlan vlan-id mrouter interface interface-list
no ip igmp snooping vlan vlan-id mrouter interface interface-list
no .
:
vlan-id

VLAN.

interface-list

.
: Ethernet Portchannel.


.

.

,

, IGMP ( ),
, .
VLAN.
:
switchxxxxxx(config)# ip igmp snooping vlan 1 mrouter interface gi0/1

2.29.5

ip igmp snooping vlan forbidden mrouter

.

, .
:
ip igmp snooping vlan vlan-id forbidden mrouter interface
interface-list
no ip igmp snooping vlan vlan-id forbidden mrouter interface
interface-list
no .
441

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
vlan-id

VLAN.

interface-list

. :
Ethernet Port-channel.


.

.

,
,
,
.
VLAN.
:
switchxxxxxx(config)# ip igmp snooping vlan 1 forbidden mrouter interface gi0/1

2.29.6

ip igmp snooping vlan static

IP-
.
:
ip igmp snooping vlan vlan-id static ip-address [interface interfacelist]
no ip igmp snooping vlan vlan-id static ip-address [interface
interface-list]
no ,
.
:
vlan-id

VLAN.

ip-address

IP- IGMP.

interface-list

. :
Ethernet Port-channel.

3.1.0.3 16.05.2013 .

442

-3000
. II

.465255.040


.

.


VLAN.
VLAN.

.
no
port-list .
:
switchxxxxxx(config)# ip igmp snooping vlan 1 static 239.2.2.2 interface
gi0/1

2.29.7

ip igmp snooping vlan multicast-tv

.
IP-, TV VLAN.
:
ip igmp snooping vlan vlan-id multicast-tv ip-multicast-address
[count number]
no ip igmp snooping vlan vlan-id multicast-tv ip-multicast-address
[count number]
no IP-.
:
vlan-id

VLAN.

number

IP-
1 256. ,
1.


.

.
443

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040



TV VLAN.
access,
VLAN, TV VLAN.
IGMP, access,
TV VLAN,
IP-, TV VLAN.
256 VLAN.
:
switchxxxxxx(config)# ip igmp snooping vlan 1 multicast-tv 239.2.2.2
count 3

2.29.8

ip igmp snooping map cpe vlan

. CPE
VLAN TV VLAN.
:
ip igmp snooping map cpe vlan vlan-id multicast-tv vlan vlan-id
no ip igmp snooping map cpe vlan vlan-id
no CPE VLAN.
:
cpe vlan vlan- CPE VLAN.
id
multicast-tv
vlan vlan-id

TV VLAN.


.

.

IGMP CPE VLAN
customer CPE VLAN
TV VLAN, IGMP
TV VLAN.
3.1.0.3 16.05.2013 .

444

-3000
. II

.465255.040

:
Console(config)# ip igmp snooping map cpe vlan 2 multicast-tv vlan 31

2.29.9

ip igmp robustness

(VLAN).
IGMP.
:
ip igmp robustness count
no ip igmp robustness

.

no

:
count

,
IGMP, 1 7.


2.

(VLAN).

VLAN.
:
console(config)# interface vlan 1
console(config-if)# ip igmp robustness 3

2.29.10

ip igmp query-interval

(VLAN).
IGMP querier.
:
ip igmp query-interval seconds
no ip igmp query-interval

.

445

no

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
seconds

IGMP
30 18000 .


125 .

(VLAN).

VLAN.
:
console(config)# interface vlan 1
console(config-if)# ip igmp query-interval 60

2.29.11

ip igmp query-max-response-time

(VLAN).
IGMP querier.
:
ip igmp query-max-response-time seconds
no ip igmp query-max-response-time

.

no

:
seconds


IGMP 5 20 .


10 .

(VLAN).

VLAN.
:
console(config)# interface vlan 1

3.1.0.3 16.05.2013 .

446

-3000
. II

.465255.040

console(config-if)# ip igmp query-max-response-time 15

2.29.12

ip igmp last-member-query-interval

(VLAN).
,
Group-Specific Queries .
:
ip igmp last-member-query-interval milliseconds
no ip igmp last-member-query-interval

.

no

:
milliseconds

100
25500 .


1000 .

(VLAN).

VLAN.
:
console(config)# interface vlan 1
console(config-if)# ip igmp last-member-query-interval 3

2.29.13

ip igmp snooping vlan immediate-leave

.

Leave ( Immediate-Leave) VLAN.
:
ip igmp snooping vlan vlan-id immediate-leave
no ip igmp snooping vlan vlan-id immediate-leave
no Immediate-Leave.
:
vlan-id
447

VLAN 1 4094.
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040



Leave ( Immediate-Leave) .

.

VLAN.
:
console(config)# interface vlan 1
console(config-if)# ip igmp snooping vlan 1 immediate-leave

2.29.14

show ip igmp snooping mrouter

.
,
, VLAN.
:
show ip igmp snooping mrouter [interface vlan-id]
:
VLAN.

interface vlan-id

.
:
Console# show ip igmp snooping mrouter interface 1000

2.29.15

VLAN

Static

Dynamic

Forbidden

----

-------

--------

-----------

1000

gi0/1

gi0/2

gi0/3-gi0/4

show ip igmp snooping interface

.
IGMP Snooping VLAN.
:
show ip igmp snooping interface vlan-id
3.1.0.3 16.05.2013 .

448

-3000
. II

.465255.040

:
vlan-id

VLAN.


.
:
Console # show ip igmp snooping interface 1000
IGMP Snooping is globally enabled
IGMP Snooping admin: Enabled
IGMP Snooping oper: Enabled
Routers IGMP version: 3
Groups that are in IGMP version 2 compatibility mode:
231.2.2.3, 231.2.2.3
Groups that are in IGMP version 1 compatibility mode:
IGMP snooping querier admin: Enabled
IGMP snooping querier oper: Enabled
IGMP snooping querier address admin:
IGMP snooping querier address oper: 172.16.1.1
IGMP snooping querier version admin: 3
IGMP snooping robustness: admin 2 oper 2
IGMP snooping query interval: admin 125 sec oper 125 sec
IGMP snooping query maximum response: admin 10 sec oper 10 sec
IGMP snooping last member query counter: admin 2 oper 2
IGMP snooping last member query interval: admin 1000 msec oper 500
msec
IGMP snooping last immediate leave: enable
Automatic learning of multicast router ports is enabled

2.29.16

show ip igmp snooping groups

.
IGMP Snooping.

:
show ip igmp snooping groups [vlan vlan-id] [address ip-multicastaddress] [source ip-address]

449

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
VLAN.

vlan vlan-id

address
ip-multicast- IP- .
address
source ip-address
IP- .

.


( )
show bridge multicast address-table.
Include ,
IGMP Snooping. Exclude
,
. Reporters That Are Forbidden
Statically ,
,
.
Exclude
. ,
Exclude
, ,
Exclude, Include.
:
Console# show ip igmp snooping groups
Vlan

Group

Source

Include

Exclude

Compatibility

Address

Address

Ports

Ports

Mode

----

--------

---------

--------

--------

-----------

1
1

231.2.2.3
231.2.2.3

172.16.1.1
172.16.1.2

gi0/1
gi0/2

19

231.2.2.8

172.16.1.1

gi0/3

gi0/2

19

231.2.2.8

172.16.1.2

gi0/3-4

gi0/2

19

231.2.2.8

172.16.1.3

2
2

IGMP Reporters that are forbidden statically:


Vlan

Group
Address

Source
Address

Ports

---1

------231.2.2.3

------172.16.1.1

------gi0/3

19

231.2.2.8

172.16.1.1

gi0/2

3.1.0.3 16.05.2013 .

450

-3000
. II

2.29.17

.465255.040

show ip igmp snooping multicast-tv

. IP-
TV VLAN.
:
show ip igmp snooping multicast-tv [vlan vlan-id]
:
vlan vlan-id

VLAN.


.
:
Console# show ip igmp snooping multicast-tv
VLAN IP Address
---- ----------1000 239.255.0.0
1000 239.255.0.1
1000 239.255.0.2
1000 239.255.0.3
1000 239.255.0.4
1000 239.255.0.5
1000 239.255.0.6
1000 239.255.0.7

2.29.18

show ip igmp snooping cpe vlans

.
CPE VLAN TV
VLAN.
:
show ip igmp snooping cpe vlans [vlan vlan-id]
:
vlan vlan-id

CPE VLAN.

451

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
Console# show ip igmp snooping cpe vlans
CPE VLAN Multicast-TV VLAN
-------- ------------------

2.30
2.30.1

1118

1119

IPv6 MLD Snooping


ipv6 mld snooping ( )

. IPv6 MLD
Snooping.
:
ipv6 mld snooping
no ipv6 mld snooping
no IPv6 MLD Snooping.

IPv6 MLD Snooping .

.
:
Console(config)# ip ipv6 mld snooping

2.30.2

ipv6 mld snooping vlan

. MLD
Snooping VLAN.
:
ipv6 mld snooping vlan vlan-id
no ipv6 mld snooping vlan vlan-id
no MLD Snooping
VLAN.

3.1.0.3 16.05.2013 .

452

-3000
. II

.465255.040

:
vlan-id

VLAN.


MLD Snooping .

.

MLD Snooping VLAN.
MLD Snooping: MLDv1
MLD v2.
MLD Snooping
bridge multicast filtering.
(VLAN)
bridge multicast ipv6 mode ,
FDB
MLD, .
:
console(config)# ipv6 mld snooping vlan 2

2.30.3

ipv6 mld robustness

(VLAN).
MLD.
:
ipv6 mld robustness count
no ipv6 mld robustness

.

no

:
count

MLD
1 7.


2.

453

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


(VLAN).

VLAN.
:
console(config)# interface vlan 1
console(config-if)# ipv6 mld robustness 3

2.30.4

ipv6 mld snooping vlan mrouter

,
.
:
ipv6 mld snooping vlan vlan-id mrouter learn pim-dvmrp
no ipv6 mld snooping vlan vlan-id mrouter learn pim-dvmrp
no .
:
vlan-id

VLAN.

pim-dvmrp

, PIM,
DVMRP MLD.


pimdvmrp.

.


bridge multicast forward-all.
VLAN.
:
switchxxxxxx(config)# ipv6 mld snooping vlan 1 mrouter learn pim-dvmrp

3.1.0.3 16.05.2013 .

454

-3000
. II

2.30.5

.465255.040

ipv6 mld snooping vlan mrouter

. ,
.
:
ipv6 mld snooping vlan vlan-id mrouter interface interface-list
no ipv6 mld snooping vlan vlan-id mrouter interface interface-list
no .
:
vlan-id

VLAN.

interface-list

. :
Ethernet Port-channel.


.

.


bridge multicast forward-all,

.
,
, MLD ( ),
, .
VLAN
, .
:
switchxxxxxx(config)interface gi0/1
switchxxxxxx(config-if)# ipv6 mld snooping vlan 1 mrouter interface
gi0/1 - 10

2.30.6

ipv6 mld snooping vlan forbidden mrouter


.
455

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
ipv6 mld snooping vlan vlan-id forbidden mrouter interface
interface-list
no ipv6 mld snooping vlan vlan-id forbidden mrouter interface
interface-list
no .
:
vlan-id

VLAN.

interface-list

. :
Ethernet Port-channel.


.

.

,
,
.
bridge multicast forbidden forward-all

.
VLAN.
:
switchxxxxxx(config)# ipv6 mld snooping vlan 1 forbidden mrouter
interface gi1/1/1

2.30.7

ipv6 mld snooping vlan static

IPv6-
.
:
ipv6 mld snooping vlan vlan-id static ipv6-address interface
[interface-list]
no ipv6 mld snooping vlan vlan-id static ipv6-address interface
[interface-list]
3.1.0.3 16.05.2013 .

456

-3000
. II

.465255.040

no ,
.
:
vlan-id

VLAN.

ipv6-address

IP- .

interface-list

. :
Ethernet Port-channel.


.

.


VLAN.
VLAN.

.

interface-list .

no

:
switchxxxxxx(config)# ipv6 mld snooping vlan 1 static 239.2.2.2 gi1/1/1

2.30.8

ipv6 mld query-interval

(VLAN).
MLD querier.
:
ipv6 mld query-interval seconds
ipv6 mld query-interval

.

no

:
seconds

457

MLD
30 18000 .
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


125 .

(VLAN).

VLAN.
:
console(config)# interface vlan 1
console(config-if)# ipv6 mld query-interval 3000

2.30.9

ipv6 mld query-max-response-time

(VLAN).
MLD querier.
:
ipv6 mld query-max-response-time seconds
no ipv6 mld query-max-response-time

.

no

:
seconds


MLD 5 20 .


10 .

(VLAN).

VLAN.
:
console(config)# interface vlan 1
console(config-if)# ipv6 mld query-max-response-time 5

3.1.0.3 16.05.2013 .

458

-3000
. II

2.30.10

.465255.040

ipv6 mld last-member-query-interval

(VLAN).
, GroupSpecific Queries .
:
ipv6 mld last-member-query-interval milliseconds
no ipv6 mld last-member-query-interval

.

no

:
milliseconds

100
64512 .


1000 .

(VLAN).

VLAN.
:
console(config)# interface vlan 1
console(config-if)# ipv6 mld last-member-query-interval 2000

2.30.11

ipv6 mld snooping vlan immediate-leave

.

Leave ( Immediate-Leave) VLAN.
:
ipv6 mld snooping vlan vlan-id immediate-leave
no ipv6 mld snooping vlan vlan-id immediate-leave
no Immediate-Leave.
:
vlan-id

459

VLAN 1 4094.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040



Leave ( Immediate-Leave)
.

.

VLAN.
:
console(config)# ipv6 mld snooping vlan 1 immediate-leave

2.30.12

show ipv6 mld snooping mrouter

.
,
,
VLAN.
:
show ipv6 mld snooping mrouter [interface vlan-id]
:
VLAN.

interface vlan-id

.
:
Console# show ipv6 mld snooping mrouter interface 1000

2.30.13

VLAN

Static

Dynamic

Forbidden

----

------

-------

---------

1000

gi0/1

gi0/2

gi0/3-4

show ipv6 mld snooping interface

.
MLD Snooping VLAN.

:
show ipv6 mld snooping interface vlan-id

3.1.0.3 16.05.2013 .

460

-3000
. II

.465255.040

:
vlan-id

VLAN.


.
:
Console# show ipv6 mld snooping interface 1000
MLD Snooping is globally enabled
MLD Snooping admin: Enabled
MLD snooping oper mode: Enabled
Routers MLD version: 2
Groups that are in MLD version 1 compatibility mode:
FF12::3, FF12::8
MLD snooping robustness:admin 2 oper 2
MLD snooping query interval: admin 125 sec oper 125 sec
MLD snooping query maximum response: admin 10 sec oper 10 sec
MLD snooping last member query counter: admin 2 oper 2
MLD snooping last member query interval: admin 1000 msec oper 600 msec
MLD snooping last immediate leave: enable
Automatic learning of multicast router ports is enabled

2.30.14

show ipv6 mld snooping groups

.
MLD Snooping.
:
show ipv6 mld snooping groups [vlan vlan-id] [address ipv6multicast-address] [source ipv6-address]
:
vlan vlan-id

VLAN.

address ipv6-multicast- IPv6- .


address
source ipv6-address

IPv6- .

461

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040



( ) show bridge
multicast address-table.
Include ,
MLD Snooping. Exclude
,
.
Reporters That Are Forbidden Statically ,
,

.
Exclude
. ,
Exclude
, ,
Exclude, Include.
:
Console# show ipv6 mld snooping groups
Vlan Group
Address

Source

Include

Address

Ports

Exclude

Compatibility

Ports

Mode

---- -------- -----------------------

--------

---------

------------

FF12::3

FE80::201:C9FF:FE40:8001

gi0/1

FF12::3

FE80::201:C9FF:FE40:8002

gi0/2

19

FF12::8

FE80::201:C9FF:FE40:8003

gi0/3

19

FF12::8

FE80::201:C9FF:FE40:8004

gi0/1

gi0/2

19

FF12::8

FE80::201:C9FF:FE40:8005

gi0/1

gi0/2

MLD Reporters that are forbidden statically:


Vlan Group

Source address

Ports

----------------------

-------

Address
---- -------

2.31
2.31.1

FF12::3

FE80::201:C9FF:FE40:8001

gi0/2

19

FF12::8

FE80::201:C9FF:FE40:8001

gi0/2

LACP
lacp system-priority

.
.
3.1.0.3 16.05.2013 .

462

-3000
. II

.465255.040

:
lacp system-priority value
no lacp system-priority

.

no

:
1
65535.

value

.

1.
:
Console(config)# lacp system-priority 120

2.31.2

lacp port-priority

(Ethernet).

:
lacp port-priority value
no lacp port-priority

.

no

:
value

1
65535.


1.

(Ethernet).

463

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
console(config)# interface gi0/4
console(config-if)# lacp port-priority 247

2.31.3

lacp timeout

(Ethernet).
- LACP .
:
lacp timeout {long | short}
no lacp timeout

.

no

:
long

-.

short

-.


long.

(Ethernet).
:
Console(config)# interface gigabitethernet 0/6
Console(config-if)# lacp timeout long

2.31.4

show lacp

.
LACP Ethernet
Ethernet.
:
show lacp interface-id [ parameters | statistics | protocol-state ]
:
parameters

statistics

protocol-state

3.1.0.3 16.05.2013 .

464

-3000
. II

.465255.040


.
:
Console> show lacp ethernet gi0/1
Port gi0/1 LACP parameters:
Actor
system priority:

system mac addr:

00:00:12:34:56:78

port Admin key:

30

port Oper key:

30

port Oper number:

21

port Admin priority:

port Oper priority:

port Admin timeout:

LONG

port Oper timeout:

LONG

LACP Activity:

ACTIVE

Aggregation:

AGGREGATABLE

synchronization:

FALSE

collecting:

FALSE

distributing:

FALSE

expired:

FALSE

system priority:

system mac addr:

00:00:00:00:00:00

port Admin key:

port Oper key:

port Oper number:

port Admin priority:

port Oper priority:

port Admin timeout:

LONG

port Oper timeout:

LONG

LACP Activity:

AGGREGATABLE

Aggregation:

FALSE

synchronization:

FALSE

collecting:

FALSE

distributing:

FALSE

Partner

expired:
Port gi0/1 LACP Statistics:gi0/1
LACP PDUs sent:

LACP PDUs received:

Port gi0/1 LACP Protocol State:gi0/1

465

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

LACP State Machines:


Receive FSM:

Port Disabled State

Mux FSM:

Detached State

Control Variables:
BEGIN:

FALSE

LACP_Enabled:

TRUE

Ready_N:

FALSE

Selected:

UNSELECTED

Port_moved:

FALSE

NNT:

FALSE

Port_enabled:

FALSE

Timer counters:

2.31.5

periodic tx timer:

current while timer:

wait while timer:

show lacp port-channel

.
LACP (Port-channel).
:
show lacp port-channel [ port-channel-number ]
:
port-channel-number

(Port-channel).


.
:
Console> show lacp port-channel 1
Port-Channel 1:Port Type 1000 Ethernet
Actor
System

Priority:

000285:0E1C00

MAC Address:

29

Admin Key:

29

Oper Key:
Partner

3.1.0.3 16.05.2013 .

System

Priority:

00:00:00:00:00:00

466

-3000
. II
MAC Address:

.465255.040
14

Oper Key:

2.32
2.32.1

GVRP
gvrp enable ( )

.
GVRP .
:
gvrp enable
no gvrp enable
no GVRP
.

GVRP .

.
:
Console(config)# gvrp enable

2.32.2

gvrp enable ( )

(Ethernet, Portchannel). GVRP .


:
gvrp enable
no gvrp enable
no GVRP
.

GVRP .

(Ethernet, Port-channel).

467

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


access VLAN,
VLAN.
VLAN
, VLAN . PVID
VID VLAN .
:
Console(config)# interface gigabitethernet 0/4
Console(config-if)# gvrp enable

2.32.3

garp timer

(Ethernet, Portchannel). GVRP.


:
garp timer {join | leave | leaveall} timer-value
no garp timer
no
.
:
join | leave |
leaveall

. :

join

GARP Join,
join,

GARP.

leave

GARP Leave,
,
GARP- join-
leave-,
GARP.

leaveall

GARP LeaveAll,
LeaveAll,

timer-value

3.1.0.3 16.05.2013 .


2147483640 10.

10

468

-3000
. II

.465255.040

GARP Join 200 ;

GARP Leave 600 ;

GARP LeaveAll 10000 .


(Ethernet, Port-channel).


:

GARP Leave
GARP Join;

GARP LeaveAll ,
GARP Leave.


L2, GARP.
:
Console(config)# interface gigabitethernet 0/4
Console(config-if)# garp timer leave 900

2.32.4

gvrp vlan-creation-forbid

(Ethernet, Portchannel).
VLAN.
:
gvrp vlan-creation-forbid
no gvrp vlan-creation-forbid
no
VLAN.

VLAN
.

(Ethernet, Port-channel).
469

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
Console(config)# interface gigabitethernet 0/3
Console(config-if)# gvrp vlan-creation-forbid

2.32.5

gvrp registration-forbid

(Ethernet, Portchannel).
VLAN VLAN
.
:
gvrp registration-forbid
no gvrp registration-forbid
no
VLAN .

VLAN
.

(Ethernet, Port-channel).
:
Console(config)# interface gigabitethernet 0/2
Console(config-if)# gvrp registration-forbid

2.32.6

clear gvrp statistics

.
GVRP .
:
clear gvrp statistics [interface-id]
:
interface-id

: Ethernet Port-channel.


.
:
Console# clear gvrp statistics fastethernet 0/5

3.1.0.3 16.05.2013 .

470

-3000
. II

2.32.7

.465255.040

show gvrp configuration

.
GVRP, ,
VLAN,
GVRP.
:
show gvrp configuration [interface-id]
:
interface-id

: Ethernet Port-channel.


.
:
console# show gvrp configuration
GVRP Feature is currently Enabled on the device.
Maximum VLANs: 4094
Port(s)

GVRP-Status Registration Dynamic VLAN


Creation
-------- ----------- ------------ -----------gi0/1
Enabled
Forbidden Disabled
gi0/2
Enabled
Normal
Enabled

2.32.8

Timers(milliseconds)
Join Leave Leave All
---- ----- -------200 600
10000
400 1200 20000

show gvrp statistics

.
GVRP
.
:
show gvrp statistics [interface-id]
:
interface-id

: Ethernet Port-channel.

471

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
Console# show gvrp statistics
GVRP statistics:
----------------------------Legend:
rJE :
Join Empty Received
rEmp:
Empty Received
rLE :
Leave Emty Received
sJE :
Join Empty Sent
sEmp:
Empty Sent
sLE :
Leave Empty Sent
Port rJE
------- -----1/1
0
1/2
0
1/3
0
1/4
0
1/5
0
1/6
0
1/7
0
1/8
0

2.32.9

rJIn
------0
0
0
0
0
0
0
0

rEmp
-----0
0
0
0
0
0
0
0

rLIn
-------0
0
0
0
0
0
0
0

rJIn:
rLIn:
rLA :
sJIn:
sLIn:
sLA :
rLE
----0
0
0
0
0
0
0
0

Join In Received
Leave In Received
Leave All Received
Join In Sent
Leave In Sent
Leave All Sent

rLA sJE
------ ----0
0
0
0
0
0
0
0
0
0
0
0
0
0
0
0

sJIn
-----0
0
0
0
0
0
0
0

sEmp
------0
0
0
0
0
0
0
0

sLIn
-----0
0
0
0
0
0
0
0

sLE
----0
0
0
0
0
0
0
0

sLA
-----0
0
0
0
0
0
0
0

show gvrp error-statistics

.
GVRP
.
:
show gvrp error-statistics [interface-id]
:
interface-id

. :
Ethernet Port-channel.


.
:
console# show gvrp error-statistics
GVRP Error Statistics:
---------------------Legend:
INVPROT : Invalid Protocol Id
INVATYP : Invalid Attribute Type INVALEN : Invalid Attribute Length

3.1.0.3 16.05.2013 .

472

-3000
. II

.465255.040

INVAVAL : Invalid Attribute Value INVEVENT: Invalid Event


Port

INVPROT INVATYP INVAVAL INVALEN INVEVENT

-------- ------- ------- ------- ------- --------

2.33
2.33.1

gi0/1

gi0/2

gi0/3

gi0/4

VLAN
voice vlan state

.
VLAN VLAN.
:
voice vlan state {oui-enabled | disabled]
no voice vlan state

.

no

:
oui-enabled

VLAN OUI.

disabled

VLAN.


VLAN .

.
:
switchxxxxxx(config)# voice vlan state oui-enabled
Disable the voice VLAN before changing the voice VLAN trigger.
switchxxxxxx(config)# voice vlan state disabled
switchxxxxxx(config)# voice vlan state oui-enabled
<CR>

2.33.2

voice vlan id

.
VLAN.
473

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
voice vlan id vlan-id
no voice vlan id
no VLAN
.
:
VLAN.

vlan-id


VLAN .

.

VLAN ,
VLAN. VLAN ,
.
:
Console(config)# voice vlan id 35

2.33.3

voice vlan oui-table

.

(OUI).
:
voice vlan oui-table {add mac-address-prefix | remove mac-addressprefix} [text]
no voice vlan oui-table

.

3.1.0.3 16.05.2013 .

no

474

-3000
. II

.465255.040

:
add
prefix

mac-address- -
VLAN OUI
3 .
-
VLAN OUI
1 32 .

text

remove mac-address- -
prefix
VLAN OUI
3 .

voice VLAN OUI
50.
50 voice VLAN OUI

OUI
00:E0:BB

3COM

00:03:6B

Cisco

00:E0:75

Veritel

00:D0:1E

Pingtel

00:01:E3

Siemens

00:60:B9

NEC/Philips

00:0F:E2

Huawei-3COM


.

VoIP/
OUI - .
- ID
(Organizationally Unique Identifiers OUI),
ID .
OUI IEEE.
IP-,
, ,
OUI ( ,
) .
:
Console(config)# voice vlan oui-table add 00:AA:BB experimental

475

3.1.0.3 16.05.2013 .

-3000
. II

2.33.4

.465255.040

voice vlan cos mode

(Ethernet, Portchannel). CoS VLAN.


:
voice vlan cos mode {src | all}
no voice vlan cos mode

.

no

:
src

QoS
IP-.

all

QoS ,
VLAN.


(Ethernet, Port-channel).
2.33.5

voice vlan cos

. CoS
VLAN.
:
voice vlan cos cos [remark]
no voice vlan cos

.

no

:
cos

CoS VLAN 0 7.

remark

2.


CoS 6,
.

.

3.1.0.3 16.05.2013 .

476

-3000
. II

.465255.040

:
Console(config)# voice vlan cos 7

2.33.6

voice vlan aging-timeout

.
VLAN.
:
voice vlan aging-timeout minutes
no voice vlan aging-timeout

.

no

:
minutes

VLAN
1 43200 .


1440 .

.
:
Console(config)# voice vlan aging-timeout 720

2.33.7

voice vlan enable

(Ethernet, Portchannel).

VLAN .
:
voice vlan enable
no voice vlan enable
no
VLAN .


VLAN .

477

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


(Ethernet, Port-channel).

VLAN, -
,

(
voice vlan oui-table), .
VLAN
VLAN
VLAN.
VLAN .
-
- -,
voice vlan aging-timeout,
VLAN.
:
Console(config)# interface gigabitethernet 0/2
Console(config-if)# voice vlan enable

2.33.8

voice vlan secure

(Ethernet, Portchannel). VLAN.


:
voice vlan secure
no voice vlan secure
no .

.

(Ethernet, Port-channel).

,
VLAN MAC-
, (
voice vlan oui-table),
.
3.1.0.3 16.05.2013 .

478

-3000
. II

.465255.040

,
VLAN .
:
Console(config)# interface gigabitethernet 0/4
Console(config-if)# voice vlan secure

2.33.9

show voice vlan

.
VLAN
.
:
show voice vlan [interface-id]
:
interface-id

: Ethernet Port-channel.


.
:
Console# show voice vlan
Aging timeout: 1440 minutes
OUI table
MAC Address - Prefix Description
-------------------- --------------------------------------00:E0:BB

3COM

00:03:6B

Cisco

00:E0:75

Veritel

00:D0:1E

Pingtel

00:01:E3

Siemens

00:60:B9

NEC/Philips

00:0F:E2

Huawei-3COM

Voice VLAN ID: 8


CoS: 6
Remark: Yes

479

3.1.0.3 16.05.2013 .

-3000
. II

2.34
2.34.1

.465255.040

Interface

Enabled

Secure

Activated

cos mode

---------

-------

------

----------

---------

1/1

Yes

Yes

Yes

src

1/2

Yes

Yes

No

src

1/3

Yes

Yes

Yes

src

1/4

Yes

Yes

Yes

src

1/5

No

No

src

1/6

No

No

src

1/7

No

No

src

1/8

No

No

src

1/9

No

No

src


loopback-detection enable ( )

.
(LBD Loopback
Detection) .
:
loopback-detection enable
no loopback-detection enable
no
.

.

.


.


loopback-detection enable.
:
Console(config)# loopback-detection enable

3.1.0.3 16.05.2013 .

480

-3000
. II

2.34.2

.465255.040

loopback-detection enable ( )

(Ethernet).
(LBD
Loopback Detection) .
:
loopback-detection enable
no loopback-detection enable
no
.

.

(Ethernet).


.


loopback-detection enable.
LBD- ,
Spanning Tree forwarding.
STP MSTP,

STP.
VLAN PVID; LBD .

; LBD- .
LBD-
ACL. LBD-
(deny rule) deny all rule.
:
Console(config)# interface gigabitethernet 0/4
Console(config-if)# loopback-detection enable

481

3.1.0.3 16.05.2013 .

-3000
. II

2.34.3

.465255.040

loopback-detection mode

.
.
:
loopback-detection mode {src-mac-addr | base-mac-addr}
no loopback-detection mode

.

no

:
src-mac-addr

- LBD-
- .

base-macaddr

- LBD-
- .


.
:
Console(config)# loopback-detection mode src-mac-addr

2.34.4

loopback-detection interval

.
LBD-.
:
loopback-detection interval seconds
no loopback-detection interval

.

no

:
seconds


30 60 .

LBD-


30 .

.
3.1.0.3 16.05.2013 .

482

-3000
. II

.465255.040


BPDU-
Spanning Tree.
:
Console(config)# loopback-detection interval 45

2.34.5

show loopback-detection

.
.
:
show loopback-detection [interface-id]
:
interface-id

. :
Ethernet Port-channel.


.
:
Console# show loopback-detection
Loopback detection: Enabled
Mode: src-mac-addr
LBD packets interval: 30 Seconds

2.35
2.35.1

Interface

Loopback Detection

---------

----------------

1/1

Enabled

1/2

Enabled

1/3

Disabled

1/4

Disabled

1/5

Disabled

DHCP Snooping ARP


ip dhcp snooping

. DHCP
Snooping .
:
ip dhcp snooping
483

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

no ip dhcp snooping

.

no


DHCP Snooping .

.

DHCP Snooping
, DHCP Snooping .
DHCP Snooping VLAN , DHCP
Snooping VLAN ip dhcp
snooping vlan.
:
Console(config)# ip dhcp snooping

2.35.2

ip dhcp snooping vlan

. DHCP
Snooping VLAN.
:
ip dhcp snooping vlan vlan-id
no ip dhcp snooping vlan-id
no DHCP Snooping VLAN.
:
vlan-id

VLAN.


DHCP Snooping VLAN .

.

DHCP Snooping
DHCP Snooping VLAN.
3.1.0.3 16.05.2013 .

484

-3000
. II

.465255.040

:
Console(config)# ip dhcp snooping vlan 21

2.35.3

ip dhcp snooping trust

(Ethernet, Portchannel). DHCP Snooping.


:
ip dhcp snooping trust
no ip dhcp snooping trust

.

no


.

(Ethernet, Port-channel).

,
DHCP-
.
, DHCP, .
:
Console(config)# interface gigabitethernet 0/4
Console(config-if)# ip dhcp snooping trust

2.35.4

ip dhcp snooping information option allowed-untrusted

.
DHCP- option-82
.
:
ip dhcp snooping information option allowed-untrusted
no ip dhcp snooping information option allowed-untrusted
no DHCP-
option-82 .

485

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


DHCP- option-82
.

.
:
Console(config)# ip dhcp snooping information option allowed-untrusted

2.35.5

ip dhcp snooping verify

. DHCP-,
, MAC- .
:
ip dhcp snooping verify
no ip dhcp snooping verify
no -
DHCP-, .

, -
DHCP-, ,
MAC- .

.
:
Console(config)# ip dhcp snooping verify

2.35.6

ip dhcp snooping database

.
(binding) DHCP Snooping .
:
ip dhcp snooping database
no ip dhcp snooping database
no DHCP
Snooping.
3.1.0.3 16.05.2013 .

486

-3000
. II

.465255.040


DHCP Snooping .

.

DHCP Snooping flash-.

SNTP.
,

SNTP.
:
Console(config)# ip dhcp snooping database

2.35.7

ip dhcp snooping database update-freq

.
(binding) DHCP
Snooping.
:
ip dhcp snooping database update-freq seconds
no ip dhcp snooping database update-freq

.

no

:
seconds


86400 .

600


1200 .

.
:
Console(config)# ip dhcp snooping database update-freq 3600

487

3.1.0.3 16.05.2013 .

-3000
. II

2.35.8

.465255.040

ip dhcp snooping binding

.
(binding) DHCP Snooping
.
:
ip dhcp snooping binding mac-address vlan-id ip-address interface-id
expiry {seconds | infinite}
no ip dhcp snooping binding mac-address vlan-id
no .
:
mac-address -.
vlan-id

VLAN.

ip-address

IP-.

interface-id

. :
Ethernet Port-channel.

expiry
seconds

,
,
10 4294967295 .

expiry
infinite


.

.


DHCP Snooping.
,
IP- 0.0.0.0.
:
Console# ip dhcp snooping binding 0060.704C.73FF 23 176.10.1.1 ethernet
1/5 expiry 900

3.1.0.3 16.05.2013 .

488

-3000
. II

2.35.9

.465255.040

clear ip dhcp snooping database

.
DHCP Snooping.
:
clear ip dhcp snooping database

.
:
Console# clear ip dhcp snooping database

2.35.10

show ip dhcp snooping

.
DHCP Snooping
.
:
show ip dhcp snooping [interface-id]
:
interface-id

. :
Ethernet Port-channel.


.
:
console# show ip dhcp snooping
DHCP snooping is Enabled
DHCP snooping is configured on following VLANs: 21
DHCP snooping database is Enabled
Relay agent Information option 82 is Enabled
Option 82 on untrusted port is allowed
Verification of hwaddr field is Enabled
DHCP snooping file update frequency is configured to: 6666 seconds
Interface

Trusted

----------- ------------

489

gi0/1

Yes

gi0/2

Yes

3.1.0.3 16.05.2013 .

-3000
. II

2.35.11

.465255.040

show ip dhcp snooping binding

.
DHCP Snooping
.
:
show ip dhcp snooping binding [mac-address mac-address] [ipaddress ip-address] [vlan vlan-id] [interface-id]
:
mac-address -.
mac-address
ip-address
ip-address

IP-.

vlan vlan-id

VLAN.

interface-id

. :
Ethernet Port-channel.


.
:
Console# show ip dhcp snooping binding
Update frequency: 1200
Total number of binding: 2
Mac Address

IP Address

Lease

Type

VLAN

Interface

(sec)
-------------

-----------

------ -------- ------

---------

0060.704C.73F

10.1.8.1

7983

snooping

1/21

10.1.8.1

92332

snooping

1/22

0060.704C.7BC

(s)

2.35.12

ip source-guard

(Ethernet, Portchannel). IP Source Guard .

3.1.0.3 16.05.2013 .

490

-3000
. II

.465255.040

:
ip source-guard
no ip source-guard
no IP Source Guard
.

IP Source Guard .

(Ethernet, Port-channel).

IP Source Guard
IP Source Guard .

IP Source Guard
DHCP Snooping VLAN
DHCP Snooping.
:
Console(config)# interface gigabitethernet 0/4
Console(config-if)# ip source-guard

2.35.13

ip source-guard binding

.
IP- .

:
ip source-guard binding mac-address vlan-id ip-address {interfaceid}
no ip source-guard binding mac-address vlan-id
no .
:
mac-address -.

491

vlan-id

VLAN.

ip-address

IP-.

interface-id

. :
Ethernet Port-channel.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

.


IP- .
- IP-
. -
.
:
Console(config)# ip source-guard binding 0060.704C.73FF 23 176.10.1.1
ethernet 1/5

2.35.14

ip source-guard tcam retries-freq

.
TCAM IP Source
Guard.
:
ip source-guard tcam retries-freq {seconds | never}
no ip source-guard tcam retries-freq

.

no

:
seconds


10 600 .

never

TCAM.


60 .

.

3.1.0.3 16.05.2013 .

492

-3000
. II

.465255.040


IP Source Guard ,
, IP Source Guard
- .


IP Source Guard.

TCAM.
ip source-guard tcam
locate
IP Source Guard.
show ip source-guard
inactive IP Source Guard.
:
Console(config)# ip source-guard tcam retries-freq 120

2.35.15

ip source-guard tcam locate

.
IP Source Guard.
:
ip source-guard tcam locate

.

IP Source Guard ,
, IP Source Guard
- .


IP Source Guard.
ip source-guard tcam retriesfreq never
.
IP Source Guard
.
show ip source-guard
inactive IP Source Guard.
493

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
Console# ip source-guard tcam locate

2.35.16

show ip source-guard configuration

.
IP Source Guard
.
:
show ip source-guard configuration [interface-id]
:
interface-id

. :
Ethernet Port-channel.


.
:
Console# show ip source-guard configuration
IP source guard is globally enabled.

2.35.17

Interface

State

---------

------

1/21

Enabled

1/22

Enabled

1/23

Enabled

1/24

Enabled

1/32

Enabled

1/33

Enabled

1/34

Enabled

show ip source-guard status

. IP
Source Guard.
:
show ip source-guard status [mac-address mac-address] [ip-address
ip-address] [vlan vlan] [interface-id]

3.1.0.3 16.05.2013 .

494

-3000
. II

.465255.040

:
mac-address -.
mac-address
ip-address
ip-address

IP-.

vlan vlan-id

VLAN.

interface-id

. :
Ethernet Port-channel.


.
:
Console# show ip source-guard status
IP source guard is globally disabled.
Console# show ip source-guard status
Interface

Filter Status

IP Address MAC

VLAN

Type

Address

2.35.18

---------

-----

------

---------- --------

-----

-------

1/21

IP

Active

10.1.8.1

0060.704C.73FF

DHCP

1/22

IP

Active

10.1.8.2

0060.704C.7BC1

DHCP

1/23

IP

Active

10.1.12.2

0060.704C.7BC3

DHCP

1/24

IP

Active

Deny all

1/25

IP

Active

10.1.8.218 0060.704C.7BAC

Static

1/32

IP

Inactive 10.1.8.32

DHCP

1/33

IP

Inactive

1/34

IP

Inactive

1/35

IP

Inactive

0060.704C.83FF

show ip source-guard inactive

.
IP Source Guard.

:
show ip source-guard inactive

.

495

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


IP Source Guard ,
, IP Source Guard
- .


IP Source Guard.
ip source-guard tcam retriesfreq
TCAM.
ip source-guard tcam
locate
IP Source Guard.
show ip source-guard inactive
IP Source Guard.
:
Console# show ip source-guard inactive
TBD: TCAM resources search frequency: 10 minutes
Interface

Filter

IP Address

MAK Address

VLAN

Type

Reason

---------

-----

---------

----------

----

-----

-----------

1/32

IP

10.1.8.32

0060.704C.83FF 3

DHCP

Resource

1/33

IP

Problem

1/34

IP

Trust port

No snooping
VLAN

2.35.19

show ip source-guard statistics

Source Guard ( ).
:
show ip source-guard statistics [vlan vlan-id]
:
vlan-id

VLAN.


.
3.1.0.3 16.05.2013 .

496

-3000
. II

.465255.040

:
console# show ip source-guard statistics
VLAN Statically Permitted Stations DHCP Snooping Permitted Stations
---- ----------------------------- -------------------------------2

2.35.20

ip arp inspection

.
ARP .
:
ip arp inspection
no ip arp inspection
no ARP
.

ARP .

.

,
DHCP
Snooping IP---
. ,
, ARP-.
:
Console(config)# ip arp inspection

2.35.21

ip arp inspection vlan

.
ARP VLAN, DHCP
Snooping.
:
ip arp inspection vlan vlan-id
no ip arp inspection vlan vlan-id
no ARP
VLAN.
497

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
vlan-id

VLAN.


ARP VLAN .

.

ARP VLAN,
DHCP Snooping.
ip arp inspection list assign ARP
.
:
Console(config)# ip arp inspection vlan 23

2.35.22

ip arp inspection trust

(Ethernet, Portchannel). ,
ARP.
:
ip arp inspection trust
no ip arp inspection trust

.

no


.

(Ethernet, Port-channel).

ARP,
.
.

ARP ,
IP-MAC-,
3.1.0.3 16.05.2013 .

498

-3000
. II

.465255.040

.

,
ip arp inspection log-buffer
vlan.
:
Console(config)# interface gigabitethernet 0/3
Console(config-if)# ip arp inspection trust

2.35.23

ip arp inspection validate

.

ARP.
:
ip arp inspection validate
no ip arp inspection validate

.

no


ARP .

.

:

- : -
Ethernet -
ARP-.
, ARP;

- : -
Ethernet -
ARP. ARP;

IP-: ARP
. :
0.0.0.0, 255.255.255.255 IP-.

:
Console(config)# ip arp inspection validate

499

3.1.0.3 16.05.2013 .

-3000
. II

2.35.24

.465255.040

ip arp inspection list create

.
ARP
ARP.
:
ip arp inspection list create name
no ip arp inspection list create name
no .
:
name

ARP
1 32 .


ARP .

.

ip arp inspection list assign
ARP VLAN.
:
Console(config)# ip arp inspection list create servers
Console(config-ARP-list)#

2.35.25

ip mac

ARP.
ARP.
:
ip ip-address mac mac-address
no ip ip-address mac mac-address

3.1.0.3 16.05.2013 .

500

-3000
. II

.465255.040

no ARP.
:
ip-address

IP-, .

mac-address -, IP-.

ARP .

ARP.
:
Console(config)# ip arp inspection list create servers
Console(config-ARP-list)# ip 172.16.1.1 mac 0060.704C.7321
Console(config-ARP-list)# ip 172.16.1.2 mac 0060.704C.7322

2.35.26

ip arp inspection list assign

.
ARP VLAN.

:
ip arp inspection list assign vlan-id name
no ip arp inspection list assign vlan
no .
:
vlan-id

VLAN.

name

ARP.


ARP .

.
:
Console(config)# ip arp inspection list assign 37 servers

501

3.1.0.3 16.05.2013 .

-3000
. II

2.35.27

.465255.040

ip arp inspection logging interval

.
ARP SYSLOG.
:
ip arp inspection logging interval {seconds | infinite}
no ip arp inspection logging interval

.

no

:
seconds


ARP SYSLOG 0
86400 . 0
.

infinite

SYSLOG.



ARP SYSLOG 5 .

.
:
Console(config)# ip arp inspection logging interval 60

2.35.28

show ip arp inspection

.
ARP
.
:
show ip arp inspection [interface-id]
:
interface-id

: Ethernet Port-channel.


.
3.1.0.3 16.05.2013 .

502

-3000
. II

.465255.040

:
console# show ip arp inspection
IP ARP inspection is Enabled
IP ARP inspection is configured on following VLANs: 1
Verification of packet header is Enabled
IP ARP inspection logging interval is: 222 seconds
Interface

Trusted

----------- -----------

2.35.29

gi0/1

Yes

gi0/2

Yes

show ip arp inspection list

.
ARP.
:
show ip arp inspection list

.
:
Console# show ip arp inspection list
List name: servers
Assigned to VLANs: 1,2

2.35.30

IP

ARP

--------------

---------------

172.16.1.1

0060.704C.7322

172.16.1.2

0060.704C.7322

show ip arp inspection statistics

.
: Forwarded, Dropped, IP/MAC Validation
Failure.
:
show ip arp inspection statistics [vlan vlan-id]

503

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
VLAN.

vlan-id


.

ARP clear ip arp
inspection statistics.
ARP.
:
console# show ip arp inspection statistics

2.35.31

Vlan

Forwarded Packets

Dropped Packets

IP/MAC Failures

----

-----------------

---------------

---------------

1500

100

80

clear ip arp inspection statistics

. ARP
.
:
clear ip arp inspection statistics [vlan vlan-id]
:
vlan-id

VLAN.


.
:
console# clear ip arp inspection statistics

2.36
2.36.1

DHCP Relay
ip dhcp relay enable ( )

.
DHCP Relay .
:
ip dhcp relay enable
3.1.0.3 16.05.2013 .

504

-3000
. II

.465255.040

no ip dhcp relay enable


no DHCP Relay.

DHCP Relay .

.
:
Console(config)# ip dhcp relay enable

2.36.2

ip dhcp relay enable ( )

(VLAN, Ethernet, Portchannel). DHCP Relay .


:
ip dhcp relay enable
no ip dhcp relay enable
no DHCP Relay.

DHCP Relay .

(VLAN).
(VLAN, Ethernet, Port-channel).

DHCP Relay
DHCP Relay .

:
Console(config)# interface vlan 21
Console(config-if)# ip dhcp relay enable

2.36.3

ip dhcp relay address ( )

. DHCP, DHCP Relay.


:
ip dhcp relay address ip-address
505

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

no ip dhcp relay address [ip-address]


no .
:
ip-address

IP-
DHCP-.
8 .


.

.

IP- DHCP-
ip dhcp relay address.
DHCP-
.
DHCP-
no ip-address.
no ip-address
DHCP-.
:
switchxxxxxx(config)# ip dhcp relay address 176.16.1.1

3.1.0.3 16.05.2013 .

506

-3000
. II

2.36.4

.465255.040

ip dhcp information option

.
DHCP 82 .
:
ip dhcp information option
no ip dhcp information option
no DHCP 82
.

DHCP 82 .

.

DHCP 82 ,
DHCP Snooping DHCP Relay.
:
console(config)# ip dhcp information option

2.36.5

show ip dhcp information option

.
DHCP 82.
:
show ip dhcp information option

.
:
console# show ip dhcp information option
Relay agent Information option is Enabled

2.37
2.37.1

IP-
ip address

(Ethernet, VLAN, Portchannel). IP- .


507

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
ip address ip-address {mask | prefix-length}
no ip address [ip-address]
no IP-.
:
ip-address

IP-.

mask

IP-.

prefix-length

IP- 8
30 .


IP- .

(Ethernet, VLAN, Port-channel).

.

IP-
, DHCP- .
32- IP-. IP-
IP-. IP- ,
, IP-
IP- .
IP- ,
.
IP- ,
no ip address ,
IP-.
IP- ,
no ip address ,
IP-.
, LAG VLAN.
:
Console(config)# interface vlan 1
Console(config-if)# ip address 131.108.1.27 255.255.255.0

3.1.0.3 16.05.2013 .

508

-3000
. II

2.37.2

.465255.040

ip address dhcp

(Ethernet, VLAN, Portchannel). IP- Ethernet DHCP.


:
ip address dhcp
no ip address dhcp
no IP-.

(Ethernet, VLAN, Port-channel).
.

ip address dhcp
IP- DHCP.
DHCP-
IP- .

IP- DHCP, DHCPDISCOVER ,


DHCP- .
no ip address dhcp
IP- DHCPRELEASE.
:
Console(config)# interface gigabitethernet 0/4
Console(config-if)# ip address dhcp

2.37.3

renew dhcp

. IP-,
DHCP-
.
:
renew dhcp { interface-id} [force-autoconfig]
:
interface-id

509

: Ethernet, Port-channel
VLAN.
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

DHCP- 67 DHCP
IP-,

.

forceautoconfig


.

, DHCP
. DHCP ,
.
DHCP IP- ,
IP-.
DHCP IP- ,
DHCP.
:
Console# renew dhcp vlan 19

2.37.4

ip default-gateway

. IP-
.
:
ip default-gateway ip-address
no ip default-gateway

.

no

:
ip-address

IP- .


.

.
:
Console(config)# ip default-gateway 192.168.1.1

3.1.0.3 16.05.2013 .

510

-3000
. II

2.37.5

.465255.040

show ip interface

.
IP.
:
show ip interface [interface-id ]
:
interface-id

.

: Ethernet, Port-channel VLAN.


.
:
,
.
console# show ip interface
Gateway IP Address

Activity status

Type

----------------------- ----------------------- -------1.1.1.254

Inactive

IP Address

2.37.6

I/F

static
Type

Status

------------------- --------- -----------

-----------

1.1.1.1/8

vlan 1

Static

Valid

2.2.2.2/24

gi0/1

Static

Valid

arp


ARP.

:
arp ip-address mac-address [interface-id]
no arp ip-address
no ARP.
:
ip-address
511

IP- IP,
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

-.
mac-address

-, IP-
IP.

interface-id

: Ethernet, Port-channel
VLAN.


ARP .

ARP
32- IP- 48-
(-).
,
ARP.

.
:
Console(config)# arp 198.133.219.232 00:00:0c:40:0f:bc ethernet 1/6

2.37.7

arp timeout ( )

.
, ARP.
:
arp timeout seconds
no arp timeout

.

no

:
seconds

,
ARP, 1
40 000 000 .


60 000
300 .
3.1.0.3 16.05.2013 .

512

-3000
. II

.465255.040


.
:
Console(config)# arp timeout 12000

2.37.8

arp timeout

(Ethernet, VLAN, Portchannel). ,


ARP .
:
arp timeout seconds
no arp timeout

.

no

:
seconds

,
ARP, 1
40 000 000
.

3600 .



arp timeout.


(Ethernet, VLAN, Port-channel).
.

,
IP-.
:
Console (config)# interface vlan 1
Console(config-if)# arp timeout 12000

2.37.9

ip arp proxy disable

. proxy ARP
.
513

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
ip arp proxy disable
no ip arp proxy disable
no proxy ARP.

.

ip arp proxy disable
proxy ARP .
2.37.10

ip proxy-arp

(Ethernet, VLAN, Portchannel). proxy ARP .


:
ip proxy-arp
no ip proxy-arp
no proxy ARP.

proxy ARP .

(Ethernet, VLAN, Port-channel).
.

, IP .
:
Console(config-if)# ip proxy-arp

2.37.11

clear arp-cache

.
ARP.

:
clear arp-cache
3.1.0.3 16.05.2013 .

514

-3000
. II

.465255.040


.
:
Console# clear arp-cache

2.37.12

show arp

.
ARP.
:
show arp [ip-address
[interface-id]

ip-address]

[mac-address

mac-address]

:
ip-address ip-address

IP-.

mac-address mac-address

-.

interface-id

.
: Ethernet
Port-channel.


.

-, ,
FDB ,
.
ARP IP-,
port-channel, VLAN .
:
Console# show arp
ARP timeout: 80000 Seconds

515

VLAN

Interface

IP Address

HW Address

Status

--------

---------

----------

--------------

--------

VLAN 1

1/1

10.7.1.102

00:10:B5:04:DB:4B

Dynamic

VLAN 1

2/2

10.7.1.135

00:50:22:00:2A:A4

Static

3.1.0.3 16.05.2013 .

-3000
. II

2.37.13

.465255.040

show arp configuration

.
ARP.
:
show arp configuration

.
:
Console# show arp configuration
Global configuration:
ARP Proxy: enabled
ARP timeout: 80000 Seconds
Interface configuration:
g2:
ARP Proxy: disabled
ARP timeout:60000 Seconds
VLAN 1:
ARP Proxy: enabled
ARP timeout:70000 Seconds
VLAN 2:
ARP Proxy: enabled
ARP timeout:80000 Second (Global)

2.37.14

interface ip

.
IP.
:
interface ip ip-address
:
ip-address

IP- .

3.1.0.3 16.05.2013 .

516

-3000
. II

.465255.040

:
Console (config)# interface ip 192.168.1.1
Console (config-ip)#

2.37.15

directed-broadcast

IP.
IP-
(directed broadcast) L2.
:
directed-broadcast
no directed-broadcast
no .


IP- L2
. IP- .

IP.

IP-
IP- - ,
,
.
,
, IP-
, IP-.
IP- ,
, IP-
IP-

L2.
:
Console (config)# interface ip 192.168.1.1
Console (config-ip)# directed-broadcast

2.37.16

broadcast-address


.
517

IP.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
broadcast-address {255.255.255.255 | 0.0.0.0}
no broadcast-address

.

no

:
255.255.255.255

.
0.0.0.0

255.255.255.255

0.0.0.0


255.255.255.255.

IP.
:
Console(config)# interface ip 192.168.1.1
Console(config-ip)# broadcast-address 255.255.255.255

2.37.17

ip helper-address

.
UDP-, ,
( ).
:
ip helper-address {ip-interface | all} address [udp-port-list]
no ip helper-address {ip-interface | all} address

no

().
:
ip-interface

IP-.

all

IP-.

address



UDP-. 0.0.0.0 ,
UDP-
.

3.1.0.3 16.05.2013 .

518

-3000
. II

udp-port-list

.465255.040

UDP- ,
,
1 65535.


UDP-,
, ()
.
udp-port-list ,
.

.

ip
helper-address

UDP- .
. ,
- 128
.
, ,
,
.
BOOT/DHCP ( 67, 68)
. BOOT/DHCP
DHCP.
ip helper-address UDP-,
UDP-
. , UDP- ,
UDP-
:

IEN-116 Name Service ( 42);

DNS ( 53);

NetBIOS Name Server ( 137);

NetBIOS Datagram Server ( 138);

TACACS- ( 49);

Time Service ( 37).

:
Console (config)# ip helper-address all 172.16.9.9 49 53

519

3.1.0.3 16.05.2013 .

-3000
. II

2.37.18

.465255.040

show ip helper-address

.
, .

IP-

:
show ip helper-address

.
:
Console# show ip helper-address

2.37.19

Interface

Helper Address

UDP ports

------------

--------------

----------

192.168.1.1

172.16.8.8

37, 42, 49, 53, 137, 138

192.168.2.1

172.16.9.9

37, 49

source-precedence

IP-.
IP- DHCP
relayed .
:
source-precedence
no source-precedence

.

no


.

IP-.

relayed DHCP IP-
:

IP-,

IP-
;

IP-,

IP-

3.1.0.3 16.05.2013 .

520

-3000
. II

.465255.040

:
Console (config-ip)# source-precedence

2.37.20

ip domain lookup

.
IP- (DNS).

:
ip domain lookup
no ip domain lookup
no .

.

.
:
Console(config)# ip domain lookup

2.37.21

ip domain name

.
,
.
:
ip domain name name
no ip domain name
no .
:
name
,
,
158 .
63 .
,

(, .mydomain.com).

.
521

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040



: ASCII A Z (
), 0 9, .
(.) .

.
:
Console(config)# ip domain name www.website.com

2.37.22

ip name-server


(DNS).

:
ip name-server { server1-ipv4-address | server1-ipv6-address}
[server-address2 server-address8]
no ip name-server [server-address server-address8]
no .
:
server-address
IP- .
8 .
IPv4- IPv6-. IPv6-

(IPv6Z-),

.

IP- .

.

,
.
IPv6Z-: <ipv6-link-local-address>%<interface-name>

interface-name = vlan<integer> | ch<integer> | isatap<integer> |


<physical-port-name> | 0

3.1.0.3 16.05.2013 .

522

-3000
. II

.465255.040

integer = <decimal-number> | <integer><decimal-number>

decimal-number = 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9

physical-port-name = , , 0/4
,
. , ,
, .
:
Console(config)# ip name-server 176.16.1.18

2.37.23

ip host

.
- .
:
ip host name address [address2 address3 address4]
no ip host name
no .
:
name

address

158 .

63 .
IP-.
4 .


.

.

: ASCII A
Z ( ), 0 9,
. (.)
.

523

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
Console(config)# ip host accounting.website.com 176.10.23.1

2.37.24

clear host

.
- .
:
clear host {name | *}
:
name

158 .

63 .


.
:
Console# clear host *

2.37.25

clear host dhcp

.
- , DHCP-.
:
clear host dhcp {name | *}
:
name

158 .

63 .


.

-
IP-.
3.1.0.3 16.05.2013 .

524

-3000
. II

.465255.040

:
Console# clear host dhcp *

2.37.26

show hosts

.
, ,
.
:
show hosts [name]
:
name



63 .

158


.
:
Console> show hosts
System name: Device
Default domain is gm.com, sales.gm.com, usa.sales.gm.com(DHCP)
Name/address lookup is enabled
Name servers (Preference order): 176.16.1.18 176.16.1.19
Configured host name-to-address mapping:
Host

Addresses

-----------------

-------------------------------

accounting.gm.com

176.16.8.8 176.16.8.9 (DHCP)


2002:0:130F::0A0:1504:0BB4

2.38
2.38.1

Host

Total

Elapsed

Type

Addresses

----------------

-----

-------

----- ------------

www.stanford.edu

72

IP

171.64.14.203


interface tunnel

.
(Tunnel).
525

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
interface tunnel number
interface tunnel number
:
number


.
:
Console(config)# interface tunnel 1
Console(config-tunnel)#

2.38.2

tunnel destination

(Tunnel).
Manual Tunnel.
:
tunnel destination {host-name | ip-address}
no tunnel destination
no .
:
host-name

DNS- .

ip-address

IPv4- .



.

(Tunnel).



.

3.1.0.3 16.05.2013 .

526

-3000
. II

.465255.040

:
interface vlan 1
ip address 10.0.0.1 255.255.255.0
exit
interface tunnel1
ipv6 address 3ffe:b00:c18:1::3/127
tunnel source vlan1
tunnel destination 192.168.30.1
tunnel mode ipv6v6ip
exit

2.38.3

tunnel mode ipv6ip

(Tunnel).
IPv6.
:
tunnel mode ipv6ip {isatap}
no tunnel mode ipv6ip
no IPv6.
:
isatap

IPv6 ISATAP IPv4.


IPv6
.

(Tunnel).

ISATAP.
,
, IPv4-.
, (,
VLAN) IPv6 ISATAP
IPv4 native IPv6.
IP- ( ISATAP native IPv6).

527

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
Console(config)# interface tunnel 1
Console(config-tunnel)# tunnel mode ipv6ip isatap

2.38.4

tunnel source

(Tunnel).
IPv4- ()
.
:
tunnel source { auto | ipv4-address }
no tunnel source
no
.
:
auto

IPv4-

. IPv4,

ipv4-address

IPv4-

.
,
IPv4-
( StackTable).


.

(Tunnel).

IPv4-

8 SIP,
IPv6-.

3.1.0.3 16.05.2013 .

528

-3000
. II

.465255.040

:
console(config)# interface tunnel 1
console(config-tunnel)# tunnel source auto

2.38.5

show ipv6 tunnel

.
ISATAP.

:
show ipv6 tunnel

.
:
Console> show ipv6 tunnel
Tunnel 1
-------Tunnel status

: DOWN

Tunnel protocol

: NONE

Tunnel Local address type

: auto

Tunnel Local Ipv4 address

: 0.0.0.0

Router DNS name

: ISATAP

Router IPv4 address

: 0.0.0.0

DNS Query interval

: 300 seconds

Min DNS Query interval

: 0 seconds

Router Solicitation interval

: 10 seconds

Min Router Solicitation interval : 0 seconds


Robustness

2.39
2.39.1

: 2

DHCP-
ip dhcp server

.
DHCP- .
:
ip dhcp server
no ip dhcp server
no DHCP-.

529

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


DHCP- .

.
:
Console(config)# ip dhcp server

2.39.2

ip dhcp pool host

DHCP-
DHCP.
:
ip dhcp pool host name
no ip dhcp pool host name
no .
:
name
DHCP 32 .

(, Engineering)
(, 8).

DHCP .

.


DHCP Pool,
(config-dhcp)#.

, IP-
.
:
Console(config)# ip dhcp pool host station
Console(config-dhcp)#

3.1.0.3 16.05.2013 .

530

-3000
. II

2.39.3

.465255.040

ip dhcp pool network

.
DHCP DHCP-
DHCP Pool.
:
ip dhcp pool network name
no ip dhcp pool network name
no .
:
name

DHCP
32 .



(, engineering)
(, 8).

DHCP- .

.


DHCP Pool Network,
(config-dhcp)#.
,
IP- .
:
Console(config)# ip dhcp pool network pool1
Console(config-dhcp)#

2.39.4

address ( DHCP-)

DHCP Pool Host.


IP- DHCP-.
:
address ip-address {mask | prefix-length} {client-identifier uniqueidentifier | hardware-address mac-address}
no address
531

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

no IP-,
DHCP-.
:
ip-address

IP- .

mask

prefix-length

.

.

(/).

unique-identifier

2
.

,
: 01b7.0813.8811.66.
hardwareaddress

-.


DHCP- .

DHCP Pool Host.
:
Console(config-dhcp)# address 10.12.1.99 255.255.255.0 01b7.0813.8811.66

2.39.5

address ( DHCP Network)

DHCP Pool Network.


DHCP- DHCP-.
:
address {network-number | low low-address high high-address} {mask
| prefix-length}
no address
no .
:
network-number IP- DHCP-.
3.1.0.3 16.05.2013 .

532

-3000
. II

.465255.040

mask

prefix-length

.

.

(/).

low low-address

IP- .

high highaddress

IP- .


DHCP- .
,
IP- .
,
IP- .

DHCP Pool Network.
:
Console(config-dhcp)# address 10.12.1.0 255.255.255.0

2.39.6

lease

DHCP Pool Network.


IP-, DHCP- DHCP.
:
lease {days [{hours} [minutes]] | infinite}
no lease

.

no

:
days

IP- .

hours

IP- .
days
hours.
IP- .
days hours

minutes
533

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

minutes.
IP-.

infinite


1 .

DHCP Pool Network.
:
Console(config-dhcp)# lease 1

Console(config-dhcp)# lease 0 1

Console(config-dhcp)# lease 0 0 1

Console(config-dhcp)# lease infinite

2.39.7

client-name

DHCP Pool Host.


DHCP-. .
:
client-name name
no client-name
no .
:
name


ASCII 32 .
. , Mars
mars.yahoo.com.


.

DHCP Pool Host.
:
Console(config-dhcp)# client-name client1

3.1.0.3 16.05.2013 .

534

-3000
. II

2.39.8

.465255.040

default-router

DHCP Pool.
DHCP-.
:
default-router ip-address [ip-address2 ... ip-address8]
no default-router
no
.
:
ip-address

IP- .
IP-.
8 .


.

DHCP Pool Host.
DHCP Pool Network.

IP- .
:
Console(config-dhcp)# default-router 10.12.1.99

2.39.9

dns-server

DHCP Pool.
DNS, DHCP-.
:
dns-server ip-address [ip-address2 ... ip-address8]
no dns-server
no DNS-.
:
ip-address

535

IP- DNS-.
IP-.
8 .
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


DNS- .

DHCP Pool Host.
DHCP Pool Network.

DNS DHCP- ,
IP-.
:
Console(config-dhcp)# dns-server 10.12.1.99

2.39.10

domain-name

DHCP Pool.
DHCP-.
:
domain-name domain
no domain-name
no .
:
domain


32 .

DHCP-


.

DHCP Pool Host.
DHCP Pool Network.
:
Console(config-dhcp)# domain-name yahoo.com

2.39.11

netbios-name-server

DHCP Pool. WINS NetBIOS, DHCP-.


3.1.0.3 16.05.2013 .

536

-3000
. II

.465255.040

:
netbios-name-server ip-address [ip-address2 ... ip-address8]
no netbios-name-server
no
NetBIOS.
:
ip-address

IP- WINS NetBIOS.


IP-.
8 .


NetBIOS .

DHCP Pool Host.
DHCP Pool Network.
:
Console(config-dhcp)# netbios-name-server 10.12.1.90

2.39.12

netbios-node-type

DHCP Pool.
NetBIOS DHCP-.
:
netbios-node-type {b-node | p-node | m-node | h-node}
no netbios-node-type
no NetBIOS.
:
b-node

Broadcast NetBIOS.

p-node

Peer-to-peer NetBIOS.

m-node

Mixed NetBIOS.

h-node

HybridNetBIOS.

537

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


DHCP Pool Host.
DHCP Pool Network.
:
Console(config-dhcp)# netbios node-type h-node

2.39.13

next-server

DHCP Pool.
DHCP-.
:
next-server ip-address
no next-server
no .
:
ip-address

IP-
, TFTP.


next-server
, DHCP-
.

DHCP Pool Host.
DHCP Pool Network.
:
Console(config-dhcp)# next-server 10.12.1.99

2.39.14

next-server-name

DHCP Pool.
DHCP-.

:
next-server-name name
no next-server-name
no .
3.1.0.3 16.05.2013 .

538

-3000
. II

.465255.040

:
name


64 .


.

DHCP Pool Host.
DHCP Pool Network.
:
Console(config-dhcp)# next-server-name www.bootserver.com

2.39.15

bootfile

DHCP Pool.
DHCP-.
:
bootfile filename
no bootfile
no .
:
filename


128 .


DHCP Pool Host.
DHCP Pool Network.
:
Console(config-dhcp)# bootfile boot_image_file

2.39.16

time-server

DHCP Pool.
DHCP-.
:
time-server ip-address [ip-address2 ... ip-address8]
no time-server
539

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

no .
:
ip-address

IP- .
IP-.
8 .


.

DHCP Pool Host.
DHCP Pool Network.

IP- .
:
Console(config-dhcp)# time-server 10.12.1.99

2.39.17

option

DHCP Pool.
DHCP-.
:
option code {ascii ascii-string | hex hex-string | ip ip-address}
option ip-list code ip-address1 [ip-address2 ]
no option code
no .
:
code

DHCP.

ascii ascii-string

NVT ASCII.
ASCII, ,
.

hex hex-string

,

.
.

ip ip-address

IP-.

3.1.0.3 16.05.2013 .

540

-3000
. II

, IP-
.

ip-list
ip-address1
address2 ]

.465255.040

[ip- IP-.


DHCP Pool Host.
DHCP Pool Network.

DHCP, RFC2132.
, IP, , 42 (NTP server),
option ip-list.
DHCP
TCP/IP.

, DHCP-.
.
DHCP RFC2131 (DHCP).

,
.
:
Console(config-dhcp)# option 19 hex 01

Console(config-dhcp)# option 2 hex 00000E10

Console(config-dhcp)# option ip-list 72 172.16.3.252 172.16.3.253

2.39.18

ip dhcp excluded-address

. IP-,
DHCP- DHCP-.
:
ip dhcp excluded-address low-address [high-address]
no ip dhcp excluded-address low-address [high-address]
no IP-.

541

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
low-address

IP- IP-
.

high-address

IP-
.


IP- .

.

DHCP- ,
.
IP- IP-.
:
Console(config)# ip dhcp excluded-address 172.16.1.100 172.16.1.199

2.39.19

ip dhcp ping enable

. DHCP ping
DHCP-.
:
ip dhcp ping enable
no ip dhcp ping enable
no ping
.

ping
.

.

DHCP- ping
DHCP-.
ping , DHCP- (
3.1.0.3 16.05.2013 .

542

-3000
. II

.465255.040

), ,
.
:
Console(config)# ip dhcp ping enable

2.39.20

ping enable

DHCP Pool Network.


DHCP- ping
DHCP-.
:
ping enable
no ping enable
no ping
.

ping .

DHCP Pool Network.

DHCP- ping
DHCP-.
ping , DHCP- (
), ,
.
:
Console(config-dhcp)# ping enable

2.39.21

ip dhcp ping count

.
ping, DHCP-
.
:
ip dhcp ping count number
no ip dhcp ping count

.
543

no

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
number

ping,


,
1 10.

2 .

.
:
Console(config)# ip dhcp ping count 5

2.39.22

ip dhcp ping timeout

.
, DHCP-
ping .
:
ip dhcp ping timeout milliseconds
no ip dhcp ping timeout
no
.

:
milliseconds

, DHCP ping
, 300
10 000 .


500 .

.
:
Console(config)# ip dhcp ping timeout 1000

3.1.0.3 16.05.2013 .

544

-3000
. II

2.39.23

.465255.040

clear ip dhcp binding

.
DHCP-.
:
clear ip dhcp binding {address | *}
:
address

,
DHCP-.


.

IP- .
(*),
DHCP .

no ip dhcp pool.

:
Console# clear ip dhcp binding 10.12.1.99

2.39.24

show ip dhcp

.
DHCP.
:
show ip dhcp

.
:
Console> show ip dhcp
DHCP server is enabled.
DHCP ping packets is enabled with 2 retries and 500 milliseconds.

545

3.1.0.3 16.05.2013 .

-3000
. II

2.39.25

.465255.040

show ip dhcp excluded-addresses

. ,
.
:
show ip dhcp excluded-addresses

.
:
Console> show ip dhcp excluded-addresses
The number of excluded addresses ranges is 2
Excluded addresses:
10.1.1.212- 10.1.1.219, 10.1.2.212- 10.1.2.219

2.39.26

show ip dhcp pool host

.
DHCP Pool Host.
:
show ip dhcp pool host [address | name]
:
address

IP- .

name

DHCP 32 .


.
:
Console> show ip dhcp pool host
The number of host pools is 1
Name

IP Address

Hardware Address

Client Identifier

---------

------------

----------------

------------------

Station

172.16.1.11

01b7.0813.8811.66

Console> show ip dhcp pool host station


Name

IP Address

Hardware Address

Client Identifier

---------

------------

----------------

------------------

3.1.0.3 16.05.2013 .

546

-3000
. II
Station

.465255.040

172.16.1.11

01b7.0813.8811.66

Mask: 255.255.0.0
Default router: 172.16.1.1
Client name: client1
DNS server: 10.12.1.99
Domain name: yahoo.com
NetBIOS name server: 10.12.1.90
NetBIOS node type: h-node
Next server: 10.12.1.99
Next-server-name: 10.12.1.100
Bootfile: Bootfile
Time server 10.12.1.99
Options:

2.39.27

Code

Value

----

-----

19

Ox01

show ip dhcp pool network

.
DHCP-.
:
show ip dhcp pool network [name]
:
name

DHCP 32 .


.
:
Router> show ip dhcp pool network
The number of network pools is 2
Name Address range mask Lease
---------------------------------------------------marketing 10.1.1.17-10.1.1.178 255.255.255.0 0d:12h:0m
finance 10.1.2.8-10.1.2.178 255.255.255.0 0d:12h:0m
Router> show ip dhcp pool network marketing
Name Address range mask Lease
--------------------------------- -----------------------marketing 10.1.1.17-10.1.1.178 255.255.255.0 0d:12h:0m

547

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Statistics:
All-range Available Free Pre-allocated Allocated Expired Declined
---------- --------- ----- ------------- --------- --------- -----162

150

68

50

20

Default router: 10.1.1.1


Ping packets: enabled
DNS server: 10.12.1.99
Domain name: yahoo.com
NetBIOS name server: 10.12.1.90
NetBIOS node type: h-node
Next server: 10.12.1.99
Next-server-name: 10.12.1.100
Bootfile: Bootfile
Time server 10.12.1.99
Options:
Code Value
-----------------19 Ox01

2.39.28

show ip dhcp binding

.
, DHCP-.
:
show ip dhcp binding [ip-address]
:
ip-address

IP-.


.
:
Router> show ip dhcp binding
DHCP server enabled
The number of used (all types) entries is 5
The number of pre-allocated entries is 1
The number of allocated entries is 1
The number of expired entries is 1
The number of declined entries is 2
IP address Hardware Address Lease Expiration

Type

State

---------- ---------------- -------------------- ------- ---------

3.1.0.3 16.05.2013 .

548

-3000
. II

.465255.040

1.16.1.11

00a0.9802.32de

1.16.3.23

02c7.f801.0422

Feb 01 1998 12:00 AM dynamic allocated


dynamic expired

1.16.3.24

02c7.f802.0422

dynamic declined

1.16.3.25

02c7.f803.0422

dynamic pre-allocated

1.16.3.26

02c7.f804.0422

dynamic declined

Router> show ip dhcp binding 1.16.1.11


DHCP server enabled
The number of used (all types) entries is 5
The number of pre-allocated entries is 1
The number of allocated entries is 1
The number of expired entries is 1
The number of declined entries is 2
IP address Hardware Address Lease Expiration

Type

---------- ---------------- --------------------

------- ---------

1.16.1.11

dynamic allocated

00a0.9802.32de

Feb 01 1998 12:00 AM

State

Router> show ip dhcp binding 1.16.3.24


DHCP server enabled
The number of used (all types) entries is 5
The number of pre-allocated entries is 1
The number of allocated entries is 1
The number of expired entries is 1
The number of declined entries is 2
IP address Hardware Address Lease Expiration

Type

State

---------- ---------------- -------------------- ------- --------1.16.3.24

02c7.f802.0422

dynamic declined

51

2.39.29

IP address

IP- , DHCP-.

Hardware address

- ,
DHCP-.

Lease expiration

IP- .

Type

IP- .

State

IP-.

show ip dhcp server statistics

.
DHCP-.
:
show ip dhcp server statistics
549

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
:
DHCP server enabled
The number of network pools is 6
The number of excluded pools is 2
The number of used (all types) entries is 7
The number of pre-allocated entries is 1
The number of allocated entries is 3
The number of static entries is 1
The number of dynamic entries is 1
The number of automatic entries is 1
The number of expired entries is 1
The number of declined entries is 2

2.39.30

show ip dhcp allocated

. ,
DHCP-.
:
show ip dhcp allocated [ip-address]
:
ip-address

IP-.


.
:
Router> show ip dhcp allocated
DHCP server enabled
The number of allocated entries is 3
The number of static entries is 1
The number of dynamic entries is 1
The number of automatic entries is 1
IP address

Hardware address Lease expiration

----------

---------------- -------------------- -----------

172.16.1.11

00a0.9802.32de

172.16.3.253 02c7.f800.0422

3.1.0.3 16.05.2013 .

Type

Feb 01 1998 12:00 AM Dynamic


Infinite

Automatic

550

-3000
. II

.465255.040

172.16.3.254 02c7.f800.0422

Infinite

Static

Router> show ip dhcp allocated 172.16.1.11


DHCP server enabled
The number of allocated entries is 2
The number of static entries is 0
The number of dynamic entries is 2
IP address Hardware address Lease expiration

Type

---------- ---------------- -------------------- ----------172.16.1.11 00a0.9802.32de

Feb 01 1998 12:00 AM Dynamic

Router> show ip dhcp allocated 172.16.3.254


DHCP server enabled
The number of allocated entries is 2
The number of static entries is 0
The number of dynamic entries is 2
IP address
----------

Hardware address Lease expiration

Type

---------------- -------------------- -----------

172.16.3.254 02c7.f800.0422

Infinite

Static

52

2.39.31

IP address

IP- , DHCP-.

Hardware address

DHCP-.

Lease expiration

IP- .

Type

IP- .

show ip dhcp declined

. ,
DHCP-.
:
show ip dhcp declined [ip-address]
:
ip-address
551

IP-.
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
:
Router> show ip dhcp declined
DHCP server enabled
IP address Hardware address
172.16.1.11 00a0.9802.32de
172.16.3.254 02c7.f800.0422
Router> show ip dhcp declined 172.16.1.11
DHCP server enabled
IP address Hardware address
172.16.1.1100a0.9802.32de
172.16.1.12

53

2.39.32

IP address

IP- , DHCP-.

Hardware address

- ,
DHCP-.

show ip dhcp expired

.
DHCP-.
:
show ip dhcp expired [ip-address]
:
ip-address

IP-.


.
:
Router> show ip dhcp expired
DHCP server enabled
IP address Hardware address

3.1.0.3 16.05.2013 .

552

-3000
. II

.465255.040

172.16.1.11 00a0.9802.32de
172.16.3.254 02c7.f800.0422
Router> show ip dhcp expired 172.16.1.11
DHCP server enabled
IP address Hardware address
172.16.1.1300a0.9802.32de
172.16.1.14

54

2.39.33

IP address

IP- , DHCP-.

Hardware address

- ,
DHCP-.

show ip dhcp pre-allocated

.
DHCP-.
:
show ip dhcp pre-allocated [ip-address]
:
ip-address

IP-.


.
:
Router> show ip dhcp pre-allocated
DHCP server enabled
IP address Hardware address
172.16.1.11 00a0.9802.32de
172.16.3.254 02c7.f800.0422

Router> show ip dhcp pre-allocated 172.16.1.11


DHCP server enabled
IP address Hardware address
172.16.1.1500a0.9802.32de
172.16.1.16

553

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

55

2.40
2.40.1

IP address

IP- , DHCP-.

Hardware address

-
DHCP-.

ACL
ip access-list (IP extended)

.
IPv4 (IPv4 ACL)
IPv4 ACL.

ACL. (ACE) ACL
permit (IP) deny (IP). service-acl
input ACL .
:
ip access-list extended acl-name
no ip access-list extended acl-name
no ACL.
:
acl-name

IPv4 ACL 1 32 .


IPv4 ACL .

.

IPv4 ACL . IPv4 ACL, IPv6 ACL,
MAC ACL Policy Map .
:
switchxxxxxx(config)# ip access-list extended server
switchxxxxxx(config-ip-al)#

2.40.2

permit ( IP)


IPv4 ACL.
3.1.0.3 16.05.2013 .

IP

ACL.

554

-3000
. II

.465255.040

:
permit protocol {any | source source-wildcard} {any | destination
destination-wildcard} [dscp number | precedence number] [time-range
time-range-name]
permit icmp {any | source source-wildcard} {any | destination
destination-wildcard} [any | icmp-type] [any | icmp-code]] [dscp
number | precedence number] [time-range time-range-name]
permit igmp {any | source source-wildcard} {any | destination
destination-wildcard}[igmp-type] [dscp number | precedence number]
[time-range time-range-name]
permit tcp {any | source source-wildcard} {any|source-port/portrange}{any | destination destination-wildcard} {any|destinationport/port-range } [dscp number | precedence number] [match-all listof-flags] [time-range time-range-name]
permit udp {any | source source-wildcard} {any|source-port/portrange} {any | destination destination-wildcard} {any|destinationport/port-range } [dscp number | precedence number] [match-all timerange-name] [time-range time-range-name]
:
protocol

source
source-wildcard

destination
destinationwildcard
dscp number
precedence
number
icmp-type

555

IP 0
255. : icmp, igmp, ip,
tcp, egp, igp, udp, hmp, rdp, idpr, ipv6, ipv6:rout,
ipv6:frag, idrp, rsvp, gre, esp, ah, ipv6:icmp, eigrp,
ospf, ipinip, pim, l2tp, isis.

ip.
IP- .
, IP-
.
, .
IP- .
, IP-
.
, .
DSCP.
IP.
ICMP- ICMP 0 255.
:
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

echo-reply, destination-unreachable, source-quench,


redirect, alternate-host-address, echo-request, routeradvertisement, router-solicitation, time-exceeded,
parameter-problem, timestamp, timestamp-reply,
information-request, information-reply, address-maskrequest, address-mask-reply, traceroute, datagramconversion-error,
mobile-host-redirect,
mobileregistration-request,
mobile-registration-reply,
domain-name-request, domain-name-reply, skip,
photuris.
icmp-code
ICMP- ICMP 0 255.
igmp-type
IGMP- IGMP 0 255.
:
host-query, host-report, dvmrp, pim, cisco-trace, hostreport-v2, host-leave-v2, host-report-v3.
destination-port UDP/TCP- 0
65535.
. : 20 - 21.
TCP
: bgp (179), chargen (19),
daytime (13), discard (9), domain (53), drip (3949),
echo (7), finger (79), ftp (21), ftp-data (20), gopher
(70), hostname (42), irc (194), klogin (543), kshell
(544), lpd (515), nntp (119), pop2 (109), pop3 (110),
smtp (25), sunrpc (1110, syslog (514), tacacs-ds (49),
talk (517), telnet (23), time (37), uucp (117), whois
(43), www (80). UDP
: biff (512),
bootpc (68), bootps (67), discard (9), dnsix (90),
domain (53), echo (7 ), mobile-ip (434), nameserver
(42), netbios-dgm (138), netbios-ns (137), on500isakmp (4500), ntp (123), rip (520), snmp (161),
snmptrap (162), sunrpc (111), syslog (514), tacacs-ds
(49), talk (517), tftp (69), time (37), who (513),
xdmcp (177).
source-port
UDP/TCP- 0
65535.

destinationport.
match-all list-of- TCP,
flags
. ,
+.
3.1.0.3 16.05.2013 .

556

-3000
. II

.465255.040

, -.
: +urg, +ack, +psh, +rst, +syn, +fin, -urg,
-ack, -psh, -rst, -syn -fin.
, : +fin-ack.
time-range-name ,
,
1 32.

IPv4 ACL .

IP ACL.

IP ACL
ip access-list.
(ACE)
ACL,
deny-any-any. , ,
, . , ,
.
TCP/UDP,
ACL, .
2000 TCP 2000 UDP.
,
,
ACE.
, ,
ACE.
,
,
.
:
console(config)# ip access-list extended server
console(config-ip-al)# permit ip 1.1.1.0 0.0.0.255 1.1.2.0 0.0.0.0

2.40.3

deny ( IP)

IP.
IPv4 ACL.

557

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
deny protocol {any | source source-wildcard} {any | destination
destination-wildcard} [dscp number | precedence number] [time-range
time-range-name] [disable-port | log-input]
deny icmp {any | source source-wildcard} {any | destination
destination-wildcard{any|icmp-type} {any|icmp-code} [dscp number |
precedence number] [time-range time-range-name] [disable-port | loginput]
deny igmp {any | source source-wildcard} {any | destination
destination-wildcard}[igmp-type] [dscp number | precedence number]
[time-range time-range-name] [disable-port | log-input]
deny tcp {any | source source-wildcard} {any|source-port/portrange}{any | destination destination-wildcard} {any|destinationport/port-range } [dscp number | precedence number] [match-all listof-flags] [time-range time-range-name] [disable-port | log-input]
deny udp {any | source source-wildcard} {any|source-port/port-range}
{any | destination destination-wildcard} {any|destination-port/portrange } [dscp number | precedence number] [match-all time-rangename] [time-range time-range-name] [disable-port | log-input]
:
IP 0
protocol
255. : icmp, igmp, ip,
tcp, egp, igp, udp, hmp, rdp, idpr, ipv6, ipv6:rout,
ipv6:frag, idrp, rsvp, gre, esp, ah, ipv6:icmp, eigrp,
ospf, ipinip, pim, l2tp, isis.
ip.
source
IP- .
source-wildcard , IP-
.
,
.
destination
IP- .
destination , IP-
wildcard
.
,
.
dscp number
DSCP.
precedence
IP Precedence.
number
icmp-type
ICMP- ICMP 3.1.0.3 16.05.2013 .

558

-3000
. II

.465255.040

0 255.
:
echo-reply, destination-unreachable, source-quench,
redirect, alternate-host-address, echo-request, routeradvertisement, router-solicitation, time-exceeded,
parameter-problem, timestamp, timestamp-reply,
information-request, information-reply, address-maskrequest, address-mask-reply, traceroute, datagramconversion-error,
mobile-host-redirect,
mobileregistration-request,
mobile-registration-reply,
domain-name-request, domain-name-reply, skip,
photuris.
icmp-code
ICMP- ICMP 0 255.
igmp-type
IGMP- IGMP 0 255.
:
host-query, host-report, dvmrp, pim, cisco-trace, hostreport-v2, host-leave-v2, host-report-v3.
destination-port UDP/TCP- 0
65535.
. : 20 - 21.
TCP
: bgp (179), chargen (19),
daytime (13), discard (9), domain (53), drip (3949),
echo (7), finger (79), ftp (21), ftp-data (20), gopher
(70), hostname (42), irc (194), klogin (543), kshell
(544), lpd (515), nntp (119), pop2 (109), pop3 (110),
smtp (25), sunrpc (1110, syslog (514), tacacs-ds (49),
talk (517), telnet (23), time (37), uucp (117), whois
(43), www (80). UDP
: biff (512),
bootpc (68), bootps (67), discard (9), dnsix (90),
domain (53), echo (7 ), mobile-ip (434), nameserver
(42), netbios-dgm (138), netbios-ns (137), non500isakmp (4500), ntp (123), rip (520), snmp 161),
snmptrap (162), sunrpc (111), syslog (514), tacacs-ds
(49), talk (517), tftp (69), time (37), who (513),
xdmcp (177).
source-port
UDP/TCP- 0
65535.

destinationport.
match-all list-of- TCP.
559

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

, +.
,
-. : +urg, +ack, +psh, +rst,
+syn, +fin, -urg, -ack, -psh, -rst, -syn -fin.
, : +fin-ack.
time-range-name ,
, 1 32.
disable-port
Ethernet
.
log-input
syslog
, .
,
,
ACE
.
flags


IPv4 .

IP ACL.

IP ACL
ip access-list.
(ACE)
,
deny-any-any. , ,
, .
, .
TCP/UDP,
ACL, .
2000 TCP 2000 UDP.
,
,
ACE.
,
,
ACE.
,
,
.
3.1.0.3 16.05.2013 .

560

-3000
. II

.465255.040

:
console(config)# ip access-list extended server
console(config-ip-al)# deny ip 1.1.1.0 0.0.0.255 1.1.2.0 0.0.0.0

2.40.4

ipv6 access-list (IPv6 extended)

.
IPv6
IPv6.

ACL. (ACE) ACL
permit (IPv6) deny (IPv6). service-acl
input ACL .
:
ipv6 access-list [acl-name]
no ipv6 access-list [acl-name]
no .
:
acl-name

IPv6 1
32 .


IPv6 .

.

IPv6 ACL . IPv4 ACL, IPv6 ACL,
MAC ACL Policy Map .
IPv6 permit icmp
any any nd-ns any, permit icmp any any nd-na any, deny ipv6 any
any .
IPv6 IPv6,
IPv6

IPv6. IPv4 ARP,
IPv6,
;
IPv4
ARP.
561

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
Switch (config)# ipv6 access-list acl1
Switch(config-ipv6-acl)# permit tcp 2001:0DB8:0300:0201::/64 any any 80

2.40.5

permit ( IPv6)

IPv6 ACL.
IPv6 ACL.
:
permit protocol {any |{source-prefix/length }{any | destinationprefix/length } [dscp number | precedence number] [time-range timerange-name]
permit icmp {any | {source-prefix/length }{any | destinationprefix/length } {any|icmp-type} {any|icmp-code} [dscp number |
precedence number] [time-range time-range-name]
permit tcp {any | {source-prefix/length } {any | source-port/portrange} }{any | destinationprefix/ length } {any| destination-port/portrange} [dscp number | precedence number] [match-all list-of-flags]
[time-range time-range-name]
permit udp {any | {source-prefix/length }} {any | source-port/portrange} }{any | destinationprefix/ length } {any| destination-port/portrange} [dscp number | precedence number] [time-range time-rangename]
:
protocol
IP 0
255. : icmp (58), tcp
(6) and udp (17).
ipv6.
sourceIPv6-
prefix/length

.
, RFC 3513 (

16- ,
).
destinationIPv6- ,
prefix/length

.
, RFC 3513 (

16- ,
).
3.1.0.3 16.05.2013 .

562

-3000
. II

dscp number
precedence
number
icmp-type

.465255.040

DSCP 0 63.
IP Precedence.

ICMP- ICMP 0 255.


:
destination-unreachable (1), packet-too-big (2), timeexceeded (3), parameter-problem (4), echo-request
(128), echo-reply (129), mld-query (130), mld-report
(131), mldv2-report (143), mld-done (132), routersolicitation (133), router-advertisement (134), nd-ns
(135), nd-na (136).
icmp-code
ICMP- ICMP 0 255.
destination-port UDP/TCP- 0
65535.
. : 20 - 21.
TCP
: bgp (179), chargen (19),
daytime (13), discard (9), domain (53), drip (3949),
echo (7), finger (79), ftp (21), ftp-data (20), gopher
(70), hostname (42), irc (194), klogin (543), kshell
(544), lpd (515), nntp (119), pop2 (109), pop3 (110),
smtp (25), sunrpc (1110, syslog (514), tacacs-ds (49),
talk (517), telnet (23), time (37), uucp (117), whois
(43), www (80). UDP
: biff (512),
bootpc (68), bootps (67), discard (9), dnsix (90),
domain (53), echo (7 ), mobile-ip (434), nameserver
(42), netbios-dgm (138), netbios-ns (137), non500isakmp (4500), ntp (123), rip (520), snmp (161),
snmptrap (162), sunrpc (111), syslog (514), tacacs
(49), talk (517), tftp (69), time (37), who (513),
xdmcp (177).
source-port
UDP/TCP- 0
65535.

destinationport.
match-all list-of- TCP.
flags
, +.
,
-. : +urg, +ack, +psh,
+rst, +syn, +fin, -urg, -ack, -psh, -rst, -syn -fin.
, :

563

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

+fin-ack.
time-range-name ,
1 32.

IPv6 .

IPv6 ACL.

TCP/UDP,
ACL, .
2000 TCP 2000 UDP.
,
,
ACE.
,
,
ACE.
,
,
.
:
console(config)# ipv6 access-list server
console(config-ipv6-al)# permit tcp 3001::2/64 any any 80

2.40.6

deny ( IPv6)

IPv6 ACL.
IPv6 ACL.
:
deny protocol {any | {source-prefix/length }{any | destinationprefix/length } [dscp number | precedence number] [time-range timerange-name] [disable-port | log-input]
deny icmp {any | {source-prefix/length }{any | destinationprefix/length } {any|icmp-type} {any|icmp-code} [dscp number |
precedence number] [time-range time-range-name] [disable-port | loginput]
deny tcp {any | {source-prefix/length } {any | source-port/port-range}
}{any | destinationprefix/ length } {any| destination-port/port-range}
3.1.0.3 16.05.2013 .

564

-3000
. II

.465255.040

[dscp number | precedence number] [match-all list-of-flags] [timerange time-range-name] [disable-port | log-input]
deny udp {any | {source-prefix/length }} {any | source-port/port-range}
}{any | destinationprefix/ length } {any| destination-port/port-range}
[dscp number | precedence number] [time-range time-range-name]
[disable-port | log-input]
:

565

protocol

IP 0
255. : icmp (58), tcp
(6) and udp (17). /
ipv6.

sourceprefix/length

IPv6-

.
, RFC 3513 (

16- ,
).

destinationprefix/length

IPv6- ,

.
, RFC 3513 (

16- ,
).

dscp number

DSCP 0 63.

precedence
number

IP.

icmp-type

ICMP- ICMP 0 255.


:
destination-unreachable (1), packet-too-big (2), timeexceeded (3), parameter-problem (4), echo-request
(128), echo-reply (129), mld-query (130), mld-report
(131), mldv2-report (143), mld-done (132), routersolicitation (133), router-advertisement (134), nd-ns
(135), nd-na (136).

icmp-code

ICMP- ICMP 0 255.

destination-port

UDP/TCP- 0
65535.
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

. : 20 - 21.
TCP
: bgp (179), chargen (19),
daytime (13), discard (9), domain (53), drip (3949),
echo (7), finger (79), ftp (21), ftp-data 20), gopher
(70), hostname (42), irc (194), klogin (543), kshell
(544), lpd (515), nntp (119), pop2 (109), pop3 (110),
smtp (25), sunrpc (1110, syslog (514), tacacs-ds (49),
talk (517), telnet (23), time (37), uucp (117), whois
(43), www (80). UDP
: biff (512),
bootpc (68), bootps (67), discard (9), dnsix (90),
domain (53), echo (7), mobile-ip (434), nameserver
(42), netbios-dgm (138), netbios-ns (137), non500isakmp (4500), ntp (123), rip (520), snmp (161),
snmptrap (162), sunrpc (111), syslog (514), tacacs
(49), talk (517), tftp (69), time (37), who (513),
xdmcp (177).
source-port

UDP/TCP- 0
65535.

destinationport.

match-all list-of- TCP.


flags
, +.
,
-. : +urg, +ack, +psh, +rst,
+syn, +fin, -urg, -ack, -psh, -rst, -syn -fin.
, : +fin-ack.
time-range-name ,
1 32.
disable-port

Ethernet ,
.

log-input

syslog
, .
,
,

,
log-input,
-
.

3.1.0.3 16.05.2013 .

566

-3000
. II

.465255.040


IPv6 ACL .

IPv6 ACL.

TCP/UDP,
ACL, .
2000 TCP 2000 UDP.
,
,
ACE.
,
,
ACE.
,
,
.
:
console(config)# ipv6 access-list server
console(config-ipv6-al)# deny tcp 3001::2/64 any any 80

2.40.7

mac access-list

.

.
:
mac access-list extended access-list-name
no mac access-list extended access-list-name
:
access-list-name

0
32 .
"".

567

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

. IPv4
ACL, IPv6 ACL, MAC ACL Policy Map
.
:
console(config)# mac access-list extended server1

2.40.8

permit ( MAC)

.

MAC.
:
permit {any | source source-wildcard} {any | destination destinationwildcard} [eth-type 0| aarp | amber | dec-spanning | decnet-iv |
diagnostic | dsm | etype-6000] [vlan vlan-id] [cos cos cos-wildcard]
[time-range time-range-name]
:
source

- .

source-wildcard

, -
.

, .

destination

- .

destinationwildcard

, -
.
, .

eth-type

vlan-id

VLAN 1 4094.

cos

0 7.

cos-wildcard

, CoS.

Ethernet

time-range-name ,
, 1 32.

.
3.1.0.3 16.05.2013 .

568

-3000
. II

.465255.040


MAC.

ACL
mac access-list.
(ACE) ,
deny-anyany. , , .
, .
:
console(config)# mac access-list extended server1
console(config-mac-al)# permit 00:00:00:00:00:01 00:00:00:00:00:ff
any

2.40.9

deny ( MAC)

.

MAC.
:
deny {any | source source-wildcard} {any | destination destinationwildcard} [{eth-type 0}| aarp | amber | dec-spanning | decnet-iv |
diagnostic | dsm | etype-6000] [vlan vlan-id] [cos cos cos-wildcard]
[time-range time-range-name] [disable-port | log-input]
:

569

source

- .

source-wildcard

, -
.

, .

destination

- .

destinationwildcard

, -
.
, .

eth-type

vlan-id

VLAN 1 4094.

cos

0 7.

cos-wildcard

, CoS.

Ethernet

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

time-range-name ,
, 1 32.
disable-port

Ethernet
.

log-input

syslog
,

,
,
,

,
,
.


.

MAC.



mac access-list.
(ACE)
,
deny-any-any. ,
, .
, .
:
console(config)# mac access-list extended server1
console(config-mac-al)# deny 00:00:00:00:00:01 00:00:00:00:00:ff any

2.40.10

service-acl input

.
.
:
service-acl input acl-name1 [acl-name2] default-action [deny-any |
permit-any]
no service-acl input
3.1.0.3 16.05.2013 .

570

-3000
. II

.465255.040

no
.
:
acl-name

,
, 1 32 .

deny-any

,
ACL.

permit-any

,
ACL.



.

(Ethernet, Port-channel).

IPv4 ACL IPv6 ACL .
ACL IPv4
ACL IPv6 ACL.

.
ACL ,
ACL, ACL.
ACL .
:
switchxxxxxx(config)# mac access-list extended server-acl
switchxxxxxx(config-mac-al)# permit 00:00:00:00:00:01 00:00:00:00:00:ff any
switchxxxxxx(config-mac-al)# exit
switchxxxxxx(config)# interface gi1/1/1
switchxxxxxx(config-if)# service-acl input server-acl default-action deny-any

2.40.11

service-acl output

.
( ).
:
service-acl output acl-name1 [acl-name2
no service-acl output
571

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

no .
:
acl-name

,
, 0 32 .

"".



.

(Ethernet, Port-channel).

log-input disable-port
.
.
IPv4 ACL IPv6 ACL .
ACL IPv4
ACL IPv6 ACL.

.
ACL ,
ACL. ACL
ACL.
:
switchxxxxxx(config)# mac access-list extended server
switchxxxxxx(config-mac-al)# permit 00:00:00:00:00:01 00:00:00:00:00:ff any
switchxxxxxx(config-mac-al)# exit
switchxxxxxx(config)# interface gi1
switchxxxxxx(config-if)# service-acl output server

2.40.12

time-range

.

(
).

3.1.0.3 16.05.2013 .

572

-3000
. II

.465255.040

:
time-range time-range-name
no time-range time-range-name
no
.
:
time-range-name 32 .

.

.

time-range
periodic
absolute. periodic
,
absolute .
, ,
,
,
.

.

,
SNMP.
SNMP,
.
:
Console (config)# time-range http-allowed
Console (config-time-range)# absolute start 12:00 1 jan 2005 end 12:00 31 dec 2005
Console (config-time-range)# periodic monday 8:00 to friday 20:00

2.40.13

absolute

.

.
573

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
absolute start hh:mm day month year
no absolute start
absolute end hh:mm day month year
no absolute end
no .
:
start


.
,
.

end


.
,

hh:mm

: (: : 0
23 , : 0 59 ).

day

1 31.

month

: Jan, Feb, Mar, Apr, May, Jun, Jul, Aug,


Sep, Oct, Nov, Dec.

year

2000 2097.


.

.
2.40.14

periodic

.
,
.
:
periodic day-of-the-week hh:mm to day-of-the-week hh:mm
no periodic day-of-the-week hh:mm to day-of-the-week hh:mm
periodic list hh:mm to hh:mm day-of-the-week1 [day-of-the-week2
day-of-the-week7]
3.1.0.3 16.05.2013 .

574

-3000
. II

.465255.040

no periodic list hh:mm to hh:mm day-of-the-week1 [day-of-theweek2 day-of-the-week7]


periodic list hh:mm to hh:mm all
no periodic list all hh:mm to hh:mm all
no .
:
day-of-the-week

.
,
day-of-the-week .

:
Monday,
Tuesday,
Wednesday, Thursday, Friday, Saturday, Sunday.

hh:mm

.

, hh:mm
. :
(: : 0 23 , : 0
59 ).

list day-of-the- ,
week1
.


.

.

ThursdayMonday ,
(Thursday, Friday,
Saturday, Sunday, Monday).
2.40.15

show time-range

.
.

:
show time-range time-range-name
:
time-range-name time-range 32 .
575

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
:
Console# show time-range
http-allowed
-------------absolute start 12:00 1 jan 2005
absolute end 12:00 31 dec 2005
periodic monday 8:00 to friday 20:00

2.40.16

show access-lists

. ACL,
.
:
show access-lists [name]
show access-lists time-range-active [name]
:
name

time-rangeactive

,
.


.
:
Switch# show access-lists
Extended IP access list ACL1
permit 234 172.30.40.1 0.0.0.0 any
permit 234 172.30.8.8 0.0.0.0 any
Extended IP access list ACL2
permit 234 172.30.19.1 0.0.0.255 any time-range weekdays
permit 234 172.30.23.8 0.0.0.255 any time-range weekends
Switch# show access-lists time-range-active
Extended IP access list ACL1
permit 234 172.30.40.1 0.0.0.0 any
permit 234 172.30.8.8 0.0.0.0 any

3.1.0.3 16.05.2013 .

576

-3000
. II

.465255.040

Extended IP access list ACL2


permit 234 172.30.19.1 0.0.0.255 any time-range weekdays

2.40.17

show interfaces access-lists

.
(ACL), .
:
show interfaces access-lists [interface-id ]
:
interface-id

: Ethernet, Port-channel
VLAN.


.
:
Console# show interfaces access-lists
Interface Input ACL
--------- ----------

2.40.18

1/1

ACL1

2/1

ACL3

2/3

blockcdp, blockvtp

clear access-lists counters

.
.
:
clear access-lists counters [interface-id]
:
interface-id

577

: Ethernet Port-channel.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
:
console# clear access-lists counters gigabitethernet 0/1

2.40.19

show interfaces access-lists counters

.
.
:
show interfaces access-lists counters [ ethernet interface | portchannel port-channel-number ]
:
interface-id

: Ethernet, Port-channel
VLAN.


.

ACE
log-input.
,
,
log-input,
,
, .
:
console# show interfaces access-lists counters

Interface deny ACE hits


--------- ------------gi0/1

79

gi0/2

gi0/3

Number of hits that were counted in global counter (due to lack of resources) =19

3.1.0.3 16.05.2013 .

578

-3000
. II

2.41
2.41.1

.465255.040

QoS
qos


QoS .

:
qos [basic | advanced ]
no qos
no QoS
.

:
basic

QoS.

advanced

QoS,
QoS.


,
QoS.

.
:
Console(config)# qos basic

2.41.2

qos advanced-mode trust

.
(trust mode) .
:
qos advanced-mode trust {cos | dscp | cos-dscp}
no qos advanced-mode trust

.

no

:
cos

579


CoS .
CoS .
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

dscp


DSCP .

cos-dscp


DSCP IP-.
CoS
.


cos-dscp

.


:

ports-not-trusted:

QoS trust;

- ports-trusted
mode: ,

QoS

QoS trust.
:
switchxxxxxx(config)# qos advanced-mode trust cos

2.41.3

show qos

.
QoS . (trust mode)
QoS.
:
show qos

.
:
Console> show qos
Qos: basic
Basic trust: dscp

3.1.0.3 16.05.2013 .

580

-3000
. II

2.41.4

.465255.040

class-map

.
.
:
class-map class-map-name [match-all | match-any]
no class-map class-map-name
no .
:
class-map-name

class map.

match-all



,
.

match-any



,
.


match-all matchany, match-all.

.

class-map
,

.

.
ACL (IP MAC).
,
. class-map
,

, .

match-all ,
581

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

ACL,
.
QoS Class-map
:

exit: QoS Class-map;

match: ;

no:
.

:
Console(config)# class-map class1 match-all
Console(config-cmap)#

2.41.5

show class-map

.
.
:
show class-map [class-map-name]
:
class-map-name


.
:
Console> show class-map class1
Class Map match-any class1 (id4)
Match Ip dscp 11 21

2.41.6

match

Class-map.
.
:
match access-group acl-name
no match access-group acl-name
no .
3.1.0.3 16.05.2013 .

582

-3000
. II

.465255.040

:
acl-name

(ACL) IP
MAC.


.

Class-map.
:
Console(config)# class-map class1
Console(config-cmap)# match access-group enterprise

2.41.7

policy-map

Policy-map.
:
policy-map policy-map-name
no policy-map policy-map-name
no .
:
policy-map-name policy map.


DSCP, , IP,
CoS, ,
.

.

policy-map,
,
,
.

583

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

policy-map

.
,

class-map Class-map
match
.
.

.
.
:
Console(config)# policy-map policy1
Console(config-pmap)#

2.41.8

class

Policy-map.
Policy-map Class.
:
class class-map-name [access-group acl-name]
no class class-map-name
no
.
:
class-map-name


.
,
.

acl-name

(ACL) IP
MAC.


Policy-map.

3.1.0.3 16.05.2013 .

584

-3000
. II

.465255.040


policy-map


Policy-map class.

.
,
(Ethernet, Port-channel)
service-policy.

.

access-group.

, IP
MAC accessgroup.
:
Console(config)# policy-map policy1
Console(config-pmap)# class class1 access-group enterprise

2.41.9

show policy-map

.
.
:
show policy-map [policy-map-name]
:
policy-map-name policy map.

.
:
Console> show policy-map
Policy Map policy1
class class1
set Ip dscp 7
Policy Map policy2

585

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

class class 2
police 96000 4800 exceed-action drop
class class3
police 124000 96000 exceed-action policed-dscp-transmit

2.41.10

trust

Policy-map Class.

DSCP.
:
trust cos-dscp
no trust

.

no

:
cos-dscp

,
IP,
DSCP,
CoS.


.
trust ,
DSCP.

Policy-map Class.


QoS. ,
DSCP .
DSCP
.
, ,
,
qos trust.
trust Policy-map Class set

.
3.1.0.3 16.05.2013 .

586

-3000
. II

.465255.040

,
Policy-map Class set trust
ACL,
servicepolicy.
trust cos, QoS
CoS
. CoS 802.1p
, , CoS
.
trust dscp, QoS
, DSCP .
tcp-udp-port, QoS
, TCP/UDP-
TCP-UDP-port-Queue.
:
Console(config)# policy-map policy1
Console(config-pmap)# class class1
Console(config-pmap-c)# trust dscp

2.41.11

set

Policy-map Class.
IP-.
:
set {dscp new-dscp | queue queue-id | cos new-cos}
no set
:
dscp new-dscp
DSCP
0 63.
queue queue-id ,
.
cos new-cos
,
, 0 7.

Policy-map Class.

587

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


Policy-map Class trust

.
,
Policy-map Class set trust
ACL,
service-policy.
Policy-map
exit.
end.
:
Console(config)# policy-map policy1
Console(config-pmap)# class class1
Console(config-pmap-c)# set dscp 56

2.41.12

police

Policy-map Class.
(policer) .
:
police committed-rate-kbps committed-burst-byte [exceed-action {drop
| policed-dscp-transmit}]
no police
no .
:
committed-rate- (CIR)
kbps
3 12582912 /.
committed burst (CBS)
burst-byte
3000 19173960 .
exceed-action
,
. :
drop
.
policed DSCP policed-DSCP map,
dscp

transmit
qos map policed-dscp.

Policy-map Class.
3.1.0.3 16.05.2013 .

588

-3000
. II

.465255.040


token bucket. CIR
, token ()
(bucket). CBS .
:
Console(config)# policy-map policy1
Console(config-pmap)# class class1
Console(config-pmap-c)# police 124000 9600 exceed-action drop

2.41.13

service-policy

(Ethernet, VLAN, Portchannel).


.
:
service-policy input policy-map-name
no service-policy input
no
.
:
policy-mapname

32 .


(Ethernet, VLAN, Port-channel).


.
:
Console(config-if)# service-policy input policy1

2.41.14

qos aggregate-policer

.
,

.

589

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
qos aggregate-policer aggregate-policer-name committed-rate-kbps
excess-burst-byte [exceed-action {drop | policed-dscp-transmit}]
no qos aggregate-policer aggregate-policer-name

no
.

:
aggregatepolicer-name

committed-ratekbps

(CIR)
3 57982058 /.

excess-burstbyte

(CBS)
3000 19173960 .

exceed-action

,
. :

drop

policeddscptransmit

DSCP .


.

.

,
.

.

.

.

.

3.1.0.3 16.05.2013 .

590

-3000
. II

.465255.040


police cascade
.
,
.

Policy-map Class no police aggregate
no mls qos aggregate-policer.
token bucket. CIR
, (token)
(bucket). CBS .
:
Console(config)# qos aggregate-policer policer1 124000 9600
exceed-action drop

2.41.15

show qos aggregate-policer

.
.
:
show qos aggregate-policer [aggregate-policer-name]
:
aggregatepolicer-name


.
:
Console> show qos aggregate-policer policer1
aggregate-policer policer1 96000 4800 exceed-action drop
not used by any policy map

2.41.16

police aggregate

Policy-map Class.

.
:
police aggregate aggregate-policer-name
no police aggregate aggregate-policer-name
591

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

no
.
:
aggregate-policer- .
name

Policy-map Class.


.

.
Policy-map
exit.
end.
:
Console(config)# policy-map policy1
Console(config-pmap)# class class1
Console(config-pmap-c)# police aggregate policer1

2.41.17

wrr-queue cos-map

.
CoS .

:
wrr-queue cos-map queue-id cos0 ... cos7
no wrr-queue cos-map [queue-id]

.

no

:
queue-id

,
CoS.

cos0 ... cos7

8 CoS
.

3.1.0.3 16.05.2013 .

592

-3000
. II

.465255.040


CoS
:
CoS 0 3;
CoS 1 1;
CoS 2 2;
CoS 3 4;
CoS 4 5;
CoS 5 6;
CoS 6 7;
CoS 7 8.

.


,
WRR- WRED-.
priority-queue out
.
:
Console(config)# wrr-queue cos-map 2 7

2.41.18

wrr-queue bandwidth

.
WRR .
,
.
:
wrr-queue bandwidth weight1 weight2 ... weight_n
no wrr-queue bandwidth

.

no

:
weight1 weight2 ...

,
weight_n
WRR
593

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

, 0 255.
.

.


,
( ).
, , ,
, ,
.
,
,
, .
WRR,
, (
).
. .

priority-queue out.
:
Console(config-if)# wrr-queue bandwidth 6 6 6 6 6 6 6 6

2.41.19

priority-queue out num-of-queues

:
priority-queue out num-of-queues number-of-queues
no priority-queue out num-of-queues

.

no

:
number-of-queues


0 8.
.


.
3.1.0.3 16.05.2013 .

594

-3000
. II

.465255.040


.

priority-queue num-of-queues
WRR -
, WRR. ,
wrrqueue bandwidth (
).
:
Console(config)# priority-queue out num-of-queues 2

2.41.20

traffic-shape

(Ethernet, Portchannel). .
:
traffic-shape committed-rate [committed-burst]
no traffic-shape
no
.
:
committed-rate
(CIR). FE, GE:
64 / ;
10GE: 2,5 M/
.
committed-burst
(CBS)
4 16 .

.

(Ethernet, Port-channel).
:
Console(config)# interface gigabitethernet 0/4
Console(config-if)# traffic-shape 124000 9600

2.41.21

traffic-shape queue

(Ethernet, Portchannel). .
595

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
traffic-shape queue queue-id committed-rate [committed-burst]
no traffic-shape queue queue-id
no .
:
queue-id
,
.
committed-rate
(CIR)
64 / .
committed-burst
(CBS)
4 16 .

.

(Ethernet, Port-channel).
:
Console(config)# interface gigabitethernet 0/4
Console(config-if)# traffic-shape 124000 9600

2.41.22

rate-limit (Ethernet)

(Ethernet).

:
rate-limit committed-rate-kbps [burst committed-burst-byte]
no rate-limit
no .
:

rate
3 10 000 000 /.

burst byte
3000 19173960
.

128 .

.
3.1.0.3 16.05.2013 .

596

-3000
. II

.465255.040


(Ethernet).
:
Console(config)# interface gigabitethernet 0/4
Console(config-if)# rate-limit 150000

2.41.23

rate-limit (VLAN)

(VLAN).
VLAN.
:
rate-limit vlan-id committed-rate committed-burst
no rate-limit vlan
no .
:
VLAN.
vlan-id
(CIR)
3 8 000 000 /.

(CBS)
committed-burst
3000 19173960 .

committed-rate

.

.



.

, VLAN.

VLAN,
,
.
:
Console(config)# rate-limit 11 150000 9600

597

3.1.0.3 16.05.2013 .

-3000
. II

2.41.24

.465255.040

qos wrr-queue wrtd

.

(Weighted Random Tail Drop) .
:
qos wrr-queue wrtd
no qos wrr-queue wrtd
no WRTD.

WRTD .

.

.
2.41.25

show qos wrr-queue wrtd

.

(Weighted Random Tail Drop WRTD)
.
:
show qos wrr-queue wrtd

.
:
switchxxxxxx# show qos wrr-queue wrtd
Weighted Random Tail Drop is disabled
Weighted Random Tail Drop will be enabled after reset

2.41.26

show qos interface

.
QoS .

:
show qos interface [buffers | queueing | policers | shapers | rate-limit]
[interface-id]
3.1.0.3 16.05.2013 .

598

-3000
. II

.465255.040

:
buffers

. Gigabit Ethernet

8 WRED/Tail
Drop. Fast Ethernet
.
queueing
(WRR
EF), WRR,
CoS-Queue EF.
policers

, ,

, .
shapers

rate-limit
.
interface-id

: Ethernet, Port-channel
VLAN.

.

QoS
.
policers VLAN.
show qos interface ,
QoS (DSCP trusted, CoS trusted,
untrusted ..), CoS ,
DSCP-DSCP ( ),
( ), .
,
.
:
Console> show qos interface queueing gigabitethernet 0/1
gigabitethernet 0/1
wrr bandwidth weights and EF priority:
qid

599

weights

Ef

Priority

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

125

Disable

N/A

125

Disable

N/A

125

Disable

N/A

N/A

Disable

N/A

125

Enable

125

Disable

N/A

125

Disable

N/A

N/A

Enable

Cos-queue map:
CoS

QID

Console> show qos interface queueing gigabitethernet 0/1


gigabitethernet 0/1
wrr bandwidth weights and EF priority:
qid

weights

Ef

Priority

125

Disable

N/A

125

Disable

N/A

125

Disable

N/A

125

Disable

N/A

Cos-queue map:
CoS

QID

3.1.0.3 16.05.2013 .

600

-3000
. II

.465255.040

Console> show qos interface buffers gigabitethernet 0/1


gigabitethernet 0/1
Notify Q depth:

601

CoS

size

125

125

125

125

125

125

125

125

CoS

WRED

thresh0

thresh1

thresh2

Disable

100

100

100

Disable

100

100

100

Disable

100

100

100

Disable

100

100

100

Enable

N/A

N/A

N/A

Enable

N/A

N/A

N/A

Enable

N/A

N/A

N/A

Enable

N/A

N/A

N/A

CoS

MinD

MaxD

Prob

MinD

MaxD

Prob

MinD

MaxD

Prob

weig

P0

P0

DP0

P1

P1

DP1

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

N/A

50

60

13

65

80

85

95

50

60

13

65

80

85

95

50

60

13

65

80

85

95

50

60

13

65

80

85

95

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Console> show qos interface shapers gigabitethernet 0/1


gigabitethernet 0/1
Port shaper: enable
Committed rate: 192000 bps
Committed burst: 9600 bytes

CoS

Status

Target

Target

Commited

Commited

Rate (bps)

Burst (bytes)

Enable

100000

17000

Disable

N/A

N/A

Enable

200000

19000

Disable

N/A

N/A

Disable

N/A

N/A

Disable

N/A

N/A

Enable

178000

8000

Enable

23000

1000

Console> show qos interface policers gigabitethernet 0/1


gigabitethernet 0/1
Class map: A
Policer type: aggregate
Commited rate: 192000 bps
Commited burst: 9600 bytes
Exceed-action: policed-dscp-transmit
Class map: B
Policer type: single
Commited rate: 192000 bps
Commited burst: 9600 bytes
Exceed-action: drop
Class map: C
Policer type: none
Commited rate: N/A
Commited burst: N/A

3.1.0.3 16.05.2013 .

602

-3000
. II

.465255.040

Exceed-action: N/A

Console> show qos interface rate-limit gi0/1


Port

rate-limit (kbps)

Burst (KBytes)

-----

------------------

---------------

gi0/1

1000

512K

Console> show qos interface rate-limit svlan 2

2.41.27

VLAN

rate-limit (kbps)

Burst (KBytes)

-----

------------------

---------------

1000

512K

wrr-queue

.
tail-drop (
).
:
wrr-queue tail-drop
no wrr-queue
no tail-drop
.
:
tail-drop

tail-drop.


tail-drop
.

.

.
:
Console(config)# wrr-queue tail-drop

603

3.1.0.3 16.05.2013 .

-3000
. II

2.41.28

.465255.040

qos wrr-queue threshold

.
.
:
qos wrr-queue threshold {gigabitethernet | tengigabitethernet} queueid threshold-percentage
no qos wrr-queue threshold {gigabitethernet | tengigabitethernet}
queue-id

.

no

:

gigabitethernet
Gigabit Ethernet.
tengigabitethernet
10 Gigabit Ethernet.
,
queue-id
tail-drop.
.
thresholdpercentage

80 .

.

,
,
(
qos map dscp-dp).
:
Console(config)# qos wrr-queue threshold gigabitethernet 1 80

2.41.29

qos map policed-dscp

.
DSCP .
:
qos map policed-dscp dscp-list to dscp-mark-down
3.1.0.3 16.05.2013 .

604

-3000
. II

.465255.040

no qos map policed-dscp [dscp-list]



.

no

:
8 DSCP, ,
dscp-list
0 63.
dscp-mark-down DSCP (
) 0 63.


DSCP, DSCP .

.
:
Console(config)# qos map policed-dscp 3 to 43
Reserved DSCP. DSCP 3 was not configured.

2.41.30

qos map dscp-queue

.
DSCP-CoS.
:
qos map dscp-queue dscp-list to queue-id
no qos map dscp-queue [dscp-list]

.

no

:
8 DSCP, ,
dscp-list
0 63.
,
queue-id
DSCP.

51 DSCP-CoS 8

605

DSCP

0-7

8-15

16-23

24-31

32-39

40-47

48-56

57-63

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
:
Console(config)# qos map dscp-queue 33 40 41 to 1

2.41.31

qos map dscp-dp

. DSCP
Drop Precedence.
:
qos map dscp-dp dscp-list to dp
no qos map dscp-dp [dscp-list]

.

no

:
dscp-list

8 DSCP, ,
0 63.

dp

Drop Precedence,
DSCP. : 0, 2.


DSCP Drop Precedence 0.

.
:
Console(config)# qos map dscp-dp 25 27 29 to 2

2.41.32

qos trust ( )

.
() .
:
qos trust {cos | dscp}
no qos trust

.
3.1.0.3 16.05.2013 .

no

606

-3000
. II

.465255.040

:
CoS
cos
.
CoS .
dscp DSCP
.

CoS .


QoS.
, QoS,
QoS. ,
QoS
,

.
,
,
.
DSCP,

DSCP-Queue.
CoS,

oS-Queue.
:
Console(config)# qos trust dscp

2.41.33

qos trust ( )

(Ethernet, Portchannel).
QoS.
:
qos trust
no qos trust
no
.
607

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040



QoS

(Ethernet, Port-channel).
:
Console(config)# interface gigabitethernet 0/4
Console(config-if)# qos trust

2.41.34

qos cos

(Ethernet, Portchannel). CoS .


:
qos cos default-cos
no qos cos

.

no

:
CoS
default-cos
0 7.
, CoS
CoS .

QoS 0.

(Ethernet, Port-channel).

CoS ,
. CoS
qos cos override.
:
Console(config)# interface gigabitethernet 0/4
Console(config-if)# qos cos 3

3.1.0.3 16.05.2013 .

608

-3000
. II

2.41.35

.465255.040

qos dscp-mutation

. DSCP
Mutation map DSCP .
:
qos dscp-mutation
no qos dscp-mutation
no DSCP Mutation map.

.

DSCP-to-DSCPmutation QoS.
QoS DSCP,
DSCP-to-DSCP-mutation
DSCP .
.
IP-
DSCP .
DSCP Mutation map , CoS,
IP-, ,
DSCP.
:
Console(config)# qos dscp-mutation

2.41.36

qos map dscp-mutation

. DSCP
DSCP Mutation table.
:
qos map dscp-mutation in-dscp to out-dscp
no qos map dscp-mutation [in-dscp]

.

609

no

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
8 DSCP,
in-dscp
, 0 63.
DSCP, ,
out-dscp
0 63.

, ,
DSCP
DSCP.

.

,
.
.
:
Console(config)# qos map dscp-mutation 1 2 4 5 6 to 63

2.41.37

show qos map

.
QoS.
:
show qos map [dscp-queue | dscp-dp | policed-dscp | dscp-mutation]
:
dscp-queue
dscp-dp
policed-dscp
dscp-mutation


Queue.

Drop Precedence.

DSCP remark.

DSCP mutation.

DSCP DSCP DSCP DSCP-

3.1.0.3 16.05.2013 .

610

-3000
. II

.465255.040

:
Console> show qos map

611

Dscp-queue map:
d1
:
d2
---0
:
1
:
2
:
3
:
4
:
5
:
6
:

0
-01
02
03
04
06
07
08

1
-01
02
03
04
06
07
08

2
-01
02
03
05
06
07
08

3
-01
02
03
05
06
07
08

4
-01
02
04
05
06
07

5
-01
02
04
05
06
07

6
-01
03
04
05
06
08

7
-01
03
04
05
06
08

8
-02
03
04
05
07
08

9
-02
03
04
05
07
08

Dscp-queue map:
d1
:
d2
---0
:
1
:
2
:
3
:
4
:
5
:
6
:

0
-01
01
02
02
03
04
04

1
-01
01
02
02
03
04
04

2
-01
01
02
03
03
04
04

3
-01
01
02
03
03
04
04

4
-01
01
02
03
03
04

5
-01
01
02
03
03
04

6
-01
02
02
03
03
04

7
-01
02
02
03
03
04

8
-01
02
02
03
04
04

9
-01
02
02
03
04
04

Dscp-DP map:
d1
:
d2
---0
:
1
:
2
:
3
:
4
:
5
:
6
:

0
-00
00
00
00
00
00
00

1
-00
00
00
00
00
00
00

2
-00
00
00
00
00
00
00

3
-00
00
00
00
00
00
00

4
-00
00
00
00
00
00

5
-00
00
00
00
00
00

6
-00
00
00
00
00
00

7
-00
00
00
00
00
00

8
-00
00
00
00
00
00

9
-00
00
00
00
00
00

Policed-dscp map:
d1
:
d2
0
----0
:
00
1
:
10
2
:
20
3
:
30
4
:
40
5
:
50
6
:
60

1
-01
11
21
31
41
51
61

2
-02
12
22
32
42
52
62

3
-03
13
23
33
43
53
63

4
-04
14
24
34
44
54

5
-05
15
25
35
45
55

6
-06
16
26
36
46
56

7
-07
17
27
37
47
57

8
-08
18
28
38
48
58

9
-09
19
29
39
49
59

Dscp-dscp mutation map:


d1
:
d2
0
1
-----0
:
00
01
1
:
10
11
2
:
20
21
3
:
30
31
4
:
40
41
5
:
50
51
6
:
60
61

2
-02
12
22
32
42
52
62

3
-03
13
23
33
43
53
63

4
-04
14
24
34
44
54

5
-05
15
25
35
45
55

6
-06
16
26
36
46
56

7
-07
17
27
37
47
57

8
-08
18
28
38
48
58

9
-09
19
29
39
49
59

3.1.0.3 16.05.2013 .

-3000
. II

2.41.38

.465255.040

clear qos statistics


QoS.

:
clear qos statistics

.
:
Console# clear qos statistics

2.41.39

qos statistics policer

(Ethernet, Portchannel). .
:
qos statistics policer policy-map-name class-map-name
no qos statistics policer policy-map-name class-map-name
no .
:
.
policy-mapname
class-map-name .

.

(Ethernet, Port-channel).
:
Console(config-if)# qos statistics policer policy1 class1

2.41.40

qos statistics aggregate-policer

.

.

3.1.0.3 16.05.2013 .

612

-3000
. II

.465255.040

:
qos statistics aggregate-policer aggregate-policer-name
no qos statistics aggregate-policer aggregate-policer-name
no .
:
.
aggregatepolicer-name

.

.
:
Console(config)# qos statistics aggregate-policer policer1

2.41.41

qos statistics queues

.
QoS .

:
qos statistics queues set {queue | all} {dp | all} {interface | all}
no qos statistics queues set
no QoS
.
:
.
set
interface

Ehernet.

queue

dp

.
: high, low.


, :
1: , , high DP;
2: , , low DP.
613

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
:
Console(config)# qos statistics queues 1 all all all

2.41.42

show qos statistics

. QoS.
:
show qos statistics

.

16
.
.
qos statistics queues QoS
.
:
Console# show qos statistics
Policers
--------Interface
--------1/1
1/1
1/2
1/2

Policy map
---------Policy1
Policy1
Policy1
Policy1

Class Map
--------Class1
Class2
Class1
Class2

In-profile bytes
-------------7564575
8759
746587458
5326

Out-of-profile
bytes
-------------5433
52
3214
23

Aggregate Policers
-----------------Name
In-profile bytes Out-of-profile bytes
----------- --------------------------------Policer1
7985687
121322
Output Queues
------------Interface
--------1/1
1/2

3.1.0.3 16.05.2013 .

Queue
----2
All

DP
----High
High

Total packets
------------799921
5387326

%TD packets
----------1.2%
0.2%

614

-3000
. II

2.41.43

.465255.040

security-suite deny syn-fin

.
TCP-, SYN FIN.
:
security-suite deny syn-fin
no security-suite deny syn-fin
no TCP-,
SYN FIN.

.

.
:
switchxxxxxx(config)# security-suite deny sin-fin

2.41.44

security-suite enable

.
Security Suite.
.

.
no security-suite enable.
Security Suite
:
- global-rules-only -
,
;
-
, .
Security Suite ,
.
:
- security-suite dos protect;
- security-suite dos syn-attack;
- security-suite deny martian-addresses;
- security-suite deny syn;
615

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

- security-suite deny icmp;


- security-suite deny fragmented;
- show security-suite configuration;
- security-suite dos protect.
:
security-suite enable [global-rules-only]
no security-suite enable
no
Security Suite.
:
global-rules-only , Security Suite
(
).

TCAM.
, Security Suite

.

.
global-rules-only ,
Security Suite ,
.

.

MAC ACL
Security Suite.
Security Suite.
ACL Policy Map ,
Security Suite .
:
switchxxxxxx(config)# security-suite enable global-rules-only
switchxxxxxx(config)# interface gi1
switchxxxxxx(config-if)# security-suite dos syn-attack 199 any /10

3.1.0.3 16.05.2013 .

616

-3000
. II

.465255.040

switchxxxxxx(config)# security-suite enable


switchxxxxxx(config)# interface gi1
switchxxxxxx(config-if)# security-suite dos syn-attack 199 any /10
switchxxxxxx(config-if)#

2.41.45

security-suite dos protect

.
DoS-.
,
( ).
:
security-suite dos protect {add attack | remove attack}
no security-suite dos protect
no DoS-.
:
add/remove attack

/ .
add
, remove .

:
- stacheldraht TCP-
TCP- 16660.
- invasor-trojan TCP-
TCP- 2140 TCP- 1024.
- back-orifice-trojan UDP-
UDP- 31337 UDP-
1024.

.

.


Security Suite security-suite
enable.

617

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
switchxxxxxx(config)# security-suite dos protect add invasor-trojan

2.41.46

security-suite dos syn-attack

.
DoS SYN-.

SYN
(
,

).
:
security-suite dos syn-attack syn-rate {any | ip-address} {mask |
/prefix-length}
no security-suite dos syn-attack {any | ip-address} {mask | /prefixlength}
no .
:
syn-rate


199 1000.

any | ip-address

IP-
.

any
IP-.

mask

IP- .

prefix-length

IP- .

(/).


.
ip-address ,
255.255.255.255.

prefix-length
32.


(Ethernet, Port-channel).


Security Suite
security-suite enable.

3.1.0.3 16.05.2013 .

618

-3000
. II

.465255.040


TCP- "SYN=1", "ACK=0" "FIN=0"
IP- .
DoS SYN-
Security Suite . ACL QoS
.

, , "SYN" .
:
switchxxxxxx(config)# security-suite enable global-rules-only
switchxxxxxx(config)# interface gi1
switchxxxxxx(config-if)# security-suite dos syn-attack 199 any /10
To perform this command, DoS Prevention must be enabled in the
per-interface mode.

2.41.47

security-suite deny martian-addresses

. ,
IP-, , IP, .
:
security-suite deny martian-addresses {add {ip-address {mask |
/prefix-length}} | remove {ip-address {mask | /prefix-length}}
(/ IP-, )
security-suite deny martian-addresses reserved {add | remove}
(/
IP-,

, . 52)
no security-suite deny martian-addresses
( ,
security-suite deny martian-addresses {add {ip-address {mask |
/prefix-length}} | remove {ip-address {mask | /prefix-length}},
, .

remove ip-address {mask | /prefix-length}.
security-suite deny martian-addresses reserved {add
| remove} no.
( )
security-suite deny martianaddresses reserved remove.
:
reserved
remove
619

add

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

.
ip-address


IP- .

mask

IP-.

prefix-length

IP-.
(/).

reserved

IP-

()
IP-.

IP-
52.


.

.


Security Suite security-suite
enable.
security-suite deny martian-addresses
52.

reserved

52 IP-

0.0.0.0/8 ( ,
0.0.0.0/32 )
127.0.0.0/8
192.0.2.0/24
224.0.0.0/4

240.0.0.0/4 ( ,
255.255.255.255/32
)


.

Internet-.
TEST-NET
.
,

Class
D,


IPv4-.
,
Class E, .


,
.
3.1.0.3 16.05.2013 .

620

-3000
. II

.465255.040

:
switchxxxxxx(config)# security-suite deny martian-addresses reserved
add

2.41.48

security-suite deny syn

(Ethernet, Port-channel).
TCP-

:
security-suite deny syn {[add {tcp-port | any} {ip-address | any}
{mask | /prefix-length}] | [remove {tcp-port | any} {ip-address | any}
{mask | /prefix-length}]}
no security-suite deny syn
no TCP-.
:
ip-address | any

IP-
.

any
IP-.

mask

IP- .

prefix-length

IP- .

(/).

tcp-port | any

TCP- . :
http, ftp-control, ftp-data, ssh, telnet, smtp, dns,
tftp, ntp, snmp .
any .


- .
mask ,
255.255.255.255.
prefix-length
32.


(Ethernet, Port-channel).

621

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040



Security Suite
security-suite enable.

-
"SYN=1", "ACK=0" "FIN=0" IP-
- .
:
switchxxxxxx(config)# security-suite enable global-rules-only
switchxxxxxx(config)# interface gi1
switchxxxxxx(config-if)# security-suite deny syn add any /32 any
To perform this command, DoS Prevention must be enabled in the
per-interface mode.

2.41.49

security-suite deny icmp

(Ethernet, Port-channel).
ICMP - (
, ,
).
:
security-suite deny icmp {[add {ip-address | any} {mask | /prefixlength}] | [remove {ip-address | any} {mask | /prefix-length}]}
no security-suite deny icmp
no -.
:
ip-address | any

IP-
.

any
IP-.

mask

IP- .

prefix-length

IP-.
(/).


- .
mask ,
255.255.255.255.
prefix-length
32.
3.1.0.3 16.05.2013 .

622

-3000
. II

.465255.040


(Ethernet, Port-channel).


Security Suite
security-suite enable.
ICMP- "ICMP type=
Echo request",
.
:
switchxxxxxx(config)# security-suite enable global-rules-only
switchxxxxxx(config)# interface gi1
switchxxxxxx(config-if)# security-suite deny icmp add any /32
To perform this command, DoS Prevention must be enabled in the
per-interface mode.

2.41.50

security-suite deny fragmented

(Ethernet, Port-channel).
IP-
( , ,
).
:
security-suite deny fragmented {[add {ip-address | any} {mask |
/prefix-length}] | [remove
{ip-address | any} {mask | /prefix-length}]}
no security-suite deny fragmented
no IP.
:
ip-address | any

IP-
.

any
IP-.

mask

IP- .

prefix-length

IP-.
(/).


.
623

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

mask ,
255.255.255.255.
prefix-length
32.


(Ethernet, Port-channel).


Security Suite
security-suite enable.
:
switchxxxxxx(config)# security-suite enable global-rules-only
switchxxxxxx(config)# interface gi1
switchxxxxxx(config-if)# security-suite deny fragmented add any /32
To perform this command, DoS Prevention must be enabled in the
per-interface mode.

2.41.51

show security-suite configuration


Security Suite.

:
show security-suite configuration

.
:
switchxxxxxx# show security-suite configuration
Security suite is enabled (Per interface rules are enabled).
Denial Of Service Protect: stacheldraht, invasor-trojan,
back-office-trojan.
Denial Of Service SYN-FIN Attack is enabled
Denial Of Service SYN Attack
Interface

IP Address

SYN Rate (pps)

-------------

--------------

--------------

gi1/1/1

176.16.23.0\24

100

Martian addresses filtering


Reserved addresses: enabled.

3.1.0.3 16.05.2013 .

624

-3000
. II

.465255.040

Configured addresses: 10.0.0.0/8, 192.168.0.0/16


SYN filtering
Interface

IP Address

TCP port

-------------

--------------

--------------

gi1/1/2

176.16.23.0\24

FTP

ICMP filtering
Interface

IP Address

------------

--------------

gi1/1/2

176.16.23.0\24

Fragmented packets filtering


Interface

IP Address

------------- -------------gi1/1/2s

2.41.52

176.16.23.0\24

set vlan

Policy-map Class.
VLAN .
QoS.
:
set vlan vlan-id
no set
:
vlan-id

VLAN.


Policy-map Class.
:
switchxxxxxx(config)# ip access-list extended ip1
switchxxxxxx(config-mac-al)# permit ip any any
switchxxxxxx(config-mac-al)# exit
switchxxxxxx(config)# class-map c1
switchxxxxxx(config-cmap)# match access-group ip1
switchxxxxxx(config-cmap)# exit
switchxxxxxx(config)# policy-map p1
switchxxxxxx(config-pmap)# class c1
switchxxxxxx(config-pmap-c)# set vlan 2

625

3.1.0.3 16.05.2013 .

-3000
. II

2.41.53

.465255.040

send

Policy-map
Class.

.
QoS.
:
send {copy-to-evaluation | to-all-interfaces | to-evaluation | to-outport [port-id] | to-eval-and-out-port [port-id]}
no send {copy-to-evaluation | to-all-interfaces | to-evaluation | to-outport | to-eval-and-out-port}
:
copy-to-evaluation


openFlow,

to-all-interfaces

to-evaluation

openFlow
(


).

to-out-port [port-id]

,

.

to-eval-and-out-port

toevaluation .


Policy-map Class.
:
switchxxxxxx(config)# ip access-list extended ip1
switchxxxxxx(config-mac-al)# permit ip any any
switchxxxxxx(config-mac-al)# exit
switchxxxxxx(config)# class-map c1
switchxxxxxx(config-cmap)# match access-group ip1
switchxxxxxx(config-cmap)# exit
switchxxxxxx(config)# policy-map p1
switchxxxxxx(config-pmap)# class c1
switchxxxxxx(config-pmap-c)# send to-out-port gi1/1/1/0/1

3.1.0.3 16.05.2013 .

626

-3000
. II

2.42
2.42.1

.465255.040

VRRP
show vrrp

.
VRRP.
:
show vrrp [all | brief | interface interface-id]
:
all

VRRP,
.

brief

VRRP.

interface-id


.
:
show vrrp
Interface: VLAN 10
Virtual Router 1
Virtual Router name CLUSTER1
Supported version is VRRPv3
State is Master
Virtual IP addresses are 10.2.0.10, 10.3.0.10(down)
Source IP address is 10.3.0.20 is down; a default Source IP address
of 10.2.0.10 is applied
Virtual MAC address is 00:00:5e:00:01:01
Advertisement interval is 3.000 sec
Preemption enabled
Priority is 100
Master Router is 10.3.0.20 (local), priority is 100
Master Advertisement interval is 3.000 sec
Master Down Interval is 10.828 sec
Interface: VLAN 10
Virtual Router 2
Supported version is VRRPv3
State is Master
Virtual Router name CLUSTER2
Virtual IP addresses are 10.4.0.20, 10.5.0.20
Source IP address is 10.4.0.20(default)
Virtual MAC address is 00:00:5e:00:01:02

627

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Advertisement interval is 1.000 sec


Preemption enabled
Priority is 255
Master Router is 10.4.0.20 (local), priority is 255
Master Advertisement interval is 1.000 sec
Master Down Interval is 3.629 sec
Skew Time is 1.000 sec
Interface: VLAN 50
Virtual Router 1
Supported version is VRRPv3
State is Backup
Virtual Router name CLUSTER3
Virtual IP addresses are 10.6.0.10
Source IP address is 10.6.0.20(default)
Virtual MAC address is 00:00:5e:00:01:01
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 95
Master Router is 10.6.0.10, priority is 255
Master Advertisement interval is 1.000 sec
Master Down Interval is 3.629 sec
Skew Time is 0.628 sec
Interface VLAN 400
Virtual Router 4
Supported version is VRRPv3
State is Initializing
Virtual Router name CLUSTER4
Virtual IP addresses are 10.7.0.10
Source IP address is 10.7.0.20
Virtual MAC address is 00:00:5e:00:01:03
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 150

show vrrp interface vlan10


Interface: VLAN 10
Virtual Router 1
Virtual Router name CLUSTER1
Supported version is VRRPv3
State is Master
Virtual IP addresses are 10.2.0.10, 10.3.0.10
Source IP address is 10.3.0.20
Virtual MAC address is 00:00:5e:00:01:01
Advertisement interval is 3.000 sec
Preemption enabled
Priority is 100
Master Router is 10.3.0.10 (local), priority is 100

3.1.0.3 16.05.2013 .

628

-3000
. II

.465255.040

Master Advertisement interval is 3.000 sec


Master Down Interval is 10.828 sec
Interface: VLAN 10
Virtual Router 2
Supported version is VRRPv3
State is Master
Virtual Router name CLUSTER2
Virtual IP addresses are 10.4.0.10, 10.5.0.10
Source IP address is 10.4.0.10
Virtual MAC address is 00:00:5e:00:01:02
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 95
Master Router is 10.4.0.10 (local), priority is 95
Master Advertisement interval is 1.000 sec
Master Down Interval is 3.629 sec

show vrrp brief


State (S): I - Initialize; M - Master; B - Backup
Preempt (P): Y - Yes; N - No
Interface VR Virtual

Pri Timer P St Ver Source address

Address

Address

-------- --- -----------

--- ----- - -- --- -------------

ge1/0/24 254 255.255.255.255 254 40000 Y M


VLAN 10

Master
Address
-------------

255.255.255.255 255.255.255.255

100 3000

Y M

10.3.0.10

10.3.0.10

255 1000

Y M

10.4.0.10

10.4.0.10
10.6.0.60

1 10.2.0.10
10.3.0.10

VLAN 10

2 10.4.0.10
10.5.0.10

2.42.2

VLAN 50

1 10.6.0.10

95 1000

Y B

10.6.0.10

VLAN 400

4 10.7.0.20

150 1000

Y I

10.7.0.10

vrrp description

.
VRRP.
:
vrrp vrid description text
no vrrp vrid description

.

no

629

vrid


, VRRP.
: 1 255.

text

0 160
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

.

.

Ethernet, LAG, VLAN.
:
interface vlan 10
vrrp 1 description router1
exit

2.42.3

vrrp ip

.
.

IP-

:
vrrp vrid ip ip-address
no vrrp vrid ip [ip-address]
no IP-.
:
vrid


, VRRP.
: 1 255.

ip-address

IP- .


Ethernet, LAG, VLAN.

,
VRRP-.

VRRP-,
vrrp ip IP, . IP-()

.
IP-
VRRP
IP-.
VRRP- , IP-()
IP VRRP- IP-.
3.1.0.3 16.05.2013 .

630

-3000
. II

.465255.040

IP- .
VRRP-
IP-
IP-
.
VRRP-
.
no vrrp shutdown.
IP-
IP.
VRRP-
IP-.
no
ip-address, IP-
. ,
VRRP- .
:
interface vlan 10
vrrp 1 ip 192.168.2.1
exit

2.42.4

vrrp preempt

.
VRRP (Virtual Router Redundancy Protocol).
:
vrrp vrid preempt
no vrrp vrid preempt
no
VRRP.
:
vrid


, VRRP.
: 1 255.


Ethernet, LAG, VLAN.

.

631

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


VRRP-,
, Master ,
, Master-.
, IP, Master-,
.
:
interface vlan 10
no vrrp 1 preempt
exit

2.42.5

vrrp priority

. VRRP
(Virtual Router Redundancy Protocol).
:
vrrp vrid priority priority
no vrrp vrid priority

.

no

:
vrid


, VRRP.
: 1 255.

priority


1 254.


Ethernet, LAG, VLAN.

IP- 255,
100.

IP- ,
255.

3.1.0.3 16.05.2013 .

632

-3000
. II

.465255.040

:
interface vlan 10
vrrp 1 priority 110
exit

2.42.6

vrrp shutdown

.
VRRP (,
).
:
vrrp vrid shutdown
no vrrp vrid shutdown
no
VRRP.
:
vrid


, VRRP.
: 1 255.


VRRP .

Ethernet, LAG, VLAN.


, .

VRRP

:
interface vlan 10
no vrrp 1 shutdown
exit

2.42.7

vrrp source-ip

. VRRP, IP-
VRRP-.
:
vrrp vrid source-ip ip-address
no vrrp vrid source-ip
633

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

no

:
vrid


, VRRP.
: 1 255.

ip-address

IP- VRRP-: IP VRRP-,


.


IP- VRRP-,
.

Ethernet, LAG, VLAN.
:
interface vlan 10
vrrp 1 source-ip 192.168.2.1
exit

2.42.8

vrrp timers advertise

.
VRRP- Master-.
:
vrrp vrid timers advertise [msec] interval
no vrrp vrid timers advertise

.

no

:
vrid


, VRRP.
: 1 255.

msec

VRRP-
.
VRRP-
.

interval

3.1.0.3 16.05.2013 .

634

-3000
. II

.465255.040

VRRP-.
msec, 50
40950 . msec
, 1 40
.

1 .

Ethernet, LAG, VLAN.

VRRP-
,
,
VRRP v2
(10 ) VRRP v3.
:
interface vlan 10
vrrp 1 timers advertise msec 500
exit

2.42.9

vrrp version

. VRRP.
:
vrrp vrid version 2 | 3 | 2&3
no vrrp vrid version

.

no

635

vrid


, VRRP.
: 1 255.

VRRPv2 (RFC3768).
VRRPv3-
VRRP.
VRRPv2-.

VRRPv2 (RFC5798)
VRRPv2 (8.4, RFC5798).
VRRPv2-
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

VRRP.
VRRPv3-.
2&3

VRRPv3 (RFC5798)
VRRPv2 (8.4, RFC5798).
VRRPv2-
VRRP. VRRPv3-
VRRPv2-.


VRRPv2.

Ethernet, LAG, VLAN.

version 2&3
.
VRRPv3
VRRPv2 VRRPv3.
:
interface vlan 10
vrrp 1 version 2
exit

2.43
2.43.1

SSH-
ip ssh-client authentication

.
SSH-, SSH SSH-.
:
ip ssh-client authentication {password | public-key {rsa | dsa}}
no ip ssh-client authentication

.

no

:
password

public-key rsa

RSA.

3.1.0.3 16.05.2013 .

636

-3000
. II

public-key dsa

.465255.040

DSA.


SSH-
.

.

ip ssh-client key
/ RSA/DSA,
.
, .
:
switchxxxxxx(config)# ip ssh-client authentication public-key rsa

2.43.2

ip ssh-client change server password

.
SSH- SSH-.
:
ip ssh-client change server password server {host | ip-address | ipv6address} username username old-password old-password newpassword new-password
:
host

DNS- SSH-.

ip-address

IP- SSH-. IP-


IPv4-, IPv6- IPv6z- (. IPv6z).

username


0 70 .

old-password

SSH-
0 70 .

new-password

SSH-
0 70 .
"@" ":".

SSH-


.
637

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040



SSH-. ip ssh-client password
SSH- ,
,
SSH-.
:
switchxxxxxx(config)# ip ssh-client change server password server
10.7.50.155 username john old-password &&&@@@aaff new-password
&&&@@@aaee

2.43.3

ip ssh-client key

.
SSH-
( ).
:
ip ssh-client key {dsa | rsa} {generate | key-pair privkey pubkey}
no ip ssh-client key [dsa | rsa]
no .
:
dsa

DSA-.

rsa

RSA-.

key-pair

, .

privkey

pubkey


;
.

.

generate

(RSA/DSA) SSH-.
;
.
3.1.0.3 16.05.2013 .

638

-3000
. II

.465255.040

key-pair,
,
.
, RFC 4716.
,
.
no ip ssh-client key .
.
53 ,
, ,
.
53 , ,

Show

CLI
(TFTP/
Backup)

Show (
)

/ /
CLI

(TFTP/Backup)

)
-

,

.
(, ),
.
:
switchxxxxxx(config)# ip ssh-client key rsa generate
The SSH service is generating a private RSA key.
This may take a few minutes, depending on the key size.

switchxxxxxx(config)#ip ssh-client key rsa key-pair


Please paste the input now, add a period (.) on a separate line after the
input
-----BEGIN RSA PRIVATE KEY----MIICXAIBAAKBgQDH6CU/2KYRl8rYrK5+TIvwS4zvhBmiC4I31m9cR/1iRTFViMRuJ++TEr

639

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

p9ssqWyI1Ti9d0jzmG0N3jHzp2je5/DUTHZXvYaUzchBDnsPTJo8dyiBl4YBqYHQgCjUhk
tXqvloy+1uxRJTAaLVXCBAmuIU/kMLoEox8/zwjB/jsF9wIBIwKBgC2xZ5mQmvy0+yo2GU
FwlQO5f0yweuM11J8McTmqDgfVTRrdbroXwbs3exVqsfaUPY9wa8Le6JPX+DPp4XovEfC/
iglZBSC8SeDmI2U7D6HrkAyD9HHf/r32jukB+5Z7BlHPz2Xczs2clOOwrnToy+YTzjLUxy
WS7V/IxbBllipLAkEA/QluVSCfFmdMlZxaEfJVzqPO1cF8guovsWLteBf/gqHuvbHuNy0t
OWEpObKZs1m/mtCWppkgcqgrB0oJaYbUFQJBAMo/cCrkyhsiV/+ZsryeD26NbPEKiak16V
Tz2ayDstidGuuvcvm2YF7DjM6n6NYz3+/ZLyc5n82okbld1NhDONsCQQCmSAas+C4HaHQn
zSU+/lWlDI88As4qJN2DMmGJbtsbVHhQxWIHAG4tBVWa8bV12+RPyuan/jnk8irniGyVza
FPAkEAiq8oV+1XYxA8V39V/a42d7FvRjMckUmKDl4Rmt32+u9i6sFzaWcdgs87+2vS3AZQ
afQDE5U6YSMiGLVewC4YWwJBAOFZmhO+dIlxT8Irzf2cUZGggopfnX6Y+L+Yl09MuZHbwH
tXaBGj6ayMYvXnloONecnApBjGEm37YVwKjO2DV2w=
-----END RSA PRIVATE KEY---------BEGIN RSA PUBLIC KEY----MIGHAoGBAMfoJT/YphGXytisrn5Mi/BLjO+EGaILgjfWb1xH/WJFMVWIxG4n75MSun2yyp
bIjVOL13SPOYbQ3eMfOnaN7n8NRMdle9hpTNyEEOew9Mmjx3KIGXhgGpgdCAKNSGS1eq+W
jL7W7FElMBotVcIECa4hT+QwugSjHz/PCMH+OwX3AgEj
-----END RSA PUBLIC KEY----.

switchxxxxxx(config)# encrypted ip ssh-client key rsa key-pair


(Need to encrypted SSH client RSA key pair, for example:)
-----BEGIN RSA ENCRYPTED PRIVATE KEY----gxeOjs6OzGRtL4qstmQg1B/4gexQblfa56RdjgHAMejvUT02elYmNi+m4aTu6mlyXPHmYP
lXlXny7jZkHRvgg8EzcppEB0O3yQzq3kNi756cMg4Oqbkm7TUOtdqYFEz/h8rJJ0QvUFfh
BsEQ3e16E/OPitWgK43WTzedsuyFeOoMXR9BCuxPUJc2UeqQVM2IJt5OM0FbVt0S6oqXhG
sEEdoTlhlDwHWg97FcV7x+bEnPfzFGrmbrUxcxOxlkFsuCNo3/94PHK8zEXyWtrx2KoCDQ
qFRuM8uecpjmDh6MO2GURUVstctohEWEIVCIOr5SBCbciaxv5oS0jIzXMrJA==
-----END RSA PRIVATE KEY---------BEGIN RSA PUBLIC KEY----MIGHAoGBALLOeh3css8tBL8ujFt3trcX0XJyJLlxxt4sGp8Q3ExlSRN25+Mcac6togpIEg
tIzk6t1IEJscuAih9Brwh1ovgMLRaMe25j5YjO4xG6Fp42nhHiRcie+YTS1o309EdZkiXa
QeJtLdnYL/r3uTIRVGbXI5nxwtfWpwEgxxDwfqzHAgEj
-----END RSA PUBLIC KEY-----

switchxxxxxx(config)# no ip ssh-client key dsa

switchxxxxxx(config)# no ip ssh-client key

2.43.4

ip ssh-client password

.
SSH- .
:
ip ssh-client password string
no ip ssh-client password
no
.
3.1.0.3 16.05.2013 .

640

-3000
. II

.465255.040

:
string

SSH- 1 70
.
"@" ":".


anonymous.

.

ip ssh-client password
, (
ip ssh-client authentication).
ip ssh-client change server password
SSH- ,
SSH-.
:
switchxxxxxx(config)# ip ssh-client password &&&111aaff

2.43.5

ip ssh-client server authentication

.
SSH- SSH-.
:
ip ssh-client server authentication
no ip ssh-client server authentication
no
SSH-.


SSH- .

.

SSH- ,
SSH- (
SSH- SSH).

641

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

SSH- ,
(trusted) SSH-.
SSH- ip sshclient server fingerprint.
:
switchxxxxxx(config)# ip ssh-client server authentication

2.43.6

ip ssh-client server fingerprint

.
(trusted) SSH.
:
ip ssh-client server fingerprint {host | ip-address} fingerprint
no ip ssh-client server fingerprint [host | ip-address]
no
SSH-.
:
host

DNS- SSH-.

ip-address

IP- SSH-. IP- IPv4-,


IPv6- IPv6z- (. IPv6z-).

fingerprint

SSH- (32
).


SSH- .

.


-. , ,
, (
, ). ,
SSH,
.
SSH- (
, SSH-).

3.1.0.3 16.05.2013 .

642

-3000
. II

.465255.040

no ip ssh-client server fingerprint


SSH-.
:
switchxxxxxx(config)# ip ssh-client server fingerprint 1.1.1.1
DC789788DC88A988127897BCBB789788
switchxxxxxx(config)# ip ssh-client server fingerprint 1.1.1.1
DC:78:97:88:DC:88:A9:88:12:78:97:BC:BB:78:97:88

2.43.7

ip ssh-client username

.
SSH- .
:
ip ssh-client username string
no ip ssh-client username
no
.

:
string

SSH- 1 70
.
"@" ":".


anonymous.

.


.
:
switchxxxxxx(config)# ip ssh-client username jeff

2.43.8

show ip ssh-client

. SSH ( ).
:
show ip ssh-client
show ip ssh-client {mypubkey | key} {dsa | rsa }
643

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
dsa

DSA-.

rsa

RSA-.

mypubkey


.

SSH-
.
.
, : ,
. , RFC 4716.
:
switchxxxxxx# show ip ssh-client mypubkey rsa
Authentication method: DSA key
Username: john
Key Source: User Defined
---- BEGIN SSH2 PUBLIC KEY ---Comment: RSA Public Key
AAAAB3NzaC1yc2EAAAABIwAAAIEAudGEIaPARsKoVJVjs8XALAKqBN1WmXnY
kUf5oZjGY3QoMGDvNipQvdN3YmwLUBiKk31WvVwFB3N2K5a7fUBjoblkdjns
QKTKZiu4V+IL5rds/bD6LOEkJbjUzOjmp9hlIkh9uc0ceZ3ZxMtKhnORLrXL
aRyxYszO5FuirTo6xW8=
---- END SSH2 PUBLIC KEY ---Public Key Fingerprint:
84:f8:24:db:74:9c:2d:51:06:0a:61:ef:82:13:88:88

switchxxxxxx# show ip ssh-client key DSA


Authentication method: DSA key
Username: john
Key Source: Default
Public Key Fingerprint:
77:C7:19:85:98:19:27:96:C9:CC:83:C5:78:89:F8:86---- BEGIN SSH2 PUBLIC KEY
---Comment: RSA Public Key
AAAAB3NzaC1kc3MAAACBAPY8ZOHY2yFSJA6XYC9HRwNHxaehvx5wOJ0rzZdzoSOXxbET
W6ToHv8D1UJ/z+zHo9Fiko5XybZnDIaBDHtblQ+Yp7StxyltHnXF1YLfKD1G4T6JYrdH
YI14Om1eg9e4NnCRleaqoZPF3UGfZia6bXrGTQf3gJq2e7Yisk/gF+1VAAAAFQDb8D5c
vwHWTZDPfX0D2s9Rd7NBvQAAAIEAlN92+Bb7D4KLYk3IwRbXblwXdkPggA4pfdtW9vGf
J0/RHd+NjB4eo1D+0dix6tXwYGN7PKS5R/FXPNwxHPapcj9uL1Jn2AWQ2dsknf+i/FAA
vioUPkmdMc0zuWoSOEsSNhVDtX3WdvVcGcBq9cetzrtOKWOocJmJ80qadxTRHtUAAACB
AN7CY+KKv1gHpRzFwdQm7HK9bb1LAo2KwaoXnadFgeptNBQeSXG1vO+JsvphVMBJc9HS
n24VYtYtsMu74qXviYjziVucWKjjKEb11juqnF0GDlB3VVmxHLmxnAz643WK42Z7dLM5
sY29ouezv4Xz2PuMch5VGPP+CDqzCM4loWgV

3.1.0.3 16.05.2013 .

644

-3000
. II

.465255.040

---- END SSH2 PUBLIC KEY ------- BEGIN SSH2 PRIVATE KEY ---Comment: DSA Private Key
AAAAB3NzaC1kc3MAAACBAPY8ZOHY2yFSJA6XYC9HRwNHxaehvx5wOJ0rzZdzoSOXxbET
W6ToHv8D1UJ/z+zHo9Fiko5XybZnDIaBDHtblQ+Yp7StxyltHnXF1YLfKD1G4T6JYrdH
YI14Om1eg9e4NnCRleaqoZPF3UGfZia6bXrGTQf3gJq2e7Yisk/gF+1VAAAAFQDb8D5c
vwHWTZDPfX0D2s9Rd7NBvQAAAIEAlN92+Bb7D4KLYk3IwRbXblwXdkPggA4pfdtW9vGf
J0/RHd+NjB4eo1D+0dix6tXwYGN7PKS5R/FXPNwxHPapcj9uL1Jn2AWQ2dsknf+i/FAA
vioUPkmdMc0zuWoSOEsSNhVDtX3WdvVcGcBq9cetzrtOKWOocJmJ80qadxTRHtUAAACB
AN7CY+KKv1gHpRzFwdQm7HK9bb1LAo2KwaoXnadFgeptNBQeSXG1vO+JsvphVMBJc9HS
n24VYtYtsMu74qXviYjziVucWKjjKEb11juqnF0GDlB3VVmxHLmxnAz643WK42Z7dLM5
sY29ouezv4Xz2PuMch5VGPP+CDqzCM4loWgV
---- END SSH2 PRIVATE KEY ----

switchxxxxxx# show ip ssh-client


Authentication method: DSA key
Username: anonymous (default)
Password: anonymous (default)

2.43.9

show ip ssh-client server

.
SSH-
SSH-.
:
show ip ssh--client server [host | ip-address]
:
host

DNS- SSH-.

ip-address

IP- SSH-. IP- IPv4-,


IPv6- IPv6z- (. IPv6z-).


.

SSH-,
SSH-.
.
:
switchxxxxxx# show ip ssh-client server
SSH Server Authentication is enabled
server address: 11.1.0.1
Server Key Fingerprint:
5a:8d:1d:b5:37:a4:16:46:23:59:eb:44:13:b9:33:e9
server address: 192.165.204.111

645

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Server Key Fingerprint:


a4:16:46:23:5a:8d:1d:b5:37:59:eb:44:13:b9:33:e9
server address: 4002:0011::12
Server Key Fingerprint:
a5:34:44:44:27:8d:1d:b5:37:59:eb:44:13:b9:33:e9

switchxxxxxx# show ip ssh-client key DSA


Authentication method: DSA key
Username: john
Key Source: Default
Public Key Fingerprint:
77:C7:19:85:98:19:27:96:C9:CC:83:C5:78:89:F8:86---- BEGIN SSH2
PUBLIC KEY
---Comment: RSA Public Key
AAAAB3NzaC1kc3MAAACBAPY8ZOHY2yFSJA6XYC9HRwNHxaehvx5wOJ0rzZdzoSOXxbET
W6ToHv8D1UJ/z+zHo9Fiko5XybZnDIaBDHtblQ+Yp7StxyltHnXF1YLfKD1G4T6JYrdH
YI14Om1eg9e4NnCRleaqoZPF3UGfZia6bXrGTQf3gJq2e7Yisk/gF+1VAAAAFQDb8D5c
vwHWTZDPfX0D2s9Rd7NBvQAAAIEAlN92+Bb7D4KLYk3IwRbXblwXdkPggA4pfdtW9vGf
J0/RHd+NjB4eo1D+0dix6tXwYGN7PKS5R/FXPNwxHPapcj9uL1Jn2AWQ2dsknf+i/FAA
vioUPkmdMc0zuWoSOEsSNhVDtX3WdvVcGcBq9cetzrtOKWOocJmJ80qadxTRHtUAAACB
AN7CY+KKv1gHpRzFwdQm7HK9bb1LAo2KwaoXnadFgeptNBQeSXG1vO+JsvphVMBJc9HS
n24VYtYtsMu74qXviYjziVucWKjjKEb11juqnF0GDlB3VVmxHLmxnAz643WK42Z7dLM5
sY29ouezv4Xz2PuMch5VGPP+CDqzCM4loWgV
---- END SSH2 PUBLIC KEY ------- BEGIN SSH2 PRIVATE KEY ---Comment: DSA Private Key
AAAAB3NzaC1kc3MAAACBAPY8ZOHY2yFSJA6XYC9HRwNHxaehvx5wOJ0rzZdzoSOXxbET
W6ToHv8D1UJ/z+zHo9Fiko5XybZnDIaBDHtblQ+Yp7StxyltHnXF1YLfKD1G4T6JYrdH
YI14Om1eg9e4NnCRleaqoZPF3UGfZia6bXrGTQf3gJq2e7Yisk/gF+1VAAAAFQDb8D5c
vwHWTZDPfX0D2s9Rd7NBvQAAAIEAlN92+Bb7D4KLYk3IwRbXblwXdkPggA4pfdtW9vGf
J0/RHd+NjB4eo1D+0dix6tXwYGN7PKS5R/FXPNwxHPapcj9uL1Jn2AWQ2dsknf+i/FAA
vioUPkmdMc0zuWoSOEsSNhVDtX3WdvVcGcBq9cetzrtOKWOocJmJ80qadxTRHtUAAACB
AN7CY+KKv1gHpRzFwdQm7HK9bb1LAo2KwaoXnadFgeptNBQeSXG1vO+JsvphVMBJc9HS
n24VYtYtsMu74qXviYjziVucWKjjKEb11juqnF0GDlB3VVmxHLmxnAz643WK42Z7dLM5
sY29ouezv4Xz2PuMch5VGPP+CDqzCM4loWgV
---- END SSH2 PRIVATE KEY ----

switchxxxxxx# show ip ssh-client


Authentication method: password (default)
Username: anonymous (default)
password(Encrypted): KzGgzpYa7GzCHhaveSJDehGJ6L3Yf9ZBAU5

2.44

2.44.1

,
IP
accept-lifetime

.
.
3.1.0.3 16.05.2013 .

646

-3000
. II

.465255.040

:
accept-lifetime {[start-time-date end-time-date] | [duration start-timedate seconds] | [infinite start-time-date]}
no accept-lifetime

.

no

:
start-time-date

key,

.
: hh:mm:ss {[month day] | [day month]}
year. :

hh:mm:ss

:: (: :
0 23 , : 0 59 , : 0
59 ).

day

1 31.

month

: Jan, Feb, Mar, Apr, May, Jun, Jul,


Aug, Sep, Oct, Nov, Dec.

year

end-time-date

, ,
start-time-date end-time-date.

start-time-date. ,
end-time-date,
,
start-time-date.

duration start- , ,
time-date
start-time-date ,
seconds
seconds.
seconds: 1
4294967295 .
infinite start- , ,
time-date
start-time-date
.


.

647

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

,
,
.
:
Console(config-key)# accept-lifetime 13:30:00 Jan 25 2002 duration 7200

2.44.2

clear ip prefix-list

. IP.
:
clear ip prefix-list [prefix-list-name [network/length]]
:
prefix-list-name

,
.

network/length

( ).

.

IP- .
: 1 32.


.

clear ip prefix-list
IP-.
:
clear ip prefix-list FIRST_LIST 10.0.0.0/8

2.44.3

distance ( IP)

,
.
3.1.0.3 16.05.2013 .

648

-3000
. II

.465255.040

:
distance {static | rip} distance
no distance {static | rip}
distance ospf {inter-as | intra-as} distance
no distance ospf {inter-as | intra-as}
distance bgp {external | internal | local} distance
no distance bgp {external | internal | local}

.

no

649

static

rip

ospf

OSPF
IPv6-.

bgp

BGP
IPv6-.

ospf inter-as

OSPF
( LSA
5 7, 2).

ospf intra-as

OSPF
( 1).

bgp external


BGP.
,

. :
1 255. 20.
255
.

bgp internal


BGP.
, BGP
entity .
: 1 255.
200.
255

RIP-

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

.
bgp local


BGP.
,
(
),
,
.
: 1 255.
200.
255
.

distance

,


1 255. 0

, .


static 1
rip 120
ospf intra-as 30
ospf inter-as 110
bgp external 20
bgp internal 200
bgp local 200

.

.
0 255.

.
255 ,

.
:
distance ospf intra-as 20
distance rip 40

3.1.0.3 16.05.2013 .

650

-3000
. II

2.44.4

.465255.040

ip prefix-list

.
.
:
ip prefix-list prefix-list-name [seq number] {{deny|permit} network
/length [ge ge-length] [le le-length]} | description text
no ip prefix-list prefix-list-name [seq number]
no
.
:
prefix-list-name

seq number

,

1 4294967294.

deny

permit

network /length

.

IP- .
: 0 32.
0
0.0.0.0

ge ge-length


ge-length
. ge-length

.

IP-

32

ge
,
.
le le-length


le-length
. le-length

.
le
,
.

651

3.1.0.3 16.05.2013 .

-3000
. II

description text

.465255.040

80 .


seq number 5 ,
5.

.

ip prefix-list
IP-.
permit deny
. deny
,
.
IP- . IP ,
. 1
32.


,
ge le. ge le

, network /length.

, ge, le.
ge,
, ge ge-length 32 . le,
, network
/length le le-length.
(ge ge-length le le-length)
, ge gelength le le-length.
:
length < ge ge-length < le le-length <= 32
ip prefix-list seq

, 5.
,
43, 48.
3.1.0.3 16.05.2013 .

652

-3000
. II

.465255.040

, 5,
5.
ip prefix-list seq
, .
, .
no ip prefix-list seq
.
no ip prefix-list seq
.


. IP
, .
ip prefix-list description
.

ip prefix-list.

cP, cL.
PrefixIsEqual(P1, P2, L) L
L1 P2 TRUE, .
1. :
P -
L -
ge -
le -
cP/cL ,
PrefixIsEqual(cP,P,L) && cL==L
2. :
P -
L -
ge -
le -
cP/cL ,
PrefixIsEqual(cP,P,L) && cL>=ge
3. :
P -
L -
653

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

ge -
le -
cP/cL ,
PrefixIsEqual(cP,P,L) && cL<=le
4. :
P -
L -
ge -
le -
cP/cL ,
PrefixIsEqual(cP,P,L) && ge<=cL<=le
:
ip prefix-list RED deny 0.0.0.0/0

ip prefix-list BLUE permit 172.16.1.0/24

ip prefix-list YELLOW permit 10.0.0.0/8 le 24

ip prefix-list PINK deny 10.0.0.0/8 ge 25

ip

prefix-list GREEN permit 0.0.0.0/0 ge 8 le 24

ip prefix-list ORANGE deny 10.0.0.0/8 le 32

2.44.5

ip route

:
ip route prefix {mask | /prefix-length} {{ip-address [metric cost]} |
reject-route}
no ip route prefix {mask | prefix-length} [ip-address]
no .
:
prefix

IP- IP .

mask

IP-.

3.1.0.3 16.05.2013 .

654

-3000
. II

.465255.040

/prefix-length

IP- 0
32 .
(/).

ip-address

IP-
.

reject-route

metric cost

()
1 255.
1.

.
no ip route ip-address
.
no ip route ip-address

.
:
ip route 172.31.0.0 255.255.0.0 172.31.6.6 metric 2

ip route 172.31.0.0 /16 172.31.6.6 metric 2

ip route 194.1.1.0 255.255.255.0 reject-route

no ip route 194.1.1.0 /24

no ip route 194.1.1.0 /24 1.1.1.1

2.44.6

ip routing


IPv4.

:
ip routing
no ip routing
no IPv4.

.
655

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
2.44.7

key-string

:
key-string text
no key-string
no .
:
text

,

,
16 .


.

.
:
Console(config)# key 1
Console(config-key)# key-string mountain
Console(config-key)# accept-lifetime 13:30:00 Jan 25 2002 duration 7200
Console(config-key)# send-lifetime 14:00:00 Jan 25 2002 duration 3600
Console(config)# key 2
Console(config-key)# key-string country
Console(config-key)# accept-lifetime 14:30:00 Jan 25 2002 duration 7200
Console(config-key)# send-lifetime 15:00:00 Jan 25 2002 duration 3600
Console(config)# key-chain M
Console(config-keychain)# key 1
Console(config-keychain)# key 2

2.44.8

key ( Key-Chain)

Key-Chain.
.

3.1.0.3 16.05.2013 .

656

-3000
. II

.465255.040

:
key key-id
no key key-id
no .
:
key-id


1 255.


.

Key-Chain.


,
,
.
accept-lifetime send-lifetime.
,
.
, .
.
,
,
.
:
Console(config)# key 1
Console(config-key)# key-string mountain
Console(config-key)# accept-lifetime 13:30:00 Jan 25 2002 duration 7200
Console(config-key)# send-lifetime 14:00:00 Jan 25 2002 duration 3600
Console(config)# key 2
Console(config-key)# key-string country
Console(config-key)# accept-lifetime 14:30:00 Jan 25 2002 duration 7200
Console(config-key)# send-lifetime 15:00:00 Jan 25 2002 duration 3600
Console(config)# key-chain M
Console(config-keychain)# key 1
Console(config-keychain)# key 2

657

3.1.0.3 16.05.2013 .

-3000
. II

2.44.9

.465255.040

key-chain

.

Key-Chain ( ).
:
key-chain chain-name
no key-chain chain-name
no key chain.
:
chain-name

key chain 32 .


.

.


.

:
Console(config)# key 1
Console(config-key)# key-string mountain
Console(config-key)# accept-lifetime 13:30:00 Jan 25 2002 duration 7200
Console(config-key)# send-lifetime 14:00:00 Jan 25 2002 duration 3600
Console(config)# key 2
Console(config-key)# key-string country
Console(config-key)# accept-lifetime 14:30:00 Jan 25 2002 duration 7200
Console(config-key)# send-lifetime 15:00:00 Jan 25 2002 duration 3600
Console(config)# key-chain M
Console(config-keychain)# key 1
Console(config-keychain)# key 2

2.44.10

send-lifetime

.
MD5 digest
.

3.1.0.3 16.05.2013 .

658

-3000
. II

.465255.040

:
send-lifetime {[start-time-date end-time-date] | [duration start-timedate seconds] | [infinite start-time-date]}
no send-lifetime

.

no

:
start-time-date

,
key,
MD5 digest .
: hh:mm:ss {[month day] | [day month]}
year. :

hh:mm:ss

:: (: :
0 23 , : 0 59 , : 0
59 ).

day

1 31.

month

: Jan, Feb, Mar, Apr, May, Jun, Jul,


Aug, Sep, Oct, Nov, Dec.

year

2000 2097.

end-time-date

, ,
start-time-date end-time-date.

start-time-date. ,
end-time-date,
,
start-time-date.

duration start- , ,
time-date
start-time-date ,
seconds
seconds.
seconds: 1
4294967295 .
infinite start- , ,
time-date
start-time-date
.


.

659

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

,
,
.
:
Console(config-key)# send-lifetime 13:30:00 Jan 25 2002 duration 7200

2.44.11

show distance

.
IP.
:
show distance

.
.
:
show distance
Protocol Distance
-------

--------

connected

static

rip
ospf intra-as

120
30

ospf inter-as 110

2.44.12

bgp external

20

bgp internal

200

bgp local

200

show ip prefix-list

.
.

3.1.0.3 16.05.2013 .

660

-3000
. II

.465255.040

:
show ip prefix-list [detail [list-name] | summary [list-name]]
show ip prefix-list list-name network/length [longer | first-match]
show ip prefix-list list-name seq seq-num
:
detail
summary

|
.

prefix-listname

seq number

network/length
,
( ).
longer


,
, /.

first-match

/.


.

detail summary ,
detail.
longer first-match ,
,
/.
:
show ip prefix-list detail
ip prefix-list ABC:
count: 1, range entries: 0
seq 5 permit 10.0.0.0/8 (hit count: 313)
ip prefix-list aggregate:
count: 3, range entries: 2

661

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

seq 5 deny 192.12.25.0/24 ge 25 (hit count: 568)


seq 10 description The Default Action
seq 15 permit 0.0.0.0/0 le 28 (hit count: 31310)
ip prefix-list bgp-in:
count: 6, range entries: 3
seq 5 deny 54.0.0.0/8 le 28 (hit count: 0)
seq 10 deny 0.0.0.0/0 (hit count: 0)
seq 15 deny 1.0.0.0/8 (hit count: 0)
seq 20 deny 2.0.0.0/8 (hit count: 0)
seq 25 deny 3.1.0.0/16 ge 24 (hit count: 0)
seq 30 permit 0.0.0.0/0 le 18 (hit count: 240664)

:
- count ;
- range entries
;
- seq ;
- permit, deny ;
- description ;
- hit count .
show ip prefix-list summary
ip prefix-list ABC:
count: 1, range entries: 0
ip prefix-list aggregate:
count: 2, range entries: 2
ip prefix-list bgp-in:
count: 6, range entries: 3
show ip prefix-list bgp-in seq 15
seq 15 deny 1.0.0.0/8 (hit count: 0)

2.44.13

show ip protocols

.

.
:
show ip protocols
3.1.0.3 16.05.2013 .

662

-3000
. II

.465255.040


.
:
Console# show ip protocols
Routing Protocol is "rip"
Sending updates every 30 seconds
Invalid after 180 seconds, hold down 120, flushed after 300
Redistributing: RIP, Static
Default version control: send version 1, receive version 1
Interfaces:
Interface

Send

Receive

Key-chain

176.1.1.1

flowers

176.2.1.1

passive

Routing Information Sources:


Gateway

Last update

176.1.1.2

0:00:17

Preference: 60

Redistributing: External direct, Static, RIP


Interfaces:
Interface

Metric

Key-chain

176.1.1.1

10

flowers

176.2.1.1

Routing Information Sources:


Gateway

State

176.1.1.2

Full

External Preference: 60
Internal Preference: 20

2.44.14

show ip route

.
:
show ip route [ip-address {mask [longer-prefixes]} | protocol
[process-id] | static | rejected]

663

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
ip-address

IP-,
.

mask

longer-prefixes ,

,
ip-address
mask.
protocol


: connected, mobile,
static, summary.

: bgp, ospf rip.


: connected, static icmp.

process-id

, .

static

rejected


(>)
(#)
:
Router# show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: disabled
Codes: > - best, C - connected, S - static
IP Routing Table - 5 entries
Code IP Route

Distance/ Next Hop

Last Time Outgoing

Metric

Updated

IP Address

Interface

--- ----------- -------- -------------- --------- -----------S> 10.10.0.0/16

1/128

10.119.254.244 00:02:22 ge1/0/2

S> 10.10.0.0/16

1/128

10.120.254.244 00:02:22 ge1/0/3

S> 10.16.2.0/24

1/128

10.119.254.244 00:02:22 ge1/0/2

C> 10.119.0.0/16 0/1

0.0.0.0

ge1/0/2

C> 10.120.0.0/16 0/1

0.0.0.0

ge1/0/3

3.1.0.3 16.05.2013 .

664

-3000
. II

.465255.040

Router# show ip route


Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP,
O - OSPF intra-area, OIA - OSPF inter-area,
OE1 - OSPF external 1, OE2 - OSPF external 2,
B BGP
IP Routing Table - 22 entries
Code IP Route Distance/ Next Hop
Metric

Last Time Outgoing

IP Address Updated Interface

------ ------------------- ----------- --------------- ------------- ----O> 10.10.0.0/16 10/128 10.119.254.244 00:02:22 ge1/0/2
O> 10.10.0.0/16 10/128 10.120.254.244 00:02:22 ge1/0/3
O> 10.16.2.0/24 110/128 10.119.254.244 00:02:22 ge1/0/2
O> 10.16.2.64/26 110/128 10.119.254.244 00:02:22 ge1/0/2
O> 10.16.2.64/26 110/130 10.119.254.244 00:02:22 ge1/0/3
O> 10.16.2.128/26 110/128 10.119.254.244 00:02:22 ge1/0/2
R 10.16.2.128/26 120/3 10.119.254.244 00:02:22 ge1/0/2
O> 10.16.208.0/24 110/128 10.120.254.244 00:02:22 ge1/0/2
O> 10.16.223.0/24 110/128 10.119.254.244 00:02:22 ge1/0/2
O> 10.16.236.0/24 110/129 10.119.254.240 00:02:23 ge1/0/2
R> 10.67.10.0/24 120/5 10.119.254.244 00:02:22 ge1/0/2
OE2> 10.68.132.0/24 110/5 10.119.254.6 00:00:59 ge1/0/2
O> 10.75.139.0/24 110/129 10.119.254.240 00:02:23 ge1/0/2
O> 10.84.148.0/24 110/129 10.119.254.240 00:02:23 ge1/0/2
OE2 > 10.110.0.0/24 110/128 10.119.254.6 00:01:00 ge1/0/12
C> 10.119.0.0/16 0/1 0.0.0.0 ge1/0/2
C> 10.120.0.0/16 0/1 0.0.0.0 ge1/0/2
O> 10.128.0.0/16 110/128 10.119.254.244 00:02:22 ge1/0/2
O> 10.129.0.0/16 110/129 10.119.254.240 00:02:02 ge1/0/2
OE2> 10.130.0.0/16 110/5 0.0.0.0 00:00:59 ge1/0/2
O> 10.140.0.0/16 110/129 10.119.254.240 00:02:23 ge1/0/2
O> 10.141.0.0/16 110/129 10.119.254.240 00:02:22 ge1/0/2

Router# show ip route 10.16.0.0 255.255.0.0 longer-prefix


Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP,

665

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

O - OSPF intra-area, OIA - OSPF inter-area,


OE1 - OSPF external 1, OE2 - OSPF external 2,
B BGP
IP Routing Table - 22 entries
Code IP Route Distance/ Next Hop
Metric

Last Time Outgoing

IP Address Updated Interface

------ ------------------- ----------- --------------- ------------- ----O> 10.16.2.0/24 110/128 10.119.254.244 00:02:22 ge1/0/2
O> 10.16.2.64/26 110/128 10.119.254.244 00:02:22 ge1/0/2
O> 10.16.2.128/26 110/128 10.119.254.244 00:02:22 ge1/0/2
O> 10.16.208.0/24 110/128 10.120.254.244 00:02:22 ge1/0/2
O> 10.16.223.0/24 110/128 10.119.254.244 00:02:22 ge1/0/2
O> 10.16.236.0/24 110/129 10.119.254.240 00:02:23 ge1/0/2

Router# show ip route 10.16.0.0 255.255.0.0 longer-prefix


Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP,
O - OSPF intra-area, OIA - OSPF inter-area,
OE1 - OSPF external 1, OE2 - OSPF external 2,
B BGP
IP Routing Table - 22 entries
Code IP Route Distance/ Next Hop Last Time Outgoing
Metric IP Address Updated Interface
------ ------------------- ----------- --------------- ------------O> 10.16.2.0/24 110/128 10.119.254.244 00:02:22 ge1/0/2
O> 10.16.0.0/16 10/128 10.120.254.244 00:02:22 ge1/0/3

2.44.15

show ip route summary

.
IP- .
:
show ip route summary

.
.
3.1.0.3 16.05.2013 .

666

-3000
. II

.465255.040

:
show ip route summary
IP Routing Table Summary - 82 entries
35 connected, 25 static, 12 RIP, 10 OSPF
Number of prefixes:
/16: 10, /18: 10, /22: 15, /24: 25, /28: 2, /30: 12

2.44.16

show key chain

.
.
:
show key chain [name-of-chain]
:
name-of-chain

Key Chain,
Key Chain.


Key Chain.

.
:
Router# show key chain
Current Time of Date is Feb 8 2011
Accept lifetime is configured to ignore
Key-chain trees:
key 1 -- text "chestnut"
accept lifetime (always valid) - (always valid) [valid now]
send lifetime (always valid) - (always valid) [valid now]
key 2 -- text "birch"
accept lifetime (00:00:00 Dec 5 2010) - (23:59:59 Dec 5 2010)
send lifetime (06:00:00 Dec 5 2010) - (18:00:00 Dec 5 2016)[valid now]

Router# show key chain


Current Time of Date is not defined
Accept lifetime is ignored
Key-chain trees:
key 1 -- text "chestnut"
accept lifetime (always valid) - (always valid) [valid now]

667

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

send lifetime (always valid) - (always valid) [valid now]


key 2 -- text "birch"
accept lifetime (00:00:00 Dec 5 2010) - (23:59:59 Dec 5 2010)
send lifetime (06:00:00 Dec 5 2010) - (18:00:00 Dec 5 2016)

2.45
2.45.1

RIP
clear rip statistics

.
.

:
clear rip statistics

.
:
clear rip statistics

2.45.2

default-information originate

.
RIP (Routing Information Protocol).
:
default-information originate [on-passive | route-map map-name]
no default-information originate
no .
:
on-passive


RIP.

route-map map-name


(route map).


.

(config-router).
3.1.0.3 16.05.2013 .

668

-3000
. II

.465255.040


on-passive route-map,
1
RIP.
on-passive,
1
RIP.
map-route map route
set metric, 1.

map-route map route


set interface,
.
, ,
RIP-,
.
:
router rip
default-information originate route-map condition
exit
route-map condition permit 10
match ip address 10
set metric 3
set interface vlan 100
exit
ip access-list 10 permit 172.17.16.0/24

2.45.3

default-metric

RIP.
, RIP ,
(,
).
:
default-metric [metric-value]
no default-metric

.

no

:
metric-value
669

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

1 15.

1.

RIP.
:
router rip
default-metric 2
exit

2.45.4

ip rip authentication key-chain

IP-.
, ,
.
:
ip rip authentication key-chain name-of-chain
no ip rip authentication key-chain

.

no

:
name-of-chain

.
,
key chain


(key chain) .

IP-.

ip rip authentication key-chain
IP- .
IP-.
ip rip authentication key-chain
.

3.1.0.3 16.05.2013 .

670

-3000
. II

.465255.040


,
,
.
:
interface ip 1.1.1.1
ip rip authentication key-chain alpha
exit

2.45.5

ip rip authentication mode

IP-.

:
ip rip authentication mode {text | md5}
no ip rip authentication mode

.

no

:
text

md5

MD5-.


.

IP-.

MD5-

ip rip authentication key-chain.
IP-
, RIP IP, IP- .
,

ip rip authentication-key.
IP-, RIP IP, IP- .
671

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
interface ip 1.1.1.1
ip rip authentication mode md5
exit

2.45.6

ip rip authentication-key

.
,
RIP.
:
ip rip authentication-key password
no ip rip authentication-key
no
RIP.
:
password

8 .


.

IP-.

, ,
, RIP,
.
.

RIP.
IP. ip rip authentication-key
.
:
interface ip 1.1.1.1
ip rip authentication mode text
ip rip authentication-key alph$$12
exit

3.1.0.3 16.05.2013 .

672

-3000
. II

2.45.7

.465255.040

ip rip default-information originate

IP-.
RIP.

:
ip rip default-information originate [passive] {disable | metric}
no ip rip default-information originate
no .
:
metric


1 15.

passive

,
RIP .

disable


RIP defaultinformation originate.

IP-.

RIP,
default-information originate IP.
:
interface ip 1.1.1.1
ip rip default-information originate 3
exit

2.45.8

ip rip distribute-list in

IP-.
RIP
.
673

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
ip rip distribute-list {access access-list-name | prefix prefix-listname} in
no ip rip distribute-list in
no .
:
access-list-name

IP ACL
32
.


RIP .

prefix-list-name

.



.


.

IP-.

RIP
,
.
ip access-list (IP
standard) ip prefix-list.
:
interface ip 1.1.1.1
ip rip distribute-list 5 in
exit

2.45.9

ip rip distribute-list out

IP-.
RIP
.
:
ip ip rip distribute-list {access access-list-name | prefix prefix-listname} out
3.1.0.3 16.05.2013 .

674

-3000
. II

.465255.040

no ip rip distribute-list out


no .
:
access-list-name

IP ACL
32
.


RIP
.

prefix-list-name

.



.


.

IP-.

IP Forwarding
RIP ,
.
ip access-list (IP standard) ip
prefix-list.
:
Console(config)# interface ip 1.1.1.1
Console(config-ip)# ip rip distribute-list 5 out

2.45.10

ip rip offset

IP-.
, .

:
ip rip offset offset
no ip rip offset

.

675

no

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
offset


1 15.


1.

IP-.
:
interface ip 1.1.1.1
ip rip offset 2
exit

2.45.11

ip rip passive-interface

IP-.
RIP IP-.
:
ip rip passive-interface
no ip rip passive-interface
no RIP.

RIP .

IP-.

ip rip passive-interface
RIP IP-.
RIP ,
passive-interface.
no ip rip passive-interface
passive-interface.
:
interface ip 1.1.1.1
ip rip passive-interface
exit

3.1.0.3 16.05.2013 .

676

-3000
. II

2.45.12

.465255.040

ip rip shutdown

IP-. RIP.
:
ip rip shutdown
no ip rip shutdown
no RIP-.

RIP- .

IP-.

ip rip shutdown RIP
IP- . ip rip
shutdown RIP-,
network. ip rip
shutdown RIP-.
:
interface ip 1.1.1.1
ip rip shutdown
exit

2.45.13

network

RIP.
RIP IP-.
:
network ip-address [shutdown]
no network ip-address
no RIP IP .
:

677

ip-address

IP- IP- .

shutdown

RIP
shutdown.
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


RIP.

RIP IP. , RIP
IP-, DHCP, IP-
.
network shutdown
RIP ,
RIP
no ip rip shutdown.
no network RIP IP, .
:
router rip
network 1.1.1.1
exit

router rip
network 1.1.1.1 shutdown
exit
interface ip 1.1.1.1
ip rip offset 2
no ip rip shutdown
exit

2.45.14

passive-interface ( RIP)

.
IP- RIP.
:
passive-interface
no passive-interface
no
RIP.

IP.
3.1.0.3 16.05.2013 .

678

-3000
. II

.465255.040


(config-router).

passive-interface
no
ip rip passive-interface.
:
router rip
passive-interface
network 1.1.1.1
network 2.2.2.2
network 3.3.3.3
exit
interface ip 1.1.1.1
no ip rip passive-interface
exit

2.45.15

redistribute ( RIP)

RIP .

RIP.
:
redistribute protocol [process-id] [metric {metric-value |
transparent}] [match {internal | external 1 | external 2}] [routemap map-tag]
no redistribute protocol [process-id] [metric {metric-value |
transparent}] [match {internal | external 1 | external 2}] [routemap map-tag]
no .
:

679

protocol

.

: connected,
static, ospf bgp.

process-id

process-id
ospf

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

OSPF,


.
.

,
1.
metric transparent

RIP


RIP.
16.

metric metric-value

,
.
,
default-metric.

route map (
set metric),
,
metric-value.
metric routemap
route map
,
default-metric,
.
, route
map, 16,
.

match
{internal
| match
external 1 | external 2} ospf
,
OSPF

RIP.
:
- internal

,
.

- external 1

,
,
OSPF
1.

- external 2

3.1.0.3 16.05.2013 .

680

-3000
. II

.465255.040

,
OSPF
2.

external 1.

internal

redistribute
match.
route-map

,
.

map-tag


.

RIP .

, ,
.
connected
RIP , IP-,
RIP .
RIP ,
IP-, .
static
RIP.
RIP.
bgp
, eBGP, BGP RIP. ,
eBGP,
bgp redistribue-internal.
681

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
, redistribute,
no
.
:
router rip
redistribute static metric transparent
exit

router rip
redistribute static metric transparent
no redistribute static metric transparent
exit

router rip
redistribute static
redistribute static metric transparent
exit

router rip
redistribute static metric transparent
redistribute static
exit

router rip
no redistribute static
exit

router rip
redistribute ospf 1
exit

router rip
redistribute ospf 1 metric 1
redistribute ospf 1 match external 2 metric 4
exit

3.1.0.3 16.05.2013 .

682

-3000
. II

.465255.040

router rip
redistribute bgp 120 metric 5
exit

router rip
no redistribute static metric 1000
exit

router rip
no redistribute ospf route-map m103
exit

2.45.16

router rip

.
RIP.
:
router rip
no router rip
no RIP
RIP.

RIP .

.

RIP :
- disabled;
- enabled;
- shutdown.
RIP disabled (
), RIP .
, RIP .
no router rip
RIP.
RIP shutdown, RIP ,
. ,
683

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

RIP .
shutdown RIP enabled.
RIP enabled, RIP
.
router rip RIP disabled
no shutdown RIP
shutdown.
:
router rip

2.45.17

show ip rip database

.
RIP.
:
show ip rip database [all | brief | ip-address]
:
all

RIP
RIP-.
,
.

brief

RIP.

ip-address

RIP
IP-.


.
:
Console#show ip rip database
RIP is enabled
RIP Administrative state is UP
Default metric value is 1
Redistributing is enabled from
Connected:
Metric is default-metric
no route-map
Static:
Metric is transparent
no route-map
OSPF 109:
internal:
metric value is 2

3.1.0.3 16.05.2013 .

684

-3000
. II

.465255.040

no route-map name
external 1
metric value is 4
no route-map
external 2
metric is value 6
route-map name is route-map-ospf-exter2
with subnets
IP Interface: 1.1.1.1
Administrative State is enabled
IP Interface Offset is 10
Default Originate Metric is 12
Authentication Type is text
Password is afGRwitew%3
IN Filtering Type is Access List
Access List Name is 10
OUT Filtering Type is Access List
Access List Name is List12
IP Interface: 2.2.2.2
Administrative State is enabled
IP Interface Offset is 2
No Default Originate Metric
Authentication Type is MD5
Key Chain Name is chain1
IN Filtering Type is Prefix List
Prefix List Name is PrefixList10
OUT Filtering Type is Access List
Access List Name is 12
IP Interface: 3.3.3.3
Administrative State is enabled
IP Interface Offset is 1
IP Interface is passive
Default Originate Metric 3, on passive too
No Authentication
No IN Filtering
No OUT Filtering
IP Interface: 4.4.4.4
Administrative State is shutdown
IP Interface Offset is 1
No Authentication
No IN Filtering
No OUT Filtering

685

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Console#show ip rip database 1.1.1.1


RIP is enabled
RIP Administrative state is UP
Default Originate Metric: on passive only
Default metric value is 1
Redistributing is enabled from
Connected
Metric is default-metric
no route-map
Static:
Metric is transparent
no route-map
OSPF:
from metric type:
metric value is 2
no route-map name
exteranl 1
metric value is 4
no route-map
exteranl 2
metric is value 6
route-map name is route-map-ospf-exter2
with subnets
IP Interface: 1.1.1.1
Administrative State is enabled
IP Interface Offset is 10
Default Originate Metric is 12
Authentication Type is text
Password is afGRwitew%3
IN Filtering Type is Access List
Access List Name is 10
OUT Filtering Type is Access List
Access List Name is List12

3.1.0.3 16.05.2013 .

686

-3000
. II

.465255.040

Console#show ip rip database brief


RIP is enabled
RIP Administrative state is UP
Default Originate Metric: route-map is condition
Default metric value is 1
Redistributing is enabled from
Connected
Metric is default-metric
no route-map
Static
Metric is transparent
no route-map
OSPF 1
from metric type:
metric value is 2
no route-map name
exteranl 1
metric value is 4
no route-map
exteranl 2
metric is value 6
route-map name is route-map-ospf-exter2
with subnets
IP Interface
----------100.100.100.100
2.2.2.2
3.3.3.3
4.4.4.4

Admin

Offset Passive

State
-----enabled
enabled
enabled
shutdown

Default Auth.

Interface Metric Type


------ -------- ------ ----10
2
1
1

No
No
Yes
No

12
MD5

IN Filt. OUT Filt.


Type
Type
------- ---------

Text
Access
Prefix Access

Access

Console#show ip rip database


RIP is disabled

2.45.18

show ip rip peers

.
RIP.
:
show ip rip peers

.

687

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
Console>show ip rip peers
RIP is enabled
Static redistributing is enabled with Default metric
Default redistributing metric is 1
Address

Last

Received

Received

Update

Bad Packets Bad Route

-------- --------- ---------- --------1.1.12


2.2.2.3

2.45.19

00:10:17
00:10:01

1
-

show ip rip statistics

. RIP.
:
show ip rip statistics

.
:
Console#show ip rip statistics
RIP is enabled
Static redistributing is enabled with transparent metric
Default redistributing metric is 1
Interface Received Received Sent
Bad
Bad
Triggered
Pakets
Routes
Packets
--------- -------- -------- -----------

2.45.20

1.1.1.1

2.2.2.2

shutdown

RIP .
RIP.
:
shutdown
no shutdown
no RIP.

3.1.0.3 16.05.2013 .

688

-3000
. II

.465255.040


RIP .

.

shutdown
RIP .
:
router rip
shutdown
exit

2.46
2.46.1

IPv6-
clear ipv6 neighbors

.
IPv6, .
:
clear ipv6 neighbors

.
:
console# clear ipv6 neighbors

2.46.2

clear ipv6 prefix-list

.
IPv6-.
:
clear ipv6 prefix-list [prefix-list-name [ipv6-prefix/prefix-length]]
:

689

prefix-list-name

,
.

ipv6-prefix

IPv6-,
.
, RFC 4293
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

16-
, ).
IPv6-,
, ,

(
).
(/).

/prefix-length


IPv6.

.

clear ipv6 prefix-list clear ip prefixlist, IPv6-.
:
clear ipv6 prefix-list first_list 2001:0DB8::/35

2.46.3

ipv6 address

. IPv6 .
:
ipv6 address ipv6-address/prefix-length
no ipv6 address [ipv6-address/prefix-length]
no IPv6-.
:
ipv6-address

IPv6- RFC
4293 (
16- ,
).

prefix-length

IPv6-,
, ,
(
).

3.1.0.3 16.05.2013 .

690

-3000
. II

.465255.040

(/).

IP- .

.

ipv6 address
IPv6- ISATAP.
no ipv6 address
IPv6-, ,
.
:
interface vlan 100
ipv6 address 2001:DB8:2222:7272::72/64
exit

2.46.4

ipv6 address anycast

. IPv6
anycast- .
:
ipv6 address ipv6-prefix/prefix-length anycast
no ipv6 address [ipv6-prefix/prefix-length anycast]
no .
:
ipv6-address

IPv6- RFC
4293 (
16- ,
).

prefix-length

IPv6-,
, ,
(
).
(/).


IP- .
691

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

Anycast- ,
, . ,
anycast-, (
), anycast. Anycast-
unicast-, .. anycast-
unicast-. , anycast-,
,
anycast-.
Anycast-

, , anycast-
IPv6-.
Anycast- ,
( ). Anycast-

,
anycast- .
ipv6 address anycast
IPv6- ISATAP.
no IPv6 address IPv6, ,
.
:
interface vlan 1
ipv6 address 2001:0DB8:1:1:FFFF:FFFF:FFFF:FFFE/64 anycast
exit

2.46.5

ipv6 address autoconfig

.
IPv6-
,
IPv6.
, Router Advertisement.
:
ipv6 address autoconfig
no ipv6 address autoconfig
3.1.0.3 16.05.2013 .

692

-3000
. II

.465255.040

no
.

.

.

IPv6 (
),
IPv6-
, EUI-64,
.

IPv6 Forwarding.

IPv6 Forwarding ( )


IPv6- .
IPv6 Forwarding ( )

.
no ipv6 address autoconfig

IPv6-

.
:
interface vlan 100
ipv6 address autoconfig
exit

2.46.6

ipv6 address eui-64

. IPv6 IPv6,
EUI-64 64
.
:
ipv6 address ipv6-prefix/prefix-length eui-64
693

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

no ipv6 address [ipv6-prefix/prefix-length eui-64]


no .
:
ipv6-address

IPv6-, .
,
RFC 4293 (
16 , ).

prefix-length

IPv6-,
, ,

( ).

(/).


IP- .

.

, /prefix-length,
64 ,
.
,
IPv6-, IPv6-
.
no ipv6 address IPv6, ,
.
:
interface vlan 1
ipv6 address 2001:0DB8:0:1::/64 eui-64
exit

2.46.7

ipv6 address link-local

IPv6 IPv6
.
3.1.0.3 16.05.2013 .

694

-3000
. II

.465255.040

:
ipv6 address ipv6-prefix link-local
no ipv6 address [link-local]
no
.

:
ipv6-address

IPv6-, .
,
RFC 4293 (
16 , ).


.

.


, IPv6,
IPv6-.

ipv6 link-local address.
ipv6 address link-local
IPv6- ISATAP.
no ipv6 address IPv6, ,

:
console(config)# interface vlan 1
console(config-if)# ipv6 address fe80::123/64 link-local

2.46.8

ipv6 default-gateway

.
IPv6.
:
ipv6 default-gateway ipv6-address | interface-id
no ipv6 default-gateway ipv6-address | interface-id
no .
695

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
ipv6-address

IPv6-
.

interface-id

,

.


.

.

ipv6 route
( ):
ipv6 route ::/0 ipv6-address | interface-id
ipv6
route.
:
console(config)# ipv6 default-gateway fe80::abcd%vlan1

3.1.0.3 16.05.2013 .

696

-3000
. II

2.46.9

.465255.040

ipv6 distance

,
.
:
ipv6 distance {static | igmp} distance
no ipv6 distance {static | igmp}
ipv6 distance ospf {inter-as | intra-as} distance
no ipv6 distance ospf {inter-as | intra-as}
ipv6 distance bgp {external | internal | local} distance
no ipv6 distance bgp {external | internal | local}

.

no

697

static

igmp

,
ICMP Redirect.

ospf

OSPF
IPv6-.

bgp

BGP
IPv6-.

ospf inter-as

OSPF
( LSA
5 7, 2).

ospf intra-as

OSPF
( 1).

bgp external


BGP.
,

. :
1 255. 20.
255
.

bgp internal


BGP.
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

, BGP
entity .
: 1 255.
200.
255
.
bgp local


BGP.
,
(
),
,
.
: 1 255.
200.
255
.

distance

,


1 255. 0

, .


connected 0
static 1
igmp 2
ospf intra-as 30
ospf inter-as 110
bgp external 20
bgp internal 200
bgp local 200

.

.
0 255.

.
255 ,
3.1.0.3 16.05.2013 .

698

-3000
. II

.465255.040


.
:
ipv6 distance ospf intra-as 20
ipv6 distance bgp local 40

2.46.10

ipv6 enable

.
IPv6 .
:
ipv6 enable
no ipv6 enable
no IPv6 ,
IPv6- .

IPv6 .

.

IPv6 , IPv6.
no ipv6 enable IPv6
, IPv6- .
:
Console(config)# interface vlan 1
Console(config-if)# ipv6 enable

2.46.11

ipv6 hop-limit

(hops),
IPv6-, .
:
ipv6 hop-limit value
no ipv6 hop-limit

699

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

no

:
value


1 255.


64.

.
:
ipv6 hop-limit 15

2.46.12

ipv6 host

.
- .
:
ipv6 host name ipv6-address1 [ipv6-address2...ipv6-address4]
no ipv6 host name
no
.
:
name

ipv6-address1

ipv6-address2-4

IPv6- 158 .

, .
, ,
, .
IPv6- RFC 4291 (

16-
,
).
IPv6-,
.

3.1.0.3 16.05.2013 .

700

-3000
. II

.465255.040


.

IPv6Z-: <ipv6-link-local-address>%<interface-name>

interface-name = vlan<integer> | ch<integer> | isatap<integer> |


<physical-port-name>

integer = <decimal-number> | <integer><decimal-number>

decimal-number = 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9

physical-port-name = , , 16

:
ipv6 host cisco-sj 2001:0DB8:1::12
ipv6 host cisco-hq 2002:C01F:768::1 2001:0DB8:1::12

2.46.13

ipv6 icmp error-interval

.
IPv6 ICMP .
:
ipv6 icmp error-interval milliseconds [bucketsize]
no ipv6 icmp error-interval

.

no

701

milliseconds

,
0 2147483647 .

ICMP. 0
.

bucketsize


, 1 200.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


100
10 ( 100 ICMP- ).

.


IPv6 ICMP- .
, Pv6 ICMP .
,
.
milliseconds
. bucketsize

. ,
IPv6 ICMP- . , ,
bucketsize 20,
20 IPv6 ICMP . , IPv6
ICMP- ,
.
= (1000/ milliseconds) *
* bucketsize.
,
milliseconds 0.
:
console(config)# ipv6 icmp error-interval 50 20

2.46.14

ipv6 link-local default zone

ipv6 link-local default zone



zone 0.
:
ipv6 link-local default zone interface-id
no Ipv6 link-local default zone

.
3.1.0.3 16.05.2013 .

no

702

-3000
. II

.465255.040

:
,
,

IPv6Z
0.

interface-id


link-local default zone .

.
:
ipv6 link-local default zone vlan1

2.46.15

ipv6 mld version

.
MLD.
:
ipv6 mld version 1 | 2
no ipv6 mld version

.

no

:
MLD 1.
MLD 2.

1
2


MLD 1.

.
:
console(config)# interface vlan 1
console(config-if)# ipv6 mld version 2

703

3.1.0.3 16.05.2013 .

-3000
. II

2.46.16

.465255.040

ipv6 nd advertisement-interval

.

(router advertisement RA).
:
ipv6 nd advertisement-interval
no ipv6 nd advertisement-interval

.

no


.

.

ipv6 nd advertisement-interval
,
RA.

.
:
interface vlan 1
ipv6 nd advertisement-interval
exit

2.46.17

ipv6 nd dad attempts

DAD IPv6 .
:
ipv6 nd dad attempts value
no ipv6 nd dad attempts

.

3.1.0.3 16.05.2013 .

no

704

-3000
. II

.465255.040

:
value


0 600. 0
DAD .
1
.


1.

.

DAD IPv6-
(
, DAD).
DAD neighbor solicitation
IPv6-.

DAD
() IPv6- . DAD
, IPv6 - TENTATIVE.
DAD DAD
IPv6-.
DAD ,
DUPLICATE,
.
, IPv6-
, .
, ,
,
DUPLICATE.
,
DAD ,
IPv6-, , (DAD
).

705

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
interface vlan 1
ipv6 nd dad attempts 5
exit
interface vlan 2
ipv6 nd dad attempts 0
exit

2.46.18

ipv6 nd hop-limit

(hops),
.
:
ipv6 nd hop-limit value
no ipv6 nd hop-limit

.

no

:
value

(hops)
1 255.


ipv6 hoplimit 64,
.

.

,
.
ipv6 hop-limit.

3.1.0.3 16.05.2013 .

706

-3000
. II

.465255.040

:
interface vlan 2
ipv6 nd hop-limit 15
exit

2.46.19

ipv6 nd managed-config flag

.
Managed Address Configuration IPv6.
:
ipv6 nd managed-config-flag
no ipv6 nd managed-config-flag
no
IPv6-.

Managed Address Configuration
IPv6-.


.

Managed Address Configuration
IPv6-
,

. ,

. ,
.

.

:
interface vlan 1
ipv6 nd managed-config-flag
exit

707

3.1.0.3 16.05.2013 .

-3000
. II

2.46.20

.465255.040

ipv6 nd ns-interval

.
.
:
ipv6 nd ns-interval milliseconds
no ipv6 nd ns-interval

.

no

:
milliseconds


1000 3600000 .


0
, 1000
.

.


IPv6-, .

IPv6. ,
, ,
.
:
interface vlan 1
ipv6 nd ns-interval 9000
exit

2.46.21

ipv6 nd other config-flag

.
Other Stateful configuration IPv6.
:
ipv6 nd other-config-flag
no ipv6 nd other-config-flag
3.1.0.3 16.05.2013 .

708

-3000
. II

.465255.040

no
IPv6-.

.

.

Other Stateful configuration
IPv6-
,
(.. ). ,

() .
Managed Address
Configuration ipv6 nd managed-configflag,
()
Other Stateful configuration.
:
interface vlan 1
ipv6 nd other-config-flag
exit

2.46.22

ipv6 nd prefix

. IPv6

IPv6 (Neighbor Discovery ND).


:
ipv6 nd prefix {ipv6-prefix/prefix-length | default } [no-advertise |
{[valid-lifetime preferred-lifetime] [no-autoconfig] [off-link | noonlink]}]
no ipv6 nd prefix [ipv6-prefix/prefix-length | default]
no .
:
ipv6-prefix

709

IPv6-
.
,
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

RFC 4293 (
16 , ).
/prefix-length

IPv6-,
, ,

( ).

(/).

default

,

ipv6 address.

no-advertise

valid-lifetime

, ,

, .. .
4 294 967 295 .
,
,
.

preferredlifetime

, ,

. 4 294 967 295

.
,

,
,
, ,
.
preferred-lifetime ,
valid-lifetime.

no-autoconfig

,

IPv6.
-.

off-link

offlink. L-.

.

3.1.0.3 16.05.2013 .

710

-3000
. II

.465255.040

(,
ipv6 address),
.
no-onlink

not
on-link. L.


, ,
IPv6-,
valid-lifetime, 2 592 000 (30 ),
preferred-lifetime, 604 800 (7 ).
, :
-
;
- on-link (,
L-);
-
(, A-).

.


,
.
ipv6 nd prefix ipv6-prefix/prefix-length
.
no ipv6 nd prefix ipv6-prefix/prefix-length
.
no ipv6 nd prefix ipv6-prefix/prefixlength
.
no ipv6 nd prefix
.
:
- ,
,
ipv6 nd prefix defaul ( ,
711

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

), ,
(/
ipv6 nd prefix);
- , ipv6 nd
prefix no-advertise.
default
default

,
ipv6 address.

ipv6 nd prefix.
no ipv6 nd prefix default
.
On-Link
on-link ( ),
. , ,
, ,
. on-link
.
Auto-configuration
( ),
,
IPv6.
L- A-,

IPv6 ND,
:
default L = 1 A = 1,
no-onlink L = 0 A = 1,
no-autoconfig L = 1 A = 0,
no-onlink no-autoconfig L = 0 A = 0,
off-link L = 0 A = 1,
off-link no-autoconfig L = 0 A = 0,
:
interface vlan 1
ipv6 nd prefix 2001:0DB8::/35 1000 900
exit

interface vlan 1

3.1.0.3 16.05.2013 .

712

-3000
. II

.465255.040

ipv6 address 2001::1/64


ipv6 nd prefix 2001::/64 3600 3600 no-onlink
exit

2.46.23

ipv6 nd ra interval

.
IPv6-
.
:
ipv6 nd ra interval maximum-secs [minimum-secs]
no ipv6 nd ra interval

.

no

:
maximum-secs

minimum-secs


IPv6-
4 1800 .

IPv6-
3 1350 .


maximum-secs 600 .
minimum-secs 0.33*maximum-secs (
3 ) 3 ( 3 ).

.


(lifetime) IPv6-

.

IPv6-


,
.

3 .
713

75%

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
interface vlan 1
ipv6 nd ra interval 201
exit

interface vlan 1
ipv6 nd ra interval 200 50
exit

2.46.24

ipv6 nd ra lifetime

.
IPv6 .
:
ipv6 nd ra lifetime seconds
no ipv6 nd ra lifetime

.

no

:
seconds

, ,

(
). 0 ,


. : 0
<Maximum RA
Interval> 9000 .


3*<Maximum RA Interval> .

.


IPv6-,
.

3.1.0.3 16.05.2013 .

714

-3000
. II

.465255.040

. 0 ,

.
,

.
,
.
:
interface vlan 1
ipv6 nd ra lifetime 1801
exit

2.46.25

ipv6 nd ra suppress

.
IPv6-
.
:
ipv6 nd ra suppress
no ipv6 nd ra suppress
no
IPv6- .

LAN:
IPv6-.
-: IPv6 .
NBMA: IPv6 .

.

no ipv6 nd ra suppress
IPv6-
- (, manual tunnel).
no ipv6 nd ra suppress
IPv6-
NBMA (, ISATAP tunnel).
715

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
interface vlan 1
ipv6 nd ra suppress
exit

interface tunnel 1
no ipv6 nd ra suppress
exit

2.46.26

ipv6 nd reachable-time

.
, IPv6-

.
:
ipv6 nd reachable-time milliseconds
no ipv6 nd reachable-time

.

no

:
milliseconds


3600000 .


0
, 30000 (30 )
.

.


.
,
.

IPv6- IPv6-.

.
3.1.0.3 16.05.2013 .

716

-3000
. II

.465255.040


,
,
. 0 ,
.
:
interface vlan 1
ipv6 nd reachable-time 1700000
exit

2.46.27

ipv6 nd router-preference

(default router
preference DRP) .
:
ipv6 nd router-preference {high | medium | low}
no ipv6 nd router-preference

.

no

:
high

medium

low


(RA)
.

.


DRP, .
DRP , RA
.
DRP , ,
,
717

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

,
.
:
interface vlan 1
ipv6 nd router-preference high
exit

2.46.28

ipv6 neighbor

.
IPv6.

:
ipv6 neighbor ipv6-address interface-id mac-address
no ipv6 neighbor [[ipv6-address] interface-id]
no
IPv6.
:
ipv6-address

IPv6-.
, RFC
4293 (
16- ,
).

interface-id

mac-address

- .


IPv6.

.

ipv6 neighbor
arp.
IPv6- IPv6-,
on-link,
. on-link
, IPv6,
, .
3.1.0.3 16.05.2013 .

718

-3000
. II

.465255.040

IPv6-
( IPv6),
.

.

IPv6

no ipv6 neighbor ipv6-address interface-id



. ,
,
IPv6.
no ipv6 neighbor interface-id
.
no ipv6 neighbor
.
IPv6
show ipv6 neighbors.
IPv6
:
- NCMP (Incomplete)
;
- REACH (Reachable) .

IPv6.
INCMP REACH
.
:
console(config)# ipv6 neighbor 3000::a31b vlan 1 001b.3f9c.84ea

console(config)# ipv6 neighbor 3000::a31b vlan 1 001b.3f9c.84ea

console(config)# ipv6 neighbor 3000::a31b vlan 1 001b.3f9c.84ea

console(config)# ipv6 neighbor 3000::a31b vlan 1 001b.3f9c.84ea

719

3.1.0.3 16.05.2013 .

-3000
. II

2.46.29

.465255.040

ipv6 prefix-list

.
IPv6-.
:
ipv6 prefix-list list-name [seq number] {{deny|permit} ipv6prefix/prefix-length [ge ge-length] [le le-length]} | description text
no ipv6 prefix-list list-name [seq number]
no .
:
list-name

32

seq number

,

1 4294967294.

deny

permit

ipv6-prefix

IPv6-.
, RFC
4293 (
16- ,
).

/prefix-length

IPv6-,
, ,

( ).

(/). : 0 128.

IPv6.

description text

80 .

ge ge-length

ipv6-prefix/prefixlength.
( ,
).

le le-length

ipv6-prefix/prefixlength.
( ,

3.1.0.3 16.05.2013 .

720

-3000
. II

.465255.040

).

.

.


IPv6.

ip

prefix-list,

ipv6 prefix-list seq



, 5.
,
43, 48.
, 5,
5.
ipv6 prefix-list seq
, .
, .
no ip prefix-list seq
.
no ip prefix-list seq
.

.
.
,
.

,


.

seq number.
show ipv6 prefix-list
.
IPv6-
,
,
721

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

.

. le ge
,
,
ipv6-prefix/prefix-length.
IPv6-, ,
deny any,
deny any any .

cP, cL.
PrefixIsEqual(P1, P2, L) L
L1 P2 TRUE, .
1. :
- P -
- L -
- ge -
- le -
cP/cL ,
PrefixIsEqual(cP,P,L) && cL==L
2. :
- P -
- L -
- ge -
- le -
cP/cL ,
PrefixIsEqual(cP,P,L) && cL>=ge
3. :
- P -
- L -
- ge -
- le -
cP/cL ,
PrefixIsEqual(cP,P,L) && cL<=le
4. :
- P -
- L -
- ge -
- le -
cP/cL ,
3.1.0.3 16.05.2013 .

722

-3000
. II

.465255.040

PrefixIsEqual(cP,P,L) && ge<=cL<=le


:
ipv6 prefix-list abc deny ::/0

ipv6 prefix-list abc permit 2002::/16

ipv6 prefix-list abc permit 5F00::/48 le 64

ipv6 prefix-list abc permit 2001:0DB8::/64 le 128

ipv6 prefix-list abc permit ::/0 ge 32 le 64

ipv6 prefix-list abc deny ::/0 ge 32

ipv6 prefix-list abc deny 2002::/128

ipv6 prefix-list abc permit ::/0

2.46.30

ipv6 redirect

.
IPv6 ICMP- Redirect
, .
:
ipv6 redirect
no ipv6 redirect
no
Redirect.


.

IPv6

ICMP-

Redirect

723

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


, IPv6 ICMP ,
.
:
interface vlan 100
no ipv6 redirect
exit
interface vlan 2
ipv6 redirect
exit

2.46.31

ipv6 route


IPv6-.

:
ipv6 route ipv6-prefix/prefix-length {next--ipv6-address | interface-id}
[metric]
no ipv6 route ipv6-prefix/prefix-length {next--ipv6-address | interfaceid}
no
.
:
ipv6-prefix

IPv6-
,

.

.

/prefix-length

IPv6-,
, ,

( ).

(/).

next-ipv6-address

IPv6-
.

- next-ipv6-address ,
:
IPv6 Zone Format> ::= IPv6-Link-Local-Address%Interface-ID.
3.1.0.3 16.05.2013 .

724

-3000
. II

.465255.040

- interface-id .
interface-id

metric


1 65535.
1.


.

.

next-ipv6-address IPv6-,
on-link.
on-link ,
non on-link,
, , .
interface-id
-.

:
ipv6 route 2001::/64 5::5

ipv6 route 2001:DB8:2222::/48 tunnel1

ipv6 route 2001:DB8:2222::/48 FE80::260:3EFF:FE11:6770%vlan1

2.46.32

ipv6 unicast-routing

.
IPv6-.
:
ipv6 unicast-routing
no ipv6 unicast-routing

no
IPv6-.


IPv6- .

725

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
:
ipv6 unicast-routing

2.46.33

ipv6 unreachables

.
ICMPv6- ,
.
:
ipv6 unreachables
no ipv6 unreachables
no
.

ICMP-


ICMP-
.

.

unicast-, ,
, ,
ICMPv6-
.
,
,
,
ICMP-
.
:
interface vlan 100
no ipv6 unreachables
exit

3.1.0.3 16.05.2013 .

726

-3000
. II

2.46.34

.465255.040

show ipv6 distance

.
IPv6.
:
show ipv6 distance

.
.
:
show ipv6 distance

2.46.35

Protocol

Distance

-------

--------

connected

static

ospf intra-as

30

ospf inter-as

110

bgp external

20

bgp internal

show ipv6 interface

.
, IPv6.
:
show ipv6 interface [interface-id]
:
interface-id

: Ethernet, Port-channel
VLAN.


IPv6-.

.

727

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


show ipv6 neighbors
.
:
Console# show ipv6 interface
Interface

IP addresses

Type

----------- -------------------------------------- -----------VLAN 1

4004::55/64 [ANY]

manual

VLAN 1

fe80::200:b0ff:fe00:0

linklayer

VLAN 1

ff02::1

linklayer

VLAN 1

ff02::77

manual

VLAN 1

ff02::1:ff00:0

manual

VLAN 1

ff02::1:ff00:1

manual

VLAN 1

ff02::1:ff00:55

manual

Default Gateway IP address

Type

Interface State

---------------------------- -------- --------- ----fe80::77

Static

VLAN 1

unreachable

fe80::200:cff:fe4a:dfa8

Dynamic

VLAN 1

stale

Console# show ipv6 interface Vlan 15


IPv6 is disabled
Console# show ipv6 interface Vlan 1
Number of ND DAD attempts: 1
MTU size: 1500
Stateless Address Autoconfiguration state: enabled
ICMP unreachable message state: enabled
MLD version: 2
IP addresses

Type

DAD State

------------------------------------- --------- ----------4004::55/64 [ANY]

manual

fe80::200:b0ff:fe00:0

linklayer Active

ff02::1

linklayer ------

ff02::77

manual

------

ff02::1:ff00:0

manual

------

ff02::1:ff00:1

manual

------

ff02::1:ff00:55

manual

------

3.1.0.3 16.05.2013 .

Active

728

-3000
. II

2.46.36

.465255.040

show ipv6 link-local default zone

.
IPv6-
.
:
show ipv6 link-local default zone

.
.
:
show ipv6 link-local default zone
Link Local Default Zone is VLAN 1

show ipv6 link-local default zone


Link Local Default Zone is not defined

2.46.37

show ipv6 mtu

.
MTU
IPv6-.
:
show ipv6 mtu

.
.
:
show ipv6 mtu
MTU

Since

Destination Address

1400

00:04:21

5000:1::3

1280

00:04:50

FE80::203:A0FF:FED6:141D

:
- MTU MTU, ICMP-
Packet-too-Big,
;
729

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

- Since ICMP-
Packet-too-Big;
- Destination Address , ICMP Packet-too-Big.
,
, MTU.
2.46.38

show ipv6 nd prefix

.
IPv6-,
IPv6 ND.
:
show ipv6 nd prefix [interface-id]
:
interface-id

,
.


.

.
.

show ipv6 nd prefix interface-id
,
.
:
show ipv6 nd prefix vlan 100
vlan 100
default
valid-lifetime 2,592,000 secs
preferred-lifetime 604,800 secs
on-link
auto-config
prefix 2001::1/64
valid-lifetime 3,600 secs

3.1.0.3 16.05.2013 .

730

-3000
. II

.465255.040

preferred-lifetime 2,700 secs


prefix 2001:2:12/64
no advertise
prefix 2002::1/64
valid-lifetime 3,600 secs
preferred-lifetime 2,700 secs
on-link
prefix 2011::1/64
valid-lifetime 3,600 secs
preferred-lifetime 2,700 secs
off-link
auto-config

2.46.39

show ipv6 neighbors

.
IPv6.
:
show ipv6 neighbors [interface-id | ipv6-address | ipv6-hostname]
:
interface-id

ipv6-address

IPv6-

.
, RFC
4293 (
16- ,
).

ipv6-hostname

IPv6- .


IPv6.

.
.

interface-id ,
IPv6. interface-id ,
.
731

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
show ipv6 neighbors vlan 1
IPv6 Address Age Link-layer Addr State Interface Router
2000:0:0:4::2 0 0003.a0d6.141e REACH VLAN1 Yes
3001:1::45a - 0002.7d1a.9472 REACH VLAN1 FE80::203:A0FF:FED6:141E 0 0003.a0d6.141e REACH VLAN1 No

show ipv6 neighbors 2000:0:0:4::2


IPv6 Address Age Link-layer Addr State Interface Router
2000:0:0:4::2 0 0003.a0d6.141e REACH VLAN1 Yes

:
- Total number of entries ;
- IPv6 Address IPv6- .
- Age ( ), ,
. (-) ;
- Link-layer Addr MAC-. ,
(-);
- Interface ,
;
- Router ,
. (-)
.
2.46.40

show ipv6 prefix-list

.
IPv6-.
:
show ipv6 prefix-list [detail [list-name] | summary [list-name]]
show ipv6 prefix-list list-name ipv6-prefix/prefix-length [longer | firstmatch]
show ipv6 prefix-list list-name seq seq-num
:
detail | summary
IPv6-.
list-name

IPv6-.

ipv6-prefix


IPv6-.

3.1.0.3 16.05.2013 .

732

-3000
. II

.465255.040

, RFC 4293 (

16-
,
).
/prefix-length

IPv6-,
, ,

( ).
(/).

longer

IPv6-,
,
ipv6-prefix/ prefix-length.

first-match

IPv6-,
ipv6-prefix/
prefix-length.

seq-num

IPv6-


.
.

show ip
prefix-list, IPv6.

detail.

detail

summary,

longer first-match,
,
/.
:
show ipv6 prefix-list detail
ipv6 prefix-list 6to4:
count: 1, range entries: 0
seq 5 permit 2002::/16 (hit count: 313)
ipv6 prefix-list aggregate:
count: 3, range entries: 2
seq 5 deny 3FFE:C00::/24 ge 25 (hit count: 568)
seq 10 description The Default Action
seq 15 permit ::/0 le 48 (hit count: 31310)

733

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

ipv6 prefix-list bgp-in:


count: 6, range entries: 3
seq 5 deny 5F00::/8 le 128 (hit count: 0)
seq 10 deny ::/0 (hit count: 0)
seq 15 deny ::/1 (hit count: 0)
seq 20 deny ::/2 (hit count: 0)
seq 25 deny ::/3 ge 4 (hit count: 0)
seq 30 permit ::/0 le 128 (hit count: 240664)

:
- count ;
- range entries
;
- seq ;
- permit, deny ;
- description ;
- hit count .
show ipv6 prefix-list summary
ipv6 prefix-list 6to4:
count: 1, range entries: 0
ipv6 prefix-list aggregate:
count: 2, range entries: 2
ipv6 prefix-list bgp-in:
count: 6, range entries: 3

show ipv6 prefix-list bgp-in seq 15


seq 15 deny ::/1 (hit count: 0)

2.46.41

show ipv6 protocols

.

IPv6-.
:
show ipv6 protocols [summary]
:
summary
3.1.0.3 16.05.2013 .

734

-3000
. II

.465255.040


.
.

, ,
.
:
show ipv6 protocols ospf
IPv6 Routing Protocol is "ospf 1"
Interfaces:
VLAN 3
VLAN 100
Tunnel 1
IPv6 Routing Protocol is "ospf 10"
Interfaces:
VLAN 10
VLAN 130
Tunnel 2

:
- IPv6 Routing Protocol is
IPv6- ;
- Interfaces ,
.
show ipv6 protocols summary
IPv6 Routing Protocol is "ospf 1"
IPv6 Routing Protocol is "ospf 10"

2.46.42

show ipv6 route


IPv6.
:
show ipv6 route

.

735

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
Console> show ipv6 route
Codes: L - Local, S - Static, I - ICMP, ND - Router Advertisment
The number in the brackets is the metric.
S ::/0 via fe80::77 [0] VLAN 1 Lifetime Infinite
ND ::/0 via fe80::200:cff:fe4a:dfa8 [0] VLAN 1 Lifetime 1784 sec
L 2001::/64 is directly connected, g2 Lifetime Infinite
L 2002:1:1:1::/64 is directly connected, VLAN 1 Lifetime 2147467 sec
L 3001::/64 is directly connected, VLAN 1 Lifetime Infinite
L 4004::/64 is directly connected, VLAN 1 Lifetime Infinite
L 6001::/64 is directly connected, g2 Lifetime Infinite

2.46.43

show ipv6 route summary

.
IPv6- .
:
show ipv6 route summary

.
.
:
show ipv6 route summary
IPv6 Routing Table Summary - 97 entries
37 local, 35 connected, 25 static
Number of prefixes:
/16: 1, /28: 10, /32: 5, /35: 25, /40: 1, /64: 9
/96: 5, /112: 1, /127: 4, /128: 36

2.46.44

show ipv6 static

.

IPv6-.
:
show ipv6 static [ipv6-address | ipv6-prefix/prefix-length] [interface
interface-id][detail]
:
ipv6-address
3.1.0.3 16.05.2013 .

IPv6-.
736

-3000
. II

.465255.040

, RFC
4293 (
16- ,
).
ipv6-prefix

IPv6-.
, RFC
4293 (
16- ,
).

/prefix-length

IPv6-,
, ,

( ).

(/).

interface-id

detail



.

.
.

ipv6-address ipv6-prefix/prefixlength,
.
interface-id,
.
detail
, .
:
show ipv6 static
IPv6 Static routes Code: * - installed in Routing Information Base (RIB)
IPv6 Static routes distance is 1
* 3000::/16, interface VLAN1, metric 1

737

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

* 4000::/16, via nexthop 2001:1::1, metric 1


5000::/16, interface VLAN2, metric 1
* 5555::/16, via nexthop 4000::1, metric 1
5555::/16, via nexthop 9999::1, metric 1
* 5555::/16, via nexthop 4001:AF00::1, metric 1
* 6000::/16, via nexthop 2007::1, metric 1
show ipv6 static 2001:200::/35
IPv6 Static routes Code: * - installed in Routing Information Base (RIB)
IPv6 Static routes distance is 1
* 2001:200::/35, via nexthop 4000::1, metric 1
2001:200::/35, via nexthop 9999::1, metric 1
* 2001:200::/35, interface VLAN1, metric 1
show ipv6 static interface vlan 1
IPv6 Static routes Code: * - installed in Routing Information Base (RIB)
IPv6 Static routes distance is 1
* 5000::/16, interface VLAN1, metric 1
show ipv6 static detail
IPv6 Static routes Code: * - installed in Routing Information Base (RIB)
IPv6 Static routes distance is 1
* 3000::/16, interface VLAN1, metric 1
* 4000::/16, via nexthop 2001:1::1, metric 1
5000::/16, interface fa 1/0/10, metric 1
Interface is down
* 5555::/16, via nexthop 4000::1, metric 1
5555::/16, via nexthop 9999::1, metric 1
Route does not fully resolve
* 5555::/16, via nexthop 4001:AF00::1, metric 1
* 6000::/16, via nexthop 2007::1, metric 1

3.1.0.3 16.05.2013 .

738

-3000
. II

2.47
2.47.1

.465255.040

OpenFlow
openflow enable

.
OpenFlow.
:
openflow enable
no openflow enable
no .

OpenFlow .

.


.
:
switchxxxxxx(config)# openflow enable

2.47.2

openflow forward_action

.
,
.
:
openflow forward_action [forward | drop | to_controller}
no openflow forward_action

.

no

739

forward

,
,
.

drop

,
.

to_controller

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

, OpenFlow.

to_controller.

.


.
:
switchxxxxxx(config)# openflow forward_action drop

2.47.3

openflow ip-address

. IP-
OpenFlow.
:
openflow ip-address ip-address
no openflow ip-address

.

no

:
ip-address

IP- OpenFlow.


10.10.10.10.

.


.
:
switchxxxxxx(config)# openflow ip-address 192.168.1.1

3.1.0.3 16.05.2013 .

740

-3000
. II

2.47.4

.465255.040

openflow protocol

.
OpenFlow
OpenFlow.
:
openflow protocol tcp { tcp-port [port-id] }
no openflow protocol

.

no

:
tcp-port [port-id] TCP-
OpenFlow.


TCP- 6633.

.


.
:
witchxxxxxx(config)# openflow protocol tcp tcp-port 1234

2.47.5

show openflow

. OpenFlow
.
:
show openflow

.
:
switchxxxxxx#show openflow
OpenFlow status: Enabled
OpenFlow status after reset: Enabled

741

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

OpenFlow protocol: tcp


OpenFlow TCP port: 6633
OpenFlow Server IP Address: 10.10.10.10
OpenFlow OOB Server IP Address: 10.10.10.10
OpenFlow Default Forward Action: toController

2.48
2.48.1

OSPFv3
area default-cost

.
,
(NSSA).
:
area area-id default-cost cost
no area area-id default-cost

.

no

:
area-id

.
, IP.

cost

,
NSSA,
24- .


1.

(config-router).

area default-cost
, .


(ABR),
NSSA.
NSSA
,
NSSA, , .
3.1.0.3 16.05.2013 .

742

-3000
. II

.465255.040


: area stub area default-cost.
, ,
area
stub. area default-cost
,
. area default-cost
, ,
, . area defaultcost
,
.

no
area area-id ( ). no area
area-id , area authentication,
area default-cost, area nssa, area range, area stub area virtuallink.
:
ipv6 router ospf 1
area 10.0.0.0 stub
area 10.0.0.0 default-cost 20
exit

2.48.2

area filter-list

.
,
(LSA) 3 OSPF
.
:
area area-id filter-list prefix prefix-list-name {in | out}
no area area-id filter-list prefix {in | out}
no .
:

743

area-id

.
,
IP-.

prefix-list-name

IPv6-.

in

,
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
out

,

.


.
.

(config-router).

area filter-list
, .
area filter-list
. area filter-list
, ,
.
in,

LSA

3,

,
, .
LSA 3,
area range ,
LSA
3, . ,
,
.
out,

LSA
3,

,
, .
area range ,
LSA 3, ,
,

.
,
LSA 3, area
range, .
3.1.0.3 16.05.2013 .

744

-3000
. II

.465255.040

, ,
.
:
area 1 filter-list prefix AREA_1 in

2.48.3

area nssa

.
(NSSA).
:
area area-id nssa [no-summary] [translator-role
candidate}] [translator-stability-interval seconds]
no area area-id nssa

{always

no NSSA .
:

745

area-id

.
,
IP-.

no-summary

NSSA,
.

translator-role

NSSA

LSA 7
LSA 5.
candidate.

always

NSSA
LSA 7 LSA

5,

NSSA.

candidate

NSSA

RFC 3101 ( 3.1).

seconds

,
,

.
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


NSSA .

(config-router).

area nssa
, .
area nssa no ,
.

no area area-id
( ). no area area-id
, area authentication, area
default-cost, area nssa, area range, area stub area virtual-link.
:
ipv6 router ospf 1
area 1 nssa
exit

2.48.4

area range

.
.
:
area area-id range ipv6-prefix /prefix-length [advertise | notadvertise]
no area area-id range ipv6-prefix /prefix-length
no .
:
area-id

.
,
IP-.

ipv6-prefix

IPv6-.

/prefix-length

IPv6-.

advertise

3.1.0.3 16.05.2013 .

746

-3000
. II

.465255.040

LSA 3.
not-advertise


. LSA
3
.


.

.

area range
.
.
,

.

.
.
advertise not-advertise ,
advertise.

area range. , OSPF



.

no
area area-id ( ). no area
area-id , area default-cost,
area nssa, area range, area stub area virtual-link.
:
interface vlan 100
ipv6 enable
ipv6 ospf 1 area 1
exit
ipv6 router ospf 1
router-id 192.168.255.5
area 1 range 2001:0DB8:0:1::/64
exit

747

3.1.0.3 16.05.2013 .

-3000
. II

2.48.5

.465255.040

area shutdown

.
OSPF .
:
area area-id shutdown
no area area-id shutdown
no OSPF.
:
area-id

.
,
IP-.


OSPF .

(config-router).

area shutdown
OSPF
. ,
,
.
:
ipv6 router ospf 1
area 10.0.0.0 shutdown
exit

2.48.6

area stub

.
.
:
area area-id stub [no-summary]
no area area-id stub
no .

3.1.0.3 16.05.2013 .

748

-3000
. II

.465255.040

:
area-id

.
,
IP-.

no-summary

,

(LSA) .


.

(config-router).

area stub
, .
area stub no ,
.
area stub
.
area
default-cost

.

: area stub area default-cost.
, ,
area
stub. area default-cost
,
. area default-cost
, ,
, . area defaultcost
,
.
LSA,
,
no-summary
LSA ( 3)
. no-summary,
749

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


no
area area-id ( ). no area
area-id , area authentication,
area default-cost, area nssa, area range, area stub area virtuallink.
:
ipv6 router ospf
area 10.0.0.0 default-cost 20
area 10.0.0.0 stub
exit

2.48.7

area virtual-link


OSPF.

:
area area-id virtual-link router-id [hello-interval seconds]
[retransmit-interval seconds] [transmit-delay seconds] [deadinterval seconds]
no area area-id virtual-link router-id
no .
:
area-id

,
,
IPv6-.
.

router-id


show ip ospf show ipv6
display.

hello-interval
seconds

hello- .

3.1.0.3 16.05.2013 .

750

-3000
. II

.465255.040


hello-.

, .
: 1 8192 .
10.
retransmit-interval ,
seconds

(LSA)

.

,
(round-trip delay)

. ,
,
.
: 1 8192 .
5.
transmit-delay
seconds

,

.
.
: 1 8192 .
1.

dead-interval
seconds

hello,

hellointerval 40 .
hello-interval,

,
.


.

(config-router).
751

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


OSPF
. ,

.
hello-interval
,
OSPF.
retransmit-interval .

.
transmit-delay
.
OSPF IPv6
.

.

show ip ospf
show ipv6 ospf.

no
area area-id ( ). no area
area-id , area default-cost,
area nssa, area range, area stub area virtual-link.
:
ipv6 router ospf 1
area 1 virtual-link 192.168.255.1
exit

ipv6 router ospf 1


area 1 virtual-link 192.168.255.1 hello-interval 5
exit

2.48.8

clear ipv6 ospf process

. OSPF.

3.1.0.3 16.05.2013 .

752

-3000
. II

.465255.040

:
clear ipv6 ospf [process-id] process
:
process-id

.
,
OSPF.


.

OSPF
process-id. process-id ,
OSPF.
clear ipv6 ospf process
OSPF,
.
,
.
:
clear ipv6 ospf process

clear ipv6 ospf 1 process

2.48.9

default-metric (IPv6 OSPF)

,
OSPF IPv6.
:
default-metric metric-value
no default-metric

.

no

:
metric-value

753

, 1 4294967295.

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

default-metric
redistribute ,

.

,
. , ,

.


redistribute, .
:
ipv6 router ospf 100
default-metric 10
redistribute rip
exit

2.48.10

ipv6 ospf area

. OSPF
IPv6 .
:
ipv6 ospf process-id area area-id [shutdown]
no ipv6 ospf process-id area area-id
no OSPF
.
:
process-id


(,
OSPF).
: 1 255.

area-id

,
OSPF.

3.1.0.3 16.05.2013 .

754

-3000
. II

shutdown

.465255.040

OSPF
shutdown.


.

.

OSPF IPv6
ipv6 ospf area
IPv6.
OSPFv3 , .
IPv6
. OSPF IPv6
.
OSPF IPv6:
, .
ipv6 ospf area shutdown
OSPFv3
OSPF no ipv6
ospf shutdown.
ipv6 ospf area,
, .
, OSPF IPv6.
:
ipv6 unicast-routing
interface vlan 100
ipv6 enable
ipv6 ospf 1 area 0
exit
interface vlan 200
ipv6 enable
ipv6 ospf 120 area 1.4.20.9
exit

2.48.11

ipv6 ospf cost

.
.
:
ipv6 ospf cost interface-cost
755

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

no ipv6 ospf cost


no
.
:
interface-cost

1 65535.


. .

.

ipv6 ospf cost
OSPFv3
ipv6 ospf area.
,
.
:
10^10 / ifSpeed.

.
,
.
10G Ethernet: 1;
1G Ethernet: 10;
100M Ethernet: 100;
10M Ethernet: 1000.
:
ipv6 ospf cost 65

2.48.12

ipv6 ospf dead-interval

.
hello-,
.
:
ipv6 ospf dead-interval seconds
no ipv6 ospf dead-interval
no
.
3.1.0.3 16.05.2013 .

756

-3000
. II

.465255.040

:
seconds

1
65535 .
.


,
, ipv6 ospf hello-interval,
.

.

hello-
.
.
:
interface vlan 100
ipv6 ospf dead-interval 60
exit

2.48.13

ipv6 ospf hello-interval

.
,
hello- .
:
ipv6 ospf hello-interval seconds
no ipv6 ospf hello-interval

.

no

:
seconds

( ).

.


10 .

.
757

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


hello-.
hello-interval ,
OSPF.

.
:
interface vlan 100
ipv6 ospf hello-interval 15
exit

2.48.14

ipv6 ospf mtu-ignore

.
OSPF MTU
Database Descriptor (DBD).
:
ipv6 ospf mtu-ignore
no ipv6 ospf mtu-ignore

.

no


.

.

OSPF ,
MTU.
, DBD. MTU DBD- ,
IP MTU, ,
OSPF .
:
interface vlan 100
ipv6 ospf mtu-ignore
exit

3.1.0.3 16.05.2013 .

758

-3000
. II

2.48.15

.465255.040

ipv6 ospf neighbor

OSPF,

.
:
ipv6 ospf neighbor ipv6-address [priority number] [poll-interval
seconds] [cost number] no ipv6 ospf neighbor ipv6-address [priority
number] [poll-interval seconds] [cost number]
no .
:
ipv6-address

IPv6- .
,
RFC 2373 (

16-
,
).

priority number

,
IPv6-.
0.

poll-interval seconds ( ). RFC 2328


,
, hello-.
120
(2 ).
.
cost number


1 65535. ,
,

ipv6ospf cost.


.

.

759

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040



.
.
(hello Router Dead
Interval), , hello , . hello ,
.
, hello-
,
, (DR)
(BDR).

hello-
.
priority
-. -
cost number
, . cost

(NBMA).
:
interface tunnel 4
ipv6 ospf neighbor FE80::A8BB:CCFF:FE00:C01
exit

2.48.16

ipv6 ospf priority

.
,
.
:
ipv6 ospf priority number-value
no ipv6 ospf priority
no
.

:
number-value
3.1.0.3 16.05.2013 .

0
760

-3000
. II

.465255.040

255.

1.

.

, ,
,
.
,

.
, ,

.
,
(.. -).
OSPF
ipv6 ospf
neighbor.
:
interface vlan 100
ipv6 ospf priority 4
exit

2.48.17

ipv6 ospf retransmit-interval

.
,
(LSA)
,
.
:
ipv6 ospf retransmit-interval seconds
no ipv6 ospf retransmit-interval
no
.

:
seconds
761

1 65535
.
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


5 .

.

LSA
, ,
.
,
LSA .

.
.
:
interface vlan 100
ipv6 ospf retransmit-interval 8
exit

2.48.18

ipv6 ospf shutdown

. OSPF
IPv6 .
:
ipv6 ospf shutdown
no ipv6 ospf shutdown
no OSPF
.

.
:
interface vlan 100
ip ospf shutdown
exit

2.48.19

ipv6 ospf transmit-delay

,
(LSA) .
3.1.0.3 16.05.2013 .

762

-3000
. II

.465255.040

:
ipv6 ospf transmit-delay seconds
no ipv6 ospf transmit-delay
no
.

:
seconds


65535 .


1 .

.

(LSA)

seconds .
.
, ,
LSA , .

.
:
interface vlan 100
ipv6 ospf transmit-delay 3
exit

2.48.20

ipv6 router ospf

. OSPF
IPv6.
:
ipv6 router ospf process-id
:
process-id

763


1 255 (,
OSPF
IPv6).
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


OSPF IPv6
.

.

OSPF
IPv6. OSPFv3
, .
OSPF IPv6.
:
ipv6 router ospf 1

2.48.21

no area

.
.
:
no area area-id
:
area-id

.
,
IP-.


.

(config-router).


no area area-id.
no area area-id ,
area authentication, area default-cost, area nssa, area
range, area stub area virtual-link.

3.1.0.3 16.05.2013 .

764

-3000
. II

.465255.040

:
router ospf 1
no area 1
exit

2.48.22

passive-interface (IPv6)

.
.
:
passive-interface [default | interface-id]
no passive-interface [default | interface-id]
no .
:
default

interface-id


.
,
.

.


,
,

.
default
.
,
no
passive-interface. default
Internet ,

200
OSPF IPv6
.
765

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


OSPF IPv6.
:
passive-interface default
no passive-interface vlan100

2.48.23

redistribute (OSPFv3)


. IPv6
.
:
redistribute source-protocol [process-id] [include-connected] [metric
metric-value] [metric-type type-value] [match {internal | external [1 |
2] | nssa-external [1 | 2]}] [route-map map-tag]
no redistribute source-protocol [process-id] [include-connected]
[metric metric-value] [metric-type type-value] [match {internal |
external [1 | 2] | nssa-external [1 | 2]}] [route-map map-tag]
no .
:
sourceprotocol

process-id

includeconnected

metric
metric-value

3.1.0.3 16.05.2013 .

,
.
:
connected, static, ospf bgp.
process-id
ospf
OSPF,

.

.
.
, 1.

, ,
,
.
,

.

route map ( set
766

-3000
. II

.465255.040

metric), ,
metric-value.
,
:
- OSPF
) OSPF


;
) OSPF

1.
- BGP 1
- , OSPF
BGP 20
,
metric-type
type-value
,

OSPF.
:
- 1;
- 2.

metric-type

,
2.
match {internal | external [1 | 2] | nssa-external [1 | 2]}
match
ospf
, OSPF
OSPF.
:
,
- internal
.
- external 1 ,
,
OSPF 1.
- external 2 ,
,
OSPF 2.
,
- nssa ,
external 1
OSPF, NSSA, IPv6
1.
767

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

,
,
OSPF, NSSA, IPv6
2.
internal
external 1.

redistribute
match.
,
route-map


.
,
. ,
,
.
map-tag
.
- nssaexternal 2


.

.
.

, ,
.
connected
OSPF ,
IP-,
OSPF . OSPF
IP-,
OSPF.
static
OSPF.

OSPF.
bgp
, eBGP, BGP OSPF. ,
eBGP,
bgp redistribue-internal.
3.1.0.3 16.05.2013 .

768

-3000
. II

.465255.040


.
,
,
,
.

.

redistribute default-information
OSPF,

(ASBR). ASBR

OSPF.
, redistribute,
redistribute
no .
IPv4

, . IPv6
.
,
IPv6,
include-connected. IPv6,
BGP.
:
ipv6 router ospf 1
redistribute isis 1 metric 32 metric-type 1 tag 85
exit

interface vlan 100


ipv6 address 2001:1:1::90/64
ipv6 rip 1 enable
exit
interface vlan 101
ipv6 address 2001:99:1::90/64
ipv6 rip 1 enable
exit
interface vlan102
ipv6 address 2001:1:2::90/64

769

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

ipv6 ospf 1 area 1


ipv6 router ospf 1
redistribute rip 1 include-connected
exit
exit

2.48.24

router-id (IPv6)

:
router-id {ipv4-address | integer-value}
no router-id

.

no

:
ipv4-address

IPv4.

integer-value

IPv4-,


.

( IP )
.
.
OSPF
OSPF (
clear ipv6 ospf process).
OSPF
IPv4-, OSPF
.

3.1.0.3 16.05.2013 .

770

-3000
. II

.465255.040

:
ipv6 router ospf 1
router-id 10.1.1.1
exit

2.48.25

show ipv6 ospf

.
OSPF.
:
show ipv6 ospf [process-id [area-id]]
:
process-id


(,
OSPF).

area-id

.

.


.
.
:
Router# show ip ospf
OSPFv3 Routing Process 1 with ID 192.168.0.0
Administrative state is UP
Operational state is UP
Default Redistribute Metric is 100
Redistributing is enabled from
Connected:
metric value is default metric
metric type is external 2
route-map name is alpha
with subnets
nssa only
Connected:
metric value is default metric
metric type is external 2
route-map name is alpha
with subnets
nssa only
static:
metric value is 50
metric type is external 1
no route-map
without subnets
OSPF 109:

771

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

internal:
internal metric value is preserved, metric type is external 1
metric value is preserved, metric type is external 1
route-map name is alp
with subnets
exteranl 1
metric value is 100, metric type is external 1
no route-map
with subnets
exteranl 2
metric is value 100, metric type is external 2
no route-map
with subnets
OSPF 120:
from metric type:
internal: metric value is default metric, metric type is external 1
metric value is default metric, metric type is external 1
no route-map
with subnets
exteranl 1: metric value is default metric, metric type is external 2
metric value is default metric, metric type is external 2
no route-map
with subnets
It is an Autonomous System Boundary Router
It is an Area Boundary Router
SPF schedule delay 5000 ms
Maximum Number of Equal Cost Paths 4
Number of External LSAs (Type 5) is 6, Checksum is 0x11029BEB
Number of originated LSAs is 126
Number of received LSAs is 1006
Number of areas in this router is 4. 2 normal 1 stub 1 nssa
Area BACKBONE(0)
Administrative state is UP
Operational state is UP
Number of interfaces in this area is 2
Area has message digest authentication
SPF algorithm executed 4 times
Area ranges are
192.168.0.0/16 Advertise
192.100.0.0/16 Not Advertise
Number of ASBR is 0
Number of ABR is 2
Number of LSA 31. Checksum Sum 0x107493
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 20
Area 24
Administrative state is UP
Operational state is UP
Number of interfaces in this area is 2
SPF algorithm executed 10 times
Area ranges are
Number of ASBR is 1
Number of ABR is 3
Number of LSA 20. Checksum Sum 0x095E6A
Number of DCbitless LSA 0
Number of indication LSA 0

3.1.0.3 16.05.2013 .

772

-3000
. II

.465255.040

Number of DoNotAge LSA 0


Area 10.0.0.0
It is a NSSA area
Administrative state is UP
Operational state is UP
Number of interfaces in this area is 4
Area default metric is 100
Perform type-7/type-5 LSA translation, suppress forwarding address
Number of LSA 20. Checksum Sum 0x095E6A
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0
Area 192.168.1.1
It is a stub area, no summary
Administrative state is UP
Operational state is UP
Number of interfaces in this area is 4
Area default metric is 100
Number of LSA 20. Checksum Sum 0x095E6A
Number of DCbitless LSA 0
Number of indication LSA 0
Number of DoNotAge LSA 0

2.48.26

show ipv6 ospf database

.
OSPF.

(LSA) OSPF.
:
show ipv6 ospf [process-id [area-id]] database [adv-router router-id |
self-originate] [internal]
show ipv6 ospf [process-id [area-id]] database [database-summary]
show ipv6 ospf [process-id [area-id]] database [external [ipv6-prefix]
[link-state-id]] | [adv-router router-id | self-originate] [internal]
show ipv6 ospf [process-id [area-id]] database [grace]
show ipv6 ospf [process-id [area-id]] database [inter-area prefix
[ipv6-prefix] [link-state-id]] | [adv-router router-id | self-originate]
[internal]
show ipv6 ospf [process-id [area-id]] database [inter-area router
[destination-router-id] [link-state-id]] | [adv-router router-id | selforiginate] [internal]
show ipv6 ospf [process-id [area-id]] database [link [interface
interface-name] [link-state-id]] [adv-router router-id | self-originate]
[internal]
show ipv6 ospf [process-id [area-id]] database [network [link-stateid]] [adv-router router-id | self-originate] [internal]
773

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

show ipv6 ospf [process-id [area-id]] database [nssa-external [ipv6prefix] [link-state-id]] [adv-router router-id | self-originate] [internal]
show ipv6 ospf [process-id [area-id]] database [prefix [ref-lsa
{router | network}] [link-state-id]] [adv-router router-id | selforiginate] [internal]
show ipv6 ospf [process-id [area-id]] database [router [link-state-id]]
[adv-router router-id | self-originate] [internal]
show ipv6 ospf [process-id [area-id]] database [[router | network |
[external ipv6-prefix | nssa-external ipv6-prefix | inter-area {prefix
ipv6-prefix | router}] | link | prefix] | database-summary] [advrouter router-id | self-originate] [internal]
show ipv6 ospf [process-id [area-id]] database [unknown [{area | as |
link} [link-state-id]]] [adv-router router-id | self-originate] [internal]
:
process-id

area-id


.
,
process-id.

adv-router
router-id


(LSA) .
RFC 2740
(

16-
,
).

self-originate

LSA
(
).

internal

databasesummary


LSA , ,
,

LSA .

external

ipv6-prefix

IPv6- .
RFC 2373 (

3.1.0.3 16.05.2013 .

774

-3000
. II

inter-area
prefix

16-
,
).
,
LSA.

link-state-id
.
LSA
LSA inter-area prefix.

inter-area
router

LSA
LSA inter-area router.

destinationrouter-id

link


.

, .
LSA.

link-state-id

interface
interfacename

775

.465255.040

network

nssa-external


NSSA.

prefix

LSA intraarea-prefix.

ref-lsa
{router |
network}

prefix LSA.

router

unknown

LSA
.

area

as

link

link

unknown

LSA link-scope.
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
.

adv-router
. self-originate
LSA,
.

,
show ipv6 ospf database.
:
show ipv6 ospf database
OSPFv3 Router with ID (172.16.4.4) (Process ID 1)
Router Link
ADV Router Age
172.16.4.4 239
172.16.6.6 239

States (Area 0)
Seq#
Fragment ID Link count Bits
0x80000003
0
1 B
0x80000003
0
1 B

Inter Area Prefix Link


ADV Router Age Seq#
172.16.4.4 249 0x80000001
172.16.4.4 219 0x80000001
172.16.6.6 247 0x80000001
172.16.6.6 193 0x80000001
172.16.6.6 82 0x80000001

States (Area 0)
Prefix
FEC0:3344::/32
FEC0:3366::/32
FEC0:3366::/32
FEC0:3344::/32
FEC0::/32

Inter Area Router Link


ADV Router Age Seq#
172.16.4.4 219 0x80000001
172.16.6.6 193 0x80000001

States (Area 0)
Link ID Dest RtrID
50529027 172.16.3.3
50529027 172.16.3.3

Link (Type-8) Link States (Area 0)


ADV Router Age Seq#
Link ID Interface
172.16.4.4 242 0x80000002 14 VLAN 100
172.16.6.6 252 0x80000002 14 VLAN 100
Intra Area Prefix Link
ADV Router Age Seq#
172.16.4.4 242 0x80000002
172.16.6.6 252 0x80000002

States (Area 0)
Link ID Ref-lstype Ref-LSID
0
0x2001
0
0
0x2001
0

:
ADV Router ;
Age LS;
3.1.0.3 16.05.2013 .

776

-3000
. II

.465255.040

Seq#

(
LSA);
Link ID ;
Ref-lstype LS;
Ref-LSID LS.
show ipv6 ospf database router self-originate
OSPFv3 Router with ID (172.16.6.6) (Process ID 1)
Router Link States (Area 0)
LS age: 383
Options: (V6-Bit E-Bit R-bit DC-Bit)
LS Type: Router Links
Link State ID: 0
Advertising Router: 172.16.6.6
LS Seq Number: 80000003
Checksum: 0x7543
Length: 40
Area Border Router
Number of Links: 1
Link connected to: another Router (point-to-point)
Link Metric: 1
Local Interface ID: 14
Neighbor Interface ID: 14
Neighbor Router ID: 172.16.4.4
show ipv6 ospf database network
OSPFv3 Router with ID (172.16.6.6) (Process ID 1)
Net Link States (Area 1)
LS age: 419
Options: (V6-Bit E-Bit R-bit DC-Bit)
LS Type: Network Links
Link State ID: 3 (Interface ID of Designated Router)
Advertising Router: 172.16.6.6
LS Seq Number: 80000001
Checksum: 0x8148
Length: 32
Attached Router: 172.16.6.6
Attached Router: 172.16.3.3

show ipv6 ospf database link self-originate


OSPFv3 Router with ID (172.16.6.6) (Process ID 1)

777

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Link (Type-8) Link States (Area 0)


LS age: 505
Options: (V6-Bit E-Bit R-bit DC-Bit)
LS Type: Link-LSA (Interface: POS4/0)
Link State ID: 14 (Interface ID)
Advertising Router: 172.16.6.6
LS Seq Number: 80000002
Checksum: 0xABF6
Length: 60
Router Priority: 1
Link Local Address: FE80::205:5FFF:FED3:6408
Number of Prefixes: 2
Prefix Address: FEC0:4466::
Prefix Length: 32, Options: None
Prefix Address: FEC0:4466::
Prefix Length: 32, Options: None

show ipv6 ospf database prefix self-originate


OSPFv3 Router with ID (172.16.6.6) (Process ID 1)
Intra Area Prefix Link States (Area 0)
Routing Bit Set on this LSA
LS age: 552
LS Type: Intra-Area-Prefix-LSA
Link State ID: 0
Advertising Router: 172.16.6.6
LS Seq Number: 80000002
Checksum: 0xA910
Length: 48
Referenced LSA Type: 2001
Referenced Link State ID: 0
Referenced Advertising Router: 172.16.6.6
Number of Prefixes: 2
Prefix Address: FEC0:4466::
Prefix Length: 32, Options: None, Metric: 1
Prefix Address: FEC0:4466::
Prefix Length: 32, Options: None, Metric: 1

show ipv6 ospf database inter-area prefix self-originate


OSPFv3 Router with ID (172.16.6.6) (Process ID 1)
Inter Area Prefix Link States (Area 0)
LS age: 587
LS Type: Inter Area Prefix Links
Link State ID: 0

3.1.0.3 16.05.2013 .

778

-3000
. II

.465255.040

Advertising Router: 172.16.6.6


LS Seq Number: 80000001
Checksum: 0x1395
Length: 32
Metric: 1
Prefix Address: FEC0:3366::
Prefix Length: 32, Options: None
LS age: 532
LS Type: Inter Area Prefix Links
Link State ID: 1
Advertising Router: 172.16.6.6
LS Seq Number: 80000001
Checksum: 0x3197
Length: 32
Metric: 2
Prefix Address: FEC0:3344::
Prefix Length: 32, Options: None
LS age: 422
LS Type: Inter Area Prefix Links
Link State ID: 2
Advertising Router: 172.16.6.6
LS Seq Number: 80000001
Checksum: 0xCB74
Length: 32
Metric: 1
Prefix Address: FEC0::
Prefix Length: 32, Options: None

show ipv6 ospf database inter-area router self-originate


OSPFv3 Router with ID (172.16.6.6) (Process ID 1)
Inter Area Router Link States (Area 0)
LS age: 578
Options: (V6-Bit E-Bit R-bit DC-Bit)
LS Type: Inter Area Router Links
Link State ID: 50529027
Advertising Router: 172.16.6.6
LS Seq Number: 80000001
Checksum: 0x369F
Length: 32
Metric: 1
Destination Router ID: 172.16.3.3
show ipv6 ospf database external
OSPFv3 Router with ID (172.16.6.6) (Process ID 1)
Type-5 AS External Link States
Routing Bit Set on this LSA

779

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

LS age: 654
LS Type: AS External Link
Link State ID: 0
Advertising Router: 172.16.3.3
LS Seq Number: 80000001
Checksum: 0x218D
Length: 32
Prefix Address: FEC0:3333::
Prefix Length: 32, Options: None
Metric Type: 2 (Larger than any link state path)
Metric: 20

show ipv6 ospf 1 database


OSPFv3 Router with ID (10.2.2.2) (Process ID 1)
Router Link States (Area 0)
ADV Router Age Seq#
Fragment ID Link count Bits
10.1.1.1 1949 0x8000000e 0
1
None
10.2.2.2 2007 0x80000011 0
1
None
Link (Type-8) Link States (Area 0)
ADV Router Age Seq#
Link ID Interface
10.1.1.1 180 0x80000006 1
VLAN 100
10.2.2.2 2007 0x80000006 1
VLAN 100

ADV Router
ADV Router
10.1.1.1
10.2.2.2

Intra Area Prefix Link States (Area 0)


Age Seq# Link ID Ref-lstype Ref-LSID
Age Seq#
Link ID Ref-lstype Ref-LSID
180
0x80000006 0
0x2001
0
2007 0x80000006 0
0x2001
0

Grace (Type-11) Link States (Area 0)


ADV Router Age Seq#
Link ID Interface
10.2.2.2
2007 0x80000005 1
VLAN 100

show ipv6 ospf database grace


OSPFv3 Router with ID (10.3.33.3) (Process ID 1)
Grace (Type-11) Link States (Area 0)
LS age: 2
LS Type: Grace Links (Interface: Ethernet0/0)
Link State ID: 3 (Interface ID)
Advertising Router: 10.2.2.2
LS Seq Number: 80000001
Checksum: 0xE3DD
Length: 36
Grace Period : 120
Graceful Restart Reason : Software reload/upgrade

3.1.0.3 16.05.2013 .

780

-3000
. II

.465255.040

:
Grace (Type-11) Type 11 ,

graceful-restart
(
OSPF );
LS Type: Grace Links (Interfece: VLAN 100) LS
;
Grace Period : 120 graceful-restart
;
Graceful Restart Reason: Software reload/upgrade ,
graceful-restart.
2.48.27

show ipv6 ospf interface

.
OSPF.
:
show ip ospf [process-id [area-id]] interface [interface-id] [brief]
:
process-id


(
OSPF).

area-id

interface-id

brief


OSPF, , ,
.


.
.
:
show ipv6 ospf interface
tunnel 1 is up
Link Local Address 2001:0DB1:205:5FFF:FED3:5808, Interface ID 13
Area 1, Process ID 1, Instance ID 0, Router ID 172.16.3.3
Adminastrative state is up, Operational state is up
Network Type POINT_TO_POINT, Cost: 1
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:06
Neighbor Count is 1, Adjacent neighbor count is 1

781

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Adjacent with neighbor 172.16.4.4


Suppress hello for 0 neighbor(s)
VLAN 100 is up
Link Local Address 2001:0DB1:205:5FFF:FED3:5808, Interface ID 3
Area 1, Process ID 1, Instance ID 0, Router ID 172.16.3.3
Adminastrative state is up, Operational state is up
Network Type BROADCAST, Cost: 1
Transmit Delay is 1 sec, State BDR, Priority 1
Designated Router (ID) 172.16.6.6, local address 2001:0DB1:205:5FFF:FED3:6408
Backup Designated router (ID) 172.16.3.3, local address 2001:0DB1:205:5FFF:FED3:5808
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:05
Neighbor Count is 1, Adjacent neighbor count is 1
Adjacent with neighbor 172.16.6.6 (Designated Router)
Suppress hello for 0 neighbor(s

:
tunnel 1, vlan 100 ;
Link Local Address IPv6- ;
Area 1, Process ID 1, Instance ID 0, Router ID 172.16.3.3
, ,
, ;
Network Type POINT_TO_POINT, Cost: 1
LS;
Transmit Delay ,
;
Designated Router
IP- ;
Backup Designated router

;


IP-

Timer intervals configured ;


Hello ( ) hello-
;
Neighbor Count
.
Router# show ipv6 ospf interface brief

Interface Process ID

Area ID

Cost

OSPF Oper St Passive

--------- --------

-------------

----- ------------ ------------

tunnel 2

172.116.211.116

100

up

VLAN 1000 1

1.1.2.1

35

down

VLAN 1

20

55

up

3.1.0.3 16.05.2013 .

Yes

782

-3000
. II

2.48.28

.465255.040

show ipv6 ospf neighbor

.

.
:
show ip ospf [process-id [area-id]] neighbor [interface-id] [neighborid] [detail]
:
process-id


(
OSPF).

area-id

interface-id

neighbor-id

detail


.
.
:
show ipv6 ospf neighbor
Neighbor ID Pri State
Dead Time Interface ID Interface
172.16.4.4 1
FULL/ 00:00:31 14
POS4/0
172.16.3.3 1
FULL/BDR 00:00:30 3
FastEthernet00
172.16.5.5 1
FULL/ 00:00:33 13
ATM3/0

show ipv6 ospf neighbor detail


Neighbor 172.16.4.4
In the area 0 via interface POS4/0
Neighbor: interface-id 14, link-local address
FE80::205:5FFF:FED3:5406
Neighbor priority is 1, State is FULL, 6 state changes
Options is 0x63AD1B0D
Dead timer due in 00:00:33
Neighbor is up for 00:48:56
Neighbor 172.16.3.3
In the area 1 via interface FastEthernet0/0
Neighbor: interface-id 3, link-local address FE80::205:5FFF:FED3:5808
Neighbor priority is 1, State is FULL, 6 state changes
DR is 172.16.6.6 BDR is 172.16.3.3
Options is 0x63F813E9
Dead timer due in 00:00:33
Neighbor is up for 00:09:00
Neighbor 172.16.5.5
In the area 2 via interface ATM3/0
Neighbor: interface-id 13, link-local address FE80::205:5FFF:FED3:6006
Neighbor priority is 1, State is FULL, 6 state changes

783

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Options is 0x63F7D249
Dead timer due in 00:00:38
Neighbor is up for 00:10:01

:
Neighbor
ID;
;

Neighbor

In the area ,
OSPF ;
Pri; Neighbor priority ,
;
State OSPF;
State changes
;
Options hello- ( E.
: 0 2; 2 ,
, 0 );
Dead timer due in ,
, ;
Neighbor is up for ,
-.
show ipv6 ospf neighbor detail
Neighbor 10.1.1.1
In the area 0 via interface Ethernet0/0
Neighbor: interface-id 3, link-local address
FE80::A8BB:CCFF:FE00:200
Neighbor priority is 1, State is FULL, 6 state changes
DR is 10.1.1.1 BDR is 10.3.3.3
Options is 0x1C9AD11
Dead timer due in 00:00:36
Neighbor is up for 00:00:16

2.48.29

show ipv6 ospf router-id

.
OSPF.
:
show ipv6 ospf [process-id] router-id
:
process-id
3.1.0.3 16.05.2013 .


(,
784

-3000
. II

.465255.040

OSPF).

.
.

process-id
, IPv6-.
:
show ipv6 ospf router-id
Process-ID

Current Router-ID
Value

--------- -------------

2.48.30

Next Router-ID after Restart

Type

Value

Type

------

------------------

--------

1.1.1.192

default 1.1.1.1

default

1.1.1.192

default 100.100.100.100

manual

2.2.2.2

manual

2.2.2.2

default

10.10.10.10

manual 1.1.1.1

default

10.10.10.10

manual 2.2.2.2

manual

show ipv6 ospf snmp

.
OSPF SNMP.
:
show ip ospf snmp

.
.

show ipv6 ospf snmp
OSPF SNMP.
:
show ip ospf snmp
The standard OSPF MIB is mapped to OSPF process 2
SNMP notifications for OSPF are enabled
SNMP notifications Rate Limit: 10 seconds and 7 notifications during the window time
Authentication Failure Notifications are enabled
Bad Packet Notifications are disabled
Configuration Error Notifications are enabled
Virtual Link Authentication-failure Notifications are disabled
Virtual Link Bad Packet Notifications are enabled

785

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

Virtual Link Configuration Error Notifications are enabled


SNMP LSA Notifications are disabled
SNMP Packet Retransmission Notifications are disabled
SNMP Virtual Packet Retransmission Notifications are disabled
SNMP IF State Change Notifications are enabled
SNMP Neighbor State Change Notifications are enabled
SNMP Virtual IF State Change Notifications are enabled
SNMP Virtual Neighbor State Change Notifications are enabled

2.48.31

show ipv6 ospf virtual-links

.

OSPF.
:
show ipv6 ospf virtual-links

.
.

, show ipv6 ospf virtual-links,
OSPF.
:
show ipv6 ospf virtual-links
Virtual Link OSPF_VL0 to router 172.16.6.6 is up
Interface ID 27, IPv6 address FEC0:6666:6666::
Run as demand circuit
DoNotAge LSA allowed.
Transit area 2, via interface ATM3/0, Cost of using 1
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Hello due in 00:00:06

:
Virtual Link OSPF_VL0 to router 172.16.6.6 is up
OSPF, ,
;
Interface ID IPv6-
;
Transit area 2 ,
;
3.1.0.3 16.05.2013 .

786

-3000
. II

.465255.040

via interface ATM3/0 ,


;
Cost of using 1
OSPF ;
Transmit Delay is 1 sec ( )
;
State POINT_TO_POINT
OSPF;
Timer intervals... ,
;
Hello due in 0:00:06
hello- .
show ipv6 ospf virtual-links
Virtual Link OSPFv3_VL1 to router 10.2.0.1 is up
Interface ID 69, IPv6 address 2001:0DB8:11:0:A8BB:CCFF:FE00:6A00
Run as demand circuit
DoNotAge LSA allowed.
Transit area 1, via interface Serial12/0, Cost of using 64
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 2, Dead 10, Wait 40, Retransmit 5
Adjacency State FULL (Hello suppressed)
Index 1/2/4, retransmission queue length 0, number of retransmission 1
First 0x0(0)/0x0(0)/0x0(0) Next 0x0(0)/0x0(0)/0x0(0)
Last retransmission scan length is 1, maximum is 1
Last retransmission scan time is 0 msec, maximum is 0 msec
Virtual Link OSPFv3_VL0 to router 10.1.0.1 is up
Interface ID 67, IPv6 address 2001:0DB8:13:0:A8BB:CCFF:FE00:6700
Run as demand circuit
DoNotAge LSA allowed.
Transit area 1, via interface Serial11/0, Cost of using 128
Transmit Delay is 1 sec, State POINT_TO_POINT,
Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
Adjacency State FULL (Hello suppressed)

2.48.32

shutdown (IPv6 OSPF)

.
OSPF .
:
shutdown
no shutdown
no OSPF.
787

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


OSPF .

(config-router).

shutdown
OSPF
. ,
,
.
no shutdown
OSPF, .

,
.
:
ipv6 router ospf 1
shutdown
exit

2.48.33

snmp-process ipv6 ospf

OSPF,
MIB- OSPF.
:
snmp-process ipv6 ospf process-id
no snmp-process ipv6 ospf [process-id]
no
.

:
process-id

OSPF.

OSPF.


.
3.1.0.3 16.05.2013 .

788

-3000
. II

.465255.040


MIB- OSPF

OSPF.
snmp-process ipv6.
:
snmp-process ipv6 ospf 100

2.48.34

snmp-server enable traps ipv6 ospf

.
SNMP- OSPF.
:
snmp-server enable traps ipv6 ospf
no snmp-server enable traps ipv6 ospf
no SNMP-
OSPF.

SNMP- OSPF .

.

OSPF SNMP
:
- [no] snmp-server enable traps ipv6 ospf errors;
- [no] snmp-server enable traps ipv6 ospf lsa;
- [no] snmp-server enable traps ipv6 ospf retransmit;
- [no] snmp-server enable traps ipv6 ospf state-change.
:
Router(config)# snmp-server enable traps ipv6 ospf

2.48.35

snmp-server enable traps ipv6 ospf errors

. SNMP OSPF.

789

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
snmp-server enable traps ipv6 ospf errors [authenticationfailure][bad-packet] [config-error] [virt-authentication-failure]
[virt-bad-packet] [virt-config-error]
no snmp-server enable traps ipv6 ospf errors [authenticationfailure][bad-packet] [config-error] [virt-authentication-failure]
[virt-bad-packet] [virt-config-error]
no SNMP-
OSPF.
:
authentication-failure

ospfIfFailure.
SNMP-

,


.

bad-packet

ospfIfRxBadPacket.

SNMP-

OSPF .

config-error

ospfIfConfigError. SNMP

,

virt-authenticationfailure

ospfVirtIfFailure.
SNMP-

,

virt-bad-packet

ospfVirtIfRxBadPacket.

3.1.0.3 16.05.2013 .

790

-3000
. II

.465255.040

SNMP-

OSPF .
virt-config-error

ospfVirtIfConfigError. SNMP

,


SNMP- OSPF .

.

snmp-server enable traps ipv6 ospf errors

OSPF.
OSPF,
.
:
Router(config)# snmp-server enable traps ospf errors

2.48.36

snmp-server enable traps ipv6 ospf lsa

. SNMP (LSA) OSPF.


:
snmp-server enable traps ipv6 ospf lsa [lsa-maxage] [lsa-originate]
no snmp-server enable traps ipv6 ospf lsa [lsa-maxage] [lsaoriginate]
no SNMP-
OSPF LSA.

SNMP- OSPF LSA .

791

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

snmp-server enable traps ipv6 ospf lsa
LSA,
MIB- OSPF.
ospfMaxAgeLsa snmpserver enable traps ipv6 ospf lsa lsamaxage. ospfOriginateLsa
snmp-server enable traps ipv6 ospf
lsa lsa-originate.
ospfOriginateLsa
LSA,
30 , LSA
.
snmp-server enable traps ipv6 ospf lsa
.
, CISCOOSPF-TRAP-MIB LSA,
snmp-server enable
traps ipv6 ospf cisco-specific lsa.
:
Router(config)# snmp-server enable traps ipv6 ospf lsa lsa-originate

2.48.37

snmp-server enable traps ipv6 ospf rate-limit

.
OSPF,
.
:
snmp-server enable traps ipv6 ospf rate-limit seconds trap-number
no snmp-server enable traps ipv6 ospf rate-limit seconds trapnumber
no .
:
seconds

2 60
. 10 .

trap-number

,
,
0 300.

3.1.0.3 16.05.2013 .

792

-3000
. II

.465255.040

7.

.

.

, ,
,
. snmpserver enable traps ipv6 ospf rate-limit
,
.
:
Router(config)# snmp-server enable traps ipv6 ospf rate-limit 40 50

2.48.38

snmp-server enable traps ipv6 ospf retransmit

.
SNMP- OSPF.
:
snmp-server enable traps ipv6 ospf retransmit [packets] [virtpackets]
no snmp-server enable traps ipv6 ospf retransmit [packets] [virtpackets]

.

no

SNMP-

:
packets

ospfTxRetransmit.

SNMP OSPF .

virt-packets

ospfVirtTxRetransmit. SNMP OSPF .


SNMP- .
793

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.

ospfTXRetransmit ,
SNMP-
,
snmp-server enable traps ipv6 ospf retransmit
packets.
ospfTxRetransmit , SNMP-

, snmpserver enable traps ipv6 ospf retransmit
virt-packets. snmp-server enable traps ipv6
ospf retransmit
.
:
Router(config)# snmp-server enable traps ipv6 ospf retransmit virt-packets

2.48.39

snmp-server enable traps ipv6 ospf state-change

.
SNMP- OSPF.
:
snmp-server enable traps ipv6 ospf state-change [if-state-change]
[neighbor-state-change] [virtif-state-change] [virtneighbor-statechange]
no snmp-server enable traps ipv6 ospf state-change [if-statechange] [neighbor-state-change] [virtif-state-change] [virtneighborstate-change]
no
OSPF.

SNMP-

:
if-state-change

ospfIfStateChange.

SNMP
OSPF-.

neighbor-statechange

ospfNbrStateChange.

SNMP
OSPF-.

3.1.0.3 16.05.2013 .

794

-3000
. II

.465255.040

virtif-statechange

ospfVirtIfStateChange. SNMP
OSPF-.

virtneighborstate-change

ospfVirtNbrStateChange. SNMP
OSPF-.


SNMP-
OSPF .

.


snmp-server enable traps
ipv6 ospf state-change .
:
Router(config)# snmp-server enable traps ipv6 ospf state-change virtif-state-change
virtneighbor-state-change

2.49
2.49.1

OSPF
area default-cost

.
,
(NSSA).
:
area area-id default-cost cost
no area area-id default-cost

.

no

795

area-id

.
, IP.

cost

,
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

NSSA,
24- .

1.

(config-router).

area default-cost
, .


(ABR),
NSSA.
NSSA
,
NSSA, , .

: area stub area default-cost.
, ,
area
stub. area default-cost
,
. area default-cost
, ,
, . area defaultcost
,
.

no
area area-id ( ). no area
area-id , area authentication,
area default-cost, area nssa, area range, area stub area virtuallink.
:
interface vlan1
ip address 10.56.0.201 255.255.0.0
exit
router ospf 1
network 10.56.0.201 area 10.0.0.0

3.1.0.3 16.05.2013 .

796

-3000
. II

.465255.040

area 10.0.0.0 stub


area 10.0.0.0 default-cost 20
exit

2.49.2

area filter-list

.
,
(LSA) 3 OSPF
.
:
area area-id filter-list prefix prefix-list-name {in | out}
no area area-id filter-list prefix {in | out}
no .
:
area-id

.
,
IP-.

prefix-list-name

in

,

.

out

,

.


.
.

(config-router).

area filter-list
, .
area filter-list
. area filter-list
, ,
.
797

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

in,

LSA

3,

,
, .
LSA 3,
area range ,
LSA
3, . ,
,
.
out,

LSA
3,

,
, .
area range ,
LSA 3, ,
,

.
,
LSA 3, area
range, .
, ,
.
:
area 1 filter-list prefix AREA_1 in

2.49.3

area nssa

.
(NSSA).
:
area area-id nssa [no-summary] [translator-role
candidate}] [translator-stability-interval seconds]
no area area-id nssa

{always

no NSSA .
:
area-id

.
,
IP-.

no-summary

NSSA,

3.1.0.3 16.05.2013 .

798

-3000
. II

.465255.040

.
translator-role

NSSA

LSA 7
LSA 5.
candidate.

always

NSSA
LSA 7 LSA

5,

NSSA.

candidate

NSSA

RFC 3101 ( 3.1).

seconds

,
,

.


NSSA .

(config-router).

area nssa
, .
area nssa no ,
.

no area area-id
( ). no area area-id
, area authentication, area
default-cost, area nssa, area range, area stub area virtual-link.
:
router ospf 1
redistribute rip subnets
network 172.19.92.1 area 1

799

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

area 1 nssa
exit

2.49.4

area range

.
.
:
area area-id range ip-address ip-address-mask [advertise | notadvertise]
no area area-id range ip-address ip-address-mask
no .
:
area-id

.
,
IP-.

ip-address

IP-.

ip-address-mask

IP-.

advertise



LSA 3.
advertise not-advertise ,
advertise.

not-advertise


. LSA
3
.


.

(config-router).

area range
, .
area range
.
3.1.0.3 16.05.2013 .

800

-3000
. II

.465255.040

.
,

.

.
.

area range. , OSPF



.

no
area area-id ( ). no area
area-id , area authentication,
area default-cost, area nssa, area range, area stub area virtuallink.
:
interface gi1/0/1
ip address 192.42.110.201 255.255.255.0
exit
interface gi1/0/2
ip address 36.56.1.1 255.255.0.0
exit
router ospf 201
network 192.42.110.201 area 0
network 36.56.1.1 area 36.0.0.0
area 36.0.0.0 range 10.0.0.0 255.0.0.0
area 0 range 192.42.110.0 255.255.255.0
exit

2.49.5

area shutdown

.
OSPF .
:
area area-id shutdown
no area area-id shutdown
no OSPF.

801

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
.
,
IP-.

area-id


OSPF .

(config-router).

area shutdown
OSPF
. ,
,
.
:
Router(config)# router ospf 1
Router(config-router)# area 10.0.0.0 shutdown
Router(config-router)# exit

2.49.6

area stub

.
.
:
area area-id stub [no-summary]
no area area-id area area-id stub
no .
:
area-id

.
,
IP-.

no-summary

,

(LSA) .


.
3.1.0.3 16.05.2013 .

802

-3000
. II

.465255.040


(config-router).

area stub
, .
area stub no ,
.
area stub
.
area
default-cost

.

: area stub area default-cost.
, ,
area
stub. area default-cost
,
. area default-cost
, ,
, . area defaultcost
,
.
LSA,
,
no-summary
LSA ( 3)
. no-summary,
, ,
.

no
area area-id ( ). no area
area-id , area authentication,
area default-cost, area nssa, area range, area stub area virtuallink.
:
router ospf

803

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

network 10.1.1.1 area 10.0.0.0


area 10.0.0.0 default-cost 20
area 10.0.0.0 stub
exit

2.49.7

area virtual-link


OSPF.

:
area area-id virtual-link router-id [hello-interval seconds]
[retransmit-interval seconds] [transmit-delay seconds] [deadinterval seconds] [message-digest | null][key-chain name-of-chain]
no area area-id virtual-link router-id
no .
:
area-id

,
,
IPv4-.
.

router-id


show ip ospf show ipv6
display.

hello-interval

hello- .


hello-.

, .
: 1 8192 .
10.

retransmit-interval ,

(LSA)

3.1.0.3 16.05.2013 .

804

-3000
. II

.465255.040

.

,
(round-trip delay)

. ,
,
.
: 1 8192 .
5.
transmit-delay

,

.
.
: 1 8192 .
1.

dead-interval

hello,

hellointerval 40 .
hello-interval,

,
.

message-digest

MD5.

null

.

,
.

name-of-chain

(Key hain).


.

(config-router).

OSPF
. ,
805

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


.
hello-interval
,
OSPF.
retransmit-interval .

.
transmit-delay
.

.

show ip ospf show
ipv6 ospf.

no
area area-id ( ). no area
area-id , area authentication,
area default-cost, area nssa, area range, area stub area virtuallink.
:
router ospf
network 10.1.1.1 area 10.0.0.0
area 10.0.0.0 default-cost 20
area 10.0.0.0 stub
exit

router ospf
network 10.1.1.1 area 10.0.0.0
area 10.0.0.0 default-cost 20
area 10.0.0.0 stub
exit

2.49.8

clear ip ospf process

. OSPF.
:
clear ip ospf [process-id] process
3.1.0.3 16.05.2013 .

806

-3000
. II

.465255.040

:
process-id

.
,
OSPF.


.

OSPF
process-id. process-id ,
OSPF.
clear ip ospf process
OSPF,
.
,
.
:
clear ip ospf process

clear ip ospf 1 process

2.49.9

ip ospf authentication

IP-.
IP-.
:
ip ospf authentication [message-digest | null]
no ip ospf authentication
no
.

:
message-digest

MD5.

null

.

,
.

807

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


IP-.



1 ( ),
RFC 2328 ( D).
,
.
MD5
(Key hain)
ip ospf authentication key-chain. IP
, RIP IP, IP- .

ip
ospf authentication-key. IP-
, OSPF IP-,
IP- .
:
router ospf
area 10.0.0.0 authentication
network 10.56.0.201 area 10.0.0.0
network 10.10.1.1 area 10.0.0.0
network 10.2.1.1 area 10.0.0.0
exit
interface ip 10.56.0.201
ip ospf authentication message-digest
ip ospf authentication key-chain chain2
exit
interface ip 10.10.1.1
ip ospf authentication null
exit
interface ip 10.2.1.1
ip ospf authentication-key Ases12@@@#$4
exit

2.49.10

ip ospf authentication key-chain

IP-.
(Key hain) .
3.1.0.3 16.05.2013 .

808

-3000
. II

.465255.040

:
ip ospf authentication key-chain name-of-chain
no ip ospf authentication key-chain
no
.

:
name-of-chain

Key hain.


.

IP-.

IP-
. ip ospf authentication key-chain
.
:
router ospf
area 10.0.0.0 authentication
area 0 authentication
network 10.56.0.201 area 10.0.0.0
network 192.168.251.201 area 0
exit
interface ip 192.168.251.201
ip ospf authentication key-chain chain1
exit
interface ip 10.56.0.201
ip ospf authentication key-chain chain2
exit

2.49.11

ip ospf authentication-key

IP-.
,
.
:
ip ospf authentication-key password
no ip ospf authentication-key
no .
809

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

:
8 .

password


.

IP-.

, ,
, OSPF,
.
.

OSPF.
IP-
. ip ospf authentication-key
.
:
interface ip 1.1.1.1
ip ospf authentication mode text
ip ospf authentication-key alpha$$1267
exit

2.49.12

ip ospf cost

IP-.
.
:
ip ospf cost interface-cost
no ip ospf cost
no
.
:
interface-cost

1 65535.


. .

IP-.
3.1.0.3 16.05.2013 .

810

-3000
. II

.465255.040


ip ospf cost
OSPF IP-
network.
,
.
:
10^10 / ifSpeed.

.
,
.
10G Ethernet: 1;
1G Ethernet: 10;
100M Ethernet: 100;
10M Ethernet: 1000.
:
ip ospf cost 65

2.49.13

ip ospf dead-interval

IP-.
hello-,
.
:
ip ospf dead-interval seconds
no ip ospf dead-interval
no
.

:
seconds

1
65535 .
.


,
, ip ospf hello-interval,
.

IP-.
811

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


hello-
.
.
:
interface ip 1.1.1.1
ip ospf dead-interval 20
exit

2.49.14

ip ospf hello-interval

IP-.
,
hello- .
:
ip ospf hello-interval seconds
no ip ospf hello-interval

.

no

:
seconds

1
65535 .


10 .

IP-.

hello-.
hello-interval ,
OSPF.

.
:
interface ip 1.1.1.1
ip ospf hello-interval 15

3.1.0.3 16.05.2013 .

812

-3000
. II

.465255.040

exit

2.49.15

ip ospf mtu-ignore

IP-.

OSPF MTU

Database Descriptor (DBD).


:
ip ospf mtu-ignore
no ip ospf mtu-ignore

.

no


.

IP-.

OSPF
,

MTU.
,
DBD-. MTU
, IP MTU,
, OSPF .
:
interface ip 1.1.1.1
ip ospf mtu-ignore
exit

2.49.16

ip ospf passive-interface

IP-.
OSPF IP.
:
ip ospf passive-interface
no ip ospf passive-interface
no .

.
813

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


IP-.

OSPF
.

OSPF.
:
router ospf 100
network 1.1.1.1 area 0
passive-interface default
exit
interface ip 1.1.1.1
no passive-interface
exit

2.49.17

ip ospf priority

IP-.
,
.
:
ip ospf priority number-value
no ip ospf priority
no
.

:
number-value

0
255.


1.

IP-.

, ,
,
.
,
3.1.0.3 16.05.2013 .

814

-3000
. II

.465255.040

.
, ,

.
,
(.. -).
:
interface ip 1.1.1.1
ip ospf priority 4
exit

2.49.18

ip ospf retransmit-interval

IP-.
,

(LSA) ,
.
:
ip ospf retransmit-interval seconds
no ip ospf retransmit-interval
no
.

:
seconds

1 65535
.


5 .

IP-.

LSA
, ,
.
,
LSA .
seconds ,
,
(round-trip delay)
815

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

.
.
.

seconds OSPF.

LSA.
:
interface ip 1.1.1.1
ip ospf retransmit-interval 8
exit

2.49.19

ip ospf shutdown

IP-.
OSPF IP-.
:
ip ospf shutdown
no ip ospf shutdown
no OSPF
.

IP-.
:
interface ip 1.1.1
ip ospf shutdown
# exit

2.49.20

ip ospf transmit-delay

IP-.
,
(LSA) .
:
ip ospf transmit-delay seconds
no ip ospf transmit-delay

.

3.1.0.3 16.05.2013 .

no

816

-3000
. II

.465255.040

:
seconds


65535 .


1 .

IP-.

(LSA)

seconds .
.
, ,
LSA , .

.
:
interface ip 1.1.1.1
ip ospf transmit-delay 3
exit

2.49.21

network area

. IP, OSPF,
.
:
network ip-address area area-id [shutdown]
no network ip-address
no OSPF
, ip-address wildcardmask.
:

817

ip-address

IP-.

area-id


OSPF.
, IP-.
IP-
3.1.0.3 16.05.2013 .

-3000
. II

.465255.040

area-id
.
shutdown

OSPF
shutdown.


.

(config-router).

OSPF ,
. , RIP IP, DHCP, IP- .
network shutdown
OSPF
RIP no ip ospf shutdown.
no network OSPF IP-
.

. ,
, ,

network .
,
, .
:
interface ip 1.1.1.1
ip ospf transmit-delay 3
exit

interface ip 1.1.1.1
ip ospf transmit-delay 3
exit

2.49.22

no area

.
.

3.1.0.3 16.05.2013 .

818

-3000
. II

.465255.040

:
no area area-id
:
area-id

.
,
IP-.


.

(config-router).


no
area area-id. no area area-id
, area authentication, area default-cost, area nssa,
area range, area stub area virtual-link.
:
router ospf 1
no area 1
exit

2.49.23

passive-interface (OSPF)

.
OSPF IP.
:
passive-interface
no passive-interface
no .

.

(config-router).

819

3.1.0.3 16.05.2013 .

-3000
. II

.465255.040


OSPF
IP- OSPF. IP OSPF.
passive-interface
,
no ip ospf passiveinterface. passive-interface
Internet ,

200 .
:
router ospf 100
network 1.1.1.1 area 0
passive-interface
exit
interface ip 1.1.1.1
no ip ospf passive-interface
exit

2.49.24

redistribute (OSPF)


IP.
:
redistribute protocol