You are on page 1of 688

Nortel Application Switch Operating System 23.0.

Command Reference

part number: 320506-A, January 2006

4655 Great America Parkway


Santa Clara, CA 95054
Phone 1-800-4Nortel
http://www.nortel.com
Nortel Application Switch Operating System 23.0.2 Command Reference

Copyright 2006 Nortel Networks, Inc., 4655 Great America Parkway, Santa Clara, California 95054, USA.
All rights reserved. Part Number: 320506-A.

This document is protected by copyright and distributed under licenses restricting its use, copying,
distribution, and decompilation. No part of this document may be reproduced in any form by any means
without prior written authorization of Nortel Networks, Inc. Documentation is provided “as is” without
warranty of any kind, either express or implied, including any kind of implied or express warranty of non-
infringement or the implied warranties of merchantability or fitness for a particular purpose.

U.S. Government End Users: This document is provided with a “commercial item” as defined by FAR
2.101 (Oct 1995) and contains “commercial technical data” and “commercial software documentation” as
those terms are used in FAR 12.211-12.212 (Oct 1995). Government End Users are authorized to use this
documentation only in accordance with those rights and restrictions set forth herein, consistent with FAR
12.211- 12.212 (Oct 1995), DFARS 227.7202 (JUN 1995) and DFARS 252.227-7015 (Nov 1995).

Nortel Networks, Inc. reserves the right to change any products described herein at any time, and without
notice. Nortel Networks, Inc. assumes no responsibility or liability arising from the use of products
described herein, except as expressly agreed to in writing by Nortel Networks, Inc. The use and purchase of
this product does not convey a license under any patent rights, trademark rights, or any other intellectual
property rights of Nortel Networks, Inc.
Nortel Application Switch Operating System, Nortel Application Switch 2424, Nortel Application
Switch 2424-SSL, Nortel Application Switch 2224, 2216, 2208, 3408, Nortel Application Switch 180,
Nortel Application Switch 180e, Nortel Application Switch 184, Nortel Application Switch AD3, Nortel
Application Switch AD4, and ACEswitch are trademarks of Nortel Networks, Inc. in the United States and
certain other countries. Cisco® and EtherChannel® are registered trademarks of Cisco Systems, Inc. in the
United States and certain other countries. Check Point® and FireWall-1® are trademarks or registered
trademarks of Check Point Software Technologies Ltd. Any other trademarks appearing in this manual are
owned by their respective companies.

Originated in the U.S.A.

2
320506-A, January 2006
Contents

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
Who Should Use This Book . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
How This Book Is Organized . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .21
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22
Typographic Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23
How to Get Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24

The Command Line Interface . . . . . . . . . . . . . . . . . . . . . . . . . . 25


Connecting to the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Establishing a Console Connection. . . . . . . . . . . . . . . . . . . . . . . . . .26
Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Procedure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26
Establishing a Telnet Connection . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Using a BOOTP Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Running Telnet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .27
Establishing an SSH Connection . . . . . . . . . . . . . . . . . . . . . . . . . . .28
Running SSH . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28
Accessing the Switch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
CLI Versus Setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Command Line History and Editing . . . . . . . . . . . . . . . . . . . . . . . . . . . .31
Idle Timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .31

First-Time Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Using the Setup Utility . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Information Needed For Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . .33
Starting Setup When You Log In . . . . . . . . . . . . . . . . . . . . . . . . . . .34
Stopping and Restarting Setup Manually . . . . . . . . . . . . . . . . . . . . .36
Stopping Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Restarting Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .36
Setup Part 1: Basic System Configuration . . . . . . . . . . . . . . . . . . . .36

3
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Setup Part 2: Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . 38


Setup Part 3: VLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Setup Part 4: IP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
IP Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Default Gateways. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43
IP Routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Setup Part 5: Final Steps. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Optional Setup for SNMP Support. . . . . . . . . . . . . . . . . . . . . . . . . . 46
Optional Setup for Telnet Support . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Setting Passwords . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Changing the Default Administrator Password . . . . . . . . . . . . . . . . 47
Changing the Default User Password. . . . . . . . . . . . . . . . . . . . . . . . 49
Changing the Default Layer 4 Administrator Password. . . . . . . . . . 51

Menu Basics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .53


The Main Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Menu Summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
Global Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Command Line History and Editing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Command Line Interface Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Command Stacking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Command Abbreviation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Tab Completion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Configuration Ranges. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

The Information Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61


Information Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
System Information Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
SNMPv3 System Information Menu . . . . . . . . . . . . . . . . . . . 65
SNMPv3 USM User Table Information . . . . . . . . . . . . . . 66
SNMPv3 View Table Information . . . . . . . . . . . . . . . . . . 67
SNMPv3 Access Table Information . . . . . . . . . . . . . . . . . 68
SNMPv3 Group Table Information . . . . . . . . . . . . . . . . . 69
SNMPv3 Community Table Information . . . . . . . . . . . . . 69
SNMPv3 Target Address Table Information . . . . . . . . . . 70
SNMPv3 Target Parameters Table Information . . . . . . . . 71
SNMPv3 Notify Table Information . . . . . . . . . . . . . . . . . 72
SNMPv3 Dump Information . . . . . . . . . . . . . . . . . . . . . . 73

4 „ Contents
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

General System Information . . . . . . . . . . . . . . . . . . . . . . . . . . 74


Show System Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Show Last 64 Syslog Messages . . . . . . . . . . . . . . . . . . . . . . . 76
Last 64 Saved Syslog Messages . . . . . . . . . . . . . . . . . . . . . . . 77
Management Port Information . . . . . . . . . . . . . . . . . . . . . . . . 78
SONMP Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
System Capacity Information . . . . . . . . . . . . . . . . . . . . . . . . . 80
Show switch fan status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Show switch temperature sensor status . . . . . . . . . . . . . . . . . 83
Show encryption licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Show current user status . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
System Information Dump . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Layer 2 Information Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Layer 2 FDB Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90
Show All FDB Information . . . . . . . . . . . . . . . . . . . . . . . 92
Clearing Entries from the Forwarding Database. . . . . . . . . . . . . . . .92
Link Aggregation Control Protocol Information Menu . . . . . . . . 93
LACP Aggregator Information . . . . . . . . . . . . . . . . . . . . . . . . 94
LACP Port Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
LACP Dump Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Layer 2 Spanning Tree Group Information . . . . . . . . . . . . . . 98
Show common internal spanning tree (CIST) information . 101
Trunk Group Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
VLAN Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
VLAN Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Status of port teams. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Layer2 Dump Information . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Layer3 Information Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
IP Routing Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Show All IP Route Information . . . . . . . . . . . . . . . . . . . 108
Type Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
Tag Parameters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109
IPv6 Routing Information Menu. . . . . . . . . . . . . . . . . . . . . . 110
ARP Information Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Show ARP Entries on Referenced SP. . . . . . . . . . . . . . . 113
Show All ARP Entry Information . . . . . . . . . . . . . . . . . 114
ARP Address List Information . . . . . . . . . . . . . . . . . . . . 115
IPv6 Neighbor Cache Information . . . . . . . . . . . . . . . . . 115

Contents „ 5
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

BGP Information Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117


BGP Peer information. . . . . . . . . . . . . . . . . . . . . . . . . . . 118
BGP Summary information . . . . . . . . . . . . . . . . . . . . . . 119
Dump BGP Information . . . . . . . . . . . . . . . . . . . . . . . . . 119
OSPF Information Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . 119
OSPF General Information . . . . . . . . . . . . . . . . . . . . . . . 121
OSPF Interface Information . . . . . . . . . . . . . . . . . . . . . . 122
OSPF Database Information . . . . . . . . . . . . . . . . . . . . . . 122
OSPF Information Route Codes . . . . . . . . . . . . . . . . . . . 124
OSPF Dump Information . . . . . . . . . . . . . . . . . . . . . . . . . . . 125
IP Information. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 126
VRRP Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
Layer3 Dump Information . . . . . . . . . . . . . . . . . . . . . . . . . . 129
Layer 4 Information Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 132
Session Table Information . . . . . . . . . . . . . . . . . . . . . . . . . . 134
Samples of Session Dumps for Different Applications . . . . . . 135
Session dump information in Nortel Application Switch
Operating System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
Global SLB Information Menu. . . . . . . . . . . . . . . . . . . . . . . 139
Show All Layer 4 Information . . . . . . . . . . . . . . . . . . . . . . . 140
Bandwidth Management Information . . . . . . . . . . . . . . . . . . . . . 141
BWM IP User Information Menu . . . . . . . . . . . . . . . . . . . . . 142
BWM Contract Information . . . . . . . . . . . . . . . . . . . . . . . . . 144
Security Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146
Link Status Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147
Port Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149
Software Enabled Keys. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150
Information Dump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150

The Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .151


Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151
System statistics menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154
Port Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
Bridging Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
Ethernet Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157
Interface Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
Interface Protocol Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 162
Link Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163

6 „ Contents
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

RMON Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164


Port Dump Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Port mirroring statistics menu. . . . . . . . . . . . . . . . . . . . . . . . . . . 170
Layer 2 Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170
FDB Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 171
LACP Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172
Spanning Tree Group Statistics . . . . . . . . . . . . . . . . . . . 173
Layer 3 Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 174
OSPF Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 176
OSPF Global Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . 177
IP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 181
IP6 Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 184
Route Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 189
ARP statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 190
VRRP Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 191
DNS Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 192
ICMP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
Interface Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 195
TCP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197
UDP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
Server Load Balancing Statistics Menu . . . . . . . . . . . . . . . . . . . 199
Server Load Balancing SP statistics Menu . . . . . . . . . . . . . . 202
SP Real Server Statistics. . . . . . . . . . . . . . . . . . . . . . . . . 202
SP Filter Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203
SP Maintenance Statistics . . . . . . . . . . . . . . . . . . . . . . . . 204
Global SLB Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . 206
Real Server Global SLB Statistics . . . . . . . . . . . . . . . . . 207
Virtual Server Global SLB Statistics . . . . . . . . . . . . . . . 207
Global SLB Site Statistics. . . . . . . . . . . . . . . . . . . . . . . . 208
Global SLB Maintenance Statistics . . . . . . . . . . . . . . . . 209
Real Server SLB Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . 211
Per Service Octet Counters. . . . . . . . . . . . . . . . . . . . . . . . . . . .211
Real Server Group Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 212
Virtual Server SLB Statistics . . . . . . . . . . . . . . . . . . . . . . . . 213
Filter SLB Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
SLB Layer7 Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . 214
Layer7 Redirection Statistics . . . . . . . . . . . . . . . . . . . . . 214
Layer 7 SLB String Statistics . . . . . . . . . . . . . . . . . . . . . 215

Contents „ 7
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Layer 7 SLB Maintenance Statistics. . . . . . . . . . . . . . . . 216


Layer7 Pooling Statistics . . . . . . . . . . . . . . . . . . . . . . . . 218
SLB Secure Socket Layer Statistics . . . . . . . . . . . . . . . . . . . 219
File Transfer Protocol SLB and Filter Statistics Menu. . . . . 220
Active FTP SLB Parsing and Filter Statistics. . . . . . . . . 221
Passive FTP SLB Parsing Statistics . . . . . . . . . . . . . . . . 221
FTP SLB Maintenance Statistics . . . . . . . . . . . . . . . . . . 222
FTP SLB Statistics Dump. . . . . . . . . . . . . . . . . . . . . . . . 222
RTSP SLB Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223
DNS SLB Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 224
WAP SLB Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225
SLB Maintenance Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 227
SIP SLB Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 229
Display Workload Manager SASP statistics . . . . . . . . . . . . 230
Clear Workload Manager SASP Statistics . . . . . . . . . . . . . . 230
Display Workload Manager SASP statistics . . . . . . . . . . . . 231
BWM Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232
BWM Switch Processor Statistics . . . . . . . . . . . . . . . . . . . . 233
BWM Switch Processor Contract Statistics Menu . . . . . 233
BWM Switch Processor Rate Contract Statistics . . . . . . 233
BWM Contract Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . 234
BWM Contract Rate Statistics . . . . . . . . . . . . . . . . . . . . . . . 235
BWM History Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 237
BWM Maintenance Statistics . . . . . . . . . . . . . . . . . . . . . . . . 238
BWM IP Users Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . 238
Security Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 239
DOS Attack Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . 240
Types of DOS Attacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 241
IP Access Control List Statistics. . . . . . . . . . . . . . . . . . . . . . 244
UDP Blast Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245
UDP Blast Dump Statistics. . . . . . . . . . . . . . . . . . . . . . . 245
UDP Pattern Match Statistics . . . . . . . . . . . . . . . . . . . . . . . . 246
Rate Limiting Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
Dump Statistics for Security . . . . . . . . . . . . . . . . . . . . . . . . . 247
Management Processor Statistics . . . . . . . . . . . . . . . . . . . . . . . . 248
MP Packet Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249
TCP Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
UCB Statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251

8 „ Contents
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

MP-Specific SFD Statistics . . . . . . . . . . . . . . . . . . . . . . . . . 252


CPU Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
SP Specific Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253
SP-Specific Maintenance Statistics . . . . . . . . . . . . . . . . . . . 254
CPU Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254
Port Mirroring Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Management Port Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255
Dump Statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256

The Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257


Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257
Viewing, Applying, and Saving Changes . . . . . . . . . . . . . . . . . . . . . . .259
Viewing Pending Changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
Applying Pending Changes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
Saving the Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .259
System Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261
System Host Log Configuration . . . . . . . . . . . . . . . . . . . . . . 263
Seven Levels of Severity . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264
Management Port Configuration Menu . . . . . . . . . . . . . . . . 264
Management Port Link Menu . . . . . . . . . . . . . . . . . . . . . . . . 268
RADIUS Server Configuration. . . . . . . . . . . . . . . . . . . . . . . 268
TACACS+ Server Configuration Menu . . . . . . . . . . . . . . . . 270
NTP Server Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 271
SynOptics Network Management Protocol Configuration . . 273
System SNMP Configuration . . . . . . . . . . . . . . . . . . . . . . . . 273
SNMPv3 Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . 276
User Security Model Configuration Menu . . . . . . . . . . . 278
SNMPv3 View Configuration Menu . . . . . . . . . . . . . . . 279
View-based Access Control Model Configuration Menu280
SNMPv3 Group Configuration Menu. . . . . . . . . . . . . . . 282
SNMPv3 Community Table Configuration Menu . . . . . 283
SNMPv3 Target Address Table Configuration Menu . . 284
SNMPv3 Target Parameters Table Configuration Menu 285
SNMPv3 Notify Table Configuration Menu . . . . . . . . . 286
System Health Check Configuration Menu . . . . . . . . . . . . . 287
System Access Control Configuration . . . . . . . . . . . . . . . . . 288
Management Networks Menu. . . . . . . . . . . . . . . . . . . . . 289
Port Management Access Menu . . . . . . . . . . . . . . . . . . . . . . 291

Contents „ 9
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

User Access Control Menu . . . . . . . . . . . . . . . . . . . . . . . 291


System User ID Configuration Menu . . . . . . . . . . . . . . . 294
HTTPS Access Configuration Menu . . . . . . . . . . . . . . . 295
SSH Server Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297
XML Configuration Access Menu . . . . . . . . . . . . . . . . . . . . 298
Example of enabling or disabling XML access . . . . . . . 299
Configure the Timezone . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
Port Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
Nortel Application Switch Operating System 2000 Series . . . . . . 302
Fast Ethernet Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
SFP GBIC Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 302
Port Link Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304
Nortel Application Switch 3000 Series . . . . . . . . . . . . . . . . . . . . . 306
Port Configuration on Nortel Application Switch 3408. . . . . . . . . 306
Single-Mode ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
Single-Mode Copper Port Gigabit Ethernet Link
Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Single-Mode SFP Gigabit Ethernet Port Link
Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310
Dual-Mode Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311
Dual-Mode Copper Port Link Configuration . . . . . . . . . 313
Dual-Mode SFP Gigabit Link Configuration Menu . . . . 314
Temporarily Disabling a Port . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 314
Port Mirroring Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Port-Mirroring Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
Bandwidth Management Configuration . . . . . . . . . . . . . . . . . . . 316
Bandwidth Management Contract Configuration . . . . . . . . 319
BWM Contract Time Policy Configuration Menu . . . . . 320
Bandwidth Management Policy Configuration . . . . . . . . . . 322
Bandwidth Management Group Configuration Menu . . . . . 323
Bandwidth Management Current Configuration . . . . . . . . . 324
Layer 2 Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
Multiple Spanning Tree Menu . . . . . . . . . . . . . . . . . . . . . . . 326
Multiple Spanning Tree Menu . . . . . . . . . . . . . . . . . . . . . . . 327
CIST Bridge Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 328
Current configuration for CIST Bridge . . . . . . . . . . . . . 328
Spanning Tree Group Configuration . . . . . . . . . . . . . . . . . . . . . 329
Bridge Spanning Tree Configuration . . . . . . . . . . . . . . . . . . 331

10 „ Contents
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Spanning Tree Port Configuration . . . . . . . . . . . . . . . . . 332


Trunk Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333
Link Aggregation Control Protocol Menu . . . . . . . . . . . . . . . . . 335
LACP Port Configuration Menu . . . . . . . . . . . . . . . . . . . . . 338
VLAN Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339
Port Team Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
Layer 3 Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
IP Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 344
IPv6 Neighbor Discovery Menu . . . . . . . . . . . . . . . . . . . . . . 345
Default IP Gateway Configuration . . . . . . . . . . . . . . . . . . . . 346
Default Gateway Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . . .347
IP Static Route Configuration. . . . . . . . . . . . . . . . . . . . . . . . 348
ARP Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . 348
ARP Static Configuration Menu. . . . . . . . . . . . . . . . . . . 349
IP Forwarding Configuration Menu . . . . . . . . . . . . . . . . . . . 350
Local Network Route Caching Definition . . . . . . . . . . . 350
Defining IP Address Ranges for the Local Route Cache . . . . . . . .351
Network Filter Configuration . . . . . . . . . . . . . . . . . . . . . . . . 352
Route Map Configuration Menu. . . . . . . . . . . . . . . . . . . . . . 353
IP Access List Configuration Menu . . . . . . . . . . . . . . . . 355
Autonomous System Filter Path . . . . . . . . . . . . . . . . . . . 356
Routing Information Protocol Configuration . . . . . . . . . . . . 357
RIP Interface Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 359
Open Shortest Path First Configuration . . . . . . . . . . . . . . . . 361
Area Index Configuration Menu. . . . . . . . . . . . . . . . . . . 363
OSPF Summary Range Configuration Menu . . . . . . . . 364
OSPF Interface Configuration Menu . . . . . . . . . . . . . . . 365
OSPF Virtual Link Configuration Menu . . . . . . . . . . . . 367
OSPF MD5 Key Configuration Menu . . . . . . . . . . . . . . 368
OSPF Host Entry Configuration Menu . . . . . . . . . . . . . 369
OSPF Route Redistribution Configuration Menu. . . . . . 370
Border Gateway Protocol Configuration . . . . . . . . . . . . . . . 371
BGP Peer Configuration Menu. . . . . . . . . . . . . . . . . . . . 373
BGP Redistribution Configuration Menu . . . . . . . . . . . . 375
BGP Aggregate Routing Configuration Menu . . . . . . . . 377
IP Forwarding Port Configuration Menu . . . . . . . . . . . . . . . 378
Domain Name System Configuration Menu . . . . . . . . . . . . 379
Bootstrap Protocol Relay Configuration Menu . . . . . . . . . . 380

Contents „ 11
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

VRRP Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . 381


Virtual Router Configuration Menu . . . . . . . . . . . . . . . . . . . 383
Virtual Router Priority Tracking Configuration . . . . . . . 385
Virtual Router Group Menu . . . . . . . . . . . . . . . . . . . . . . 387
Virtual Router Group Priority Tracking Configuration
Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 388
Virtual Router Group Configuration. . . . . . . . . . . . . . . . . . . 390
Virtual Router Group Priority Tracking Configuration . 392
VRRP Interface Configuration . . . . . . . . . . . . . . . . . . . . . . . 394
VRRP Tracking Configuration . . . . . . . . . . . . . . . . . . . . . . . 395
Default Gateway Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . 396
Security Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . 397
Port Security Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399
IP Address Access Control List Configuration Menu . . . . . 400
UDP Blast Protection Configuration Menu . . . . . . . . . . . . . 402
Anomaly and Denial of Service Attack Prevention Menu . . 403
Pattern Matching Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404
SSL Processor Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
Setup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406
Dump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 407
Saving the Active Switch Configuration . . . . . . . . . . . . . . . . . . 408
Restoring the Active Switch Configuration . . . . . . . . . . . . . . . . 408

The SLB Configuration Menu . . . . . . . . . . . . . . . . . . . . . . . . .411


SLB Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 412
Filtering and Layer 4 (Server Load Balancing) . . . . . . . . . . . . 414
Real Server SLB Configuration . . . . . . . . . . . . . . . . . . . . . . . . . 414
Real Server Advanced Menu . . . . . . . . . . . . . . . . . . . . . . . . 419
Buddy Server Health Check Menu . . . . . . . . . . . . . . . . . . . . 420
Real Server Layer 7 Configuration . . . . . . . . . . . . . . . . . . . . 421
Real server IDS Configuration Menu . . . . . . . . . . . . . . . . . . 422
Real Server Group SLB Configuration. . . . . . . . . . . . . . . . . . . . 423
SLB Health Check Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 426
Server Load Balancing Metrics . . . . . . . . . . . . . . . . . . . . . . . . . . . 429
Virtual Server SLB Configuration . . . . . . . . . . . . . . . . . . . . . . . 431
Virtual Server Service Configuration . . . . . . . . . . . . . . . . . . 434
WTS Load Balancing Menu . . . . . . . . . . . . . . . . . . . . . . . . . 440
HTTP Load Balancing Menu . . . . . . . . . . . . . . . . . . . . . . . . 441

12 „ Contents
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

SIP Load Balancing Menu . . . . . . . . . . . . . . . . . . . . . . . . . . 442


RTSP Load Balancing Menu . . . . . . . . . . . . . . . . . . . . . . . . 443
Cookie-Based Persistence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .444
SLB Filter Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445
Defining IP Address Ranges for Filters . . . . . . . . . . . . . . . . . . . . .449
Advanced Filter Configuration . . . . . . . . . . . . . . . . . . . . . . 450
802.1p Advanced Menu . . . . . . . . . . . . . . . . . . . . . . . . . 453
Advanced Filter TCP Configuration. . . . . . . . . . . . . . . . 453
IP Advanced Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454
ICMP Message Types. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .455
Layer 7 Advanced Filter Configuration Menu . . . . . . . . 457
Layer 7 SIP Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459
Proxy Advanced Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 460
SLB Filter Advanced Security Menu . . . . . . . . . . . . . . . 460
Advanced Security Rate Limiting Configuration Menu. 462
Port SLB Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 463
Global SLB Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 465
GSLB Remote Site Configuration . . . . . . . . . . . . . . . . . . . . 467
GSLB Network Preference Configuration Menu . . . . . . . . . 469
GSLB Rule Configuration Menu . . . . . . . . . . . . . . . . . . . . . 470
Global SLB Rule Metric Menu. . . . . . . . . . . . . . . . . . . . 472
Layer 7 SLB Resource Definition Menu . . . . . . . . . . . . . . . 472
Web Cache Redirection Configuration. . . . . . . . . . . . . . . . . 473
Server Load Balance Resource Configuration Menu . . . . . . 475
SDP Mapping Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
WAP Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 477
Synchronize Peer Switch Configuration. . . . . . . . . . . . . . . . . . . 478
Peer Switch Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . 479
Advanced Layer 4 Configuration . . . . . . . . . . . . . . . . . . . . . . . . 480
SYN Attack Detection Configuration Menu . . . . . . . . . . . . 483
Advanced SMT Real Server Port Configuration Menu . 483
Inbound Link Load Balancing configuration Menu . . . . . . . 484
Inbound Link Load Balancing Domain Record Menu . . . . . 485
Inbound Link Load Balancing Mapping Menu . . . . . . . 486
Advanced Health Check Configuration Menu . . . . . . . . 486
Scriptable Health Checks Configuration . . . . . . . . . . . . . . . 488
SNMP Health Check Configuration . . . . . . . . . . . . . . . . . . . 490
WAP Health Check Configuration . . . . . . . . . . . . . . . . . . . . 492

Contents „ 13
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

WSP Content Health Check . . . . . . . . . . . . . . . . . . . . . . 494


WTP and WSP Content Health Check Menu . . . . . . . . . 495
Proxy IP Address Configuration Menu . . . . . . . . . . . . . . . . 496
SLB Peer Proxy IP Address Menu . . . . . . . . . . . . . . . . . 497
WorkLoad Management Menu . . . . . . . . . . . . . . . . . . . . . . . 498

The Operations Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .499


Operations Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 499
Operations-Level Port Options . . . . . . . . . . . . . . . . . . . . . . . . . . 501
Operations-Level SLB Options . . . . . . . . . . . . . . . . . . . . . . . . . 502
Real Server Group Operations . . . . . . . . . . . . . . . . . . . . . . . 503
Global SLB Operations Menu . . . . . . . . . . . . . . . . . . . . . . . 504
Operations-Level VRRP Options. . . . . . . . . . . . . . . . . . . . . . . . 505
Operations-Level Bandwidth Management Options . . . . . . . . . 505
Security Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
IP ACL Operations Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . 506
Operations-Level IP Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 508
Operations-Level BGP Options . . . . . . . . . . . . . . . . . . . . . . 508
Activating Optional Software . . . . . . . . . . . . . . . . . . . . . . . . . . . 509
Removing Optional Software . . . . . . . . . . . . . . . . . . . . . . . . . . . 510

The Boot Options Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .511


Boot Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511
Scheduled Reboot of the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Scheduled Reboot Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Updating the Switch Software Image . . . . . . . . . . . . . . . . . . . . . . . . . . 512
Downloading New Software to Your Switch. . . . . . . . . . . . . . . . . 513
Selecting a Software Image to Run . . . . . . . . . . . . . . . . . . . . . . . . 514
Uploading a Software Image from Your Switch . . . . . . . . . . . . . . 514
Selecting a Configuration Block . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515
Resetting the Switch . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 517

The Maintenance Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .519


Maintenance Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 519
System Maintenance Options . . . . . . . . . . . . . . . . . . . . . . . . . . . 522
Forwarding Database Options . . . . . . . . . . . . . . . . . . . . . . . . . . 522
ARP Cache Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 523
ARP Entries on a Single Port . . . . . . . . . . . . . . . . . . . . . . . . 524

14 „ Contents
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

IP Route Manipulation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 525


IPv6 Manipulation Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 526
Debugging Options . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 527
Uuencode Flash Dump . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528
System Dump Put . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529
Clearing Dump Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . 529
Panic Command . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 530
Unscheduled System Dumps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .531

The SSL Processor Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533


Login to the SSL processor. . . . . . . . . . . . . . . . . . . . . . . . . . 533
SSL Processor Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535
SSL Performance information menu . . . . . . . . . . . . . . . . . . . . . 536
SSL Performance Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . 540
SSL Performance Statistics menu . . . . . . . . . . . . . . . . . . . . . . . 541
SSL Performance Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . 542
SSL Performance SSL Local Statistics Menu . . . . . . . . . . . 543
SSL Performance: Single ISD SSL Statistics Menu. . . . . . . 544
IPSEC Statistics menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 545
SSL Performance: Local IPSEC Statistics Menu . . . . . . . . . 546
SSL Performance: Single IPSEC ISD Statistics Menu . . . . 547
AAA Statistics Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 548
SSL Performance Configuration Menu . . . . . . . . . . . . . . . . 548
SSL Configuration Server Menu . . . . . . . . . . . . . . . . . . . . . 551
SSL Configuration Server-specific Menu. . . . . . . . . . . . . . . 552
SSL Configuration Server-specific Trace Menu . . . . . . . . . 554
SSL Configuration Server-specific SSL Menu. . . . . . . . . . . 555
SSL Configuration Server-specific TCP Menu . . . . . . . . . . 556
SSL Configuration Server-specific Advanced Menu . . . . . . 557
SSL Configuration Server Advanced String Menu . . . . . . . 558
SSL Configuration Server Advanced Load Balancing Menu559
SSL Configuration Server Advanced Load Balancing
Cookie Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 560
Local VIP Configuration Menu . . . . . . . . . . . . . . . . . . . . . . 562
SSL Configuration Server Advanced Load Balancing
Health Script Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562
SSL Configuration Server Advanced Load Balancing
Remote SSL Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563

Contents „ 15
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

SSL Configuration Server Advanced Load Balancing


Remote SSL Verification Menu . . . . . . . . . . . . . . . . . . . . . . 564
SSL Configuration Server Advanced Load Balancing
Backend Server Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 565
SSL Configuration Certificate Menu . . . . . . . . . . . . . . . . . . 566
SSL Configuration Revoke Certificate Menu. . . . . . . . . . . . 571
SSL Configuration Revoke Certificate Automatic Menu. . . 572
SSL VPN Configuration Menu . . . . . . . . . . . . . . . . . . . . . . 573
SSL VPN Configuration Menu . . . . . . . . . . . . . . . . . . . . . . 574
SSL VPN Configuration TunnelGuard Menu . . . . . . . . . . . 576
SSL VPN Configuration Authentication Menu . . . . . . . . . . 578
SSL VPN Configuration Authentication Radius Menu . . . . 579
SSL VPN Configuration Authentication Radius Servers
Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580
SSL VPN Configuration Authentication Radius Session
Timeout Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 580
SSL VPN Configuration Authentication Radius Macro
Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 581
SSL VPN Configuration Authentication Advanced Menu. . 582
SSL VPN Configuration Network Menu . . . . . . . . . . . . . . . 582
SSL VPN Configuration Network Subnet Menu . . . . . . . . . 583
SSL VPN Configuration Service Menu . . . . . . . . . . . . . . . . 584
SSL VPN Configuration Application specific Menu . . . . . . 585
SSL VPN Configuration Application specific Paths Menu . 587
SSL VPN Configuration AAA Filter Menu . . . . . . . . . . . . . 588
SSL VPN Configuration AAA Group Menu . . . . . . . . . . . . 589
SSL VPN Configuration AAA Group Access Menu . . . . . . 591
SSL VPN Configuration AAA Group Linkset Menu . . . . . . 592
SSL VPN Configuration AAA Group Extend Profiles
Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 593
SSL VPN Configuration AAA Group Extend Profiles
Access Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 594
SSL VPN Configuration AAA Group Extend Profiles
Linkset Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 595
SSL VPN Configuration AAA Group IPsec Menu . . . . . . . 595
SSL VPN Configuration AAA Single-sign on Enabled
Domains Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 597

16 „ Contents
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

SSL VPN Configuration AAA Single-sign on Headers


Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 597
SSL VPN Configuration AAA Radius Accounting
Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599
SSL VPN Configuration AAA Radius Accounting
Servers Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 599
SSL VPN Configuration AAA Radius Accounting
VPN attributes Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 601
SSL VPN Configuration Server Menu . . . . . . . . . . . . . . . . . 601
SSL VPN Configuration Server Traffic Trace Menu . . . . . . 602
SSL VPN Configuration Server SSL Settings Menu . . . . . . 603
SSL VPN Configuration Server TCP endpoint
Settings Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 605
SSL VPN Configuration Server HTTP Settings Menu . . . . 606
SSL VPN Configuration Server SSL triggered
rewrite Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607
SSL VPN Configuration Server Intranet Proxy
settings Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 608
SSL VPN Configuration Server Portal settings Menu . . . . . 609
SSL VPN Configuration Server Advanced Menu . . . . . . . . 609
SSL VPN Configuration Server UDP Syslog Traffic
Log Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 610
SSL VPN Configuration Server SSL Connect Menu . . . . . . 611
SSL VPN Configuration Server SSL Connect verify
Server Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612
SSL VPN Configuration IPsec Server Menu . . . . . . . . . . . . 612
SSL VPN Configuration IPsec Server IKE Profile Menu . . 614
SSL VPN Configuration IPsec Server IKE Profile
Encryption Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 615
SSL VPN Configuration IPsec Server IKE Profile
Diffie-Hellman Group Mask Menu . . . . . . . . . . . . . . . . . . . 616
SSL VPN Configuration IPsec Server IKE Profile
NAT Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617
SSL VPN Configuration IPsec Server IKE Profile
Dead Peer Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 617
SSL VPN Configuration IP Pool Menu . . . . . . . . . . . . . . . . 618
SSL VPN Configuration Portal Menu . . . . . . . . . . . . . . . . . 619
SSL VPN Configuration Portal Colors Menu. . . . . . . . . . . . 621

Contents „ 17
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

SSL VPN Configuration Portal Full Access Menu . . . . . . . 621


SSL VPN Configuration Portal Language Menu . . . . . . . . . 622
SSL VPN Configuration Portal Whitelist settings Menu . . . 623
SSL VPN Configuration Portal Whitelist settings
Domains Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 623
SSL VPN Configuration Linkset Menu . . . . . . . . . . . . . . . . 624
SSL VPN Configuration Linkset Link Menu . . . . . . . . . . . . 625
SSL VPN Configuration Linkset Link Internal
Setting Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 626
SSL VPN Configuration SSL Client Menu . . . . . . . . . . . . . 626
SSL VPN Configuration Advanced Menu . . . . . . . . . . . . . . 627
SSL VPN Configuration Advanced DNS settings Menu . . . 627
SSL Configuration System Menu . . . . . . . . . . . . . . . . . . . . . 628
SSL Configuration System Host Menu . . . . . . . . . . . . . . . . 629
SSL Configuration System Host Routes Menu . . . . . . . . . . 630
SSL Configuration System Host Menu . . . . . . . . . . . . . . . . 631
SSL Configuration System Host Interface Routes Menu . . . 632
SSL Configuration System Host Port Menu. . . . . . . . . . . . . 632
SSL Configuration System Menu . . . . . . . . . . . . . . . . . . . . . 633
SSL Configuration System Time Menu . . . . . . . . . . . . . . . . 633
SSL Configuration System Time NTP servers Menu. . . . . . 634
SSL Configuration System DNS settings Menu. . . . . . . . . . 634
SSL Configuration System DNS Servers settings Menu . . . 635
SSL Configuration System RSA servers Menu . . . . . . . . . . 636
SSL Configuration System SysLog Servers Menu. . . . . . . . 636
SSL Configuration System Access List Menu . . . . . . . . . . . 637
SSL Configuration System Administrative applications
Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 638
SSL Configuration System Administrative applications
SNMP Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 639
SSL Configuration System Administrative applications
SNMPv2 MIB SNMP Menu . . . . . . . . . . . . . . . . . . . . . . . . 640
SSL Configuration System Administrative applications
SNMP Community Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . 640
SSL Configuration System Administrative applications
SNMP Users Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 641
SSL Configuration System Administrative applications
SNMP Target Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 642

18 „ Contents
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

SSL Configuration System Administrative applications


Audit Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 643
SSL Configuration System Administrative applications
Audit Servers Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644
SSL Configuration System Administrative applications
HTTP Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 644
SSL Configuration System Administrative applications
HTTPS Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645
SSL Configuration System Administrative applications
SSH Host keys Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 646
SSL Configuration System Administrative applications
SSH Known Host keys Menu . . . . . . . . . . . . . . . . . . . . . . . . 646
SSL Configuration System Menu . . . . . . . . . . . . . . . . . . . . . 647
SSL Configuration System User Edit Menu. . . . . . . . . . . . . 648
SSL Configuration System User Edit Menu. . . . . . . . . . . . . 648
SSL Configuration Language Support Menu . . . . . . . . . . . . 649
SSL Boot Menu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 649
SSL Performance Menu. . . . . . . . . . . . . . . . . . . . . . . . . . . . 651
SSL Performance Maintenance Menu . . . . . . . . . . . . . . . . . 652
SSL Performance HSM Menu . . . . . . . . . . . . . . . . . . . . . . . 653

Nortel Application Switch Operating System


Syslog Messages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 655
LOG_WARNING . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .655
LOG_ALERT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .656
LOG_CRIT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .657
LOG_ERR. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .657
LOG_NOTICE . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .663
LOG_INFO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .665

Nortel Application Switch Operating System SNMP Agent . 667

Performing a Serial Download . . . . . . . . . . . . . . . . . . . . . . . . 671

Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 673

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677

Contents „ 19
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

20 „ Contents
320506-A, January 2006
Preface
The Nortel Application Switch Operating System 23.0.2 Command Reference describes how to
configure and use the Nortel Application Switch Operating System software with your Nortel
Application Switch.

For documentation on installing the switches physically, see the Hardware Installation Guide
for your particular switch model.

Who Should Use This Book


This Command Reference is intended for network installers and system administrators engaged
in configuring and maintaining a network. The administrator should be familiar with Ethernet
concepts, IP addressing, the IEEE 802.1d Spanning Tree Protocol, and SNMP configuration
parameters.

How This Book Is Organized


“The Command Line Interface” describes how to connect to the switch and access
the information and configuration menus.

“First-Time Configuration” describes how to use the Setup utility for initial
switch configuration and how to change the system passwords.

“Menu Basics” provides an overview of the menu system, including a menu map, global com-
mands, and menu shortcuts.

“The Information Menu” describes how to view switch configuration parameters.

“The Statistics Menu” describes how to view switch performance statistics.

“The Configuration Menu” describes how to configure switch system parameters, ports,
VLANs, Spanning Tree Protocol, SNMP, Port Mirroring, IP Routing, Port Trunking, and more.

21
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

“The SLB Configuration Menu” describes how to configure Server Load Balancing, Filter-
ing, Global Server Load Balancing, and more.

“The Operations Menu” describes how to use commands which affect switch performance
immediately, but do not alter permanent switch configurations (such as temporarily disabling
ports). The menu describes how to activate or deactivate optional software features.

“The Boot Options Menu” describes the use of the primary and alternate switch images, how
to load a new software image, and how to reset the software to factory defaults.

“The Maintenance Menu” describes how to generate and access a dump of critical switch state
information, how to clear it, and how to clear part or all of the forwarding database.

Appendix A, “Nortel Application Switch Operating System Syslog Messages” presents


a listing of syslog messages.

Appendix B, “Nortel Application Switch Operating System SNMP Agent” lists


the Management Interface Bases (MIBs) supported in the switch software.

Appendix C, “Performing a Serial Download” shows how to directly load a binary software
image into the switch for upgrade or maintenance.

“Glossary” defines the terminology used throughout the book.

“Index” includes pointers to the description of the key words used throughout the book.

Related Documentation
„ Nortel Application Switch Operating System 23.0.2 Application Guide (Part Number
320507-A)
Provides application explanations and configuration examples for the Switch.
„ Nortel Application Switch Operating System 23.0.2 Browser-Based Interface (BBI) Quick
Guide (Part Number 320508-A)
Provides a description of the Switch BBI and how to configure and access it on the
Switch.
„ Nortel Application Switch Hardware Installation Guide (Part Number 315396-E)
Provides a description of the Nortel Application Switch hardware, the physical features,
how to install it, and how to troubleshoot it.

22 „ Preface
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

„ Nortel Application Switch Operating System 23.0.2 Release Notes (Part Number 320509-
A).
This document provides a description of new features and caveats and limitations, if any,
in the software.

Typographic Conventions
The following table describes the typographic styles used in this book.

Table 1 Typographic Conventions

Typeface or Meaning Example


Symbol

AaBbCc123 This type is used for names of commands, View the readme.txt file.
files, and directories used within the text.

It also depicts on-screen computer output and Main#


prompts.

AaBbCc123 This bold type appears in command exam- Main# sys


ples. It shows text that must be typed in
exactly as shown.

<AaBbCc123> This italicized type appears in command To establish a Telnet session, enter:
examples as a parameter placeholder. Replace host# telnet <IP address>
the indicated text with the appropriate real
name or value when using the command. Do
not type the brackets.

This also shows book titles, special terms, or Read your User’s Guide thoroughly.
words to be emphasized.

[ ] Command items shown inside brackets are host# ls [-a]


optional and can be used or excluded as the
situation demands. Do not type the brackets.

Preface „ 23
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

How to Get Help


If you purchased a service contract for your Nortel product from a distributor or authorized
reseller, contact the technical support staff for that distributor or reseller for assistance.

If you purchased a Nortel service program, contact one of the following Nortel
Technical Solutions Centers:

Technical Solutions Center Telephone

Europe, Middle East, and Africa 00800 8008 9009


or
+44 (0) 870 907 9009

North America (800) 4NORTEL or (800) 466-7835

Asia Pacific (61) (2) 8870-8800

China (800) 810-5000

Additional information about the Nortel Technical Solutions Centers is available at the follow-
ing URL:

http://www.nortelnetworks.com/help/contact/global
An Express Routing Code (ERC) is available for many Nortel products and services. When
you use an ERC, your call is routed to a technical support person who specializes in supporting
that product or service. To locate an ERC for your product or service, refer to the following
URL:

http://www.nortelnetworks.com/help/contact/erc/index.html

24 „ Preface
320506-A, January 2006
CHAPTER 1
The Command Line Interface
Your Nortel Application Switch is ready to perform basic switching functions right out of the
box. Some of the more advanced features, however, require some administrative configuration
before they can be used effectively.

The extensive Nortel Application Switch Operating System switching software included in
your switch provides a variety of options for accessing and configuring the switch:

„ A built-in, text-based command line interface and menu system for access via
local terminal or remote Telnet session
„ A GUI-based Application Switch Element Manager (ASEM) for interactive network
access
„ SNMP support for access through network management software such as HP OpenView
„ Nortel Application Switch Operating System Browser-Based Interface (BBI)
The command line interface is the most direct method for collecting switch information and
performing switch configuration. Using a basic terminal, you are presented with a hierarchy of
menus that enable you to view information and statistics about the switch, and to perform any
necessary configuration.

This chapter explains how to access the Command Line Interface (CLI) of the switch.

25
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Connecting to the Switch


You can access the command line interface in any one of the following ways:

„ Using a console connection via the console port


„ Using a Telnet connection over the network
„ Using an SSH connection to securely log into another computer over a network

Establishing a Console Connection

Requirements
To establish a console connection with the switch, you will need the following:

„ An ASCII terminal or a computer running terminal emulation software set to


the parameters shown in the table below:

Table 1-1 Console Configuration Parameters

Parameter Value

Baud Rate 9600


Data Bits 8
Parity None
Stop Bits 1
Flow Control None

„ A standard serial cable with a male DB9 connector (see your switch hardware installation
guide for specifics).

Procedure
1. Connect the terminal to the Console port using the serial cable.

2. Power on the terminal.

3. To establish the connection, press <Enter> a few times on your terminal.


You will next be required to enter a password for access to the switch. (For more information,
see “Setting Passwords” on page 47).

26 „ Chapter 1: The Command Line Interface


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Establishing a Telnet Connection


A Telnet connection offers the convenience of accessing the switch from any
workstation connected to the network. Telnet access provides the same options for user access
and administrator access as those available through the console port.

To configure the switch for Telnet access, you need to have a device with Telnet software
located on the same network as the switch. The switch must have an IP address. The switch can
get its IP address in one of two ways:

„ Dynamically, from a BOOTP server on your network


„ Manually, when you configure the switch IP address (see “Setup Part 1: Basic System
Configuration” on page 36).

NOTE – You need to enable Telnet and SSH, using serial connection, before you can use these
methods of accessing the switch. Refer to “Establishing a Telnet Connection” on page 27.

Using a BOOTP Server


By default, the Nortel Application Switch Operating System software is set up to request its IP
address from a BOOTP server. If you have a BOOTP server on your network, add the MAC
address of the switch to the BOOTP configuration file located on the BOOTP server. The MAC
address can be found on a small white label on the back panel of the switch. The MAC address
can also be found in the System Information menu (see “System Information” on page 63).

NOTE – If connecting to the management port, BOOTP is not supported. The port must be
manually configured with the proper IP address.

Running Telnet
Once the IP parameters on the Nortel Application Switch are configured, you can access the CLI
using a Telnet connection. To establish a Telnet connection with the switch, run the Telnet pro-
gram on your workstation and issue the Telnet command, followed by the switch IP address:

telnet <IP address>

You will then be prompted to enter a password as explained on page 28.

Chapter 1: The Command Line Interface „ 27


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Establishing an SSH Connection


Although a remote network administrator can manage the configuration of an Nortel Application
Switch via Telnet, this method does not provide a secure connection. The SSH (Secure Shell)
protocol enables you to securely log into another computer over a network to execute com-
mands remotely. As a secure alternative to using Telnet to manage switch configuration, SSH
ensures that all data sent over the network is encrypted and secure.

The switch can do only one session of key/cipher generation at a time. Thus, a SSH/SCP client
will not be able to login if the switch is doing key generation at that time or if another client
has just logged in before this client. Similarly, the system will fail to do the key generation if a
SSH/SCP client is logging in at that time.

The supported SSH encryption and authentication methods are listed below.

„ Server Host Authentication: Client RSA-authenticates the switch in the beginning of


every connection.
„ Key Exchange: RSA
„ Encryption: 3DES-CBC, DES
„ User Authentication: Local password authentication, Radius
The following SSH clients have been tested:

„ SSH 1.2.23 and SSH 1.2.27 for Linux (freeware)


„ SecureCRT 3.0.2 and SecureCRT 3.0.3 (Van Dyke Technologies, Inc.)
„ F-Secure SSH 1.1 for Windows (Data Fellows)

NOTE – The Nortel Application Switch Operating System implementation of SSH is based on
SSH version 1.5 and supports SSH-1.5-1.X.XX. SSH clients of other versions
(especially Version 2) will not be supported.

Running SSH
Once the IP parameters are configured and the SSH service is turned on the Nortel Application
Switch, you can access the command line interface using an SSH connection.

To establish an SSH connection with the switch, run the SSH program on your workstation by
issuing the SSH command, followed by the switch IP address:

>> # ssh <switch IP address>

28 „ Chapter 1: The Command Line Interface


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

or, if SecurID authentication is required, use the following command:

>> # ssh -1 ace <switch IP address>

You will then be prompted to enter your user name and password.

Accessing the Switch


To enable better switch management and user accountability, seven levels or classes of user
access have been implemented on the Nortel Application Switch. Levels of access to CLI, Web
management functions, and screens increase as needed to perform various switch management
tasks. Conceptually, access classes are defined as follows:

„ User interaction with the switch is completely passive—nothing can be changed on the
Nortel Application Switch. Users may display information that has no security or privacy
implications, such as switch statistics and current operational state information.
„ Operators can only effect temporary changes on the Nortel Application Switch. These
changes will be lost when the switch is rebooted/reset. Operators have access to the switch
management features used for daily switch operations. Because any changes an operator
makes are undone by a reset of the switch, operators cannot severely impact switch opera-
tion.
„ Administrators are the only ones that may make permanent changes to the switch configu-
ration—changes that are persistent across a reboot/reset of the switch. Administrators can
access switch functions to configure and troubleshoot problems on the Nortel Application
Switch. Because administrators can also make temporary (operator-level) changes as well,
they must be aware of the interactions between temporary and permanent changes.
Access to switch functions is controlled through the use of unique surnames and passwords.
Once you are connected to the switch via local console, Telnet, or SSH, you are prompted to
enter a password. The default user names/password for each access level are listed in the fol-
lowing table.

NOTE – It is recommended that you change default switch passwords after initial configuration
and as regularly as required under your network security policies. For more information, see
“Setting Passwords” on page 47.

Chapter 1: The Command Line Interface „ 29


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 1-2 User Access Levels

User Account Description and Tasks Performed Password

User The User has no direct responsibility for switch management. user
He or she can view all switch status information and statistics,
but cannot make any configuration changes to the switch.

SLB Operator The SLB Operator manages Web servers and other Internet ser- slboper
vices and their loads. In addition to being able to view all switch
information and statistics, the SLB Operator can enable/disable
servers using the Server Load Balancing operation menu.

Layer 4 Operator The Layer 4 Operator manages traffic on the lines leading to the l4oper
shared Internet services. This user currently has the same access
level as the SLB operator. and the access level is reserved for
future use, to provide access to operational commands for opera-
tors managing traffic on the line leading to the shared Internet
services.

Operator The Operator manages all functions of the switch. In addition to oper
SLB Operator functions, the Operator can reset ports or the
entire switch.

SLB Administrator The SLB Administrator configures and manages Web servers slbadmin
and other Internet services and their loads. In addition to SLB
Operator functions, the SLB Administrator can configure
parameters on the Server Load Balancing menus, with the
exception of not being able to configure filters or bandwidth
management.

Layer 4 The Layer 4 Administrator configures and manages traffic on l4admin


Administrator the lines leading to the shared Internet services. In addition to
SLB Administrator functions, the Layer 4 Administrator can
configure all parameters on the Server Load Balancing menus,
including filters and bandwidth management.

Administrator The superuser Administrator has complete access to all menus, admin
information, and configuration commands on the Nortel Appli-
cation Switch, including the ability to change both the user and
administrator passwords.

NOTE – With the exception of the “admin” user, access to each user level can be disabled by
setting the password to an empty value. All user levels below “admin” will by default be ini-
tially disabled (empty password) until they are enabled by the “admin” user. This prevents
inadvertently leaving the switch open to unauthorized users.

30 „ Chapter 1: The Command Line Interface


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

CLI Versus Setup


Once the administrator password is verified, you are given complete access to the switch. If the
switch is still set to its factory default configuration, the system will ask whether you wish to
run Setup (see Chapter 2, “First-Time Configuration”), a utility designed to help you through
the first-time configuration process. If the switch has already been configured, the Main Menu
of the CLI is displayed instead.

The following table shows the Main Menu with administrator privileges.

[Main Menu]
info - Information Menu
stats - Statistics Menu
cfg - Configuration Menu
oper - Operations Command Menu
boot - Boot Options Menu
maint - Maintenance Menu
diff - Show pending config changes [global command]
apply - Apply pending config changes [global command]
save - Save updated config to FLASH [global command]
revert - Revert pending or applied changes [global command]
exit - Exit [global command, always available]

NOTE – If you are accessing a user account or Layer 4 administrator account, some menu
options will not be available.

Command Line History and Editing


For a description of global commands, shortcuts, and command line editing functions, see
“Menu Basics” on page 53.”

Idle Timeout
By default, the switch will disconnect your console or Telnet session after five minutes of inac-
tivity. This function is controlled by the idle timeout parameter, which can be set from 1 to 10080
minutes. For information on changing this parameter, see “System Configuration” on page 261.

Chapter 1: The Command Line Interface „ 31


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

32 „ Chapter 1: The Command Line Interface


320506-A, January 2006
CHAPTER 2
First-Time Configuration
To help with the initial process of configuring your switch, the Nortel Application Switch
Operating System software includes a Setup utility. The Setup utility prompts you step-by-step
to enter all the necessary information for basic configuration of the switch. This chapter
describes how to use the Setup utility and how to change system passwords.

NOTE – If you are configuring a 2000-SSL Series Switch, you can use the Switch Setup Utility
in the Nortel Application Switch Operating System 2000-SSL Series Quick Setup Guide (part
number 215102-A) instead for setting up the Switch and the SSL Processor. Then return to this
guide for configuration and management information on your Switch.

Using the Setup Utility


Whenever you log in as the system administrator under the factory default configuration, you
are asked whether you wish to run the Setup utility. Setup can also be activated manually from
the command line interface any time after login.

Information Needed For Setup


Setup requests the following information:

„ Basic system information


† Date & time
† Whether to use BOOTP or not
† Whether to use Spanning Tree Protocol or not
† Management port configuration
„ Optional configuration for each port
† Speed, duplex, flow control, and negotiation mode (as appropriate)
† Whether to use VLAN tagging or not (as appropriate)

33
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

„ Optional configuration for each VLAN


† Name of VLAN
† Which ports are included in the VLAN
„ Optional configuration of IP parameters
† IP address, subnet mask, and broadcast address, and VLAN for each IP interface
† IP addresses for up to four default gateways
† Destination, subnet mask, and gateway IP address for each IP static route
† Whether IP forwarding is enabled or not
† Whether the RIP supply is enabled or not

Starting Setup When You Log In


The Setup prompt appears automatically whenever you login as the system administrator under
the factory default settings.

1. Connect to the switch console.


After connecting, the login prompt will appear as shown below.

Enter Password:

2. Enter admin as the default administrator password.


If the factory default configuration is detected, the system prompts:

Connected to Nortel Application Switch 2424


18:44:05 Mon April 12, 2004

The switch is booted with factory default configuration.


To ease the configuration of the switch, a "Set Up" facility which
will prompt you with those configuration items that are essential to
the operation of the switch is provided.
Would you like to run "Set Up" to configure the switch? [y/n]:

NOTE – If the default admin login is unsuccessful, or if the administrator Main Menu appears
instead, the system configuration has probably been changed from the factory default settings.
If you are certain that you need to return the switch to its factory default settings, see “Select-
ing a Configuration Block” on page 515.

34 „ Chapter 2: First-Time Configuration


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

3. Enter y to begin the initial configuration of the switch, or n to bypass the Setup facility.

Chapter 2: First-Time Configuration „ 35


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Stopping and Restarting Setup Manually


Stopping Setup
To abort the Setup utility, press <Ctrl-C> during any Setup question. When you abort Setup,
the system will prompt:

Would you like to run from top again? [y/n]

Enter n to abort Setup, or y to restart the Setup program at the beginning.

Restarting Setup
You can restart the Setup utility manually at any time by entering the following command at
the administrator prompt:

# /cfg/setup

Setup Part 1: Basic System Configuration


When Setup is started, the system prompts:

"Set Up" will walk you through the configuration of


System Date and Time, BOOTP, Spanning Tree, Management port, Port
Speed/Mode,
VLANs, and IP interfaces. [type Ctrl-C to abort "Set Up"]
------------------------------------------------------------

Will you be configuring VLANs? [y/n]

1. Enter y if you will be configuring VLANs. Otherwise enter n.


If you decide not to configure VLANs during this session, you can configure them later using
the configuration menus, or by restarting the Setup facility. For more information on configur-
ing VLANs, see the Nortel Application Switch Operating System23.0.2 Application Guide.
Next, the Setup utility prompts you to input basic system information.

2. Enter the year of the current date at the prompt:

System Date:
Enter year [2004]:

Enter the last two digits of the year as a number from 00 to 99. “00” is considered 2000. To
keep the current year, press <Enter>.

36 „ Chapter 2: First-Time Configuration


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

3. Enter the month of the current system date at the prompt:

System Date:
Enter month [4]:

Enter the month as a number from 1 to 12. To keep the current month, press <Enter>.

4. Enter the day of the current date at the prompt:

Enter day [12]:

Enter the date as a number from 1 to 31. To keep the current day, press <Enter>.

5. Enter the hour of the current system time at the prompt:

System Time:
Enter hour in 24-hour format [18]:

Enter the hour as a number from 00 to 23. To keep the current hour, press <Enter>.

6. Enter the minute of the current time at the prompt:

Enter minutes [55]:

Enter the minute as a number from 00 to 59. To keep the current minute, press <Enter>.

7. Enter the seconds of the current time at the prompt:

Enter seconds [37]:

Enter the seconds as a number from 00 to 59. To keep the current second, press <Enter>.

The system displays the date and time settings:

System clock set to 18:55:36 Mon April 12, 2004.

8. Enable or disable the use of BOOTP at the prompt:

BootP Option:
Current BOOTP usage: disabled
Enter new BOOTP usage [d/e]:

Chapter 2: First-Time Configuration „ 37


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

If available on your network, a BOOTP server can supply the switch with IP parameters so that
you do not have to enter them manually. BOOTP must be disabled however, before the system
will prompt for IP parameters.

Enter d to disable the use of BOOTP, or enter e to enable the use of BOOTP. To keep the cur-
rent setting, press <Enter>.

9. Turn Spanning Tree Protocol on or off at the prompt:

Spanning Tree:
Current Spanning Tree setting: ON
Turn Spanning Tree OFF? [y/n]

Enter y to turn off Spanning Tree, or enter n to leave Spanning Tree on.

Setup Part 2: Port Configuration

NOTE – The port configuration options shown in these steps are for the Nortel Application
Switch Operating System 2424. When configuring port options for other switches, some of the
prompts and options may be different.

1. If desired, set up the management port:

Management Port Config:


Configure management port? [y/n] y

If you answer y to configure the management port, you will be prompted for IP address, subnet
mask, broadcast address, default gateway, and other management port options.

2. Select the port to configure, or skip port configuration at the prompt:

Port Config:
Enter port number: (1-28)

If you wish to change settings for individual ports, enter the number of the port you wish to
configure. To skip port configuration, press <Enter> without specifying any port and go to
“Setup Part 3: VLANs” on page 41.

38 „ Chapter 2: First-Time Configuration


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

3. If appropriate, configure Ethernet/Fast Ethernet port speed.


If you selected a port that has an Ethernet/Fast Ethernet connector, the system prompts:

Fast Link Configuration:


Port Speed:
Current Port 1 speed setting: 10/100
Enter new speed ["10"/"100"/"any"]:

Enter the port speed from the options available, or enter any to have the switch auto-sense the
port speed. To keep the current setting, press <Enter>.

4. If appropriate, configure Ethernet/Fast Ethernet port duplex mode.


If you selected a port that has an Ethernet/Fast Ethernet connector, the system prompts:

Port Mode:
Current port 1 mode setting: any
Enter new speed ["full"/"half"/"any"]

Enter full for full-duplex, half for half-duplex, or any to have the switch auto-negotiate. To
keep the current setting, press <Enter>.

5. If appropriate, configure Ethernet/Fast Ethernet port flow control.


If you selected a port that has an Ethernet/Fast Ethernet connector, the system prompts:

Port Flow Control:


Current Port 1 flow control setting: both
Enter new value ["rx"/"tx"/"both"/"none"]:

Enter rx to enable receive flow control, tx for transmit flow control, both to enable both, or
none to turn flow control off for the port. To keep the current setting, press <Enter>.

6. If appropriate, configure Ethernet/Fast Ethernet port autonegotiation mode.


If you selected a port that has an Ethernet/Fast Ethernet connector, the system prompts:

Port Auto Negotiation:


Current Port 1 autonegotiation: on
Enter new value ["on"/"off"]:

Enter on to enable autonegotiation, off to disable it, or press <Enter> to keep the current setting.

Chapter 2: First-Time Configuration „ 39


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

7. If appropriate, configure Gigabit Ethernet port flow parameters.


If you selected a port that has a Gigabit Ethernet connector, the system prompts:

Gig Link Configuration:


Port Flow Control:
Current Port 1 flow control setting: both
Enter new value ["rx"/"tx"/"both"/"none"]:

Enter rx to enable receive flow control, tx for transmit flow control, both to enable both, or
none to turn flow control off for the port. To keep the current setting, press <Enter>.

8. If appropriate, configure Gigabit Ethernet port autonegotiation mode.


If you selected a port that has a Gigabit Ethernet connector, the system prompts:

Port Auto Negotiation:


Current Port 1 autonegotiation: on
Enter new value ["on"/"off"]:

Enter on to enable port autonegotiation, off to disable it, or press <Enter> to keep the current
setting.

9. If configuring VLANs, enable or disable VLAN tagging for the port.


If you have selected to configure VLANs back in Part 1, the system prompts:

Port VLAN tagging config (tagged port can be a member of multiple VLANs)
Current TAG flag: disabled
Enter new TAG status [d/e]:

Enter d to disable VLAN tagging for the port or enter e to enable VLAN tagging for the port.
To keep the current setting, press <Enter>.

10. The system prompts you to configure the next port:

Enter port number:

When you are through configuring ports, press <Enter> without specifying any port. Other-
wise, repeat the steps in this section.

40 „ Chapter 2: First-Time Configuration


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Setup Part 3: VLANs


If you chose to skip VLANs configuration back in Part 1, skip to “Setup Part 4: IP Configura-
tion” on page 42.

1. Select the VLAN to configure, or skip VLAN configuration at the prompt:

VLAN Config:
Enter VLAN number from 2 to 4090, NULL at end:

If you wish to change settings for individual VLANs, enter the number of the VLAN you wish
to configure. To skip VLAN configuration, press <Enter> without typing a VLAN number and
go to “Setup Part 4: IP Configuration” on page 42.

2. Enter the new VLAN name at the prompt:

VLAN is newly created.


Pending new VLAN name: "VLAN 2"
Enter new VLAN name, without quotes:

Entering a new VLAN name is optional. To use the pending new VLAN name, press <Enter>.

3. Enter the VLAN port numbers.


The system prompts you to define the first port in the VLAN:

Define ports in VLAN:


Current VLAN 2: empty
Enter port numbers one per line, NULL at end:

Type the first port number to add to the current VLAN and press <Enter>. The right angle
prompt appears:

>

For each additional port in the VLAN, type the port number and press <Enter> to move to the
next line. Repeat this until all ports for the VLAN being configured are entered. When you are
finished adding ports to this VLAN, press <Enter> without specifying any port.

4. The system prompts you to configure the next VLAN:

VLAN Config:
Enter VLAN number from 2 to 4090, NULL at end:

Chapter 2: First-Time Configuration „ 41


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Repeat the steps in this section until all VLANs have been configured. When all VLANs have
been configured, press <Enter> without specifying any VLAN.

Setup Part 4: IP Configuration


If BOOTP was enabled back in Part 1, skip to Setup Part 5: Final Steps. Otherwise, if you dis-
abled BOOTP, the system prompts for IP parameters.

IP Interfaces
IP interfaces are used for defining subnets to which the switch belongs.

Up to 256 IP interfaces can be configured on the Nortel Application Switch. The IP address
assigned to each IP interface provides the switch with an IP presence on your network. No two
IP interfaces can be on the same IP subnet. The interfaces can be used for connecting to the
switch for remote configuration, and for routing between subnets and VLANs (if used).

1. Select the IP interface to configure, or skip interface configuration at the prompt:

IP Config:

IP interfaces:
Enter interface number: (1-256)

NOTE – The total number of interfaces on an Nortel Application Switch 2424-SSL is


1-255.

If you wish to configure individual IP interfaces, enter the number of the IP interface you wish
to configure. To skip IP interface configuration, press <Enter> without typing an interface
number and go to “Default Gateways” on page 43.

2. For the specified IP interface, enter the IP address in dotted decimal notation:

Current IP address: 0.0.0.0


Enter new IP address:

To keep the current setting, press <Enter>.

3. At the prompt, enter the IP subnet mask in dotted decimal notation:

Current subnet mask: 0.0.0.0


Enter new subnet mask:

42 „ Chapter 2: First-Time Configuration


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

To keep the current setting, press <Enter>.

4. At the prompt, enter the broadcast IP address in dotted decimal notation:

Current broadcast address: 0.0.0.0


Enter new broadcast address:

To keep the current setting, press <Enter>.

5. If configuring VLANs, specify a VLAN for the interface.


This prompt appears if you selected to configure VLANs back in Part 1:

Current VLAN: 1
Enter new VLAN:

Enter the number for the VLAN to which the interface belongs, or press <Enter> without spec-
ifying a VLAN number to accept the current setting.

6. At the prompt, enter y to enable the IP interface, or n to leave it disabled:

Enable IP interface? [y/n]

7. The system prompts you to configure another interface:

Enter interface number: (1-256)

Repeat the steps in this section until all IP interfaces have been configured. When all interfaces
have been configured, press <Enter> without specifying any interface number.

Default Gateways
1. At the prompt, select a default gateway for configuration, or skip default gateway config-
uration:

IP default gateways:
Enter default gateway number: (1-259)

Enter the number for the default gateway to be configured. To skip default gateway configura-
tion, press <Enter> without typing a gateway number and go to “IP Routing” on page 44.

Chapter 2: First-Time Configuration „ 43


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

2. At the prompt, enter the IP address for the selected default gateway:

Current IP address: 0.0.0.0


Enter new IP address:

Enter the IP address in dotted decimal notation, or press <Enter> without specifying an address
to accept the current setting.

3. At the prompt, enter y to enable the default gateway, or n to leave it disabled:

Enable default gateway? [y/n]

4. The system prompts you to configure another default gateway:

Enter default gateway number: (1-259)

Repeat the steps in this section until all default gateways have been configured. When all
default gateways have been configured, press <Enter> without specifying any number.

IP Routing
When IP interfaces are configured for the various subnets attached to your switch, IP routing
between them can be performed entirely within the switch. This eliminates the need to bounce
inter-subnet communication off an external router device. Routing on more complex networks,
where subnets may not have a direct presence on the Nortel Application Switch, can be accom-
plished through configuring static routes or by letting the switch learn routes dynamically.

This part of the Setup program prompts you to configure the various routing parameters.

1. At the prompt, enable or disable forwarding for IP Routing:

Enable IP forwarding? [y/n]

Enter y to enable IP forwarding. To disable IP forwarding, enter n and proceed to Step 2.To
keep the current setting, press <Enter>.

2. At the prompt, enable or disable the RIP supply:

Enable RIP supply? [y/n]

44 „ Chapter 2: First-Time Configuration


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Setup Part 5: Final Steps


1. When prompted, decide whether to restart Setup or continue:

Would you like to run from top again? [y/n]

Enter y to restart the Setup utility from the beginning, or n to continue.

2. When prompted, decide whether you wish to review the configuration changes:

Review the changes made? [y/n]

Enter y to review the changes made during this session of the Setup utility. Enter n to continue
without reviewing the changes. We recommend that you review the changes.

3. Next, decide whether to apply the changes at the prompt:

Apply the changes? [y/n]

Enter y to apply the changes, or n to continue without applying. Changes are normally applied.

4. At the prompt, decide whether to make the changes permanent:

Save changes to flash? [y/n]

Enter y to save the changes to flash. Enter n to continue without saving the changes. Changes
are normally saved at this point.

5. If you do not apply or save the changes, the system prompts whether to abort them:

Abort all changes? [y/n]

Enter y to discard the changes. Enter n to return to the Apply the changes? prompt.

NOTE – After initial configuration is complete, it is recommended that you change the default
passwords as shown in “Setting Passwords” on page 47.

Chapter 2: First-Time Configuration „ 45


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Optional Setup for SNMP Support

NOTE – This step is optional. Perform this procedure only if you are planning on using SNMP-
based tools, such as Nortel ASEM.

NOTE – If you need to configure SNMPv3, refer to “SNMPv3 Configuration Menu” on page
276 of this manual.

1. Enable SNMP and select one of the options.

>> # /cfg/sys/access/snmp (disabled/read-only/read-write) [d/r/w]:

2. Set SNMP read or write community string. By default, they are public and private
respectively.

>> # /cfg/sys/ssnmp/rcomm|wcomm

3. Apply and save configuration if you are not configuring the switch with Telnet support.
Otherwise apply and save after “Optional Setup for Telnet Support” on page 46.

>> System# apply


>> System# save

Optional Setup for Telnet Support

NOTE – This step is optional. Perform this procedure only if you are planning on connecting to
the switch through any telnet application.

1. Enable telnet.

>> # /cfg/sys/access/tnet ena

2. Apply and save SNMP and /or telnet configuration(s).

>> System# apply


>> System# save

46 „ Chapter 2: First-Time Configuration


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

If your network uses Routing Interface Protocol (RIP), enter y to enable the RIP supply. Other-
wise, enter n to disable it. When RIP is enabled, RIP listen is set by default.

Setting Passwords
It is recommended that you change the user and administrator passwords after initial configu-
ration and as regularly as required under your network security policies.

To change both the user password and the administrator password, you must login using the
administrator password. Passwords cannot be modified from the user command mode.

NOTE – If you forget your administrator password, call your technical support representative
for help using the password fix-up mode.

Changing the Default Administrator Password


The administrator has complete access to all menus, information, and configuration com-
mands, including the ability to change both the user and administrator passwords.

The default password for the administrator account is admin. To change the default password,
follow this procedure:

1. Connect to the switch and log in using the admin password.

2. From the Main Menu, use the following command to access the Configuration Menu:

Main# /cfg

Chapter 2: First-Time Configuration „ 47


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

The Configuration Menu is displayed.

[Configuration Menu]
sys - System-wide Parameter Menu
port - Port Menu
pmirr - Port Mirroring Menu
bwm - Bandwidth Management Menu
l2 - Layer 2 Menu
l3 - Layer 3 Menu
slb - Server Load Balancing (Layer 4-7) Menu
security - Security Menu
setup - Step by step configuration set up
dump - Dump current configuration to script file
ptcfg - Backup current configuration to tftp server
gtcfg - Restore current configuration from tftp server

3. From the Configuration Menu, use the following command to select the System Menu:

>> Configuration# sys

The System Menu is displayed.

[System Menu]
syslog - Syslog Menu
mmgmt - Management Port Menu
sshd - SSH Server Menu
radius - RADIUS Authentication Menu
tacacs - TACACS+ Authentication Menu
ntp - NTP Server Menu
sonmp - SONMP Menu
ssnmp - System SNMP Menu
health - System Health Check Menu
access - System Access Menu
date - Set system date
time - Set system time
idle - Set timeout for idle CLI sessions
notice - Set login notice
bannr - Set login banner
smtp - Set SMTP host
hprompt - Enable/disable display hostname (sysName) in CLI prompt
bootp - Enable/disable use of BOOTP
cur - Display current system-wide parameters

48 „ Chapter 2: First-Time Configuration


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

4. From the System menu, use the following path to select the User menu:

System# access/user

5. Select the administrator password.

System# user/admpw

6. Enter the current administrator password at the prompt:

Changing ADMINISTRATOR password; validation required...


Enter current administrator password:

NOTE – If you forget your administrator password, call your technical support representative
for help using the password fix-up mode.

7. Enter the new administrator password at the prompt:

Enter new administrator password:

8. Enter the new administrator password, again, at the prompt:

Re-enter new administrator password:

9. Apply and save your change by entering the following commands:

System# apply
System# save

Changing the Default User Password


The user login has limited control of the switch. Through a user account, you can view switch
information and statistics, but you can’t make configuration changes.

The default password for the user account is user. This password cannot be changed from the
user account. Only the administrator has the ability to change passwords, as shown in the fol-
lowing procedure.

Chapter 2: First-Time Configuration „ 49


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

1. Connect to the switch and log in using the admin password.

2. From the Main Menu, use the following command to access the Configuration Menu:

Main# cfg

3. From the Configuration Menu, use the following command to select the System Menu:

>> Configuration# sys

4. Select the user password.

System# access/user/usrpw

5. Enter the current administrator password at the prompt.


Only the administrator can change the user password. Entering the administrator password
confirms your authority.

Changing USER password; validation required...


Enter current administrator password:

6. Enter the new user password at the prompt:

Enter new user password:

7. Enter the new user password, again, at the prompt:

Re-enter new user password:

8. Apply and save your changes:

System# apply
System# save

50 „ Chapter 2: First-Time Configuration


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Changing the Default Layer 4 Administrator Password


The Layer 4 administrator has limited control of the switch. Through a Layer 4 administrator
account, you can view all switch information and statistics, but can configure changes only on
the Server Load Balancing menus.

The default password for the Layer 4 administrator account is l4admin. To change the
default password, follow this procedure:

1. Connect to the switch and log in using the administrator account.


To change any switch password, you must login using the administrator password. Passwords
cannot be modified from the Layer 4 administrator account or the user account.

2. From the Main Menu, use the following path to access the user command:

Main# /cfg/sys/access/user

3. Select the Layer 4 administrator password:

System# l4apw

4. Enter the current administrator password (not the Layer 4 administrator password) at
the prompt:

Changing L4 ADMINISTRATOR password; validation required...


Enter current administrator password:

NOTE – If you forget your administrator password, call your technical support representative
for help using the password fix-up mode.

5. Enter the new Layer 4 administrator password at the prompt:

Enter new L4 administrator password:

6. Enter the new administrator password, again, at the prompt:

Re-enter new L4 administrator password:

Chapter 2: First-Time Configuration „ 51


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

7. Apply and save your change by entering the following commands:

System# apply
System# save

52 „ Chapter 2: First-Time Configuration


320506-A, January 2006
CHAPTER 3
Menu Basics
The Nortel Application Switch’s Command Line Interface (CLI) is used for viewing switch
information and statistics. In addition, the administrator can use the CLI for performing all lev-
els of switch configuration.

To make the CLI easy to use, the various commands have been logically grouped into a series
of menus and sub-menus. Each menu displays a list of commands and/or sub-menus that are
available, along with a summary of what each command will do. Below each menu is a prompt
where you can enter any command appropriate to the current menu.

This chapter describes the Main Menu commands, and provides a list of commands and short-
cuts that are commonly available from all the menus within the CLI.

The Main Menu


The Main Menu appears after a successful connection and login. The following table shows
the Main Menu for the administrator login. Some features are not available under the user
login.

53
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

NOTE – The ssl option is only visible on the Nortel Application Switch Operating System
2000-SSL Series.

[Main Menu]
info - Information Menu
stats - Statistics Menu
cfg - Configuration Menu
oper - Operations Command Menu
boot - Boot Options Menu
maint - Maintenance Menu
ssl - SSl Accelerator Menu
diff - Show pending config changes [global command]
apply - Apply pending config changes [global command]
save - Save updated config to FLASH [global command]
revert - Revert pending or applied changes [global command]
exit - Exit [global command, always available]

Menu Summary
„ Information Menu
Provides sub-menus for displaying information about the current status of the switch:
from basic system settings to VLANs, Layer 4 settings, and more.
„ Statistics Menu
Provides sub-menus for displaying switch performance statistics. Included are port, IF, IP,
ICMP, TCP, UDP, SNMP, routing, ARP, DNS, VRRP, and Layer 4 statistics.
„ Configuration Menu
This menu is available only from an administrator login. It includes sub-menus for config-
uring every aspect of the switch. Changes to configuration are not active until explicitly
applied. Changes can be saved to non-volatile memory.
„ Operations Command Menu
Operations-level commands are used for making immediate and temporary changes to
switch configuration. This menu is used for bringing ports temporarily in and out
of service, performing port mirroring, and enabling or disabling Server Load Balancing
functions. It is also used for activating or deactivating optional software packages.
„ Boot Options Menu
This menu is used for upgrading switch software, selecting configuration blocks, and for
resetting the switch when necessary.

54 „ Chapter 3: Menu Basics


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

„ Maintenance Menu
This menu is used for debugging purposes, enabling you to generate a dump of the critical
state information in the switch, and to clear entries in the forwarding database and the
ARP and routing tables.
„ SSL Accelerator Menu
This menu is used for

Chapter 3: Menu Basics „ 55


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Global Commands
Some basic commands are recognized throughout the menu hierarchy. These commands are
useful for obtaining online help, navigating through menus, and for applying and saving con-
figuration changes.
For help on a specific command, type help. You will see the following screen:

Global Commands: [can be issued from any menu]


help up print pwd
lines verbose exit quit
diff apply save revert
ping ping6 traceroute telnet
history pushd popd who

The following are used to navigate the menu structure:


. Print current menu
.. Move up one menu level
/ Top menu if first, or command separator
! Execute command from history

Table 3-1 Description of Global Commands

Command Action

? command Provides more information about a specific command on the current menu.
or help When used without the command parameter, a summary of the global com-
mands is displayed.

. or print Display the current menu.

.. or up Go up one level in the menu structure.

/ If placed at the beginning of a command, go to the Main Menu. Otherwise,


this is used to separate multiple commands placed on the same line.

lines Set the number of lines (n) that display on the screen at one time. The default
is 24 lines. When used without a value, the current setting is displayed.

diff Show any pending configuration changes.

apply Apply pending configuration changes.

save Write configuration changes to non-volatile flash memory.

revert Remove pending configuration changes between “apply” commands. Use


this command to restore configuration parameters set since last “apply” com-
mand.

exit or quit Exit from the command line interface and log out.

56 „ Chapter 3: Menu Basics


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 3-1 Description of Global Commands

Command Action

ping Use this command to verify station-to-station connectivity across the net-
work. The format is as follows:
ping <host name>|<IP address> [tries <(1-32)> [msec delay]] [-m|
-mgmt|-d|-data]
Where IP address is the hostname or IP address of the device, tries (optional)
is the number of attempts (1-32), msec delay (optional) is the number of mil-
liseconds between attempts. By default, the -d or -data option for net-
work ports is in effect. If the management port is used, specify the -m or
-mgmt option. The DNS parameters must be configured if specifying host-
names (see “Domain Name System Configuration Menu” on page 379).

ping6 Use this command to verify an IP address and interface connectivity across
the network. The format is as follows:
ping6 <IP6 address> <Interface number>
For example:
ping6 3001::1234 - for ping6 global unicast address
ping6 fe80::201:2ff:feb1:10e2 20 - for ping6 link-local address

traceroute Use this command to identify the route used for station-to-station connectiv-
ity across the network. The format is as follows:
traceroute <host name>| <IP address> [<max-hops (1-32)>
[msec delay]] [-m|-mgmt|-d|-data]
Where IP address is the hostname or IP address of the target station, max-
hops (optional) is the maximum distance to trace (1-16 devices), and delay
(optional) is the number of milliseconds for wait for the response. By default,
the -d or -data option for network ports is in effect. If the management
port is used, specify the -m or -mgmt option. As with ping, the DNS
parameters must be configured if specifying hostnames.

pwd Display the command path used to reach the current menu.

verbose n Sets the level of information displayed on the screen:


0 =Quiet: Nothing appears except errors—not even prompts.
1 =Normal: Prompts and requested output are shown, but no menus.
2 =Verbose: Everything is shown.
When used without a value, the current setting is displayed.

telnet This command is used to telnet out of the switch. The format is as follows:
<hostname>|<IP address> [port] [-m|-mgmt|-d|-data].
Where IP address is the hostname or IP address of the device. By default, the
-d or -data option for network ports is in effect. If the management port
is used, specify the -m or -mgmt option.

history This command brings up the history of the last 10 commands.

Chapter 3: Menu Basics „ 57


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 3-1 Description of Global Commands

Command Action

pushd This command stores the current location of the menu tree. Optionally, a new
path to change to can be specified. The format is as follows:
pushd [<new_path>]

popd This command takes the user one level back to the menu location stored by
the last pushd command.

who This command displays the currently logged user’s session information.

58 „ Chapter 3: Menu Basics


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Command Line History and Editing


Using the command line interface, you can retrieve and modify previously entered commands
with just a few keystrokes. The following options are available globally at the command line:

Table 3-2 Command Line History and Editing Options

Option Description

history Display a numbered list of the last 10 previously entered commands.

!! Repeat the last entered command.

!n Repeat the nth command shown on the history list.

<Ctrl-p> (Also the up arrow key.) Recall the previous command from the history list. This can
be used multiple times to work backward through the last 10 commands. The recalled
command can be entered as is, or edited using the options below.

<Ctrl-n> (Also the down arrow key.) Recall the next command from the history list. This can be
used multiple times to work forward through the last 10 commands. The recalled com-
mand can be entered as is, or edited using the options below.

<Ctrl-a> Move the cursor to the beginning of command line.

<Ctrl-e> Move cursor to the end of the command line.

<Ctrl-b> (Also the left arrow key.) Move the cursor back one position to the left.

<Ctrl-f> (Also the right arrow key.) Move the cursor forward one position to the right.

<Backspace> (Also the Delete key.) Erase one character to the left of the cursor position.

<Ctrl-d> Delete one character at the cursor position.

<Ctrl-k> Kill (erase) all characters from the cursor position to the end of the command line.

<Ctrl-l> Redraw the screen.

<Ctrl-u> Clear the entire line.

Other keys Insert new characters at the cursor position.

Chapter 3: Menu Basics „ 59


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Command Line Interface Shortcuts

Command Stacking
As a shortcut, you can type multiple commands on a single line, separated by forward slashes
(/). You can connect as many commands as required to access the menu option that you want.
For example, the keyboard shortcut to access the Spanning Tree Port Configuration Menu
from the Main# prompt is as follows:

Main# cfg/l2/stg/port

Command Abbreviation
Most commands can be abbreviated by entering the first characters which distinguish the com-
mand from the others in the same menu or sub-menu. For example, the command shown above
could also be entered as follows:

Main# c/l2/st/p

Tab Completion
By entering the first letter of a command at any menu prompt and hitting <Tab>, the CLI will
display all commands or options in that menu that begin with that letter. Entering additional
letters will further refine the list of commands or options displayed. If only one command fits
the input text when <Tab> is pressed, that command will be supplied on the command line,
waiting to be entered. If the <Tab> key is pressed without any input on the command line, the
currently active menu will be displayed.

Configuration Ranges
Most commands now support the use of configuration ranges. Configuration ranges allow the
user to set common parameters on a range of similar items on the switch like ports or VLANs.
For example, the command shown below would set the PVID of ports 1 through 10 to 5.

Main# /cfg/port 1-10/pvid 5

60 „ Chapter 3: Menu Basics


320506-A, January 2006
CHAPTER 4
The Information Menu
You can view configuration information for the switch in both the user and administrator command
modes. This chapter discusses how to use the command line interface to display switch infor-
mation.

/info
Information Menu
[Information Menu]
sys - System Information Menu
l2 - Layer 2 Information Menu
l3 - Layer 3 Information Menu
slb - Layer 4-7 Information Menu
bwm - Bandwidth Management Information Menu
security - Show Security status
link - Show link status
port - Show port information
swkey - Show enabled software features
dump - Dump all information

The information provided by each menu option is briefly described in Table 4-1 on page 61,
with pointers to where detailed information can be found.

Table 4-1 Information Menu Options (/info)

Command Syntax and Usage

sys
Displays system menu information. To view menu options, see page 63.

l2
Displays the Layer 2 Information Menu. For details, see page 89.

l3
Displays the Layer 3 information menu. For details, see page 106.

61
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 4-1 Information Menu Options (/info)

Command Syntax and Usage

slb
Displays the Layer 4 Information Menu. To view menu options, see page 132.

bwm
Displays Bandwidth Management information. For details, see page 141.

security
Displays current UDP blast settings and the security status of the port. To view a sample, see
page 146.

link
Displays configuration information about each port, including:
„ Port number
„ Port speed (10, 100, 10/100, or 1000)
„ Duplex mode (half, full, or auto)
„ Flow control for transmit and receive (no, yes, or auto)
„ Link status (up or down)
For details, see page 147.

port
Displays port status information, including:
„ Port number
„ Whether the port uses VLAN Tagging or not
„ Port VLAN ID (PVID)
„ Port name
„ VLAN membership
For details, see page 149.

swkey
Displays a list of all the optional software packages which have been activated or installed on your
switch. For details see page 150.

dump
Dumps all switch information available from the Information Menu (10K or more, depending on
your configuration).
If you want to capture dump data to a file, set your communication software on your workstation to
capture session data prior to issuing the dump commands. For details, see page 150.

62 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/sys
System Information Menu
[System Menu]
snmpv3 - SNMPv3 Information Menu
general - Show general system information
time - Show date and time
log - Show last 64 syslog messages
slog - Show last 64 syslog messages saved in FLASH
mgmt - Show management port information
sonmp - Show SONMP topology table information
capacity - Show switch capacity information
fan - Show switch fan status
temp - Show switch temperature sensor status
encrypt - Show switch encryption licenses
user - Show current user status
dump - Dump all system information

Table 4-2 Information System Menu Options (/info/sys)

Command Syntax and Usage

snmpv3
Displays SNMPv3 Information Menu. To view the menu options, see page 65.

general
Displays general system information including:
„ System information like time, day, and date.
„ Switch model name and number
„ How long the switch has been up
„ Time of last boot
„ MAC address of the switch management processor
„ Internal SSL Processor MAC Address if the switch is 2424-SSL
„ IP address of IP interface #1
„ Hardware order number and part numbers of the Mainboard Hardware, Management Processor
Board Hardware, and Fast Ethernet Board Hardware
„ Software image file and version number
„ Configuration name
„ Log-in banner, if one is configured
See page 74 for a sample output.

time
Displays the current time.

log
Displays last 64 syslog messages. See page 76 for a sample output and detailed information.

Chapter 4: The Information Menu „ 63


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 4-2 Information System Menu Options (/info/sys)

Command Syntax and Usage

slog
Displays the last 64 syslog messages that are saved in flash. See page 77 for a sample output.

mgmt
Displays Management port information. See page 78 for detailed information.

sonmp
Displays SONMP topology table information. See page 79 for detailed information.

capacity gen|bwm|l2|l3|slb|port
Displays the switch capacity information. This output displays the maximum switch capacity for
the various applications and services that the switch supports. The output contains capacity infor-
mation about Layer 2, Layer 3, RIP, OSPF, BGP, Route Maps, Network Filters, VRRP, Layer 4-7,
which includes Server Load Balancing, Filters, GSLB, Health Checks, Bandwidth Management,
General switch information, and SNMPv3.
See page 80 for a sample output.

fan
Displays the fan status of the switch.

temp
Displays the temperature status of the switch sensors.

encrypt
Displays the current encryption licenses.

user
Displays the current user names.

dump
Displays all system information. See page 84 for a sample output.

64 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/sys/snmpv3
SNMPv3 System Information Menu
SNMP version 3 (SNMPv3) is an extensible SNMP Framework that supplements the SNMPv2
Framework by supporting the following:

„ a new SNMP message format


„ security for messages
„ access control
„ remote configuration of SNMP parameters
For more details on the SNMPv3 architecture please refer to RFC2271 to RFC2276.

[SNMPv3 Information Menu]


usm - Show usmUser table information
view - Show vacmViewTreeFamily table information
access - Show vacmAccess table information
group - Show vacmSecurityToGroup table information
comm - Show community table information
taddr - Show targetAddr table information
tparam - Show targetParams table information
notify - Show notify table information
dump - Show all SNMPv3 information

Table 4-3 SNMPv3 information Menu Options (/info/sys/snmpv3)

Command Syntax and Usage

usm
Displays User Security Model (USM) table information. To view the table, see page 66.

view
Displays information about view, sub tress, mask and type of view. To view a sample, see page 67.

access
Displays View-based Access Control information. To view a sample, see page 68.

group
Displays information about the group that includes, the security model, user name, and group
name. To view a sample, see page 69.

comm
Displays information about the community table information. To view a sample, see page 69.

taddr
Displays the Target Address table information. To view a sample, see page 70.

Chapter 4: The Information Menu „ 65


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 4-3 SNMPv3 information Menu Options (/info/sys/snmpv3)

Command Syntax and Usage

tparam
Displays the Target parameters table information. To view a sample, see page 71.

notify
Displays the Notify table information. To view a sample, see page 72.

dump
Displays all the SNMPv3 information. To view a sample, see page 73.

/info/sys/snmpv3/usm
SNMPv3 USM User Table Information
The User-based Security Model (USM) in SNMPv3 provides security services such as authen-
tication and privacy of messages. This security model makes use of a defined set of user iden-
tities displayed in the USM user table. The USM user table contains information like:

„ the user name


„ a security name in the form of a string whose format is independent of the Security Model
„ an authentication protocol, which is an indication that the messages sent on behalf of the
user can be authenticated
„ the privacy protocol.

usmUser Table:
User Name Protocol
-------------------------------- --------------------------------
admin NO AUTH, NO PRIVACY
adminmd5 HMAC_MD5, DES PRIVACY
adminsha HMAC_SHA, DES PRIVACY
v1v2only NO AUTH, NO PRIVACY

66 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 4-4 USM User Table Information Parameters (/info/sys/usm)

Field Description

User Name This is a string that represents the name of the user that you can
use to access the switch.

Protocol This indicates whether messages sent on behalf of this user are
protected from disclosure using a privacy protocol. Nortel Appli-
cation Switch Operating System23.0.2 supports DES algorithm
for privacy. The software also supports two authentication algo-
rithms: MD5 and HMAC-SHA.

/info/sys/snmpv3/view
SNMPv3 View Table Information
The user can control and restrict the access allowed to a group to only a subset of the manage-
ment information in the management domain that the group can access within each context by
specifying the group’s rights in terms of a particular MIB view for security reasons.

View Name Subtree Mask Type


----------------- ------------------ -------------- --------
org 1.3 included
v1v2only 1.3 included
v1v2only 1.3.6.1.6.3.15 excluded
v1v2only 1.3.6.1.6.3.16 excluded
v1v2only 1.3.6.1.6.3.18 excluded

Table 4-5 SNMPv3 View Table Information Parameters (/info/sys/snmpv3/view)

Field Description

View Name Displays the name of the view.

Subtree Displays the MIB subtree as an OID string. A view subtree is the set
of all MIB object instances which have a common Object Identifier
prefix to their names.

Mask Displays the bit mask.

Type Displays whether a family of view subtrees is included or


excluded from the MIB view.

Chapter 4: The Information Menu „ 67


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/sys/snmpv3/access
SNMPv3 Access Table Information
The access control sub system provides authorization services.

The vacmAccessTable maps a group name, security information, a context, and a message
type, which could be the read or write type of operation or notification into a MIB view.

The View-based Access Control Model defines a set of services that an application can use for
checking access rights of a group. This group's access rights are determined by a read-view, a
write-view and a notify-view. The read-view represents the set of object instances authorized
for the group while reading the objects. The write-view represents the set of object instances
authorized for the group when writing objects. The notify-view represents the set of object
instances authorized for the group when sending a notification.

Group Name Prefix Model Level Match ReadV WriteV NotifyV


---------- ------ ------- ------ ------ ------ ------ -----
admin usm noAuthNoPriv exact org org org
v1v2grp snmpv1 noAuthNoPriv exact org org v1v2only
admingrp usm authPriv exact org org org

Table 4-6 SNMPv3 Access Table Information (/info/sys/snmpv3/access)

Field Description

Group Name Displays the name of group.

Prefix Displays the prefix that is configured to match the values.

Model Displays the security model used, for example, SNMPv1, or


SNMPv2 or USM.

Level Displays the minimum level of security required to gain rights of


access. For example, noAuthNoPriv, authNoPriv, or auth-
Priv.

Match Displays the match for the contextName. The options are: exact
and prefix.

ReadV Displays the MIB view to which this entry authorizes the read
access.

WriteV Displays the MIB view to which this entry authorizes the write
access.

NotifyV Displays the Notify view to which this entry authorizes the notify
access.

68 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/sys/snmpv3/group
SNMPv3 Group Table Information
A group is a combination of security model and security name that defines the access rights
assigned to all the security names belonging to that group. The group is identified by a group
name.

Sec Model User Name Group Name


---------- ------------------------------- --------------------
snmpv1 v1v2only v1v2grp
usm admin admin
usm adminmd5 admingrp
usm adminsha admingrp

Table 4-7 SNMPv3 Group Table Information Parameters (/info/sys/snmpv3/group)

Field Description

Sec Model Displays the security model used, which is any one of: USM,
SNMPv1, SNMPv2, and SNMPv3.

User Name Displays the name for the group.

Group Name Displays the access name of the group.

/info/sys/snmpv3/comm
SNMPv3 Community Table Information
This command displays the community table information stored in the SNMP engine.

Index Name User Name Tag


---------- ---------- -------------------- ----------
trap1 public v1v2only v1v2trap

Chapter 4: The Information Menu „ 69


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 4-8 SNMPv3 Community Table Parameters (/info/sys/snmpv3/comm)

Field Description

Index Displays the unique index value of a row in this table

Name Displays the community string, which represents the configuration.

User Name Displays the User Security Model (USM) user name.

Tag Displays the community tag. This tag specifies a set of transport
endpoints from which a command responder application accepts
management requests and to which a command responder applica-
tion sends an SNMP trap.

/info/sys/snmpv3/taddr
SNMPv3 Target Address Table Information
This command displays the SNMPv3 target address table information, which is stored in the
SNMP engine.

Name Transport Addr Port Taglist Params


---------- --------------- ---- ---------- ---------------
trap1 47.81.25.66 162 v1v2trap v1v2param

Table 4-9 SNMPv3 Target Address Table Information Parameters (/info/sys/


snmpv3/taddr)

Field Description

Name Displays the locally arbitrary, but unique identifier associated with
this snmpTargetAddrEntry.

Transport Addr Displays the transport addresses.

Port Displays the SNMP UDP port number.

Taglist This column contains a list of tag values which are used to select tar-
get addresses for a particular SNMP message.

Params The value of this object identifies an entry in the snmpTargetParam-


sTable. The identified entry contains SNMP parameters to be used
when generating messages to be sent to this transport address.

70 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/sys/snmpv3/tparam
SNMPv3 Target Parameters Table Information

Name MP Model User Name Sec Model Sec Level


--------------- -------- -------------- --------- ---------
v1v2param snmpv2c v1v2only snmpv1 noAuthNoPriv

Table 4-10 SNMPv3 Target Parameters Table Information (/info/sys/snmpv3/


tparam)

Field Description

Name Displays the locally arbitrary, but unique identifier associated with
this snmpTargeParamsEntry.

MP Model Displays the Message Processing Model used when generating


SNMP messages using this entry.

User Name Displays the securityName, which identifies the entry on whose
behalf SNMP messages will be generated using this entry.

Sec Model Displays the security model used when generating SNMP messages
using this entry. The system may choose to return an inconsis-
tentValue error if an attempt is made to set this variable to a
value for a security model which the system does not support.

Sec Level Displays the level of security used when generating SNMP mes-
sages using this entry.

Chapter 4: The Information Menu „ 71


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/sys/snmpv3/notify
SNMPv3 Notify Table Information

Name Tag
-------------------- --------------------
v1v2trap v1v2trap

Table 4-11 SNMPv3 Notify Table Information (/info/sys/snmpv3/notify)

Field Description

Name The locally arbitrary, but unique identifier associated with this
snmpNotifyEntry.

Tag This represents a single tag value which is used to select entries in
the snmpTargetAddrTable. Any entry in the snmpTar-
getAddrTable that contains a tag value equal to the value of this
entry, is selected. If this entry contains a value of zero length, no
entries are selected.

72 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/sys/snmpv3/dump
SNMPv3 Dump Information

usmUser Table:
User Name Protocol
-------------------------------- --------------------------------
admin NO AUTH, NO PRIVACY
adminmd5 HMAC_MD5, DES PRIVACY
adminsha HMAC_SHA, DES PRIVACY
v1v2only NO AUTH, NO PRIVACY

vacmAccess Table:
Group Name Prefix Model Level Match ReadV WriteV NotifyV
---------- ------ ------- ---------- ------ ------- -------- ------
admin usm noAuthNoPriv exact org org org
v1v2grp snmpv1 noAuthNoPriv exact org org v1v2only
admingrp usm authPriv exact org org org

vacmViewTreeFamily Table:
View Name Subtree Mask Type
-------------------- --------------- ------------ --------------
org 1.3 included
v1v2only 1.3 included
v1v2only 1.3.6.1.6.3.15 excluded
v1v2only 1.3.6.1.6.3.16 excluded
v1v2only 1.3.6.1.6.3.18 excluded

vacmSecurityToGroup Table:
Sec Model User Name Group Name
---------- ------------------------------- -----------------------
snmpv1 v1v2only v1v2grp
usm admin admin
usm adminsha admingrp

snmpCommunity Table:
Index Name User Name Tag
---------- ---------- -------------------- ----------
snmpNotify Table:
Name Tag
-------------------- --------------------
snmpTargetAddr Table:
Name Transport Addr Port Taglist Params
---------- --------------- ---- ---------- ---------------
snmpTargetParams Table:
Name MP Model User Name Sec Model Sec Level
-------------------- -------- ------------------ --------- -------

Chapter 4: The Information Menu „ 73


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/sys/general
General System Information

On a Nortel Application Switch 2424:

System Information at 6:56:53 Thu Sep 15, 2005 (DST)


Time zone: America/Canada/Atlantic-Nova-Scotia (GMT offset -4:00)

Alteon Application Switch 2424

Switch is up 3 days, 11 hours, 28 minutes and 34 seconds.


Last boot: 18:28:09 Sun Sep 11, 2005 (reset from Telnet)
Last apply: unknown
Last save: 5

MAC Address: 00:01:81:2e:bc:50 IP (If 1) Address: 0.0.0.0


Hardware Order No: EB1412006 Serial No: ABCDE600MJ Rev: 09
Mainboard Hardware: Part No: P314090-A Rev: 00
Management Processor Board Hardware: Part No: P314080-A Rev: 00
Fast Ethernet Board Hardware: Part No: P314091-A Rev: 00

Note - When the measured temperature inside the switch EXCEEDs


the high threshold at 62 degree Celsius a syslog message
will be generated.

Software Version 23.0.1 (FLASH image2), active configuration.

74 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

On a Nortel Application Switch 2424-SSL:

System Information at 6:56:53 Thu Sep 15, 2005 (DST)


Time zone: America/Canada/Atlantic-Nova-Scotia (GMT offset -4:00)

Alteon Application Switch 2424-SSL

Switch is up 3 days, 11 hours, 28 minutes and 34 seconds.


Last boot: 18:28:09 Sun Sep 11, 2005 (reset from Telnet)
Last apply: unknown
Last save: 5

MAC Address: 00:01:81:2e:bc:50 IP (If 1) Address: 0.0.0.0


Internal SSL Processor MAC Address: 00:01:81:2e:bc:6f
Hardware Order No: EB1412006 Serial No:ABCDE600MJ Rev: 09
Mainboard Hardware: Part No: P314090-A Rev: 00
Management Processor Board Hardware: Part No: P314080-A Rev: 00
Fast Ethernet Board Hardware: Part No: P314091-A Rev: 00

Note - When the measured temperature inside the switch EXCEEDs


the high threshold at 62 degree Celsius a syslog message
will be generated.

Software Version 23.0.1 (FLASH image2), active configuration.

NOTE – The display of temperature will come up only if the temperature of any of the sensors
exceeds 60oC. There will be a warning from the software if any of the sensors exceeds this
temperature threshold. The switch will shut down if the power supply overheats and the tem-
perature gets to 100oC. Information about fan failures will also be displayed if one or more
fans are not functioning.

Chapter 4: The Information Menu „ 75


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/sys/time
Show System Time
>> Main# /info/sys/time
12:52:49 Fri Jul 8, 2005 (DST)
Time zone: America/Canada/Atlantic-Nova-Scotia
DST on first Sunday of April at 02:00
DST off last Sunday of October at 02:00

/info/sys/log
Show Last 64 Syslog Messages
Date Time Criticality level Message
Nov 19 12:16:51 ALERT stp: STG 1, new root bridge
Nov 19 13:52:03 ALERT ip: cannot contact default gateway
47.80.22.1
Nov 19 13:52:23 NOTICE ip: default gateway 47.80.22.1 operational
Nov 19 13:52:23 NOTICE ip: default gateway 47.80.22.1 enabled
Nov 19 14:21:27 ALERT ip: cannot contact default gateway
47.80.22.1
Nov 19 14:21:47 NOTICE ip: default gateway 47.80.22.1 operational
Nov 19 14:21:47 NOTICE ip: default gateway 47.80.22.1 enabled
Nov 19 14:38:55 NOTICE mgmt: admin login from host 47.81.27.4
Nov 19 14:44:02 NOTICE mgmt: admin idle timeout from Telnet/SSH
Nov 19 16:15:06 INFO mgmt: new configuration applied
Nov 19 16:15:20 INFO mgmt: new configuration saved
Nov 19 16:18:44 INFO mgmt: new configuration applied
Nov 19 16:19:37 ERROR mgmt: Error: Apply not done
Nov 19 16:19:57 INFO mgmt: new configuration applied
Nov 19 16:34:35 NOTICE mgmt: admin login from host 47.81.27.4
Nov 19 16:39:43 NOTICE mgmt: admin idle timeout from Telnet/SSH
Nov 19 16:39:59 NOTICE mgmt: admin login from host 47.81.27.4
Nov 19 16:54:13 NOTICE mgmt: admin idle timeout from Telnet/SSH
Nov 19 17:20:37 NOTICE mgmt: admin login from host 47.81.27.4
Nov 19 17:26:21 NOTICE mgmt: admin login from host 47.81.25.49
Nov 19 17:31:53 NOTICE mgmt: admin idle timeout from Telnet/SSH

Each syslog message has a criticality level associated with it, included in text form as a prefix
to the log message. One of eight different prefixes is used, depending on the condition that the
administrator is being notified of, as shown below.

„ EMERG: indicates the system is unusable


„ ALERT: Indicates action should be taken immediately

76 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

„ CRIT: Indicates critical conditions


„ ERR: indicates error conditions or error operations
„ WARNING: indicates warning conditions
„ NOTICE: indicates a normal but significant condition
„ INFO: indicates an information message
„ DEBUG: indicates a debut-level message

/info/sys/slog
Last 64 Saved Syslog Messages
Aug 20 13:54:21 NOTICE ip: management port default gateway
47.80.22.1 operational
Aug 20 13:57:53 ALERT ip: cannot contact management port default
gateway 47.80.22.1
Aug 20 13:57:57 NOTICE ip: management port default gateway
47.80.22.1 operational
Aug 20 13:58:23 ALERT ip: cannot contact management port default
gateway 47.80.22.1
Aug 20 13:58:33 NOTICE ip: management port default gateway
47.80.22.1 operational
Aug 24 14:43:43 NOTICE mgmt: admin login from host 47.81.25.12
Aug 24 14:49:50 NOTICE mgmt: admin idle timeout from Telnet/SSH
Aug 24 14:51:38 NOTICE mgmt: admin login from host 47.81.25.12
Aug 24 14:57:30 NOTICE mgmt: admin idle timeout from Telnet/SSH
Aug 24 15:05:54 NOTICE mgmt: admin login from host 47.81.25.12
Aug 24 15:11:40 NOTICE mgmt: admin idle timeout from Telnet/SSH
Aug 24 16:00:40 NOTICE mgmt: admin login from host 47.81.25.12
Aug 24 16:00:52 NOTICE mgmt: switch reset from CLI

Chapter 4: The Information Menu „ 77


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/sys/mgmt
Management Port Information

Speed Duplex Link


----- ------ ----
100 full up

MAC address:
00:01:81:2e:a4:8d

Interface information:
47.80.23.251 255.255.254.0 47.80.23.255

Gateway information:
47.80.22.1

Use this command to display Management port information on an Nortel Application Switch
including:

„ Port speed (10/100)


„ Duplex mode (half, full, any, or auto)
„ Link (Up or down)
„ MAC Address of the system
„ IP address of the Interface
„ IP address of the gateway.

78 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/sys/sonmp
SONMP Information
This command displays the SynOptics Network Management Protocol (SONMP) topology
table. SONMP protocol is enabled on Nortel Application Switches using the /cfg/sys/
sonmp on command, and is necessary so that a Nortel Application Switch can be discovered
by the Nortel Enterprise Switch Manager.When SONMP is enabled, devices on the network
exchange multicast packets namely: flatnet hellos and segment hellos. The IP
address of the device is written into the hello packets. As the network devices exchange
information, a topology table is built like the one shown below.

Slot IP address Seg MAC address Chassis Type Local State


Port Id Seg
----- --------------- --- ----------------- ------------------ ----- -----
0 /0 47.80.23.247 0 00:01:81:2e:a3:60 Alteon2224 true topChanged
1 /11 47.80.22.1 770 00:e0:16:7c:28:24 Passport1200 true heartbeat
1 /11 47.80.23.25 259 00:60:cf:81:54:28 Passport8610 true heartbeat
1 /11 47.80.23.25 260 00:60:cf:81:54:38 Passport8610 true heartbeat
1 /11 47.80.23.241 257 00:60:cf:43:a2:10 AlteonAD4 true topChanged
1 /11 50.10.10.1 263 00:60:cf:46:d5:60 Alteon184 true topChanged

Table 4-12 SONMP Information Parameters Description

Parameter Description

Slot Port Specifies the slot and port on which the topology message was
received.

IP Address This is the IP address of the sender of the topology message.

Seg ID The “segment identifier” of the segment from which the remote
agent send the topology message. Different devices may use differ-
ent methods for representing the segment identifier.

Mac Address The MAC address of the sender of the topology message.

Chassis Type The chassis type of the device that sent the topology message.

Local Seg Indicates if the sender of the topology message is on the same Ether-
net segment (i.e. not across a bridge) as the reporting agent.

State The current state of the sender of the topology message. the values
are:
„ topChanged—topology information has recently changed
„ heartbeat—topology information unchanged.
„ new—sending agent is in new state.

Chapter 4: The Information Menu „ 79


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/sys/capacity
System Capacity Information
The following sample output from an Nortel Application Switch 2424 displays the maximum
and currently enabled switch capacity for various services and applications from Layer 2-7.

Maximum Current(Enabled)
LAYER 2
FDB 16384 54
FDB per SP 8192
VLANs 1024 1(1)
Static Trunk Groups 12 0(0)
LACP Trunk Groups 28
Trunks per Trunk Group 8
Spanning Tree Groups 16 16(1)
Port Teams 8 8(0)
Monitor Ports 1

LAYER 3
IP Interfaces 256 1(1)
IP Gateways 4+255 1+0(1+0)
IP Routes 4096 7
Static Routes 128 0
ARP Entries 8192 5
Static ARP Entries 128 0
Local Nets 5 0
DNS Servers 2 0
BOOTP Servers 2 0

RIP Interfaces 256 0

OSPF Interfaces 256 0(0)


OSPF Areas 3 0(0)
OSPF Summary Ranges 16 0(0)
OSPF Virtual Links 3 0(0)
OSPF Hosts 128 0(0)
LSDB Limit 12288
Continued...

80 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

BGP Peers 16 0(0)


BGP Route Aggregators 16 0(0)

Route Maps 32 0(0)


Network Filters 256 0(0)
AS Filters 8

VRRP Routers 1024 0(0)


VRRP Router Groups 16 0(0)
VRRP Interfaces 256 0

SLB (LAYER 4-7)


Real Servers 1024 0(0)
Server Groups 1024 0
Virtual Servers 1024 0(0)
Virtual Services 1024
Real Services 8192

Real IDS Servers 62


IDS Server Groups 63

Global SLB Domains 1024 0(0)


Global SLB Services 8192 0(0)
Global SLB Local Servers 1024 0(0)
Global SLB Remote Servers 1024 0(0)
Global SLB Remote Sites 64 0(0)
Global SLB Failovers per Remote Site 2 2(2)
Global SLB Networks 128 0(0)
Global SLB Geographical Regions 7 7(7)
Global SLB Rules 128 0(1)
Global SLB Metrics Per Rule 8 8(8)
Global SLB DNS Persistence Cache Entries 100000 100000(100000)

Filters 2048 0(0)


PIPs 1024 0
Scriptable Health Checks 64 0
SNMP Health Checks 5 0
Rules for URL Parsing 1024 1
SLB Sessions 1048550 0
Number of Rports to Vport 64
Domain Records 64 0(0)
Mapping Per Domain Record 8

LAYER 4 - PORTS
Port # Client Server Filter RTS
Continued...

Chapter 4: The Information Menu „ 81


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

BWM
Policies 512 0
Contracts 1024 1(1)
Groups 32 0
Contracts per Group 8
Time Policies per Contract 2

Security
Configuration source IP ACLs 5120 0
Bogon source IP ACLs 8192 0
Operations source IP ACLs 1024 0
Total source IP ACLs 14340 0
Configuration destination IP ACLs 1024 0
Operations destination IP ACLs 1024 0
Total destination IP ACLs 2052 0
IP DoS attacks prevention 17
TCP DoS attacks prevention 18
UDP DoS attacks prevention 6
ICMP DoS attacks prevention 5
IGMP DoS attacks prevention 3
ARP DoS attacks prevention 5
IPv6 DoS attacks prevention 2
Total DoS attacks prevention 56
UDP ports for UDP blast protection 5000

GENERAL
Syslog hosts 2 0
RADIUS servers 2 0
NTP servers 1 0
SMTP hosts 1 1
Mnet/Mmask 5 0
End Users 10
Panic Dumps 2
MP memory 128M
SP memory 128M

SNMPv3 Users 16 3
SNMPv3 Views 128 5
SNMPv3 Access Groups 32 2
SNMPv3 Target Address Entries 16 0
SNMPv3 Target Params Entries 16 0

82 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/sys/fan
Show switch fan status
>> System# fan
Fans OK.

/info/sys/temp
Show switch temperature sensor status
>> System# temp
Temperature OK.

/info/sys/encrypt
Show encryption licenses
AOS contains the following encryption licenses:
BLOWFISH
DES & 3DES
MD5
RC4
SHA-1

/info/sys/user
Show current user status
Usernames:
user - enabled
slboper - disabled
l4oper - disabled
oper - disabled
slbadmin - disabled
l4admin - disabled
admin - Always Enabled

Note: there are pending config changes; use "diff" to see them.
Current User ID table:

Chapter 4: The Information Menu „ 83


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/sys/dump
System Information Dump
System Information at 7:02:06 Thu Sep 15, 2005 (DST)
Time zone: America/Canada/Atlantic-Nova-Scotia (GMT offset -4:00)

Alteon Application Switch 2424-SSL

Switch is up 3 days, 11 hours, 33 minutes and 48 seconds.


Last boot: 18:28:09 Sun Sep 11, 2005 (reset from Telnet)
Last apply: unknown
Last save: 5

MAC Address: 00:01:81:2e:bc:50 IP (If 1) Address: 0.0.0.0


Internal SSL Processor MAC Address: 00:01:81:2e:bc:6f
Hardware Order No: EB1412006 Serial No: ABCDE600MJ Rev: 09
Mainboard Hardware: Part No: P314090-A Rev: 00
Management Processor Board Hardware: Part No: P314080-A Rev: 00
Fast Ethernet Board Hardware: Part No: P314091-A Rev: 00

Note - When the measured temperature inside the switch EXCEEDs


the high threshold at 62 degree Celsius a syslog message
will be generated.

Software Version 23.0.1 (FLASH image2), active configuration.

Last 64 syslog messages:


Sep 12 10:42:19 NOTICE mgmt: admin login from host 192.168.0.3
Sep 12 11:03:13 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 12 11:27:48 NOTICE mgmt: admin login from host 192.168.0.3
Sep 12 11:54:07 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 12 12:19:01 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 12 13:57:54 NOTICE mgmt: admin login from host 192.168.0.3
Sep 12 14:02:58 NOTICE mgmt: admin login from host 192.168.0.3
Sep 12 14:07:27 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 12 14:10:03 NOTICE mgmt: admin login from host 192.168.0.3
Sep 12 14:19:44 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 12 14:59:20 NOTICE mgmt: admin login from host 192.168.0.3
Sep 12 15:08:06 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 12 15:09:43 NOTICE mgmt: admin idle timeout from Telnet/SSH
Sep 12 15:15:08 NOTICE mgmt: admin login from host 192.168.0.3
Sep 12 15:15:32 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 12 15:58:30 NOTICE mgmt: admin login from host 192.168.0.3
Sep 12 16:00:02 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 12 17:56:01 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 12 23:33:01 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 13 5:10:01 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 13 10:47:01 ERROR mgmt: tcp open error, cannot contact reporting server

Continued . . .

84 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Sep 13 16:24:00 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 13 22:01:00 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 14 3:38:00 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 14 9:15:00 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 14 10:23:04 NOTICE mgmt: admin login from host 192.168.0.3
Sep 14 10:23:05 ERROR cli: Error: VLAN 5 doesn't exist; the PVID for port 1
(5) needs to be changed
Sep 14 10:23:05 ERROR cli: Error: PVID 5 for port 1 is not created
Sep 14 10:23:05 ERROR mgmt: Error: Apply not done
Sep 14 10:24:45 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 14 11:30:36 NOTICE mgmt: admin login from host 192.168.0.3
Sep 14 11:35:25 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 14 11:35:40 NOTICE mgmt: admin login from host 192.168.0.3
Sep 14 11:39:37 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 14 11:49:12 NOTICE mgmt: admin login from host 192.168.0.3
Sep 14 11:58:20 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 14 13:41:54 NOTICE mgmt: admin login from host 192.168.0.3
Sep 14 13:46:18 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 14 14:37:07 NOTICE mgmt: admin login from host 192.168.0.3
Sep 14 14:52:00 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 14 14:58:57 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 14 16:09:44 NOTICE mgmt: admin login from host 192.168.0.3
Sep 14 16:20:44 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 14 16:24:58 NOTICE mgmt: admin login from host 192.168.0.3
Sep 14 16:30:51 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 14 16:48:16 NOTICE mgmt: admin login from host 192.168.0.3
Sep 14 16:50:34 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 14 16:57:47 NOTICE mgmt: admin login from host 192.168.0.3
Sep 14 16:57:55 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 14 17:00:02 NOTICE mgmt: admin login from host 192.168.0.3
Sep 14 17:04:59 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 14 17:05:49 NOTICE mgmt: admin login from host 192.168.0.3
Sep 14 17:06:05 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 14 19:54:04 NOTICE mgmt: admin login from host 192.168.0.3
Sep 14 20:00:22 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 14 20:01:47 NOTICE mgmt: admin login from host 192.168.0.3
Sep 14 20:22:49 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 14 20:23:10 NOTICE mgmt: admin login from host 192.168.0.3
Sep 14 20:23:55 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 14 20:29:00 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 14 20:40:41 NOTICE mgmt: admin login from host 192.168.0.3
Sep 14 21:43:51 NOTICE mgmt: admin idle timeout from Telnet/SSH
Sep 15 2:06:00 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 15 6:56:45 NOTICE mgmt: admin login from host 192.168.0.3

Continued . . .

Chapter 4: The Information Menu „ 85


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Last 64 syslog messages saved in FLASH:


Sep 8 10:44:06 NOTICE mgmt: admin login from host 192.168.0.3
Sep 8 10:48:43 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 8 10:49:32 NOTICE mgmt: admin login from host 192.168.0.3
Sep 8 10:50:18 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 8 10:57:59 NOTICE mgmt: admin login from host 192.168.0.3
Sep 8 10:57:42 ERROR cli: Error: IP interface 2 has no IP address config-
ured
Sep 8 10:57:42 ERROR mgmt: Error: Apply not done
Sep 8 10:58:19 INFO mgmt: new configuration applied
Sep 8 10:58:20 INFO mgmt: Operational change made by Admin from Tel-
net:192.168.0.3, login since 10:56:59
Sep 8 10:58:33 INFO mgmt: new configuration saved
Sep 8 10:58:44 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 8 11:09:21 NOTICE mgmt: admin login from host 192.168.0.3
Sep 8 11:58:21 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 8 13:11:00 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 8 15:31:08 NOTICE mgmt: admin login from host 192.168.0.3
Sep 8 15:31:21 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 8 18:48:00 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 9 0:25:00 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 9 6:02:04 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 9 9:15:45 NOTICE mgmt: admin login from host 192.168.0.3
Sep 9 9:23:27 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 9 10:32:10 NOTICE mgmt: admin login from host 192.168.0.3
Sep 9 10:33:40 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 9 11:39:03 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 9 13:37:24 NOTICE mgmt: admin login from host 192.168.0.3
Sep 9 13:37:53 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 9 13:38:07 NOTICE mgmt: Failed login attempt via BBI.
Sep 9 13:38:22 NOTICE mgmt: Failed login attempt via BBI.
Sep 9 16:00:10 NOTICE mgmt: admin login from host 192.168.0.3
Sep 9 16:00:13 NOTICE mgmt: admin connection closed from Telnet/SSH
Sep 9 17:16:03 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 9 22:53:03 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 10 4:30:03 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 10 10:07:03 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 10 15:44:03 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 10 21:21:03 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 11 2:58:03 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 11 8:35:03 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 11 14:12:03 ERROR mgmt: tcp open error, cannot contact reporting server
Sep 11 19:21:27 NOTICE mgmt: Failed login attempt via TELNET from host
192.168.249.237
Sep 11 19:21:48 NOTICE mgmt: admin login from host 192.168.0.3
Sep 11 19:25:08 INFO mgmt: image2 downloaded from host 192.168.0.10, file
'AAS-23.0.1.0-2000-AlteonOS.img', software version 23.0.1
Sep 11 19:26:39 NOTICE mgmt: Next boot will use new image2.
Sep 11 19:26:52 NOTICE mgmt: switch reset from CLI

Continued . . .

86 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Management port information:

Speed Duplex Link


----- ------ ----
100 half up

MAC address:
00:03:24:6e:bd:3d

Interface information:
192.168.0.13 255.255.255.0 192.168.0.255

Gateway information:
192.168.0.1

Engine ID = 80:00:07:50:03:00:01:81:2E:BC:50

usmUser Table:
User Name Protocol
-------------------------------- --------------------------------
adminmd5 HMAC_MD5, DES PRIVACY
adminsha HMAC_SHA, DES PRIVACY
v1v2only NO AUTH, NO PRIVACY

vacmAccess Table:
Group Name Prefix Model Level Match ReadV WriteV NotifyV
---------- ------ ------- ------------ ------ ---------- ---------- --------
v1v2grp snmpv1 noAuthNoPriv exact iso iso v1v2only
admingrp usm authPriv exact iso iso iso

vacmViewTreeFamily Table:
View Name Subtree Mask Type
-------------------- ------------------------------ -------------- ------
iso 1 included
v1v2only 1 included
v1v2only 1.3.6.1.6.3.15 excluded
v1v2only 1.3.6.1.6.3.16 excluded
v1v2only 1.3.6.1.6.3.18 excluded

vacmSecurityToGroup Table:
Sec Model User Name Group Name
---------- ------------------------------- -------------------------------
snmpv1 v1v2only v1v2grp
usm adminmd5 admingrp
usm adminsha admingrp

Continued . . .

Chapter 4: The Information Menu „ 87


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

snmpCommunity Table:
Index Name User Name Tag
---------- ---------- -------------------- ----------

snmpNotify Table:
Name Tag
-------------------- --------------------

snmpTargetAddr Table:
Name Transport Addr Port Taglist Params
---------- --------------- ---- ---------- ---------------

snmpTargetParams Table:
Name MP Model User Name Sec Model Sec Level
-------------------- -------- -------------------- --------- ---------

Slot IP address Seg MAC address Chassis Type Local State


Port Id Seg
----- --------------- ---- ----------------- ----------------- ----- -------

88 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l2
Layer 2 Information Menu

[Layer 2 Menu]
fdb - Forwarding Database Information Menu
lacp - Link Aggregation Control Protocol Menu
stg - Show STG information
cist - Show CIST information
trunk - Show Trunk Group information
vlan - Show VLAN information
team - Show port team information
dump - Dump all layer 2 information

Table 4-13 Layer 2 Information Menu Options

Command Syntax and Usage

fdb
Displays the Forwarding Database Information Menu. For details, see page 90.

lacp
Displays Link Aggregation Control Protocol Information Menu. For details, see page 93.

stg <STG index to display or carriage return for all STGs>


In addition to seeing if Spanning Tree Protocol is enabled or disabled, you can view the following
STP bridge information:
„ Priority
„ Hello interval
„ Maximum age value
„ Forwarding delay
„ Aging time
You can also see the following port-specific STP information:
„ Port number and priority
„ Cost
„ State
For details, see page 96.

cist
Display the CIST information.

trunk
When trunk groups are configured, you can view the state of each port in the various trunk groups.
For details, see page 102.

Chapter 4: The Information Menu „ 89


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 4-13 Layer 2 Information Menu Options

Command Syntax and Usage

vlan <VLAN number to display or carriage return to display all VLANs>


Displays VLAN configuration information, including:
„ VLAN Number
„ VLAN Name
„ Status
„ Port membership of the VLAN
For details, see page 103.

team
Show port team information.

dump
Displays all Layer 2 information.

/info/l2/fdb
Layer 2 FDB Information
The forwarding database (FDB) contains information that maps the media access control
(MAC) address of each known device to the switch port where the device address was learned.
The FDB also shows which other ports have seen frames destined for a particular MAC
address.

[Forwarding Database Menu]


find - Show a single FDB entry by MAC address
port - Show FDB entries on a single port
trunk - Show FDB entries on a single trunk
vlan - Show FDB entries on a single VLAN
refpt - Show FDB entries referenced by a single SP
dump - Show all FDB entries

90 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

NOTE – The master forwarding database supports up to 16K MAC address entries on the MP
per switch. Each SP supports up to 8K entries.

Table 4-14 Layer 2 FDB Information Menu Options (/info/l2/fdb)

Command Syntax and Usage

find <MAC address> [<VLAN>]


Displays a single database entry by its MAC address. You are prompted to enter the MAC address
of the device. Enter the MAC address using the format, xx:xx:xx:xx:xx:xx. For example,
08:00:20:12:34:56.
You can also enter the MAC address using the format, xxxxxxxxxxxx.
For example, 080020123456.

port <port number, 0 for "unknown">


Displays all FDB entries for a particular port.

trunk <trunk group number>


Displays all FDB entries on a single trunk.

vlan <VLAN number (1-4090)>


Displays all FDB entries on a single VLAN.

refpt <SP number (1-4)>


Displays the FDB entries referenced by a single port.

dump
Displays all entries in the Forwarding Database. For more information, see page 92.

Chapter 4: The Information Menu „ 91


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l2/fdb/dump
Show All FDB Information

MAC address VLAN Port State Referenced SPs Referenced ports


----------------- ---- ---- ----- -------------- -------------
00:02:01:00:00:00 300 23 FWD 1 2 1 23
00:02:01:00:00:01 300 23 FWD 1 2 1 23
00:02:01:00:00:02 300 23 FWD 1 2 1 23
00:02:01:00:00:03 300 23 FWD 1 2 1 23
00:02:01:00:00:04 300 23 FWD 1 2 1 23
00:02:01:00:00:05 300 23 FWD 1 2 1 23
00:02:01:00:00:06 300 23 FWD 1 2 1 23
00:02:01:00:00:07 300 23 FWD 1 2 1 23
00:02:01:00:00:08 300 23 FWD 1 2 1 23
00:02:01:00:00:09 300 23 FWD 1 2 1 23
00:02:01:00:00:0a 300 23 FWD 1 2 1 23
00:02:01:00:00:0b 300 23 FWD 1 2 1 23
00:02:01:00:00:0c 300 23 FWD 1 2 1 23

An address that is in the forwarding (FWD) state, means that it has been learned by the switch.
When in the trunking (TRK) state, the port field represents the trunk group number. If the state
for the port is listed as unknown (UNK), the MAC address has not yet been learned by the
switch, but has only been seen as a destination address. When an address is in the unknown
state, no outbound port is indicated, although ports which reference the address as a destination
will be listed under “Reference ports.”

If the state for the port is listed as an interface (IF), the MAC address is for a standard VRRP
virtual router. If the state is listed as a virtual server (VIP), the MAC address is for a virtual
server router—a virtual router with the same IP address as a virtual server.

Clearing Entries from the Forwarding Database


To delete a MAC address from the forwarding database (FDB) or to clear the entire FDB, refer
to “Forwarding Database Options” on page 522.

92 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l2/lacp
Link Aggregation Control Protocol Information
Menu
The following menu options display the Link Aggregation Control Protocol (LACP) informa-
tion on the Nortel Application Switch Operating System.

[LACP Menu]
aggr - Show LACP aggregator information for the port
port - Show LACP port information
dump - Show all LACP ports information

Table 4-15 Link Aggregation Control Protocol Information Menu Options (/info/
lacp)

Command Syntax and Usage

aggr <aggregator index 1 to max num ports>


Displays information an LACP aggregator.

port <port index 1 to max num ports>


Displays information of an LACP port.

dump
Displays LACP information of all the ports. Use this command to verify the state of ports in an
LACP trunk group. To view a sample output, see page 96.

Chapter 4: The Information Menu „ 93


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/lacp/aggr
LACP Aggregator Information
Aggregator Id 1
----------------------------------------------
MAC address - 00:01:81:2e:a1:d1
Actor System Priority - 32768
Actor System ID - 00:01:81:2e:a1:b0
Individual - FALSE
Actor Admin Key - 300
Actor Oper Key - 300
Partner System Priority - 32768
Partner System ID - 00:0d:29:e3:4a:00
Partner Oper Key - 1
ready - TRUE
Number of Ports in aggr - 10
index 0 port 1
index 1 port 2
index 2 port 3
index 3 port 4
index 4 port 5
index 5 port 6
index 6 port 7
index 7 port 8
index 8 port 9
index 9 port 10

94 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/lacp/port
LACP Port Information

port 1
----------------------------------------------
lacp_enabled - TRUE
lacp_admin_enabled - TRUE

Actor System ID - 00:01:81:2e:a1:b0


Actor System Priority - 32768
Actor Admin Key - 300
Actor Oper Key - 300
Actor Port Number - 1
Actor Port Priority - 32768

Partner Admin System Priority - 0


Partner Oper System Priority - 32768
Partner Admin System ID - 00:00:00:00:00:00
Partner Oper System ID - 00:0d:29:e3:4a:00
Partner Admin Key - 0
Partner Oper Key - 1
Partner Admin Port Number - 0
Partner Admin Port Priority - 0
Partner Oper Port Number - 4
Partner Oper Port Priority - 32768

Actor Admin Port state


Activity: Active Timeout: Long Aggregation: TRUE
Synchronization:FALSE Collecting: FALSE Distributing: FALSE
Defaulted: FALSE Expired: FALSE
Actor Oper Port state
Activity: Active Timeout: Long Aggregation: TRUE
Synchronization:TRUE Collecting: TRUE Distributing: TRUE
Defaulted: FALSE Expired: FALSE

Partner Admin Port state - 0x0


Partner Oper Port state
Continued

Chapter 4: The Information Menu „ 95


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Individual - TRUE
Selected Aggregator ID - 0
Attached Aggregator ID - 0
ready_n - FALSE
ntt - FALSE
selected - Unselcted
port_moved - FALSE
Collection and Distribution state turned ON!

Rx machine state - LACP_RX_INIT_STATE


Mux machine state - LACP_MUX_DETACHED_STATE
Periodic machine state - LACP_PERIODIC_NO_STATE

96 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/lacp/dump
LACP Dump Information
port lacp adminkey operkey selected prio
attached trunk
aggr
-------------------------------------------------------------------
1 active 300 300 y 32768 1 13
2 active 300 300 y 32768 1 13
3 active 300 300 y 32768 1 13
4 active 300 300 y 32768 1 13
5 active 300 300 y 32768 1 13
6 active 300 300 y 32768 1 13
7 active 300 300 y 32768 1 13
8 active 300 300 y 32768 1 13
9 active 300 300 n 32768 -- --
10 active 300 300 n 32768 -- --
11 active 300 300 n 32768 -- --
12 active 300 300 n 32768 -- --
13 active 300 300 n 32768 -- --
14 off 14 14 n 32768 -- --
15 off 15 15 n 32768 -- --
16 off 16 16 n 32768 -- --
17 off 17 17 n 32768 -- --
18 off 18 18 n 32768 -- --
19 off 19 19 n 32768 -- --
20 off 20 20 n 32768 -- --
21 off 21 21 n 32768 -- --
22 off 22 22 n 32768 -- --
23 off 23 23 n 32768 -- --
24 off 24 24 n 32768 -- --
25 off 25 25 n 32768 -- --
26 off 26 26 n 32768 -- --
27 off 27 27 n 32768 -- --
28 off 28 28 n 32768 -- --

Chapter 4: The Information Menu „ 97


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l2/stg
Layer 2 Spanning Tree Group Information
When multiple paths exist on a network, Spanning Tree Protocol (STP) configures the network
so that a switch uses only the most efficient path.

NOTE – Nortel Application Switch Operating System 23.0.2 supports up to 16 multiple Span-
ning Tress or Spanning Tree Groups.

Spanning Tree Group 1: On

Current Root: Path-Cost Port Hello MaxAge FwdDel Aging


8000 00:01:81:2e:a1:80 0 0 2 20 15 300

Parameters: Priority Hello MaxAge FwdDel Aging


32768 2 20 15 300

Port Priority Cost State Designated Bridge Des Port


----- -------- ---- ---------- ---------------------- -------
1 128 0 DISABLED
2 128 0 DISABLED
3 128 0 DISABLED
4 128 0 DISABLED
5 128 5 FORWARDING 8000-00:01:81:2e:a1:80 32773
6 128 0 DISABLED
7 128 0 DISABLED
8 128 0 DISABLED
9 128 0 DISABLED
10 128 0 DISABLED
11 128 0 DISABLED

The switch software uses the IEEE 802.1d Spanning Tree Protocol (STP). In addition to seeing
if STP is enabled or disabled, you can view the following STP bridge information:

„ Priority
„ Hello interval
„ Maximum age value
„ Forwarding delay
„ Aging time

98 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

You can also see the following port-specific STP information:

„ Port number and priority


„ Cost
„ State
„ Designated Bridge
„ Designated Port
The following table describes the STP parameters.

Table 4-16 Spanning Tree Parameter Descriptions

Parameter Description

Priority (bridge) The bridge priority parameter controls which bridge on the network will
become the STP root bridge.

Hello The hello time parameter specifies, in seconds, how often the root bridge
transmits a configuration bridge protocol data unit (BPDU). Any bridge that
is not the root bridge uses the root bridge hello value.

MaxAge The maximum age parameter specifies, in seconds, the maximum time the
bridge waits without receiving a configuration bridge protocol data unit
before it reconfigure the STP network.

FwdDel The forward delay parameter specifies, in seconds, the amount of time that a
bridge port has to wait before it changes from learning state to forwarding
state.

Aging The aging time parameter specifies, in seconds, the amount of time the
bridge waits without receiving a packet from a station before removing the
station from the Forwarding Database.

priority (port) The port priority parameter helps determine which bridge port becomes the
designated port. In a network topology that has multiple bridge ports con-
nected to a single segment, the port with the lowest port priority becomes the
designated port for the segment.

Cost The port path cost parameter is used to help determine the designated port for
a segment. Generally speaking, the faster the port, the lower the path cost. A
setting of 0 indicates that the cost will be set to the appropriate default after
the link speed has been auto negotiated.

State The state field shows the current state of the port. The state field can be either
BLOCKING, LISTENING, LEARNING, FORWARDING, or DISABLED.

Chapter 4: The Information Menu „ 99


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 4-16 Spanning Tree Parameter Descriptions (Continued)

Parameter Description

Designated The designated bridge resides closest to the root bridge and is responsible for
Bridge forwarding packets from LAN towards the root bridge. This bridge is dis-
played as character string starting with the bridge priority (1-65535) fol-
lowed by a hyphen and six byte MAC address of that switch.

Designated port The designated port identifies a physical port. This is a number that is the
numerical sum of bridge priority and the actual physical port number. For
example, a physical port number four with bridge priority 32768 will be dis-
played as 32678+4=32772.

100 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l2/cist
Show common internal spanning tree (CIST) information

NOTE – Nortel Application Switch Operating System 23.0.2 supports up to 16 multiple Span-
ning Tress or Spanning Tree Groups.

------------------------------------------------------------------
Common Internal Spanning Tree:

VLANs: 1 4-4094

Current Root: Path-Cost Port MaxAge FwdDel


8000 00:01:81:2e:bc:50 0 0 20 15

Cist Regional Root: Path-Cost


8000 00:01:81:2e:bc:50 0

Parameters: Priority MaxAge FwdDel Hops


32768 20 15 20
Port Prio Cost State Role Designated Bridge Des Port Hello Type
----- ---- --------- ----- ---- ---------------------- -------- ----- ----
1 128 20000 DSB
2 128 20000 DSB
3 128 20000 DSB
4 128 20000 DSB
5 128 20000 DSB
6 128 20000 DSB
7 128 20000 DSB
.
.
.
18 128 20000 DSB
19 128 20000 DSB
20 128 20000 DSB
21 128 20000 DSB
22 128 20000 DSB
23 128 20000 DSB
24 128 20000 DSB
25 128 20000 DSB
26 128 20000 DSB
27 128 20000 DSB
28 128 20000 DSB
sslpro 128 20000 DISC DESG 8000-00:01:81:2e:bc:50 801d 2 Shared

Chapter 4: The Information Menu „ 101


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l2/trunk
Trunk Group Information
Trunk groups can provide super-bandwidth, multi-link connections between Nortel Applica-
tion Switches or other trunk-capable devices. A trunk group is a group of ports that act
together, combining their bandwidth to create a single, larger virtual link. When trunk groups
are configured, you can view the state of each port in the various trunk groups.

Trunk group 1, bw contract 1024, port state:


1: STG 1 forwarding
2: STG 1 forwarding

NOTE – If Spanning Tree Protocol on any port in the trunk group is set to forwarding, the
remaining ports in the trunk group will also be set to forwarding.

102 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l2/vlan
VLAN Information
VLAN Name Status Jumbo BWC Learn Ports
---- -------------------------------- ------ ----- ---- ----- -----
1 Default VLAN ena n 1024 ena 1-28

This information display includes all configured VLANs and all member ports that have an
active link state. Port membership is represented in slot/port format.

VLAN information includes:

„ VLAN Number
„ VLAN Name
„ Status
„ Jumbo Frames
„ Bandwidth Contract if BWM is enabled
„ Source MAC Address Learning
„ Port membership of the VLAN

Chapter 4: The Information Menu „ 103


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l2/vlan
VLAN Information
VLAN Name Status Jumbo BWC Learn Ports
---- -------------------------------- ------ ----- ---- ----- -----
1 Default VLAN ena n 1024 ena 1-28

104 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l2/team
Status of port teams
>> Layer 2# team
All port teams are disabled.

/info/l2/dump
Layer2 Dump Information
Spanning Tree Group 1: On

Current Root: Path-Cost Port Hello MaxAge FwdDel Aging


8000 00:01:81:2e:a1:80 0 0 2 20 15 300

Parameters: Priority Hello MaxAge FwdDel Aging


32768 2 20 15 300

Port Priority Cost State Designated Bridge Des Port


----- -------- ---- ---------- ---------------------- ------
--
1 128 0 DISABLED
2 128 0 DISABLED
3 128 0 DISABLED
4 128 0 DISABLED
5 128 5 FORWARDING 8000-00:01:81:2e:a1:80 32773
6 128 0 DISABLED
7 128 0 DISABLED
8 128 0 DISABLED
9 128 0 DISABLED
10 128 0 DISABLED
11 128 0 DISABLED
12 128 0 DISABLED

Chapter 4: The Information Menu „ 105


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l3
Layer3 Information Menu

[Layer 3 Menu]
route - IP Routing Information Menu
route6 - IP6 Routing Information Menu
arp - ARP Information Menu
nbrcache - IP6 Neighbor Cache Information Menu
bgp - BGP Information Menu
ospf - OSPF Routing Information Menu
ip - Show IP information
vrrp - Show Virtual Router Redundancy Protocol information
dump - Dump all layer 3 information

Table 4-17 Layer 3 Information Menu Options

Command Syntax and Usage

route
Displays the IP Routing Menu. Using the options of this menu, the system displays the following
for each configured or learned route:
„ Route destination IP address, subnet mask, and gateway address
„ Type of route
„ Tag indicating origin of route
„ Metric for RIP tagged routes, specifying the number of hops to the destination (1-15 hops, or 16
for infinite hops)
„ The IP interface that the route uses
For details, see page 107.

route6
IP6 Routing Information Menu. To view menu options, see page 110.

arp
Displays the Address Resolution Protocol (ARP) Information Menu. For details, see page 112.

nbrcache
IP6 Neighbor Cache Menu. To view menu options, see page 115.

bgp
Displays BGP Information Menu. To view menu options, see page 117.

ospf
Displays OSPF routing information menu. For details, see page 119.

106 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 4-17 Layer 3 Information Menu Options

Command Syntax and Usage

ip
Displays IP Information. For details, see page 126.
IP information, includes:
„ IP interface information: Interface number, IP address, subnet mask, broadcast address, VLAN
number, and operational status.
„ Default gateway information: Metric for selecting which configured gateway to use, gateway
number, IP address, and health status
„ IP forwarding information: Enable status, lnet and lmask
„ Port status

vrrp
Displays the VRRP Information Menu. For details, see page 127.

dump
Displays all Layer 3 information.

/info/l3/route
IP Routing Information
[IP Routing Menu]
find - Show a single route by destination IP address
gw - Show routes to a single gateway
type - Show routes of a single type
tag - Show routes of a single tag
if - Show routes on a single interface
dump - Show all routes

Using the commands listed below, you can display all or a portion of the IP routes currently
held in the switch.

Table 4-18 Route Information Menu Options (/info/route)

Command Syntax and Usage

find <IP address (such as, 192.4.17.101)>


Displays a single route by destination IP address.

gw <default gateway address (such as, 192.4.17.44)>


Displays routes to a single gateway.

type indirect|direct|local|broadcast|martian|multicast
Displays routes of a single type. For a description of IP routing types, see Table 4-19 on page 109.

Chapter 4: The Information Menu „ 107


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 4-18 Route Information Menu Options (/info/route)

Command Syntax and Usage

tag fixed|static|addr|rip|ospf|bgp|broadcast|martian|vip
Displays routes of a single tag. For a description of IP routing types, see Table 4-20 on page 109.

if <interface number (1-256)>


Displays routes on a single interface.

NOTE – The total number of interfaces on a Nortel Application Switch 2424-SSL is


1-255.

dump
Displays all routes configured in the switch. For more information, see page 108.

/info/l3/route/dump
Show All IP Route Information

Status code: * - best


Destination Mask Gateway Type Tag Metr If
--------------- --------------- ------------- --------- ----- -- -
* 0.0.0.0 0.0.0.0 47.80.22.1 indirect static 1
* 47.80.22.0 255.255.254.0 47.80.23.249 direct fixed 1
* 47.80.23.249 255.255.255.255 47.80.23.249 local addr 1
* 47.80.23.255 255.255.255.255 47.80.23.255 broadcast broadcast 1
* 127.0.0.0 255.0.0.0 0.0.0.0 martian martian
* 224.0.0.0 224.0.0.0 0.0.0.0 martian martian
* 224.0.0.5 255.255.255.255 0.0.0.0 multicast addr
* 224.0.0.6 255.255.255.255 0.0.0.0 multicast addr
* 255.255.255.255 255.255.255.255 255.255.255.255 broadcast broadcast

108 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Type Parameters
The following table describes the Type parameters.

Table 4-19 IP Routing Type Parameters (/info/l3/route/dump/type)

Parameter Description

indirect The next hop to the host or subnet destination will be forwarded through a
router at the Gateway address.

direct Packets will be delivered to a destination host or subnet attached to the


switch.

local Indicates a route to one of the switch’s IP interfaces.

broadcast Indicates a broadcast route.

martian The destination belongs to a host or subnet which is filtered out. Packets to
this destination are discarded.

multicast Indicates a multicast route.

Tag Parameters
The following table describes the Tag parameters.

Table 4-20 IP Routing Tag Parameters (info/l3/route/tag)

Parameter Description

fixed The address belongs to a host or subnet attached to the switch.

static The address is a static route which has been configured on the Nortel Appli-
cation Switch.

addr The address belongs to one of the switch’s IP interfaces.

rip The address was learned by the Routing Information Protocol (RIP).

ospf The address was learned by Open Shortest Path First (OSPF).

bgp The address was learned via Border Gateway Protocol (BGP)

broadcast Indicates a broadcast address.

martian The address belongs to a filtered group.

vip Indicates a route destination that is a virtual server IP address. VIP routes are
needed to advertise virtual server IP addresses via BGP.

Chapter 4: The Information Menu „ 109


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l3/route6
IPv6 Routing Information Menu
This menu provides a mechanism for viewing IPv6 routing information. The IPv6 routing
table stores routes it learns from network traffic and pre-configured, static routes.

NOTE – Presently there is no mechanism for clearing this IPv6 routing table..

[IP6 Routing Menu]


dump - Show all routes

Table 4-21provides a description of this menu.

Table 4-21 IPv6 Routing Information Menu Options (/info/l3/route6)

Command Syntax and Usage

dump
The /info/l3/route6/dump command shows all the IPv6 routes maintained. Since each
link-local interface is shown with an entry prefix of /128, the link-local network; such as FE80::/
10; is not shown for each interface to avoid too many network entries in the table.

110 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

The following is an example of output from the /info/l3/route6/dump command.

>> Main# /info/l3/route6/dump

IPv6 Forwarding Table:

Destination: 0:0:0:0:0:0:0:0/0 If:1


NextHop: 2005:0:0:0:0:0:0:16 Proto: STATIC
Destination: 2005:0:0:0:0:0:0:0/64 If:1
NextHop: 0:0:0:0:0:0:0:0 Proto: LOCAL
Destination: 2005:0:0:0:0:0:0:1/128 If:1
NextHop: 0:0:0:0:0:0:0:0 Proto: LOCAL
Destination: 2005:0:0:0:0:0:0:16/128 If:1
NextHop: 0:0:0:0:0:0:0:0 Proto: STATIC
Destination: fe80:0:0:0:201:81ff:fe2e:a100/128 If:1
NextHop: 0:0:0:0:0:0:0:0 Proto: LOCAL
Destination: ff02:0:0:0:0:0:0:1/128 If:1
NextHop: 0:0:0:0:0:0:0:0 Proto: STATIC
Destination: ff02:0:0:0:0:0:0:2/128 If:1
NextHop: 0:0:0:0:0:0:0:0 Proto: STATIC
Destination: ff02:0:0:0:0:1:ff00:0/128 If:1
NextHop: 0:0:0:0:0:0:0:0 Proto: STATIC
Destination: ff02:0:0:0:0:1:ff00:1/128 If:1
NextHop: 0:0:0:0:0:0:0:0 Proto: STATIC
Destination: ff02:0:0:0:0:1:ff2e:a100/128 If:1
NextHop: 0:0:0:0:0:0:0:0 Proto: STATIC

Total number of route6 entries: 10

Chapter 4: The Information Menu „ 111


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l3/arp
ARP Information Menu
Address Resolution Protocol (ARP) is the TCP/IP protocol that resides within the Internet
layer. ARP resolves a physical address from an IP address. ARP queries machines on the local
network for their physical addresses. ARP also maintains IP to physical address pairs in its
cache memory. In any IP communication, the ARP cache is consulted to see if the IP address of
the router is present in the ARP cache. Then the corresponding physical address is used to send
a packet.

[Address Resolution Protocol Menu]


find - Show a single ARP entry by IP address
port - Show ARP entries on a single port
vlan - Show ARP entries on a single VLAN
refpt - Show ARP entries referenced by a single SP
dump - Show all ARP entries
help - Show help on the fields of ARP entries
addr - Show ARP address list

The ARP information includes IP address and MAC address of each entry, address status flags
(see Table 4-23 on page 114), VLAN and port for the address, and port
referencing information.

Table 4-22 ARP Information Menu Options (/info/l3/arp)

Command Syntax and Usage

find <IP address (such as, 192.4.17.101>


Displays a single ARP entry by IP address.

port <port number>


Displays the ARP entries on a single port.

vlan <VLAN number (1-4090)>


Displays the ARP entries on a single VLAN.

refpt <SP number (1-4)>


Displays the ARP entries referenced by a single SP. For details, see page 113.

112 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 4-22 ARP Information Menu Options (/info/l3/arp)

Command Syntax and Usage

dump
Displays all ARP entries. including:
„ IP address and MAC address of each entry
„ Address status flag (see below)
„ The VLAN and port to which the address belongs
„ The ports which have referenced the address (empty if no port has routed traffic to the IP address
shown)
For more information, see page 114.

help
Displays help on the ARP field entries. For example:
IP address: IP address of ARP entry
Flags: J - ARP entry belongs to a Jumbo capable VLAN
P - Permanent ARP entry (not obtained via ARP request), e.g. IP interface,
VIP, etc.
R - Indirect ARP (cache) entry for IP address reachable via indirect routes
(static/dynamic)
4 - Layer 4 IP address (VIP)
u - Unresolved ARP entry. The MAC address has not been learned.
MAC address: MAC address of ARP entry
VLAN: VLAN of this ARP entry
Port: Physical port where this IP address owner is connected
Referenced SPs: SPs on which this ARP entry is present

addr
Displays the ARP address list: IP address, IP mask, MAC address, and VLAN flags.

/info/l3/arp/refpt
Show ARP Entries on Referenced SP

IP address Flags MAC address VLAN Port Referenced SPs


------------- ----- ----------------- ---- ----- ------------
47.80.23.249 P 00:0e:40:2f:5b:00 1 1-4

Chapter 4: The Information Menu „ 113


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l3/arp/dump
Show All ARP Entry Information
IP address Flags MAC address VLAN Port Referenced SPs
--------------- ----- ----------------- ---- ---- -------------
1.1.11.1 P 4 00:09:97:16:5f:01 1-4
10.10.10.10 P 4 00:09:97:16:5f:01 1-4
47.80.22.1 00:e0:16:7c:28:86 1 23 empty
47.80.23.81 P 00:09:97:16:5f:00 1 1-4
172.31.3.1 P 00:09:97:16:5f:00 1 1-4
172.31.3.10 00:b0:d0:98:d8:1b 1 3 empty
172.31.3.11 00:b0:d0:98:d8:1b 1 3 empty

Referenced ports are the ports that request the ARP entry. So the traffic coming into the refer-
enced ports has the destination IP address. From the ARP entry (the referenced ports), this traf-
fic needs to be forwarded to the egress port (port 6 in the above example).

NOTE – If you have VMA turned on, the referenced port will be the designated port. If you
have VMA turned off, the designated port will be the normal ingress port.

The Flag field is interpreted as follows:

Table 4-23 ARP Dump Flag Parameters

Flag Description

P Permanent entry created for switch IP interface.

P 4 Permanent entry created for Layer 4 proxy IP address or virtual server IP


address.

R Indirect route entry.

U Unresolved ARP entry. The MAC address has not been learned.

J ARP entry belongs to a Jumbo capable VLAN

114 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l3/arp/addr
ARP Address List Information
IP address IP mask MAC address VLAN Flags
--------------- --------------- ----------------- ---- -----
10.10.10.10 255.255.255.255 00:09:97:16:5f:01
1.1.11.1 255.255.255.255 00:09:97:16:5f:01
172.31.4.200 255.255.255.255 00:09:97:16:5f:0e D
172.31.3.1 255.255.255.255 00:09:97:16:5f:00 1
172.31.4.1 255.255.255.255 00:09:97:16:5f:00 1
47.80.23.81 255.255.255.255 00:09:97:16:5f:00 1

/info/l3/nbrcache
IPv6 Neighbor Cache Information
This menu provides a mechanism for viewing IPv6 Neighbor Cache information.

IPv6 uses the Neighbor Discovery (ND) protocol to discover its neighbors link-layer addresses
and neighbor reachabilty. ND can also auto-configure addresses and detect duplicate
addresses. ND enables routers to advertise their presence and address prefixes and to inform
hosts of a better next-hop address to forward packets.

The information collected from ND is stored in the Neighbor Cache. The Neighbor Cache
maintains information about each neighbor such as:

„ MAC Address
„ Reachability State
„ Neighbor Type
„ VLAN
„ Ingress Port
Neighbor Cache entries are added in a number of situations:

1. Entries are added when an IPv6 Interface or Virtual IP is operational.

2. Reception of ND messages from neighbor.

3. A switch sends ND packets to resolve a link-layer address that it wishes to send packets
to.

Chapter 4: The Information Menu „ 115


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

There are 5 reachability states:

„ INCOMPLETE
The link-layer address of the neighbor has not yet been determined.
„ REACHABLE
The neighbor is known to have been reachable recently.
„ STALE
The neighbor is no longer known to be reachable but until traffic is sent to the neighbor, no
attempt should be made to verify its reachability.
„ DELAY
The neighbor is no longer known to be reachable and traffic has recently been sent to the
neighbor.
„ PROBE
The neighbor is no longer known to be reachable, and ND messages are sent to
the neighbor to verify reachability.
The neighbor types are LOCAL and DYNAMIC. The LOCAL neighbor type is for switch
pre-configured addresses and DYNAMIC is for neighbor addresses learnt from ND.

NOTE – Once the Neighbor Cache table reaches 2000 entries, table entries are replaced
by adding the new entry and dropping the 2000th entry off the list. Table entries are kept until
the entry is replaced by a new one. During this 2000 full entries period, no new entries will be
used to sort for display.

[IP6 Neighbor Discovery Protocol Menu]


dump - Show all IP6 neighbor cache entries

Table 4-24 provides a description of this menu.

Table 4-24 IPv6 Neighbor Cache Information Menu (/info/l3/nbrcache)

Command Syntax and Usage

dump
Displays all IPv6 neighbor cache entries.

116 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

The following is an example of output from the /info/l3/nbrcache/dump command.

>> IP6 Neighbor Discovery Protocol# dump


IP address State Type MAC address VLAN Port
----------------------------- ----- --- ----------------- ---- ----
2000:0:0:0:0:0:0:0 REACH LOC 00:0e:62:f6:b2:00 1
2000:0:0:0:0:0:0:1 STALE DYN 00:50:da:16:f7:27 1 1
2000:0:0:0:0:0:0:100 REACH LOC 00:0e:62:f6:b2:00 1
2000:0:0:0:0:0:0:200 REACH LOC 00:0e:62:f6:b2:0e 1
fe80:0:0:0:20e:62ff:fef6:b200 REACH LOC 00:0e:62:f6:b2:00 1
fe80:0:0:0:211:11ff:fee3:32b9 STALE DYN 00:11:11:e3:32:b9 1 9
fe80:0:0:0:250:daff:fe16:f727 STALE DYN 00:50:da:16:f7:27 1 1

Total dynamic neighbor cache entries: 3


Total local neighbor cache entries: 4
Other neighbor cache entries: 0

/info/l3/bgp
BGP Information Menu
Border Gateway Protocol (BGP) is an Internet protocol that enables routers on a network to
share routing information with each other and advertise information about the segments of the
IP address space they can access within their network with routers on external networks. For
more information, refer to BGP section in chapter: “The Configuration Menu” on page 257
and the Application Guide.

[BGP Menu]
peer - Show all BGP peers
summary - Show all BGP peers in summary
dump - Show BGP routing table

Table 4-25 BGP Peer Information Menu Options (/info/l3/bgp)


Command Syntax and Usage
peer
Displays BGP peer information. See page 118 for a sample output.
summary
Displays peer summary information such as AS, message received, message sent, up/down, state.
See page 119 for a sample output.
dump
Displays the BGP routing table. See page 119 for a sample output.

Chapter 4: The Information Menu „ 117


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l3/bgp/peer
BGP Peer information
Following is an example of the information that /info/l3/bgp/peer provides.
BGP Peer Information:

3: 2.1.1.1 , version 0, TTL 1


Remote AS: 0, Local AS: 0, Link type: IBGP
Remote router ID: 0.0.0.0, Local router ID: 1.1.201.5
BGP status: idle, Old status: idle
Total received packets: 0, Total sent packets: 0
Received updates: 0, Sent updates: 0
Keepalive: 0, Holdtime: 0, MinAdvTime: 60
LastErrorCode: unknown(0), LastErrorSubcode: unspecified(0)
Established state transitions: 0

4: 2.1.1.4 , version 0, TTL 1


Remote AS: 0, Local AS: 0, Link type: IBGP
Remote router ID: 0.0.0.0, Local router ID: 1.1.201.5
BGP status: idle, Old status: idle
Total received packets: 0, Total sent packets: 0
Received updates: 0, Sent updates: 0
Keepalive: 0, Holdtime: 0, MinAdvTime: 60
LastErrorCode: unknown(0), LastErrorSubcode: unspecified(0)
Established state transitions: 0

118 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l3/bgp/summary
BGP Summary information
Following is an example of the information that /info/l3/bgp/summary provides.

BGP Peer Summary Information:


Peer V AS MsgRcvd MsgSent Up/Down State
--------------- - -------- -------- -------- -------- ----------
1: 205.178.23.142 4 142 113 121 00:00:28 established
2: 205.178.15.148 0 148 0 0 never connect

/info/l3/bgp/dump
Dump BGP Information
Following is an example of the information that /info/l3/bgp/dump provides.

>> BGP# dump


Status codes: * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metr LcPrf Wght Path
--------------- --------------- ----- ---- ----- --------------
*> 10.0.0.0 205.178.21.147 1 256 147 148 i
*>i205.178.15.0 0.0.0.0 0 i
* 205.178.21.147 1 128 147 i
*> 205.178.17.0 205.178.21.147 1 128 147 i
13.0.0.0 205.178.21.147 1 256 147 {35} ?

/info/l3/ospf
OSPF Information Menu
Nortel Application Switch Operating System supports the Open Shortest Path First (OSPF)
routing protocol. The Nortel Application Switch Operating System implementation conforms
to the OSPF version 2 specifications detailed in Internet RFC 1583. OSPF is designed for rout-
ing traffic within a single IP domain called an Autonomous System (AS). The AS can be
divided into smaller logical units known as areas. In any AS with multiple areas, one area must
be designated as area 0, known as the backbone. The backbone acts as the central OSPF area.
All other areas in the AS must be connected to the backbone. Areas inject summary routing
information into the backbone, which then distributes it to other areas as needed. For more

Chapter 4: The Information Menu „ 119


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

information on how to configure OSPF on the switch, refer to the OSPF section in chapter
“The Configuration Menu” on page 257 and your Nortel Application Switch Operating System
Application Guide.

[OSPF Information Menu]


general - Show general information
aindex - Show area(s) information
if - Show interface(s) information
virtual - Show details of virtual links
nbr - Show neighbor(s) information
dbase - Database Menu
sumaddr - Show summary address list
nsumadd - Show NSSA summary address list
routes - Show OSPF routes
dump - Show OSPF information

Table 4-26 OSPF Information Menu (/info/l3/ospf)

Command Syntax and Usage

general
Displays general OSPF information. See page 121 for a sample output.

aindex <area index [0-2]>


Displays area information for a particular area index. If no parameter is supplied, it displays area
information for all the areas.

if <interface number [1-256]>


Displays interface information for a particular interface. If no parameter is supplied, it displays
information for all the interfaces. See page 122 for a sample output.

virtual
Displays information about all the configured virtual links.

nbr <nbr router-id (A.B.C.D)>


Displays the status of a neighbor with a particular router ID. If no router ID is supplied, it displays
the information about all the current neighbors.

dbase
Displays OSPF database menu. To view menu options, see page 122.

sumaddr <area index (0-2)>


Displays the list of summary ranges belonging to non-NSSA areas.

nsumadd <area index (0-2)>


Displays the list of summary ranges belonging to NSSA areas.

routes
Displays OSPF routing table. See page 124 for a sample output.

120 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 4-26 OSPF Information Menu (/info/l3/ospf)

Command Syntax and Usage

dump
Display all the OSPF information. See for a sample output.

/info/l3/ospf/general
OSPF General Information

OSPF Version 2
Router ID: 47.80.23.247
Started at 95 and the process uptime is 352315
Area Border Router: yes, AS Boundary Router: no
LS types supported are 6
External LSA count 0
External LSA checksum sum 0x0
Number of interfaces in this router is 2
Number of virtual links in this router is 1
16 new lsa received and 34 lsa originated from this router
Total number of entries in the LSDB 10
Database checksum sum 0x0
Total neighbors are 1, of which
2 are >=INIT state,
2 are >=EXCH state,
2 are =FULL state
Number of areas is 2, of which 3-transit 0-nssa
Area Id : 0.0.0.0
Authentication : none
Import ASExtern : yes
Number of times SPF ran : 8
Area Border Router count : 2
AS Boundary Router count : 0
LSA count : 5
LSA Checksum sum : 0x2237B
Summary : noSummary

Chapter 4: The Information Menu „ 121


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l3/ospf/if
OSPF Interface Information

Ip Address 10.10.12.1, Area 0.0.0.1, Admin Status UP


Router ID 10.10.10.1, State DR, Priority 1
Designated Router (ID) 10.10.10.1, Ip Address 10.10.12.1
Backup Designated Router (ID) 10.10.14.1, Ip Address 10.10.12.2
Timer intervals, Hello 10, Dead 40, Wait 1663, Retransmit 5,
Poll interval 0, Transit delay 1
Neighbor count is 1 If Events 4, Authentication type none

/info/l3/ospf/dbase
OSPF Database Information

[OSPF Database Menu]


advrtr - LS Database info for an Advertising Router
asbrsum - ASBR Summary LS Database info
dbsumm - LS Database summary
ext - External LS Database info
nw - Network LS Database info
nssa - NSSA External LS Database info
rtr - Router LS Database info
self - Self Originated LS Database info
summ - Network-Summary LS Database info
all - All

Table 4-27 OSPF Database Information Menu (/info/l3/ospf/dbase)

Command Syntax and Usage

advrtr <router-id (A.B.C.D)>


Takes advertising router as a parameter. Displays all the Link State Advertisements (LSAs) in the
LS database that have the advertising router with the specified router ID, for example: 20.1.1.1.

asbrsum <adv-rtr (A.B.C.D)>|<link_state_id (A.B.C.D)>|<self>


Displays ASBR summary LSAs. The usage of this command is as follows:
a) asbrsum adv-rtr 20.1.1.1 displays ASBR summary LSAs having the advertising
router 20.1.1.1.
b) asbrsum link_state_id 10.1.1.1 displays ASBR summary LSAs having the link
state ID 10.1.1.1.
c) asbrsum self displays the self advertised ASBR summary LSAs.
d) asbrsum with no parameters displays all the ASBR summary LSAs.

122 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 4-27 OSPF Database Information Menu (/info/l3/ospf/dbase)

Command Syntax and Usage

dbsumm
Displays the following information about the LS database in a table format:
a) the number of LSAs of each type in each area.
b) the total number of LSAs for each area.
c) the total number of LSAs for each LSA type for all areas combined.
d) the total number of LSAs for all LSA types for all areas combined.
No parameters are required.

ext <adv-rtr (A.B.C.D)>|<link_state_id (A.B.C.D)>|<self>


Displays the AS-external (type 5) LSAs with detailed information of each field of the LSAs. The
usage of this command is the same as the usage of the command asbrsum.

nw <adv-rtr (A.B.C.D)>|<link_state_id (A.B.C.D)>|<self>


Displays the network (type 2) LSAs with detailed information of each field of the LSA.network LS
database. The usage of this command is the same as the usage of the command asbrsum.

nssa <adv-rtr (A.B.C.D)>|<link_state_id (A.B.C.D)>|<self>


Displays the NSSA (type 7) LSAs with detailed information of each field of the LSAs. The usage
of this command is the same as the usage of the command asbrsum.

rtr <adv-rtr (A.B.C.D)>|<link_state_id (A.B.C.D)>|<self>


Displays the router (type 1) LSAs with detailed information of each field of the LSAs. The usage
of this command is the same as the usage of the command asbrsum.

self
Displays all the self-advertised LSAs. No parameters are required.

summ <adv-rtr (A.B.C.D)>|<link_state_id (A.B.C.D)>|<self>


Displays the network summary (type 3) LSAs with detailed information of each field of the LSAs.
The usage of this command is the same as the usage of the command asbrsum.

all
Displays all the LSAs.

Chapter 4: The Information Menu „ 123


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l3/ospf/routes
OSPF Information Route Codes

Codes: IA - OSPF inter area,


N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
IA 10.10.0.0/16 via 200.1.1.2
IA 40.1.1.0/28 via 20.1.1.2
IA 80.1.1.0/24 via 200.1.1.2
IA 100.1.1.0/24 via 20.1.1.2
IA 140.1.1.0/27 via 20.1.1.2
IA 150.1.1.0/28 via 200.1.1.2
E2 172.18.1.1/32 via 30.1.1.2
E2 172.18.1.2/32 via 30.1.1.2
E2 172.18.1.3/32 via 30.1.1.2
E2 172.18.1.4/32 via 30.1.1.2
E2 172.18.1.5/32 via 30.1.1.2
E2 172.18.1.6/32 via 30.1.1.2
E2 172.18.1.7/32 via 30.1.1.2
E2 172.18.1.8/32 via 30.1.1.2

124 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/ospf/dump
OSPF Dump Information
OSPF Version 2
Router ID: 1.1.1.1
Started at 42 and the process uptime is 1197051
Area Border Router: no, AS Boundary Router: no
External LSA count 0
Number of interfaces in this router is 0
Number of virtual links in this router is 0
0 new lsa received and 0 lsa originated from this router
Total number of entries in the LSDB 0
Total neighbors are 0, of which
0 are >=INIT state,
0 are >=EXCH state,
0 are =FULL state
Number of areas is 0, of which 0-transit 0-nssa

OSPF Neighbors:
Intf NeighborID Prio State Address
---- ---------- ---- ----- -------

OSPF LS Database:
OSPF LSDB breakdown for router with ID (1.1.1.1)
No areas enabled.

Chapter 4: The Information Menu „ 125


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l3/ip
IP Information
Interface information:
1: 47.80.23.81 255.255.254.0 47.80.23.255, vlan 1, up
2: 172.31.4.1 255.255.255.0 172.31.4.255, vlan 1, up
3: 172.31.3.1 255.255.255.0 172.31.3.255, vlan 1, up

Default gateway information: metric strict


2: 47.80.22.1, vlan any, up

Current IP forwarding settings: ON, dirbr disabled

Current local networks:

Current IP port settings:


All other ports have forwarding ON

Current network filter settings:


none

Current route map settings:


Current OSPF settings: ON
Default route none
Router ID: 1.1.1.1
lsdb limit 0

126 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l3/vrrp
VRRP Information
Virtual Router Redundancy Protocol (VRRP) support on Nortel Application Switch provides
redundancy between routers in a LAN. This is accomplished by configuring the same virtual
router IP address and ID number on each participating VRRP-capable routing device. One of
the virtual routers is then elected as the master, based on a number of priority criteria, and
assumes control of the shared virtual router IP address. If the master fails, one of the backup vir-
tual routers will assume routing authority and take control of the virtual router IP address. Refer
to your Nortel Application Switch Operating System Application Guide for more information on
VRRP.

VRRP information:
10: vrid 10, 10.1.2.200, if 10, renter, prio 110, master
11: vrid 11, 11.1.2.200, if 11, renter, prio 118, master
12: vrid 12, 12.1.2.200, if 12, renter, prio 102, backup
13: vrid 13, 13.1.2.200, if 13, renter, prio 118, master
14: vrid 14, 14.1.2.200, if 14, renter, prio 102, backup
20: vrid 20, 20.1.2.200, if 20, renter, prio 110, master
27: vrid 27, 27.1.2.200, if 27, renter, prio 118, master
28: vrid 28, 28.1.2.200, if 28, renter, prio 102, backup
100: vrid 100, 172.21.8.100, if 172, renter, prio 110, master,
server
172: vrid 172, 172.21.8.200, if 172, renter, prio 110, master
254: vrid 254, 27.1.2.100, if 27, renter, prio 102, backup,
server
255: vrid 255, 28.1.2.100, if 28, renter, prio 118, master,
server
VRRP information:
1: vrid 2, 205.178.18.210, if 1, renter, prio 100, master, server
2: vrid 1, 205.178.18.202, if 1, renter, prio 100, backup
3: vrid 3, 205.178.18.204, if 1, renter, prio 100, master, proxy

When virtual routers are configured, you can view the status of each virtual router using this
command. VRRP information includes:

„ Virtual router number


„ Virtual router ID and IP address
„ Interface number
„ Ownership status
† owner identifies the preferred master virtual router. A virtual router is the owner
when the IP address of the virtual router and its IP interface are the same.
† renter identifies virtual routers which are not owned by this device.

Chapter 4: The Information Menu „ 127


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

„ Priority value. During the election process, the virtual router with the highest priority
becomes master.
„ Activity status
† master identifies the elected master virtual router.
† backup identifies that the virtual router is in backup mode.
„ Server status. The server state identifies virtual routers that support Layer 4 services.
These are known as virtual server routers: any virtual router whose IP address is the same
as any configured virtual server IP address.
„ Proxy status. The proxy state identifies virtual proxy routers, where the virtual router
shares the same IP address as a proxy IP address. The use of virtual proxy routers enables
redundant switches to share the same IP address, minimizing the number of unique IP
addresses that must be configured.

128 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/l3/dump
Layer3 Dump Information
This command dumps all the information about Layer 3 parameters. This dump is a collection
of all the individual commands described in the sections above.

IP information:
IP information:
Router ID: 45.1.1.201, AS number 100

Interface information:
2: 45.1.1.201 255.0.0.0 45.255.255.255 , vlan 1, up
3: 205.1.1.201 255.255.255.0 205.1.1.255 , vlan 1, up
4: 172.21.1.254 255.255.255.0 172.21.1.255 , vlan 1, up

Default gateway information: metric strict

Current IP forwarding settings: ON, dirbr disabled

Current local networks:

Current IP port settings:


All other ports have forwarding ON

Current network filter settings:


none

Current route map settings:

Current BGP settings:


ON, pref 100, AS number 100

Current BGP peer settings:


1: 45.1.1.203, ras 300, hold 180, alive 60, adv 60
retry 120, orig 15, ttl 1, enabled
metric none, default none, rip disabled, ospf disabled
fixed disabled, static disabled, vip disabled
in-rmap: empty
out-rmap: empty

Current BGP aggr settings:

Continued

Chapter 4: The Information Menu „ 129


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Virtual Router Redundancy is globally turned OFF.


ARP cache information:
IP address Flags MAC address VLAN Port Referenced SPs
--------------- ----- ----------------- ---- ----- ----------------
45.1.1.75 00:0f:06:ec:8a:00 1 24 empty
45.1.1.201 P 00:01:81:2e:a2:20 1 1-4
45.1.1.202 00:09:97:5e:69:00 1 24 empty
172.21.1.254 P 00:01:81:2e:a2:20 1 1-4
205.1.1.1 00:09:6b:b5:0b:d6 1 24 empty
205.1.1.2 00:09:6b:b5:08:48 1 24 empty
205.1.1.3 00:09:6b:00:6f:b7 1 24 empty
205.1.1.4 00:09:6b:00:76:1b 1 24 empty
205.1.1.5 00:09:6b:00:74:97 1 24 empty
205.1.1.6 00:09:6b:00:71:bb 1 24 empty
205.1.1.100 P 4 00:01:81:2e:a2:2e 1-4
205.1.1.201 P 00:01:81:2e:a2:20 1 1-4

ARP address information:


IP address IP mask MAC address VLAN Flags
--------------- --------------- ----------------- ---- -----
205.1.1.100 255.255.255.255 00:01:81:2e:a2:2e D
172.21.1.254 255.255.255.255 00:01:81:2e:a2:20 1
205.1.1.201 255.255.255.255 00:01:81:2e:a2:20 1
45.1.1.201 255.255.255.255 00:01:81:2e:a2:20 1

Route table information:


Status code: * - best
Destination Mask Gateway Type Tag Metr If
--------------- ------------- ------------ ------- ----- --- --
* 45.0.0.0 255.0.0.0 45.1.1.201 direct fixed 2
* 45.1.1.201 255.255.255.255 45.1.1.201 local addr 2
* 45.255.255.255 255.255.255.255 45.255.255.255broadcast broadcast 2
* 127.0.0.0 255.0.0.0 0.0.0.0 martian martian
* 172.21.1.0 255.255.255.0 172.21.1.254 direct fixed 4
* 172.21.1.254 255.255.255.255 172.21.1.254 local addr 4
* 172.21.1.255 255.255.255.255 172.21.1.255 broadcast broadcast 4

Continued

130 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

* 205.1.1.0 255.255.255.0 205.1.1.201 direct fixed 3


* 205.1.1.100 255.255.255.255 205.1.1.100 direct vip
* 205.1.1.201 255.255.255.255 205.1.1.201 local addr 3
* 205.1.1.255 255.255.255.255 205.1.1.255 broadcast broadcast 3
* 224.0.0.0 224.0.0.0 0.0.0.0 martian martian
* 255.255.255.255 255.255.255.255 255.255.255.255 broadcast broad-
cast

OSPF is disabled.
Status codes: * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metr LcPrf Wght Path
--------------- --------------- ----- ----- ----- ---------------
*> 45.0.0.0 0.0.0.0 0 ?
*> 172.21.1.0 0.0.0.0 0 ?
*> 205.1.1.0 0.0.0.0 0 ?

Chapter 4: The Information Menu „ 131


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/slb
Layer 4 Information Menu
Server Load Balancing (SLB) allows you to configure the Nortel Application Switch to bal-
ance user session traffic among a pool of available servers that provide shared services. In an
average network that employs multiple servers without server load balancing, each server usu-
ally specializes in providing one or two unique services. If one of these servers provides access
to applications or data that is in high demand, it can become overutilized. Placing this kind of
strain on a server can decrease the performance of the entire network as user requests are
rejected by the server and then resubmitted by the user stations. With this software feature, the
switch is aware of the services provided by each server and can direct user session traffic to an
appropriate server, based on a variety of load-balancing algorithms.

Refer to your Nortel Application Switch Operating System Application Guide for detailed infor-
mation on this feature.:

[Server Load Balancing Information Menu]


sess - Session Table Information Menu
gslb - Global SLB Information Menu
real - Show real server information
group - Show real server group information
virt - Show virtual server information
filt - Show filter information
port - Show port information
wlm - Show Workload Manager information
idshash - Show IDS server selected by hash or minmisses metric
bind - Show real server selected by hash, phash, or minmisses metric
cookie - Decode the HEX value to get VIP, RIP and Rport
synatk - Show SYN attack detection information
dump - Show all layer 4 information

Table 4-28 Layer 4 Information Menu Options (/info/slb)

Command Syntax and Usage

sess
Displays the Session Table Information Menu. To view menu options, see page 134.

gslb
Displays the Global SLB Information Menu. To view menu options, see page 139.

real <real server number (1-1023)>


Displays Real server number, real IP address, MAC address, VLAN, physical switch port, layer
where health check is performed, and health check result.

132 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 4-28 Layer 4 Information Menu Options (/info/slb)

Command Syntax and Usage

group <real server group number, 1-1024>


Real server group information

virt <virtual server number (1-1024)>


„ Displays Virtual Server State: Virtual server number, IP address, virtual MAC address
„ Virtual Port State: Virtual service or port, server port mapping, real server group, group backup
server.

filt <filter ID (1-2048)>|list|allow|deny|redir|nat


Displays the filter number, destination port, real server port, real server group, health check layer,
group backup server, URL for health checks, and real server group, IP address, backup server, and
status.

port <port number>


Displays the physical port number, proxy IP address, filter status, a list of applied filters, and client
and/or server Layer 4 activity.

wlm <work_load_manager_number, 1 to 16>


Show workload manager information.

idshash <IP address 1> <IP address 2>


Displays the Intrusion Detection System server selected by hash or minmisses metric.

bind <IP address> <mask> <group number>


Displays the real server selected by hash, phash, or minmisses metric.

cookie <16 or 20 bytes cookie value in HEX as 0xXXXXXXXXXXXXXXXX>


Decodes the hexadecimal value to get the virtual server IP address, real server IP address, and real
server port.

synatk
Displays SYN attack detection information. To identify whether or not the server is under SYN
attack, the number of new half open sessions is examined within a set period of time, for example,
every two seconds. This feature requires dbind to be enabled.

dump
Displays all Layer 4 information for the switch. For details, see page 140.

Chapter 4: The Information Menu „ 133


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/slb/sess
Session Table Information
[Session Table Information Menu]
cip - Show all session entries with source IP address
cip6 - Show all session entries with source IP6 address
cport - Show all session entries with source port
dip - Show all session entries with destination IP address
dip6 - Show all session entries with source IP6 address
dport - Show all session entries with destination port
pip - Show all session entries with proxy IP address
pport - Show all session entries with proxy port
filter - Show all session entries with matching filter
flag - Show all session entries with matching flag
port - Show all session entries with ingress port
real - Show all session entries with real IP address
sp - Show all session entries on sp
dump - Show all session entries
help - Session entry description

Table 4-29 Session Information Menu Options (/info/slb/sess)

Command Syntax and Usage

cip <IP address>


Displays all session entries with client’s source IP address.

cip6 <IP6_address>
Display session entries with the specified IP6 address.

cport <real port>


Displays all session entries with source (client) port.

dip <Destination IP address>


Displays all session entries with the destination IP address.

dip6 <IP6_address>
Display session entries with the specified IP6 address.

dport <Destination real port>


Displays all session entries with destination port.

pip <Proxy IP address>


Displays all session entries with proxy IP address.

pport <proxy port>


Displays all session entries with proxy port.

134 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 4-29 Session Information Menu Options (/info/slb/sess)

Command Syntax and Usage

filter <filter ID (1-2048)>


Displays all session entries with matching filter.

flag <E|L|N|P|S|Rt|Ru|Ri|Vi|Vr|Vs|Vm|Vd|U|W>
Displays all session entries with matching flag. See “Session dump information in Nortel Applica-
tion Switch Operating System” on page 137 for a description of these options.

port <port number>


Displays all session entries on the ingress port.

real <IP address>


Displays all session entries with real server IP address.

sp <port number (1-4)>


Displays all session entries on switch processor.

dump <v4 | v6>


Displays all session entries. Specify v4 to dump IPv4 information, v6 to dump IPv6 information or
no parameter to display all information. Information similar to the following may appear in
a session entry dump:
3, 01: 1.1.1.1 4586, 2.2.2.1 http -> 1.1.1.2 3567 3.3.3.1 http age 6 f:10 EUSPT c
(1) (2) (3) (4) (5) (6) (7a) (7) (8) (9) (10) (11) (12) (13)
Note: The fields, 1 to 13 associated with a session as identified in the above example, are described
in “Session dump information in Nortel Application Switch Operating System” on page 137.

help
Displays the description of the session entry.

Samples of Session Dumps for Different Applications


L4 HTTP

3,01: 172.21.12.19 1040, 39.2.2.1 http -> 47.81.24.79 http age 4

L4-L7 WCR HTTP

2,16: 172.21.8.200 44687, 172.21.8.51 http -> 192.168.1.11 wcr age 4 f:12 E
3,01: 172.21.12.19 1040, 39.2.2.1 http -> 47.81.24.79 urlwcr age 6 f:123 E

RTSP

L4-L7 RTSP

Chapter 4: The Information Menu „ 135


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

3,01: 172.21.12.19 4586, 39.2.2.1 rtsp -> 47.81.144.13 rtsp age 10 EU


3,01: 172.21.12.19 6970, 39.2.2.1 21220 -> 47.81.144.13 21220 age 10 P
The first session is RTSP TCP control connection.
The second session is RTSP UDP data connection.

3,01: 172.21.12.19 6970, 39.2.2.1 rtsp -> 47.81.144.13 0 age 10 P


During client-server port negotiation, the destination port shows “rtsp” and server port
shows “0”

L7 WCR RTSP

3,01: 172.21.12.19 4586, 39.2.2.1 rtsp -> 47.81.144.13 urlwcr age 10 f:100 EU
3,01: 172.21.12.19 6970, 39.2.2.1 21220 -> 47.81.144.13 21220 age 10 P

Filtering LinkLB

2,07: 10.0.1.26 1706, 205.178.14.84 http -> 192.168.4.10 linklb age 8 f:10 E

FTP

1,00: 172.31.4.215 80, 172.31.4.200 0 172.31.3.11 age 8 EP c:1


1,09: 172.31.4.215 4098, 172.31.4.200 ftp ->172.31.3.20 ftp age 10 EU
1,09: 172.31.4.215 4102, 172.31.4.200 ftp-data ->172.31.3.20 ftp-data age 10 E

NAT

2,05: 172.21.8.16 2559, 10.0.1.26 http NAT age 2 f:24 E

Persistent session

3,00: 237.162.52.123 160.10.20.30 age 4 EPS C:3


The destination port, real server IP and server port are not shown for
persistent session.

136 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Session dump information in Nortel Application Switch


Field Description

(1) SP number This field indicates the Switch Processor number that created the
session.
(2) Ingress port This field shows the physical port through which the client traffic
enters the switch.
(3) Source IP This field contains the source IP address from the client’s IP
address packet in IPv4 or IPv6.
(4) Source port This field identifies the source port from the client’s TCP/UDP
packet.
(5) Destination IP This field identifies the destination IP address from the client’s
address TCP/UDP packet.
(6) Destination This field identifies the destination port from client’s TCP/UDP
port packet.
(7a) Proxy IP This field contains the Proxy IP address substituted by the switch.
address This field contains the real server IP address of the corresponding
server that the switch selects to forward the client packet to, for
load balancing. If the switch does not find a live server, this field
contains the same information as the destination IP address men-
tioned in field (5).
This field also shows the real server IP address for filtering. No
address is shown if the filter action is Allow, Deny or NAT.
It will show “ALLOW”, “DENY” or “NAT” instead.
(7) Proxy Port This field identifies the TCP/UDP source port substituted by the
switch.
(8) Real Server IP For load balancing, this field contains the IP address of the real server
Address that the switch selects to forward client packet to. If the switch does not
find live server, this field is the same as destination IP address (as in row
5).
For example: 3,01: 1.1.1.1 1040, 2.2.2.1 http -> 3.3.3.1 http age 10
3,01: 1.1.1.1 6970, 2.2.2.1 rtsp -> 2.2.2.1 21220 age 10 P
For filtering, this field also shows the real server IP address. No address is
shown if the filter action is Allow, Deny or NAT. It will show ALLOW,
DENY or NAT instead.
For example: 3,01: 1.1.1.1 1040, 2.2.2.1 http -> 3.3.3.1 http age 10 f:11
2,07: 1.1.1.1 1706, 2.2.2.1 http-> 192.168.4.10 linklb age 8 f:10 E

Chapter 4: The Information Menu „ 137


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Field Description

(9) Server port This field is the same as the destination port (field 6) for load bal-
ancing except for the RTSP UDP session. For RTSP UDP session,
this server port is obtained from the client-server negotiation.
This field is the filtering application port for filtering. It is for
internal use only. This field can be urlwcr, wcr, idslb,
linkslb or nonat.

(10) Age This is the session timeout value. If no packet is received within
the value specified, the session is freed. For example, if:
age 10 - The session is aged out in 10 minutes.
age < 160 - The session is aged out in 160 minutes.
This indicates that slowage is used. The user can configure slowage
by using the command: /cfg/slb/adv/slowage.

(11) Filter number This field indicates the session created by filtering code as a
result of the IP header keys matching the filtering criteria.

(12) Flag “E”: Indicates the session is established and will be aged out if no
traffic is received within session timeout value.
“L”: Indicates the session is a link load balance session.
“N”: Indicates no NAT, which means the session only translates
the destination MAC when forwarding client traffic to the real
server.
“P”: Indicates the session is a persistent session and is not to be aged out.
Fields (6), (7) and (8) cannot have persistent session.
“S”: Indicates the session is a persistent session and the application is
SSL session ID, or Cookie Pbind.
“Rt”: Indicates the session is TCP rate limiting for every client entry.
“Ru”: Indicates UDP rate limiting for every client entry.
“Ri”: Indicates the session is ICMP rate limiting per-client entry.
“Vr”: Indicates the session is a SIP REGISTER session.
“Vs”: Indicates the session is a SIP SUBSCRIBE session.
“Vi”: Indicates the session is a SIP INVITE session.
“Vm”: Indicates the session is a SIP MESSAGE session.
“Vd”: Indicates the session is a SIP NAT data session.
“U”: Indicates the session is Layer 7 delayed binding and the switch is
trying to open TCP connection to the real server.
“W”: Indicates the session only translates the destination MAC when
forwarding Layer 7 WCR traffic to the real server.

(13) Persistent session This counter indicates the number of client sessions created to
user count associate with this persistent session.

Operating System

138 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/slb/gslb
Global SLB Information Menu
An Nortel Application Switch Operating System running Global SLB selects the most appro-
priate site to direct the client traffic for a given domain during the initial client connection. The
menu for this feature displays the following information:

[Global SLB Information Menu]


virt - Show Global SLB virtual server information
site - Show Global SLB remote site information
rule - Show Global SLB rule information
geo - Show Global SLB geographical preference information
pers - Show Global SLB DNS persistence cache information
dump - Show all Global SLB information

Table 4-30 Global SLB Information Menu Options (/info/slb/gslb)

Command Syntax and Usage

virt <virtual server number (1-1024)>


Displays the Global SLB virtual server information such as the domain name of the virtual server,
the number of the local and remote virtual servers, the number of virtual services on those virtual
servers, and the group of real servers associated with the local and remote virtual servers.

site
Displays the Global SLB remote site information.

geo
Displays the Global SLB geographical preference information.

pers <IP_Address>
Display the Global SLB DNS persistence cache information.

dump
Displays all Global SLB information.

Chapter 4: The Information Menu „ 139


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/slb/dump
Show All Layer 4 Information
Real server state:
1: 210.1.2.200, 00:01:02:c1:4b:48, vlan 1, port 1, health 3, up
2: 210.1.2.1, 00:01:02:70:4d:4a, vlan 1, port 8, health 3, up
26: 20.20.20.102, 00:03:47:07:a4:9e, vlan 1, port 6, health 3, up
27: 20.20.20.101, 00:01:02:71:9c:a6, vlan 1, port 7, health 3, up

Virtual server state:


1: 20.20.20.200, 00:60:cf:47:5c:1e
virtual ports:
http: rport http, group 88, backup none, dbind
HTTP Application: urlslb
real servers:
26: 20.20.20.102, backup none, 2 ms, up
exclusionary string matching: disabled
1: any
2: urlone
27: 20.20.20.101, backup none, 1 ms, up
exclusionary string matching: disabled
3: urltwo
4: urlthree

Redirect filter state:


Action redir
dport http, rport 3128, vlan any
200: group 1, health 3, backup none
proxy enabled, radius snoop disabled
real servers:
1: 210.1.2.200, backup none, 3 ms, up
2: 210.1.2.1, backup none, 2 ms, up

Port state:
1: filt disabled, filters: 80
2: idslb filt enabled, filters: 200
3: idslb filt enabled, filters: 200
4: filt disabled, filters: 50 200

140 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/bwm
Bandwidth Management Information
Bandwidth Management (BWM) enables Web site managers to allocate a portion of the avail-
able bandwidth for specific users or applications. It allows companies to guarantee that critical
business traffic, such as e-commerce transactions, receive higher priority versus non-critical-
traffic. Traffic classification can be based on user or application information. BWM policies
can be configured to set lower and upper bounds on the bandwidth allocation.

You can see the following information on your switch when you execute this command:

[Bandwidth Management Information Menu]


ipuser - BWM IP User Entries Information Menu
cont - Show Bandwidth Management Contract information

Table 4-31 Bandwidth Management Information

Command Syntax and Usage

ipuser
Displays the IP user entries with their IP addresses. See page 142 for sample output.

cont
Displays the BWM contract information configured on this switch.

Chapter 4: The Information Menu „ 141


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/bwm/ipuser
BWM IP User Information Menu
[BWM IP User Entries Information Menu]
ip - Show all IP user entries with IP address
cont - Show all IP user entries for a contract
sp - Show all IP user entries on sp
dump - Show all IP user entries

Table 4-32 BWM IP User Information Menu (/info/bwm/ipuser)

Command Syntax and Usage

ip <IP address>
Displays the IP user entries for a specific IP address.

cont <BW Contract number, 1-1024>


Displays the IP user entries for a specific BWM contract.

sp <SP number (1-4)>


Displays the IP user entries on the Switch Processor. The same fields as described in cont above
are displayed, but only for the specified sp number.

dump
Displays all the IP user entries.

142 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

The format of the output of the above commands:

SP Contract IP Address Age Octets Discards Allowed Offered


Rate Rate
-- -------- ---------------- --- ---------- ---------- -----
2 11 11.0.1.100 86 21500000 301001440 1953 29297
2 10 11.0.1.100 86 1076600 0 97 97
2 10 11.0.1.107 16 199940 0 97 97
2 10 11.0.1.105 16 198402 0 96 96
2 10 11.0.1.106 16 199940 0 97 97
2 10 11.0.1.103 16 196864 0 96 96
2 10 11.0.1.104 16 204554 0 99 99
2 10 11.0.1.101 16 201478 0 98 98
2 10 11.0.1.102 16 198402 0 96 96
2 10 11.0.1.108 16 199940 0 97 97
2 10 11.0.1.109 16 203016 0 99 99

„ SP Rate: the switch processor number (1-4) of the ipuser entry.


„ Contract Rate: the BWM contract number of the ipuser entry.
„ IP address: the IP address of the ipuser entry.
„ Age: the age of the entry in seconds.
„ Octets: the number of octets processed on this ipuser entry
„ Discards: the number of octets discarded on this ipuser entry
„ Allowed Rate: the rate of traffic allowed for this IP address
„ Offered Rate: the rate including the discards for this IP address

Chapter 4: The Information Menu „ 143


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/bwm/cont
BWM Contract Information
Current Bandwidth Management setting: ON
Policy Enforcement:enabled
BWM history will be mailed in a minute
to 'abcd' at host '100.81.138.26'
BWM IP user table entries 64k

Contract Policy Per User Traffic


Num Name Prec Hard Soft Resv Limit Key State Shaping
1 123456789012345 2 1 50M 1M 500K - - E D
2 vlan 4 1 60M 2M 500K - - E D
3 filter 7 20 2M 1M 500K - - E D
4 5 1 2M 1M 500K - - D D
5 512 1 2M 1M 500K - - E D
10 10 1 1M 0K 0K 500K sip E D
11 11 1 100M 80M 500K 2M sip E D
12 12 1 2M 1M 500K - - E D
13 13 1 3M 1M 500K - - E D
14 14 1 4M 400K 100K - - E D
15 15 1 2M 1M 500K - - E D

This command displays information about any configured contracts and the BWM policies
applied to the contracts.

Table 4-33 BWM Contract Information

Field Description

Contract Displays the BWM contract number.


Policy Displays specific information about a policy applied to a contract.
Includes the following:
„ The policy number applied to the contract
„ Prec: the precedence applied to the policy
„ Hard: the hard limit applied to the policy
„ Soft: the soft limit applied to the policy
„ Resv: the reserve limit applied to the policy

144 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 4-33 BWM Contract Information

Field Description

Per User These two columns display information for an ipuser limit, if applied
to the contract. Includes the following:
Limit: the user rate limit applied to the ipuser.
Key: If an ipuser rate limit is enforced, this field displays whether the
user limit is enforced on a source IP address (sip) or a destination IP
address (dip).

State Displays whether the BWM contract is enabled (E) or disabled (D).

Traffic Shaping Displays whether Traffic Shaping is enabled (E) or disabled (D)
for this contract.

Chapter 4: The Information Menu „ 145


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/security
Security Information

[Security Information Menu]


port - Show port security information
ipacl - Show IP ACL information
udpblast - Show UDP blast protection information
dos - Show protocol anomaly and DoS attack prevention
information
dump - Show all security information

The information provided by each menu option is described in Table 4-34.

Table 4-34 Security Information Menu (/info/security)

Command Syntax and Usage

port
This menu displays the current port security settings.

ipacl
This menu displays the current IP ACL settings.

udpblast
This menu displays UDP blast protection settings.

dos
This menu displays DoS protection settings.

dump
This menu displays all security settings.

146 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/link
Link Status Information
Alias Port Speed Duplex Flow Ctrl Link
------ ---- ----- -------- --TX-----RX-- ------
1 1 10/100 any yes yes down
2 2 10/100 any yes yes down
3 3 10/100 any yes yes down
4 4 10/100 any yes yes down
5 5 10/100 any yes yes down
6 6 10/100 any yes yes down
7 7 10/100 any yes yes down
8 8 10/100 any yes yes down
9 9 10/100 any yes yes down
10 10 10/100 any yes yes down
11 11 10/100 any yes yes down
12 12 10/100 any yes yes down
13 13 10/100 any yes yes down
14 14 10/100 any yes yes down
15 15 10/100 any yes yes down
16 16 10/100 any yes yes down
17 17 10/100 any yes yes down
18 18 10/100 any yes yes down
19 19 10/100 any yes yes down
20 20 10/100 any yes yes down
21 21 10/100 any yes yes down
22 22 10/100 any yes yes down
23 23 10/100 any yes yes down
24 24 10/100 any yes yes down
25 25 1000 full yes yes down
26 26 1000 full yes yes down
27 27 1000 full yes yes down
28 28 1000 full yes yes down

Use this command to display link status information about each port on an Nortel Application
Switch slot, including:

„ Port Alias
„ Port number
„ Port speed (10, 100, 10/100, or 1000)
„ Duplex mode (half, full, any, or auto)
„ Flow control for transmit and receive (no, yes, or auto)

Chapter 4: The Information Menu „ 147


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

„ Link status (up or down)

148 „ Chapter 4: The Information Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/info/port
Port Information
Alias Port Tag RMON PVID BWC NAME VLAN(s)
------ ---- --- ---- ---- ----- -------------- --------------
1 1 y d 1 1024 1
2 2 n d 2 1024 2
3 3 n d 3 1024 3
4 4 n d 3 1024 3
5 5 n d 1 1024 1
6 6 n d 1 5 1
7 7 n d 1 1024 1
8 8 n d 1 1024 1
9 9 n d 1 1024 1
10 10 n d 1 1024 1
11 11 n d 1 1024 1
12 12 n d 1 1024 1
13 13 n d 1 6 1
14 14 n d 1 1024 1
15 15 n d 1 1024 1
16 16 n d 1 1024 1
17 17 n d 1 1024 1
18 18 n d 1 1024 1
19 19 n d 1 1024 1
20 20 n d 1 1024 1
21 21 n d 1 1024 1
22 22 n d 1 1024 1
23 23 n d 1 1024 1
24 24 n d 1 1024 1
25 25 n d 1 1024 1
26 26 n d 1 1024 1
27 27 n d 1 1024 1
28 28 n d 1 1024 1

Port information includes:

„ Port alias
„ Port number
„ Whether the port uses VLAN tagging or not (y or n)
„ Whether Remote Monitor is enabled or disabled
„ Port VLAN ID (PVID)
„ Port name
„ VLAN membership

Chapter 4: The Information Menu „ 149


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

„ Whether RMON is enabled or disabled on the port

/info/swkey
Software Enabled Keys
For optional Layer 4 switching software, the information would be displayed as follows:

Enabled Software features:


Layer 4: GSLB
Bandwidth Management
Security Pack
Enabled Software features:
Layer 4: GSLB
Inbound Linklb
Intelligent Traffic Management

Software key information includes a list of all the optional software packages which have been
activated or installed on your switch. For information on ordering optional software license
keys, see “How to Get Help” on page 24.

/info/dump
Information Dump
Use the dump command to dump all switch information available from the Information Menu
(10K or more, depending on your configuration). This data is useful for tuning and debugging
switch performance.

If you want to capture dump data to a file, set your communication software on your worksta-
tion to capture session data prior to issuing the dump commands.

150 „ Chapter 4: The Information Menu


320506-A, January 2006
CHAPTER 5
The Statistics Menu
You can view switch performance statistics in both the user and administrator command
modes. This chapter discusses how to use the command line interface to display switch statis-
tics.

/stats
Statistics Menu
[Statistics Menu]
sys - System Stats Menu
port - Port Stats Menu
pmirr - Port Mirroring Stats Menu
l2 - Layer 2 Stats Menu
l3 - Layer 3 Stats Menu
slb - Server Load Balancing (Layer 4-7) Stats Menu
bwm - Bandwidth Management Stats Menu
security - Security Stats Menu
mp - MP-specific Stats Menu
sp - SP-specific Stats Menu
dump - Dump all stats

151
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-1 Statistics Menu Options (/stats)

Command Syntax and Usage

sys
System statistics menu

port <port number>


Displays the Port Statistics Menu for the specified port. Use this command to display traffic statis-
tics on a port-by-port basis. Traffic statistics are included in SNMP Management Information Base
(MIB) objects. To view menu options, see page 154.

l2
Displays Layer 2 Statistics Menu. To view menu options, see page 170.

l3
Displays Layer3 Statistics Menu. To view menu options, see page 174.

slb
Displays the Server Load Balancing (SLB) Menu. To view menu options, see page 199.

bwm
Displays the Bandwidth Management Menu. To view menu options, see page 232.

mp
Displays the Management Processor Statistics Menu. Use this command to view information on
how switch management processes and resources are currently being allocated. To view menu
options, see page 248.

sp <SP number (1-4)>


Displays Switch Processor-Specific Menu. To view menu options, see page 253.

security
Displays Security Statistics Menu. To view menu options, see page 239.

snmp
Displays SNMP Statistics.

ntp <clear>
Displays Network Time Protocol (NTP) Statistics.
You can execute the clear command option to delete all statistics.

pm
Displays Port Mirroring Statistics Menu. To view menu options, see page 255.

mgmt
Displays interface statistics for the Management Port. See page 255 for sample output.

152 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-1 Statistics Menu Options (/stats)

Command Syntax and Usage

dump
Dumps all switch statistics. Use this command to gather data for tuning and debugging switch per-
formance. If you want to capture dump data to a file, set your communication software on your
workstation to capture session data prior to issuing the dump command. For details, see page 256.

Chapter 5: The Statistics Menu „ 153


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/sys
System statistics menu
This menu displays traffic statistics on a system basis.

[System Statistics Menu]


access - System Access Menu
mgmt - Show management port stats
ntp - Show NTP server stats
snmp - Show SNMP stats
dump - Dump system stats

Table 5-2 System Statistics Menu Options (/stats/sys)

Command Syntax and Usage

access
Go to the System Access menu.

mgmt
Management port interface statistics.

ntp
Show NTP server statistics.

snmp
Show SNMP statistics.

dump
Dump system statistics.

154 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/port <port number>


Port Statistics Menu
This menu displays traffic statistics on a port-by-port basis. Traffic statistics include SNMP
Management Information Base (MIB) objects.

[Port Statistics Menu]


brg - Show bridging ("dot1") stats
ether - Show Ethernet ("dot3") stats
if - Show interface ("if") stats
ip - Show Internet Protocol ("IP") stats
link - Show link stats
rmon - Show RMON stats
dump - Dump port stats
clear - Clear all port stats

Table 5-3 Port Statistics Menu Options (/stats/port)

Command Syntax and Usage

brg
Displays bridging (“dot1”) statistics for the port. See page 156 for a sample output and the descrip-
tion of statistics.

ether
Displays Ethernet (“dot1”) statistics for the port. See page 157 for a sample output and the descrip-
tion of statistics.

if
Displays interface statistics for the port. See page 161 for a sample output and the description of
statistics.

ip
Displays IP statistics for the port. See page 162 for a sample output and the description of statis-
tics.

link
Displays link statistics for the port. See page 163 for a sample output and the description of statis-
tics.

rmon
Displays Remote Monitor (RMON) statistics for the port. See page 164 for a sample output and the
description of statistics.

dump
Displays all the port statistics.

Chapter 5: The Statistics Menu „ 155


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-3 Port Statistics Menu Options (/stats/port) (Continued)

Command Syntax and Usage

clear
This command clears all the statistics on this port.

/stats/port <port number>/brg


Bridging Statistics
This menu option enables you to display the bridging statistics of the selected port.

Bridging statistics for port 1:


dot1PortInFrames: 63242584
dot1PortOutFrames: 63277826
dot1PortInDiscards: 0
dot1TpLearnedEntryDiscards: 0
dot1BasePortDelayExceededDiscards: NA
dot1BasePortMtuExceededDiscards: NA
dot1StpPortForwardTransitions: 0

Table 5-4 Bridging Statistics of a Port (/stats/port/brg)

Statistics Description

dot1PortInFrames The number of frames that have been received by this port from its seg-
ment. A frame received on the interface corresponding to this port is only
counted by this object if and only if it is for a protocol being processed by
the local bridging function, including bridge management frames.

dot1PortOutFrames The number of frames that have been transmitted by this port to its seg-
ment. Note that a frame transmitted on the interface corresponding to this
port is only counted by this object if and only if it is for a protocol being
processed by the local bridging function, including bridge management
frames.

dot1PortInDiscards Count of valid frames received which were discarded (that is, filtered) by
the Forwarding Process.

dot1TpLearnedEntry The total number of Forwarding Database entries, which have been or
Discards would have been learnt, but have been discarded due to a lack of space to
store them in the Forwarding Database. If this counter is increasing, it
indicates that the Forwarding Database is regularly becoming full (a con-
dition which has unpleasant performance effects on the subnetwork). If
this counter has a significant value but is not presently increasing, it indi-
cates that the problem has been occurring but is not persistent.

156 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-4 Bridging Statistics of a Port (/stats/port/brg)

Statistics Description

dot1BasePortDelay The number of frames discarded by this port due to excessive transit
ExceededDiscards delay through the bridge. It is incremented by both transparent and source
route bridges.

dot1BasePortMtu The number of frames discarded by this port due to an excessive size. It is
ExceededDiscards incremented by both transparent and source route bridges.

dot1StpPortForward The number of times this port has transitioned from the Learning state to
Transitions the Forwarding state.

/stats/port <port number>/ether


Ethernet Statistics
This menu option enables you to display the ethernet statistics of the selected port

Ethernet statistics for port 1:


dot3StatsAlignmentErrors: 0
dot3StatsFCSErrors: 0
dot3StatsSingleCollisionFrames: 0
dot3StatsMultipleCollisionFrames: 0
dot3StatsSQETestErrors: NA
dot3StatsDeferredTransmissions: 0
dot3StatsLateCollisions: 0
dot3StatsExcessiveCollisions: 0
dot3StatsInternalMacTransmitErrors: NA
dot3StatsCarrierSenseErrors: 0
dot3StatsFrameTooLongs: 0
dot3StatsInternalMacReceiveErrors: 0
dot3CollFrequencies [1-15]: NA

Chapter 5: The Statistics Menu „ 157


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-5 Ethernet Statistics for Port (/stats/port/ether)

Statistics Description

dot3StatsAlignment A count of frames received on a particular interface that are not


Errors an integral number of octets in length and do not pass the Frame Check
Sequence (FCS) check.

The count represented by an instance of this object is incremented when


the alignmentError status is returned by the MAC service to the
Logical Link Control (LLC) (or other MAC user). Received frames for
which multiple error conditions are obtained are, according to the con-
ventions of IEEE 802.3 Layer Management, counted exclusively accord-
ing to the error status presented to the LLC.

dot3StatsFCSErrors A count of frames received on a particular interface that are an integral


number of octets in length but do not pass the Frame Check Sequence
(FCS) check. This count does not include frames received with frame-
too-long or frame-too-short errors.
The count represented by an instance of this object is incremented when
the frameCheckError status is returned by the MAC service to the
LLC (or other MAC user). Received frames for which multiple error con-
ditions are obtained are, according to the conventions of IEEE 802.3
Layer Management, counted exclusively according to the error status pre-
sented to the LLC.
Note: Coding errors detected by the physical layer for speeds above 10
Mb/s will cause the frame to fail FCS check.

dot3StatsSingle- A count of successfully transmitted frames on a particular interface for


CollisionFrames which transmission is inhibited by exactly one collision.
A frame that is counted by an instance of this object is also counted by the
corresponding instance of either the ifOutUcastPkts, ifOutMul-
ticastPkts, or ifOutBroadcastPkts, and is not counted by the
corresponding instance of the dot3StatsMultipleCollision-
Frame object.
This counter does not increment when the interface is operating in full-
duplex mode.

dot3StatsMultiple- A count of successfully transmitted frames on a particular interface for


CollisionFrames which transmission is inhibited by more than one collision.
A frame that is counted by an instance of this object is also counted by the
corresponding instance of either the ifOutUcastPkts, ifOutMul-
ticastPkts, or ifOutBroadcastPkts, and is not counted by the
corresponding instance of the dot3StatsSingleCollision-
Frames object.
This counter does not increment when the interface is operating in full-
duplex mode.

158 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-5 Ethernet Statistics for Port (/stats/port/ether)

Statistics Description

dot3StatsSQETest- A count of times that the SQE TEST ERROR message is generated by the
Errors PLS sub layer for a particular interface. The SQE TEST ERROR is set in
accordance with the rules for the verification of the SQE detection mech-
anism in the PLS Carrier Sense Function as described in IEEE Std.802.3-
1998 Edition, section 7.2.4.6.
This counter does not increment when the interface is operating in full-
duplex mode.

dot3StatsDeferred- A count of frames for which the first transmission attempt on a particular
Transmissions interface is delayed because the medium is busy.
The count represented by an instance of this object does not include
frames involved in collisions.
This counter does not increment when the interface is operating in full-
duplex mode.

dot3StatsLate- The number of times that a collision is detected on a particular interface


Collisions later than one slotTime into the transmission of a packet.
Five hundred and twelve bit-times corresponds to 51.2 microseconds on a
10 Mbit/s system.
A (late) collision included in a count represented by an instance of this
object is also considered as a (generic) collision for purposes of other col-
lision-related statistics.
This counter does not increment when the interface is operating in full-
duplex mode.

dot3StatsExcessive A count of frames for which transmission on a particular interface fails


Collisions due to excessive collisions.
This counter does not increment when the interface is operating in full-
duplex mode.

dot3StatsInternal- A count of frames for which transmission on a particular interface fails


MacTransmitErrors due to an internal MAC sub layer transmit error. A frame is only counted
by an instance of this object if it is not counted by the corresponding
instance of either the dot3StatsLateCollisions object, the
dot3StatsExcessiveCollisions object, or the dot3Stats-
CarrierSenseErrors object.
The precise meaning of the count represented by an instance of this object
is implementation-specific. In particular, an instance of this object may
represent a count of transmission errors on a particular interface that are
not otherwise counted.

Chapter 5: The Statistics Menu „ 159


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-5 Ethernet Statistics for Port (/stats/port/ether)

Statistics Description

dot3StatsCarrier- The number of times that the carrier sense condition was lost or never
SenseErrors asserted when attempting to transmit a frame on a particular interface.
The count represented by an instance of this object is incremented at most
once per transmission attempt, even if the carrier sense condition fluctu-
ates during a transmission attempt.
This counter does not increment when the interface is operating in full-
duplex mode.

dot3StatsFrameToo- A count of frames received on a particular interface that exceed the maxi-
Longs mum permitted frame size.
The count represented by an instance of this object is incremented when
the frameTooLong status is returned by the MAC service to the LLC
(or other MAC user). Received frames for which multiple error condi-
tions are obtained are, according to the conventions of IEEE 802.3 Layer
Management, counted exclusively according to the error status presented
to the LLC.

dot3StatsInternal- A count of frames for which reception on a particular interface fails due
MacReceiveErrors to an internal MAC sub layer receive error. A frame is only counted by an
instance of this object if it is not counted by the corresponding instance of
either the dot3StatsFrameTooLongs object, the dot3Stats-
AlignmentErrors object, or the dot3StatsFCSErrors object.
The precise meaning of the count represented by an instance of this object
is implementation-specific. In particular, an instance of this object may
represent a count of received errors on a particular interface that are not
otherwise counted.

dot3Coll- A count of individual MAC frames for which the transmission


Frequencies (successful or otherwise) on a particular interface occurs after the frame
has experienced exactly the number of collisions specified by the index.
For example, a frame which is transmitted after experiencing exactly 4
collisions would be indicated by incrementing only
dot3CollFrequencies [4]. No other instance of
dot3CollFrequencies would be incremented in this example.
This counter does not increment when the interface is operating in full-
duplex mode.

160 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/port <port number>/if


Interface Statistics
This menu option enables you to display the interface statistics of the selected port.

Interface statistics for port 1:


ifHCIn Counters ifHCOut Counters
Octets: 51697080313 51721056808
UcastPkts: 65356399 65385714
BroadcastPkts: 0 6516
MulticastPkts: 0 0
Discards: 0 0
Errors: 0 0

Table 5-6 Interface Statistics for Port (/stats/port/if)

Statistics Description

ifHCInOctets The number of octets in valid MAC frames received on the interface,
including the MAC header and FCS. This does include the number of
octets in valid MAC Control frames received on this interface.

ifHCInUcastPkts The number of packets, delivered by this sub-layer to a higher sub- layer,
which were not addressed to a multicast or broadcast address at this sub-
layer.

ifHCInBroadcastP- The number of packets, delivered by this sub-layer to a higher sub- layer,
kts which were addressed to a broadcast address at this sub-layer.

ifHCInMulticastP- The number of packets delivered by this sub-layer to a higher (sub) layer,
kts which were addressed to a multicast address at this sub-layer. For a MAC
layer protocol, this includes both Group and Functional addresses.

ifHCInDiscards The number of inbound packets which were chosen to be discarded even
though no errors had been detected to prevent their being delivered to a
higher-layer protocol. One possible reason for discarding such a packet
could be to free up buffer space.

ifHCInErrors The sum for this interface of dot3statsAlignmentErrors,


dot3StatsFCSErrors, dot3StatsFrameTooLongs,
dot3StatsInternalMacReceiveErrors and
dot3StatsSymbolErrors.

ifHCOutOctets The number of octets transmitted in valid MAC frames on this interface,
including the MAC header and FCS. This does not include the number of
octets in valid MAC Control frames transmitted on this interface.

Chapter 5: The Statistics Menu „ 161


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-6 Interface Statistics for Port (/stats/port/if)

Statistics Description

ifHCOutUcastPkts The total number of packets that higher-level protocols requested to be


transmitted, and which were not addressed to a multicast or broadcast
address at this sub-layer, including those that were discarded or not sent.

ifHCOutBroadcastP- The total number of packets that higher-level protocols requested to be


kts transmitted, and which were addressed to a broadcast address at this sub-
layer, including those that were discarded or not sent.

ifHCOutMulticastP- The total number of packets that higher-level protocols requested to be


kts transmitted, and which were addressed to a multicast address at this sub-
layer, including those that were discarded or not sent. For a MAC layer
protocol, this includes both Group and Functional addresses.

ifHCOutDiscards The number of outbound packets which were chosen to be discarded even
though no errors had been detected to prevent their being transmitted.
One possible reason for discarding such a packet could be to free up
buffer space.

ifHCOutErrors The sum for this interface of: dot3statsSQETestErrors,


dot3StatsLateCollisions,
dot3StatsExcessiveCollisions,
dot3StatsInternalMacTransmitErrors and
dot3StatsCarrierSenseErrors.

/stats/port <port number>/ip


Interface Protocol Statistics
This menu option enables you to display the interface statistics of the selected port.

IP statistics for port 1:


ipInReceives: 0
ipInAddrErrors: 0 ipForwDatagrams: 0
ipInUnknownProtos: 0 ipInDiscards: 0
ipInDelivers: 0
ipTtlExceeds: 0
ipLANDattacks: 0

Table 5-7 Interface Protocol Statistics (/stats/port/ip)

Statistics Description

ipInReceives The total number of input datagrams received from interfaces, including
those received in error.

162 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-7 Interface Protocol Statistics (/stats/port/ip)

Statistics Description

ipInAddrErrors The number of input datagrams discarded because the IP address in their
IP header's destination field was not a valid address to be received at this
entity (the switch). This count includes invalid addresses (for example,
0.0.0.0) and addresses of unsupported Classes (for example, Class E). For
entities which are not IP Gateways and therefore do not forward data-
grams, this counter includes datagrams discarded because the destination
address was not a local address.

ipForwDatagrams The number of input datagrams for which this entity (the switch) was not
their final IP destination, as a result of which an attempt was made to find
a route to forward them to that final destination. In entities which do not
act as IP Gateways, this counter will include only those packets which
were Source-Routed via this entity (the switch), and the Source- Route
option processing was successful.

ipInUnknownProtos The number of locally-addressed datagrams received successfully but


discarded because of an unknown or unsupported protocol.

ipInDiscards The number of input IP datagrams for which no problems were encoun-
tered to prevent their continued processing, but which were discarded (for
example, for lack of buffer space). Note that this counter does not include
any datagrams discarded while awaiting re-assembly.

ipInDelivers The total number of input datagrams successfully delivered to IP user-


protocols (including ICMP).

ipTtlExceeds The number of IP datagram for which an ICMP TTL exceeded mes-
sage was sent.

ipLANDattacks The number of packets that have the same source and destination IP
address.

/stats/port <port number>/link


Link Statistics
This menu enables you to display the link statistics of the selected port.

Link statistics for port 1:


linkStateChange: 4

Chapter 5: The Statistics Menu „ 163


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-8 Link Statistics (/stats/port/link)

Statistics Description

linkStateChange The total number of link state changes.

/stats/port <port number>/rmon


RMON Statistics
This menu option enables you to display the remote monitor statistics of the selected port.

RMON statistics for port 1:


etherStatsDropEvents: 0
etherStatsOctets: 129677
etherStatsPkts: 1485
etherStatsBroadcastPkts: 734
etherStatsMulticastPkts: 712
etherStatsCRCAlignErrors: 0
etherStatsUndersizePkts: 0
etherStatsOversizePkts: 0
etherStatsFragments: 0
etherStatsJabbers: 0
etherStatsCollisions: 0
etherStatsPkts64Octets: 954
etherStatsPkts65to127Octets: 578
etherStatsPkts128to255Octets: 35
etherStatsPkts256to511Octets: 26
etherStatsPkts512to1023Octets: 16
etherStatsPkts1024to1518Octets: 8

Table 5-9 Remote Monitor Statistics (/stats/port/rmon)

Statistics Description

etherStatsDrop The total number of events in which packets were dropped by the probe
Events due to lack of resources. Note that this number is not necessarily the num-
ber of packets dropped; it is just the number of times this condition has
been detected.

164 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-9 Remote Monitor Statistics (/stats/port/rmon)

Statistics Description

etherStatsOctets The total number of octets of data (including those in bad packets)
received on the network (excluding framing bits but including FCS
octets).
This object can be used as a reasonable estimate of utilization (which is
the percent utilization of the ethernet segment). If greater precision is
desired, the etherStatsPkts and etherStatsOctets objects
should be sampled before and after a common interval. The differences in
the sampled values are Pkts and Octets, respectively, and the number
of seconds in the interval is Interval. These values are used to calcu-
late the utilization as follows:

Pkts × ( 9.6 + 6.4 ) + ( Octets × 0.8 )-


Utilization = ---------------------------------------------------------------------------------------
Interval × 10, 000
The result of this equation is the percent value of utilization.

etherStatsPkts The total number of packets (including bad packets, broadcast packets,
and multicast packets) received.

etherStatsBroad- The total number of good packets received that were directed to the
castPkts broadcast address. Note that this does not include multicast packets.

etherStatsMulti- The total number of good packets received that were directed to a multi-
castPkts cast address. Note that this number does not include packets directed to
the broadcast address.

etherStatsCRCAlign The total number of packets received that had a length (excluding fram-
Errors ing bits, but including Frame Check Sequence (FCS) octets) of between
64 and 1518 octets, inclusive, but had either a bad Frame Check
Sequence (FCS) with an integral number of octets (FCS Error) or a bad
FCS with a non-integral number of octets (Alignment Error).

etherStatsUnder- The total number of packets received that were less than 64 octets long
sizePkts (excluding framing bits, but including FCS octets) and were otherwise
well formed.

etherStatsOver- The total number of packets received that were longer than 1518 octets
sizePkts (excluding framing bits, but including FCS octets) and were otherwise
well formed.

Chapter 5: The Statistics Menu „ 165


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-9 Remote Monitor Statistics (/stats/port/rmon)

Statistics Description

etherStatsFrag- The total number of packets received that were less than 64 octets in
ments length (excluding framing bits but including FCS octets) and had either a
bad Frame Check Sequence (FCS) with an integral number of octets
(FCS Error) or a bad FCS with a non-integral number of octets (Align-
ment Error).
Note that it is entirely normal for etherStatsFragments to incre-
ment. This is because it counts both runts (which are normal occurrences
due to collisions) and noise hits. (A runt is a packet that is less than 64
bytes.)

etherStatsJabbers The total number of packets received that were longer than 1518 octets
(excluding framing bits, but including FCS octets), and had either a bad
Frame Check Sequence (FCS) with an integral number of octets (FCS
Error) or a bad FCS with a non-integral number of octets (Alignment
Error).
Note that this definition of jabber is different than the definition in IEEE-
802.3 section 8.2.1.5 (10Base-5) and section 10.3.1.4 (10Base-2). These
documents define jabber as the condition where any packet exceeds 20
ms. The allowed range to detect jabber is between 20 milliseconds and
150 milliseconds.

etherStats- The best estimate of the total number of collisions on this Ethernet seg-
Collisions ment.
The value returned will depend on the location of the RMON probe. Sec-
tion 8.2.1.3 (10Base-5) and section 10.3.1.3 (10Base-2) of IEEE standard
802.3 states that a station must detect a collision, in the receive mode, if
three or more stations are transmitting simultaneously. A repeater port
must detect a collision when two or more stations are transmitting simul-
taneously. Thus a probe placed on a repeater port could record more colli-
sions than a probe connected to a station on the same segment would.
Probe location plays a much smaller role when considering 10Base-T.
14.2.1.4 (10Base-T) of IEEE standard 802.3 defines a collision as the
simultaneous presence of signals on the DO and RD circuits (transmitting
and receiving at the same time). A 10Base-T station can only detect colli-
sions when it is transmitting. Thus probes placed on a station and a
repeater, should report the same number of collisions.
Note also that an RMON probe inside a repeater should ideally report col-
lisions between the repeater and one or more other hosts (transmit colli-
sions as defined by IEEE 802.3k) plus receiver collisions observed on
any coax segments to which the repeater is connected.

etherStatsPkts64- The total number of packets (including bad packets) received that were
Octets 64 octets in length (excluding framing bits but including Frame Check
Sequence (FCS) octets).

166 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-9 Remote Monitor Statistics (/stats/port/rmon)

Statistics Description

etherStatsPkts65- The total number of packets (including bad packets) received that were
to127Octets between 65 and 127 octets in length (excluding framing bits but including
FCS octets).

etherStatsPkts128- The total number of packets (including bad packets) received that were
to255Octets between 128 and 255 octets in length (excluding framing bits but includ-
ing Frame Check Sequence (FCS) octets).

etherStatsPkts256- The total number of packets (including bad packets) received that were
to511Octets between 256 and 511 octets in length (excluding framing bits but includ-
ing FCS octets).

etherStatsPkts512- The total number of packets (including bad packets) received that were
to1023Octets between 512 and 1023 octets in length (excluding framing bits but includ-
ing FCS octets).

etherStatsPkts- The total number of packets (including bad packets) received that were
1024to1518Octets between 1024 and 1518 octets in length (excluding framing bits but
including FCS octets).

Chapter 5: The Statistics Menu „ 167


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/port <port number>/dump


Port Dump Statistics

Bridging statistics for port 1:


dot1PortInFrames: 1284
dot1PortOutFrames: 142
dot1PortInDiscards: 130
dot1TpLearnedEntryDiscards: 0
dot1BasePortDelayExceededDiscards: NA
dot1BasePortMtuExceededDiscards: NA
dot1StpPortForwardTransitions: 2
------------------------------------------------------------------
Ethernet statistics for port 1:
dot3StatsAlignmentErrors: 0
dot3StatsFCSErrors: 0
dot3StatsSingleCollisionFrames: 0
dot3StatsMultipleCollisionFrames: 0
dot3StatsSQETestErrors: NA
dot3StatsDeferredTransmissions: 0
dot3StatsLateCollisions: 0
dot3StatsExcessiveCollisions: 0
dot3StatsInternalMacTransmitErrors: NA
dot3StatsCarrierSenseErrors: 1
dot3StatsFrameTooLongs: 0
dot3StatsInternalMacReceiveErrors: 0
dot3CollFrequencies [1-15]: NA
------------------------------------------------------------------
Interface statistics for port 1:
ifHCIn Counters ifHCOut Counters
Octets: 124166 19560
UcastPkts: 39 27
BroadcastPkts: 631 14
MulticastPkts: 614 101
Discards: 130 0
Errors: 1 0
------------------------------------------------------------------
IP statistics for port 1:
ipInReceives: 0
ipInAddrErrors: 0 ipForwDatagrams: 0
ipInUnknownProtos: 0 ipInDiscards: 0
ipInDelivers: 0
ipTtlExceeds: 0
ipLANDattacks: 0
------------------------------------------------------------------
Link statistics for port 1:
linkStateChange: 3
------------------------------------------------------------------

168 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

RMON statistics for port 1:


etherStatsDropEvents: 0
etherStatsOctets: 123840
etherStatsPkts: 1406
etherStatsBroadcastPkts: 698
etherStatsMulticastPkts: 669
etherStatsCRCAlignErrors: 0
etherStatsUndersizePkts: 0
etherStatsOversizePkts: 0
etherStatsFragments: 0
etherStatsJabbers: 0
etherStatsCollisions: 0
etherStatsPkts64Octets: 906
etherStatsPkts65to127Octets: 548
etherStatsPkts128to255Octets: 35
etherStatsPkts256to511Octets: 25
etherStatsPkts512to1023Octets: 16
etherStatsPkts1024to1518Octets: 8

Chapter 5: The Statistics Menu „ 169


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/pmirr
Port mirroring statistics menu
This menu displays port mirroring statistics on an all ports basis.

[Port Mirroring Statistics Menu]


dump - Show port mirroring stats
clear - Clear all port mirroring stats

Table 5-10 PMIRR Statistics Menu Options (/stats/pmirr)

Command Syntax and Usage

dump
Displays all mirrored port statistics.

clear
Clears the port statistics.

/stats/l2
Layer 2 Statistics Menu

[Layer 2 Statistics Menu]


fdb - Show FDB stats
lacp - Show LACP stats
stg - Show STG stats
dump - Dump layer 2 stats

Table 5-11 Layer 2 Statistics Menu Options (/stats/l2)

Command Syntax and Usage

fdb
Displays Forwarding Database statistics. To view statistics and their description, see page 171.

lacp <port number (1 to max num ports)>


Displays Link Aggregation Control Protocol statistics. To view statistics and their description, see
page 172.

stg
Displays Spanning Tree Group statistics. To view statistics and their description, see page 173.

170 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-11 Layer 2 Statistics Menu Options (/stats/l2)

Command Syntax and Usage

dump
Dump the Layer 2 statistics.

/stats/l2/fdb
FDB Statistics
FDB statistics:
creates: 9611 deletes: 9553
current: 58 hiwat: 65
lookups: 850254 lookup fails: 151373
finds: 5832 find fails: 0
find_or_c's: 11874 overflows: 0
max: 16384

This menu option enables you to display statistics regarding the use of the forwarding data-
base, including the number of new entries, finds, and unsuccessful searches.

FDB statistics are described in the following table:

Table 5-12 Forwarding Database Statistics (/stats/l2/fdb)

Statistic Description

creates Number of entries created in the Forwarding Database.

current Current number of entries in the Forwarding Database.

lookups Number of entry lookups in the Forwarding Database.

finds Number of successful searches in the Forwarding Database.

find_or_c’s Number of entries found or created in the Forwarding Database.

deletes Number of entries deleted from the Forwarding Database.

hiwat Highest number of entries recorded at any given time in the Forwarding
Database.

lookup fails Number of unsuccessful searches made in the Forwarding Database.

find fails Number of search failures in the Forwarding Database.

overflows Number of entries overflowing the Forwarding Database.

Chapter 5: The Statistics Menu „ 171


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-12 Forwarding Database Statistics (/stats/l2/fdb)

Statistic Description

max Number of maximum Forwarding Database entries supported by the


switch.

/stats/l2/lacp
LACP Statistics

>> Layer 2 Statistics# lacp 1


port 1
Valid LACPDUs received - 9394
Valid Marker PDUs received - 0
Valid Marker Rsp PDUs received - 0
Unknown version/TLV type - 0
Illegal subtype received - 0
LACPDUs transmitted - 8516
Marker PDUs transmitted - 0
Marker Rsp PDUs transmitted - 0

Table 5-13 LACP Statistics Parameters (/stats?l2/lacp)

Field Description

Valid LACPDUs received The number of LACPDUs that the switch received on this port.

Valid Marker PDUs The number of valid Marker PDUs that the switch received on this
received port.

Valid Marker Rsp PDUs The number of valid Marker Responses that the switch received on
received this port.

Unknown version/TLV The number of unknown version or TLV type that the switch
type received on this port.

Illegal subtype The number of illegal LACP subtype received on this port.
received

LACPDUs transmitted The number of LACPDUs transmitted out of this port.

Marker PDUs transmit- The number of Marker PDUs transmitted out of this port.
ted

Marker Rsp PDUs trans- The number of Marker Responses transmitted out of this port.
mitted

172 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/l2/stg
Spanning Tree Group Statistics

Spanning Tree Group 1:


Port Rcv Cfg Rcv TCN Xmt Cfg Xmt TCN
----- ---------- ---------- ---------- ----------
1 0 0 0 0
2 0 0 0 0
3 0 0 0 0
4 0 0 0 0
5 0 0 0 0
6 0 0 0 0
7 0 0 0 0
8 0 0 0 0
9 139046 176 27 15
10 0 0 0 0
11 0 0 0 0
12 0 0 0 0
13 0 0 0 0
14 0 0 0 0
15 0 0 0 0
16 0 0 0 0
17 0 0 0 0
18 0 0 0 0
19 0 0 0 0
20 0 0 0 0
21 0 0 0 0
22 0 0 0 0
23 0 0 0 0
24 0 0 0 0
25 0 0 0 0
26 0 0 0 0
27 0 0 0 0
28 0 0 0 0

Table 5-14 Spanning Tree Group Statistics Parameters (/stats/l2/stg)

Field Description

Port Displays the port number.

Rcv cfg Displays the number of configuration BPDUs received

Rcv TCN Displays the number of TCN (Topology Change Notification) mes-
sages received.

Xmt Cfg Displays the number of configuration BPDUs transmitted.

Chapter 5: The Statistics Menu „ 173


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-14 Spanning Tree Group Statistics Parameters (/stats/l2/stg)

Field Description

Xmt TCN Displays the number of TCN (Topology Change Notification) mes-
sages transmitted

/stats/l3
Layer 3 Statistics Menu

[Layer 3 Statistics Menu]


ospf - OSPF Statistics Menu
ip - Show IP stats
ip6 - Show IP6 stats
route - Show route stats
arp - Show ARP stats
vrrp - Show VRRP stats
dns - Show DNS stats
icmp - Show ICMP stats
if - Show IP interface ("if") stats
tcp - Show TCP stats
udp - Show UDP stats
ifclear - Clear IP interface ("if") stats
ipclear - Clear IP stats
dump - Dump layer 3 stats

Table 5-15 Layer 3 Statistics Menu (/stats/l3)

Command Syntax and Usage

ospf
Displays OSPF statistics Menu. See page 176 for sample output.

ip
Displays IP statistics. See page 181 for sample output.

ip6
Displays IP6 statistics.See page 184 for sample output.

route
Displays route statistics. See page 189 for sample output.

arp
Displays Address Resolution Protocol (ARP) statistics. See page 190 for sample output.

174 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-15 Layer 3 Statistics Menu (/stats/l3)

Command Syntax and Usage

vrrp
When virtual routers are configured, you can display the following protocol statistics for VRRP:
„ Advertisements received (vrrpInAdvers)
„ Advertisements transmitted (vrrpOutAdvers)
„ Advertisements received, but ignored (vrrpBadAdvers)
See page 191 for sample output.

dns
Displays Domain Name Server/System (DNS) statistics. See page 192 for sample output.

icmp
Displays ICMP statistics. See page 193 for sample output.

if <interface number (1-256)>


Displays IP interface statistics for the management processors. See page 195 for sample output.

tcp
Displays TCP statistics. See page 197 for sample output.

udp
Displays UDP statistics. See page 199 for sample output.

ifclear
Clears IP interface statistics. Use this command with caution as it will delete all the IP interface
statistics.

ipclear
Clears IP statistics. Use this command with caution as it will delete all the IP statistics.

dump
Dumps all Layer 3 switch statistics. Use this command to gather data for tuning and debugging
Layer 3 switch performance. If you want to capture dump data to a file, set your communication
software on your workstation to capture session data prior to issuing the dump command.

Chapter 5: The Statistics Menu „ 175


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/l3/ospf
OSPF Statistics Menu
[OSPF stats Menu]
general - Show global stats
aindex - Show area(s) stats
if - Show interface(s) stats

Table 5-16 OSPF Statistics Menu (/stats/l3/ospf)

Command Syntax and Usage

general
Displays global statistics. See page 177 for sample output and details.

aindex <area index (0-2)>


Displays area index statistics.

if <interface number (1-256)>


Displays interface statistics.

176 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/l3/ospf/general
OSPF Global Statistics
The OSPF General Statistics contain the sum total of all OSPF packets received on all OSPF
areas and interfaces.

OSPF stats
----------
Rx/Tx Stats: Rx Tx
-------- --------
Pkts 0 0
hello 23 518
database 4 12
ls requests 3 1
ls acks 7 7
ls updates 9 7

Nbr change stats: Intf change Stats:


hello 2 hello 4
start 0 down 2
n2way 2 loop 0
adjoint ok 2 unloop 0
negotiation done 2 wait timer 2
exchange done 2 backup 0
bad requests 0 nbr change 5
bad sequence 0
loading done 2
n1way 0
rst_ad 0
down 1

Timers kickoff
hello 514
retransmit 1028
lsa lock 0
lsa ack 0
dbage 0
summary 0
ase export 0

Chapter 5: The Statistics Menu „ 177


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-17 OSPF General Statistics (stats/l3/ospf/general)

Statistics Description

Rx/Tx Stats:

Rx Pkts The sum total of all OSPF packets received on all OSPF areas and inter-
faces.

Tx Pkts The sum total of all OSPF packets transmitted on all OSPF areas and
interfaces.

Rx Hello The sum total of all Hello packets received on all OSPF areas and inter-
faces.

Tx Hello The sum total of all Hello packets transmitted on all OSPF areas and
interfaces.

Rx Database The sum total of all Database Description packets received on all OSPF
areas and interfaces.

Tx Database The sum total of all Database Description packets transmitted on all
OSPF areas and interfaces.

Rx ls Requests The sum total of all Link State Request packets received on all OSPF
areas and interfaces.

Tx ls Requests The sum total of all Link State Request packets transmitted on all OSPF
areas and interfaces.

Rx ls Acks The sum total of all Link State Acknowledgement packets received on all
OSPF areas and interfaces.

Tx ls Acks The sum total of all Link State Acknowledgement packets transmitted on
all OSPF areas and interfaces.

Rx ls Updates The sum total of all Link State Update packets received on all OSPF areas
and interfaces.

Tx ls Updates The sum total of all Link State Update packets transmitted on all OSPF
areas and interfaces.

178 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-17 OSPF General Statistics (stats/l3/ospf/general) (Continued)

Statistics Description

Nbr Change Stats:

hello The sum total of all Hello packets received from neighbors on all OSPF
areas and interfaces.

Start The sum total number of neighbors in this state (that is, an indication that
Hello packets should now be sent to the neighbor at intervals of Hel-
loInterval seconds) across all OSPF areas and interfaces.

n2way The sum total number of bidirectional communication establishment


between this router and other neighboring routers.

adjoint ok The sum total number of decisions to be made (again) as to whether an


adjacency should be established/maintained with the neighbor across all
OSPF areas and interfaces.

negotiation done The sum total number of neighbors in this state wherein the Master/slave
relationship has been negotiated, and sequence numbers have been
exchanged, across all OSPF areas and interfaces.

exchange done The sum total number of neighbors in this state (that is, in an adjacency's
final state) having transmitted a full sequence of Database Description
packets, across all OSPF areas and interfaces.

bad requests The sum total number of Link State Requests which have been received
for a link state advertisement not contained in the database across all
interfaces and OSPF areas.

bad sequence The sum total number of Database Description packets which have been
received that either:
a) Has an unexpected DD sequence number
b) Unexpectedly has the init bit set
c) Has an options field differing from the last Options field
received in a Database Description packet.
Any of these conditions indicate that some error has occurred during
adjacency establishment for all OSPF areas and interfaces.

loading done The sum total number of link state updates received for all out-of-date
portions of the database across all OSPF areas and interfaces.

n1way The sum total number of Hello packets received from neighbors, in which
this router is not mentioned across all OSPF interfaces and areas.

rst_ad The sum total number of times the Neighbor adjacency has been reset
across all OPSF areas and interfaces.

Chapter 5: The Statistics Menu „ 179


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-17 OSPF General Statistics (stats/l3/ospf/general) (Continued)

Statistics Description

down The total number of Neighboring routers down (that is, in the initial
state of a neighbor conversation) across all OSPF areas and interfaces.

Intf Change Stats:

hello The sum total number of Hello packets sent on all interfaces and areas.

down The sum total number of interfaces down in all OSPF areas.

loop The sum total of interfaces no longer connected to the attached network
across all OSPF areas and interfaces.

unloop The sum total number of interfaces, connected to the attached network in
all OSPF areas.

wait timer The sum total number of times the Wait Timer has been fired, indicating
the end of the waiting period that is required before electing a (Backup)
Designated Router across all OSPF areas and interfaces.

backup The sum total number of Backup Designated Routers on the attached net-
work for all OSPF areas and interfaces.

nbr change The sum total number of changes in the set of bidirectional neighbors
associated with any interface across all OSPF areas.

Timers Kickoff:

hello The sum total number of times the Hello timer has been fired (which trig-
gers the send of a Hello packet) across all OPSF areas and interfaces.

retransmit The sum total number of times the Retransmit timer has been fired across
all OPSF areas and interfaces.

lsa lock The sum total number of times the Link State Advertisement (LSA) lock
timer has been fired across all OSPF areas and interfaces.

lsa ack The sum total number of times the LSA Ack timer has been fired across
all OSPF areas and interfaces.

dbage The total number of times the data base age (Dbage) has been fired.

summary The total number of times the Summary timer has been fired.

ase export The total number of times the Autonomous System Export (ASE) timer
has been fired.

180 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/l3/ip
IP Statistics
IP statistics:
ipInReceives: 3115873 ipInHdrErrors: 1
ipInAddrErrors: 35447 ipForwDatagrams: 0
ipInUnknownProtos: 500504 ipInDiscards: 0
ipInDelivers: 2334166 ipOutRequests: 1010542
ipOutDiscards: 4 ipOutNoRoutes: 4
ipReasmReqds: 0 ipReasmOKs: 0
ipReasmFails: 0 ipFragOKs: 0
ipFragFails: 0 ipFragCreates: 0
ipRoutingDiscards: 0 ipDefaultTTL: 255
ipReasmTimeout: 5

Table 5-18 IP Statistics (/stats/l3/ip)

Statistics Description

ipInReceives The total number of input datagrams received from interfaces, including
those received in error.

ipInHdrErrors The number of input datagrams discarded due to errors in their IP head-
ers, including bad checksums, version number mismatch, other format
errors, time-to-live exceeded, errors discovered in processing their IP
options, and so forth.

ipInAddrErrors The number of input datagrams discarded because the IP address in their
IP header's destination field was not a valid address to be received at this
entity (the switch). This count includes invalid addresses (for example,
0.0.0.0) and addresses of unsupported Classes (for example, Class E). For
entities which are not IP Gateways and therefore do not forward data-
grams, this counter includes datagrams discarded because the destination
address was not a local address.

ipForwDatagrams The number of input datagrams for which this entity (the switch) was not
their final IP destination, as a result of which an attempt was made to find
a route to forward them to that final destination. In entities which do not
act as IP Gateways, this counter will include only those packets, which
were Source-Routed via this entity (the switch), and the Source- Route
option processing was successful.

ipInUnknownProtos The number of locally addressed datagrams received successfully but dis-
carded because of an unknown or unsupported protocol.

Chapter 5: The Statistics Menu „ 181


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-18 IP Statistics (/stats/l3/ip)

Statistics Description

ipInDiscards The number of input IP datagrams for which no problems were encoun-
tered to prevent their continued processing, but which were discarded (for
example, for lack of buffer space). Note that this counter does not include
any datagrams discarded while awaiting re-assembly.

ipInDelivers The total number of input datagrams successfully delivered to IP user-


protocols (including ICMP).

ipOutRequests The total number of IP datagrams which local IP user-protocols (includ-


ing ICMP) supplied to IP in requests for transmission. Note that this
counter does not include any datagrams counted in
ipForwDatagrams.

ipOutDiscards The number of output IP datagrams for which no problem was


encountered to prevent their transmission to their destination, but which
were discarded (for example, for lack of buffer space). Note that this
counter would include datagrams counted in ipForwDatagrams if any
such packets met this (discretionary) discard criterion.

ipOutNoRoutes The number of IP datagrams discarded because no route could be found


to transmit them to their destination. Note that this counter includes any
packets counted in ipForwDatagrams, which meet this no-route cri-
terion. Note that this includes any datagrams which a host cannot route
because all of its default gateways are down.

ipReasmReqds The number of IP fragments received which needed to be reassembled at


this entity (the switch).

ipReasmOKs The number of IP datagrams successfully re- assembled.

ipReasmFails The number of failures detected by the IP re- assembly algorithm (for
whatever reason: timed out, errors, and so forth). Note that this is not nec-
essarily a count of discarded IP fragments since some algorithms (notably
the algorithm in RFC 815) can lose track of the number of fragments by
combining them as they are received.

ipFragOKs The number of IP datagrams that have been successfully fragmented at


this entity (the switch).

ipFragFails The number of IP datagrams that have been discarded because they
needed to be fragmented at this entity (the switch) but could not be, for
example, because their Don't Fragment flag was set.

ipFragCreates The number of IP datagram fragments that have been generated as a


result of fragmentation at this entity (the switch).

182 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-18 IP Statistics (/stats/l3/ip)

Statistics Description

ipRoutingDiscards The number of routing entries, which were chosen to be discarded even
though they are valid. One possible reason for discarding such an entry
could be to free-up buffer space for other routing entries.

ipDefaultTTL The default value inserted into the Time-To-Live (TTL) field of the
IP header of datagrams originated at this entity (the switch), whenever a
TTL value is not supplied by the transport layer protocol.

ipReasmTimeout The maximum number of seconds, which received fragments are held
while they are awaiting reassembly at this entity (the switch).

Chapter 5: The Statistics Menu „ 183


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/l3/ip6
IP6 Statistics Menu
>> Layer 3 Statistics# /stat/l3/ip6
------------------------------------------------------------------
IP6 statistics:
InReceives: 20519 InDiscards: 2
InDelivers: 24793 ForwDatagrams: 0
UnknownProtos: 0 InAddrErrors: 0
OutRequests: 34548 OutNoRoutes: 0
ReasmOKs: 0 ReasmFails: 0
IcmpInMsgs: 24793 IcmpInErrors: 4268
IcmpOutMsgs: 12829 IcmpOutErrors: 4271
InEchos: 0 OutEchos: 8538
InEchoReplies: 8536 OutEchoReplies: 0
InDestUnreachs: 4268 OutDestUnreachs: 4271
InPktTooBigs: 0 OutPktTooBigs: 0
InTimeExcds: 0 OutTimeExcds: 0
------------------------------------------------------------------

ICMP6 statistics:

Interface: 1
InMsgs: 18929 InErrors: 0
InEchos: 0 InEchoReplies: 4268
InNeighborSolicits: 4513 InNeighborAdvertisements:4271
InRouterSolicits: 0 InRouterAdvertisements: 5877
InDestUnreachs: 0 InTimeExcds: 0
InPktTooBigs: 0 InParmProblems: 0
InRedirects: 0
OutMsgs: 4280 OutErrors: 0
OutEchos: 4269 OutEchoReplies: 0
OutNeighborSolicits: 3 OutNeighborAdvertisements:4516
OutRouterSolicits: 0 OutRouterAdvertisements: 1
OutRedirects: 0
------------------------------------------------------------------

Interface: 7
InMsgs: 5864 InErrors: 4268
InEchos: 0 InEchoReplies: 4268
InNeighborSolicits: 122 InNeighborAdvertisements: 3
InRouterSolicits: 0 InRouterAdvertisements: 1471
InDestUnreachs: 4268 InTimeExcds: 0
InPktTooBigs: 0 InParmProblems: 0
InRedirects: 0
OutMsgs: 8549 OutErrors: 4271
OutEchos: 4269 OutEchoReplies: 0
OutNeighborSolicits: 2 OutNeighborAdvertisements:124
OutRouterSolicits: 0 OutRouterAdvertisements: 1
OutRedirects: 0
------------------------------------------------------------------

IP6 gateway health check statistics:


gateway 5 echo-req 4269 echo-resp 4268 fails 0
gateway 7 echo-req 4269 echo-resp 0 fails 4268

184 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-19 IPv6 Statistics (/stats/l3/ip6)

Statistics Description

IP6 Statistics Section

InReceives The total number of input datagrams received by the interface,


including those received in error.

InDelivers The total number of datagrams successfully delivered to IPv6 user-


protocols (including ICMP). This counter is incremented at the
interface to which these datagrams were addressed which might not
be necessarily the input interface for some of the datagrams.

UnknownProtos The number of locally-addressed datagrams received successfully


but discarded because of an unknown or unsupported protocol. This
counter is incremented at the interface to which these datagrams
were addressed which might not be necessarily the input interface
for some of the datagrams.

OutRequests The total number of IPv6 datagrams which local IPv6 user-protocols
(including ICMP) supplied to IPv6 in requests for transmission.
Note that this counter does not include any datagrams counted in
ipv6IfStatsOutForwDatagrams.

ReasmOKs The number of IPv6 datagrams successfully reassembled. Note that


this counter is incremented at the interface to which these datagrams
were addressed which might not be necessarily the input interface
for some of the fragments.

InDiscards The number of input IPv6 datagrams for which no problems were
encountered to prevent their continued processing, but which were
discarded (e.g., for lack of buffer space). Note that this counter does
not include any datagrams discarded while awaiting re-assembly.

ForwDatagrams The number of output datagrams which this entity received and for-
warded to their final destinations. In entities which do not act as
IPv6 routers, this counter will include only those packets which
were Source-Routed via this entity, and the Source-Route processing
was successful. Note that for a successfully forwarded datagram the
counter of the outgoing interface is incremented.

InAddrErrors The number of input datagrams discarded because the IPv6 address
in their IPv6 header's destination field was not a valid address to be
received at this entity. This count includes invalid addresses (e.g.,
::0) and unsupported addresses (e.g., addresses with unallocated pre-
fixes). For entities which are not IPv6 routers and therefore do not
forward datagrams, this counter includes datagrams discarded
because the destination address was not a local address.

Chapter 5: The Statistics Menu „ 185


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-19 IPv6 Statistics (/stats/l3/ip6) (Continued)

Statistics Description

OutNoRoutes The number of locally generated IP datagrams discarded because no


route could be found to transmit them to their destination.

ReasmFails The number of failures detected by the IPv6 re-assembly algorithm


(for whatever reason: timed out, errors, etc.). Note that this is not
necessarily a count of discarded IPv6 fragments since
some algorithms (notably the algorithm in RFC 815) can lose track
of the number of fragments by combining them as they are received.
This counter is incremented at the interface to which these fragments
were addressed which might not be necessarily the input interface
for some of the fragments.

IcmpInMsgs The total number of ICMP messages received by the interface which
includes all those counted by ipv6IfIcmpInErrors. Note that this
interface is the interface to which the ICMP messages were
addressed which may not be necessarily the input interface for the
messages.

IcmpOutMsgs The total number of ICMP messages which this interface attempted
to send. Note that this counter includes all those counted
by icmpOutErrors

IcmpInErrors The number of ICMP messages which the interface received but
determined as having ICMP-specific errors (bad ICMP checksums,
bad length, etc.).

IcmpOutErrors The number of ICMP messages which this interface did not send due
to problems discovered within ICMP such as a lack of buffers. This
value should not include errors discovered outside the ICMP layer
such as the inability of IPv6 to route the resultant datagram. In some
implementations there may be no types of error which contribute to
this counter's value.

IcmpInEchos The number of ICMP Echo (request) messages received by the inter-
face.

ICMP6 Statistics Section

InMsgs The total number of ICMP messages received by the interface which
includes all those counted by ipv6IfIcmpInErrors. Note that this
interface is the interface to which the ICMP messages were
addressed which may not be necessarily the input interface for the
messages.

InNeighborSolicits The number of ICMP Neighbor Solicit messages received by the


interface.

186 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-19 IPv6 Statistics (/stats/l3/ip6) (Continued)

Statistics Description

InRouterSolicits The number of ICMP Router Solicit messages received by the inter-
face.

InDestUnreachs The number of ICMP Destination Unreachable messages received


by the interface.

InPktTooBigs The number of ICMP Packet Too Big messages received by the
interface.

InRedirects The number of Redirect messages received by the interface.

InErrors The number of ICMP messages which the interface received but
determined as having ICMP-specific errors (bad ICMP checksums,
bad length, etc.).

InEchoReplies The number of ICMP Echo Reply messages received by the inter-
face.

InNeighborAdvertisements The number of ICMP Neighbor Advertisement messages received


by the interface.

InRouterAdvertisements The number of ICMP Router Advertisement messages received by


the interface.

InTimeExcds The number of ICMP Time Exceeded messages received by the


interface.

InParmProblems The number of ICMP Parameter Problem messages received by the


interface.

OutMsgs The total number of ICMP messages which this interface attempted
to send.

OutEchos The number of ICMP Echo Request messages sent by the interface.

OutNeighborSolicits The number of ICMP Neighbor Solicitation messages sent by the


interface.

OutRouterSolicits The number of ICMP Router Solicitation messages sent by


the interface.

OutRedirects The number of Redirect messages sent. For a host, this object will
always be zero, since hosts do not send redirects.

Chapter 5: The Statistics Menu „ 187


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-19 IPv6 Statistics (/stats/l3/ip6) (Continued)

Statistics Description

OutErrors The number of ICMP messages which this interface did not send due
to problems discovered within ICMP such as a lack of buffers. This
value should not include errors discovered outside the ICMP layer
such as the inability of IPv6 to route the resultant datagram. In some
implementations there may be no types of error which contribute to
this counter's value.

OutEchoReplies The number of ICMP Echo Reply messages sent by the interface.

OutNeighborAdvertisements The number of ICMP Neighbor Advertisement messages sent by the


interface.

OutRouterAdvertistments The number of ICMP Router Advertisement messages sent by the


interface.

188 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/l3/route
Route Statistics
Route statistics:
ipRoutesCur: 3 ipRoutesHighWater: 3
ipRoutesMax: 4096
------------------------------------------------------------------

SP Route statistics:
SP ipRoutesCur ipRoutesHighWater ipRoutesMax
--- ------------- ------------------- -------------
1 3 3 4096
2 3 3 4096
3 3 3 4096
4 3 3 4096
------------------------------------------------------------------

RIP statistics:
ripInPkts: 0 ripOutPkts: 0
ripDiscardPkts: 0 ripRoutesAgedOut: 0

BGP statistics:
bgpInPkts: 0 bgpOutPkts: 0
bgpBadPkts: 0 bgpSessFailures: 0
bgpRoutesAdded: 0 bgpRoutesRemoved: 0
bgpRoutesCur: 0 bgpRoutesFailed: 0
bgpRoutesIgnored: 0 bgpRoutesFiltered: 0

Table 5-20 Route Statistics (/stats/l3/route)

Statistics Description

Route Statistics & SP


Route Statistics:

ipRoutesCur The total number of outstanding routes in the route table.

ipRoutesHighWater The highest number of routes ever recorded in the route table.

ipRoutesMax The maximum number of supported routes.

RIP statistics:

ripInPkts The total number of good RIP advertisement packets received.

ripOutPkts The total number of RIP advertisement packets sent.

ripDiscardPkts The total number of RIP advertisement packets received that were
dropped.

Chapter 5: The Statistics Menu „ 189


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-20 Route Statistics (/stats/l3/route)

Statistics Description

ripRoutesAgedOut The total number of routes learned via RIP that has aged out.

BGP statistics:

bgpInPkts The total number of BGP packets received.

bgpOutPkts The total number of BGP packets sent.

bgpBadPkts The total number of BGP packets dropped.

bgpSessFailures The total number of failed sessions.

bgpRoutesAdded The total number of routes that were added to the routing table.

bgpRoutesRemoved The total number of routes that were removed from the routing table.

bgpRoutesCur The total number of current BGP routes.

bgpRoutesFailed The total number of BGP routes that failed to add in the routing table.

bgpRoutesIgnored The total number of routes ignored because the peer was not con-
nected locally or multihop was not configured.

bgpRoutesFiltered The total number of routes dropped by the filter.

/stats/l3/arp
ARP statistics
This menu option enables you to display Address Resolution Protocol statistics.

MP ARP statistics:
arpEntriesCur: 2 arpEntriesHighWater: 2
arpEntriesMax: 8192
------------------------------------------------------------------

SP ARP statistics:
SP arpEntriesCur arpEntriesHighWater arpEntriesMax
--- --------------- --------------------- ---------------
1 1 1 8192
2 1 1 8192
3 1 1 8192
4 1 1 8192

190 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-21 ARP Statistics (/stats/l3/arp)

Statistics Description

arpEntriesCur The total number of outstanding ARP entries in the ARP table.

arpEntriesHighWater The highest number of ARP entries ever recorded in the ARP table.

arpEntriesMax The maximum number of ARP entries that are supported.

/stats/l3/vrrp
VRRP Statistics
Virtual Router Redundancy Protocol (VRRP) support on the Nortel Application Switch provides
redundancy between routers in a LAN. This is accomplished by configuring the same virtual
router IP address and ID number on each participating VRRP-capable routing device. One of
the virtual routers is then elected as the master, based on a number of priority criteria, and
assumes control of the shared virtual router IP address. If the master fails, one of the backup
virtual routers will assume routing authority and take control of the virtual router IP address.

When virtual routers are configured, you can display the following protocol statistics for VRRP:

„ Advertisements received (vrrpInAdvers)


„ Advertisements transmitted (vrrpOutAdvers)
„ Advertisements received, but ignored (vrrpBadAdvers)
The statistics for the VRRP LAN are displayed:

VRRP statistics:
vrrpInAdvers: 0 vrrpBadAdvers: 0
vrrpOutAdvers: 0
vrrpBadVersion: 0 vrrpBadVrid: 0
vrrpBadAddress: 0 vrrpBadData: 0
vrrpBadPassword: 0 vrrpBadInterval: 0

Table 5-22 VRRP Statistics (/stats/l3/vrrp)

Statistics Description

vrrpInAdvers The total number of VRRP advertisements that have been received.

vrrpBadAdvers The total number of VRRP advertisements received that were dropped.

vrrpOutAdvers The total number of VRRP advertisements that have been sent.

vrrpBadVersion

Chapter 5: The Statistics Menu „ 191


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-22 VRRP Statistics (/stats/l3/vrrp)

Statistics Description

vrrpBadVrid

vrrpBadAddress

vrrpBadData

vrrpBadPassword

vrrpBadInterval

/stats/l3/dns
DNS Statistics
This menu option enables you to display Domain Name System statistics.

DNS statistics:
dnsInRequests: 0 dnsOutRequests: 0
dnsBadRequests: 0

Table 5-23 DNS Statistics (/stats/l3/dns)


Statistics Description
dnsInRequests The total number of DNS request packets that have been received.
dnsOutRequests The total number of DNS response packets that have been transmitted.
dnsBadRequests The total number of DNS request packets received that were dropped.

192 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/l3/icmp
ICMP Statistics
ICMP statistics:
icmpInMsgs: 245802 icmpInErrors: 1393
icmpInDestUnreachs: 41 icmpInTimeExcds: 0
icmpInParmProbs: 0 icmpInSrcQuenchs: 0
icmpInRedirects: 0 icmpInEchos: 18
icmpInEchoReps: 244350 icmpInTimestamps: 0
icmpInTimestampReps: 0 icmpInAddrMasks: 0
icmpInAddrMaskReps: 0 icmpOutMsgs: 253810
icmpOutErrors: 0 icmpOutDestUnreachs: 15
icmpOutTimeExcds: 0 icmpOutParmProbs: 0
icmpOutSrcQuenchs: 0 icmpOutRedirects: 0
icmpOutEchos: 253777 icmpOutEchoReps: 18
icmpOutTimestamps: 0 icmpOutTimestampReps: 0
icmpOutAddrMasks: 0 icmpOutAddrMaskReps: 0

Table 5-24 ICMP Statistics (/stats/l3/icmp)

Statistics Description

icmpInMsgs The total number of ICMP messages which the entity (the switch)
received. Note that this counter includes all those counted by
icmpInErrors.

icmpInErrors The number of ICMP messages which the entity (the switch)
received but determined as having ICMP-specific errors (bad ICMP
checksums, bad length, and so forth).

icmpInDestUnreachs The number of ICMP Destination Unreachable messages received.

icmpInTimeExcds The number of ICMP Time Exceeded messages received.

icmpInParmProbs The number of ICMP Parameter Problem messages received.

icmpInSrcQuenchs The number of ICMP Source Quench (buffer almost full, stop send-
ing data) messages received.

icmpInRedirects The number of ICMP Redirect messages received.

icmpInEchos The number of ICMP Echo (request) messages received.

icmpInEchoReps The number of ICMP Echo Reply messages received.

icmpInTimestamps The number of ICMP Timestamp (request) messages received.

icmpInTimestampReps The number of ICMP Timestamp Reply messages received.

icmpInAddrMasks The number of ICMP Address Mask Request messages received.

Chapter 5: The Statistics Menu „ 193


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-24 ICMP Statistics (/stats/l3/icmp)

Statistics Description

icmpInAddrMaskReps The number of ICMP Address Mask Reply messages received.

icmpOutMsgs The total number of ICMP messages which this entity (the switch)
attempted to send. Note that this counter includes all those counted
by icmpOutErrors.

icmpOutErrors The number of ICMP messages which this entity (the switch) did not
send due to problems discovered within ICMP such as a lack of
buffer. This value should not include errors discovered outside the
ICMP layer such as the inability of IP to route the resultant data-
gram. In some implementations there may be no types of errors that
contribute to this counter's value.

icmpOutDestUnreachs The number of ICMP Destination Unreachable messages sent.

icmpOutTimeExcds The number of ICMP Time Exceeded messages sent.

icmpOutParmProbs The number of ICMP Parameter Problem messages sent.

icmpOutSrcQuenchs The number of ICMP Source Quench (buffer almost full, stop send-
ing data) messages sent.

icmpOutRedirects The number of ICMP Redirect messages sent. For a host, this object
will always be zero, since hosts do not send redirects.

icmpOutEchos The number of ICMP Echo (request) messages sent.

icmpOutEchoReps The number of ICMP Echo Reply messages sent.

icmpOutTimestamps The number of ICMP Timestamp (request) messages sent.

icmpOutTimestampReps The number of ICMP Timestamp Reply messages sent.

icmpOutAddrMasks The number of ICMP Address Mask Request messages sent.

icmpOutAddrMaskReps The number of ICMP Address Mask Reply messages sent.

194 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/l3/if <interface number>


Interface Statistics
IP interface 1 statistics:
ifInOctets: 48948386 ifInUcastPkts: 220553
ifInNUCastPkts: 167895 ifInDiscards: 0
ifInErrors: 0 ifInUnknownProtos: 0
ifOutOctets: 27100789 ifOutUcastPkts: 441938
ifOutNUcastPkts: 218652 ifOutDiscards: 0
ifOutErrors: 0 ifStateChanges 1

Table 5-25 Interface Statistics (/stats/if)

Statistics Description

ifInOctets The total number of octets received on the interface, including framing
characters.

ifInUcastPkts The number of packets, delivered by this sub-layer to a higher (sub-


layer), which were not addressed to a multicast or broadcast address at
this sub-layer.

ifInNUCastPkts The number of packets, delivered by this sub-layer to a higher (sub-


layer), which were addressed to a multicast or broadcast address at this
sub-layer. This object is deprecated in favor of ifInMulticastPkts
and ifInBroadcastPkts.

ifInDiscards The number of inbound packets that were chosen to be discarded even
though no errors had been detected to prevent their being delivered to a
higher-layer protocol. One possible reason for discarding such a packet
could be to free up buffer space.

ifInErrors For packet-oriented interfaces, the number of inbound packets that con-
tained errors preventing them from being delivered to a higher-layer pro-
tocol. For character-oriented or fixed-length interfaces, the number of
inbound transmission units that contained errors preventing them from
being deliverable to a higher-layer protocol.

ifInUnknownProtos For packet-oriented interfaces, the number of packets received via the
interface which were discarded because of an unknown or unsupported
protocol. For character-oriented or fixed-length interfaces which support
protocol multiplexing the number of transmission units received via the
interface which were discarded because of an unknown or unsupported
protocol. For any interface which does not support protocol multiplexing,
this counter will always
be 0.

Chapter 5: The Statistics Menu „ 195


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-25 Interface Statistics (/stats/if)

Statistics Description

ifOutOctets The total number of octets transmitted out of the interface, including
framing characters.

ifOutUcastPkts The total number of packets that higher-level protocols requested to be


transmitted, and which were not addressed to a multicast or broadcast
address at this sub-layer, including those that were discarded or not sent.

ifOutNUcastPkts The total number of packets that higher-level protocols requested to be


transmitted, and which were addressed to a multicast or broadcast address
at this sub-layer, including those that were discarded or not sent.
This object is deprecated in favor of ifOutMulticastPkts and
ifOutBroadcastPkts.

ifOutDiscards The number of outbound packets, which were chosen to be discarded


even though no errors had been detected to prevent their being transmit-
ted. One possible reason for discarding such a packet could be to free up
buffer space.

ifOutErrors For packet-oriented interfaces, the number of outbound packets that


could not be transmitted because of errors. For character-oriented or
fixed-length interfaces, the number of outbound transmission units that
could not be transmitted because of errors.

ifStateChanges The number of times an interface has transitioned from either down to up
or from up to down.

196 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/l3/tcp
TCP Statistics
TCP statistics:
tcpRtoAlgorithm: 4 tcpRtoMin: 0
tcpRtoMax: 240000 tcpMaxConn: 1600
tcpActiveOpens: 0 tcpPassiveOpens: 0
tcpAttemptFails: 0 tcpEstabResets: 0
tcpInSegs: 0 tcpOutSegs: 0
tcpRetransSegs: 0 tcpInErrs: 0
tcpCurBuff: 0 tcpCurConn: 6
tcpCurInConn: 0 tcpCurOutConn: 0
tcpCurLstnConn: 3 tcpOutRsts: 0
tcpAllocTCBFails: 0

Table 5-26 TCP Statistics (/stats/l3/tcp)

Statistics Description

tcpRtoAlgorithm The algorithm used to determine the timeout value used for retransmit-
ting unacknowledged octets.

tcpRtoMin The minimum value permitted by a TCP implementation for the retrans-
mission timeout, measured in milliseconds. More refined semantics
for objects of this type depend upon the algorithm used to determine the
retransmission timeout. In particular, when the timeout algorithm is
rsre(3), an object of this type has the semantics of the LBOUND quantity
described in RFC 793.

tcpRtoMax The maximum value permitted by a TCP implementation for the retrans-
mission timeout, measured in milliseconds. More refined semantics
for objects of this type depend upon the algorithm used to determine the
retransmission timeout. In particular, when the timeout algorithm is
rsre(3), an object of this type has the semantics of the UBOUND quantity
described in RFC 793.

tcpMaxConn The limit on the total number of TCP connections the entity (the switch)
can support. In entities where the maximum number of connections is
dynamic, this object should contain the value -1.

tcpActiveOpens The number of times TCP connections have made a direct transition to
the SYN-SENT state from the CLOSED state.

tcpPassiveOpens The number of times TCP connections have made a direct transition to
the SYN-RCVD state from the LISTEN state.

Chapter 5: The Statistics Menu „ 197


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-26 TCP Statistics (/stats/l3/tcp)

Statistics Description

tcpAttemptFails The number of times TCP connections have made a direct transition to
the CLOSED state from either the SYN-SENT state or the SYN-RCVD
state, plus the number of times TCP connections have made a direct tran-
sition to the LISTEN state from the SYN-RCVD state.

tcpEstabResets The number of times TCP connections have made a direct transition to
the CLOSED state from either the ESTABLISHED state or the CLOSE-
WAIT state.

tcpInSegs The total number of segments received, including those received in error.
This count includes segments received on currently established connec-
tions.

tcpOutSegs The total number of segments sent, including those on current connec-
tions but excluding those containing only retransmitted octets.

tcpRetransSegs The total number of segments retransmitted - that is, the number of TCP
segments transmitted containing one or more previously transmitted octets.

tcpInErrs The total number of segments received in error (for example, bad TCP
checksums).

tcpCurBuff The total number of outstanding memory allocations from heap by TCP
protocol stack.

tcpCurConn The total number of outstanding TCP sessions that are currently opened.

tcpCurInConn The total number of remotely-initiated TCP connections.

tcpCurOutConn The total number of switch-originated TCP connection requests.

tcpCurLstnConn The total number of TCP ports on which the switch is listening.

tcpOutRsts The number of TCP segments sent containing the RST flag.

tcpAllocTCBFails

198 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/l3/udp
UDP Statistics
UDP statistics:
udpInDatagrams: 54 udpOutDatagrams: 43
udpInErrors: 0 udpNoPorts: 1578077

Table 5-27 UDP Statistics (/stats/l3/udp)

Statistics Description

udpInDatagrams The total number of UDP datagrams delivered to the switch.

udpOutDatagrams The total number of UDP datagrams sent from this entity (the switch).

udpInErrors The number of received UDP datagrams that could not be delivered for
reasons other than the lack of an application at the destination port.

udpNoPorts The total number of received UDP datagrams for which there was no
application at the destination port.

/stats/slb
Server Load Balancing Statistics Menu
[Server Load Balancing Statistics Menu]
sp - SLB Switch SP Stats Menu
gslb - Global SLB Stats Menu
real - Show real server stats
group - Show real server group stats
virt - Show virtual server stats
filt - Show filter stats
layer7 - Show Layer 7 stats
ssl - Show SSL SLB stats
ftp - Show FTP SLB parsing and NAT stats
rtsp - Show RTSP SLB stats
dns - Show DNS SLB stats
wap - Show WAP SLB stats
maint - Show maintenance stats
sip - Show SIP SLB stats
wlm - Show Workload Manager SASP stats
mirror - Show Session mirroring stats
clear - Clear non-operational Server Load Balancing stats
aux - Show auxiliary session table stats
dump - Dump all SLB statistics

Chapter 5: The Statistics Menu „ 199


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-28 SLB Statistics Menu Options (/stats/slb)

Command Syntax and Usage

sp <SP number (1-4)>


Displays the server load balancing statistics menu. To view menu options, see page 202.

gslb
Displays the Global SLB Statistics menu. For more information, see page 206.

real <real server number (1-1023)>


Displays the following real server statistics:
„ Number of times the real server has failed its health checks
„ Number of sessions currently open on the real server
„ Total sessions the real server was assigned
„ Highest number of simultaneous sessions recorded for each real server
„ Real server transmit/receive octets
See page 211 for sample output.

group <real server group number (1-1024)>


Displays the following real server group statistics:
„ Current and total sessions for each real server in the real server group.
„ Current and total sessions for all real servers associated with the real server group.
„ Highest number of simultaneous sessions recorded for each real server.
„ Real server transmit/receive octets. For per-service octet counters, see page 211.
See page 212 for sample output.

virt <virtual server number (1-1024)>


Displays the following virtual server statistics:
„ Current and total sessions for each real server associated with the virtual server.
„ Current and total sessions for all real servers associated with the virtual server.
„ Highest number of simultaneous sessions recorded for each real server.
„ Real server transmit/receive octets. For per-service octet counters, see page 211.
See page 213 for sample output.

filt <filter ID (1-2048)>


Displays the total number of times any filter has been used. See page 213 for sample output.

layer7
Displays Layer 7 statistics. See page 214 for sample output.

ssl
Displays SSL server load balancing statistics. See page 219 for sample output.

ftp
Displays FTP SLB parsing and NAT statistics. See page 220 for sample output.

rtsp
Displays RTSP SLB statistics. See page 223 for sample output.

200 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-28 SLB Statistics Menu Options (/stats/slb)

Command Syntax and Usage

dns
Displays DNS SLB statistics. See page 224 for sample output.

wap
Displays WAP SLB statistics. See page 225 for sample output.

maint
Displays SLB maintenance statistics. See page 227 for sample output.

sip
Displays SIP SLB statistics. See page 229 for sample output.

wlm <Workload Manager number, 1-16> <clear>


Display Workload Manager SASP statistics. See page 230 for sample output.

mirror
Display session mirroring statistics. See page 231 for sample output.

clear [y|n]
Clears all non-operating SLB statistics on the Nortel Application Switch, resetting them to zero.
This command does not reset the switch and does not affect the following counters:
„ Counters required for Layer 4 and Layer 7 operation (such as current real server sessions).
„ All related SNMP counters.
To view the statistics reset by this command, refer to Table 5-51 on page 230.

aux
Displays auxiliary session table statistics.

dump
Dumps all switch SLB statistics. Use this command to gather data for tuning and debugging switch
performance. To save dump data to a file, set your communication software on your workstation to
capture session data prior to issuing the dump command.

Chapter 5: The Statistics Menu „ 201


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/sp
Server Load Balancing SP statistics Menu
[Server Load Balancing SP Statistics Menu]
real - Show real server stats
group - Show real server group stats
virt - Show virtual server stats
filt - Show filter stats
maint - Show maintenance stats
aux - Show auxiliary session table stats
clear - Clear SP stats

Table 5-29 SP Statistics Menu options (/stats/slb/sp)

Command Syntax and Usage

real <real server number (1-1023)>


Displays real server statistics of the switch port. See page 202 for a sample output.

group <real server group number (1-1024)>


Displays real server group statistics of the switch port. See page 203 for a sample output.

virt <virtual server number (1-1024)>


Displays statistics of the virtual server. See page 203 for a sample output.

filt <filter ID (1-2048)>


Displays statistics of the filter. See page 203 for a sample output.

maint
Displays the SP maintenance statistics. See page 204 for a sample output.

aux
Displays the statistics of the auxiliary session table.

clear
Deletes all the SP statistics.

/stats/slb/sp/real <real server number>


SP Real Server Statistics

Port 1 Real server 1 stats:


Current sessions: 3
Total sessions: 3
Octets: 24

202 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/sp <sp number>/group <real


group server number>
SP Real Group Server Statistics

Real server group 1 stats:


Current Total Highest
Real IP address Sessions Sessions Sessions Octets
---- --------------- -------- ---------- -------- ---------------
1 200.100.10.14 20 60 9 480000
2 200.100.10.15 20 77 12 616000
---- --------------- -------- ---------- -------- ---------------
40 137 21 1096000

/stats/slb/sp <sp number>/virt <virtual


server number>
SP Virtual Server Statistics

Real server group 1 stats:


Current Total Highest
Real IP address Sessions Sessions Sessions Octets
---- --------------- -------- ---------- -------- ---------------
1 200.100.10.14 20 60 9 480000
2 200.100.10.15 20 77 12 616000
---- --------------- -------- ---------- -------- ---------------
200.100.10.100 40 137 21 1096000

/stats/slb/sp <sp number>/filt <filter


number>
SP Filter Statistics

SP 1 Filter 1 stats:
Total firings: 2

Chapter 5: The Statistics Menu „ 203


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/sp <sp number>/maint


SP Maintenance Statistics

SP 1 SLB Maintenance stats:


Maximum sessions: 524276
Current sessions: 0
4 second average: 0
64 second average: 0
Terminated sessions: 0
Allocation failures: 0
Non TCP/IP frames: 0
UDP datagrams: 0
Incorrect VIPs: 0
Incorrect Vports: 0
No available real server: 0
Filtered (denied) frames: 0
LAND attacks: 0
No TCP control bits: 0
Invalid reset packet drops: 0
Total IP fragment sessions: 0
IP fragment sessions: 0
IP fragment discards: 0
IP fragment table full: 0

Table 5-30 SP Maintenance Statistics (/stats/slb/sp/maint)

Statistic Description

Maximum sessions The maximum number of simultaneous sessions supported.

Current Sessions Number of session bindings currently in use (the last 4 and 64 sec-
onds).

Terminated Sessions Number of sessions removed from the session table because the
server assigned to them failed and graceful server failure was not
enabled.

Allocation Failures Indicates instances where the Switch ran out of available sessions for a
port.

UDP Datagrams Indicates that the virtual server IP address and MAC are receiving
UDP frames when UDP balancing is not turned on.

Non TCP/IP Frames Indicates the number of non-IP based frames received by the virtual
server.

Incorrect VIPs Indicates the number of times the switch received a Layer 4 request
for a virtual server which was not configured.

204 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-30 SP Maintenance Statistics (/stats/slb/sp/maint)

Statistic Description

Incorrect Vports This dropped frames counter indicates that the virtual server has
received frames for TCP/UDP services that have not been configured.
Normally this indicates a mis-configuration on the virtual server or the
client, but it may be an indication of a potential security probing appli-
cation like SATAN.

No Available Real This dropped frames counter indicates that all real servers are either
Server out of service or at their maxcon limit.

Backup Server This indicates the number of times a real server failure has occurred
Activations and caused a backup server to be brought online.

Overflow Server Acti- This indicates the number of times a real server has reached the
vations maxcon limit and caused an overflow server to be brought online.

Filtered (Denied) This indicates the number of frames that were dropped because of
Frames one of the following reasons:
1. They matched an active filter with the deny action set.
2. There are no real servers (in the case of redirection filters.)
3. When there are no available session entries.

LAND attacks This counter increases whenever a packet has the same source and
destination IP addresses and ports.

No TCP Control Bits The number of packets that were dropped because the packet had no
control bits set in the TCP header.

Invalid reset packet The number of packets that were dropped because the packet had an
drops invalid reset flag set.

Total IP fragment ses- This represents the total number of fragment sessions the switch has
sions processed so far.

Current IP fragment This represents the current number of fragment sessions.


sessions

IP fragment discards The number of fragmented packets that are discarded due to lack of
resources.

IP fragment table full This counter indicates how many times session table is full.

Chapter 5: The Statistics Menu „ 205


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/gslb
Global SLB Statistics Menu
[Global SLB Statistics Menu]
real - Show Global SLB remote real server stats
virt - Show Global SLB virtual server stats
site - Show Global SLB remote site stats
network - Show Global SLB network preference stats
rule - Show Global SLB rule stats
geo - Show Global SLB geographical preference stats
pers - Show Global SLB DNS persistence cache stats
maint - Show Global SLB maintenance stats
clear - Clear all Global SLB stats
dump - Show all Global SLB stats

Table 5-31 Global SLB Statistics Menu Options (/stats/slb/gslb)

Command Syntax and Usage

real <real server number (1-1023)>


Where the real server number represents the real server ID on this switch, under which the remote
server is configured.
To view an example and description of what is displayed on-screen, see page 211.

virt <virtual server number (1-1024)>


To view an example and description of what is displayed on-screen, see page 207.

site <remote site, 1-64>


Displays Global SLB statistics for the remote site. To view an example, see page 208.

network <network, 1-64>


Displays Global SLB statistics for the network.

rule <rule, 1-64>


Displays Global SLB statistics for the rule.

pers
Displays Global SLB DNS persistence cache statistics.

geo
Displays Global SLB statistics for the geographical preference.

maint
To view an example and description of Global SLB maintenance statistics, see page 209.

clear
Deletes all Global SLB statistics.

206 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-31 Global SLB Statistics Menu Options (/stats/slb/gslb)

Command Syntax and Usage

dump
Displays all Global SLB statistics.

/stats/slb/gslb/real <real server number>


Real Server Global SLB Statistics

Real server 1 global stats:


DNS directs: 3210
HTTP redirects: 12

For any remote real server configured for Global Server Load Balancing, the following statis-
tics can be viewed:

„ Number of DNS responses directed to the remote real server


„ Number of HTTP redirects to the remote real server

/stats/slb/gslb/virt <virtual server number>


Virtual Server Global SLB Statistics

Global SLB virtual server 1 http service stats:


Domain: www.gslb.example.com
Server IP address Site DNS directs HTTP redirects
------ --------------- ---- ----------- --------------
v1 200.200.200.1 0 0
r2 200.200.200.10 5 0 0
------ --------------- ---- ----------- --------------
Totals 0 0

Table 5-32 Virtual Server Global SLB Statistics (/stats/slb/gslb/virt)

Field Description

Server Type of server configuration and server ID number.


„ v# represents a local virtual server number
„ r# represents a remote site. Since each remote sites is config-
ured on its peers as if it were a real server (with certain special
properties), the number represents the real server ID on this
switch, under which the remote server is configured.

Chapter 5: The Statistics Menu „ 207


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-32 Virtual Server Global SLB Statistics (/stats/slb/gslb/virt)

Field Description

IP Address IP address of the server.


Site The remote site number.
DNS directs The number of DNS responses that return the IP address of the cor-
responding server.

HTTP redirects The number of HTTP requests redirected to the corresponding


server.

/stats/slb/gslb/site
Global SLB Site Statistics

Global SLB remote site 1 stats:


Bad remote site packets received: 386
DSSPv1 remote site updates sent: 0
DSSPv1 remote site updates received: 0
DSSPv2 remote site updates sent: 768
DSSPv2 remote site updates received: 348

Table 5-33 Global SLB Site Statistics Parameters (/stats/slb/gslb/site)

Field Description

Bad remote site pack- The number of bad packets received from remote site.
ets received

DSSPv1 remote site The number of remote site updates sent using DSSP version 1.
updates sent

DSSPv1 remote site The number of remote site updates received using DSSP version 1.
updates received

DSSPv2 remote site The number of remote site updates sent using DSSP version 2.
updates sent

DSSPv2 remote site The number of remote site updates received using DSSP version 2.
updates received

208 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/gslb/maint
Global SLB Maintenance Statistics

Global SLB maintenance stats:


Bad remote site packets received: 0
DSSPv1 remote site updates sent: 0
DSSPv1 remote site updates received: 0
DSSPv2 remote site updates sent: 127746
DSSPv2 remote site updates received: 85164
DNS queries received: 0
Bad DNS queries received: 0
DNS responses sent: 0
HTTP requests received: 0
Bad HTTP requests received: 0
HTTP responses sent: 0
Hostname domain hits: 0
Network domain hits: 0
Basic domain hits: 0
No server selected for hostname domain: 0
No server selected for network domain: 0
No server selected for basic domain: 0
No matching domain: 0
Last no result domain:
Last source IP: 0.0.0.0

Table 5-34 Global SLB Maintenance Statistics (/stats/slb/gslb/maint)

Field Description

Bad remote site pack- The number of bad packets received from the remote site.
ets received Bad updates or dropped packets usually indicate that there is
a configuration problem at local or remote GSLB switches. If
bad updates or dropped packets occur, check your syslog
for configuration error messages.
DSSPv1 remote site The number of Distributed Site State Protocol (DSSP) ver-
updates sent sion one updates/packets sent to the remote sites.
DSSPv1 remote site The number of Distributed Site State Protocol (DSSP) ver-
updates received sion one updates/packets received from the remote sites.
DSSPv2 remote site The number of Distributed Site State Protocol (DSSP) ver-
updates sent sion two updates/packets sent to the remote sites.
DSSPv2 remote site The number of Distributed Site State Protocol (DSSP) ver-
updates received sion two updates/packets received from the remote sites.

Chapter 5: The Statistics Menu „ 209


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-34 Global SLB Maintenance Statistics (/stats/slb/gslb/maint)

Field Description

DNS queries received The number of DNS queries received.


Bad DNS queries The number of bad DNS queries received.
received

DNS responses sent The number of DNS responses sent by the switch that
includes DNS directs and DNS error responses.
HTTP requests received The number of HTTP requests received.

Bad HTTP requests The number of bad/dropped client HTTP requests. Client
received HTTP GET request packets that do not contain the entire
URL are considered bad and are dropped.
HTTP responses sent The number of HTTP responses sent by the switch that
includes HTTP redirects.
Hostname domain hits The number of times the DNS queries received matched for
the hostname configured.
Network domain hits The number of times the DNS queries received matched for
the network domain name configured.
Basic domain hits The number of times the DNS queries received matched for
the basic domain name configured.
No server selected for The number of times no server was selected after matching
hostname domain the host name domain.
No server selected for The number of times no server was selected after matching
network domain the network domain name.
No server selected for The number of times no server was selected after matching
basic domain the basic domain name.
No matching domain The number of times the DNS queries received did not match
the host name, domain name, or the network domain config-
ured.
Last no result domain The domain in the last DNS query received that did not match
the host name, domain name, or the network domain config-
ured.
Last source IP The source IP address of the last DNS query or HTTP request
received.

210 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/real <real server number>


Real Server SLB Statistics
Real server 1 stats:
Current sessions: 129
Total sessions: 65478
Highest sessions: 4343
Octets 523824000

NOTE – Octets are provided per server, not per service, unless configured as described in “Per
Service Octet Counters” on page 211.

Table 5-35 Real Server SLB Statistics (/stats/slb/real)

Statistics Description

Current sessions The total number of outstanding sessions that are established to the par-
ticular real server.

Total sessions The total number of sessions that have been established to the particular
real server.

Highest sessions The highest number of sessions ever recorded for the particular real
server.

Octets The total number of octets sent by the particular real server.

Per Service Octet Counters


For each load-balanced real server, the octet counters represent the combined number of trans-
mit and receive bytes (octets). These counters are then added to report the total octets for each
virtual server.

The octet counters are provided per server–not per service. If you need octet counters on a per-
service basis, you can accomplish this through the following configuration:

1. Configure a separate IP address for each service on each server being load balanced.
For instance, you can configure IP address 10.1.1.20 for HTTP services, and 10.1.1.21 for FTP
services on the same physical server.

Chapter 5: The Statistics Menu „ 211


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

2. On the Nortel Application Switch, configure a real server with a real IP address for each
service above.
Continuing the example above, two real servers would be configured for the physical server
(representing each real service). If there were five physical servers providing the two services
(HTTP and FTP), 10 real servers would have to be configured: five for the HTTP services on
each physical server, and five for the FTP services on each physical server.

3. On the Nortel Application Switch, configure one real server group for each type of ser-
vice, and group each appropriate real server IP address into the group that handles the
specific service.
Thus, in keeping with our example, two groups would be configured: one for handling HTTP
and one for handling FTP.

4. Configure a virtual server and add the appropriate services to that virtual server.

/stats/slb/group <real server group number>


Real Server Group Statistics
Real server group 1 stats:

Total weight updates from WorkLoad Manager : 10

Current Total Highest


Real IP address Sessions Sessions Sessions Octets
---- --------------- -------- ---------- -------- ---------------
1 200.100.10.14 20 60 9 480000
2 200.100.10.15 20 77 12 616000
---- --------------- -------- ---------- -------- ---------------
40 137 21 1096000

Real server group statistics include the following:

„ Current and total sessions for each real server in the real server group.
„ Current and total sessions for all real servers associated with the real server group.
„ Highest number of simultaneous sessions recorded for each real server.
„ Real server transmit/receive octets. For per-service octet counters, see the procedure on
“Per Service Octet Counters” on page 211.

212 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/virt <virtual server number>


Virtual Server SLB Statistics
Virtual server 1 stats:
Current Total Highest
Real IP address Sessions Sessions Sessions Octets
---- --------------- -------- ---------- -------- ---------------
1 200.100.10.14 20 60 9 480000
2 200.100.10.15 20 77 12 616000
---- --------------- -------- ---------- -------- ---------------
200.100.10.20 40 309 21 1096000

NOTE – The virtual server IP address is shown on the last line, below the real server IP addresses.

Virtual server statistics include the following:

„ Current and total sessions for each real server associated with the virtual server.
„ Current and total sessions for all real servers associated with the virtual server.
„ Highest number of simultaneous sessions recorded for each real server.
„ Real server transmit/receive octets. For per-service octet counters, see “Per Service Octet
Counters” on page 211.

/stats/slb/filt <filter number>


Filter SLB Statistics
Filter 1 stats:
Total firings: 1011

You can obtain the total number of times any filter has been matched.

Chapter 5: The Statistics Menu „ 213


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/layer7
SLB Layer7 Statistics Menu
[Layer 7 Statistics Menu]
redir - Show URL Redirection stats
str - Show SLB String stats
maint - Show Layer 7 Maintenance stats
pooling - Show connection pooling stats

Table 5-36 SLB Layer 7 Statistics Menu Options (/stats/slb/layer7)

Command Syntax & Usage

redir
Displays URL Redirection statistics. See page 214 for a sample output.

str
Displays SLB string statistics. See page 215 for a sample output.

maint
Displays Layer 7 maintenance statistics. See page 216 for a sample output.

pooling
Display the connection pooling statistics.See page 216 for a sample output.

/stats/slb/layer7/redir
Layer7 Redirection Statistics
Total URL based web cache redirection stats:
Total cache server hits: 0
Total origin server hits: 0
Total straight to origin server hits: 0
Total none-GETs hits: 0
Total 'Cookie: ' hits: 0
Total no-cache hits: 0
Total RTSP cache server hits: 0
Total RTSP origin server hits: 0
Total HTTP redirection hits: 0

Table 5-37 Layer 7 Redirection Statistics (/stats/slb/layer7/redir)


Statistics Description

Total cache server hits The total number of HTTP requests redirected to the cache server.

Total origin server hits The total number of HTTP requests forwarded to the origin server.

214 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-37 Layer 7 Redirection Statistics (/stats/slb/layer7/redir)


Statistics Description

Total straight to ori- The total number of HTTP requests forwarded from straight to the
gin server hits origin server.

Total none-GETs hits The total number of none GET requests forwarded to the origin
server.

Total 'Cookie:' hits The total number of cookie requests forwarded to the origin server.

Total no-cache hits The total number of requests containing no-cache header forwarded
to the origin server.

Total RTSP cache The total number of RTSP requests redirected to the cache server.
server hits

Total RTSP origin The total number of RTSP requests forwarded to the origin server.
server hits

Total HTTP redirec- The total number of HTTP requests that were redirected by redirec-
tion hits tion filter.

/stats/slb/layer7/str
Layer 7 SLB String Statistics
SLB String stats:
ID SLB String Hits
1 any 1527115
2 www.[abcdefghijklm]*.com 0
3 www.[nopqrstuvwxyz]*.com 0
4 www.junk.com 0
5 www.abc.com 0
6 www.[abcdefjhijklm]*.org 0
7 www.[nopqrstuvwxyz]*.org 0

Table 5-38 Layer 7 SLB String Statistics (/stats/slb/layer7/str)


Statistics Description

ID SLB String The user-defined strings being used in URL matching.

Hits The total number of instances that are load-balanced due to matching of
the particular URL ID.

Chapter 5: The Statistics Menu „ 215


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/layer7/maint
Layer 7 SLB Maintenance Statistics

Layer 7 maintenance stats:


Clients reset by switch on client side: 0
Clients reset by switch on server side: 0
Connection Splicing to support HTTP/1.1: 0
Invalid HTTP methods: 0
Aged delayed binding sessions: 0
Half open connections: 0
Switch retries: 0
Random early drops: 0
Requests exceeded 9000 bytes: 0
Invalid 3-way handshakes: 0
Exceeded max frame size: 0
Out of order packet drops: 0
Current SP[1] memory units: 1260 Lowest: 1260
Current SP[2] memory units: 1260 Lowest: 1260
Current SP[3] memory units: 1260 Lowest: 1260
Current SP[4] memory units: 1260 Lowest: 1260
Current SP memory units: 5040
Current SEQ buffer entries: 0 Highest: 0
Current Data buffer use: 0 Highest: 0
Current SP buffer entries: 0 Highest: 0
Total Nonzero SEQ Alloc: 0
Total SEQ Buffer Allocs: 0 Total SEQ Frees: 0
Total Data Buffer Allocs: 0 Total Data Frees: 0
Alloc Fails - Seq buffers: 0 Alloc Fails - Ubufs: 0
Max sessions per bucket: 0 Max frames per session: 0
Max bytes buffered (sess): 0

Table 5-39 SLB Layer 7 Maintenance Statistics (/stats/slb/layer7/maint)

Statistics Description

Clients reset by The number of reset frames sent to the client by the switch during
switch on client side server connection termination. This means that when the switch
could not connect to the real sever and the client’s retries exceeded
the threshold due to delayed binding, the switch will send a reset
frame to the client to terminate the connection.

Clients reset by The number of reset frames sent to the server by the switch during
switch on server side server connection termination due to delayed binding.

Connection Splicing to The total number of connection swapping between different real
support HTTP/1.1 servers in supporting multiple HTTP/1.1 client requests.0

216 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-39 SLB Layer 7 Maintenance Statistics (/stats/slb/layer7/maint)

Statistics Description

Invalid HTTP methods The total number of HTTP requests that contain invalid methods
sent by the client.

Aged delayed binding The total number of aged delayed binding sessions caused by failed
sessions connection initialization between the switch and the server.

Half open connections The total numbers of outstanding TCP connections that are half
opened. It is incremented when the switch responds to TCP SYN
packet and decremented upon receiving TCP SYN ACK packet from
the requester.

Switch retries The total number of switch retries to connect to the real server.

Random early drops The total number of SYN frames dropped when the buffer is low.

Requests exceeded 4500 The total number of GET requests that exceeded 4500 bytes.
bytes

Invalid 3-way hand- The total number of dropped frames because of invalid 3-way hand
shakes shakes.

Exceeded max frame The total number of switch-generated frames that exceeded the max-
size imum allowed frame size.

Out of order packet The total number of TCP packets dropped because they were
drops: received out of order.

Current SP memory The currently available SP memory units.


units

Current SEQ buffer The number of outstanding sequence buffers used.


entries

Highest SEQ buffer The highest number of sequence buffers ever used.
entries

Current Data buffer The number of outstanding data buffers used.


use

Highest Data buffer The highest number of data buffers ever used.
use

Total Nonzero SEQ The total number of sequence buffer allocated.2


Alloc

Total SEQ Buffer The total number of sequence buffer allocations.


Allocs

Total SEQ Frees The total number of sequence buffer is freed.

Chapter 5: The Statistics Menu „ 217


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-39 SLB Layer 7 Maintenance Statistics (/stats/slb/layer7/maint)

Statistics Description

Total Data Buffer The total number of buffers allocated to store client request.2
Allocs

Total Data Frees The total of number buffers freed.

Alloc Fails - Seq The number of times sequence buffer allocation failed.
buffers

Alloc Fails - Ubufs The number of times the URL data buffer allocation failed.

Max sessions per The maximum number of items (sessions) allowed in the session
bucket table hash bucket chain.

Max frames per session The maximum number of frames to be buffered per session.

Max bytes buffered The maximum number of bytes to be buffered per session.
(sess)

/stats/slb/layer7/pooling
Layer7 Pooling Statistics
>> Layer 7 Statistics# pooling
------------------------------------------------------------------
Connection pooling statistics:
Current opened server connections: 0
Active server connections: 0
Available server connections: 0
Total number of aged out client connections: 0
Total number of aged out server connections: 0

218 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/ssl
SLB Secure Socket Layer Statistics
SSL SLB maintenance stats:
SessionId allocation fails: 0
Total number of SSL ID reassignments: 0

Current Total Highest


Sessions Sessions Sessions
------------------------- -------- ---------- --------
Unique SessionIds 0 0 0
SSL connections 0 0 0
Persistent Port Sessions 0 0 0

Table 5-40 SLB Secure Socket Layer Statistics (/stats/slb/ssl)

Statistics Description

SSL SLB maintenance Debug stats for SSL SessionId based persistence.
stats

SessionId allocation The number of times allocation of a session table entry failed when
fails attempting to store a SessionId in the table.

Total number of SSL ID


reassignments

The table shows the Current Sessions, the total sessions seen on the switch since last reset and the high
water mark of current sessions for the following:

Unique SessionIds Many SSL sessions can use the same SessionId, these should all
bind to the same server. This number shows the number of unique
SSL sessions seen on the switch.

SSL connections The number of different TCP connections using SSL service.

Persistent Port The number of SessionIds maintained to allow for persistence


Sessions across different client ports.

Chapter 5: The Statistics Menu „ 219


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/ftp
File Transfer Protocol SLB and Filter Statistics Menu
[FTP SLB parsing and Filter Statistics Menu]
active - Show active FTP NAT filter stats
parsing - Show FTP SLB parsing server stats
maint - Show FTP maintenance stats
dump - Dump all FTP SLB/NAT stats

Table 5-41 FTP SLB Parsing and Filter Statistics Menu Options (/stats/slb/ftp)
Command Syntax and Usage

active
Shows active FTP SLB parsing and filter statistics. See page 221 for sample output.

parsing
Shows parsing statistics. See page 221 for sample output.

maint
Shows maintenance statistics. See page 222 for sample output.

dump
Shows all FTP SLB/NAT statistics. See page 222.

220 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/ftp/active
Active FTP SLB Parsing and Filter Statistics
Total Active FTP NAT stats(PORT):
Total FTP: 0
Total New Active FTP Index: 0
Active FTP NAT ACK/SEQ diff: 0

Table 5-42 Active FTP Slb Parsing and Filter statistics (/stats/slb/ftp/active)
Statistics Description

Total Active FTP NAT The number of times the switch receives the port command from
stats (PORT) the client.

Total FTP The number of times the switch receives both active and passive
FTP connections.

Total New Active FTP The number of times the switch creates a new index due to port
Index command from the client.

Active FTP NAT ACK/SEQ The difference in the numbers of ACK and SEQ that the Switch
diff needs for packet adjustment.

/stats/slb/ftp/parsing
Passive FTP SLB Parsing Statistics

Total FTP SLB Parsing Stats(PASV):


Total FTP: 0
Total New FTP SLB parsing Index: 0
FTP SLB parsing ACK/SEQ diff: 0

Table 5-43 Passive FTP SLB Parsing Statistics (/stats/slb/ftp/parsing)

Statistics Description

Total FTP The number of times the switch receives both active and passive
FTP connections.

Total New FTP SLB The number of times the switch creates a new index in response to
parsing Index the pasv command from the client.

FTP SLB parsing ACK/ The difference in the numbers of ACK and SEQ that the switch
SEQ diff needs FTP SLB parsing.

Chapter 5: The Statistics Menu „ 221


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/ftp/maint
FTP SLB Maintenance Statistics

FTP mode switch error: 0

Table 5-44 FTP SLB Maintenance Statistics (/stats/slb/ftp/maint)

Statistics Description

FTP mode switch error The number of times the switch is not able to switch modes from
active to passive and vice versa.

/stats/slb/ftp/dump
FTP SLB Statistics Dump

Total FTP : 0
Total FTP NAT Filtered: 0
Total new active FTP NAT Index: 0
Total new FTP SLB parsing Index: 0
FTP Active FTP NAT ACK/SEQ diff: 0
FTP SLB parsing ACK/SEQ diff: 0
FTP mode switch error: 0

Table 5-45 FTP SLB Statistics Dump (/stats/slb/ftp/dump)

Statistics Description

Total FTP The total number of FTP sessions that occurred.

Total FTP NAT Filtered The total number of FTP NAT filter sessions that occurred.

Total new active FTP The total number of new data sessions created for FTP NAT filter in
NAT Index active mode.

Total new FTP SLB The number of times the switch creates a new index in response to
parsing Index the pasv command from the client.

FTP Active FTP NAT The total number of times the adjustment between ACK and SEQ
ACK/SEQ diff occurred on the filter.

FTP SLB parsing ACK/ The difference in the numbers of ACK and SEQ that the switch
SEQ diff needs for FTP SLB parsing.

FTP mode switch error The number of times the switch could not switch mode from active
to passive and vice versa.

222 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/rtsp
RTSP SLB Statistics
Control UDP Connection Buffer Alloc
SP Connection Streams Redirect Denied Allocs Failures
-- ---------- ---------- ---------- ---------- ---------- ----------
1 0 0 0 0 0 0
2 0 0 0 0 0 0
3 0 0 0 0 0 0
4 0 0 0 0 0 0
-- ---------- ---------- ---------- ---------- ---------- --------
0 0 0 0 0 0

Table 5-46 RTSP SLB Statistics (/stats/slb/rtsp)

Statistics Description

ControlConnection The total number of TCP connections for RTSP control connection.

UDP Streams The total number of UDP connections for data channels. The number
depends upon the type of media player being used.

Redirect The total number of times the connection got redirected.

ConnectionDenied The total number of times the connections got denied due to shortage of
resources or the real server being down.

BufferAllocs The total number of buffer allocations used.

AllocFailures The total number of times the buffer allocation failed.

Chapter 5: The Statistics Menu „ 223


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/dns
DNS SLB Statistics
Total number of TCP DNS queries: 0
Total number of UDP DNS queries: 0
Total number of invalid DNS queries: 0
Total number of multiple DNS queries: 0
Total number of domain name parse errors: 0
Total number of failed real server name matches: 0
Total number of DNS parsing internal errors: 0

Table 5-47 DNS SLB Statistics (/stats/slb/dns)

Statistics Description

Total number of TCP The total number of DNS queries that received through TCP
DNS queries connections.

Total number of UDP The total number of DNS queries received through UDP requests.
DNS queries

Total number of The total number of malformed DNS queries received.


invalid DNS queries

Total number of The total number of DNS queries that contain more than one domain
multiple DNS queries name to be resolved. Currently only one domain name resolution per
request is supported.

Total number of domain The total number of DNS queries that have short or invalid domain
name parse errors names to be resolved.

Total number of failed The total number of times the user failed to find a real server which
real server name has the same layer 7 strings that match the domain name to be
matches resolved.

Total number of DNS The total number of out of memory and other unexpected errors the
parsing internal user gets while processing the DNS query.
errors

224 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/wap
WAP SLB Statistics
This command displays all the Radius and WAP related counters.

WAP Maintenance stats:


current sessions: 0
allocation failures: 0
incorrect VIPs: 0
incorrect Vports: 0
no available real server: 0
requests to wrong SP: 0
------------------------------------------------------------------
TPCP External Notification stats:
add session reqs: 0 del session reqs: 0
req fails- SP dead: 0 req fails- SP dead: 0
------------------------------------------------------------------
RADIUS Snooping stats:
acct reqs: 0 acct wrap reqs: 0
acct start reqs: 0 acct update reqs: 0
acct stop reqs: 0 acct bad reqs: 0
acct reqs(FIP): 0 acct reqs(no FIP): 0
add session reqs: 0 del session reqs: 0
req fails- SP dead: 0
req fails- DMA: 0

Table 5-48 WAP SLB Statistics (/stats/slb/wap)

Statistics Description

WAP Maintenance stats:

current sessions The number of session bindings currently in use.

allocation failures Indicates instances where the switch ran out of available bindings for a
port.

incorrect VIPs Indicates the number of times the switch received a Layer 4 request for
a virtual server which was not configured.

incorrect Vports This dropped frames counter indicates that the virtual server has received
frames for TCP/UDP services that have not been configured. Normally
this indicates a mis-configuration on the virtual server or the client.

no available real This dropped frames counter indicates that all real servers are either out
server of service or at their maxcon limit.

requests to wrong SP The number of session add/delete requests sent to the wrong SP.

Chapter 5: The Statistics Menu „ 225


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-48 WAP SLB Statistics (/stats/slb/wap)

Statistics Description

TPCP External Notification stats:

add session reqs The number of WAP session add requests via TPCP.

req fails- SP dead The number of add-request failures due to dead target SP.

RADIUS Snooping stats:

acct reqs The number of RADIUS Accounting frames received.

acct wrap reqs The number of wrapped RADIUS Accounting frames


received.

acct start reqs The number of RADIUS Accounting Start frames received.

acct update reqs The number of RADIUS Accounting Update frames.

acct stop reqs The number of RADIUS Accounting Stop frames received.

acct bad reqs The number of bad RADIUS Accounting frames received.

add session reqs The number of WAP session add requests via RADIUS snooping.

del session reqs The number of WAP session delete requests via RADIUS snooping.

req fails- SP dead The number of add/delete request failures due to dead target SP.

req fails- DMA The number of add/delete requests failed due to DMA write failure.

226 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/maint
SLB Maintenance Statistics
SLB Maintenance stats:
Maximum sessions: 2097104
Current sessions: 0
4 second average: 0
64 second average: 0
Terminated sessions: 0
Allocation failures: 0
UDP datagrams: 0
Non TCP/IP frames: 0
Incorrect VIPs: 0
Incorrect Vports: 0
No available real server: 0
Backup server activations: 0
Overflow server activations: 0
Filtered (denied) frames: 0
LAND attacks: 0
No TCP control bits: 0
Invalid reset packet drops: 0
Total IP fragment sessions: 0
Current IP fragment sessions 0
IP fragment discards: 0
IP fragment table full: 0
Current IPF buffer sessions: 0
Highest IPF buffer sessions: 0
IPF buffer alloc fails: 0
IPF SP buffer alloc fails: 0
SP buffer too low: 0
Exceeded 16 OOO packets: 0
Free Service pool entries: 8192
Current IP6 sessions: 0
Incorrect IP6 VIPs: 0
Incorrect IP6 Vports: 0
IP6 packets drops: 0

SLB Maintenance statistics are described in the following table.


Table 5-49 Server Load Balancing Maintenance Statistics (/stats/slb/maint)
Statistic Description
Maximum sessions The maximum number of simultaneous sessions supported.
Current Sessions Number of session bindings currently in use (the last 4 and 64 seconds).
Terminated Sessions Number of sessions removed from the session table because the server
assigned to them failed and graceful server failure was not enabled.

Chapter 5: The Statistics Menu „ 227


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-49 Server Load Balancing Maintenance Statistics (/stats/slb/maint)


Statistic Description
Allocation Failures Indicates instances where the Switch ran out of available sessions for a port.
UDP Datagrams Indicates that the virtual server IP address and MAC are receiving UDP
frames when UDP balancing is not turned on.
Non TCP/IP Frames Indicates the number of non-IP based frames received by the virtual server.
Incorrect VIPs Indicates the number of times the switch received a Layer 4 request for a
virtual server which was not configured.
Incorrect Vports This dropped frames counter indicates that the virtual server has received
frames for TCP/UDP services that have not been configured. Normally this
indicates a mis-configuration on the virtual server or the client, but it may
be an indication of a potential security probing application like SATAN.
No Available Real This dropped frames counter indicates that all real servers are either out
Server of service or at their maxcon limit.
Backup Server This indicates the number of times a real server failure has occurred and
Activations caused a backup server to be brought online.
Overflow Server This indicates the number of times a real server has reached the maxcon
Activations limit and caused an overflow server to be brought online.
Filtered (Denied) This indicates the number of frames that were dropped because they
Frames matched an active filter with the deny action set.
LAND attacks This counter increases whenever a packet has the same source and desti-
nation IP addresses and ports.
No TCP Control Bits The number of packets that were dropped because the packet had no con-
trol bits set in the TCP header.
Invalid reset The number of packets that were dropped because the packet had an
packet drops invalid reset flag set.
Total IP fragment This represents the total number of fragment sessions the switch has pro-
sessions cessed so far.
Current IP fragment This represents the current number of fragment sessions.
sessions
IP The number of fragmented packets that are discarded due to lack of
fragment discards resources.
IP fragment table This counter indicates how many times session table is full.
full
Free service pool This counter indicates the number of free service pool entries.
entries

228 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/sip
SIP SLB Statistics
SIP Stats:

Total number of SIP Client Parse Errors : 0


Total number of SIP Server Parse Errors : 0
Total number of SIP Unknown Method packets : 0
Total number of SIP Incomplete Messages : 0
Total number of SIP Filter Parse Errors : 0
Total number of packets with SIP SDP NAT : 0

Table 5-50 SIP SLB Statistics (/stats/slb/sip)

Statistics Description

Total number of SIP The total number of errors encountered during client processing
Client Parse Errors when parsing an incoming SIP packet.

Total number of SIP The total number of errors encountered during server processing
Server Parse Errors when parsing an incoming SIP packet.

Total number of SIP Total number of packets received with methods not known to the
Unknown Method packets SIP parser on the switch.

Total number of SIP Total number of packets received which do not have the complete
Incomplete Messages SIP message in a single packet.

Total number of SIP Total number of errors encountered during filter processing when
Filter Parse Errors parsing an incoming SIP packet.

Total number Total number of packets received that have SIP SDP
of packets with SIP NAT information.
SDP NAT

Chapter 5: The Statistics Menu „ 229


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/wlm <wlm number>


Display Workload Manager SASP statistics
Table 5-51 SLB WorkLoad Manager SASP (/stats/slb/wlm)

>> Server Load Balancing Statistics# /st/sl/wlm 1


------------------------------------------------------------------
Workload Manager 1 Statistics:
Registration Requests: 1
Registration Replies: 1
Registration Reply Errors: 0

Deregisteration Requests: 1
Deregisteration Replies: 1
Deregisteration Reply Errors: 0

Set LB State Requests: 1


Set LB State Replies: 1
Set LB State Reply Errors: 0

Set Member State Requests: 0


Set Member State Replies: 0
Set Member State Reply Errors: 0

Send Weights Messages received: 47


Send Weights Message Parse Errors: 0
Total Messages with Invalid LB Name: 0
Total Messages with Invalid Group Name: 0
Total Messages with Invalid Real Server Name: 0
Messages with Invalid SASP Header: 0
Messages with parse errors: 0
Messages with Unsuppored Message Type: 0

/stats/slb/wlm <wlm number>/clear


Clear Workload Manager SASP Statistics
This command clears statistics for the specified Workload Manager.

230 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/slb/mirror
Display Workload Manager SASP statistics
Table 5-52 SLB Session Mirroring statistics (/stats/slb/mirror)

>> Server Load Balancing Statistics# mirror


------------------------------------------------------------------
Session Mirroring Stats:
Rx Tx
Total Create Session Messages 0 0
Total Update Session Messages 0 0
Total Delete Session Messages 0 0
Total Create Data Session Messages 0 0
Total Update Data Session Messages 0 0
Total Delete Data Session Messages 0 0
Total Sessions Created 0
Total Sessions Updated 0
Total Sessions Deleted 0
Total Data Sessions Created 0
Total Data Sessions Updated 0
Total Data Sessions Deleted 0
Session table full 0
Unvailable pport 0
Session already present 0
Session not found 0
Control session not found 0

Chapter 5: The Statistics Menu „ 231


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/bwm
BWM Statistics Menu
[Bandwidth Management Statistics Menu]
port - Switch Port Contract Stats Menu
cont - BW Contract stats
rcont - BW Contract rate stats
hist - BW History stats
maint - Show BWM maint statistics
ipusers - Show BWM IP user stats for iplimit contracts
dump - Dump all BWM statistics
clear - Clear BWM statistics

Table 5-53 Bandwidth Management Statistics Menu Options (/stats/bwm)

Command Syntax and Usage

port <port number>


Displays Switch Port Contract Statistics Menu. To view menu options, see page 233.

cont <BW Contract number (1-1024)>


Displays bandwidth management contract statistics. See page 234 for details.

rcont <BW Contract number (1-1024)>


Displays bandwidth management contract rate statistics. See page 235 for details.

hist
Displays bandwidth management history statistics. See page 237 for sample output.

maint
Displays bandwidth management maintenance statistics. See page 238 for sample output.

ipusers
Displays Bandwidth Management IP user stats for iplimit contracts. Each IP address is limited
to the user limit configured in /cfg/bwm/contract on page 319.
See page 238 for sample output.

dump
Displays all bandwidth management statistics.

clear
Clears all bandwidth management statistics.

232 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/bwm/port <port number>


BWM Switch Processor Statistics
[Bandwidth Management Port Statistics Menu]
cont - BW Contract stats
rcont - BW Contract rate stats

Table 5-54 Management Port Statistics Menu Options (/stats/bwm/sp)

Command Syntax and Usage


cont <BW Contract number (1-1024)>
Displays bandwidth management contract statistics. See page 233 for a sample output.
rcont <BW Contract number (1-1024)>
Displays bandwidth management contract rate statistics.

/stats/bwm/port <port number>/cont


BWM Switch Processor Contract Statistics Menu
>> Bandwidth Management Port Statistics# cont
------------------------------------------------------------------
BW Contract statistics
Contract Name Octets Discards Total Pkts BufUsed BufMax
-------- ---------- ---------- ---------- ---------- ------- ----
1024 Default 0 0 0 0 16320

/stats/bwm/port <port number>/rcont


BWM Switch Processor Rate Contract Statistics
This command repeats its output when the printed lines are less than the configured CLI lines
per screen. If the CLI lines are configured at zero per screen, the command will continue to
repeat its output until you type a key on the console or telnet session.

You can configure the number of CLI lines per screen using the global (hidden) command:
lines <number of lines>. For example:

>> AAS_2424 - Bandwidth Management Statistics# lines


Current lines-per-screen: 24
>> AAS_2424 - Bandwidth Management Statistics# lines ?
lines sets lines-per-screen 0-300, zero for infinite

Chapter 5: The Statistics Menu „ 233


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

BW Contract statistics
Contract Name Rate(Kbps) Octets Discards BufUsed BufMax
-------- --------------- ---------- ---------- ---------- ------- -----
1 cont1 0 40465360 262049256 0 16320
2 cont2 0 0 0 0 16320
20 cont20 5230 682947936 1822133376 16384 16320
26 cont26 0 0 0 0 16320
1024 Default 0 773974 0 0 16320
1 cont1 0 40465360 262049256 0 16320
2 cont2 0 0 0 0 16320
20 cont20 5238 684289056 1825753104 16384 16320
26 cont26 0 0 0 0 16320
1024 Default 0 774114 0 0 16320

/stats/bwm/cont <contract number>


BWM Contract Statistics
BW Contract statistics
Contract Name Octets Discards Total Pkts BufUsed BufMax
-------- ---------- ---------- ---------- ---------- ------- -------
1024 Default 0 0 0 0 16320

The following description of statistics applies on a specific switch port for all enabled
contracts.

NOTE – This command displays enabled contracts only.

Table 5-55 Bandwidth Management Contract Statistics (/stats/bwm/cont)

Statistics Description

Contract The contract number.

Name The contract name.

Octets The number of octets that are being transmitted through a particular con-
tract since the switch is booted.

Discards The number of octets that are being discarded because of seeing more
traffic than the bandwidth contract limit permits.

Total Pkts The total number of packets classified for that contract.

BufUsed The current amount of buffer space used to store the packets that is wait-
ing to be transmitted.

234 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-55 Bandwidth Management Contract Statistics (/stats/bwm/cont)

Statistics Description

BufMax Maximum buffer space that can be used to store the packets before they
can be transmitted. The switch starts dropping the packets of a particular
contract after the maximum buffer space allocated for that contract is
being occupied.

/stats/bwm/rcont
BWM Contract Rate Statistics
Use this command to show the rate statistics of all the enabled contracts.

NOTE – This command displays enabled contracts only.

This command repeats its output when the printed lines are less than the configured CLI lines
per screen. If the CLI lines are configured at zero per screen, the command will continue to
repeat its output until you type a key on the console or telnet session.

You can configure the number of CLI lines per screen using the global (hidden) command:
lines <number of lines>. For example:

>> AAS_2424 - Bandwidth Management Statistics# lines


Current lines-per-screen: 24
>> AAS_2424 - Bandwidth Management Statistics# lines ?
lines sets lines-per-screen 0-300, zero for infinite

Chapter 5: The Statistics Menu „ 235


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

BW Contract statistics
Contract Name Rate(Kbps) Octets Discards BufUsed BufMax
-------- --------------- ---------- ---------- ---------- ------- -----
1 cont1 5222 285408288 735607152 16384 456960
2 cont2 0 0 0 0 456960
20 cont20 5238 285720864 735308784 16384 456960
26 cont26 0 0 0 0 456960
1024 Default 4 517182 0 0 456960
1 cont1 5230 286747296 739228896 16384 456960
2 cont2 0 0 0 0 456960
20 cont20 5230 287059872 738930528 16384 456960
26 cont26 0 0 0 0 456960
1024 Default 8 519400 0 0 456960
1 cont1 5222 288084192 742853160 16384 456960
2 cont2 0 0 0 0 456960
20 cont20 5238 288400992 742550760 16384 456960
26 cont26 0 0 0 0 456960
1024 Default 8 521578 0 0 456960

Table 5-56 Bandwidth Management Contract Rate Statistics (/stats/bwm/rcont)

Statistics Description

Contract The contract number.

Name The contract name.

Rate (in Kbps) Rate at which the packets are going out of the switch on a particular con-
tract.

Octets The number of octets that are being transmitted through a particular con-
tract since the switch is booted.

Discards The number of octets that are being discarded because of seeing more
traffic than the bandwidth contract limits.

BufUsed The current amount of buffer space used to store the packets that is wait-
ing to be transmitted.

BufMax Maximum buffer space that can be used to store the packets before they
can be transmitted. The switch starts dropping the packets of a particular
contract after the maximum buffer space allocated for that contract is
being occupied.

236 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/bwm/hist
BWM History Statistics
Switch IP Cont Name Octets
Discards TimeStamp
YyyyMmDd:Hr:Mi/TmZone
--------------- ---- ---------------- ---------- ---------- ----------
47.80.23.124 1 filter_number01 0 0 20030910:15:11/ -8:00
47.80.23.124 2 filter_number02 0 0 20030910:15:11/ -8:00
47.80.23.124 3 filter_number03 0 0 20030910:15:11/ -8:00
47.80.23.124 4 filter_number04 0 0 20030910:15:11/ -8:00
47.80.23.124 5 filter_number05 0 0 20030910:15:11/ -8:00
47.80.23.124 6 filter_number06 0 0 20030910:15:11/ -8:00
47.80.23.124 7 filter_number07 0 0 20030910:15:11/ -8:00
47.80.23.124 8 filter_number08 0 0 20030910:15:11/ -8:00
47.80.23.124 9 filter_number09 0 0 20030910:15:11/ -8:00
47.80.23.124 10 filter_number10 0 0 20030910:15:11/ -8:00
47.80.23.124 1024 Default 608 0 20030910:15:11/ -8:00

You can dump the stats kept in the SMTP history buffer that get dumped periodically when an
E-mail is sent. This command is used to keep long term history only for the contracts that are
enabled and have history command turned on.

Use this command to show the history of all the contracts for which history command is
enabled. The sampling is done at one-minute intervals.

Table 5-57 Bandwidth Management History Statistics (/stats/bwm/hist)

Statistics Description

Contract The contract number for which history is enabled.

Octets The number of octets sent out on a particular contract.

Discards The number of octets discarded because of seeing more traffic than the
bandwidth contract limit permits.

TimeStamp Indicates the time the packets were received or discarded.

NOTE – These statistics can only be viewed when the e-mail option is enabled.

Chapter 5: The Statistics Menu „ 237


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/bwm/maint
BWM Maintenance Statistics
BWM Maint statistics
------------------------------------------------------------------
Maint Stats for rate limiting contracts
Discard pkts 0
Discard octets 0
Out pkts 0
Out octets 0
Transmit failed 0
User Limit entry allocation failures 0
------------------------------------------------------------------
Maint Stats for traffic shaping contracts
QFull Discard pkts 0
QFull Discard octets 0
Out of buffers pkts 0
Out of buffers pkts 0
Transmit failed 0
TDT set when qfull 0
TDT set between soft and hard 0
TDT set at soft 0

/stats/bwm/ipusers
BWM IP Users Statistics
This command displays the number of BWM IP user entries for each BWM contract for each
SP.

BWM IP users statistics

Contract SP1 SP2 SP3 SP4 Total


-------- ---------- ---------- ---------- ---------- ----------
10 0 10 0 0 10
11 0 10 0 0 10
---------- ---------- ---------- ---------- ----------
0 20 0 0 20

238 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/security
Security Statistics

[Security Statistics Menu]


ipacl - IP Address ACL Statistics Menu
udpblast - UDP Blast Statistics Menu
dos - DoS Attack Statistics Menu
pgroup - Show pattern match group statistics
ratelim - Show rate limiting statistics
dump - Dump all security statistics

Command Syntax and Usage

dos
Displays the DOS Attack statistics menu. To view a sample output and a description of the stats,
see page 240.

ipacl
Displays the IP Address Access Control List statistics menu. To view a sample output and a
description of the statistics, see page 244.

udpblast
Displays the UDP Blast statistics menu. To view a sample output and a description of the statistics,
see page 245.

pgroup
Displays the Pattern Match Group statistics menu. To view a sample output and a description of
the statistics, see page 246.

ratelim
Displays the Rate Limiting statistics menu. To view a sample output and a description of the stats,
see page 246.

dump
Displays all security statistics.

Chapter 5: The Statistics Menu „ 239


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/security/dos
DOS Attack Statistics Menu
[Protocol Anomaly and DoS Attack Prevention Statistics Menu]
port - Show port protocol anomaly and DoS attack prevention stats
dump - Dump all protocol anomaly and DoS attack prevention stats
clear - Clear all protocol anomaly and DoS attack prevention stats
help - Protocol anomaly and DoS attack prevention description

Table 5-58 DOS Attacks Statistics Menu Options (/stats/security/dos)

Command Syntax and Usage

port <port number>


Displays the number of times the packets were dropped for each of the following types of DOS
attacks, on the selected port only.

dump
Displays the number of times the packets were dropped on the switch, for each of the following
types of DOS attacks:
iplen, ipversion, broadcast, loopback, land, ipreserved, ipttl, ipprot, ipoptlen,
fragmoredont, fragdata, fragboundary, fraglast, fragdontoff, fragopt, fragoff, fragoversize, tcplen,
tcpportzero, blat, tcpreserved, nullscan, fullxmasscan, finscan, vecnascan, xmasscan, synfinscan,
flagabnormal, syndata, synfrag, ftpport, dnsport, seqzero, ackzero, tcpoptlen, udplen, udpportzero,
fraggle, pepsi, rc8, snmpnull, icmplen, smurf, icmpdata, icmpoff, icmptype, igmplen, igmpfrag,
igmptype, arplen, arpnbcast, arpnucast, arpspoof, garp, ip6len, ip6version
For a description of these different types of DOS attacks, see “Types of DOS Attacks” on page
241.

clear
Deletes all DOS attack statistics.

help
Displays a description of each type of DOS attack by name and how it works.

240 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Types of DOS Attacks


Nortel Application Switch Operating System can protect switch ports against a variety of
Denial of Service (DOS) attacks including Port Smurf, LandAttack, Fraggle, Nullscan, Xmas-
can, PortZero, and ScanSynFin. Enable DOS protection on ports connected to any network that
could be the source of an attack.

You can use the help command to obtain a brief explanation of each type of DOS attack
detected by the switch.

Chapter 5: The Statistics Menu „ 241


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Refer to your Nortel Application Switch Operating System Application Guide for a detailed
description of DOS attacks.

>> /stats/security/dos help


iplen : IPv4 packets with bad IP header or payload length.
ipversion : IPv4 packets with IP version not 4.
broadcast : IPv4 packets with broadcast source or destination IP
[0.0.0.0,255.255.255.255].
loopback : IPv4 packets with loopback source or destination IP
[127.0.0.0/8].
land : IPv4 packets with same source and destination IP.
ipreserved : IPv4 packets with IP reserved bit is set.
ipttl : IPv4 packets with small IP TTL.
ipprot : IPv4 packets with IP protocol is unassigned or
reserved.
ipoptlen : IPv4 packets with bad IP options length.
fragmoredont: IPv4 packets with more fragments and don't fragment
bits are set.
fragdata : IPv4 packets with more fragments bit is set and small
payload.
fragboundary: IPv4 packets with more fragments bit is set and
payload not at 8-byte boundary.
fraglast : IPv4 packets last fragment without payload.
fragdontoff : IPv4 packets with non-zero fragment offset and don't
fragment bits are set.
fragopt : IPv4 packets with non-zero fragment offset and IP
options.
fragoff : IPv4 packets with small non-zero fragment offset.
fragoversize: IPv4 packets with non-zero fragment offset and over-
size payload.
tcplen : TCP packets with bad TCP header length.
tcpportzero : TCP packets with source or destination port is zero.
blat : TCP packets with SIP!=DIP and SPORT=DPORT.
tcpreserved : TCP packets with TCP reserved bit is set.
nullscan : TCP packets with all control bits are zero.
fullxmasscan: TCP packets with all control bits are set.
finscan : TCP packets with only FIN bit is set.
vecnascan : TCP packets with only URG or PUSH or URG|FIN or
PSH|FIN or URG|PSH bits are set.

242 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

xmasscan : TCP packets with FIN, URG and PSH bits are set.
synfinscan : TCP packets with SYN and FIN bits are set.
flagabnormal: TCP packets with abnormal control bits combination.
syndata : TCP packets with SYN bit is set and with payload.
synfrag : TCP packets with SYN bit is set and more fragments bit
is set.
ftpport : TCP packets with SPORT=20, DPORT<1024 and SYN bit is
set.
dnsport : TCP packets with SPORT=53, DPORT<1024 and SYN bit is
set.
seqzero : TCP packets with sequence number is zero.
ackzero : TCP packets with acknowledgement number is zero and ACK
bit is set.
tcpoptlen : TCP packets with bad TCP options length.
udplen : UDP packets with bad UDP header length.
udpportzero : UDP packets with source or destination port is zero.
fraggle : UDP packets to broadcast destination IP (x.x.x.255).
pepsi : UDP packets with SPORT=19, DPORT=7 or SPORT=7,
DPORT=19.
rc8 : UDP packets with SPORT=7 and DPORT=7.
snmpnull : UDP packets with DPORT=161 and without payload.
icmplen : ICMP packets with bad ICMP header length.
smurf : ICMP ping requests to a broadcast destination IP
(x.x.x.255).
icmpdata : ICMP packets with zero fragment offset and large pay-
load.
icmpoff : ICMP packets with large fragment offset.
icmptype : ICMP packets with type is unassigned or reserved.
igmplen : IGMP packets with bad IGMP header length.
igmpfrag : IGMP packets with more fragments bit is set or non-zero
fragment offset.
igmptype : IGMP packets with type is unassigned or reserved.
arplen : ARP request or reply packets with bad length.
arpnbcast : ARP request packets with non broadcast destination MAC.
arpnucast : ARP reply packets with non unicast destination MAC.
arpspoof : ARP request or reply packets with mismatch source with
sender MACs
or destination with target MACs.
garp : ARP request or reply packets with same source and des-
tination IP.
ip6len : IPv6 packets with bad header length.
ip6version : IPv6 packets with IP version not 6.

Chapter 5: The Statistics Menu „ 243


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/security/ipacl
IP Access Control List Statistics
The following IP Access Control List statistics can be viewed with this command:

[IP ACL Statistics Menu]


dump - IP address access control Stats
clear - Clear all access control Stats

Table 5-59 IPACL Security Statistics Menu Options (/stats/security/ipacl)

Command Syntax and Usage

dump
Displays the accumulated blocked packets for each source or destination IP address and mask pair
in the access control list.
>> Main# /stats/security/ipacl/dump
-----------------------------------------------------------------
IP ACL stats:
Source IP Addr Mask Type Blocked Packets
--------------- --------------- ----- ---------------
No source IP ACL's created
Dest IP Addr Mask Type Blocked Packets
--------------- --------------- ----- ---------------
No destination IP ACL's created

clear
Deletes all the statistics of accumulated blocked packets.

244 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/security/udpblast
UDP Blast Statistics
[UDP Blast Statistics Menu]
dump - UDP Blast Stats
clear - Clear all UDP Blast Stats

Table 5-60 UDP Blast Statistics Menu Options (/stats/security/udpblast)

Command Syntax and Usage

dump
Displays all the accumulated blocked packets for each port, and the current packet rate per second.
See page 245 for a sample output and a description of the statistics.

clear
Deletes all the accumulated blocked packets.

/stats/security/udpblast/dump
UDP Blast Dump Statistics

UDP blast protection stats:


UDP Port Blocked Packets Current Packet Rate/Second
---------- ---------------- --------------------------

Table 5-61 UDP Blast Dump Statistics Parameters


(/stats/security/udpblast/dump)

Field Description

UDP Port UDP ports that experienced UDP blast attacks.

Blocked Packets The number of blocked packets.

Current Packet Rate/ Displays the current rate of packet to the UDP port.
Second

Chapter 5: The Statistics Menu „ 245


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/security/pgroup
UDP Pattern Match Statistics
Pattern Match Group stats:
ID Name Hits
1 0

This menu displays how many times each configured pattern group has been matched and a
subsequent filtering action performed. Pattern groups are configured in the “Pattern Matching
Menu” on page 404.

/stats/security/ratelim
Rate Limiting Statistics
Rate limiting stats:

TCP:
Total hold downs triggered: 0
Current per-client state entries: 0

UDP:
Total hold downs triggered: 0
Current per-client state entries: 0

ICMP:
Total hold downs triggered: 0
Current per-client state entries: 0

Table 5-62 Rate Limiting Statistics (/stats/security/ratelim)

Field Description

Total holds down The total number of packets dropped after the hold-down period
triggered expired.

Current per-client The total number of per-client state entries for TCP/UDP/ICMP rate
state entries limiting.

246 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/security/dump
Dump Statistics for Security
IP ACL stats:

Address Blocked Packets


--------------- ---------------
------------------------------------------------------------------
UDP blast protection stats:
UDP Port Blocked Packets Current Packet Rate/Second
---------- ---------------- --------------------------
------------------------------------------------------------------
Pattern Match Group stats:
ID Name Hits
1 0
100 0
101 0
------------------------------------------------------------------
Rate limiting stats:

TCP:
Total hold downs triggered: 0
Current per-client state entries: 0

UDP:
Total hold downs triggered: 0
Current per-client state entries: 0

ICMP:
Total hold downs triggered: 0
Current per-client state entries: 0

Chapter 5: The Statistics Menu „ 247


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/mp
Management Processor Statistics
[MP-specific Statistics Menu]
pkt - Show Packet and TCP stats
tcb - Show All TCP control blocks in use
ucb - Show All UDP control blocks in use
sfd - Show All Socket FD in use
cpu - Show CPU utilization
mem - Show memory stats

Table 5-63 Management Processor Statistics Menu Options (/stats/mp)

Command Syntax and Usage

pkt
Displays packet statistics, to check for leads and load. To view a sample output and a description
of the stats, see page 249.

tcb
Displays all TCP control blocks that are in use. To view a sample output and a description of the
stats, see page 251.

ucb
Displays all UDP control blocks that are in use. To view a sample output, see page 251.

sfd
Displays all Socket File Descriptors that are in use. To view a sample output, see page 252.

cpu
Displays CPU utilization for periods of up to 1, 4, and 64 seconds. To view a sample output and a
description of the stats, see page 252.

mem
Displays memory statistics.

248 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/mp/pkt
MP Packet Statistics
Packet counts:
allocs: 89262 frees: 89262
mediums: 0 mediums hi-watermark: 4
jumbos: 0 jumbos hi-watermark: 0
smalls: 0 smalls hi-watermark: 4
alloc fails: 0 packet discards: 0
TCP counts:
allocs: 4866 frees: 4827
current: 46 current hi-watermark: 146
alloc fails: 0 alloc discards: 0

Table 5-64 Packet Statistics (/stats/mp/pkt)

Statistics Description

Packet counts:

allocs Total number of packet allocations from the packet buffer pool by the
TCP/IP protocol stack.

frees Total number of times the packet buffers are freed (released) to the packet
buffer pool by the TCP/IP protocol stack.

mediums Total number of packet allocations with size between 128 to 1536 bytes
from the packet buffer pool by the TCP/IP protocol stack.

jumbos Total number of packet allocations with size between 1536 bytes to
9K bytes from the packet buffer pool by the TCP/IP protocol stack.

smalls Total number of packet allocations with size less than 128 bytes from the
packet buffer pool by the TCP/IP protocol stack.

alloc fails Total number of packet allocation failures from the packet buffer pool by
the TCP/IP protocol stack.

frees Total number of packets freed from the packet buffer pool by the TCP/IP
protocol stack.

mediums hi-water- The highest number of packet allocation with size between 128 to 1536
mark bytes from the packet buffer pool by the TCP/IP protocol stack.

jumbos hi-watermark The highest number of packet allocation with size between 1536 bytes to
9K bytes from the packet buffer pool by the TCP/IP protocol stack.

smalls hi-watermark The highest number of packet allocation with size less than 128 bytes
from the packet buffer pool by the TCP/IP protocol stack.

Chapter 5: The Statistics Menu „ 249


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-64 Packet Statistics (/stats/mp/pkt)

Statistics Description

packet discards The number of packets that are discarded by the MP. The packets are dis-
carded because buffer resources are not available or the buffer threshold
is reached and the low priority packets are discarded.

TCP counts:

allocs Total number of TCP packet allocations from MP memory by the TCP/IP
protocol stack.

current Total number of TCP packet allocations from MP memory by the TCP/IP
protocol stack.

alloc fails Total number of TCP packet allocation failures from MP memory by the
TCP/IP protocol stack.

frees Total number of times the TCP packet buffers are freed (released) to MP
memory by the TCP/IP protocol stack.

current hi-water- The highest number of TCP packet allocation from MP memory by the
mark TCP/IP protocol stack.

alloc discards The number of TCP packets that are discarded by the MP. The packets
are discarded because MP memory resources are not available.

250 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/mp/tcb
TCP Statistics
All TCP allocated control blocks:
117f6d00: 0.0.0.0 0 <=> 0.0.0.0 80 listen
117f81a8: 47.81.27.6 1331 <=> 47.80.16.59 23 established

Table 5-65 MP Specified TCP Statistics (/stats/mp/tcb)

Statistics Description

117f6d00/117f81a8 Memory

0.0.0.0/47.81.27.6 Destination IP address

0/1331 Destination port

0.0.0.0/47.80.16.59 Source IP

80/23 Source port

listen/established State

/stats/mp/ucb
UCB Statistics
All UDP allocated control blocks:
161: listen
1985: listen
3122: listen

Table 5-66 UCB Statistics on MP (/stats/mp/ucb)

Field Description

161/1985/3122 UDP port number

Listen State

Chapter 5: The Statistics Menu „ 251


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/mp/sfd
MP-Specific SFD Statistics
All Socket FD allocated:
0 -1 16 1180b128: 0.0.0.0 0 <=> 47.133.88.31 81 listen TCP
server
1 -1 17 108c5bd8: 0.0.0.0 0 <=> 47.133.88.31 23 listen TCP
server
2 -1 18 108d5cfc: 0.0.0.0 0 <=> 47.133.88.31 22 listen TCP
server
3 -1 19 1180a258: 0.0.0.0 0 <=> 47.133.88.31 443 listen TCP
server

/stats/mp/cpu
CPU Statistics
This menu option enables you to display the CPU utilization statistics on MP.

CPU utilization:
cpuUtil1Second: 100%
cpuUtil4Seconds: 100%
cpuUtil64Seconds: 100%

Table 5-67 CPU Statistics (stats/mp/cpu)

Statistics Description

cpuUtil1Second The percentage of CPU utilization as measured over the last one second
interval.

cpuUtil4Seconds The percentage of CPU utilization as measured over the last four second
interval.

cpuUtil64Seconds The percentage of CPU utilization as measured over the last 64 second
interval.

252 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/sp <SP Number>


SP Specific Statistics

[SP-specific Statistics Menu]


maint - Show maintenance stats
clear - Clear maintenance stats
cpu - Show CPU utilization

Table 5-68 SP Specific Statistics (/stats/sp)

Statistics Description

maint Displays internal statistics, Layer 2 FDB maintenance statistics, and


MP DOS shield statistics. See page 254 for a sample output.

clear Deletes all the maintenance statistics.

cpu Displays what percentage of the CPU has been utilized. To view a sam-
ple output and a description of the stats, see page 254.

Chapter 5: The Statistics Menu „ 253


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/stats/sp <SP number>/maint


SP-Specific Maintenance Statistics
Maintenance statistics for SP 1:
Receive Letter success from MP: 158648
Receive Letter success from SP 2: 0
Receive Letter success from SP 3: 0
Receive Letter success from SP 4: 0
Receive Letter errors from MP: 0
Receive Letter errors from SP 2: 0
Receive Letter errors from SP 3: 0
Receive Letter errors from SP 4: 0
Send Letter success to MP: 125516
Send Letter success to SP 2: 0
Send Letter success to SP 3: 6799
Send Letter success to SP 4: 6791
Send Letter failures to MP: 0
Send Letter failures to SP 2: 0
Send Letter failures to SP 3: 0
Send Letter failures to SP 4: 0
learnErrNoddw: 0 resolveErrNoddw: 0
ageMPNoddw: 0 deleteMiss: 0
pfdbFreeEmpty: 0
arpDiscards: 0 icmpDiscards: 0
tcpDiscards: 0 udpDiscards: 0

/stats/sp/cpu
CPU Statistics
This menu option enables you to display the CPU utilization statistics on the Switch Processor
(SP).

CPU utilization for SP 1:


cpuUtil1Second: 6%
cpuUtil4Seconds: 6%
cpuUtil64Seconds: 6%

Table 5-69 CPU Statistics (stats/sp/cpu)

Statistics Description

cpuUtil1Second The percentage of CPU utilization as measured over the last one second
interval.

254 „ Chapter 5: The Statistics Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-69 CPU Statistics (stats/sp/cpu)

Statistics Description

cpuUtil4Seconds The percentage of CPU utilization as measured over the last four second
interval.

cpuUtil64Seconds The percentage of CPU utilization as measured over the last 64 second
interval.

/stats/pmirr
Port Mirroring Statistics Menu

[Port Mirroring Statistics Menu]


dump - Port Mirroring Stats
clear - Clear all Port Mirroring Stats

Table 5-70 Port Mirroring

Command Syntax and Usage

dump
Displays the port number, and the statistics of the traffic on the ingress and egress ports.

clear
Deletes all the port mirroring statistics.
CAUTION—Use this command carefully as it will delete all statistics permanently.

/stats/mgmt
Management Port Statistics

Management port interface statistics:


RX bytes: 0 TX bytes: 0
RX packets: 0 TX packets: 0
RX errors: 0 TX errors: 0
RX dropped: 0 TX dropped: 0
RX overruns: 0 TX overruns: 0
RX frame errors: 0 TX carrier errors: 0
RX multicast: 0 TX collisions: 0

Chapter 5: The Statistics Menu „ 255


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 5-71 Management Port Statistics (/stats/mgmt)

Statistics Description

RX bytes The total number of incoming bytes successfully transferred by the


interface.

RX packets The total number of incoming packets successfully transferred by


the interface.

RX errors The number of bad packets received.

RX dropped The number of incoming packets that were dropped due to lack of
receive buffers.

RX overruns The number of received packets that were dropped because their size
exceeded that of the receive queue.

RX frame errors The number of incoming packets dropped due to IP framing errors.

RX multicast The number of multicast packets received.

TX bytes The total number of outgoing bytes successfully transferred by the


interface.

TX packets The total number of outgoing packets successfully transferred by the


interface.

TX errors The number of packets dropped due to transmission problems.

TX dropped The number of packets dropped due to lack of transmit buffers.

TX overruns The number of packets dropped because size exceeded that of the
transmit queue.

TX carrier errors Not applicable.

TX collisions The number of collisions due to congestion on the medium. Colli-


sions occur when two or more stations are transmitting signals at the
same time.

/stats/dump
Dump Statistics
Use the dump command to dump all switch statistics available from the Statistics Menu (40K or more,
depending on your configuration). This data can be used to tune or debug switch performance.

If you want to capture dump data to a file, set your communication software on your worksta-
tion to capture session data prior to issuing the dump commands.

256 „ Chapter 5: The Statistics Menu


320506-A, January 2006
CHAPTER 6
The Configuration Menu
This chapter discusses how to use the Command Line Interface (CLI) for making, viewing, and
saving switch configuration changes. Many of the commands, although not new, display more
or different information than in the previous version. Important difference are called out in the
text.

To make finding information easier, the menu options under the Server Load Balancing Menu
(/cfg/slb) are in Chapter 7.

/cfg
Configuration Menu

[Configuration Menu]
sys - System-wide Parameter Menu
port - Port Menu
pmirr - Port Mirroring Menu
bwm - Bandwidth Management Menu
l2 - Layer 2 Menu
l3 - Layer 3 Menu
slb - Server Load Balancing (Layer 4-7) Menu
security - Security Menu
sslproc - SSL Processor Setup Menu
setup - Step by step configuration set up
dump - Dump current configuration to script file
ptcfg - Backup current configuration to FTP/TFTP server
gtcfg - Restore current configuration from FTP/TFTP server

257
320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-1 Configuration Menu Options (/cfg)


Command Syntax and Usage

sys
Displays the System-wide parameter Configuration Menu. To view menu options, see page 261.

port <port number>


Displays the Port Configuration Menu. To view menu options, see page 301.

pmirr
Displays the Mirroring Configuration Menu. To view menu options, see page 315.

bwm
Displays the Bandwidth Management Configuration Menu. To view menu options, see page 316.

l2
Displays Layer 2 Configuration Menu. To view menu options, see page 325.

l3
Displays Layer 3 Configuration Menu. To view menu options, see page 342.

slb
Displays the Server Load Balancing Configuration Menu. To view menu options, see Chapter 7,
“The SLB Configuration Menu”.

security
Displays the Security Menu. To view menu options, see page 397.

sslproc
Displays the SSL processor setup Menu. To view menu options, see page 403

setup
Step-by-step configuration set-up of the switch. For details, see page 403.

dump
Dumps current configuration to a script file. For details, see page 407.

ptcfg <host name or IP address of TFTP server> <filename on host>


Backs up current configuration to TFTP server. For details, see page 408.

gtcfg <host name or IP address of TFTP server> <filename on host>


Restores current configuration from TFTP server. For details, see page 408.

258 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Viewing, Applying, and Saving Changes


As you use the configuration menus to set switch parameters, the changes you make do not
take effect immediately. All changes are considered “pending” until you explicitly apply them.
Also, any changes are lost the next time the switch boots unless the changes are explicitly
saved.

While configuration changes are in the pending state, you can do the following:

„ View the pending changes


„ Apply the pending changes
„ Save the changes to flash memory

Viewing Pending Changes


You can view all pending configuration changes by entering diff at the menu prompt.

NOTE – The diff command is a global command. Therefore, you can enter diff at any
prompt in the CLI.

Applying Pending Changes


To make your configuration changes active, you must apply them. To apply configuration
changes, enter apply at any prompt in the CLI.

# apply

NOTE – The apply command is a global command. Therefore, you can enter apply at any
prompt in the administrative interface.

NOTE – All configuration changes take effect immediately when applied, except for starting
Spanning Tree Protocol. To turn STP on or off, you must apply the changes, save them (see
below), and then reset the switch (see “Resetting the Switch” on page 517).

Saving the Configuration


In addition to applying the configuration changes, you can save them to flash memory on the
Nortel Application Switch.

Chapter 6: The Configuration Menu „ 259


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

NOTE – If you do not save the changes, they will be lost the next time the system is rebooted.

To save the new configuration, enter the following command at any CLI prompt:

# save

When you save configuration changes, the changes are saved to the active configuration block.
The configuration being replaced by the save is first copied to the backup configuration block.
If you do not want the previous configuration block copied to the backup configuration block,
enter the following instead:

# save n

You can decide which configuration you want to run the next time you reset the switch. Your
options include:

„ The active configuration block


„ The backup configuration block
„ Factory default configuration
You can view all pending configuration changes that have been applied but not saved to flash
memory using the diff flash command. It is a global command that can be executed from
any menu.

For instructions on selecting the configuration to run at the next system reset, see “Selecting a
Configuration Block” on page 515.

260 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys
System Configuration
[System Menu]
syslog - Syslog Menu
mmgmt - Management Port Menu
radius - RADIUS Authentication Menu
tacacs - TACACS+ Authentication Menu
ntp - NTP Server Menu
sonmp - SONMP Menu
ssnmp - System SNMP Menu
health - System Health Check Menu
access - System Access Menu
date - Set system date
time - Set system time
timezone - Set system timezone (daylight savings)
idle - Set timeout for idle CLI sessions
notice - Set login notice
bannr - Set login banner
smtp - Set SMTP host
hprompt - Enable/disable display hostname (sysName) in CLI prompt
bootp - Enable/disable use of BOOTP
cur - Display current system-wide parameters

This menu provides configuration of switch management parameters such as user and
administrator privilege mode passwords, Web-based management settings, and management
access list.

Table 6-2 System Configuration Menu Options (/cfg/sys)

Command Syntax and Usage

syslog
Displays the Syslog Menu. To view menu options, see page 263.

mmgmt
Displays Management Port Menu. To view menu options, see page 264.

radius
Displays the RADIUS Authentication Menu. To view menu options, see page 268.

tacacs
Displays TACACS+ authentication Menu. To view menu options, see page 270.

ntp
Displays the Network Time Protocol (NTP) Server Menu. To view menu options, see page 271.

Chapter 6: The Configuration Menu „ 261


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-2 System Configuration Menu Options (/cfg/sys)

Command Syntax and Usage

sonmp
Displays the SynOptics Network Management Protocol (SONMP) menu. To view menu options,
see page 273.

ssnmp
Displays the System SNMP Menu. To view menu options, see page 273.

health
Displays system health check menu. To view menu options, see page 287.

access
Displays System Access Menu. To view menu options, see page 288.

date
Prompts the user for the system date.

time
Configures the system time using a 24-hour clock format.

timezone
Configures the system time zone. To view an example, see page 300.

idle <idle timeout in minutes; affects both console and Telnet>


Sets the idle timeout for CLI sessions, from 1 to 10080 minutes. The default is 5 minutes.

notice <max 1024 char multi-line login notice> <'-' to end>


Displays login notice immediately before the “Enter password:” prompt. This notice can contain
up to 1024 characters and new lines.

bannr <string, maximum 80 characters>


Configures a login banner of up to 80 characters. When a user or administrator logs into the switch,
the login banner is displayed. It is also displayed as part of the output from the /info/sys com-
mand.

smtp <SMTP host name or IP address>


Sets the Simple Mail Transfer Protocol (SMTP) host, which is used for sending bandwidth man-
agement history information.

hprompt disable|enable
Enables or disables displaying of the host name (system administrator’s name) in the Command
Line Interface (CLI).

bootp disable|enable
Enables or disables the use of BOOTP. If you enable BOOTP, the switch will query its BOOTP
server for all of the switch IP parameters. This command is disabled by default.

cur
Displays the current system parameters.

262 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/syslog
System Host Log Configuration

NOTE – Nortel Application Switch Operating System 23.0 supports the RFC 3164 standard for
Syslogs.

[Syslog Menu]
host - Set IP address of first syslog host
host2 - Set IP address of second syslog host
sever - Set the severity of first syslog host
sever2 - Set the severity of second syslog host
facil - Set facility of first syslog host
facil2 - Set facility of second syslog host
console - Enable/disable console output of syslog messages
log - Enable/disable syslogging of features
cur - Display current syslog settings

Table 6-3 System Configuration Menu Options (/cfg/sys/syslog)


Command Syntax and Usage
host <new syslog host IP address (such as, 192.4.17.223)>
Sets the IP address of the first syslog host.
host2 <new syslog host IP address (such as, 192.4.17.223)>
Sets the IP address of the second syslog host.
sever <syslog host local severity (0–7)>
This option sets the severity level of the first syslog host displayed. The default is 7, which means
log all the seven severity levels. For a detailed description of the seven levels of severity, see
page 264.
sever2 <syslog host local severity (0–7)>
This option sets the severity level of the second syslog host displayed. The default is 7, which
means, log all the seven severity levels. For a detailed description of the seven levels of severity,
see page 264.
facil <syslog host local facility (0-7)>
This option sets the facility level of the first syslog host displayed. The default is 0.
facil2 <syslog host local facility (0-7)>
This option sets the facility level of the second syslog host displayed. The default is 0.
console disable|enable
Enables or disables delivering syslog messages to the console. When necessary, disabling con-
sole ensures the switch is not affected by syslog messages. It is enabled by default.

Chapter 6: The Configuration Menu „ 263


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-3 System Configuration Menu Options (/cfg/sys/syslog)


Command Syntax and Usage
log <feature|all> <enable|disable>
Displays a list of features for which syslog messages can be generated. You can choose to enable/
disable specific features (such as vlans, gslb, filter), or enable/disable syslog on all available
features.
cur
Displays the current syslog settings.

Seven Levels of Severity


Following is the description of the seven levels of severity:

0: Emergency. This means that the system is unusable.

1: Alert. This means that corrective action must be taken immediately.

2: Critical. This means the condition of the system is critical.

3: Error. This means that the system has errors that should be corrected.

4: Warning. This means that the system is giving a warning.

5: Notice. This means that the condition of the system is normal but with significant conditions
that need attention.

6: Informational. This means that the system is working but giving out information about cer-
tain unfavorable conditions.

7. Debug. This means that the system is giving out debug-level messages.

/cfg/sys/mmgmt
Management Port Configuration Menu
The Management port is a Fast Ethernet port that is used exclusively to manage the switch.
While the switch can be managed from any network port, the Management port saves consum-
ing a port that could otherwise be used for processing data and traffic. This port manages the
switch using either telnet CLI, SNMP, or HTTP. This port is isolated from and does not partic-
ipate in the networking protocols that run on the network ports.

The Management port must be configured with a static IP address, subnet mask, broadcast
address, and default gateway, and must be enabled before it can be used. If this port is disabled,
the network ports have to perform all switch management (other than the switch management

264 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

using the console). If this port is enabled, the factory default settings for some of the manage-
ment features remain with the network ports. You can change the defaults by configuring these
features to permanently use the management port, or in some cases, by using the operational
commands to set these options on a one-time basis.

NOTE – The Management port does not support BOOTP.

[Management Port Menu]


port - Management Port Phy Menu
addr - Set IP address
mask - Set subnet mask
gw - Set default gateway address
intr - Set interval between gateway ping attempts
retry - Set number of failed attempts to declare gateway DOWN
dns - Set default port for DNS
ntp - Set default port for NTP
radius - Set default port for RADIUS
tacacs - Set default port for TACACS+
smtp - Set default port for SMTP
snmp - Set default port for SNMP traps
syslog - Set default port for SYSLOG
sonmp - Set default IP for SONMP hello packets
tftp - Set default port for FTP/TFTP
wlm - Set default port for Workload Manager
report - Set default port for Reporting server
ena - Enable management port
dis - Disable management port
cur - Display current configuration

Table 6-4 Management Port Configuration Menu Options (/cfg/sys/mmgmt)

Command Syntax and Usage

port
Displays the management port link menu. To view the menu options, see page 268.

addr <IP address (such as, 192.4.17.101)>


Sets the IP address.

mask <subnet mask (such as, 255.255.255.0)>


Sets the subnet mask.

gw <gateway address (such as, 192.4.17.1)>


Sets the IP address for the default gateway.

intr <interval (0 - 60 seconds)>


Sets the interval between gateway ping attempts.

Chapter 6: The Configuration Menu „ 265


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-4 Management Port Configuration Menu Options (/cfg/sys/mmgmt)

Command Syntax and Usage

retry <number of attempts (1-120>


Sets the number of failed ping attempts before a gateway is declared DOWN.

dns default port mgmt|data


Sets DNS over management or data port. Default is data port.

ntp default port mgmt|data


Sets NTP over management or data ports. The default is data port.

radius default port mgmt|data


Sets RADIUS over management or data ports. Default is data port.

tacacs mgmt|data
Sets TACACS+ over management or data ports. Default is data port.

smtp default port mgmt|data


Sets SMTP over management or data ports. Default is data port.

snmp default port mgmt|data


Sets SNMP trap host over management or data ports. Default is data port.

syslog default port mgmt|data


Sets syslog host access over management or data ports. Default is data port.

sonmp default port mgmt|data


Sets default IP address for SONMP hello packets.
When this option is set to mgmt then the Management Port IP address is used in the SONMP hello
packets transmitted by the switch. But if it is set to data, then the IP address of the data port
interface specified by srcif (/cfg/sys/sonmp/srcif) command is used in the hello
packets.

tftp default port mgmt|data


Sets TFTP over management or data port. Default is data port.

wlm ["mgmt"|"data"]
Set the default port for the workload manager.

report ["mgmt"|"data"]
Set the default port for the reporting server.

ena
Enables the Management port.

266 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-4 Management Port Configuration Menu Options (/cfg/sys/mmgmt)

Command Syntax and Usage

dis
Disables the Management port.

cur
Displays the current configuration.

Chapter 6: The Configuration Menu „ 267


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/mmgmt/port
Management Port Link Menu
[Management Port Link Menu]
speed - Set link speed
mode - Set full or half duplex mode
auto - Set autonegotiation
cur - Display current link configuration

Table 6-5 Management Port Link Menu Options (/cfg/sys/mgmt/port)

Command Syntax and Usage

speed 10|100|any
Sets the speed of the link with the Management port. Default is any.

mode full|half|any
Sets half or full duplex mode. Default is any.

auto on|off
Sets auto negotiation for the port. By default this command is turned on.

cur
Displays the current link configuration.

/cfg/sys/radius
RADIUS Server Configuration
[RADIUS Server Menu]
prisrv - Set primary RADIUS server address
secsrv - Set secondary RADIUS server address
secret - Set primary RADIUS server secret
secret2 - Set secondary RADIUS server secret
port - Set RADIUS port
retries - Set RADIUS server retries
timeout - Set RADIUS server timeout
telnet - Enable/disable RADIUS backdoor for telnet
on - Turn RADIUS authentication ON
off - Turn RADIUS authentication OFF
cur - Display current RADIUS configuration

268 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-6 RADIUS Server Configuration Menu Options (/cfg/sys/radius)

Command Syntax and Usage

prisrv <IP address>


Sets the primary RADIUS server address.

secsrv <IP address>


Sets the secondary RADIUS server address.

secret <1-128 character secret>


This is the shared secret password between the switch and the primary RADIUS server(s).

secret2 <1-128 character secret>


This is the shared secret password between the switch and the secondary RADIUS server(s).

port <RADIUS port to configure, default 1645>


Enter the number of the UDP port to be configured, between 1500 - 3000. The default is 1645.

retries <RADIUS server retries (1-3)>


Sets the number of failed authentication requests before switching to a different RADIUS server.
The default is 3 requests.

timeout <RADIUS server timeout seconds (1-10)>


Sets the amount of time, in seconds, before a RADIUS server authentication attempt is considered
to have failed. The default is 3 seconds.

telnet disable|enable
Enables or disables the RADIUS back door for telnet. Telnet also applies to SSH/SCP connec-
tions.

on
Enables the RADIUS server.

off
Disables the RADIUS server.

cur
Displays the current RADIUS server parameters.

Chapter 6: The Configuration Menu „ 269


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/tacacs
TACACS+ Server Configuration Menu
TACACS (Terminal Access Controller Access Control System) is an authentication protocol
that allows a remote access server to forward a user's logon password to an authentication
server to determine whether access can be allowed to a given system. TACACS is
an encryption protocol and therefore less secure than TACACS+ and Remote Authentication
Dial-In User Service (RADIUS) protocols. (Both TACACS and TACACS+ are described in
RFC 1492.)

TACACS+ protocol is seen as more reliable than RADIUS as TACACS+ uses the Transmis-
sion Control Protocol (TCP) whereas RADIUS uses the User Datagram Protocol (UDP). Also,
RADIUS combines authentication and authorization in a user profile, whereas TACACS+ sep-
arates the two operations.

TACACS+ protocol has been implemented on Nortel Application Switch Operating System to
support the customers that have Cisco’s TACACS+ protocol as their network security feature.
Apart from that, TACACS+ offers the following advantages over RADIUS as the authentica-
tion device:

„ TACACS+ is TCP-based so it facilitates connection-oriented traffic.


„ It supports full-packet encryption as against password-only in authentication requests.
„ Supports decoupled authentication, authorization, and accounting.

[TACACS+ Server Menu]


prisrv - Set primary TACACS+ server address
secsrv - Set secondary TACACS+ server address
secret - Set primary TACACS+ server secret
secret2 - Set secondary TACACS+ server secret
port - Set TACACS+ TCP port
retries - Set TACACS+ server retries
timeout - Set TACACS+ server timeout (seconds)
telnet - Enable/disable TACACS+ backdoor for telnet
on - Turn TACACS+ authentication ON
off - Turn TACACS+ authentication OFF
cur - Display current TACACS+ configuration

270 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-7 TACACS+ Server Menu Options (/cfg/sys/tacacs)

Command Syntax and Usage

prisrv <IP address>


Defines the primary TACACS+ server address.

secsrv <IP address>


Defines the secondary TACACS+ server address.

secret <1-128 character secret>


This is the shared secret between the switch and the primary TACACS+ server(s).

secret2 <1-128 character secret>


This is the shared secret between the switch and the secondary TACACS+ server(s).

port <RADIUS port configure, default 1645>


Enter the number of the TCP port to be configured, between 1500 - 3000. The default is 1645.

retries <RADIUS server retries, 1-3>


Sets the number of failed authentication requests before switching to a different TACACS+ server.
The default is 3 requests.

timeout <RADIUS server timeout seconds, 4 to 15>


Sets the amount of time, in seconds, before a TACACS+ server authentication attempt is consid-
ered to have failed. The default is 3 seconds.

telnet disable|enable
Enables or disables the TACACS+ back door for telnet. Telnet also applies to SSH/SCP connections.

on
Enables the TACACS+ server.

off
Disables the TACACS+ server.

cur
Displays current TACACS+ configuration parameters.

/cfg/sys/ntp
NTP Server Configuration

Chapter 6: The Configuration Menu „ 271


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

This menu enables you to synchronize the switch clock to a Network Time Protocol (NTP)
server. By default, this option is disabled.

[NTP Server Menu]


prisrv - Set primary NTP server address
secsrv - Set secondary NTP server address
intrval - Set NTP server resync interval
tzone - Set NTP timezone offset from GMT
on - Turn NTP service ON
off - Turn NTP service OFF
cur - Display current NTP configuration

Table 6-8 NTP Server Configuration Menu Options (/cfg/sys/ntp)

Command Syntax and Usage

prisrv <primary NTP server IP address>


Prompts for the IP address of the primary NTP server to which you want to synchronize the switch
clock.

secsrv <secondary NTP server IP address>


Prompts for the IP address of the secondary NTP server to which you want to synchronize the
switch clock.

intrval <resync interval in minutes>


Specifies how often the switch will re-synchronize the switch clock with the NTP server. This
interval of time will be specified in minutes (1-44640). The default value is 1440 minutes.

tzone <offset from GMT, in HH:MM>


Prompts for the NTP time zone offset, in hours and minutes, of the switch you are synchronizing
from Greenwich Mean Time (GMT).

on
Enables the NTP synchronization service.

off
Disables the NTP synchronization service.

cur
Displays the current NTP service settings.

272 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/sonmp
SynOptics Network Management Protocol Configuration
[SONMP Menu]
srcif - Set source interface to be used in hello packets
on - Turn Ethernet Autotopology ON
off - Turn Ethernet Autotopology OFF
cur - Display current SONMP configuration

SynOptics Network Management Protocol (SONMP) is a proprietary network management


protocol that is used by Nortel Networks Optivitiy Switch Manager (OSM) to discover Nortel
Application Switches on the network. The following commands add support for the Ethernet
Autotopology algorithm and the Bay Topology MIB. The topology algorithm is executed by
each Nortel Application Switch on which SONMP is enabled.

Table 6-9 System Configuration Menu Options (/cfg/sys/sonmp)

Command Syntax and Usage

srcif <interface number (1-256)>


This command specifies the IP address to be used in the hello packets. If the interface specified by
this command is not up, then the first interface which is up and running is used in the hello packets.

on
This command enables the SONMP protocol, and turns Ethernet Autotopology on.

off
This command disables the SONMP protocol, and turns Ethernet Autotopology off.

cur
This command displays the current SONMP configuration.

/cfg/sys/ssnmp
System SNMP Configuration
Nortel Application Switch Operating System supports SNMP-based network management. In
SNMP model of network management, a management station (client/manager) accesses a set
of variables known as MIBs (Management Information Base) provided by the managed device
(agent). If you are running an SNMP network management station on your network, you can
manage the switch using the following standard SNMP MIBs:

„ MIB II (RFC 1213)


„ Ethernet MIB (RFC 1643)

Chapter 6: The Configuration Menu „ 273


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

„ Bridge MIB (RFC 1493)


An SNMP agent is a software process on the managed device that listens on UDP port 161 for
SNMP messages. Each SNMP message sent to the agent contains a list of management objects
to retrieve or to modify.

SNMP parameters that can be modified include:

„ System name
„ System location
„ System contact
„ Use of the SNMP system authentication trap function
„ Read community string
„ Write community string
„ Trap community strings

[System SNMP Menu]


snmpv3 - SNMPv3 Menu
name - Set SNMP "sysName"
locn - Set SNMP "sysLocation"
cont - Set SNMP "sysContact"
rcomm - Set SNMP read community string
wcomm - Set SNMP write community string
trsrc - Set SNMP trap source interface
timeout - Set timeout for the SNMP state machine
auth - Enable/disable SNMP "sysAuthenTrap"
linkt - Enable/disable SNMP link up/down trap
cur - Display current system SNMP configuration

Table 6-10 SNMP Configuration Menu Options (/cfg/sys/ssnmp)

Command Syntax and Usage

snmpv3
Displays SNMPv3 menu. To view menu options, see page 276.

name <new string (maximum 64 characters)>


Configures the name for the system. The name can have a maximum of 64 characters.

locn <new string (maximum 64 characters)>


Configures the name of the system location. The location can have a maximum of 64 characters.

cont <new string (maximum 64 characters)>


Configures the name of the system contact. The contact can have a maximum of 64 characters.

274 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-10 SNMP Configuration Menu Options (/cfg/sys/ssnmp)

Command Syntax and Usage

rcomm <new SNMP read community string (maximum 32 characters)>


Configures the SNMP read community string. The read community string controls SNMP “get”
access to the switch. It can have a maximum of 32 characters. The default read community string is
public.

wcomm <new SNMP write community string (maximum 32 characters)>


Configures the SNMP write community string. The write community string controls SNMP “set”
and “get” access to the switch. It can have a maximum of 32 characters. The default write commu-
nity string is private.

trsrc <interface number (1-256)>


Defines the interface number for SNMP trap source interface. This command enables the user to
select one of the configured interfaces as the source interface using the interface number.

NOTE – This command is applicable only to SNMPv1 and SNMPv2 traps because only
the SNMPv1 and SNMPv2 trap packets contain the source IP address that can be
set with this command. The SNMPv3 packets do not contain this field.

timeout <SNMP state machine timeout minutes, 1-30>


Defines the timeout period for SNMP state machine. When you use diff and apply, memory is
allocated to store the output of the command. The timeout period determines when the
resources/memory allocated for the output will be freed.

auth disable|enable
Enables or disables the use of the system authentication trap facility. The default setting is dis-
abled.

linkt <port> <disable|enable>


Enables or disables the sending of SNMP link up and link down traps. The default setting is
enabled.

cur
Displays the current STP port parameters.

Chapter 6: The Configuration Menu „ 275


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/ssnmp/snmpv3
SNMPv3 Configuration Menu
SNMP version 3 (SNMPv3) is an extensible SNMP Framework that supplements the SNMPv2
Framework by supporting the following:

„ a new SNMP message format


„ security for messages
„ access control
„ remote configuration of SNMP parameters
For more details on the SNMPv3 architecture please refer to RFC2271 to RFC2276.

[SNMPv3 Menu]
usm - usmUser Table menu
view - vacmViewTreeFamily Table menu
access - vacmAccess Table menu
group - vacmSecurityToGroup Table menu
comm - community Table menu
taddr - targetAddr Table menu
tparam - targetParams Table menu
notify - notify Table menu
v1v2 - Enable/disable V1/V2 access
cur - Display current SNMPv3 configuration

Table 6-11 SNMPv3 Configuration Menu Options (/cfg/sys/ssnmp/snmpv3)

Command Syntax and Usage

usm <usmUser number [1-16]>


This command allows you to create a user security model (USM) entry for an authorized user. You
can also configure this entry through SNMP. To view menu options, see page 278.

view <vacmViewTreeFamily number [1-128]>


This command allows you to create different MIB views. To view menu options, see page 279.

access <vacmAccess number [1-32]>


This command allows you to specify access rights. The View-based Access Control Model
defines a set of services that an application can use for checking access rights of the user.
You need access control when you have to process retrieval or modification request
from an SNMP entity. To view menu options, see page 280.

276 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-11 SNMPv3 Configuration Menu Options (/cfg/sys/ssnmp/snmpv3)

group <vacmSecurityToGroup number [1-16]>


A group maps the user name to the access group names and their access rights needed to
access SNMP management objects. A group defines the access rights assigned to all
names that belong to a particular group. To view menu options, see page 282.
comm <snmpCommunity number [1-16]>
The community table contains objects for mapping community strings and version-independent
SNMP message parameters. To view menu options, see page 283.

taddr <snmpTargetAddr number [1-16]>


This command allows you to configure destination information, consisting of a transport domain
and a transport address. This is also termed as transport endpoint. The SNMP MIB provides a
mechanism for performing source address validation on incoming requests, and for selecting com-
munity strings based on target addresses for outgoing notifications. To view menu options, see
page 284.

tparam <target params index [1-16]>


This command allows you to configure SNMP parameters, consisting of message processing
model, security model, security level, and security name information. There may be multiple trans-
port endpoints associated with a particular set of SNMP parameters, or a particular transport end-
point may be associated with several sets of SNMP parameters. To view menu options, see
page 285.

notify <notify index [1-16]>


A notification application typically monitors a system for particular events or conditions, and gen-
erates Notification-Class messages based on these events or conditions. To view menu options, see
page 286.

v1v2 disable|enable
This command allows you to enable or disable the access to SNMP version 1 and version 2. This
command is enabled by default.

cur
Displays the current SNMPv3 configuration.

Chapter 6: The Configuration Menu „ 277


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/ssnmp/snmpv3/usm
User Security Model Configuration Menu
You can make use of a defined set of user identities using this Security Model. An SNMP
engine must have the knowledge of applicable attributes of a user.

This menu helps you create a user security model entry for an authorized user. You need to pro-
vide a security name to create the USM entry.

[SNMPv3 usmUser 1 Menu]


name - Set USM user name
auth - Set authentication protocol
authpw - Set authentication password
priv - Set privacy protocol
privpw - Set privacy password
del - Delete usmUser entry
cur - Display current usmUser configuration

Table 6-12 User Security Model Configuration Menu Options (/cfg/sys/ssnmp/


snmpv3/usm)

Command Syntax and Usage

name <32 character name>


This command allows you to configure a string up to 32 characters long that represents the name of
the user. This is the login name that you need in order to access the switch.

auth md5|sha|none
This command allows you to configure the authentication protocol between HMAC-MD5-96 or
HMAC-SHA-96. The default algorithm is none.

authpw
If you selected an authentication algorithm using the above command, you need to provide a pass-
word, otherwise you will get an error message during validation. This command allows you to cre-
ate or change your password for authentication.

priv des|none
This command allows you to configure the type of privacy protocol on your switch. The privacy
protocol protects messages from disclosure. The options are des (CBC-DES Symmetric Encryp-
tion Protocol) or none. If you specify des as the privacy protocol, then make sure that you have
selected one of the authentication protocols (MD5 or HMAC-SHA-96). If you select none as the
authentication protocol, you will get an error message.

privpw
This command allows you to create or change the privacy password.

278 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-12 User Security Model Configuration Menu Options (/cfg/sys/ssnmp/


snmpv3/usm)

Command Syntax and Usage

del
Deletes the USM user entries.

cur
Displays the USM user entries.

cfg/sys/ssnmp/snmpv3/view
SNMPv3 View Configuration Menu

[SNMPv3 vacmViewTreeFamily 1 Menu]


name - Set view name
tree - Set MIB subtree(OID) which defines a family of view subtrees
mask - Set view mask
type - Set view type
del - Delete vacmViewTreeFamily entry
cur - Display current vacmViewTreeFamily configuration

Table 6-13 SNMPv3 View Menu Options (/cfg/sys/ssnmp/snmpv3/view)

Command Syntax and Usage

name <32 character name>


This command defines the name for a family of view subtrees up to a maximum of 32 characters.

tree <object identifier, such as,. 1.3.6.1.2.1.1.1.0, max 32 characters>


This command defines MIB tree, a string of maximum 32 characters, which when combined with
the corresponding mask defines a family of view subtrees.

mask <bitmask, max size 32 characters>


This command defines the bit mask, which in combination with the corresponding tree defines a
family of view subtrees.

type included|excluded
This command indicates whether the corresponding instances of vacmViewTreeFamilySub-
tree and vacmViewTreeFamilyMask define a family of view subtrees, which is included
in or excluded from the MIB view.

del
Deletes the vacmViewTreeFamily group entry.

cur
Displays the current vacmViewTreeFamily configuration.

Chapter 6: The Configuration Menu „ 279


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/ssnmp/snmpv3/access
View-based Access Control Model Configuration Menu
The view-based Access Control Model defines a set of services that an application can use for
checking access rights of the user. Access control is needed when the user has to process
SNMP retrieval or modification request from an SNMP entity.

[SNMPv3 vacmAccess 1 Menu]


name - Set group name
prefix - Set content prefix
model - Set security model
level - Set minimum level of security
match - Set prefix only or exact match
rview - Set read view index
wview - Set write view index
nview - Set notify view index
del - Delete vacmAccess entry
cur - Display current vacmAccess configuration

Table 6-14 View-based Access Control Model Menu Options (/cfg/sys/ssnmp/


snmpv3/access)

Command Syntax and Usage

name <32 character name>


Defines the name of the group.

prefix <32 character name>


Defines the name of the context. An SNMP context is a collection of management information that
an SNMP entity can access. An SNMP entity has access to many contexts. For more information
on naming the management information, see RFC2571, the SNMP Architecture document. The
view-based Access Control Model defines a table that lists the locally available contexts by con-
textName.

model usm|snmpv1|snmpv2
Allows you to select the security model to be used.

level noAuthNoPriv|authNoPriv|authPriv
Defines the minimum level of security required to gain access rights. The level noAuthNoPriv
means that the SNMP message will be sent without authentication and without using a privacy pro-
tocol. The level authNoPriv means that the SNMP message will be sent with authentication but
without using a privacy protocol. The authPriv means that the SNMP message will be sent both
with authentication and using a privacy protocol.

280 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-14 View-based Access Control Model Menu Options (/cfg/sys/ssnmp/


snmpv3/access)

Command Syntax and Usage

match exact|prefix
If the value is set to exact, then all the rows whose contextName exactly matches the prefix are
selected. If the value is set to prefix then the all the rows where the starting octets of the con-
textName exactly match the prefix are selected.

rview <32 character view name>


This is a 32 character long read view name that allows you read access to a particular MIB view. If
the value is empty or if there is no active MIB view having this value then no access is granted.

wview <32 character view name>


This is a 32 character long write view name that allows you write access to the MIB view. If the
value is empty or if there is no active MIB view having this value then no access is granted.

nview <32 character view name>


This is a 32 character long notify view name that allows you notify access to the MIB view.

del
Deletes the View-based Access Control entry.

cur
Displays the View-based Access Control configuration.

Chapter 6: The Configuration Menu „ 281


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/ssnmp/snmpv3/group
SNMPv3 Group Configuration Menu

[SNMPv3 vacmSecurityToGroup 1 Menu]


model - Set security model
uname - Set USM user name
gname - Set group gname
del - Delete vacmSecurityToGroup entry
cur - Display current vacmSecurityToGroup configuration

Table 6-15 SNMPv3 Group Menu Options (/cfg/sys/ssnmp/snmpv3/group)

Command Syntax and Usage

model usm|snmpv1|snmpv2
Defines the security model.

uname <32 character name>


Sets the user name as defined in /cfg/sys/ssnmp/snmpv3/usm/name on page 278.

gname <32 character name>


The name for the access group as defined in /cfg/sys/ssnmp/snmpv3/access/name on
page 280.

del
Deletes the vacmSecurityToGroup entry.

cur
Displays the current vacmSecurityToGroup configuration.

282 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/ssnmp/snmpv3/comm
SNMPv3 Community Table Configuration Menu
This command is used for configuring the community table entry. The configured entry is
stored in the community table list in the SNMP engine. This table is used to configure commu-
nity strings in the Local Configuration Datastore (LCD) of SNMP engine.

[SNMPv3 snmpCommunityTable 1 Menu]


index - Set community index
name - Set community string
uname - Set USM user name
tag - Set community tag
del - Delete communityTable entry
cur - Display current communityTable configuration

Table 6-16 SNMPv3 Community Table Configuration Menu Options (/cfg/sys/


ssnmp/snmpv3/comm)

Command Syntax and Usage

index <32 character name>


Allows you to configure the unique index value of a row in this table consisting of 32 characters
maximum.

name <32 character name>


Defines the user name as defined in /cfg/sys/ssnmp/snmpv3/usm/name on page 278.

uname <32 character name>


Defines a readable 32 character long string that represents the corresponding value of an SNMP
community name in a security model.

tag <list of tag string, max 255 characters>


Allows you to configure a tag of up to 255 characters maximum. This tag specifies a set of trans-
port endpoints to which a command responder application sends an SNMP trap.

del
Deletes the community table entry.

cur
Displays the community table configuration.

Chapter 6: The Configuration Menu „ 283


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/ssnmp/snmpv3/taddr
SNMPv3 Target Address Table Configuration Menu
This command is used to configure the target transport entry. The configured entry is stored in
the target address table list in the SNMP engine. This table of transport addresses is used in the
generation of SNMP messages.

[SNMPv3 snmpTargetAddrTable 1 Menu]


name - Set target address name
addr - Set target transport address IP
port - Set target transport address port
taglist - Set tag list
pname - Set targetParams name
del - Delete targetAddrTable entry
cur - Display current targetAddrTable configuration

Table 6-17 Target Address Table Menu Options (/cfg/sys/ssnmp/snmpv3/taddr)

Command Syntax and Usage

name <32 character name>


Allows you to configure the locally arbitrary, but unique identifier, target address name associated
with this entry.

addr <transport address ip>


Allows you to configure a transport address IP that can be used in the generation of SNMP traps.

port <transport address port>


Allows you to configure a transport address port that can be used in the generation of SNMP traps.

taglist <list of tag string, max 255 characters>


Allows you to configure a list of tags that are used to select target addresses for a particular opera-
tion.

pname <32 character name>


Defines the name as defined in /cfg/sys/ssnmp/snmpv3/tparam/name on page 285.

del
Deletes the Target Address Table entry.

cur
Displays the current Target Address Table configuration.

284 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/ssnmp/snmpv3/tparam
SNMPv3 Target Parameters Table Configuration Menu
You can configure the target parameters entry and store it in the target parameters table in the
SNMP engine. This table contains parameters that are used to generate a message. The param-
eters include the message processing model (for example: SNMPv3, SNMPv2c, SNMPv1), the
security model (for example: USM), the security name, and the security level (noAuthno-
Priv, authNoPriv, or authPriv).

[SNMPv3 snmpTargetParamsTable 1 Menu]


name - Set target params name
mpmodel - Set message processing model
model - Set security model
uname - Set USM user name
level - Set minimum level of security
del - Delete targetParamsTable entry
cur - Display current targetParamsTable configuration

Table 6-18 Target Parameters Table Configuration Menu Options (/cfg/sys/


ssnmp/snmpv3/tparam)

Command Syntax and Usage

name <32 character name>


Allows you to configure the locally arbitrary, but unique identifier that is associated with this
entry.

mpmodel snmpv3|snmpv1|snmpv2c
Allows you to configure the message processing model that is used to generate SNMP messages.

model usm|snmpv1|snmpv2
Allows you to select the security model to be used when generating the SNMP messages.

uname <32 character name>


Defines the name that identifies the user in the USM table (page 278) on whose behalf the SNMP
messages are generated using this entry.

level noAuthNoPriv|authNoPriv|authPriv
Allows you to select the level of security to be used when generating the SNMP messages using
this entry. The level noAuthNoPriv means that the SNMP message will be sent without authen-
tication and without using a privacy protocol. The level authNoPriv means that the SNMP mes-
sage will be sent with authentication but without using a privacy protocol. The authPriv means
that the SNMP message will be sent both with authentication and using a privacy protocol.

Chapter 6: The Configuration Menu „ 285


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-18 Target Parameters Table Configuration Menu Options (/cfg/sys/


ssnmp/snmpv3/tparam)

Command Syntax and Usage

del
Deletes the targetParamsTable entry.

cur
Displays the current targetParamsTable configuration.

/cfg/sys/ssnmp/snmpv3/notify
SNMPv3 Notify Table Configuration Menu
SNMPv3 uses Notification Originator to send out traps. A notification typically monitors a system for
particular events or conditions, and generates Notification-Class messages based on these events or con-
ditions.

[SNMPv3 snmpNotifyTable 1 Menu]


name - Set notify name
tag - Set notify tag
del - Delete notifyTable entry
cur - Display current notifyTable configuration

Table 6-19 Notify Table Menu Options (/cfg/sys/ssnmp/snmpv3/notify)

Command Syntax and Usage

name <32 character name>


Defines a locally arbitrary but unique identifier associated with this SNMP notify entry.

tag <list of tag string, max 255 characters>


Allows you to configure a tag of 255 characters maximum that contains a tag value which is used
to select entries in the Target Address Table. Any entry in the snmpTargetAddrTable, that
matches the value of this tag, is selected.

del
Deletes the notify table entry.

cur
Displays the current notify table configuration.

286 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/health
System Health Check Configuration Menu
[System TCP Health Menu]
add - Add TCP services to listen for health check
rem - Remove TCP services from listening
on - Turn system TCP health services ON
off - Turn system TCP health services OFF
cur - Display current TCP health services configuration

Table 6-20 System Health Check Configuration Menu Options (/cfg/sys/health)

Command Syntax and Usage

add <TCP port (2-65534)>


Adds TCP services to listen to the health checks. Specify a TCP service port number, such as 80
for HTTP.

rem <TCP port (2-65534)>


Removes TCP services that were added for listening to health checks. Specify a TCP service port
number, such as 80 for HTTP.

on
Turns on the TCP health check services.

off
Turns off the TCP health check services.

cur
Displays the current TCP health check services configuration.

Chapter 6: The Configuration Menu „ 287


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/access
System Access Control Configuration
[System Access Menu]
mgmt - Management Network Access Menu
port - Port Management Access Menu
user - User Access Control Menu (passwords)
https - HTTPS (Web) Server Access Menu
sshd - SSH Server Menu
xml - XML Configuration Access Menu
http - Enable/disable HTTP (Web) server access
wport - Set HTTP (Web) server port number
snmp - Set SNMP access control
tnport - Set Telnet server port number
rlimit - Set max rate of ARP, ICMP, TCP, or UDP packets to MP
cur - Display current system access configuration

Table 6-21 System Access Configuration Menu Options (/cfg/sys/access)

Command Syntax and Usage

mgmt
Displays the Management Configuration Menu. To view menu options, see page 289.

port
Dispal the port management access menu.To view menu options, see page 291.

user
Displays the User Access Control Menu. To view menu options, see page 291.

https
Displays HTTPS Server Access Menu. To view menu options, see page 295.

http disable|enable
Enables or disables HTTP (Web) access to the browser-based interface. It is disabled by default.

wport <TCP port number (1-65535)>


Sets the switch port used for serving switch Web content. The default is HTTP port 80. If Global
Server Load Balancing is to be used, set this to a different port (such as 8080).

snmp disable|read-only|read-write
Sets the snmp user access level to either disabled, read-only, or read-write.

tnet
Enables or disables Telnet access to the switch. This command is disabled by default. You will see
this command only if you are connected to the switch through the console port.

288 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-21 System Access Configuration Menu Options (/cfg/sys/access)

Command Syntax and Usage

tnport <TCP port number>


The TCP port number that the telnet server listens for telnet sessions. Sets an optional telnet server
port number for cases where the server listens for telnet sessions on a non-standard port.

rlimit <arp|icmp|tcp|udp> <max rate, 0-65535 (pkts/sec)>


Sets switch-wide rate limiting on traffic entering the switch over ARP, ICMP, TCP, or UDP proto-
cols. Specify which protocol you wish to limit. Then specify the maximum rate, which the maxi-
mum number of packets per second that is allowed to enter the switch.

cur
Displays the current configuration.

/cfg/sys/access/mgmt
Management Networks Menu
This menu is used to define IP address ranges which are allowed to access the switch
for management purposes. Nortel Application Switch Operating System 23.0 supports up to 10
management networks.

NOTE – The add and rem commands below replace the /cfg/sys/mnet and /cfg/
sys/mmask commands found in earlier releases of Nortel Application Switch Operating Sys-
tem.

[Management Networks Menu]


add - Add mgmt network definition
rem - Remove mgmt network definition
cur - Display current mgmt network definitions

Chapter 6: The Configuration Menu „ 289


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-22 Management Network Menu Options (/cfg/sys/access/mgmt)

Command Syntax and Usage

add <mgmt network address> <mgmt network mask>


Adds a defined network through which switch access is allowed through Telnet, SNMP, RIP, or
the Nortel Application Switch Operating System browser-based interface. A range of IP addresses
is produced when used with a network mask address. Specify an IP address and mask address in
dotted-decimal notation.

NOTE – If you configure the management network without including the


switch interfaces, it will cause the Firewall Load Balancing health checks
to fail and will create a “Network Down” state on the network.

rem <mgmt network address> <mgmt network mask>


Removes a defined network, which consists of a management network address and a management
network mask address.

cur
Displays the current configuration.

290 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/access/port
Port Management Access Menu
[Port Management Access Menu]
add - Add port with management access
aadd - Add all ports with management access
rem - Remove port from management access
arem - Remove all ports from management access
cur - Display current ports with management access

Table 6-23 Port Management Access Menu Options


Command Syntax and Usage

add <port_number>
Add a port with management access.

aadd
Add all ports with management access.

rem <port_number>
Remove a port from management access.

arem
Remove all ports from management access.

cur
Displays the port numbers that currently have management access.

/cfg/sys/access/user
User Access Control Menu

uid - User ID Menu


usrpw - Set user password (user)
sopw - Set SLB operator password (slboper)
l4opw - Set L4 operator password (l4oper)
opw - Set operator password (oper)
sapw - Set Slb administrator password (slbadmin)
l4apw - Set L4 administrator password (l4admin)
admpw - Set administrator password (admin)
cur - Display current user status

Chapter 6: The Configuration Menu „ 291


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

NOTE – Passwords can be a maximum of 15 characters.

Table 6-24 User Access Control Menu Options (/cfg/sys/access/user)

Command Syntax and Usage

uid <User ID, 1-10>


Displays the User ID Menu. To view menu options, see page 294.

usrpw
Sets the user (user) password. The user has no direct responsibility for switch management. He or
she can view switch status information and statistics, but cannot make any configuration changes.

sopw
Sets the SLB operator (slboper)password. The SLB operator manages Web servers and other
Internet services and their loads. He or she can view all switch information and statistics and can
enable/disable servers using the Server Load Balancing configuration menus.
Access includes “user” functions.

l4opw
Sets the Layer 4 operator (l4oper)password. The Layer 4 operator manages traffic on the lines
leading to the shared Internet services. He or she can view all switch information and statistics.
Access includes “slboper” functions.

opw
Sets the operator (oper)password. The operator password can have a maximum of 15 characters.
The operator manages all functions of the switch. He or she can view all switch information and
statistics and can reset ports or the entire switch.
Access includes “l4oper” functions.

sapw
Sets the SLB administrator (slbadmin) password. Administrator who configures and manages
Web servers and other Internet services and their loads. He or she can view all switch information
and statistics, but can configure changes only on the Server Load Balancing menus. Note that the
Filter Menu options are not accessible to the SLB administrator.
Access includes “l4oper” functions.

l4apw
Sets the Layer 4 administrator (l4admin) password. The Layer 4 administrator configures and
manages traffic on the lines leading to the shared Internet services. He or she can view all switch
information and statistics and can configure parameters on the Server Load Balancing menus, with
the exception of not being able to configure filters.
Access includes “slbadmin” functions.

292 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-24 User Access Control Menu Options (/cfg/sys/access/user)

Command Syntax and Usage

admpw
Sets the administrator (admin) password. The super user administrator has complete access to all
menus, information, and configuration commands on the Nortel Application Switch, including the
ability to change both the user and administrator passwords.
Access includes “oper” and “l4admin” functions.

cur
Displays the current user status.

Chapter 6: The Configuration Menu „ 293


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/access/user/uid
System User ID Configuration Menu
This feature allows the users to operate the real servers assigned to them. Using this command
you can list the current status of the real server including the real server number, the real server
name, the operational state of the real server, and the number of current sessions. You can
enable or disable the real servers and change the password for accessing these real servers.

[User ID 1 Menu]
cos - Set class of service
name - Set user name
pswd - Set user password
add - Add real server
rem - Remove real server
ena - Enable user ID
dis - Disable user ID
del - Delete user ID
cur - Display current user configuration

Table 6-25 User ID Configuration Menu Options (/cfg/sys/access/user/uid)

Command Syntax and Usage

cos <user|slboper|l4oper|oper|slbadmin|l4admin|admin>
Sets the Class-of-Service to define the user’s authority level. Nortel Application Switch Operating
System defines these levels as: User, SLB Operator, Layer 4 Operator, Operator, SLB Administra-
tor, and Administrator, with User being the most restricted level.

name <8 char max>


Defines the user name of maximum eight characters.

pswd <15 char max>


Sets the user password of up to 15 characters maximum.

add <real server number, 1-1023>


Assigns a real server access to this user.

rem <real server number, 1-1023>


Removes a real server access from this user.

ena
Enables the user ID.

dis
Disables the user ID.

294 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-25 User ID Configuration Menu Options (/cfg/sys/access/user/uid)

Command Syntax and Usage

del
Deletes the user ID.

cur
Displays the current user ID configuration.

/cfg/sys/access/https
HTTPS Access Configuration Menu

[https Menu]
https - Enable/Disable HTTPS Web access
port - HTTPS WebServer port number
generate - Generate self-signed HTTPS server certificate
certSave - save HTTPS certificate
cur - Display current SSL Web Access configuration

Table 6-26 HTTPS Access Configuration Menu Options (/cfg/sys/access/https)

Command Syntax and Usage

https
Enables or disables BBI access (Web access) using HTTPS.

port <TCP port number>


Defines the HTTPS Web server port number.

generate
Allows you to generate a certificate to connect to the SSL to be used during the key exchange. A
default certificate is created when HTTPS is enabled for the first time. The user can create a new
certificate defining the information that they want to be used in the various fields. For example:
„ Country Name (2 letter code) [ ]: CA
„ State or Province Name (full name) []: Ontario
„ Locality Name (for example, city) []: Ottawa
„ Organization Name (for example, company) []: Nortel Networks
„ Organizational Unit Name (for example, section) []: Alteon
„ Common Name (for example, user’s name) []: Mr Smith
„ Email (for example, email address) []: info@nortelnetworks.com
You will be asked to confirm if you want to generate the certificate. It will take approximately 30
seconds to generate the certificate. Then the switch will restart SSL agent.

Chapter 6: The Configuration Menu „ 295


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-26 HTTPS Access Configuration Menu Options (/cfg/sys/access/https)

Command Syntax and Usage

certSave
Allows the client, or the Web browser, to accept the certificate and save the certificate to Flash to
be used when the switch is rebooted.

cur
Displays the current SSL Web Access configuration.

296 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/access/sshd
SSH Server Menu
[SSH Server Menu]
sshport - Set SSH server port number
ena - Enable SCP apply and save
on - Turn SSH server ON (SSHv1/SSHv2)
cur - Display current SSH server configuration

Table 6-27 SSH Server Menu Options


Command Syntax and Usage

sshport <TCP_port_number>
Set the server port number.

ena
Sets the SCP apply and save.

on
Set the SSH server to on.

cur
Display the current SSH server configuration.

Chapter 6: The Configuration Menu „ 297


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/access/xml
XML Configuration Access Menu
[XML Config Access Menu]
xml - Enable/disable XML config access
port - Set XML server port number
gtcert - Import XML client certificate
delcert - Delete XML client certificate
dispcert - Display XML client certificate
debug - Debug XML operations
cur - Display current XML config access configuration

Table 6-28 XML Configuration Menu Options


Command Syntax and Usage

xml
Enable or disable XML access. For an example, see page 299

port <TCP_port_number>
Set the XML server port number.

gtcert
Import an XML client certificate.
Enter hostname or IP address of FTP/TFTP server:
Enter name of file on FTP/TFTP server:
Enter username for FTP server or hit return for TFTP server:

delcert
Delete XML client certificate.
Current XML client certificate has been deleted from FLASH

dispcert
Display the current XML certificate.

debug
Toggle Debug mode on or off. Enabling XML debugging causes all commands in the XML file to
be echoed to the Console and prefaces each one with running XML cmd: or Invalid XML cmd:. All
responses to the commands will also be output to the Console.
Current XML debug: enabled
Enter new XML debug [d/e]:

cur
Display current XML configuration.
XML config access currently disabled on TCP port 443
XML debug is enabled
Note: there are pending config changes; use "diff" to see them.

298 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/access/xml/xml
Example of enabling or disabling XML access
Current XML access: disabled
Pending new XML access: enabled
Enter new XML access [d/e]:

Chapter 6: The Configuration Menu „ 299


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/sys/timezone
Configure the Timezone
>> Main# /cfg/sys/timezone
Please identify a location so that time zone rules can be set cor-
rectly.
Please select a continent or ocean.
1) Africa
2) Americas
3) Antarctica
4) Arctic Ocean
5) Asia
6) Atlantic Ocean
7) Australia
8) Europe
9) Indian Ocean
10) Pacific Ocean
11) None - disable timezone setting
Enter the number of your choice: 2
Please select a country.
1) Anguilla 18) Ecuador 35) Paraguay
2) Antigua & Barbuda 19) El Salvador 36) Peru
3) Argentina 20) French Guiana 37) Puerto Rico
4) Aruba 21) Greenland 38) St Kitts & Nevis
5) Bahamas 22) Grenada 39) St Lucia
6) Barbados 23) Guadeloupe 40) St Pierre &
Miquelon
7) Belize 24) Guatemala 41) St Vincent
8) Bolivia 25) Guyana 42) Suriname
9) Brazil 26) Haiti 43) Trinidad & Tobago
10) Canada 27) Honduras 44) Turks & Caicos Is
11) Cayman Islands 28) Jamaica 45) United States
12) Chile 29) Martinique 46) Uruguay
13) Colombia 30) Mexico 47) Venezuela
14) Costa Rica 31) Montserrat 48) Virgin Islands
(UK)
15) Cuba 32) Netherlands Antilles 49) Virgin Islands
(US)
16) Dominica 33) Nicaragua
17) Dominican Republic 34) Panama
Enter the number of your choice: 10

300 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Please select one of the following time zone regions.


1) Newfoundland Island
2) Atlantic Time - Nova Scotia (most places), NB, W Labrador, E Que-
bec & PEI
3) Atlantic Time - E Labrador
4) Eastern Time - Ontario & Quebec - most locations
5) Eastern Time - Thunder Bay, Ontario
6) Eastern Standard Time - Pangnirtung, Nunavut
7) Eastern Standard Time - east Nunavut
8) Eastern Standard Time - central Nunavut
9) Central Time - Manitoba & west Ontario
10) Central Time - Rainy River & Fort Frances, Ontario
11) Central Time - west Nunavut
12) Central Standard Time - Saskatchewan - most locations
13) Central Standard Time - Saskatchewan - midwest
14) Mountain Time - Alberta, east British Columbia & west
Saskatchewan
15) Mountain Time - central Northwest Territories
16) Mountain Time - west Northwest Territories
17) Mountain Standard Time - Dawson Creek & Fort Saint John, British
Columbia
18) Pacific Time - west British Columbia
19) Pacific Time - south Yukon
20) Pacific Time - north Yukon
Enter the number of your choice: 2

/cfg/port <port number>


Port Configuration
The Port Menu enables you to configure settings for individual switch ports. This command is
enabled by default.

Port configuration is different on Nortel Application Switch Operating System 2000 series and 3000
series.

Chapter 6: The Configuration Menu „ 301


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Nortel Application Switch Operating System 2000 Series


The following table displays the number of Fast Ethernet ports and SFP GBIC ports with the
numbering of the ports on Nortel Application Switch Operating System 2000 series:

Table 6-29 Port Configuration and Numbering on Nortel Application Switch Operating
System 2000 Series

Model 10/100 Mbps Fast Ethernet 1000 Mbps SFP GBIC Port
Port Numbers Numbers
Nortel Application Switch 1–8 9–10
2208 (1U)
Nortel Application Switch 1–16 17–18
2216 (1U)
Nortel Application Switch 1–24 25–26
2224 (1U)
Nortel Application Switch 1–24 25–28
2424 (1U)

Fast Ethernet Ports


The RJ-45 jack is used for connecting 10/100 Mbps Ethernet segments to the port. The ports
are auto-sensing, auto-negotiating, and support half or full-duplex operation.

SFP GBIC Ports


The LC jack is used for connecting Gigabit Ethernet fiber optic segments. The SFP modules
are not shipped with the product. You may order the SFP modules from Nortel Networks.

For more information on connectors, please refer to the Hardware Installation Guide for Nortel
Application Switch Operating System.

302 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

The commands on Nortel Application Switch Operating System 2000 series and their description are
as follows:

[Port <port_number> Menu]


fast - Fast Phy Menu
gig - Gig Phy Menu
pvid - Set default port VLAN id
alias - Set port alias
name - Set port name
cont - Set default port BW Contract
nonip - Set BW Contract for non-IP traffic
egbw - Set port egress bandwidth Limit
rmon - Enable/Disable RMON for port
tag - Enable/disable VLAN tagging for port
iponly - Enable/disable allowing only IP related frames at ingress
ena - Enable port
dis - Disable port
cur - Display current port configuration

Table 6-30 Port Configuration Menu Options (/cfg/port)

Command Syntax and Usage

fast
If a port is configured to support Fast Ethernet, this option displays the Fast Ethernet Physical Link
Menu. To view menu options, see page 313.

gig
If a port is configured to support Gigabit Ethernet, this option displays the Gigabit Ethernet Physi-
cal Link Menu. To view menu options, see page 313.

pvid <VLAN number, 1-4090>


Sets the default VLAN number which will be used to forward frames which are not VLAN tagged.
The default number is 1.

alias <15 characters string>


Set an alias for the port number.

name <64 character string>|none


Sets a name for the port. The assigned port name appears next to the port number on some infor-
mation and statistics screens. The default is set to none.

cont <BWM Contract (1-1024)>


Sets the default Bandwidth Management Contract for this port.

nonip <BW Contract number, 1-1024>


Sets the Bandwidth Management contract for non-IP traffic for this port.

Chapter 6: The Configuration Menu „ 303


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-30 Port Configuration Menu Options (/cfg/port)

Command Syntax and Usage

egbw <0k-5000k|1m-100m>
Sets the egress bandwidth limit for the port to avoid overloading the receiving router or switch.
Using this command, you can configure the egress bandwidth limit of the port to match with the
bandwidth link of the receiving router or the switch. This means that the port’s speed will be taken
as the egress bandwidth. For example, the egress bandwidth for an FE port will be 100m. The
default is 0.

NOTE – You need Bandwidth Management license to use this command.

rmon disable|enable
Disables or enables RMON for this port. It is disabled by default.

tag disable|enable
Disables or enables VLAN tagging for this port. It is disabled by default.

iponly disable|enable
Disables or enables allowing only IP-related frames. It is disabled by default.

ena
Enables the port.

dis
Disables the port. (To temporarily disable a port without changing its configuration attributes, refer
to “Temporarily Disabling a Port” on page 314.)

cur
Displays the current port parameters.

/cfg/port <port number> fast|gig


Port Link Configuration
[Fast Link Menu]
speed - Set link speed
mode - Set full or half duplex mode
fctl - Set flow control
auto - Set auto negotiation
cur - Display current fast link configuration

Use these menu options to set port parameters for the port link.

304 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

NOTE – If the port does not have a Gig Ethernet physical link, the following message is dis-
played:
>> Port 1# gig
Current Port 1 does not have Gig Ethernet phy.

NOTE – Since the speed and mode parameters cannot be set for Gigabit Ethernet ports, these
options do not appear on the Gigabit Link Menu.

Link menu options are described in Table 6-38 and appear on the fast and gig port configu-
ration menus for the Nortel Application Switch. Using these configuration menus, you can set
port parameters such as speed, flow control, and negotiation mode for the port link.

Table 6-31 Port Link Configuration Menu Options (/cfg/port/fast|gig)


Command Syntax and Usage
speed 10|100|any
Sets the link speed. Not all options are valid on all ports. The choices include:
„ Any for automatic detection (default)
„ 10 Mbps
„ 100 Mbps
This menu appears only if a Fast Ethernet port is selected.
mode full|half|any
Sets the operating mode. This command is available only in the Fast Link Menu.The choices
include:
„ Any for auto negotiation (default)
„ Full-duplex
„ Half-duplex
This menu appears only if a Fast Ethernet port is selected.
fctl rx|tx|both|none
Sets the flow control. This command is available only in the Fast Link Menu.The choices include:
„ Receive flow control
„ Transmit flow control
„ Both receive and transmit flow control (default)
„ No flow control
auto on|off
Enables or disables auto negotiation for the port.
cur
Displays the current port parameters.

Chapter 6: The Configuration Menu „ 305


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Nortel Application Switch 3000 Series


The following table displays the port configuration and numbering on Nortel Application Switch
3408:

Table 6-32 Port configuration on Nortel Application Switch 3408


Model 10/100/1000Base-T Dual-Mode Port 1000 Mbps SFP
Copper Port Numbers Numbers GBIC Port Numbers
Nortel Application 1, 2, 7, 8 3–6 9–12
Switch 3408 (1U)

Port Configuration on Nortel Application Switch 3408


The Nortel Application Switch 3408 contains 12 ports. Their description is as follows:

„ Four 1000BaseT ports (1, 2, 7, and 8) with RJ-45 connectors. The ports are autonegotiat-
ing and support half or full duplex operation.
„ Four dual-mode ports (3, 4, 5, and 6). These ports have two interfaces each: 1000 Mbps
SFP GBIC and 10/100/1000Base-T Copper. When the 1000 Mbps SFP GBIC port is
selected as the preferred link, it is fixed at 1000 Mbps, full-duplex with autonegotiation
turned on. When the 10/100/1000Base-T copper port is selected as the preferred link, it
can be configured at any speed. However, if 1000 Mbps is selected, autonegotiation must
be turned on. You can set either interface as the preferred or backup link. See “Dual-Mode
Ports” on page 311 for more details.
„ Four Small Form Pluggable (SFP) GBIC Fiber ports (9–12). These ports are designed to
operate at 1000 Mbps and full duplex mode only.

NOTE – For more information on connectors, refer to the Nortel Application Switch Operating
System Hardware Installation Guide Part Number 315393-E.

306 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Single-Mode ports

10/100/1000Base-T Copper Ports


When you select a single-mode copper port (1, 2, 7, or 8), you see the menu below:

[Port 1 Menu]
fast - Fast Phy Menu
gig - Gig Phy Menu
pvid - Set default port VLAN id
alias - Set port alias
name - Set port name
cont - Set default port BW Contract
nonip - Set BW Contract for non-IP traffic
egbw - Set port egress bandwidth Limit
rmon - Enable/Disable RMON for port
tag - Enable/disable VLAN tagging for port
iponly - Enable/disable allow IP related frames at ingress
ena - Enable port
dis - Disable port
cur - Display current port configuration

Table 6-33 Single-Mode Copper Port Configuration Menu Options


(/cfg/port <1, 2, 7, or 8>)
Command Syntax and Usage
gig
If a port is configured to support Gigabit Ethernet, this option displays the Copper Gigabit Ethernet
Physical Link Menu. To view menu options, see page 308.
pvid <VLAN number (1-4090)>
Sets the default VLAN number which will be used to forward frames which are not VLAN tagged.
The default number is 1.
name <64 character string>|none
Sets a name for the port. The assigned port name appears next to the port number on some infor-
mation and statistics screens. The default is set to None.
cont <BWM Contract (1-1024)>
Sets the default Bandwidth Management Contract for this port.
rmon disable|enable
Disables or enables RMON for this port. It is disabled by default.
tag disable|enable
Disables or enables VLAN tagging for this port. It is disabled by default.
iponly disable|enable
Disables or enables allowing only IP-related frames. It is disabled by default.

Chapter 6: The Configuration Menu „ 307


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-33 Single-Mode Copper Port Configuration Menu Options


(/cfg/port <1, 2, 7, or 8>)
Command Syntax and Usage
ena
Enables the port.
dis
Disables the port. (To temporarily disable a port without changing its configuration attributes, refer
to “Temporarily Disabling a Port” on page 314.)
cur
Displays the current port parameters.

/cfg/port <port number> gig


Single-Mode Copper Port Gigabit Ethernet Link Configuration Menu

[GE Copper Link Menu]


speed - Set link speed
mode - Set duplex mode
fctl - Set flow control
auto - Set auto negotiate
cur - Display current ge copper link configuration

Use these menu options to set port parameters for the port link. Link menu options are
described in Table 6-38 and appear on the gig port configuration menus for the Nortel Applica-
tion Switch. Using these configuration menus, you can set port parameters such as speed, flow
control, and negotiation mode for the port link.

Table 6-34 Single-Mode Copper Port Gigabit Ethernet Link Configuration Menu
Options (/cfg/port <1, 2, 7, or 8>/gig)
Command Syntax and Usage
speed 10|100|1000|any
Sets the link speed. Not all options are valid on all ports. The choices include:
„ Any for automatic detection (default)
„ 10 Mbps
„ 100 Mbps
„ 1000 Mbps
mode full|half|any
Sets the operating mode. The choices include:
„ Any for auto negotiation (default)
„ Full-duplex
„ Half-duplex

308 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-34 Single-Mode Copper Port Gigabit Ethernet Link Configuration Menu
Options (/cfg/port <1, 2, 7, or 8>/gig)
Command Syntax and Usage
fctl rx|tx|both|none
Sets the flow control. This command is available only in the Fast Link Menu.The choices include:
„ Receive flow control
„ Transmit flow control
„ Both receive and transmit flow control (default)
„ No flow control
auto on|off
Enables or disables autonegotiation for the port.
cur
Displays the current Gigabit Ethernet copper link port parameters.

1000 Mbps SFP GBIC Fiber SFP Ports


When you select a single-mode SFP fiber port (9–12), you see a slightly different menu as
below:

[Port 9 Menu]
gig - SFP Gig Phy Menu
pvid - Set default port VLAN id
name - Set port name
cont - Set default port BW Contract
egbw - Set port egress bandwidth Limit
rmon - Enable/Disable RMON for port
tag - Enable/disable VLAN tagging for port
iponly - Enable/disable allowing only IP related frames
ena - Enable port
dis - Disable port
cur - Display current port configuration

Table 6-35 Single-Mode SFP Gigabit Ethernet Port Configuration Menu Options
(/cfg/port <9–12>)

Command Syntax and Usage

gig
If a port is configured to support Gigabit Ethernet, this option displays the SFP Gigabit Ethernet
Physical Link Menu. To view menu options, see page 310.

pvid <VLAN number (1-4090)>


Sets the default VLAN number which will be used to forward frames which are not VLAN tagged.
The default number is 1.

Chapter 6: The Configuration Menu „ 309


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-35 Single-Mode SFP Gigabit Ethernet Port Configuration Menu Options
(/cfg/port <9–12>)

Command Syntax and Usage

name <64 character string>|none


Sets a name for the port. The assigned port name appears next to the port number on some infor-
mation and statistics screens. The default is set to None.

cont <BWM Contract (1-1024)>


Sets the default Bandwidth Management Contract for this port.

rmon disable|enable
Disables or enables RMON for this port. It is disabled by default.

tag disable|enable
Disables or enables VLAN tagging for this port. It is disabled by default.

iponly disable|enable
Disables or enables allowing only IP-related frames. It is disabled by default.

ena
Enables the port.

dis
Disables the port. (To temporarily disable a port without changing its configuration attributes, refer
to “Temporarily Disabling a Port” on page 314.)

cur
Displays the current port parameters.

/cfg/port <port number> gig


Single-Mode SFP Gigabit Ethernet Port Link Configuration Menu

[GE SFP Link Menu]


fctl - Set flow control
auto - Set auto negotiate
cur - Display current SFP gig link configuration

Use these menu options to set port parameters for the port link.
Link menu options are described in Table 6-38 and appear on the gig port configuration
menus for the Nortel Application Switch. Using these configuration menus, you can set port
parameters such as flow control, and negotiation mode for the port link.

310 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-36 Single-Mode SFP Gigabit Ethernet Port Link Configuration Menu
Options (/cfg/port <9-12>/gig)
Command Syntax and Usage
fctl rx|tx|both|none
Sets the flow control. The choices include:
„ Receive flow control
„ Transmit flow control
„ Both receive and transmit flow control (default)
„ No flow control
auto on|off
Enables or disables autonegotiation for the port.
cur
Displays the current SFP Gigabit Ethernet link port parameters.

Dual-Mode Ports
When you select any one of the dual-mode ports (3–6), you see the menu below:

[Port 3 Menu]
cop - Copper Gig Phy Menu
sfp - SFP Gig Phy Menu
pref - Set preferred link
back - Set backup link
pvid - Set default port VLAN id
name - Set port name
cont - Set default port BW Contract
rmon - Enable/Disable RMON for port
tag - Enable/disable VLAN tagging for port
iponly - Enable/disable allowing only IP related frames
ena - Enable port
dis - Disable port
cur - Display current port configuration

Table 6-37 Dual-Mode Port Configuration Menu Options (/cfg/port <3–6>)

Command Syntax and Usage

cop
Displays Copper Gigabit Physical Link Menu. To view menu options, see page 313.

sfp
Displays SFP Gigabit Physical Link Menu. To view menu options, see page 314.

Chapter 6: The Configuration Menu „ 311


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-37 Dual-Mode Port Configuration Menu Options (/cfg/port <3–6>)

Command Syntax and Usage

pref copper|sfp
Sets the port preference between copper or SFP mode. The selected port will be used as the pre-
ferred port if both the ports are available.

back copper|sfp|none
Sets the preference for the backup link if the preferred port is not available. You cannot set the pre-
ferred port as the backup port. If you choose none, the port will not switch automatically to the
backup port if the preferred port goes down.

pvid <VLAN number (1-4090)>


Sets the default VLAN number which will be used to forward frames which are not VLAN tagged.
The default number is 1.

name <64 character string>|none


Sets a name for the port. The assigned port name appears next to the port number on some infor-
mation and statistics screens. The default is set to None.

cont <BWM Contract (1-1024)>


Sets the default Bandwidth Management Contract for this port.

rmon disable|enable
Disables or enables RMON for this port. It is disabled by default.

tag disable|enable
Disables or enables VLAN tagging for this port. It is disabled by default.

iponly disable|enable
Disables or enables allowing only IP-related frames. It is disabled by default.

ena
Enables the port.

dis
Disables the port. (To temporarily disable a port without changing its configuration attributes, refer
to “Temporarily Disabling a Port” on page 314.)

cur
Displays the current port parameters.

312 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/port <port number (3–6)> cop


Dual-Mode Copper Port Link Configuration

[GE Copper Link Menu]


speed - Set link speed
mode - Set duplex mode
fctl - Set flow control
auto - Set auto negotiate
cur - Display current ge copper link configuration

Use these menu options to set port parameters for the port link.

Link menu options are described in Table 6-38 and appear on the cop port configuration
menus for the Nortel Application Switch. Using these configuration menus, you can set port
parameters such as speed, flow control, and negotiation mode for the port link.

Table 6-38 Dual-Mode Copper Port Link Configuration Menu Options (/cfg/port
<3–6>/cop)
Command Syntax and Usage
speed 10|100|1000|any
Sets the link speed. Not all options are valid on all ports. The choices include:
„ Any for automatic detection (default)
„ 10 Mbps
„ 100 Mbps
„ 1000 Mbps
mode full|half|any
Sets the operating mode. The choices include:
„ Any for autonegotiation (default)
„ Full-duplex
„ Half-duplex
fctl rx|tx|both|none
Sets the flow control. The choices include:
„ Receive flow control
„ Transmit flow control
„ Both receive and transmit flow control (default)
„ No flow control
auto on|off
Enables or disables auto negotiation for the port.
cur
Displays the current Gigabit Ethernet copper link port parameters.

Chapter 6: The Configuration Menu „ 313


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/port <port number (3–6)> sfp


Dual-Mode SFP Gigabit Link Configuration Menu

[GE SFP Link Menu]


fctl - Set flow control
cur - Display current SFP gig link configuration

Table 6-39 Dual-Mode SFP Gigabit Link Configuration Menu Options


(/cfg/port <3-6>/sfp)

Command Syntax and Usage

fctl rx|tx|both|none
Sets the flow control. The choices include:
„ Receive flow control
„ Transmit flow control
„ Both receive and transmit flow control (default)
„ No flow control

cur
Displays the current SFP Gigabit link port configuration.

Temporarily Disabling a Port


To temporarily disable a port without changing its stored configuration attributes, enter the fol-
lowing command at any prompt:

Main# /oper/port <port number>/dis

Because this configuration sets a temporary state for the port, you do not need to use apply or
save. The port state will revert to its original configuration when the Nortel Application Switch
is reset. See the “Operations Menu” on page 499 for other operations-level commands.

314 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/pmirr
Port Mirroring Menu

[Port Mirroring Menu]


mirror - Enable/Disable Mirroring
monport - Configure Monitor Port
cur - Display All Mirrored and Monitored Ports and VLANs

Port mirroring is disabled by default.

The Port Mirroring Menu is used to configure, enable, and disable the monitored port. When
enabled, network packets being sent and/or received on a target port are duplicated and sent to
a monitor port. By attaching a network analyzer to the monitor port, you can collect detailed
information about your network performance and usage.

Table 6-40 Port Mirroring menu options (/cfg/pmirr)

Command Syntax and Usage

mirror disable|enable
Enables or disables port mirroring

monport <monitoring port (port to mirror to)>


Displays port-mirroring menu options that help configure the port. To view menu options, see
page 315.

cur
Displays the current settings of the mirrored and monitoring ports.

/cfg/pmirr monport
Port-Mirroring Menu
>> Port Mirroring# monport
Enter port (1-28): <port_number>
------------------------------------------------------------
[Port 1 Menu]
add - Add "Mirrored" port and VLANs
rem - Rem "Mirrored" port and VLANs
cur - Display current Port-based Port Mirroring configuration

Chapter 6: The Configuration Menu „ 315


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-41 Port-Based Port-Mirroring Menu Options (/cfg/pmirr/monport)


Command Syntax and Usage
add <mirrored port (port to mirror from)> <direction (in, out, or both)> <vlan index or Carriage
Return for all vlans>
Adds the port to be mirrored. This command also allows you to enter the direction of the traffic. It
is necessary to specify the direction because:
If the source port of the frame matches the mirrored port and the mirrored direction is ingress or
both (ingress and egress), the frame is sent to the mirrored port.
If the destination port of the frame matches the mirrored port and the mirrored direction is egress or
both, the frame is sent to the monitoring port.
VLAN-based port mirroring allows the user to monitor traffic based on VLANs associated with a
port. You can add specific VLAN(s) to a be monitored even if there are multiple VLANs associ-
ated with that port. If you do not specify a VLAN, all traffic on that port will be mirrored.
rem <mirrored port (port to mirror from)> <vlan index or Carriage Return for all vlans>
Removes the mirrored port.
cur
Displays the current settings of the monitoring port. For example:
>> Port 1# cur
Monitoring port (Mirrored port,direction,vlans)
1 none

/cfg/bwm
Bandwidth Management Configuration
Bandwidth Management (BWM) enables Web site managers to allocate a portion of the avail-
able bandwidth for specific users or applications. It allows companies to guarantee that critical
business traffic, such as e-commerce transactions, receive higher priority versus non-critical
traffic. Traffic classification can be based on user or application information. BWM policies
can be configured to set lower and upper bounds on the bandwidth allocation.

NOTE – BWM is a software key-enabled feature that requires users to purchase a license and a
key. In order to enable BWM, users need to enter the Bandwidth Management key using the
/oper/swkey command.

By default, BWM is turned off.

Refer to your Application Guide for more information.

316 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

[Bandwidth Management Menu]


cont - Contract Menu
policy - Policy Menu
group - Group Menu
user - Set SMTP server user name
report - Set IP address of Reporting server
entries - Set number of entries in the BWM IP user table
frequen - Set the frequency of BWM statistics in minutes
email - Enable/disable sending BWM statistics via email
force - Enable/disable enforce policies
on - Globally turn Bandwidth Management processing ON
off - Globally turn Bandwidth Management processing OFF
cur - Display current Bandwidth Management configuration

NOTE – Up to 1024 bandwidth management contracts can be configured on the Nortel Appli-
cation Switch Operating System.

Table 6-42 Bandwidth Management Menu Options (/cfg/bwm)

Command Syntax and Usage

cont <BW contract number (1-1024)>


Displays the Bandwidth Management Contract Menu. To manage bandwidth on an Nortel
Application Switch, you must create one or more bandwidth management contracts. The
switch uses these contracts to limit individual traffic flows. For further details, see the
Nortel Application Switch Operating System 23.0.2 Application Guide.
By default, this option is disabled. To view menu options, see page 319.

policy <BW policy number (1-512)>


Displays the Bandwidth Management Policy Menu. Bandwidth policies are bandwidth limita-
tions defined for any set of frames, specifying the guaranteed bandwidth rates. A band-
width policy is often based on a rate structure whereby a Web host could charge a
customer for bandwidth utilization. For further details, see the Nortel Application Switch
Operating System 23.0.2 Application Guide.
To view menu options, see page 322.

group <BW Group number (1-32)>


Displays the Bandwidth Management Group Menu. To view menu options, see page 323.

user <user name>


Sets the SMTP user name to whom the history statistics will be mailed. The default is set to None.

report <IP4 address> | <IP6 address>


Set the IP address of the Reporting Server.

Chapter 6: The Configuration Menu „ 317


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-42 Bandwidth Management Menu Options (/cfg/bwm)

Command Syntax and Usage

entries <64k|128k|256k|512k>
Sets the number of entries in the Bandwidth Management IP user table.

frequen <1-1440 minutes, 0 for default behavior>


Sets the frequency of Bandwidth Management email in minutes. The default is set to 0.

email disable|enable
Enable/disable sending BWM statistics using email. When this option is disabled, these statistics
are sent using a socket mechanism.

force disable|enable
Enables or disables the enforcement of bandwidth policy on the traffic. When disabled, the reor-
dering of the packets does not occur. The packets will exit in the order they came in. This means
that no bandwidth limit is applied on the queues. By default, this option is enabled.

on
Globally enables Bandwidth Management on this switch.

off
Globally disables Bandwidth Management on this switch.

cur
Displays the current Bandwidth Management configuration.

318 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/bwm/cont <contract number>


Bandwidth Management Contract Configuration
[BW Contract <1 to 1024> Menu]
timepol - Time policy Menu
name - Set Contract name
policy - Set Contract Policy
prec - Set Contract Precedence
iptype - Set user (IP address) limiting type for this contract
pmirr - Set monitoring port for packet mirroring
iplimit - Enable/disable user (IP address) limiting for this contract
history - Enable/disable Saving Contract stats history
wtos - Enable/disable overwriting IP TOS for this Contract
mononly - Enable/disable monitor-only mode for this Contract
shaping - Enable/disable traffic shaping - disable is rate limiting
wtcpwin - Enable/disable overwriting TCP Window for this Contract
ena - Enable BW Contract
dis - Disable BW Contract
del - Delete BW Contract
cur - Display current BW Contract configuration

Table 6-43 Bandwidth Management Policy Menu Options (/cfg/bwm/cont)


Command Syntax and Usage
timepol <BW Contract time policy number (1-2)>
Displays Time Policy Menu. To view menu options, see page 320.
name <31 character name>
Sets the name for this Bandwidth Management contract.
>> BW Contract 1# name
Current BW Contract name:
Enter new BW Contract name:
policy <Bandwidth policy number (1-512)>
Sets the policy number for this Bandwidth Management contract. The default policy number is 64.
prec <Bandwidth precedence value (1-255)>
Sets the precedence value for this Bandwidth Management contract. The default value is 1.
iptype <sip|dip>
Defines the IP type for this contract, whether the user (IP address) limiting is enforced by the
source IP address (SIP) or the destination IP address (DIP).
pmirr <port | none>
Defines a port to mirror contract packets to. Enter a valid port to enable this feature or none
to disable it. This command is available in maintenance mode only.

Chapter 6: The Configuration Menu „ 319


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-43 Bandwidth Management Policy Menu Options (/cfg/bwm/cont)


Command Syntax and Usage
iplimit disable|enable
Enables or disables user (IP address) limiting for this contract. If enabled, each IP address is lim-
ited to the user limit configured in /cfg/bwm/policy on page 322.
history disable|enable
Disables or enables saving statistics for this contract on the server. By default, it is enabled.
wtos disable|enable
Disables or enables overwriting the IP Type of Service (TOS) for this contract. By default, it is dis-
abled.
mononly disable|enable
Enables or disables monitor-only mode for this Contract. This command is used for design and
auditing purposes only. The statistics are generated but no shaping or limiting will apply to this
contract.
shaping disable|enable
Disables or enables shaping of the traffic for this contract. In this context, shaping means buffering
a packet and keeping it ready to be sent.
wtcpwin disable|enable
Enables or disables overwriting TCP Window for this Contract. By overwriting the default win-
dow size, the user can modify the TCP window size to a lower value so that when the packet
arrives carrying the bytes within that window size, the receiver of that packet does not have to wait
for acknowledgement. This may help reduce the traffic congestion.
Do not set the value to lower than 1500 bytes. For details, refer to the Application Guide.
ena
Enables this Bandwidth Management contract.
dis
Disables this Bandwidth Management contract.
del
Removes this contract from the switch.
cur
Displays the current Bandwidth Management contract configuration.

/cfg/bwm/cont <contract number>/timepol


<Contract time policy number>
BWM Contract Time Policy Configuration Menu

320 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

This feature enables the user to configure different policies based on the time of the day using
the following menu and commands:

[BW Contract 1 Time Policy 1 Menu]


day - Set Time Policy day
from - Set Time Policy from hour
to - Set Time Policy to hour
policy - Set Time Policy
enable - Enable Time Policy
disable - Disable Time Policy
delete - Delete Time Policy
cur - Display current Time Policy configuration

Table 6-44 BWM Contract Time Policy Configuration Menu Options (/cfg/bwm/
timepol)

Command Syntax and Usage

day <mon|tue|wed|thu|fri|sat|sun|weekday|weekend|everyday>
Defines the day(s) of the week, weekdays (Monday to Friday), weekend (Saturday and Sunday) or
everyday. The default is everyday.

from <1-12am/pm>
Defines the time from where you need to start the time in hours. If am or pm is not specified, the
switch will default to am for numbers lower than 12 and will default to pm for numbers 13 or
higher.

to <1-12am/pm>
Sets the end limit of time in hours. If am or pm is not specified, the switch will default to am for
numbers lower than 12 and will default to pm for numbers 13 or higher.

policy <BW Policy number, 1-512>


Defines the policy number for the contract.

enable
Enables the Time Policy command on the switch.

disable
Disables the Time Policy command on the switch.

delete
Deletes the current Time Policy.

cur
Displays the current Time Policy configuration on the switch. For example:
Time Policy 1:
Day everyday, From Hour 12am, To Hour 12am, Policy 512, disabled

Chapter 6: The Configuration Menu „ 321


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/bwm/policy <policy number>


Bandwidth Management Policy Configuration
[Policy 1 Menu]
hard - Set hard Limit
soft - Set soft Limit
resv - Set Reservation Limit
userlim - Set per user (IP address) Limit
utos - Set underlimit (soft limit) TOS
otos - Set overlimit (soft limit) TOS
buffer - Set Buffer Limit
del - Delete BW Policy
cur - Display current Policy configuration

Table 6-45 Bandwidth Management Policy Menu Options (/cfg/bwm/pol)

Command Syntax and Usage

hard <0k-5000k|1m-1000m>
Sets the hard bandwidth limit for this policy. This is the highest amount of bandwidth available to
this policy. The default value is 2000 kbps.

soft <0k-5000k|1m-1000m>
Sets the soft bandwidth limit for this policy. The default value is 1000 kbps.

resv <0k-5000k|1m-1000m>
Sets the reserve limit for this policy. This is the amount of bandwidth always available to this pol-
icy. The default value is 500Kbytes.

userlim <0k-5000k|1m-1000m>
Sets the bandwidth limit for each IP address in the contract traffic.

utos <BW Policy TOS (0-255)>


Sets the new utos (underlimit TOS) value to overwrite the original TOS value if the traffic for
this contract is under the soft limit. With this option set to the default value of “0,” the switch will
not overwrite the TOS value.

otos <BW Policy TOS (0-255)>


Sets the new otos (over the limit TOS) value to overwrite the original TOS value if the traffic for
this contract is over the soft limit. With this option set to the default value of “0,” the switch will
not overwrite the TOS value.

buffer <Maximum buffer space (bytes) (8192-128000)>


Sets the buffer limit for this policy. The default value is 8192 bytes.

322 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-45 Bandwidth Management Policy Menu Options (/cfg/bwm/pol)

Command Syntax and Usage

del
Deletes the bandwidth management policy.

cur
Displays the current value of the bandwidth policy configuration.

/cfg/bwm/group
Bandwidth Management Group Configuration Menu
[BW Group 1 Menu]
add - Add Contract to this group
rem - Remove Contract from this group
del - Delete BW Group
cur - Display current BW Group configuration

Table 6-46 Bandwidth Management Group Menu Options (/cfg/bwm/group)

Command Syntax and Usage

add <BW Contract number, 1-1023 excluding default>


Adds a contract to this group.

rem <BW Contract number, 1-1023 excluding default>


Removes a contract from this group.

del
Deletes this Bandwidth Management group.

cur
Displays all current Bandwidth Management Group configurations.

Chapter 6: The Configuration Menu „ 323


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/bwm/cur
Bandwidth Management Current Configuration
Current Bandwidth Management setting: ON
Policy Enforcement: enabled
SMTP server user name:

Contract Name Policy Prec Hist TOS State Shaping


1 cont_1 1 1 E E E E
2 cont_2 2 1 E D D D
1024 Default -- 0 E D E D
*Default contract gets all the BW that is available on
a port after the active contracts reserved BW is taken.

Policy Hard Soft Resv oTOS uTOS Buffer


1 25M 20M 500K 150 100 16320
2 10M 8M 500K 0 0 16320
3 2M 1M 500K 0 0 16320
4 2M 1M 500K 0 0 16320
5 2M 1M 500K 0 0 16320
6 2M 1M 500K 0 0 16320
7 2M 1M 500K 0 0 16320
8 2M 1M 500K 0 0 16320
9 2M 1M 500K 0 0 16320
10 2M 1M 500K 0 0 16320
11 2M 1M 500K 0 0 16320
12 2M 1M 500K 0 0 16320
13 2M 1M 500K 0 0 16320
14 2M 1M 500K 0 0 16320
15 2M 1M 500K 0 0 16320
16 2M 1M 500K 0 0 16320
17 2M 1M 500K 0 0 16320
18 2M 1M 500K 0 0 16320
19 2M 1M 500K 0 0 16320
20 2M 1M 500K 0 0 16320
21 2M 1M 500K 0 0 16320
22 2M 1M 500K 0 0 16320
23 2M 1M 500K 0 0 16320
24 2M 1M 500K 0 0 16320
25 2M 1M 500K 0 0 16320
26 2M 1M 500K 0 0 16320
27 2M 1M 500K 0 0 16320
28 2M 1M 500K 0 0 16320
29 2M 1M 500K 0 0 16320
30 2M 1M 500K 0 0 16320

324 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l2
Layer 2 Configuration Menu

[Layer 2 Menu]
mrst - Multiple Spanning Tree/Rapid Spanning Tree Menu
stg - Spanning Tree Menu
trunk - Trunk Group Menu
lacp - Link Aggregation Control Protocol Menu
vlan - VLAN Menu
team - Port Teaming Menu
ntmstg - Enable/disable Nortel multiple STG mode
cur - Display current layer 2 parameters

Table 6-47 Layer 2 Configuration Menu Options (/cfg/l2)


Command Syntax and Usage
mrst
Go to the Multiple/Rapid Spanning Tree menu. See page 326.
stg <group number [1-16]>
Displays Spanning Tree Group Menu. To view menu options, see page 329.
trunk <trunk group number>
Displays Trunk Group Menu. To view menu options, see page 333.
lacp
Displays Link Aggregation Control Protocol (LACP) Menu. To view menu options, see page 335.
vlan <VLAN number (1-4090)>
Displays VLAN Menu. To view menu options, see page 339.
team
Go to the port teaming menu. See page 341.
ntmstg disable|enable
Enables or disables Nortel Multiple Spanning Tree Group mode. When Nortel multiple STG mode
is enabled, the Nortel implementation of multiple STGs will be followed. When Nortel multiple
STG mode is disabled, the Cisco implementation of multiple STGs will be followed. The ntm-
stg enabled device will not work with the device configured for Cisco implementation of Span-
ning Tree BPDUs. The factory default value of this command is Nortel multiple STG mode
disabled.
You need to reset the switch with the command /boot/reset for the Spanning Tree Group con-
figuration to change to ntmstg enabled.
cur
Displays the current Layer 2 parameters.

Chapter 6: The Configuration Menu „ 325


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l2/mrst
Multiple Spanning Tree Menu
[Multiple Spanning Tree Menu]
cist - Common and Internal Spanning Tree menu
name - Set MST region name
version - Set Version of this MST region
maxhop - Set Maximum Hop Count for MST (4 - 60)
mode - Spanning Tree Mode
on - Globally turn Multiple Spanning Tree (MSTP/RSTP) ON
off - Globally turn Multiple Spanning Tree (MSTP/RSTP) OFF
cur - Display current MST parameters

Table 6-48 Multiple Spanning Tree Menu Options


Command Syntax and Usage

cist
Go to the Common and Internal Spanning Tree menu. See page 327.

name <1-32 character region name>


Set the MST region name.

version <version number 1-65535>


Set the MST region version.

maxhop <max hops 4-60>


Set the maximum MST hop count.

mode mstp|rstp
Set the spanning tree mode.

on
Set the spanning tree on (Bridge MSTP/RSTP runs normally).

off
Set the spanning tree off (Bridge MSTP/RSTP does not run).

cur
Display the current MST parameters.

326 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l2/mrst/cist
Multiple Spanning Tree Menu
[Common Internal Spanning Tree Menu]
brg - CIST Bridge parameter menu
port - CIST Port parameter menu
default - Default Common Internal Spanning Tree and Member parms
cur - Display current CIST parameters

Table 6-49 Mupltiple Spanning Tree CIST Bridge Menu Options


Command Syntax and Usage

brg
Go to the CIST Bridge parameter menu. See page 328.

port <port_number>
Set the port number.

default
Resets STG and Group member parameters to factory default.

cur
Displays current values of all objects settable from this menu.

Chapter 6: The Configuration Menu „ 327


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l2/mrst/cist/brg
CIST Bridge Menu
[CIST Bridge Menu]
prior - Set CIST bridge Priority (0-65535)
mxage - Set CIST bridge Max Age (6-40 secs)
fwd - Set CIST bridge Forward Delay (4-30 secs)
cur - Display current CIST bridge parameters

Table 6-50 Mupltiple Spanning Tree CIST Bridge Menu Options


Command Syntax and Usage

prior <new bridge Priority, 0-65535>


Set the bridge priority.

mxage <new bridge Max Age, 6-40 secs>


Set the port number.

fwd <new bridge Forward Delay, 4-30 secs>


Set the CIST bridge forward delay.

cur
Displays current values of all objects settable from the CIST bridge menu.

/cfg/l2/mrst/cist/brg cur
Current configuration for CIST Bridge
>> CIST Bridge# cur
------------------------------------------------------------------
Current Common Internal Spanning Tree settings:
Bridge params: Priority MaxAge FwdDel
32768 20 15

Table 6-51 CIST bridge configuration


Statistics Description

Priority The current CIST Bridge priority setting. Priority is a value between
0 and 65535.

MaxAge The current CIST Bridge maximum aging setting. MaxAge is a


value in seconds between 6 and 40.

FwdDel The current CIST Bridge forwarding delay setting. FwdDel is a


value in seconds between 4 and 30.

328 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l2/stg
Spanning Tree Group Configuration
When multiple paths exist on a network, Spanning Tree Protocol (STP) configures the network
so that a switch uses only the most efficient path. Spanning Tree Protocol (STP) detects and
eliminates logical loops in a bridged or switched network. STP forces redundant data paths
into a standby (blocked) state. When multiple paths exist, Spanning Tree configures the net-
work so that a switch uses only the most efficient path. If that path fails, Spanning Tree auto-
matically sets up another active path on the network to sustain network operations. Thus, STP
is used to prevent loops in the network topology.

Nortel Application Switch Operating System supports the IEEE 802.1p Spanning Tree Proto-
col (STP). Nortel Application Switch Operating System supports up to 16 instances of Span-
ning Trees or Spanning Tree groups. Each VLAN can be placed in only one Spanning Tree
group per switch except for the default Spanning Tree group (STG 1). The default Spanning
Tree group (1) can have more than one VLAN. All other Spanning Tree groups (2-16) can
have only one VLAN associated with it. Spanning Tree can be enabled or disabled for each
port. Multiple Spanning Trees can be enabled on tagged or untagged ports. See your Applica-
tion Guide for a detailed description of this feature and how to configure Spanning Tree
Groups on the switch.

This command is turned on by default.

[Spanning Tree Group 1 Menu]


brg - Bridge parameter menu
port - Port parameter menu
add - Add VLAN(s) to Spanning Tree Group
remove - Remove VLAN(s) from Spanning Tree Group
clear - Remove all VLANs from Spanning Tree Group
on - Globally turn Spanning Tree ON
off - Globally turn Spanning Tree OFF
default - Default Spanning Tree and Member parameters
cur - Display current bridge parameters

Chapter 6: The Configuration Menu „ 329


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

NOTE – When VRRP is used for active/active redundancy, STP must be enabled.

Table 6-52 Spanning Tree Configuration Menu (/cfg/l2/stp)

Command Syntax and Usage

brg
Displays the Bridge Spanning Tree Menu. To view menu options, see page 331.

port <port number>


Displays the Spanning Tree Port Menu. To view menu options, see page 332.

add <VLAN numbers (1-4090)>


Associates a VLAN with a spanning tree and requires an external VLAN ID as a parameter.

remove <VLAN numbers, 1-4095 (802.1d & RSTP) / 2-4094 (MSTP)>


Breaks the association between a VLAN and a spanning tree and requires an external VLAN ID as
a parameter.

clear
Removes all VLANs from a spanning tree.

on
Globally enables Spanning Tree Protocol.

off
Globally disables Spanning Tree Protocol.

default
Resets STG and Group member parameters to factory default.

cur
Displays the current Spanning Tree Protocol parameters.

330 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l2/stg/brg
Bridge Spanning Tree Configuration
[Bridge Spanning Tree Menu]
prior - Set bridge Priority [0-65535]
hello - Set bridge Hello Time [1-10 secs]
mxage - Set bridge Max Age (6-40 secs)
fwd - Set bridge Forward Delay (4-30 secs)
aging - Set bridge Aging Time (1-65535 secs, 0 to disable)
cur - Display current bridge parameters

Spanning Tree bridge parameters affect the global STP operation of the switch. STP bridge
parameters include:

„ Bridge priority
„ Bridge hello time
„ Bridge maximum age
„ Forwarding delay
„ Bridge aging time

Table 6-53 Bridge Spanning Tree Menu Options (/cfg/l2/stp/brg)

Command Syntax and Usage

prior <new bridge priority (0-65535)>


Configures the bridge priority. The bridge priority parameter controls which bridge on the network
is the STP root bridge. To make this switch the root bridge, configure the bridge priority lower
than all other switches and bridges on your network. The lower the value, the higher the bridge pri-
ority. The range is 0 to 65535, and the default is 32768.

hello <new bridge hello time (1-10 secs)>


Configures the bridge hello time.The hello time specifies how often the root bridge transmits a
configuration bridge protocol data unit (BPDU). Any bridge that is not the root bridge uses the root
bridge hello value. The range is 1 to 10 seconds, and the default is 2 seconds.

mxage <new bridge max age (6-40 secs)>


Configures the bridge maximum age. The maximum age parameter specifies the maximum time
the bridge waits without receiving a configuration bridge protocol data unit before it re configures
the STP network. The range is 6 to 40 seconds, and the default is 20 seconds.

fwd <new bridge Forward Delay (4-30 secs)>


Configures the bridge forward delay parameter. The forward delay parameter specifies the amount
of time that a bridge port has to wait before it changes from the listening state to the learning state
and from the learning state to the forwarding state. The range is 4 to 30 seconds, and the default is
15 seconds.

Chapter 6: The Configuration Menu „ 331


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-53 Bridge Spanning Tree Menu Options (/cfg/l2/stp/brg)

Command Syntax and Usage

aging <new bridge Aging Time (1-65535 secs, 0 to disable)>


Configures the forwarding database aging time. The aging time specifies the amount of time the
bridge waits without receiving a packet from a station before removing the station from the for-
warding database. The range is 1 to 65535 seconds, and the default is 300 seconds. To disable
aging, set this parameter to 0.

cur
Displays the current bridge STP parameters.

When configuring STP bridge parameters, the following formulas must be used:

„ 2*(fwd-1) > mxage


„ 2*(hello+1) < mxage

/cfg/l2/stg <STG Group Index>/port <port #>


Spanning Tree Port Configuration

[Spanning Tree Port 1 Menu]


prior - Set port Priority (0-255)
cost - Set port Path Cost
link - Set port link type (auto,p2p,or shared; default: auto)
edge - Enable/disable edge port
on - Turn port's Spanning Tree ON
off - Turn port's Spanning Tree OFF
cur - Display current port Spanning Tree parameters

Spanning Tree port parameters are used to modify STP operation on an individual port basis.
STP port parameters include:

„ Port priority
„ Port path cost
STP is turned on by default for the port.

332 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-54 Spanning Tree Port Menu (/cfg/l2/stp/port)

Command Syntax and Usage

prior <new port Priority (0-255)>


Configures the port priority. The port priority helps determine which bridge port becomes the des-
ignated port. In a network topology that has multiple bridge ports connected to a single segment,
the port with the lowest port priority becomes the designated port for the segment. The range is 0
to 255, and the default is 128.

cost <new port Path Cost (1-65535, 0 for default)>


Configures the port path cost. The port path cost is used to help determine the designated port for a
segment. Generally speaking, the faster the port, the lower the path cost. The range is 1 to 65535.
The default is 10 for 100Mbps ports, and 1 for Gigabit ports. A value of 0 indicates that the default
cost will be computed for an auto negotiated link speed.

link auto|p2p|shared
Set port link type (auto, p2p, or shared; default: auto)

edge disable|enable
Enable/disable edge port

on
Enables STP on the port.

off
Disables STP on the port.

cur
Displays the current STP port parameters.

/cfg/l2/trunk <trunk group number>


Trunk Configuration
Trunk groups can provide super-bandwidth and multi-link connections between Nortel Applica-
tion Switches or other trunk capable devices. A trunk group is a group of ports that act together,
combining their bandwidth to create a single, larger virtual link. When trunk groups are config-
ured, you can view the state of each port in the various trunk groups. Up to 12 trunk groups can
be configured on the Nortel Application Switch, with the following restrictions:

„ Any physical switch port can belong to no more than one trunk group.
„ Up to eight ports/trunks can belong to the same trunk group.
„ Best performance is achieved when all ports in a trunk are configured for the same speed.

Chapter 6: The Configuration Menu „ 333


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

„ Trunking from non-Nortel devices must comply with Cisco® EtherChannel® technology.
By default, the trunk group is empty and disabled.

[Trunk group 1 Menu]


cont - Set BW contract for this trunk group
add - Add port to trunk group
rem - Remove port from trunk group
ena - Enable trunk group
dis - Disable trunk group
del - Delete trunk group
cur - Display current Trunk Group configuration

Table 6-55 Trunk Configuration Menu Options (/cfg/l2/trunk)


Command Syntax and Usage
cont <BWM Contract (1-1024)>
Sets the default Bandwidth Management Contract for this trunk group. By default, the contract
number is 1024 for AD3 and 1024 for AD4.
add <port number>
Adds a physical port to the current trunk group.
rem <port number>
Removes a physical port from the current trunk group.
ena
Enables the current trunk group.
dis
Turns the current trunk group off.
del
Removes the current trunk group configuration.
cur
Displays the current trunk group parameters.

334 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l2/lacp
Link Aggregation Control Protocol Menu
Nortel Application Switch Operating System 23.0.2 supports IEEE 802.3ad standard on the
Nortel Application Switch Operating System. At the core of the 802.3ad standard is Link
Aggregation Control Protocol (LACP). This protocol allows the user to group several physical
ports into one logical port (LACP trunk group) with any switch that supports IEEE 802.3ad
standard (LACP). You can configure the trunk groups manually called the static trunks as well
as you can configure dynamic trunk group using the IEEE 802.3ad standard called the LACP
trunks. The maximum number of configurable trunk groups are 40: 12 user configurable trunks
and 28 LACP trunks depending upon the maximum number of ports in the switch. The maxi-
mum number of active physical ports in any trunk group is eight and the number of standby
ports is also eight.

The 802.3ad standard allows two or more standard Ethernet links to form a single Layer 2 link
using the Link Aggregation Control Protocol (LACP). Link aggregation is a method of group-
ing physical link segments of the same media type and speed in full duplex, and treating them
as if they were part of a single, logical link segment. If a link in a LACP trunk group fails, traf-
fic is reassigned dynamically to the remaining links of the LACP trunk group or is assigned to
the standby LACP links.

NOTE – Refer to IEEE 802.3ad-2000 for a detailed information about the standard.

LACP automatically determines which member links can be aggregated and then aggregates
them. It provides for the controlled addition and removal of physical links for the link aggrega-
tion.

Each external port in the Nortel Application Switch Operating System can have one of the fol-
lowing LACP modes.

„ off (default)
The user can configure this port to a regular static trunk group. When the system initial-
izes, all ports are in off mode by default.
„ active
The port is capable of forming an LACP trunk. This port initiates negotiation with the
partner system port by sending LACPDU (Link Aggregation Control Protocol Data Unit)
packets.

Chapter 6: The Configuration Menu „ 335


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

„ passive
The port is capable of forming an LACP trunk. This port only responds to the negotiation
requests sent from an LACP active port.
Each LACP active or passive port needs an admin, an operational key, and an aggregator
for LACP to start negotiation on these ports. You need to assign the same admin key to a group
of ports to make them aggregatable. The link can generate Link Aggregation ID (LAG ID)
based on the operational key. All the aggregatable ports must have the same LAG ID. You can
form an active LACP trunk group with all the ports that have the same LAG ID.

Please refer to your Nortel Application Switch Operating System Application Guide for a
detailed information on this protocol.

NOTE – All ports are in LACP off mode by default.

Use the following commands to configure LACP on the Nortel Application Switch Operating
System.

[LACP Menu]
sysprio - Set LACP system priority
timeout - Set LACP system timeout scale for timing out partner info
port - LACP port Menu
cur - Display current LACP configuration

Table 6-56 Link Aggregation Control Protocol Menu Options (/cfg/l2/lacp)

Command Syntax and Usage

sysprio <1-65535>
Defines the priority value (1 through 65535) for the Nortel Application Switch Operating Sys-
tem. Lower numbers provide higher priority.
System priority is used when there are more than eight ports configured with the same admin-
key. The system priority, in conjunction with port priority, decides which eight ports should be
combined to form a trunk group between two switches. The rest of the ports stay in standby mode
to substitute for any failed ports.
The default value is 32768.

timeout <short|long>
Defines the timeout period before invalidating LACP data from a remote partner. You can choose
between short (3 seconds) or long (90 seconds) timeout periods. The default value is long.

336 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-56 Link Aggregation Control Protocol Menu Options (/cfg/l2/lacp)

Command Syntax and Usage

port <port number>


Displays the LACP Port menu. To view menu options, see page 338.

cur
Displays the current LACP configuration.

Chapter 6: The Configuration Menu „ 337


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l2/lacp/port <port number>


LACP Port Configuration Menu
[LACP Port 1 Menu]
mode - Set LACP mode
prio - Set LACP port priority
adminkey - Set LACP port admin key
cur - Display current LACP port configuration

Use the following commands to configure Link Aggregation Control Protocol (LACP) on a
selected port.

Table 6-57 Link Aggregation Control Protocol Port Configuration Menu Options
(/cfg/l2/lacp/port #)

Command Syntax and Usage

mode <off for no LACP or active or passive>


„ off: Using this option, you can turn LACP off for this port. You can use this port to manually
configure a static trunk. All ports are in off mode by default.
„ active: Using this option, you can turn LACP on and set this port to active. Only active
ports initiate negotiation with the partner system port by sending the LACPDU packets.
„ passive: Using this option, you can turn LACP on and set this port to passive mode.
Passive ports do not initiate negotiation, but only respond to the negotiation requests from
active ports.

prio <1-65535>
Sets the priority value for the selected port. Lower numbers provide higher priority. The default
value is 128.

adminkey <1-65535>
Sets the admin key for this port. Only ports with the same admin key and oper key (operational
state generated internally) can form an LACP trunk group.

cur
Displays the current LACP configuration for this port.

338 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l2/vlan <VLAN number>


VLAN Configuration
VLANs are commonly used to split up groups of network users into manageable broadcast
domains, to create logical segmentation of workgroups, and to enforce security policies among
logical segments. The commands in this menu configure VLAN attributes, change the status of
the VLAN, delete the VLAN, and change the port membership of the VLAN. For more infor-
mation on configuring VLANs, see “Setup Part 3: VLANs” on page 41.

By default, the VLAN menu option is disabled except VLAN 1, which is enabled all the time.

[VLAN 1 Menu]
name - Set VLAN name
stg - Assign VLAN to a Spanning Tree Group
cont - Set BW contract
add - Add port to VLAN
rem - Remove port from VLAN
def - Define VLAN as list of ports
jumbo - Enable/disable Jumbo Frame support
learn - Enable/disable smac learning
ena - Enable VLAN
dis - Disable VLAN
del - Delete VLAN
cur - Display current VLAN configuration

Table 6-58 VLAN Configuration Menu Options (/cfg/l2/vlan)

Command Syntax and Usage

name
Assigns a name to the VLAN or changes the existing name. The default VLAN name is the first
one.

stg <Spanning Tree Group index (1-16)>


Assigns a VLAN to a Spanning Tree Group.

cont <BW Contract number, (1-1024)>


Sets the Bandwidth Management contract for this VLAN. The default contract number is 1024 on
AD3 and AD4.

add <port number>


Adds port(s) or trunk group(s) to the VLAN membership.

rem <port number>


Removes port(s) or trunk group(s) from this VLAN.

Chapter 6: The Configuration Menu „ 339


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-58 VLAN Configuration Menu Options (/cfg/l2/vlan)

Command Syntax and Usage

def <list of port numbers>


Defines which ports are members of this VLAN. Every port must be a member of at least one
VLAN. By default, it defines ports between 1-28 for VLAN 1.

jumbo disable|enable
Enables or disables jumbo frame support on this VLAN. You need to reset the switch using
/boot/reset command to enable jumbo frames on the switch.

learn disable|enable
Enables or disables source MAC address learning on this VLAN.

ena
Enables this VLAN.

dis
Disables this VLAN without removing it from the configuration.

del
Deletes this VLAN.

cur
Displays the current VLAN configuration.

NOTE – All ports must belong to at least one VLAN. Any port which is removed from a
VLAN and which is not a member of any other VLAN is automatically added to default
VLAN #1. You cannot remove a port from VLAN #1 if the port has no membership in any
other VLAN.
Also, you cannot add a port to more than one VLAN unless the port has VLAN tagging turned
on (see the tag command on page 307).

340 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l2/team <team number>


Port Team Configuration
Port teams are used to operationally link ports and interfaces together.

[Port team 1 Menu]


addport - Add port to team
remport - Remove port from team
addtrunk - Add trunk group to team
remtrunk - Remove trunk group from team
ena - Enable port team
dis - Disable port team
del - Delete port team
cur - Display current port team configuration

Table 6-59 outlines the commands in this menu.

Table 6-59 Port Team Configuration Menu

Command Syntax and Usage

addport <port number>


Adds the specified port to the current team.

remport <port number>


Removes the specified port from the current team.

addtrunk <trunk group number>


Adds a trunk group to the current team.

remtrunk <trunk group number>


Removes a trunk group from the current team.

ena
Enables the port team.

dis
Disables the port team.

del
Deletes the port team.

cur
Displays the current port team configuration.

Chapter 6: The Configuration Menu „ 341


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3
Layer 3 Configuration Menu

[Layer 3 Menu]
if - Interface Menu
gw - Default Gateway Menu
route - Static Route Menu
arp - ARP Menu
frwd - Forwarding Menu
nwf - Network Filters Menu
rmap - Route Map Menu
rip - Routing Information Protocol Menu
ospf - Open Shortest Path First (OSPF) Menu
bgp - Border Gateway Protocol Menu
port - IP Port Menu
dns - Domain Name System Menu
bootp - Bootstrap Protocol Relay Menu
vrrp - Virtual Router Redundancy Protocol Menu
rtrid - Set router ID
metrc - Set default gateway metric
cur - Display current IP configuration

Table 6-60 Layer 3 Configuration Menu Options (/cfg/l3)


Command Syntax and Usage
if <interface number (1-256)>
Displays the IP Interface Menu. To view menu options, see page 344.
gw <default gateway number (1-259)>
Displays the IP Default Gateway Menu. To view menu options, see page 346.
route
Displays the IP Static Route Menu. To view menu options, see page 348.
arp
Displays Address Resolution Protocol menu. To view menu options, see page 348.
frwd
Displays the IP Forwarding Menu. To view menu options, see page 350.
nwf <Network filter number (1-256)>
Displays the Network Filter Configuration Menu. To view menu options see page 352.
rmap <route map number (1-32)>
Displays the Route Map Menu. To view menu options see page 353.
rip
Displays the Routing Interface Protocol Menu. To view menu options, see page 357.

342 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-60 Layer 3 Configuration Menu Options (/cfg/l3)


Command Syntax and Usage
ospf
Displays the OSPF Menu. To view menu options, see page 361.
bgp
Displays the Border Gateway Protocol Menu. To view menu options, see page 371.
port <port number>
Displays the IP Port Menu. To view menu options, see page 378.
dns
Displays the IP Domain Name System Menu. To view menu options, see page 379.
bootp
Displays the Bootstrap Protocol Menu. To view menu options, see page 380.
vrrp
Displays Virtual Router Redundancy Protocol Menu. To view menu options, see page 381.
rtrid <IP address (such as, 192.4.17.101)>
Defines the router ID.
metrc strict|roundrobin
Sets the default gateway metric for strict or roundrobin. The default gateway metric is
strict. For more information on gateway metrics, see page 396.
cur
Displays the current IP configuration.

Chapter 6: The Configuration Menu „ 343


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/if <interface number>


IP Interface Configuration
[IP Interface 1 Menu]
ip6nd - IP6 Neighbor Discovery Menu
ipver - Set IP version
addr - Set IP address
mask - Set subnet mask/prefix len
vlan - Set VLAN number
relay - Enable/disable BOOTP relay
ena - Enable IP interface
dis - Disable IP interface
del - Delete IP interface
cur - Display current interface configuration

The Nortel Application Switch can be configured with up to 256 IP interfaces. Each IP interface
represents the Nortel Application Switch on an IP subnet on your network. The Interface option is
disabled by default.

Table 6-61 IP Interface Menu Options (/cfg/l3/if)

Command Syntax and Usage

ip6nd
Opens the IPv6 Neighbor Discovery menu This menu is used to enable or disable the sending of
IPv6 Router Advertisement packets from this interface. For more information on this topic, refer
to page 345.

ipver <IP version (v4 or v6)>


Set the IP version.

addr <IP address (such as 192.4.17.101 for IPv4 or 3001::abcd:5678 for IPv6)>
Configures the IP address of the switch interface using dotted decimal notation for IPv4 and colon
notation for IPv6.

mask <IP subnet mask for IPv4 or prefix length for IPv6 (such as 255.255.255.0 for IPv4 or 64 for
IPv6)>
Configures the IP subnet address mask for the interface using dotted decimal notation for IPv4 or
prefix length for IPv6.

vlan <VLAN number (1-4090)>


Configures the VLAN number for this interface. Each interface can belong to one VLAN, though
any VLAN can have multiple IP interfaces in it.

relay disable|enable
Enables or disables the BOOTP relay on this interface. It is enabled by default.

344 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-61 IP Interface Menu Options (/cfg/l3/if)

Command Syntax and Usage

ena
Enables this IP interface.

dis
Disables this IP interface.

del
Removes this IP interface.

cur
Displays the current interface settings.

/cfg/l3/if/ip6nd
IPv6 Neighbor Discovery Menu
[IP6 Neighbor Discovery Menu]
rtradv - Enable/disable router advertisement

This menu is used to configure the sending of IPv6 Neighbor Discovery router advertisements
from this interface.

Table 6-62 IPv6 Neighbor Discovery Menu Options

Command Syntax and Usage

rtradv disable | enable


Enables or disables the sending of IPv6 Neighbor Discovery router advertisements from
this interface.

Chapter 6: The Configuration Menu „ 345


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/gw <gateway number>


Default IP Gateway Configuration
[Default gateway 1 Menu]
ipver - Set IP version
addr - Set IP address
intr - Set interval between ping attempts
retry - Set number of failed attempts to declare gateway DOWN
vlan - Set VLAN number
prio - Set priority of default gateway route
arp - Enable/disable ARP only health checks
ena - Enable default gateway
dis - Disable default gateway
del - Delete default gateway
cur - Display current default gateway configuration

NOTE – The switch can be configured with up to 255 gateways. Gateways one to four are
reserved for default gateway load balancing. Gateways five to 259 are used for load-balancing
of VLAN-based gateways.

This option is disabled by default.

Table 6-63 Default Gateway Options (/cfg/l3/gw)

Command Syntax and Usage

ipver <IP version (v4 or v6)>


Set the IP version.

addr <default gateway address (such as, 192.4.17.44 for IPv4 or 3001::abcd:1234 for IPv6)>
Configures the IP address of the default IP gateway using dotted decimal notation for IPv4 and
colon notation for IPv6.

intr <0-60 seconds>


The switch pings the default gateway to verify that it’s up. The intr option sets the time between
health checks. The range is from 1 to 120 seconds. The default is 2 seconds.

retry <number of attempts (1-120)>


Sets the number of failed health check attempts required before declaring this default gateway
inoperative. The range is from 1 to 120 attempts. The default is 8 attempts.

vlan <VLAN number (1-4090)>


Sets the VLAN to be assigned to this default IP gateway.

346 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-63 Default Gateway Options (/cfg/l3/gw)

Command Syntax and Usage

prio <high|low>
Allows you to change the priority of the default gateway route to either high or low, relative to
learned default routes. If you set the priority to high, then the default gateway route will always
be preferred over learned default routes (such as from OSPF, BGP, or RIP protocols). If you set the
priority to low, then learned default routes will always be preferred over the default gateway
route.

NOTE – By default learned default route has higher priority than the configured default
gateway route.

arp disable|enable
Enables or disables Address Resolution Protocol (ARP) health checks. This command is disabled
by default.

ena
Enables the gateway for use.

dis
Disables the gateway.

del
Deletes the gateway from the configuration.

cur
Displays the current gateway settings.

Default Gateway Metrics


For information about configuring which gateway is selected when multiple default gateways
are enabled, see page 396.

Chapter 6: The Configuration Menu „ 347


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/route
IP Static Route Configuration
[IP Static Route Menu]
add - Add static route
rem - Remove static route
cur - Display current static routes

Up to 128 static routes can be configured.

Table 6-64 IP Static Route Configuration Menu Options (cfg/l3/route)

Command Syntax and Usage

add <destination> <mask> <gateway> [interface number]


Adds a static route. You will be prompted to enter a destination IP address, destination subnet
mask, and gateway address. Enter all addresses using dotted decimal notation. If a gateway address
is 0.0.0.0., the route becomes a black hole route, where any packet routed to this destination will be
dropped.

rem <destination> <mask>


Removes a static route. The destination address of the route to remove must be specified using dot-
ted decimal notation.

cur
Displays the current IP static routes.

/cfg/l3/arp
ARP Configuration Menu
Address Resolution Protocol (ARP) is the TCP/IP protocol that resides within the Internet
layer. ARP resolves a physical address from an IP address. ARP queries machines on the local
network for their physical addresses. ARP also maintains IP to physical address pairs in its
cache memory. In any IP communication, the ARP cache is consulted to see if the IP address of
the computer or the router is present in the ARP cache. Then the corresponding physical
address is used to send a packet.

[ARP Menu]
static - Static ARP Menu
rearp - Set re-ARP period in minutes
cur - Display current ARP configuration

348 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-65 ARP Configuration Menu Options (/cfg/l3/arp)


Command Syntax and Usage
static
Displays Static ARP menu. To view options, see page 349.
rearp <2-120 minutes>
Defines re-ARP period in minutes. You can set this duration between two and 120 minutes.
cur
Displays the current ARP configurations.

/cfg/l3/arp/static
ARP Static Configuration Menu
Static ARP entries are permanent in the ARP cache and do not age out like the ARP entries that
are learnt dynamically. Static ARP entries enable the switch to reach the hosts without sending
an ARP broadcast request to the network. Static ARPs are also useful to communicate with
devices that do not respond to ARP requests. Static ARPs can also be configured on some gate-
ways as a protection against malicious ARP Cache corruption and possible DOS attacks.

NOTE – Nortel Application Switch Operating System 21.0 and above allows the static ARP
configuration to be retained over reboots. Nortel Application Switch Operating System 20.x
and below allow the user to configure the ARP information but that information cannot be
retained over a switch reboot.

[Static ARP Menu]


add - Add a permanent ARP entry
del - Delete an ARP entry
cur - Display current static ARP configuration

Table 6-66 ARP Static Configuration Menu Options (/cfg/l3/arp/static)

Command Syntax and Usage

add <IP address> <MAC address> <VLAN number> <port number>


Adds a permanent ARP entry.

del <IP address (such as, 192.4.17.101)>


Deletes a permanent ARP entry.

cur
Displays current static ARP configuration.

Chapter 6: The Configuration Menu „ 349


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/frwd
IP Forwarding Configuration Menu
[IP Forwarding Menu]
local - Local network definition for route caching menu
dirbr - Enable or disable forwarding directed broadcasts
on - Globally turn IP Forwarding ON
off - Globally turn IP Forwarding OFF
cur - Display current IP Forwarding configuration

Table 6-67 IP Forwarding Configuration Menu Options (/cfg/l3/frwd)

Command Syntax and Usage

local
Displays the menu used to define local network for route caching. Up to five local networks (lnets)
can be configured. To view menu options, see page 350.

dirbr disable|enable
Enables or disables forwarding directed broadcasts. This command is disabled by default.

on
Enables IP forwarding (routing) on the Nortel Application Switch.

off
Disables IP forwarding (routing) on the Nortel Application Switch. Forwarding is turned on by
default.

cur
Displays the current IP forwarding settings.

/cfg/l3/frwd/local
Local Network Route Caching Definition
This menu is used for adding local networks by setting the local network address and netmask
for the route cache, and to remove local networks.

[IP Local Networks Menu]


add - Add local network definition
rem - Remove local network definition
cur - Display current local network definitions

350 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 2 IP Local Networks Menu Options (/cfg/l3/frwd/local)

Command Syntax and Usage

add <local network address> <local network mask>


Adds a definition for a local network. For details, see “Defining IP Address Ranges for the Local
Route Cache” on page 351.

rem <local network address> <local network mask>


Removes a definition for a local network.

cur
Displays the current local network definitions.

Defining IP Address Ranges for the Local Route Cache


The Local Route Cache lets you use switch resources more efficiently, by reducing the size of
the ARP table on the Nortel Application Switch. The /cfg/l3/frwd/local/add parame-
ters define a range of addresses that will be cached on the Nortel Application Switch. The local
network address is used to define the base IP address in the range which will be cached, and
the local network mask is the mask which is applied to produce the range. To determine if a
route should be added to the memory cache, the destination address is masked (bitwise and)
with the local network mask and checked against the local network address.

By default, the local network address and mask are both set to 0.0.0.0. This produces a range
that includes all Internet addresses for route caching: 0.0.0.0 through 255.255.255.255.

Addresses to be cached are subnets that are directly connected and for which there is an inter-
face configured on the Nortel Application Switch. To limit the route cache to your local hosts,
you could configure the parameters as shown in the examples in the following table.

Table 6-68 Local Routing Cache Address Ranges


Local Host Address Range Address Mask
0.0.0.0 - 127.255.255.255 0.0.0.0 128.0.0.0
128.0.0.0 - 255.255.255.255 128.0.0.0 128.0.0.0
205.32.0.0 - 205.32.255.255 205.32.0.0 255.255.0.0

NOTE – All addresses that fall outside the defined range are forwarded to the default gateway.
The default gateways must be within range.

Chapter 6: The Configuration Menu „ 351


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/nwf
Network Filter Configuration
[IP Network Filter 1 Menu]
addr - IP Address
mask - IP Subnet mask
enable - Enable Network Filter
disable - Disable Network Filter
delete - Delete Network Filter
cur - Display current Network Filter configuration

Table 6-69 IP Network Filter Menu Options (/cfg/l3/nwf)

Command Syntax and Usage

addr <IP address (such as, 192.4.17.44)>


Sets the starting IP address for this filter. The default address is 0.0.0.0.

mask <IP4 subnet mask (such as, 255.255.255.0)> | <IP6 mask prefix len (eg, 64)>
Sets the IP subnet mask that is used with /cfg/l3/nwf/addr to define the range of IP
addresses that will be accepted by the peer when the filter is enabled. The default value is 0.0.0.0.
For Border Gateway Protocol (BGP), assign the network filter to a route map, then assign the route
map to the peer.

enable
Enables the Network Filter configuration.

disable
Disables the Network Filter configuration.

delete
Deletes the Network Filter configuration.

cur
Displays the current the Network Filter configuration. For example:
Current Network Filter 1:
addr 0.0.0.0, mask 0.0.0.0, disabled

352 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/rmap <route map number>


Route Map Configuration Menu
Route maps control and modify routing information.

NOTE – The map number (1-32) represents the routing map you wish to configure.

[IP Route Map 1 Menu]


alist - Access List number
aspath - AS Filter Menu
ap - Set as-path prepend of the matched route
lp - Set local-preference of the matched route
metric - Set metric of the matched route
type - Set OSPF metric-type of the matched route
prec - Set the precedence of this route map
weight - Set weight of the matched route
enable - Enable route map
disable - Disable route map
delete - Delete route map
cur - Display current route map configuration

Table 6-70 Routing Map Menu Options (/cfg/l3/rmap)

Command Syntax and Usage

alist <number (1-8)>


Displays the Access List menu. For more information, see page 355.

aspath <number (1-8)>


Displays the Autonomous System (AS) Filter menu. For more information, see page 356.

ap <AS number> [<AS number>] [<AS number>]|none


Sets the AS path preference of the matched route. One to three path preferences can be configured.

lp <(value 0-4294967294)>|none
Sets the local preference of the matched route, which affects both inbound and outbound direc-
tions. The path with the higher preference is preferred.

metric <(value 0-4294967294)>|none


Sets the metric of the matched route.

Chapter 6: The Configuration Menu „ 353


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-70 Routing Map Menu Options (/cfg/l3/rmap) (Continued)

Command Syntax and Usage

type <value (1|2)>|none


Assigns the type of OSPF metric. The default is type 1.
„ Type 1—External routes are calculated using both internal and external metrics.
„ Type 2—External routes are calculated using only the external metrics. Type 2 routes have
more cost than Type 2.
„ none—Removes the OSPF metric.

prec <value (1-255)>


Sets the precedence of the route map. The smaller the value, the higher the precedence. Default
value is 10.

weight <value (0-65534)>|none


Sets the weight of the route map.

enable
Enables the route map.

disable
Disables the route map.

delete
Deletes the route map.

cur
Displays the current route configuration.

354 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/rmap <route map number/alist


<access list number>
IP Access List Configuration Menu

NOTE – The route map number (1-32) and the access list number (1-8) represent the IP access
list you wish to configure.

[IP Access List 1 Menu]


nwf - Network Filter number
metric - Metric
action - Set Network Filter action
enable - Enable Access List
disable - Disable Access List
delete - Delete Access List
cur - Display current Access List configuration

Table 6-71 IP Access List Menu Options (/cfg/l3/rmap/alist)

Command Syntax and Usage

nwf <network filter number (1-256)>


Sets the network filter number. See “/cfg/l3/nwf” on page 352 for details.

metric <(1-4294967294)>|none
Sets the metric value in the AS-External (ASE) LSA.

action permit|deny or p|d


Permits or denies action for the access list.

enable
Enables the access list.

disable
Disables the access list.

delete
Deletes the access list.

cur
Displays the current Access List configuration.

Chapter 6: The Configuration Menu „ 355


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/rmap <route map number> aspath


<autonomous system path>
Autonomous System Filter Path

NOTE – The rmap number (1-32) and the path number (1-8) represent the AS path you wish to
configure.

[AS Filter 1 Menu]


as - AS number
action - Set AS Filter action
enable - Enable AS Filter
disable - Disable AS Filter
delete - Delete AS Filter
cur - Display current AS Filter configuration

Table 6-72 AS Filter Menu Options (/cfg/l3/rmap/aspath)

Command Syntax and Usage

as <AS number (1-65535)>


Sets the Autonomous System filter’s path number.

action permit|deny or p|d


Permits or denies Autonomous System filter action.

enable
Enables the Autonomous System filter.

disable
Disables the Autonomous System filter.

delete
Deletes the Autonomous System filter.

cur
Displays the current Autonomous System filter configuration.

356 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/rip
Routing Information Protocol Configuration
The Routing Information Protocol (RIP) is an interior gateway protocol (IGP). RIP is one of a
class of algorithms known as distance vector algorithms. The distance or hop count is used as
the metric to determine the best path to a remote network or host where the hop count does not
exceed 15 hops assuming a cost of one for each network. RIP uses broadcast User Datagram
protocol (UDP) data packets to exchange routing information.

RIP sends routing information updates every 30 seconds. This update contains known net-
works and the distances (hop count) associated with each one. For RIP1, no mask information
is exchanged; the natural mask is always applied by the router receiving the update. For RIP2,
mask information is sent. There are two timers associated with each route: a timeout
and garbage-collection timer. Upon expiration of the timeout timer, the route is no longer valid
but it is retained in the routing table for a short time so that neighbors can be notified that the
route has been dropped. Upon expiration of the garbage-collection timer, the route is finally
removed from the routing table. The timeout timer is set for 180 seconds and the garbage-col-
lection timer is set for 120 seconds by default.

The menu below is used for configuring globally Routing Information Protocol parameters.
The Routing Information Protocol is turned off by default.

[Routing Information Protocol Menu]


if - RIP Interface Menu
update - Set update period in seconds
vip - Enable/disable vip advertisement
statc - Enable/disable static routes advertisement
on - Globally turn RIP ON
off - Globally turn RIP OFF
current - Display current RIP configuration

Table 6-73 Routing Information Protocol Menu (/cfg/l3/rip)

Command Syntax and Usage

if <Interface Number (1-256)>


Go to the RIP Interface menu. See page 359.

update <update period (1-120 seconds)>


Sets the RIP update period in seconds. It is set at 30 seconds by default.

Chapter 6: The Configuration Menu „ 357


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

Table 6-73 Routing Information Protocol Menu (/cfg/l3/rip)

Command Syntax and Usage

vip disable|enable
Enables or disables the advertisement of virtual IP addresses as Host Routes. If a VIP route exists
in a routing table, it will always be advertised except when it is included in another network route
that is already being advertised.
Note: If all real servers behind a VIP go down, the route gets removed from the routing table, and
will not be advertised. If we disable all the real servers using operation command, the VIP route
does not get eliminated from the routing table, and the switch will continue to advertise the route.

statc disable|enable
Enables or disables the advertisement of static routes.

on
Globally turns RIP ON.

off
Globally turns RIP OFF.

cur
Displays the current RIP configuration.

358 „ Chapter 6: The Configuration Menu


320506-A, January 2006
Nortel Application Switch Operating System 23.0.2 Command Reference

/cfg/l3/rip/if
RIP Interface Menu
[RIP Interface 1 Menu]