Manual Del Comando de Referencia 3com

3Com Switch 4200G Family
Command Reference Guide

Switch 4200G 12-Port
www.3Com.com
Part Number: 10014916 Rev. AD
Published: April, 2007
3Com Corporation
350 Campus Drive
Marlborough, MA
USA 01752-3064
Copyright 2006-2007, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any
form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without
written permission from 3Com Corporation.
3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time
without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or
expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality,
and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s)
described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license agreement
included with the product as a separate document, in the hard copy documentation, or on the removable media in a
directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will
be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are provided to
you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense. Software is
delivered as Commercial Computer Software as defined in DFARS 252.227-7014 (June 1995) or as a commercial item
as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Coms standard commercial
license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or
FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided
on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered
in other countries.
3Com and the 3Com logo are registered trademarks of 3Com Corporation.
Cisco is a registered trademark of Cisco Systems, Inc.
Funk RADIUS is a registered trademark of Funk Software, Inc.
Aegis is a registered trademark of Aegis Group PLC.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are
registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a
registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd.
IEEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers, Inc.
All other company and product names may be trademarks of the respective companies with which they are associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed
to:
Establishing environmental performance standards that comply with national legislation and regulations.
Conserving energy, materials and natural resources in all operations.
Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards.
Maximizing the recyclable and reusable content of all products.
Ensuring that all products can be recycled, reused and disposed of safely.
Ensuring that all products are labelled according to recognized environmental standards.
Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
CONTENTS
ABOUT THIS GUIDE
About This Software Version 3
Organization of the Manual 3
Intended Readership 3
Conventions
3
Related Manuals 4
Alphebetical Listing of Commands
ALPHABETICAL LISTING OF COMMANDS

COMMANDS
Commands
13
NUMERICSCOMMANDS BY FUNCTION
Commands by Function
845
CONTENTS
ABOUT THIS GUIDE
This guide describes the command line interface (CLI) configuration commands
used to control the 3Com Switch 4200G Family of switches.
About This Software

Version
The software in the 3Com Switch 4200G Family is a subset of that used in some
other 3Com products. Depending on the capabilities of your hardware platform,
some commands described in this guide may not be available on your Switch,
although the unavailable commands may still display on the command line
interface (CLI). If you try to use an unavailable command, an error message
displays.
CAUTION: Any command that displays on the CLI, but is not described in this
guide, is not supported in Version #.# software. 3Com only supports the
commands described in this guide. Other commands may result in the loss of data,
and are entered at the users risk.
Organization of the
Manual
The 3Com Switch 4200G Family Command Reference Guide list all commands in
alphabetical order. A index of commands organized by function is provided at the
end of this document.
Intended Readership
The manual is intended for the following readers:
Conventions
Network administrators
Network engineers
Users who are familiar with the basics of networking
This manual uses the following conventions:

Table 1 Icons
Icon
Notice Type
Description
Information note
Information that describes important features or instructions.
Caution
Information that alerts you to potential loss of data or

potential damage to an application, system, or device.
Warning
Information that alerts you to potential personal injury.

Command Reference
Table 2 Text conventions

Convention
Description
Screen displays This typeface represents text as it appears on the screen.

Keyboard key names If you must press two or more keys simultaneously, the key names are
linked with a plus sign (+), for example:
Press Ctrl+Alt+Del
The words enter
and type
When you see the word enter in this guide, you must type something,
and then press Return or Enter. Do not press Return or Enter when an
instruction simply says type.
Fixed command
text
This typeface indicates the fixed part of a command text. You must type
the command, or this part of the command, exactly as shown, and press
Return or Enter when you are ready to enter the command.
Example: The command display history-command must be entered
exactly as shown.
Variable
command text
This typeface indicates the variable part of a command text. You must type
a value here, and press Return or Enter when you are ready to enter the
command.
Example: in the command super level, a value in the range 0 to 3 must
be entered in the position indicated by level
{ x | y | ... }
Alternative items, one of which must be entered, are grouped in braces

and separated by vertical bars. You must select and enter one of the items.
Example: in the command flow-control {hardware | none |
software}, the braces and the vertical bars combined indicate that you
must enter one of the parameters. Enter either hardware, or none, or
software.
[]
Items shown in square brackets [ ] are optional.

Example 1: in the command display users [all], the square brackets
indicate that the parameter all is optional. You can enter the command
with or without this parameter.
Example 2: in the command user-interface [type] first-number
[last-number] the square brackets indicate that the parameters [type]
and [last-number] are both optional. You can enter a value in place of
one, both or neither of these parameters.
Alternative items, one of which can optionally be entered, are grouped in
square brackets and separated by vertical bars.
Example 3: in the command header [shell | incoming | login]
text, the square brackets indicate that the parameters shell,
incoming and login are all optional. The vertical bars indicate that only
one of the parameters is allowed.
Related Manuals
The 3Com Switch 4200G Family Getting Started Guide provides information about
installation.
The 3Com Switch 4200G Family Configuration Guide provides information about
configuring your network using the commands described in this guide.
ALPHABETICAL LISTING OF
COMMANDS
Alphebetical Listing of
Commands
This section lists all commands in alphabetical order.
access-limit 14
accounting 15
accounting domain 16
accounting-on enable 17
accounting optional 19
acl 21
acl 22
active region-configuration 24
add-member 25
address-check 26
administrator-address 27
am user-bind 28
apply qos-profile 29
apply qos-profile interface 30
arp check enable 31
arp static 32
arp timer aging 34
ascii 35
attribute 36
authentication 38
authentication-mode 40
authorization 42
auto-build 43
auto-execute command 44
binary 45
black-list add-mac 46
black-list delete-mac 47
boot attribute-switch 48
boot boot-loader 49
boot boot-loader 50
boot boot-loader backup-attribute 51
boot bootrom 52
boot web-package 53
broadcast-suppression 54
build 55
bye 56
bye 57
cd 58
cd 59
cd 60
cdup 61
cdup 62
check region-configuration 63
clock datetime 65
clock summer-time 66
clock timezone 68
close 69
cluster 70
cluster enable 71
cluster-local-user 72
cluster-mac 73
cluster-mac syn-interval 74
cluster-snmp-agent community 75
cluster-snmp-agent group v3 77
cluster-snmp-agent mib-view included 79
cluster-snmp-agent usm-user v3 81
cluster switch-to 83
cluster switch-to sysname 84
command-privilege level 86
copy 87
copy configuration 88
cut connection 89
data-flow-format 91
databits 93
debugging 94
debugging 95
debugging arp packet 96
debugging dhcp client 97
debugging dhcp-relay 98
debugging DLDP 100
debugging ntp-service 101
debugging radius 102
debugging snmp-agent 103
debugging udp-helper 104
delete 105
delete 107
delete 108
6 Alphebetical Listing of Commands
delete-member 109
delete static-routes all 110
description 111
description 112
description 113
description 114
dhcp relay information enable 115
dhcp relay information strategy 116
dhcp-security static 117
dhcp-server 118
dhcp-server ip 119
dir 120
dir 122
dir 124
disconnect 125
display acl 126
display am user-bind 127
display arp 128
display arp count 130
display arp timer aging 131
display boot-loader 132
display bootp client 134
display brief interface 135
display channel 137
display clock 138
display cluster 139
display cluster base-topology 141
display cluster black-list 142
display cluster candidates 143
display cluster current-topology 145
display cluster members 147
display connection 149
display cpu 151
display current-configuration 152
display debugging 156
display debugging habp 157
display device 158
display dhcp client 159
display dhcp-security 160
display dhcp-server 161
display dhcp-server interface
vlan-interface 163
display dhcp-snooping 164
display dhcp-snooping trust 166
display diagnostic-information 168

Command Reference
display domain 169

display dot1x 171
display fib 175
display ftp-server 176
display ftp-user 177
display garp statistics 178
display garp timer 179
display gvrp statistics 180
display gvrp status 181
display habp 182
display habp table 183
display habp traffic 184
display history-command 185
display icmp statistics 186
display igmp-snooping configuration 188
display igmp-snooping group 189
display igmp-snooping statistics 190
display info-center 191
display interface 193
display interface VLAN-interface
196
display ip host 197
display ip interface vlan-interface
198
display ip routing-table 200
display ip routing-table acl 201
display ip routing-table ip-address
204
display ip routing-table ip-address1
ip-address2 208
display ip routing-table ip-prefix
210
display ip routing-table protocol 213
display ip routing-table radix 215
display ip routing-table statistics
216
display ip routing-table verbose 217
display ip socket 218
display ip statistics 220
display isolate port 222
display lacp system-id 223
display link-aggregation interface
224
display link-aggregation summary
226
display link-aggregation verbose
227

Command Reference
Alphebetical Listing of Commands 7
display local-server statistics 229

display local-user 230
display logbuffer 232
display logbuffer summary 234
display-loopback-detection 235
display mac-address 236
display mac-address aging-time 238
display mac-address multicast static
239
display mac-address security 240
display mac-authentication 241
display memory 243
display mirroring-group 244
display ndp 246
display ntdp 249
display ntdp device-list 250
display ntdp single-device mac-address 251
display ntp-service sessions 253
display ntp-service status 255
display ntp-service trace 256
display packet-filter 257
display port 258
display port-security 259
display port vlan-vpn 261
display protocol-priority 262
display qos cos-drop-precedence-map 263
display qos cos-dscp-map 264
display qos cos-local-precedence-map 265
display qos dscp-cos-map 266
display qos dscp-drop-precedence-map 267
display qos dscp-dscp-map 268
display qos dscp-local-precedence-map 269
display qos-interface all 270
display qos-interface priority-trust
272
display qos-interface traffic-limit
273
display qos-interface traffic-shape
274
display qos-interface traffic-statistic
275
display qos-profile 276
display queue-scheduler 277
display radius 278

display radius statistics 280
display rmon alarm 282
display rmon event 283
display rmon eventlog 284
display rmon history 285
display rmon prialarm 286
display rmon statistics 287
display rsa local-key-pair public 288
display rsa peer-public-key 289
display saved-configuration 290
display schedule reboot 292
display snmp-agent 293
display snmp-agent community 294
display snmp-agent group 295
display snmp-agent mib-view 296
display snmp-agent statistics 298
display snmp-agent sys-info 300
display snmp-agent trap-list 301
display snmp-agent usm-user 302
display ssh server 303
display ssh server-info 304
display ssh user-information 305
display startup 306
display stop-accounting-buffer 307
display stp 309
display stp region-configuration 311
display tcp statistics 312
display tcp status 314
display this 315
display time-range 316
display trapbuffer 318
display udp-helper server 319
display user-interface 320
display users 322
display users 323
display version 324
display vlan 325
display vlan 326
display voice vlan oui 328
display voice vlan status 329
domain 330
dot1x 332
dot1x authentication-method 334
dot1x dhcp-launch 335
dot1x guest-vlan 336
dot1x max-user 338
dot1x port-control 340
dot1x port-method 342

dot1x quiet-period 344
dot1x retry 345
dot1x retry-version-max 346
dot1x timer 347
dot1x version-check 349
duplex 351
enable snmp trap updown 352
end-station polling ip-address 353
execute 354
exit 355
file prompt 356
flow-control 357
format 358
free user-interface 359
free web-users 360
ftp 361
ftp cluster 362
ftp server 363
ftp server enable 364
ftp timeout 365
garp timer 366
garp timer leaveall 368
get 369
get 370
gratuitous-arp learning enable 371
gvrp 372
gvrp registration 373
habp enable 374
habp server vlan 375
habp timer 376
header 377
help 379
history-command max-size 380
holdtime 381
idle-cut 382
idle-timeout 383
igmp host-join vlan 384
igmp-snooping 385
igmp-snooping fast-leave 386
igmp-snooping group-limit 387
igmp-snooping group-policy 388
igmp-snooping host-aging-time 390
igmp-snooping max-response-time
391
igmp-snooping router-aging-time
392
info-center channel name 393

Command Reference
info-center console channel 394

info-center enable 395
info-center logbuffer 396
info-center monitor channel 397
info-center snmp channel 398
info-center source 399
info-center synchronous 403
info-center timestamp 404
info-center trapbuffer 405
instance 406
interface 408
interface VLAN-interface 409
ip address 410
ip address bootp-alloc 411
ip address dhcp-alloc 412
ip host 413
ip http acl 414
ip-pool 415
ip route-static 416
ip route-static 418
jumboframe enable 420
key 421
lacp enable 423
lacp port-priority 424
lacp system-priority 425
language-mode 426
lcd 427
level 428
link-aggregation group description
429
link-aggregation group mode 430
local-server 431
local-user 433
local-user password-display mode
435
lock 436
logging-host 437
loopback-detection control enable
438
loopback-detection enable 439
loopback-detection interval-time
441
loopback-detection per-vlan enable
442
ls 443
ls 444
mac-address 445
mac-address max-mac-count 447

Command Reference
mac-address max-mac-count 0 448

mac-address multicast interface vlan
449
mac-address multicast vlan 450
mac-address security 451
mac-address timer 452
mac-authentication 453
mac-authentication authmode 455
mac-authentication authpassword
456
mac-authentication authusername
457
mac-authentication domain 458
mac-authentication timer 459
management-vlan 460
management-vlan synchronization
enable 461
mdi 462
messenger 463
mirroring group 464
mirroring-group mirroring-port 465
mirroring-group reflector-port 466
mirroring-group remote-probe vlan
467
mirroring-port 468
mkdir 469
mkdir 470
mkdir 471
monitor-port 472
more 473
move 474
name 475
name 476
nas-ip 477
ndp enable 478
ndp timer aging 479
ndp timer hello 480
nm-interface vlan-interface 481
ntdp enable 482
ntdp explore 483
ntdp hop 484
ntdp timer 485
ntdp timer hop-delay 486
ntdp timer port-delay 487
ntp-service access 488
ntp-service authentication enable
490
ntp-service authentication-keyid
491
ntp-service broadcast-client 492
ntp-service broadcast-server 493
ntp-service in-interface disable 494
ntp-service max-dynamic sessions
495
ntp-service multicast-client 496
ntp-service multicast-server 497
ntp-service reliable authentication-keyid 498
ntp-service source-interface 499
ntp-service unicast-peer 500
ntp-service unicast-server 502
open 504
packet-filter 505
packet-filter 506
parity 507
passive 508
password 509
password 510
peer-public-key end 511
ping 512
port 515
port access vlan 516
port hybrid pvid vlan 517
port hybrid vlan 518
port isolate 519
port link-aggregation group 520
port link-type 521
port-security enable 522
port-security intrusion-mode 523
port-security max-mac-count 525
port-security ntk-mode 527
port-security OUI 529
port-security port-mode 530
port-security timer disableport 533
port-security trap 534
port trunk pvid vlan 536
port trunk permit vlan 537
primary accounting 538
primary authentication 540
priority 542
priority trust 543
protocol inbound 545
protocol-priority protocol-type 547
public-key-code begin 548
public-key-code end 550

put 552
put 553
pwd 554
pwd 555
pwd 556
qos cos-drop-precedence-map 557
qos cos-dscp-map 559
qos cos-local-precedence-map 561
qos dscp-cos-map 563
qos dscp-drop-precedence-map 565
qos dscp-dscp-map 567
qos dscp-local-precedence-map 569
qos-profile 571
qos-profile port-based 572
queue-scheduler 573
quit 575
quit 576
quit 577
quit 578
radius nas-ip 579
radius-scheme 580
radius scheme 581
radius trap 583
reboot 584
reboot member 585
region-name 586
remote-probe vlan 587
remotehelp 588
remove 589
rename 590
rename 591
rename 592
reset arp 593
reset counters interface 594
reset dot1x statistics 595
reset garp statistics 596
reset igmp-snooping statistics 597
reset ip statistics 598
reset logbuffer 599
reset ndp statistics 600
reset radius statistics 601
reset recycle-bin 602
reset saved-configuration 603
reset stop-accounting-buffer 605
reset stp 607
reset tcp statistics 608

Command Reference
reset traffic-limit 609

reset traffic-statistic 610
reset trapbuffer 611
retry 612
retry realtime-accounting 613
retry stop-accounting 615
return 616
revision-level 617
rmdir 618
rmdir 619
rmdir 620
rmon alarm 621
rmon event 623
rmon history 624
rmon prialarm 625
rmon statistics 628
rsa local-key-pair create 629
rsa local-key-pair destroy 631
rsa peer-public-key 632
rule (Advanced ACL) 634
rule (Basic ACL) 638
rule comment 640
rule (Layer 2 ACL) 641
save 643
schedule reboot at 645
schedule reboot delay 647
scheme 648
screen-length 650
secondary accounting 651
secondary authentication 652
security-policy-server 653
self-service-url 654
send 656
server-type 657
service-type 658
service-type 660
service-type multicast 662
set authentication password 663
sftp 664
sftp server enable 666
sftp time-out 667
shell 668
shutdown 669
shutdown 670
smarton 671
smarton password 672
smarton switchid 673

Command Reference
smarton timer 674

snmp-agent 675
snmp-agent community 676
snmp-agent group 678
snmp-agent local-engineid 682
snmp-agent log 683
snmp-agent mib-view 684
snmp-agent packet max-size 685
snmp-agent sys-info 686
snmp-agent target-host 687
snmp-agent trap enable 689
snmp-agent trap life 691
snmp-agent trap queue-size 692
snmp-agent trap source 693
snmp-agent usm-user 694
snmp-host 702
speed 703
speed 704
ssh client assign rsa-key 705
ssh client first-time enable 706
ssh server authentication-retries 707
ssh server timeout 708
ssh user assign rsa-key 709
ssh user authentication-type 710
ssh user service-type 712
ssh2 713
startup bootrom-access enable 715
startup saved-configuration 716
state 717
state 720
stop-accounting-buffer enable 722
stopbits 723
stp 724
stp bpdu-protection 725
stp bridge-diameter 726
stp config-digest-snooping 727
stp cost 729
stp edged-port 730
stp interface 732
stp interface config-digest-snooping
734
stp interface cost 736
stp interface edged-port 738
stp interface loop protection 740

stp interface mcheck 742
stp interface no-agreement-check
743
stp interface point-to-point 744
stp interface port priority 746
stp interface root-protection 748
stp interface transmit-limit 750
stp loop-protection 752
stp max-hops 753
stp mcheck 754
stp mode 755
stp no-agreement-check 756
stp pathcost-standard 757
stp point-to-point 759
stp port priority 761
stp priority 762
stp region-configuration 763
stp root primary 764
stp root-protection 766
stp root secondary 767
stp tc-protection 769
stp timer-factor 770
stp timer forward-delay 771
stp timer hello 773
stp timer max-age 774
stp transmit-limit 775
super 776
super password 778
sysname 780
sysname 781
system-view 782
tcp timer fin-timeout 783
tcp timer syn-timeout 784
tcp window 785
telnet 786
terminal debugging 787
terminal logging 789
terminal monitor 790
terminal trapping 791
tftp 792
tftp cluster get 793
tftp cluster put 794
tftp get 795
tftp put 796
tftp-server 797
tftp-server acl 798
time-range 799
timer 801
timer 802
timer quiet 803
timer realtime-accounting 804
timer response-timeout 806
topology accept 807
topology restore-from 808
topology save-to 809
tracemac 810
tracert 811
traffic-limit 813
traffic shape 815
traffic-statistic 816
udp-helper enable 817
udp-helper port 818
udp-helper server 819
undelete 820
user 821

Command Reference
user-interface 822
user-name-format 823
user privilege level 824
verbose 825
virtual-cable-test 826
vlan 828
vlan-assignment-mode 830
vlan-mapping modulo 832
vlan-vpn enable 834
vlan-vpn tpid 835
vlan-vpn tunnel 836
vlan-vpn uplink enable 837
voice vlan 838
voice vlan aging 839
voice vlan enable 840
voice vlan mac-address 841
voice vlan mode 842
voice vlan security enable 843
COMMANDS
Commands
The commands in this document are listed in alphabetical order.
14 access-limit

Command Reference
access-limit
Purpose
Use the access-limit command to set the maximum number of access users that
can be contained in current ISP domain.
Use the undo access-limit command to restore the default maximum number.
Syntax
access-limit { disable | enable max-user-number }

undo access-limit
Parameters
disable
Specifies not to limit the number of access users that

can be contained in current ISP domain.
If not specified, disable is selected by default.
enable max-user-number
Example
Specifies the maximum number of access users that

can be contained in current ISP domain. Valid values
are 1 to 1048.
To allow ISP domain aabbc.net to contain at most 500 access users, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G]domain aabbc.net
New Domain added.
[S4200G-isp-aabbcc.net] access-limit enable 500
View
This command can be used in the following views:
Description
ISP Domain view
This command limits the amount of supplicants contained in the current ISP domain.
Because resource contention may occur between access users, there is a need to
properly limit the number of access users in an ISP domain to provide reliable
performance to the users in the ISP domain.

Command Reference
accounting 15
accounting
Purpose
Use the accounting command to configure an accounting scheme for the current
ISP domain.
Use the undo accounting command to cancel the accounting scheme
configuration of the current ISP domain.
Syntax
accounting { none | radius-scheme radius-scheme-name }

undo accounting
Parameters
none
Specifies not to perform accounting.
radius-scheme-name
Name of a RADIUS scheme, consisting of a character

string no more than 32 characters long.
Default
By default, no accounting scheme is configured for the ISP domain.
Example
To specify radius as the RADIUS accounting scheme that will be referenced by

current ISP domain, enter the following:
[S4200G] domain aabbcc.net
New Domain added.
View
Description
ISP Domain view
When you use the accounting command to specify a RADIUS scheme for the
current ISP domain, the RADIUS scheme must already be defined.
If the accounting command is used in an ISP domain view, the system uses the
scheme specified in this command to charge the users. Otherwise, the system uses
the scheme specified in the scheme command to charge the users.
Related Command
scheme
radius scheme
16 accounting domain

Command Reference
accounting domain
Purpose
Use the accounting domain command to enable the DHCP accounting function.
Use the undo accounting domain command to disable the DHCP accounting
function.
Syntax
accounting domain domain-name

undo accounting domain
Parameters
domain-name
Example
Enter system view.
Name of a domain, consisting of a string from 1 to 24

characters long. (You can use the domain command to
create a domain.)
Enter DHCP address pool view.

[S4200G] dhcp server ip-pool test
Enable the DHCP accounting function (assuming that domain 123 already exists).
[S4200G-dhcp-pool-test] accounting domain 123
View
DHCP Address Pool view

Command Reference
accounting-on enable 17
accounting-on enable
Purpose
Use the accounting-on enable command to enable user re-authentication upon

device restart function.
Use the undo accounting-on enable command to disable user
re-authentication upon device restart function and restore the default interval and the
number of attempts to transmit the Accounting-On packet.
Use the undo accounting-on send command to restore the default maximum
number of attempts to transmit the Accounting-On packet.
Use the undo accounting-on interval command to restore the default
transmit of the Accounting-On packet.
Syntax
accounting-on enable [ send times | interval interval ]

undo accounting-on { enable | send | interval }
Parameters
times
Specifies the number of times to attempt sending the

Accounting-On packet, ranging from 1 to 256. If not
specified, the default is 15 times.
interval
Specifies the interval at which to send the

Accounting-On packet, ranging from 1 to 30 seconds.
If not specified, the default is 3 seconds.
Default
By default, this feature is disabled.
Example
To enable the user re-authentication upon device restart function for the RADIUS
scheme named CAMS, enter the following:
[S4200G] radius scheme CAMS
[S4200G-radius-CAMS] accounting-on enable
View
Description
RADIUS Scheme view
The purpose of this feature is to resolve the following problem: users cannot re-log
onto the network after the switch reboots because they are already online. After this
feature is enabled, every time the switch reboots:
The switch generates an Accounting-On packet, which mainly contains the

following information: NAS-ID, NAS-IP (source IP address), and session ID.
The switch sends the Accounting-On packet to the CAMS at regular intervals.
18 accounting-on enable

Command Reference
Once the CAMS receives the Accounting-On packet, it sends a response to the
switch. At the same time it finds and deletes the existing online information of the
user who was accessing the network through the switch before the reboot based
on the NAS-ID, NAS-IP and session ID contained in the Accounting-On packet, and
ends the charging of the user according to the last accounting update packet.
Once the switch receives the response from the CAMS, it stops sending other
Accounting-On packets.
If the switch has tried the set maximum times to transmit the Accounting-On
packet but still does not receive any response from the CAMS, it stops the sending
of the Accounting-On packet.
Note: The switch can automatically generate the main attributes (NAS-ID, NAS-IP and
session ID) of the Accounting-On packets. However, you can also manually configure
the NAS-IP attribute with the nas-ip command. When doing this, be sure to
configure a correct and valid IP address. If this attribute is not configured manually,
the switch will automatically select the IP address of the VLAN interface as the NAS-IP
address.
Related Command
nas-ip

Command Reference
accounting optional 19
accounting optional
Purpose
Use the accounting optional command to open the accounting-optional switch.

Use the undo accounting optional command to close the accounting-optional
switch.
Syntax
accounting optional
undo accounting optional
Parameters
None
Default
By default, the accounting-optional switch is closed.
Example
To open the accounting-optional switch for the ISP domain named aabbcc.net, enter
the following:
New Domain added.
[S4200G-isp-aabbcc.net] accounting optional
To open the accounting-optional switch for the RADIUS scheme radius1, enter the
following:
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] accounting optional
View
Description
ISP Domain view
RADIUS Scheme view
Note:
When the system charges an online user but it does not find any available RADIUS
accounting server or fails to communicate with any RADIUS accounting server, the
user can continue the access to network resources if the accounting
optional command has been used, otherwise the user is disconnected from the
system. The accounting optional command is often used in the cases
where only authentication is needed and no accounting is needed.
20 accounting optional

Command Reference
After the accounting optional command is used for a RADIUS scheme, the
system will no longer send real-time accounting update packets and
stop-accounting packets for any user in an ISP domain referencing the RADIUS
scheme.
This configuration takes effect only on the accounting using this RADIUS scheme.

Command Reference
acl 21
acl
Purpose
Use the acl command to reference ACL and implement the ACL control to the
TELNET users.
Use the undo acl command to remove the control from the TELNET users.
Syntax
acl acl-number { inbound | outbound }

undo acl { inbound | outbound }
Parameters
Example
acl-number
The number identifier of basic and advanced

number-based ACLs. Valid values are 2000 to 3999.
inbound
Performs ACL control to the users who access the local

Switch using TELNET.
outbound
Performs ACL control to the users who access other

Switches from the local Switch using TELNET.
Apply ACL 2000 to filter users Telneting to the current switch (assuming that ACL
2,000 already exists.).
[S4200G] user-interface vty 0 4
[S4200G-ui-vty0-4] acl 2000 inbound
View
User Interface view
22 acl

Command Reference
acl
Purpose
Use the acl command to define an ACL identified by a number, and enter the
corresponding ACL View.
Use the undo acl command to delete all entries of an ACL or to delete all ACLs.
Syntax
acl number acl-number [ match-order { config | auto } ]

undo acl { number acl-number | all }
Parameters
number acl-number
Specifies the number of an access control list (ACL) in

the range of:
2,000 to 2,999: identifies basic ACLs.
3,000 to 3,999: identifies advanced ACLs.
4,000 to 4,999: identifies layer 2 ACLs.
match-order
Specifies the match order for the ACL rules. The

match-order keyword is not available for the definition
of a Layer 2 ACL. Match orders include config and
auto.
config
Specifies to match ACL rules according to the

user-defined order.
auto
Specifies to match ACL rules according to the

"depth-first" order.
all
Specifies to delete all ACLs.
Default
By default, the ACLs are matched in config order.
Example
Define rules for ACL 2000, and specify "depth-first" order as the rule match order.
[S4200G] acl number 2000 match-order auto
[S4200G-acl-basic-2000]
View
Description
System view
After entering the corresponding ACL view, you can use the rule command to add
entries to the ACL.
An ACL supports the following types of match orders:

Command Reference
acl 23
Configured order: ACL rules are matched according to the configured order.
Automatic ordering: ACL rules are matched according to the "depth-first" order
The "depth-first" ordering of rules in IP ACLs (basic and advanced ACLs) is

implemented based on the lengths of the source IP address masks and the destination
IP address masks. The rule with the longest masks is first matched, and then comes
the rule with the second longest masks, and so on. In the ordering, the lengths of the
source IP address masks are compared first; if the source IP address masks have the
same length, the lengths of the destination IP address masks are compared. For
example, the rule of which the source IP address mask is 255.255.255.0 precedes the
rule of which the source IP address mask is 255.255.0.0 in the match order.
You can use the match-order keyword to specify whether to use the configured order
or "depth-first" order (rules with smaller ranges are matched first) to match rules. If
neither match orders are specified, the configured match order will be adopted.
You cannot modify the match order for an ACL once you have specified it, unless you
delete all the entries of the ACL.
The ACL match order feature is effective only when the ACL is referenced by software
for data filtering and traffic classification.
Related Command
rule
24 active region-configuration

Command Reference
active region-configuration
Purpose
Use the active region-configuration command to activate the settings of

an MST (multiple spanning tree) region.
Syntax
Parameters
None
Example
To activate the MST region settings, enter the following:

[S4200G] stp region-configuration
[S4200G-mst-region] active region-configuration
View
Description
MST Region view
This command causes the switch to operate with the new MST region settings, when
spanning trees are regenerated.
Changes of MST region parameters, especially those of the VLAN mapping tables, can
cause MSTP to recalculate the spanning trees, creating network topology jitters across
the network. To reduce network topology jitters caused by configuration changes,
MSTP does not recalculate the spanning trees immediately in response to region
configuration changes. Rather, MSTP brings the configurations into effect only after
you activate the new MST region settings or enable MSTP.
Related Commands
check region-configuration
instance
region-name
revision-level
vlan-mapping modulo

Command Reference
add-member 25
add-member
Purpose
Use the add-member command to add a candidate device to a cluster.
Syntax
add-member [ member-number] mac-address H-H-H [ password password ]
Parameters
member-number
Member number assigned to the candidate device to

be added to a cluster. This argument ranges from 1 to
256.
H-H-H
MAC address of the candidate device (in hexadecimal).
password
Password of the candidate device, a string comprising

1 to 256 characters. The password is required when
you add a candidate device to a cluster. However, this
argument is not needed if the candidate device is not
configured with a password.
Example
Add a candidate device to the cluster, setting the member number to 6. (Assume that
the MAC address and user password of the candidate device are 00E0-fc00-35e7 and
123456.)
<aaa_0.S4200G>system-view
[aaa_0.S4200G-cluster]
[aaa_0.S4200G-cluster] add-member 6 mac-address 00E0-fc00-35e7 password
123456
View
Description
Cluster view

You can add a candidate device to a cluster on the management device only.
If you do not specify the member number when adding a cluster member, the
management device assigns the least available member number to it.
After a candidate device is added to a cluster, its device password becomes the
management device password.
26 address-check

Command Reference
address-check
Purpose
Use the address-check command to enable or disable DHCP relay security on a

VLAN interface, so as to start or stop the validity check on user addresses under the
VLAN interface.
Syntax
address-check enable
address-check disable
Parameters
None
Default
By default, DHCP relay security is disabled on a VLAN interface.
Example
Enter system view.

Enter VLAN 1 interface view.

[S4200G] interface vlan-interface 1
Enable DHCP relay security on VLAN 1 interface.

[S4200G-Vlan-interface1] address-check enable
View
VLAN Interface view

Command Reference
administrator-address 27
administrator-address
Purpose
Use the administrator-address command to store the MAC address of the

management device on a member device.
Use the undo administrator-address command to remove a member from
the cluster, usually for debugging or restoration.
Syntax
administrator-address mac-address name name

undo administrator-address
Parameters
mac-address
MAC address of the management device.
name name
Name of an existing cluster consisting of no more than

8 characters, including only alphanumeric characters,
subtraction sign - and/or underline _
Default
By default, a switch is not in any cluster.
Example
Remove a member device from the cluster.

<S4200G>system-view
System View: return to User View with Ctrl+Z
[S4200G] cluster
[S4200G-cluster] undo administrator-address
View
Description
Cluster view
A cluster contains one (and only one) management device. After rebooting, a
member device identifies the management device by the MAC address of the
management device.
The recommended way to remove a cluster member from a cluster is to execute the
delete-member command on the management device.
28 am user-bind

Command Reference
am user-bind
Purpose
Use the am user-bind command to bind the MAC and IP addresses of a legal user
to a specified port.
Use the undo am user-bind command to cancel the binding.
Syntax
am user-bind mac-addr mac-address ip-addr ip-address

[ interface interface-type interface-number ]
undo am user-bind mac-addr mac-address ip-addr ip-address
[ interface interface-type interface-number ]
Parameters
Example
mac-address
MAC address to be bound.
ip-address
IP address to be bound.
interface-type
Type of the port to be bound to.
interface-number
Number of the port to be bound to.
Bind the legal user whose MAC address is 00e0-fc00-3900 and IP address is
10.153.1.1 to GigabitEthernet1/0/2 port.
[S4200G] am user-bind mac-addr 00e0-fc00-5100 ip-addr 10.153.1.1
interface GigabitEthernet1/0/2
View
Description
System view
Ethernet Port view
After a binding operation, only the valid user's packets can pass through the port.
You need to specify the bound port if you use this command in system view.
You do not need to specify the bound port if you use this command in Ethernet
port view, because the MAC and IP address will be bound to the current port.
You can bind up to 128 pairs of MAC and IP addresses on a unit. The system allows
only one binding operation for the same MAC address.

Command Reference
apply qos-profile 29
apply qos-profile
Purpose
Use the apply qos-profile command to manually apply the QoS profile to the
current port.
Use the undo apply qos-profile command to manually remove the QoS profile
from a port.
Syntax
apply qos-profile profile-name

undo apply qos-profile profile-name
Parameters
profile-name
Example
To apply the qos-profile named h3c on the current port manually, enter the following:
Specifies the QoS profile name, consisting of a string 1

to 32 characters long, starting with letters [a-z, A-Z]
and excluding the reserved keywords (for example; all,
interface, user, undo, user-based, and port-based)
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] apply qos-profile h3c
View
Description
Ethernet Port view
You cannot delete a QoS profile which has been applied to a port. Likewise a profile
has to be created before it can be assigned to a port.
30 apply qos-profile interface

Command Reference
apply qos-profile interface

Purpose
Use the apply qos-profile interface command to manually apply a QoS profile
to one or more consecutive ports.
Use the undo apply qos-profile command to manually remove the configuration
from one or more consecutive ports.
Syntax
apply qos-profile profile-name interface interface-type interface-num

[ to interface interface-type interface-num ]
undo apply qos-profile profile-name interface interface-type
interface-num [ to interface interface-type interface-num ]
Parameters
profile-name
Specifies the QoS profile name, consisting of a string 1

to 32 characters long, starting with letters [a-z, A-Z]
and excluding the reserved keywords (for example; all,
interface, user, undo, user-based, and port-based).
interface interface-type
interface-num [ to
interface-num ]
Specifies the range of ports. The beginning interface
interface-type interface-num specifies the beginning

port and the one in the end specifies the end port.
Example
To apply profile named h3c on GigabitEthernet1/0/1 to GigabitEthernet1/0/4

manually, enter the following:
[S4200G] apply qos-profile h3c interface gigabitethernet1/0/1 to
gigabitethernet1/0/4
View
Description
System view
You cannot delete the specific QoS profile that has been applied to the port.

Command Reference
arp check enable 31
arp check enable

Purpose
Use the arp check enable command to enable the ARP entry checking function,
that is, to disable a switch from creating multicast MAC address ARP entries for MAC
addresses learned.
Use the undo arp check enable command to disable the ARP entry checking
function. In this case, a switch creates multicast MAC address ARP entries for MAC
addresses learned.
Syntax
arp check enable

undo arp check enable
Parameters
None
Default
By default, the checking of ARP entry is enabled and the device does not learn the
ARP entry where the MAC address is a multicast MAC address.
Example
To configure to create multicast MAC address ARP entries for MAC addresses learned,
enter the following:
[S4200G] undo arp check enable
View
System view
32 arp static

Command Reference
arp static
Purpose
Use the arp static command to configure the static ARP mapping entries in the ARP
mapping table.
Use the undo arp ip_address command to remove a ARP mapping entry from the
ARP table.
Syntax
arp static ip_address mac_address [ vlan_id interface_type

interface_number }]
undo arp ip_address
Parameters
ip_address
Specifies the IP address of the ARP mapping entry.
mac_address
Specifies the MAC address of the ARP mapping entry,

in the format H-H-H, where H indicates a four digit
hexadecimal number, for example 00e0-fc01-0000.
vlan_id
Specifies the ID number of the local VLAN that you

want to use to associate with the ARP mapping entry.
Valid values for the VLAN ID are 1 to 4094.
interface_type
Specifies the type of the port that you want to use to

send frames to this address. This parameter be entered
if a VLAN ID is specified.
interface_number
Specifies the number of the port that you want to use

to send frames to this address. This parameter must be
entered if a VLAN ID is specified.
Default
By default, the ARP mapping table is empty, and the Switch uses dynamic ARP to
maintain its address mapping.
Example
To Create a static ARP mapping entry, with the IP address of 202.38.10.2, the MAC
address of 00e0-fc01-0000. The ARP mapping entry belongs to GigabitEthernet1/0/1
port (assuming that GigabitEthernet1/0/1 port belongs to VLAN1), enter following:
[S4200G] arp static 202.38.10.2 00e0-fc01-0000 1 GigabitEthernet1/0/1
View
System view

Command Reference
Description
arp static 33
The system ARP mapping table is empty when a switch is just started. And the
dynamic address mapping entries are generated by ARP.
Note:
Related Commands
Static ARP mapping entries are valid as long as the Ethernet switch operates.
However, an ARP mapping entry is removed if the corresponding VLAN is
removed. By default, a dynamic ARP mapping entry remains valid for 20 minutes.
As for the arp static command, the value of the vlan-id argument must be
the ID of an existing VLAN, and the port identified by the interface-type and
interface-number arguments must belong to the VLAN.
reset arp
display arp
debugging arp packet
34 arp timer aging

Command Reference
arp timer aging

Purpose
Use the arp timer aging command to configure the aging time for dynamic ARP
mapping entries.
Use the undo arp timer aging command to restore the default aging time.
Syntax
arp timer aging aging-time

undo arp timer aging
Parameters
aging-time
Default
The defaults is 20 minutes.
Example
To Configure the aging time to be 10 minutes, enter the following:
Specifies the aging time (in minutes) of the dynamic

ARP mapping entries. Valid values are from 1 to 1,440.
[S4200G] arp timer aging 10
View
Related Command
System view
arp timer aging

Command Reference
ascii 35
ascii
Purpose
Use the ascii command to configure data transmission mode as ASCII mode.
Syntax
ascii
Parameters
None
Default
By default, the file transmission mode is ASCII mode.
Example
Enter FTP client view.

<S4200G> ftp 2.2.2.2
Trying ...
Press CTRL+K to abort
Connected.
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(none):switch
331 Give me your password, please
Password:*****
230 Logged in successfully
[ftp]
Specify to transfer files in ASCII mode.

[ftp] ascii
200 Type set to A.
View
Description
FTP Client view
Perform this command if the user needs to change the file transmission mode to
default mode.
36 attribute

Command Reference
attribute
Purpose
Use the attribute command to configure attributes of a user whose service type is
lan-access.
Use the undo attribute command to cancel the attributes that have been defined
for this user.
Syntax
attribute { ip ip-address | mac mac-address | idle-cut second |

access-limit max-user-number | vlan vlan-id |
location { nas-ip ip-address port port-number | port port-number }
undo attribute { ip | mac | idle-cut | access-limit | vlan | location }
Parameters
ip ip-address
Specifies the IP address of a user.
mac mac-address
Specifies the MAC address of a user. Where,

mac-address takes on the hexadecimal format of
HHHH-HHHH-HHHH-HHHH.
idle-cut second
Allows the local users to enable the idle-cut function.

The argument second defines the idle time before
cutting down. Valid values are 60 to 7200 seconds.
access-limit
max-user-number
Specifies the maximum number of users who access

the switch using the current user name. Valid values
for max-user-number are 1 to 1024.
vlan vlan-id
Sets the VLAN attribute of user, in other words, the

VLAN to which a user belongs. Valid values for
vlan-id are 1 to 4094.
location
Sets the port binding attribute of user.
nas-ip ip-address
Sets the IP address of the access server to which the

user is bound. ip-address is an IP address in dotted
decimal format and defaults to 127.0.0.1. nas-ip
must be defined for a user bound with a remote port.
port port-number
Sets the port to which a user is bound. port-number

is specified in the following format:
device ID/slot number/port number
The device ID ranges from 1 to 8. The slot number
ranges from 0 to 15 (if the bound port has no slot
number, input 0). The port number ranges from 1 to
255.
If any of these three items is absent, the value 0 will be
used to replace it.

Command Reference
Example
attribute 37
To set the IP address of user1 to 10.110.50.1, enter the following:

[S4200G] local-user user1
New local user added.
[S4200G-luser-user1] attribute ip 10.110.50.1
View
Related Command
Local User view
display local-user
38 authentication

Command Reference
authentication
Purpose
Use the authentication command to configure an authentication scheme for the

current ISP domain.
Use the undo authentication command to restore the default authentication
scheme of the current ISP domain.
Syntax
authentication { radius-scheme radius-scheme-name [ local ] | local |

none }
undo authentication
Parameters
radius-scheme
radius-scheme-name
Specifies a RADIUS authentication scheme.
local
Specifies to use local authentication scheme.
none
Specifies not to perform authentication.
Default
By default, no separate authentication scheme is configured.
Example
To Specify radius as the RADIUS authentication scheme to be referenced by the ISP

domain aabbcc.net, enter the following:
New Domain added.
[S4200G-isp-aabbcc.net] authentication radius-scheme radius
To specify rd as the RADIUS authentication scheme to be referenced by the ISP

domain aabbcc, and the local scheme as the secondary authentication scheme, enter
the following:
[S4200G] domain aabbcc
New Domain added.
[S4200G-isp-aabbcc] authentication radius-scheme rd local
View
ISP Domain view

Command Reference
Description
Related Command
authentication 39
Before you use the authentication command to specify a RADIUS scheme to be

referenced by the current ISP domain, the specified RADIUS scheme must has already
been defined.
After the authentication radius-scheme radius-scheme-name

local command is executed, the local scheme is used as the secondary
authentication scheme in case the RADIUS server does not respond normally. That
is, if the communication between the switch and the RADIUS server is normal, no
local authentication is performed; otherwise, local authentication is performed.
After the authentication local command is executed, the local scheme is

used as the primary scheme. In this case, only local authentication is performed.
After the authentication none command is executed, no authentication is
performed.
After the authentication command is executed in an ISP domain view, the

system uses the authentication scheme specified in the command to authenticate
the users in the domain. Otherwise the system uses the scheme specified in the
scheme command to authenticate the users.
scheme
radius scheme
40 authentication-mode

Command Reference
authentication-mode
Purpose
Use the command authentication-mode to specify the authentication mode.

Use the command authentication-mode password to prompt a user for local
password authentication at login.
To set the password, use set authentication password.
Use the command authentication-mode scheme to prompt a user to provide local
or remote user name and password authentication at login.
Use the command authentication-mode none to allow a user to log in without
username or password authentication.
Syntax
authentication-mode { password | scheme | none }
Parameters
password
Authenticates users using the local password.
scheme
Authenticates users locally or remotely using

usernames and passwords.
none
Does not authenticate users.
Default
By default, users logging in through the Console port are not authenticated, whereas
modem users and Telnet users are authenticated.
Example
Configure to authenticate users using the local password.

[S4200G] user-interface aux0
[S4200G-ui-aux0] authentication-mode password
View
Description
User Interface view
This command configures the authentication method for a user at log in.
If you specify the password keyword to authenticate users using the local
password, remember to set the local password using the set authentication
password { cipher | simple } password command.
If you specify the scheme keyword to authenticate users locally or remotely using
usernames and passwords, the actual authentication mode depends on other
related configuration. Refer to the Security module of this manual for more.

Command Reference
authentication-mode 41
The type of the authentication depends on your network configuration. For further
information, see AAA and RADIUS.
42 authorization

Command Reference
authorization
Purpose
Use the authorization none command to allow users in the current ISP domain
to use network services without being authorized.
Use the undo authorization command to restore the default authorization
scheme of the ISP domain.
Syntax
authorization none
undo authorization
Parameters
None
Default
By default, no separate authorization scheme is configured.
Example
Allow users in current ISP domain to access the network services without being
authorized.
New Domain added.
[S4200G-isp-aabbcc.net] authorization none
View
Related Command
ISP Domain view
scheme
radius scheme

Command Reference
auto-build 43
auto-build
Purpose
Use the auto-build command to create a cluster automatically.
Syntax
auto-build [ recover ]
Parameters
recover
Example
Set up a cluster automatically.
Establishes communication with all the member

devices again.
<S4200G>system-view
[S4200G] cluster
[S4200G-cluster] auto-build
View
Description
Cluster view
This command can be executed on a candidate device or a management device.

When you use this command on a candidate device, you are required to input a
cluster name to create a cluster. Then the cluster collects candidates through NTDP
and adds them to the cluster upon your confirmation.
When you use this command on a management device, the system will collect
candidates directly.
Argument recover is used to recover a cluster. Using the auto-build recover
command, you can find the members that left the member list and add them to the
cluster again.
Note:
Ensure that NTDP is enabled, because it is the basis of candidate and member
collection. The collection range is also decided through NTDP. You can use the hop
command to modify the collection range.
If a member is configured with an enable-password different from the password of
the management device, it cannot be added to a cluster automatically.
44 auto-execute command

Command Reference
auto-execute command
Purpose
Use the auto-execute command command to set the command that is executed
automatically after a user logs in.
Use the undo auto-execute command command to disable the specified
command from being automatically executed
Syntax
auto-execute command text

undo auto-execute command
Parameters
text
Default
By default, auto-execute is disabled.
Example
Configure the telnet 10.110.100.1 command to be executed automatically after users

log into VTY 0.
Specifies that the command be run automatically.
[S4200G] user-interface vty0
[S4200G-ui-vty0] auto-execute command telnet 10.110.100.1
View
Description
User Interface view
Normally, the telnet command is specified to be executed automatically to enable the

user to Telnet to a specific network device automatically.
CAUTION:
The auto-execute command command may cause you unable to perform

common configuration in the user interface, so use it with caution.
Before executing the auto-execute command command and save your

configuration, make sure you can log into the switch in other modes and cancel
the configuration.

Command Reference
binary 45
binary
Purpose
Use the binary command to specify that files be transferred in binary mode. That is,
data is transferred in binary streams.
Syntax
binary
Parameters
None
Example

<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Specify to transfer files in binary mode.

[ftp] binary
200 Type set to I.
View
FTP Client view
46 black-list add-mac

Command Reference
black-list add-mac
Purpose
Use the black-list add-mac command to add a device into the blacklist.
Syntax
black-list add-mac mac-address
Parameters
mac-address
Example
Add a device into the blacklist.
The MAC address of the device that will be added into

the blacklist, in the format of H-H-H.
<S4200G>system-view
[S4200G] cluster
[S4200G-cluster] black-list add-mac 0ec0-fc00-0001
View
Description
Cluster view
This command can be executed only on the management device.

Command Reference
black-list delete-mac 47
black-list delete-mac
Purpose
Use the black-list delete-mac command to delete a device from the blacklist.
Syntax
black-list delete-mac { all | mac-address }
Parameters
mac-address
Example
Delete a device from the blacklist.
The MAC address of the device that will be deleted

from the blacklist, in the format of H-H-H.
<S4200G>system-view
[S4200G] cluster
[S4200G-cluster] black-list delete-mac 0ec0-fc00-0001
Delete all the devices from the blacklist.

[S4200G-cluster] black-list delete-mac all
View
Description
Cluster view
48 boot attribute-switch

Command Reference
boot attribute-switch
Purpose
Use the boot attribute-switch command to switch between the main and
backup attribute for all the files or a specified type of files. This changes a file with the
main attribute to one with the backup attribute, or vice versa.
Syntax
boot attribute-switch { all | app | configuration | web }
Parameters
all
Specifies all files, including App, configuration, and

Web files.
app
Specifies App files.
configuration
Specifies configuration files.
web
Specifies Web files.
Example
Switch the attributes of all the files on the switch.

<S4200G>boot attribute-switch all
The boot, web and configuration file's backup-attribute and
main-attribute will exchange.
Are you sure? [Y/N]
Before pressing ENTER you must choose 'YES' or 'NO'[Y/N]:y
The boot, web and configuration file's backup-attribute and
main-attribute exchanged successfully on unit 1!
View
Description
User view
This command changes a file with the main attribute to one with the backup
attribute, or vice versa.
Note:
An app file is an executable file, with bin as the extension.
A configuration file is used to store and restore configuration, with cfg as the
extension.
A Web files is used for Web-based network management, with web as the
extension.

Command Reference
boot boot-loader 49
boot boot-loader
Purpose
Use the boot boot-loader command to configure an app file to be of the main
attribute. The app file specified by this command becomes the main startup file when
the device starts the next time.
Syntax
boot boot-loader file-url
Parameters
file-url
Example
Configure the file named boot.bin to be of the main attribute.
Path name or file name of an App file in the flash

memory, consisting of a character string from 1 to 64
characters long.
<S4200G>boot boot-loader boot.bin

The specified file will be booted next time on unit 1!
View
Description
User view
The app file specified by this command becomes the main startup file when the
device starts the next time.
CAUTION:
Make sure the app file to be specified as the most preferred startup file exists before
executing this command.
50 boot boot-loader

Command Reference
boot boot-loader
Purpose
Use the boot boot-loader command to specify the host software that will be
adopted when the current switch or a specified switch in the fabric reboots next time.
Syntax
boot boot-loader [ backup-attribute ] { file-url | device-name }
Parameters
backup-attribute
Sets the specified file to a backup file.
file-url

characters long.
device-name
File name, beginning with a device name in the form

of unit[NO.]>flash, used to save the specified file to the
Flash memory of a specified switch.
Example
Specify the host software that will be adopted when the current switch reboots next
time.
<S4200G> boot boot-loader PLATV100R002B09D002.bin
The specified file will be booted next time on unit 1!
<S4200G>
View
Description
User view
You can use this command to specify a .bin file in the Flash memory as the host
software to be adopted at reboot.

Command Reference
boot boot-loader backup-attribute 51
boot boot-loader backup-attribute

Purpose
Use the boot boot-loader backup-attribute command to configure an app

file to be of the backup attribute.
Syntax
boot boot-loader backup-attribute file-url
Parameters
file-url
Example
Configure the file named backup.bin to be of the backup attribute.

characters long.
<S4200G>boot boot-loader backup-attribute backup.bin

Set boot file backup-attribute successfully on unit 1!
View
Description
User view
The app file specified by this command becomes the backup startup file when the
device starts up the next time. When the main startup file is unavailable, the backup
startup file is used to start the switch.
CAUTION:
Make sure the app file to be specified as the backup startup file exists before
52 boot bootrom

Command Reference
boot bootrom
Purpose
Use the boot bootrom command to update the BootROM.
Syntax
boot bootrom { file-url | device-name }
Parameters
file-path
File path and file name of Bootrom. This is a .btm file in

the Flash memory.
device-name
File name, beginning with a device name in the form

of unit[NO.]>flash, used to save the specified file to the
Flash memory of a specified switch.
Example
Update the BootROM of the switch.

<S4200G> boot bootrom S4200G.btm
View
User view

Command Reference
boot web-package 53
boot web-package
Purpose
Use the boot web-package command to configure a Web file to be of the main or
backup attribute.
Syntax
boot web-package webfile { backup | main }
Parameters
webfile
Name of a Web file, consisting of a character string

from 5 to 127 characters long.
main
Specifies the file to be of the main attribute.
backup
Specifies the file to be of the backup attribute.
Example
Configure the Web file named boot.web to be of the main attribute.

<S4200G>boot web-package http.web main
View
Description
User view
CAUTION:
Make sure the Web file which the webfile argument identifies exists before
The configuration of the main or backup attribute of a Web file takes effect
immediately without restarting the device.
54 broadcast-suppression

Command Reference
broadcast-suppression
Purpose
Use the broadcast-suppression command to define the broadcast traffic ratio

allowed on one port or each of the ports.
Use the undo broadcast-suppression command to restore the default ratio.
Syntax
broadcast-suppression { ratio | pps max-pps }

undo broadcast-suppression
Parameters
ratio
Specifies the allowed maximum ratio of the broadcast

traffic to the total bandwidth on one or each port.
Valid values for this argument are 1 to 100 (in
increments of 1). The smaller the value of this
argument, the smaller the allowed-to-pass broadcast
traffic is.
If not specified, the default is 100.
max-pps
Maximum number of broadcast packets allowed to

pass through each Ethernet port per second. Valid
values are 200 to 14881000 in pps.
Default
By default, broadcast suppression is disabled.
Example
Allow the broadcast traffic passing through the Ethernet1/0/1 port to occupy at most
20% of the bandwidth.
[S4200G] interface ethernet1/0/1
[S4200G-Ethernet1/0/1] broadcast-suppression 20
View
Description
System view
Once broadcast traffic exceeds the value set by the user, the system maintains an
appropriate broadcast traffic ratio by discarding the overflow traffic, so as to suppress
broadcast storm, avoid network congestion, and ensure normal network services.

Command Reference
build 55
build
Purpose
Use the build command to configure a cluster with the current switch as the
management device. Argument name specifies the name of the cluster.
Use the undo build command to configure the current management device as a
candidate.
Syntax
build name
undo build
Parameters
name
Default
By default, a switch is not a management device.
Example
Configure the current switch to be a management device and specify the cluster
name to be 3COM.
Cluster name with no more than 8 characters,

including only alphanumeric characters, subtraction
sign - and/or underline _.
<S4200G>system-view
[S4200G] cluster
[S4200G-cluster] build 3COM
View
Description
Cluster view
After a cluster is created, the device on which the command is executed becomes the
management device and is assigned a member number of 0.
Executed this command on a management-capable device that does not belong to
any clusters. Running this command on a cluster member will fail. If the current
switch is already the management device of a cluster, whose name is different from
that specified in the command, the command will only set the name of the cluster to
the new one.
The member number of a management device is 0.
56 bye

Command Reference
bye
Purpose
Use the bye command to terminate the connection to the remote SFTP server and
return to system view.
Syntax
bye
Parameters
None
Example
Terminate the connection to the remote SFTP server (assume that the server IP address
is 10.1.1.2).
[S4200G] sftp 10.1.1.2
sftp-client> bye
[S4200G]
View
Description
SFTP Client view
This command has the same function as the exit and quit commands.

Command Reference
bye 57
bye
Purpose
Use the bye command to terminate the control connection and data connection
with the remote FTP server and quit to user view.
Syntax
bye
Parameters
None
Example

<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Terminate the connections with the remote FTP server and quit to user view.
[ftp] bye
<S4200G>
View
Description
FTP Client view
This command has the same effect as that of the quit command.
58 cd

Command Reference
cd
Purpose
Use the cd command to change the current path on the remote SFTP server.
Syntax
cd [ remote-path ]
Parameters
remote-path
Example
Change current path to new1.
Name of a path on the server. If you do not specify the

remote-path argument, the current path is
displayed.
sftp-client> cd new1
Current Directory is:
flash:/new1
View
Description
SFTP Client view
You can use the cd.. command to return to the upper level directory.
You can use the cd / command to return to the root directory of the system (that is,
flash:/).

Command Reference
cd 59
cd
Purpose
Use the cd command to enter a specified directory on the Ethernet switch.
Syntax
cd directory
Parameters
directory
Default
The default directory is the root directory of Flash.
Example
Enter the directory named flash.
The target directory, comprised of a string from 1 to

142 characters long.
<S4200G> cd flash:
<S4200G> pwd
flash:
View
User view
60 cd

Command Reference
cd
Purpose
Use the cd command to change the work path on the remote FTP server.
Syntax
cd pathname
Parameters
pathname
Example
The path name.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Change the work directory to flash:/temp.

[ftp] cd flash:/temp
View
Description
FTP Client view
You can only use this command to enter authorized directories.

Command Reference
cdup 61
cdup
Purpose
Use the cdup command to return to the upper directory.
Syntax
cdup
Parameters
None
Example
Return to the upper directory.

sftp-client> cdup
View
SFTP Client view
62 cdup

Command Reference
cdup
Purpose
Use the cdup command to enter the parent directory.
Syntax
cdup
Parameters
None
Example

<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Enter the parent directory.

[ftp] cdup
View
FTP Client view

Command Reference
check region-configuration 63
Purpose
Use the check region-configuration command to display the configurations

of the MST regions that are not activated.
Some of the region names included are:
revision level
VLAN mapping table
Syntax
Parameters
None
Example
To display the configuration of an MST region, enter the following:

[S4200G-mst-region] check region-configuration
Admin Configuration
Format selector :0
Region name
:00e0fc005100-EI
Revision level :0
Instance
0
16
Vlans Mapped
1 to 9, 11 to 4094
10
Table 3 Description on the fields of the check region-configuration command

Field
Description
Format selector
Selector specified by MSTP
Region name
Name of the MST region
Revision level
Revision level of the MST region
Instance Vlans Mapped Spanning tree instance-to-VLAN mappings in the MST region
View
Description
MST Region view
You can use this command to find the MST region the switch currently belongs to or
check to see whether or not the MST region-related configuration is correct.
MSTP-enabled switches are in the same region only when they have the same MST
region-related configuration. A switch cannot be in a respected region if any one of
the above three MST region-related settings does not be consistent with that of
another switch in the region.
64 check region-configuration
Related Commands

Command Reference
instance
region-name
revision-level
vlan-mapping modulo

Command Reference
clock datetime 65
clock datetime
Purpose
Use the clock datetime command to set the current system time and date.
Syntax
clock datetime time date
Parameters
time
Specifies the current time in HH:MM:SS format. Valid

values for HH are 0 to 23. Valid values for MM and SS
are 0 to 59.
If not specified, the default is 23:55:52.
date
Specifies the current year in MM/DD/YYYY or

YYYY/MM/DD format. Valid values for YYYY are 2000
to 2099. Valid values for MM are 1 to 12. Valid values
for DD are 1 to 31.
If not specified, the default is 2000/4/1.
Example
Set the current date and time of the Ethernet switch to 0:0:0 2001/01/01.
<S4200G> clock datetime 0:0:0 2001/01/01
View
Related Command
User view
display clock
66 clock summer-time

Command Reference
clock summer-time
Purpose
Use the clock summer-time command to set the name, time range, and offset of
the daylight saving time.
Use the undo clock summer-time command to cancel the setting.
Syntax
clock summer-time zone-name { one-off | repeating } start-time

start-date end-time end-date offset-time
undo clock summer-time
Parameters
Example
zone-name
Name of the daylight saving time, consisting of a

character string 1 to 32 characters long.
one-off
Sets the daylight saving time for only one year (the
specified year).
repeating
Sets the daylight saving time for every year starting

from the specified year.
start-time
Start time of the daylight saving time, in the format of

HH:MM:SS.
start-date
Start date of the daylight saving time, in the format of

YYYY/MM/DD or MM/DD/YYYY.
end-time
End time of the daylight saving time, in the format of

HH:MM:SS.
end-date
End date of the daylight saving time, in the format of

YYYY/MM/DD or MM/DD/YYYY.
offset-time
Offset of the daylight saving time relative to (ahead of)

the standard time, in the format of HH:MM:SS.
Set the summer time named abc1, which starts from 06:00:00 2005/08/01, ends until
06:00:00 2005/09/01, and is one hour ahead of the standard time.
<S4200G> clock summer-time abc1 one-off 06:00:00 08/01/2005 06:00:00
09/01/2005 01:00:00
Set the summer time named abc2, which starts from 06:00:00 08/01, ends until
06:00:00 09/01, and is one hour ahead of the standard time every year from 2005
on.
<S4200G> clock summer-time abc2 repeating 06:00:00 08/01/2005 06:00:00
09/01/2005 01:00:00
View
User view

Command Reference
Description
clock summer-time 67
After the setting, you can use the display clock command to check the result.
68 clock timezone

Command Reference
clock timezone
Purpose
Use the clock timezone command to set local time zone information.
Use the undo clock timezone command to return to the default, which is
Universal Time Coordinated (UTC).
Syntax
clock timezone zone_name { add | minus } HH:MM:SS

undo clock timezone
Parameters
Example
zone_name
Specifies the name of the time zone, which may be up

to 32 characters long.
add
Specifies that time is ahead of UTC.
minus
Specifies that time is behind UTC.
HH:MM:SS
Specifies the time difference between the time zone

and UTC.
To set the local time zone as zone 5, and configure the local time to be 5 hours ahead
of UTC, enter the following:
<S4200G>clock timezone z5 add 05:00:00
View
User view
Description
Use the display clock command to check the summer time settings.
Related Command
clock summer-time

Command Reference
close 69
close
Purpose
Use the close command to terminate an FTP connection without quitting FTP client
view.
Syntax
close
Parameters
None
Example

<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Terminate the FTP connection without quitting FTP client view.

[ftp] close
221 Server closing.
[ftp]
View
Description
FTP Client view
The close command has the same effect as that of the disconnect command.
70 cluster

Command Reference
cluster
Purpose
Use the cluster command to enter cluster view.
Syntax
cluster
Parameters
None
Example
Enter cluster view.

<S4200G>system-view
[S4200G] cluster
[S4200G-cluster]
View
System view

Command Reference
cluster enable 71
cluster enable
Purpose
Use the cluster enable command to enable the cluster function on a switch.
Use the undo cluster enable command to disable the cluster function on a
switch.
Syntax
cluster enable
undo cluster enable
Parameters
None
Default
By default, the cluster function is enabled on all the devices supporting cluster.
Example
Enable the cluster function on a switch.

<S4200G>system-view
[S4200G] cluster enable
View
Description
System view
You need to create a cluster with the build command before using the cluster enable
command on the management device.
These two commands can be used on any device supporting the cluster function.
When you execute the undo cluster enable command on a management device, the
cluster is removed, and the switch stops operating as a management device. When
you execute this command on a member device, the cluster function is disabled on
the switch, and the switch quit the cluster. When you execute this command on a
switch that belongs to no cluster, the cluster function is disabled on the switch.
72 cluster-local-user

Command Reference
cluster-local-user
Purpose
Use the cluster-local-user command to configure a Web username and

password for all cluster members.
Use the undo cluster-local-user command to remove the Web user
configuration configured for all cluster members.
Syntax
cluster-local-user username passward { cipher | simple } passwordstring

undo cluster-local-user username
Parameters
username
Specifies the username of a WEB user, consisting of a

string from 1 to 55 characters long.
passwordstring
Specifies the password of the WEB user, consisting of a

Default
By default, no Web user is configured.
Example
Configure a Web user on the master switch.

[3Com_0.S4200G-cluster]cluster-local-user WEB0001 passward cipher
123456
Remove a Web user on the master switch.

[3Com_0.S4200G-cluster]undo cluster-local-user WEB0001
View
Description
Cluster view
This command can be executed only on master switches. The

cluster-local-user command synchronizes the settings specified in it to all
authenticated members, including those passing the authentication after the
command is executed. The configuration applies to all the authenticated cluster
members. You can configure only one such command.
This command is used to simplify user configuration. The Web username and
password are configured for all the member devices of a cluster. This enables all
the member switches in a cluster to login using the same Web username and
password.
The configuration remains valid on a member device even if the latter quits the
cluster.

Command Reference
cluster-mac 73
cluster-mac
Purpose
Use the cluster-mac command to configure a multicast MAC address for cluster
management. Run this command only on the management device only.
Syntax
cluster-mac H-H-H
Parameters
H-H-H
Default
By default, the cluster multicast MAC address is 0180-C200-000A.
Example
Configure the multicast MAC address of the management device as

0180-C200-0028.
Hexadecimal multicast MAC address, ranging

0180-C200-0000, 0180-C200-000A and
0180-C200-0020 to 0180-C200-002F.
<aaa_0.S4200G> system-view
[aaa_0.S4200G] cluster
[aaa_0.S4200G-cluster] cluster-mac 0180-C200-0028
View
Description
Cluster view
Multicast MAC addresses enable the member devices of a cluster to receive multicast
information delivered by the management device, and thus multicast information
sending function is implemented on the management device.
74 cluster-mac syn-interval

Command Reference
cluster-mac syn-interval
Purpose
Use the cluster-mac syn-interval command to set the interval for the
management device to send multicast packets. This command can be executed on
the management device only.
Syntax
cluster-mac syn-interval time-interval
Parameters
time-interval
Example
Set the interval to send multicast packets to 1 minute.
Interval (in minutes) to send multicast packets.
[aaa_0.S4200G-cluster] cluster-mac syn-interval 1
View
Description
Cluster view
When the interval is set as 0, the management device does not send multicast packets
to member devices.

Command Reference
cluster-snmp-agent community 75
cluster-snmp-agent community
Purpose
Use the cluster-snmp-agent community command to configure a SNMP

community for a cluster to enable SNMP access.
Use the undo cluster-snmp-agent community command to cancel the
community name configuration
Syntax
cluster-snmp-agent community { read | write } community-name [ mib-view

view-name ]
undo cluster-snmp-agent community community-name
Parameters
Example
read
Specifies that the SNMP community is a read-only

community.
write
Specifies that the SNMP community is a

write-community.
community-name
Community name, a string containing 1 to 27

characters.
view-name
MIB view name, a string containing 1 to 32 characters.

It is the MIB view that you can view. By default, the
ViewDefault view is used.
In the cluster view of the master switch, set the community name to comaccess and
set the community to be read-only.
[3Com_0.S4200G-cluster] cluster-snmp-agent community read comaccess
Set the community name to comacceswr and set the community as a

write-community.
[3Com_0.S4200G-cluster]cluster-snmp-agent community write comacceswr
Remove the community name comaccess.

[3Com_0.S4200G-cluster]undo cluster-snmp-agent community comaccess
View
Description
Cluster view
If you have configured a community name the same as the one configured by this
command, the current one replaces the one originally configured on a member
switch.
By default, no SNMP community is set for a cluster
76 cluster-snmp-agent community

Command Reference
Use cluster-snmp-agent community and undo cluster-snmp-agent

community commands in the cluster view of the master switch. You can configure
only one SNMP community for a cluster.
The cluster-snmp-agent community command synchronizes the settings

specified in it to all authenticated members, including those passing the
authentication after the command is executed. The configuration applies to all the
authenticated cluster members.
cluster.

Command Reference
cluster-snmp-agent group v3 77
cluster-snmp-agent group v3
Purpose
Use the cluster-snmp-agent group command to configure a SNMP group for a

cluster to map SNMP users to the SNMP view.
Use the undo cluster-snmp-agent group command to remove the SNMP
group configured for a cluster.
Syntax
cluster-snmp-agent group v3 group-name [ authentication | privacy ] [

read-view read-view ] [ write-view write-view ] [notify-view
notify-view ]
undo cluster-snmp-agent group v3 group-name [ authentication | privacy
]
Parameters
v3
Uses SNMPV3 security mode.
group-name
Specifies the group name, consisting of a string from 1

authentication
Authenticates packets without encrypting.
privacy
Authenticates and encrypts packets.
read-view
Sets the read-only view.
read-view
Specifies the read-only view name, consisting of a

write-view
Sets the write view.
write-view
Specifies the write view name, consisting of a string

notify-view
Sets the notify view.
notify-view
Specifies the notify view name, consisting of a string

Default
By default, no SNMP group is configured for a cluster.
Example
Create an SNMP group named snmpgroup.

[3Com_0.S4200G-cluster]cluster-snmp-agent group v3 snmpgroup
View
Description
Cluster view
Use this command in the cluster view of the master switch. You can configure only
one SNMP group for a cluster.
78 cluster-snmp-agent group v3

Command Reference
This command applies to all the authenticated cluster members.
Related Command
Use this command in the cluster view of the master switch. You can configure only
one SNMP group for a cluster.
The cluster-snmp-agent group command synchronizes the settings

authenticated cluster members. If you have configured a group name the same as
the one configured by this command, the current one replaces the one originally
configured on a member switch.
cluster.
snmp-agent group v3

Command Reference
cluster-snmp-agent mib-view included 79
cluster-snmp-agent mib-view included

Purpose
Use the cluster-snmp-agent mib-view command to create or update the

information about the MIB view configured for a cluster.
Use the undo cluster-snmp-agent mib-view command to remove the
information about the MIB view configured for a cluster.
Syntax
cluster-snmp-agent mib-view included view-name oid-tree

undo cluster-snmp-agent mib-view view-name
Parameters
view-name
Specifies the view name, consisting of a string from 1

to 32 characters long. The default view name is
ViewDefault.
oid-tree
Specifies the MIB object sub-tree. It can be OID or a

variable name, containing 1 to 255 characters.
included
Displays the MIB view containing SNMP attribute.
Default
The default MIB view of a cluster is ViewDefault, in which the sub-tree with OID being
1 (that is, iso) can be accessed.
Example
Create a view named "mib2" that contains all objects of mib-2.

[3Com_0.S4200G-cluster]cluster-snmp-agent mib-view included mib2
1.3.6.1.2.1
Remove mib-view named mib2.

[3Com_0.S4200G-cluster]undo cluster-snmp-agent mib-view mib2
View
Description
Cluster view
Use this command in the cluster view of a master switch. You must configure this
command manually. By default, this command is not configured. You can
configure only one such command.
The cluster-snmp-agent mib-view command synchronizes the settings

authenticated cluster members.
cluster.
80 cluster-snmp-agent mib-view included
At present, for the cluster-snmp-agent mib-view included and undo

cluster-snmp-agent mib-view commands, both OID and node name are
supported.
Related Command

Command Reference
snmp-agent mib-view included

Command Reference
cluster-snmp-agent usm-user v3 81
cluster-snmp-agent usm-user v3
Purpose
Use the cluster-snmp-agent usm-user v3 command to add an account to

the SNMPV3 group configured for a cluster.
Use the undo cluster-snmp-agent usm-user v3 command to remove an
account from the SNMPV3 group configured for a cluster.
Syntax
cluster-snmp-agent usm-user v3 username groupname [ authentication-mode

{ md5 | sha } authpassstring [ privacy-mode { des56 privpassstring } ] ]
undo cluster-snmp-agent usm-user v3 username groupname
Parameters
v3
Uses V3 security mode.
username
Specifies the username, consisting of a string from 1 to

32 characters long.
groupname
Specifies the name of the SNMP group the user

corresponds to, consisting of a string from 1 to 32
characters long.
authentication-mode
Performs authentication.
md5
Uses MD5 authentication. The key used in MD5 is 128

bits in length. MD5 is faster than SHA.
sha
Uses SHA authentication. The key used in SHA is 160

bits in length. SHA is slower than MD5 but is more
secure.
authpassstring
Authentication password consisting of a string from 1

to 16 characters long for a plain-text password or a
string consisting of 1 to 24 characters for a ciphertext
password.
privacy-mode
Adopts encryption mode.
des56
Uses DES encryption protocol.
privpassstring
Encryption password consisting of a string from 1 to

16 characters long for a plain-text password or a string
consisting of 1 to 24 characters for a ciphertext
password.
Default
By default, no SNMPV3 account is configured for a cluster.
Example
Add a user named "wang" to the SNMP group named "3Com", with authentication
enabled, authentication protocol set to MD5, and authentication password set to
"pass".
[3Com_0.S4200G-cluster] cluster-snmp-agent usm-user v3 wang 3Com
authentication-mode md5 pass
82 cluster-snmp-agent usm-user v3
View
Description

Command Reference
Cluster view
Use the cluster-snmp-agent usm-user v3 and undo

cluster-snmp-agent usm-user v3 commands in the cluster view of a
master switch. You can configure only one such command.
The cluster-snmp-agent usm-user v3 command synchronizes the

settings specified in it to all authenticated members, including those passing the
authenticated cluster members. If you have configured a user name the same as
the one configured by this command, the original name is changed.
cluster.

Command Reference
cluster switch-to 83
cluster switch-to
Purpose
Use the cluster switch-to command to switch between the management

device and member devices for configuration and management.
Syntax
cluster switch-to { member-number | mac-address H-H-H | administrator }
Parameters
member-number
Member number of a switch in a cluster, ranging from

0 to 255.
mac-address H-H-H
MAC address of a member device.
administrator
Redirects from a member device to the management

device.
Example
Switch from the management device to the member device numbered 6 and then
switch back to the management device.
<aaa_0.S4200G> cluster switch-to 6
<aaa_6.S4200G> quit
<aaa_0.S4200G>
View
Description
User view
You can manage member devices in a cluster through the management device, on
which you can switch to member view to configure or manage specified member
devices, and then switch back to the management device.
Authentication is required when you switch from the management device to a
member device. Upon passing the member device authentication, the switchover is
allowed. If the password of the member device is different from that of the
management device, the switchover is rejected.
The view is inherited from the management device when you switch to a member
device from the management device. For example, the user view remains unchanged
after you switch from the management device to a member device.
Authentication is also required when you switch from a member device to the
management device. After passing the authentication, the system will enter user view
automatically.
When you execute this command on the management device, if the specified
member number n does not exist, an error message appears. Enter quit to stop the
switchover operation.
84 cluster switch-to sysname

Command Reference
cluster switch-to sysname

Purpose
Use the cluster switch-to sysname command to switch between the master
device and a member device.
Syntax
cluster switch-to sysname membersysname
Parameters
membersysname
Example
Switch to the member switch with the system name being abc (assuming that the
member number of the switch is 6) and then switch back to the master device by
executing the quit command.
System name of a member device, consisting of a

<3Com_0.S4200G>cluster switch-to sysname abc

<3Com_6.S4200G>quit
<3Com_0.S4200G>
Enter the member switch with the member number of 5 (assuming that member
devices numbered 5 and 6 share the system name of switch).
<Cluster_0.S4200-3rd>dis cluster members
SN
Device
MAC Address Status
Name
0 Switch4200G 12-Port 0016-e01f-7100
Admin
Cluster_1.4200-3rd
1 Switch4200G 12-Port 0016-e01f-7180 UP
Cluster_1.4200-2nd
To connect to a member:
<Cluster_0.S4200-3rd>cluster switch-to-sysname 4200-2nd
Trying ...
Press CTRL +K to abort
Connected ...
.
.
.
<Cluster_1.4200-2nd>
View
Description
User view
This command can be executed only on master switches.
You can manage member devices through the master device. You can switch to a
specific member device from the master device to manage the member device and
then switch back to the master device.
When you execute this command, an error occurs if the member device to switch
to does not exist. Enter quit to stop switching.
Authentication is performed when you switch to a member device. If the

authentication succeeds, you can switch to the member device; otherwise, the
switch fails.

Command Reference
cluster switch-to sysname 85
When you switch to a member device, the user level remains the same. For
example, if you are in user view when switching to a member device, you are in
user view after switching to the member device.
Authentication is also performed when you switch back to the master device.
Once the authentication succeeds, you are in user view of the master device
automatically.
86 command-privilege level

Command Reference
command-privilege level
Purpose
Use the command-privilege level command to set the level of the specified
command in a specified view.
Use the undo command-privilege view command to restore the level of the
specified command in the specified view to the default.
Syntax
command-privilege level level view view command

undo command-privilege view view command
Parameters
level
Command Level. Valid values are 0 to 3.
view
Command view. This argument can be any command

view the switch supports.
command
The command to be specified.
Default
By default, the ping, tracert, and telnet commands are at the visit level (level
0); the display and debugging commands are at the monitor level (level 1); all
configuration commands are at the system level (level 2); and FTP/TFTP/XModem and
file system related commands are at the manage level (level 3).
Example
Specify the interface command in system view to be of level 0.

[S4200G] command-privilege level 0 view system interface
View
Description
System view
Commands fall into four command levels: visit, monitor, system, and manage, which
are identified as 0, 1, 2, and 3, respectively. The administrator can change the level of
a command to enable users of specific level to utilize the command.

Command Reference
copy 87
copy
Purpose
Use the copy command to copy a file.
Syntax
copy fileurl-source fileurl-dest
Parameters
fileurl-source
Path name or file name of the source file in the Flash, a

string comprising 1 to 142 characters.
fileurl-dest
Path name or file name of the destination file in the

Flash, a string comprising 1 to 142 characters.
Example
Copy the file named test.txt as the file named test.bak.

<S4200G> copy test.txt test.bak
Copy flash:/test/test.txt to flash:/test/test.bak ?[confirm]:y
% Copyed file flash:/test/test.txt flash:/test/test.bak
Copy the file from flash:/vrpcfg.cfg into flash:/test/1.cfg.

<S4200G> copy flash:/vrpcfg.cfg flash:/test/1.cfg
Copy unit1>flash:/vrpcfg.cfg to unit1>flash:/test/1.cfg?[Y/N]:y
..
%Copy file unit1>flash:/vrpcfg.cfg to unit1>flash:/test/1.cfg...Done.
View
Description
User view
If the fileurl-dest argument identifies an existing file, the system prompts you for the
confirmation to overwrite the existing file.
88 copy configuration

Command Reference
copy configuration
Purpose
Use the copy configuration command to copy the configuration of a specific port
to other ports, to ensure consistent configuration.
Syntax
copy configuration source { interface-type interface-number |

aggregation-group source-agg-id } destination { interface-list [
aggregation-group destination-agg-id ] | aggregation-group
destination-agg-id }
Parameters
interface-type
Source port type.
interface-number
Source port number.
source-agg-id
Source aggregation group number. Valid values are 1

to 208. The port with the smallest port number in the
aggregation group is used as the source port.
interface-list
Destination port list, interface-list1 = {

interface-type interface-number } [ to
interface-type interface-number ] &<1-10>.
&<1-10> indicates that the former parameter can be
input 10 times repeatedly at most.
destinatin-agg-id
Destination aggregation group number. Valid values

are 1 to 208.
Note:
Example
If you specify the source aggregation group ID, the system uses the port with the
smallest port number in the aggregation group as the source.
If you specify the destination aggregation ID, the configuration of the source port
will be copied to all ports in the aggregation group.
The port that is in an aggregation group will be removed from the destination
ports, that is, copy configuration cannot take effect on this port. If you need the
port to keep consistent configuration with the source port, you should configure
the aggregation group to which the port belongs as destination parameter.
The port that is enabled Voice VLAN feature will be removed from the destination
ports, that is, copy configuration cannot take effect on this port.
Copy the configuration of aggregation group 1 to all ports in aggregation group 2.

<S4200G>system-view
[S4200G] copy configuration source aggregation-group 1 destination
aggregation-group
View
System view

Command Reference
cut connection 89
cut connection
Purpose
Use the cut connection command to cut the connection a user or a category of
users by force.
This command cannot cut the connections of Telnet and FTP users.
Syntax
cut connection { all | access-type { dot1x | mac-authentication } |

domain isp-name | interface interface-type interface-number |
ip ip-address | mac mac-address | radius-scheme radius-scheme-name |
vlan vlan-id | ucibindex ucib-index | user-name user-name }
Parameters
all
access-type{ dot1x |
mac authentication }
Cuts down all connection.

Configures to cut a category of connections according
to logon type.
dot1x specifies the 802.1x users.
mac authentication specifies the centralized MAC

address authentication users.
domain isp-name
Specifies the user connections to cut using the ISP

domain. isp-name specifies the ISP domain name.
The isp-name is a character string up to 24
characters inlength. The specified ISP domain must
exist.
mac mac-address
Specifies to the connections to cut using the MAC

address. mac-address is specifies in the hexadecimal
format (H-H-H).
radius-scheme
radius-scheme-name
Specifies the connections to cut according to RADIUS

server name. radius-scheme-name specifies the
RADIUS server name with a character string up to 32
characters in length.
interface-number
Specifies the connections to cut according to the port.
interface-type is the port type and

interface-number is the port number.
ip ip-address
Specifies the connections to cut according to IP

address. ip-address is in the hexadecimal format
(ip-address).
vlan vlan-id
Specifies the connection to cut according to VLAN ID.

vlan-id ranges from 1 to 4094.
ucibindex ucib-index
Specifies the connections to cut according to

ucib-index. Theucib-index ranges from 0 to 1047.
user-name user-name
Specifies the connections to cut according to user

name. user-name is a character string up to
90 cut connection

Command Reference
80 characters in length. The string cannot include the

following characters:
<
>
The @ character can only be used once in one

username. The pure username (the characters before
the @, namely the user ID) cannot exceed 55
characters and the domain name (the characters
behind the @) cannot be longer than 24 characters.
Example
To cut all user connections in the ISP domain named aabbcc.net.

[S4200G] cut connection domain aabbcc.net
View
Related Command
System view
display connection

Command Reference
data-flow-format 91
data-flow-format
Purpose
Use the data-flow-format command to set the units of measure for the data flow
sent to the RADIUS Server.
Use the undo data-flow format command to restore the default unit of measure.
Syntax
data-flow-format data { byte | giga-byte | kilo-byte | mega-byte }

packet { giga-packet | kilo-byte | mega-byte | one-packet }
undo data-flow format
Parameters
data
Sets the unit of measure for data.
byte
Specifies to measure data in bytes.
giga-byte
Specifies to measure data in gigabytes.
kilo-byte
Specifies to measure data in kilobytes.
mega-byte
Specifies to measure data in megabytes.
packet
Sets the unit of measure for packets.
giga-packet
Specifies to measure packets in giga-packets.
kilo-packet
Specifies to measure packets in kilo-packets.
mega-packet
Specifies to measure packets in mega-packets.
one-packet
Specifies to measure packets in packets.
Default
By default, the unit of measure for data is byte and that for packets is one-packet.
Example
To specify to measure data and packets in data flows sent to RADIUS server in
kilobytes and kilo-packets respectively. enter the following:
New Radius scheme
[S4200G-radius-radius1] data-flow-format data kilo-byte packet
kilo-packet
View
Description
RADIUS Scheme view
By default, the data unit is byte and the data packet unit is one-packet.
92 data-flow-format
Related Command

Command Reference
display radius

Command Reference
databits 93
databits
Purpose
Use the databits command to set the databits for the user interface.
Use the undo databits command to revert to the default data bits.
Syntax
databits { 7 | 8 }
undo databits
Parameters
Example
Sets the data bits to 7.
Sets the data bits to 8.

If no value is specified, 8 is the default.
Set the data bits to 7.

[S4200G-ui-aux0] databits 7
View
Description
User Interface view
This command can only be performed in the AUX user interface view.
94 debugging

Command Reference
debugging
Purpose
Use the debugging command to enable the system debugging.

Use the undo debugging command to disable the system debugging.
Syntax
debugging
undo debugging
Parameters
None
Example

<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Enable system debugging.

[ftp] debugging
Debug is on.
View
User view

Command Reference
debugging 95
debugging
Purpose

Use the undo debugging command to disable the system debugging.
Syntax
debugging module-name [ debugging-option ]

undo debugging { all | module-name [ debugging-option ] }
Parameters
all
Disables all the debugging.
module-name
Specifies the module name.
debugging-option
Debugging option.
Default
By default, all the debugging processes are disabled.
Example
Enable IP Packet debugging.

<S4200G> debugging ip packet
IP packet debugging switch is on.
The above command output indicates that the IP packet debugging is
enabled.
View
User view
Description
Enabling debugging will generate a great deal of debugging information and thus
will affect the efficiency of the system. Therefore, it is recommended not to enable
debugging for multiple functional modules at the same time. The undo debugging all
command brings great convenience for you to disable all debugging at a time instead
of disabling them one by one.
Related Command
display debugging
96 debugging arp packet

Command Reference

Purpose
Use the debugging arp packet command to enable ARP debugging.

Use the undo debugging arp packet command to disable the corresponding ARP
debugging.
Syntax

undo debugging arp packet
Parameters
error
Specifies to enable ARP error debugging.
info
Specifies to enable ARP mapping table and

information management debugging.
packet
Specifies to enable ARP packet debugging.
Description
By default, undo ARP debugging is disabled.
Example
To enable ARP packet debugging, enter the following:

<S4200G> debugging arp packet
*0.946169229 5100_5 ARP/8/arp_send:- 1 -Send an ARP Packet, operation :
1, sender_eth_addr : 000f-e20f-c415, sender_ip_addr : 31.31.31.5,
target_eth_addr : 0000-0000-0000, target_ip_addr : 31.31.31.1
*0.946169473 5100_5 ARP/8/arp_rcv:- 1 -Receive an ARP Packet, operation
: 2, sender_eth_addr : 00e0-fc00-1751, sender_ip_addr : 31.31.31.1,
target_eth_addr : 000f-e20f-c415, target_ip_addr : 31.31.31.5
Table 4 Output description of the debugging arp packet command

Field
Description
operation
Type of ARP packets:
1 ARP request packet
View
Related Commands
2 ARP reply packet
sender_eth_addr
Source MAC address
sender_ip_addr
Source IP address
target_eth_addr
MAC address of the target. For an ARP request packets, it is all zeros. This
field is set to the target MAC address in the ARP reply packets.
target_ip_addr
Target IP address
User view
arp static
display arp

Command Reference
debugging dhcp client 97
debugging dhcp client

Purpose
Use the debugging dhcp client command to enable debugging for the DHCP
client/BOOTP client.
Use the undo debugging dhcp client command to disable debugging output.
Syntax
debugging dhcp client { all | error | event | packet }

undo debugging dhcp client { all | error | event | packet }
Parameters
all
Enables all types of debugging for dynamic host

configuration protocol (DHCP) client.
error
Enables debugging for DHCP client error messages

(including the information about unidentified packets).
event
Enables debugging for DHCP client events (including

address allocation and data update).
packet
Enables debugging for packets received/transmitted by

a DHCP client.
Default
By default, all DHCP client debugging is disabled.
Example
Enable debugging for DHCP client events.

<S4200G> debugging dhcp client event
View
User view
98 debugging dhcp-relay

Command Reference
debugging dhcp-relay
Purpose
Use the debugging dhcp-relay command to enable DHCP relay debugging.

Use the undo debugging dhcp-relay command to disable DHCP relay
debugging.
Syntax
undo debugging dhcp-relay
Parameters
None
Default
By default, DHCP relay debugging is disabled.
Example
Enable DHCP relay debugging.

<S4200G> debugging dhcp-relay
*0.7200205-DHCP-8-dhcp_debug:
From client to server:
Interface: VLAN-Interface 1
ServerGroupNo: 0
Type: dhcp-request
ClientHardAddress: 0010-dc19-695d
ServerIpAddress: 192.168.1.2
*0.7200230-DHCP-8-dhcp_debug:
From server to client:
Interface: VLAN-Interface 1
ServerGroupNo: 0
Type: dhcp-ack
ClientHardAddress: 0010-dc19-695d
AllocatedIpAddress: 10.1.1.1
*0.7200580-DHCP-8-largehop:
Discard DHCP request packet because of too large hop count!
*0.7200725-DHCP-8-invalidpkt:
Wrong DHCP packet!
Table 5 Description on the fields of the debugging dhcp-relay command

Field
Description
Interface
VLAN interface carrying the DHCP

relay function
ServerGroupNo
DHCP server group number of the

DHCP relay
Type
DHCP packet type of the DHCP relay
ClientHardAddress
MAC address of the DHCP client
ServerIpAddress
IP address of the DHCP server
AllocatedIpAddress
IP address assigned to the DHCP client

Command Reference
View
Related Commands
debugging dhcp-relay 99
User view
dhcp-server ip
dhcp-server
display dhcp-server
display dhcp-server interface vlan-interface
100 debugging DLDP

Command Reference
debugging DLDP
Purpose
Use the debugging dldp command to enable specific debugging for DLDP on all
ports with DLDP enabled.
Use the undo debugging dldp command to disable debugging for DLDP on all
ports with DLDP enabled.
Syntax
debugging dldp { error | neighbor | packet | state } }

undo debugging dldp { error | neighbor | packet | state }
Parameters
error
Debugging for DLDP error.
neighbor
Debugging for DLDP neighbor.
packet
Debugging for DLDP packets.
state
Debugging for the DLDP status on ports.
Default
By default, DLDP debugging is disabled.
Example
Enable debugging for DLDP error.

<S4200G> debugging dldp error
View
User view

Command Reference
debugging ntp-service 101
debugging ntp-service
Purpose
Use the debugging ntp-service command to debug different NTP (network time
protocol) services.
Use the undo debugging ntp-service command to disable corresponding
debugging function.
Syntax
debugging ntp-service { access | adjustment | all | authentication |

event | filter | packet | parameter | refclock | selection |
synchronization | validity }
undo debugging ntp-service { access | adjustment | all | authentication
| event | filter | packet | parameter | refclock | selection |
synchronization | validity }
Parameters
access
NTP access control debugging.
adjustment
NTP clock adjustment debugging.
all
All NTP debugging functions.
authentication
NTP authentication debugging.
event
NTP event debugging.
filter
NTP filter information debugging.
packet
NTP packet debugging.
parameter
NTP clock parameter debugging.
refclock
NTP reference clock debugging.
selection
NTP clock selection information debugging.
synchronization
NTP clock synchronization information debugging.
validity
NTP remote host validity debugging
Default
By default, no debugging function is enabled.
Example
Enable NTP access control debugging.

<S4200G>debugging ntp-service access
View
User view
102 debugging radius

Command Reference
debugging radius
Purpose
Use the debugging radius command to enable the debugging for RADIUS
protocol.
Use the undo debugging radius command to disable the debugging for RADIUS
protocol.
Syntax
debugging radius packet

undo debugging radius packet
Parameters
packet
Default
By default, the debugging for RADIUS protocol is disabled.
Example
To enable the debugging for RADIUS protocol, enter the following:
Enables packet debugging.
<S4200G> debugging radius packet
View
User view

Command Reference
debugging snmp-agent 103
debugging snmp-agent
Purpose
Use the debugging snmp-agent command to enable SNMP Agent debugging.

Use the undo debugging snmp-agent command to cancel the current setting.
Syntax
debugging snmp-agent { header | packet | process | trap }

undo debugging snmp-agent { header | packet | process | trap }
Parameters
header
Configures SNMP packet header debugging.
packet
Configures SNMP packet debugging.
process
Configures SNMP packet process debugging.
trap
Configures Trap packet debugging.
Default
By default, SNMP Agent debugging is disabled.
Example
Enable SNMP packet header debugging.

<S4200G> debugging snmp-agent header
View
Description
User view
This command enables or disables SNMP Agent debugging.
104 debugging udp-helper

Command Reference
debugging udp-helper
Purpose
Use the debugging udp-helper command to enable UDP Helper debugging.

Use the undo debugging udp-helper command to disable UDP Helper debugging.
Syntax
debugging udp-helper { event | packet [ receive | send ] }

undo debugging udp-helper { event | packet [ receive | send ] }
Parameters
event
UDP Helper event debugging.
packet
UDP Helper packet debugging.
receive
UDP Helper inbound packet debugging.
send
UDP Helper outbound packet debugging.
Default
By default, UDP Helper debugging is disabled.
Example
To enable UDP Helper packet debugging, enter the following:

<SW4200G>debugging udp-helper packet
View
User view

Command Reference
delete 105
delete
Purpose
Use the delete command to delete a specified file stored on a switch.
Syntax
delete [ /unreserved ] file-url

delete { running-files | standby-files } [ /unreserved ]
Parameters
Example
/unreserved
Deletes a file completely.
file-url
Path or the file name of a file in the Flash, a string

comprising 1 to 142 characters. You can use the "*"
character in this argument as a wildcard. For example,
the delete *.txt command deletes all the files
with txt as their extensions.
running-files
Specifies all the files with the main attribute.
standby-files
Specifies all the files with the backup attribute.
Delete the file test/test.txt in the local unit.

<S4200G>delete test/test.txt
Delete unit1>flash:/test/test.txt?[Y/N]:y
.
%Delete file unit1>flash:/test/test.txt...Done.
Delete the files that are of the main attribute.

<S4200G>delete running-files
Delete the running files ? [Y/N]:y
Start deleting ..........
Unit1 delete success!
%Apr 4 11:25:40:973 2000 S4200G VFS/6/OPLOG:- 1 - Unit1 delete
success!
Deleting ... done
View
Description
User view

If you execute the delete command with the /unreserved keyword specified, the
specified file is completely deleted. (That is, the file cannot be restored.)
If you execute the delete command with the /unreserved keyword not specified, the
specified file is moved to the recycle bin. Following are the notes on deleted files:
The dir command cannot display the information about deleted files.
To display the information about deleted files, use the dir /all command.
106 delete

Command Reference
To restore a deleted file, use the undelete command.
To delete the files in the recycle bin, use the reset recycle-bin command.
You can also use the delete command to delete files by file attribute. The delete
running-file command deletes all the files with the main attribute, and the delete
standby-file command deletes all the files with the backup attribute.
CAUTION:
For deleted files whose names are the same, only the latest deleted file can be
restored.

Command Reference
delete 107
delete
Purpose
Use the delete command to delete the specified file from the server.
Syntax
delete remote-file
Parameters
remote-file
Example
Delete file temp from the server.
Name of a file on the server.
sftp-client> delete temp.c
View
Description
SFTP Client view
This command has the same function as the remove command.
108 delete

Command Reference
delete
Purpose
Use the delete command to delete the specified remote file.
Syntax
delete remotefile
Parameters
remotefile
Example
File name.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Delete the file named temp.c.

[ftp] delete temp.c
250 DELE command successful.
View
FTP Client view

Command Reference
delete-member 109
delete-member
Purpose
Use the delete-member command to remove a member device from the cluster.
Syntax
delete-member member-number
Parameters
member-number
Example
Remove the member device numbered 2 from the cluster.

0 to 255.
[aaa_0.S4200G-cluster] delete-member 2
View
Description
Cluster view
This command can be performed on the management device only. Otherwise, an

error message will appear.
110 delete static-routes all

Command Reference
delete static-routes all

Purpose
Use the delete static-routes all command to delete all the static routes.
Syntax
Parameters
None
Example
Delete all the static routes in the router.

<SW4200G>system-view
[SW4200G]delete static-routes all
Are you sure to delete all the static routes?[Y/N]
View
Description
Related Commands
System view
The system requests your confirmation before it deletes all the configured static
routes.
ip route-static
display ip routing-table

Command Reference
description 111
description
Purpose
Use the description command to enter a description of an Ethernet port.

Use the undo description command to cancel the description.
Syntax
description text
undo description
Parameters
text
Default
By default, an Ethernet port does not have a description.
Example
Set the description of port Ethernet1/0/1 to be lanswitch-interface.
Specifies a description of the Ethernet port. The

description may be up to 80 characters long.
<S4200G>system-view
[S4200G]interface ethernet 1/0/1
[S4200G-Ethernet1/0/1]description lanswitch-interface
[S4200G-Ethernet1/0/1]
View
Ethernet Port view
112 description

Command Reference
description
Purpose
Use the description command to assign a description string for the VLAN.
Use the undo description command to restore the default description string.
Syntax
description string
undo description
Parameters
string
Example
To give VLAN 1 the description RESEARCH, enter the following:
Description string to be assigned to a VLAN. This value

is a string comprising 1 to 32 characters. The default
description string of a VLAN is its VLAN ID, such as
"VLAN 0001".
[S4200G] vlan 1
[S4200G-vlan1] description research
View
VLAN view

Command Reference
description 113
description
Purpose
Use the description command to assign a description string to a VLAN or a VLAN

interface.
Syntax
description string
undo description
Parameters
Example
string
Specifies a description of the current VLAN or VLAN

interface.
The description of a VLAN may be up to 32

characters and defaults to the ID of the VLAN
(for example, VLAN 0001).
The description of a VLAN interface may be up to

80 characters and defaults to the name of the
VLAN interface (for example, Vlan-interface1
Interface).
To configure VLAN 2 to be the management VLAN and give of the description

RESEARCH to the VLAN 2 interface, enter the following:
[S4200G] vlan 2
[S4200G-vlan2] quit
[S4200G] management-vlan 2
[S4200G-Vlan-interface2] description RESEARCH
View
VLAN view
VLAN Interface view
114 description

Command Reference
description
Purpose
Use the description command to define the description information of an ACL to

describe the specific purpose of the ACL.
Use the undo description to delete the description information of an ACL.
Syntax
description text
undo description
Parameters
text
Example
Define the description information of ACL 3100.
Description information of the ACL, a string of up to

127 characters.
[S4200G] acl number 3100
[S4200G-acl-adv-3100] description This acl is used in eth 0
Delete the description information of ACL 3100.

[S4200G-acl-adv-3100] undo description
View
Basic ACL view
Advanced ACL view
Layer 2 ACL view

Command Reference
dhcp relay information enable 115
dhcp relay information enable

Purpose
Use the dhcp relay information enable command to enable option 82

supporting on a DHCP relay, through which you can enable the DHCP relay to insert
option 82 into DHCP request packets sent to a DHCP server.
Use the undo dhcp relay information enable command to disable option 82
supporting on a DHCP relay, through which you can disable the DHCP relay from
inserting option 82 into DHCP request packets sent to a DHCP server.
Syntax

undo dhcp relay information enable
Parameters
None
Default
By default, this function is disabled.
Example
Enter system view.

Enable option 82 supporting on a DHCP relay.

[S4200G] dhcp relay information enable
Disable option 82 supporting on a DHCP relay.

[S4200G] undo dhcp relay information enable
View
Related Command
System view
dhcp relay information strategy
116 dhcp relay information strategy

Command Reference

Purpose
Use the dhcp relay information strategy command to instruct a DHCP

relay to perform specified operations to DHCP request packets that carry option 82.
Use the undo dhcp relay information strategy command to instruct a
DHCP relay to perform the default operations to DHCP request packets that carry
option 82.
Syntax
dhcp relay information strategy { drop | keep | replace }

undo dhcp relay information strategy
Parameters
drop
Specifies to discard the DHCP request packets that

carry option 82.
keep
Specifies to remain the DHCP request packets that

carry option 82 unchanged.
replace
Specifies to replace the option 82 carried by a DHCP

request packet with that of the DHCP relay.
Default
By default, the DHCP relay replaces the option 82 carried by a DHCP request packet
with its own option 82.
Example
Enter system view.

Instruct the DHCP relay to discard the DHCP request packets that carry option 82.
[S4200G] dhcp relay information strategy drop
Instruct the DHCP relay to perform the default operations to DHCP request packets
that carry option 82.
[S4200G] undo dhcp relay information strategy
View
Related Command
System view

Command Reference
dhcp-security static 117
dhcp-security static
Purpose
Use the dhcp-security static command to configure a static user address

entry.
Use the undo dhcp-security command to remove one or all user address entries,
or all user address entries of a specified type.
Syntax
dhcp-security static ip-address mac-address

undo dhcp-security { ip-address | all | dynamic | static }
Parameters
Example
ip-address
User IP address.
mac-address
User MAC address.
all
Removes all user address entries.
dynamic
Removes dynamic user address entries.
static
Removes static user address entries.
Enter system view.

Configure a user address entry for the DHCP server group, with the user IP address
being 1.1.1.1 and the user MAC address being 0005-5D02-F2B3.
[S4200G] dhcp-security static 1.1.1.1 0005-5D02-F2B3
View
Related Command
System view
display dhcp-security
118 dhcp-server

Command Reference
dhcp-server
Purpose
Use the dhcp-server command to map the current VLAN interface to a DHCP
server group.
Use the undo dhcp-server command to cancel the mapping.
Syntax
dhcp-server groupNo
undo dhcp-server
Parameters
groupNo
Examples
Enter system view.
DHCP server group number. Valid values for this

argument are 0 to 19.
Enter VLAN 1 interface view.

Specify that VLAN 1 interface corresponds to DHCP server group 1.

[S4200G-Vlan-interface1] dhcp-server 1
View
Related Commands
VLAN Interface view
dhcp-server ip
display dhcp-server

Command Reference
dhcp-server ip 119
dhcp-server ip
Purpose
Use the dhcp-server ip command to configure the DHCP server IP address(es) in

a specified DHCP server group.
Use the undo dhcp-server command to remove all DHCP server IP addresses in a
DHCP server group.
Syntax
dhcp-server groupNo ip ip-address1 [ ipaddress-list ]

undo dhcp-server groupNo
Parameters
Examples
groupNo
DHCP server group number. Valid values are 0 to 19.
ipaddress-1
IP address of DHCP server 1 in the DHCP server group.
ipaddress-list
IP addresses of other DHCP servers in the DHCP server

group. You can provide up to seven other DHCP sever
IP addresses.
Enter system view.

Configure three DHCP server IP addresses 1.1.1.1, 2.2.2.2, and 3.3.3.3 for DHCP
server group 1, so that this group contains three DHCP servers (server 1, server 2 and
server 3).
[S4200G] dhcp-server 1 ip 1.1.1.1 2.2.2.2 3.3.3.3
View
Related Commands
System view
dhcp-server
display dhcp-server
120 dir

Command Reference
dir
Purpose
Use the dir command to display the information about the specified files or
directories on a switch.
Syntax
dir [ /all ] [ file-url ]
Parameters
/all
Displays the information about all the files, including

those in the recycle bin.
file-url
Path name or the name of a file in the Flash, a string

comprising 1 to 142 characters. You can specify
multiple files by inserting the "*" character as
wildcards in this argument. For example, the dir *.txt
command displays the information about all the files
with the extension of txt in the current directory.
Example
Display the information about all the normal files in the root directory of the file
system on the local unit.
<S4200G> dir
Directory of unit1>flash:/
1 (*)
-rw5792495 Apr 02 2000 00:06:50
s5100.bin
2 (*)
-rw1965 Apr 01 2000 23:59:13
3comoscfg.cfg
3
-rw5841301 Apr 02 2000 21:42:13
s5100d8.bin
4
-rw224 Apr 02 2000 01:36:30
s5100d9.bin
5
-rw279296 Apr 02 2000 00:22:01
test.abc
15367 KB total (3720 KB free)
(*) -with main attribute
(b) -with backup attribute
(*b) -with both main and backup attribute
Display the information about all the files in the root directory of the file system,
including the files in the recycle bin.
<S4200G> dir /all
1 (*)
-rw5792495 Apr
2
-rwh
4 Apr
3
-rwh
151 Apr
4 (*)
-rw1965 Apr
5
-rw5841301 Apr
6
-rw224 Apr
7
-rw279296 Apr
8
-rw2370 Apr
0
-rwh
4 Apr
1 (*)
-rw4724347 Apr 01
2 (*)
-rw1475 Apr
3
-rw1737 Apr
4
-rw279296 Apr
5
-rw428 Apr
6
-rwh
151 Apr
02
01
02
01
02
02
02
02
2000
2000
2000
2000
2000
2000
2000
2000
00:06:50
23:55:26
00:05:53
23:59:13
21:42:13
01:36:30
00:22:01
02:49:12
s5100.bin
snmpboots
private-data.txt
3comoscfg.cfg
s5100d8.bin
s5100d9.bin
test.abc
[1.cfg]
01 2000 23:55:24
snmpboots
2000 23:59:45
s5100.bin
01 2000 23:59:53
3comoscfg.cfg
02 2000 00:46:21
cfg.cfg
02 2000 00:21:55
love.rar
02 2000 13:07:11
hostkey
01 2000 23:58:39
private-data.txt

Command Reference
dir 121
7
-rw572 Apr 02 2000 13:07:20
serverkey
8
-rw1589 Apr 02 2000 00:58:20
1.cfg
Display the information about all the files whose names begin with the character t
(including those in the recycle bin) in the local directory unit1>flash:/test/.
<S4200G>dir /all test/t*
Directory of unit1>flash:/test/
0
-rw279296 Apr 04 2000 14:45:19
test.txt
View
Description
User view
In the output information, files with the main, backup or main/backup attribute are
tagged. This command supports the wildcard of "*".
Note: In the output information of the dir /all command, deleted files (that is,
those in the recycle bin) are embraced in brackets.
122 dir

Command Reference
dir
Purpose
Use the dir command to query specified files.
Syntax
dir [ filename [ localfile ] ]
Parameters
filename
Name of the file to be queried.
localfile
Name of the local file where the query result is to be

saved.
Example

<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Display the information about all the files in the current directory.
[ftp] dir
200 PORT command okay
7 File Listing Follows in ASCII mode
-rwxrwxrwx
1 noone
nogroup
430585 Dec 21 2004 4.bin
-rwxrwxrwx
1 noone
nogroup
430585 Dec 21 2004 5.bin
-rwxrwxrwx
1 noone
nogroup
430585 Dec 23 2004 6. bin
-rwxrwxrwx
1 noone
nogroup
430585 Dec 21 2004 6. bin.bak
-rwxrwxrwx
1 noone
nogroup
638912 Nov 15 2004 abc.BTM
drwxrwxrwx
1 noone
nogroup
0 Dec 15 2004 TEST
-rwxrwxrwx
1 noone
nogroup 3212176 Jul 14 2004 21.bin
226 Transfer finished successfully.
FTP: 5346 byte(s) received in 6.782 second(s) 788.00 byte(s)/sec.
Display the information about the file named 4.app and save the output information
in the file named temp1.
[ftp] dir 4.app temp1
-rwxrwxrwx
1 noone
nogroup
430585 Dec 21 2004 4. bin
FTP: 70 byte(s) received in 0.122 second(s) 573.00 byte(s)/sec.
View
FTP Client view

Command Reference
Description
dir 123
The output information includes the name, size and creation time of a file in the
current directory.
If you do not specify the filename argument, the information about all the files in the
current directory is displayed.
124 dir

Command Reference
dir
Purpose
Use the dir command to display the files in the specified directory.
Syntax
dir [ remote-path ]
Parameters
remote-path
Name of the intended directory.

If the remote-path argument is not specified, the
files in the current directory are displayed.
Example
Display the files in directory flash:/.

sftp-client>
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
drwxrwxrwx
drwxrwxrwx
-rwxrwxrwx
View
1759
225
283
225
0
0
225
Aug
Aug
Aug
Sep
Sep
Sep
Sep
23
24
24
28
28
28
28
Description
dir flash:/
1 noone
nogroup
1 noone
nogroup
1 noone
nogroup
1 noone
nogroup
1 noone
nogroup
1 noone
nogroup
1 noone
nogroup
SFTP Client view
This command has the same function as the ls command.
06:52
08:01
07:39
08:28
08:24
08:18
08:30
vrpcfg.cfg
pubkey2
pubkey1
pub1
new1
new2
pub2

Command Reference
disconnect 125
disconnect
Purpose
Use the disconnect command to terminate a FTP connection without quitting FTP
client view.
Syntax
disconnect
Parameters
None
Example

<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:
[ftp]
Terminate the FTP connection without quitting FTP Client view.

[ftp] disconnect
221 Server closing.
[ftp]
View
Description
FTP Client view
The disconnect command has the same effect as that of the close command.
126 display acl

Command Reference
display acl
Purpose
Use the display acl command to view the detailed configuration information of an
ACL, including each rule and its number as well as the number and size in bytes of
the data packets that match the statement.
Syntax
display acl { all | acl-number }
Parameters
all
Displays all ACLs.
acl-number
Specifies the number of the ACL to be displayed. Valid

values are 2000 to 4999.
Example
Display the contents of all ACLs.

<S4200G> display acl all
Basic ACL 2000, 0 rule, match-order is auto
Acl's step is 1
Advanced ACL 3000, 1 rule
Acl's step is 1
rule 1 permit ip (0 times matched)
View
Description
Any view
The matched times displayed by this command are software matched times, namely,
the matched times of the ACL to be processed by the Switch CPU. You can use the
traffic-statistic command to calculate the matched times of hardware during
packet-forwarding

Command Reference
display am user-bind 127
display am user-bind
Purpose
Use the display am command to view whether address management is enabled

and to display IP address pool configuration.
Syntax
display am user-bind [ interface interface-type interface-number |

mac-addr ip-addr]
Parameters
interface
Displays the binding information of a specified

interface.
interface-type
Specifies the interface type.
interface-number
Specifies the interface number.
mac-addr
Displays the binding information of the MAC address
ip-addr
Displays the binding information of the IP address.
Example
Display the information about port binding.

<S4200G> display am user-bind
Following User address bind have been configured:
Mac
IP
Port
0001-0001-0001
1.2.3.4
GigabitEthernet1/0/1
Unit 1:Total 1 found, 1 listed.
Total: 1 found.
View
Description
Any view
By checking the output of this command, you can verify the current configuration.
128 display arp

Command Reference
display arp
Purpose
Use the display arp command to display the ARP mapping table entries by entry
type, or by a specified IP address.
Syntax
display arp [ ip-address | [ dynamic | static ] | { begin | include |

exclude } text
Parameters
ip-address
Specifies the IP address. The ARP mapping entries

containing the IP address are to be displayed.
dynamic
Displays the dynamic ARP entries in the ARP mapping

table.
static
Displays the static ARP entries in the ARP mapping

table.
begin
Specifies to start displaying from the first ARP entry

that contains the specified character string text.
include
Displays only the ARP entries that contain the specified

character string text.
exclude
Displays only the ARP entries that do not contain the

specified character string text.
text
Displays the ARP entries that contain this user-defined

character string.
Example
To display the ARP entries from the first ARP mapping entry that contains the string 1,
<S4200G> display arp | begin 1
Type: S-Static
D-Dynamic
IP Address
MAC Address
VLAN ID Port Name / AL ID
Aging Type
1.1.1.9
0010-5ce1-1ae6 1
GigabitEthernet1/0/12 17
D
1.1.1.11
000f-1f9b-8ab2 1
18
D
--2 entries found
---
Example2
To display all ARP entries in the mapping table, enter the following:
<S4200G> display arp
IP Address
MAC Address
10.1.1.2
00e0-fc01-0102
10.110.91.175 0050-ba22-6fd7
---
View
2 entries found
VLAN ID
N/A
1
Port Name/AL ID
Aging
N/A
N/A
GigabitEthernet1/0/1 20
---
Any view
Type
Static
Dynamic

Command Reference
Related Commands
display arp 129
arp static
reset arp
130 display arp count

Command Reference
display arp count

Purpose
Use the display arp count command to display the number of the specified
type of ARP mapping entries.
Syntax
display arp count [ [ dynamic | static ] | { begin | include | exclude

} text | ip-address ]
Parameters
dynamic
Counts the dynamic ARP mapping entries.
static
Counts the static ARP mapping entries.
begin
Counts the ARP mapping entries from the first ARP

entry that contains the string given by the text
argument.
Include
Counts the ARP mapping entries that contain the

string given by the text argument.
exclude
Counts the ARP mapping entries that do not contain

the string given by the text argument.
text
Specifies the string used to filtered ARP mapping

entries.
ip-address
Specifies the IP address. The ARP mapping entries

containing the IP address are to be counted in.
Default
If no optional parameter is specified, the number of all types of ARP mapping entries
is displayed.
Example
To display the number of all types of ARP mapping entries, enter the following:
<S4200G> display arp count
1 entry found
View
Related Command
Any view
arp static
reset arp

Command Reference
display arp timer aging 131
display arp timer aging

Purpose
Use the display arp timer aging command to view the current setting of the
dynamic ARP aging timer.
Syntax
Parameters
None
Example
To display the current setting of the ARP aging timer, enter the following:
<S4200G> display arp timer aging
Current ARP aging time is 20 minute(s)(default)
View
Related Command
Any view
arp timer aging
132 display boot-loader

Command Reference
display boot-loader
Purpose
Use the display boot-loader command to display the information about the
app startup files of a switch, including the current app startup file name, the main
and backup app startup files to be used when the switch starts the next time.
Syntax
display boot-loader [ unit unit-id ]
Parameters
unit unit-id
Example
Display the information about the app startup files of unit 1.
Unit ID of a switch.
[S4200G]display boot-loader unit 1

Unit 1
The current boot app is: S4200G.bin
The main boot app is: S4200G.bin
The backup boot app is: S4200G.bin
View
Any view

Command Reference
display boot-loader
Purpose
Use the display boot-loader command to display the host software (.bin file)
that will be adopted when the switch reboots.
Syntax
display boot-loader
Parameters
None
Example
Display the host software that will be adopted when the switch reboots.
<S4200G>display boot-loader
Unit 1:
The current boot app is: S4200G.bin
The main boot app is: S4200G.bin
The backup boot app is:
Table 6 Description on the fields of the display boot-loader command
View
Field
Description
The current boot app is
Current boot file of the system
The main boot app is
Main boot file of the system
The backup boot app is
Backup boot file of the system
Any view
134 display bootp client

Command Reference
display bootp client

Purpose
Use the display bootp client command to display BOOTP client-related

information, including the MAC address of the BOOTP client and the IP address
obtained.
Syntax
display bootp client [ interface vlan-interface vlan-id ]
Parameters
vlan-id
Example
Display the BOOTP client-related information.
VLAN interface ID.
<S4200G> display bootp client interface vlan-interface 1

Vlan-interface1:
Allocated IP: 169.254.0.2 255.255.0.0
Transaction ID = 0x3d8a7431
Mac Address 00e0-fc0a-c3ef
Table 7 Description on the fields of the display bootp client command
View
Field
Description
Vlan-interface1
VLAN interface 1 is configured to obtain an IP address

through BOOTP.
Allocated IP
IP address allocated to VLAN interface 1
Transaction ID
Value of the XID field in BOOTP packets
Mac Address
MAC address of the BOOTP client
Any view

Command Reference
display brief interface 135
display brief interface

Purpose
Use the display brief interface command to display the configuration

information about one specific or all ports in brief, including the port type,
connection state, connection rate, duplex attribute, link type and default VLAN ID.
Syntax
display brief interface [ interface-type interface-number ] [ | { begin

| include | exclude } string ]
Parameters
interface-type
Port type.
interface-number
Port number.
Uses regular expression to specify the details in the

port configuration information fields, so as to specify
which port information entries will be displayed.
begin
There is a port information field beginning with the

specified character (string).
include
There is a port information field containing the

exclude
There is no port information field containing the

string
A character string from 1 to 256 characters long.
Example
Display the brief configuration information about the Ethernet1/0/3 port.

<S4200G> display brief interface ethernet 1/0/3
Interface
Link
Speed
Duplex
Ethernet1/0/3
DOWN
auto
auto
Link-type PVID
access 1
Table 8 Description on the fields of the display brief interface command
View
Field
Description
Interface
Port type
Link
Link state UP or DOWN
Speed
Link rate
Duplex
Duplex attribute
Link-type
Link type access, hybrid or trunk
PVID
Default VLAN ID
Any view
136 display brief interface
Description

Command Reference
This command functions similarly to the display interface command but

displays the port information in brief.
Currently, for a non-Ethernet port, the system only displays its connection state and
displays "--" in other configuration information fields.
Related Command
display interface

Command Reference
display channel 137
display channel
Purpose
Use the display channel command to display the details about the information
channel.
Syntax
display channel [ channel-number | channel-name ]
Parameters
channel-number
Channel number, ranging from 0 to 9, corresponding

to the 10 channels of the system.
channel-name
Channel name, which can be channel6, channel7,

channel8, channel9, console, logbuffer, loghost,
monitor, snmpagent or trapbuffer.
Example
Display the settings of information channel 0.

<S4200G> display channel 0
channel number:0, channel name:console
MODU_IDNAME ENABLE LOG LEVEL ENABLE TRAP LEVELENABLEDEBUGGING LEVEL
ffff0000all Y
warning Y debuggingYdebugging
View
Description
Any view
Without a parameter, the display channel command shows the configurations of

all the channels.
138 display clock

Command Reference
display clock
Purpose
Use the display clock command to display the current date and time of the system,
so that you can adjust them if they are wrong.
Syntax
display clock
Parameters
None
Example
View the current system date and time.

<S4200G> display clock
18:36:31 beijing Sat 2002/02/02
Time Zone : beijing add 01:00:00
Summer-Time : bj one-off 01:00:00 2003/01/01 01:00:00 2003/08/08
01:00:00
View
Related Commands
Field
Description
18:36:31 beijing Sat

2002/02/02
Current date and time of the system
Time Zone
Configured time zone information
Summer-Time
Configured summer time information
Any view
clock datetime
clock summer-time
clock timezone

Command Reference
display cluster 139
display cluster
Purpose
Use the display cluster command to display the state and basic configuration
information of the cluster that contains the current switch.
Syntax
display cluster
Parameters
None
Example
Display cluster information (assuming that the current switch is a management

device).
<S4200G> display cluster
Cluster name:"123"
Role:Administrator
Management-vlan:1(default vlan)
Handshake timer:10 sec
Handshake hold-time:60 sec
IP-Pool:33.33.33.1/29
cluster-mac:0180-c200-000a
No logging host configured
No SNMP host configured
No FTP server configured
No TFTP server configured
5 member(s) in the cluster, and 0 of them down.
Display cluster information (assuming that the current switch is a member device).
<S4200G> display cluster
Cluster name:"123"
Role:Member
Member number:4
Management-vlan:1(default vlan)
cluster-mac:0180-c200-000a
Handshake timer:10 sec
Handshake hold-time:60 sec
Administrator device mac address:00e0-fc00-1751
Administrator status:Up
Table 9 Description of cluster status and statistics

Field
Description
Cluster name
Name of the cluster
Role
Cluster role of the switch
Member number
Member number of the switch
Handshake timer
Value of handshake timer
Handshake hold-time
Value of handshake hold-time
140 display cluster

Command Reference
Table 9 Description of cluster status and statistics (continued)
View
Field
Description
Administrator device
mac address
MAC address of management device
Administrator status
State of the management device
Description
Any view
When being executed on a member device, this command displays the information
such as cluster name, member number of the current switch, the MAC address and
state of the management device, holdtime, and the interval to send packets.
When being executed on a management device, this command displays the
information such as cluster name, the number of the member devices in the cluster,
cluster state, holdtime and the interval to send packets.
Errors occur if you execute this command on a switch that does not belong to any
cluster.

Command Reference
display cluster base-topology 141
display cluster base-topology

Purpose
Use the display cluster topology command to display the standard topology
view of the cluster.
Syntax
display cluster base-topology [ mac-address mac-address | member-id

member-number ]
Parameters
mac-address
Specifies a node according to a MAC address.
member-number
Specifies the starting member number in the topology

display.
Example
Display the standard topology information of the cluster.

<S4200G> display cluster base-topology
View
Description
Any view
You can create a standard topology view by using the build or auto-build
command or save the current topology view as a standard topology view by using the
topology accept command. This command can be executed only on the
management device.
142 display cluster black-list

Command Reference
display cluster black-list

Purpose
Use the display cluster black-list command to display the current

blacklist of the cluster.
Syntax
Parameters
None
Example
Display the current blacklist of the cluster.

<S4200G Sysname> display cluster black-list
Device ID
Access Device ID
00e0-fc00-0010
00e0-fc00-3550
Access port
Ethernet1/0/1
Table 10 Description on the fields of the display cluster black-list command
View
Field
Description
Device ID
ID of a device
Access Device ID
ID of an access device
Access port
Access port
Description
Any view
You can create a standard topology view by using the build or auto-build
command or save the current topology view as a standard topology view by using the
topology accept command. This command can be executed only on the
management device.

Command Reference
display cluster candidates 143
display cluster candidates

Purpose
Use the display cluster candidates command to display candidate devices

of a cluster.
Syntax
display cluster candidates [ mac-address H-H-H | verbose ]
Parameters
mac-address H-H-H
MAC address of the candidate device.
verbose
Displays the detailed information about the candidate

device.
Example
Display the information about all the candidate devices.

<aaa_0.S4200G> display cluster candidates
MAC
HOP IP
PLATFORM
000f-cbb8-9528 1
31.31.31.56/24
S5126C
00e0-fc00-3199 3
S5150C
Table 11 Description of candidate list information

Field
Description
MAC
MAC address of a candidate device
Hop
Hops from a candidate device to the management device
IP
IP address of a candidate device
Platform
Platform of a candidate device
Display the information about a specified candidate device.

<aaa_0.S4200G> display cluster candidates mac-address 00e0-fc61-c4c0
Hostname : LSW1
MAC
: 00e0-fc61-c4c0
Hop
: 1
Platform : Switch 4200G
IP: 1.5.6.9/16
Display the detailed information about all the candidate devices.

<aaa_0.S4200G> display cluster candidates verbose
Hostname : 5100-EI_4
MAC
: 00e0-fc00-3199
Hop
: 3
Platform : S5100-EI
IP
:
Hostname : S4200G
MAC
: 000f-cbb8-9528
Hop
: 1
Platform : S5100-EI
IP
: 31.31.31.56/24
144 display cluster candidates

Command Reference
Table 12 Description of detailed candidate list information
View
Field
Description
Hostname
Name of the candidate device
MAC
MAC address of a candidate device
Hop
Hops from a candidate device to the management device
IP
IP address of a candidate device
Platform
Platform of a candidate device
Description
Any view
This command can only be performed on the management device.

Command Reference
display cluster current-topology 145
display cluster current-topology

Purpose
Use the display cluster current topology command to display the current
topology view or the topology path between two points.
Syntax
display cluster current-topology [ mac-address mac-address [

to-mac-address mac-address ] | member-id member-number [ to-member-id
member-number ]]
Parameters
member-number
Specifies the starting member number in the topology

display or the member numbers a the starting point
and ending point of a path.
mac-address
Specifies a node according to a MAC address.
Example
Display the current topology information of the cluster.

<123.Sysname> display cluster current-topology
-------------------------------------------------------------------(PeerPort) ConnectFlag (NativePort) [SysName:DeviceMac]
-------------------------------------------------------------------ConnectFlag:
<--> normal connect
---> odd connect
**** in blacklist
???? lost device
++++ new device
-||- STP discarding
-------------------------------------------------------------------[123.abc:00e0-fc50-4200G]
|
|--(P_1/4)<-->(P_1/4)[123.abc1:00e0-fc00-3580]
|
|
|
|--(P_1/8)????(P_1/8)[00e0-fc00-5150]
|
|--(P_1/6)????(P_1/6)[00e0-fc00-5700]
Table 13 Description on the fields of the display cluster current-topology

command
Field
Description
PeerPort
Port of the peer device
ConnectFlag
Connection flag
NativePort
Local port
SysName
System name of the device
normal connect
Normal connection
odd connect
Unidirectional connection
in blacklist
in the blacklist
lost device
Lost device
new device
Newly added device
STP discarding
STP block
146 display cluster current-topology
View
Description

Command Reference
Any view

Command Reference
display cluster members 147
display cluster members

Purpose
Use the display cluster members command to display the information about
cluster members.
Syntax
display cluster members [ member-number | verbose ]
Parameters
member-number
Member number in the cluster, ranging from 0 to 255.
verbose
Displays the detailed information about all the devices

in a cluster.
Example
Display the information about all the devices in the cluster.

<123_0.5100-EI_1> display cluster members
SN
Device
MAC Address
Status Name
0
S5100-EI
00e0-fc00-1751 Admin 123_0.5100-EI_1
2
S5100-EI
00e0-fc00-3199 Up
123_2.5100-EI_4
3
3Com S3528P
00e0-fd00-0043 Up
123_3.QX-S3528P
4
S5100-EI
00e0-fc00-2579 Up
123_4.5100-EI_2
5
S5100-EI
000f-e20f-c415 Up
123_5.5100-EI_5
Table 14 Description of displayed information

Field
Description
SN
Member number
Device
Device type
MAC Address
MAC address of the device
Status
State of a device
Name
Name of a device
Display the detailed information about the management device and all member
devices.
<123_0.5100-EI_1> display cluster members verbose
Member number:0
Name:123_0.5100-EI_1
Device:S5100-EI
MAC Address:00e0-fc00-1751
Member status:Admin
Hops to administrator device:0
IP: 31.31.31.1/24
Version:
3Com Versatile Routing Platform Software
VRP (tm) Software, Version 3.10
Copyright (c) 2002-2005 By 3Com
S5100-EI 5100-EI-001
Member number:2
Name:123_2.5100-EI_4
Device:S5100-EI
MAC Address:00e0-fc00-3199
Member status:Up
Hops to administrator device:3
148 display cluster members

Command Reference
IP: 31.31.31.4/24
Version:
VRP (tm) Software, Version 3.10
Copyright (c) 2002-2005 By 3Com
S5100-EI 5100-EI-001
Description of displayed information
Table 15 Description of detailed displayed information
View
Field
Description
Member number
Device member number
Name
Name of a device
Device
Device type
MAC Address
MAC address of a device
Member status
State of a device
Hops to administrator
device
Hops from the current device to the management device
IP
IP address of a device
Version
Software version of the current device
Description
Any view
This command can only be performed on the management device.

Command Reference
display connection 149
display connection
Purpose
Use the display connection command to view the information for a specified
connection type.
Syntax
display connection [ access-type { dot1x | mac-authentication } |

domain isp-name | interface interface-type interface-number |
ip ip-address | mac mac-address | radius-scheme radius-scheme-name |
vlan vlan-id | ucibindex ucib-index | user-name user-name ]
Parameters
access-type { dot1x |
mac-authentication }
domain isp-name
Specifies the connections to display based on logon

type.
dot1x means the 802.1x users.
mac-authentication means the centralized mac

address authentication users.
Specifies the connections to display according to ISP

domain. isp-name specifies the ISP domain name
with a character string up to 24 characters in length.
The specified ISP domain must exist.
interface-number
Specifies the connections to display according the port.
ip ip-address
Specifies the connections to display according to IP

address. ip-address is in the hexadecimal format
(ip-address).
mac mac-address
Specifies the connections to display according to MAC

address. mac-address is in the hexadecimal format
(H-H-H).
radius-scheme
radius-scheme-name
Specifies the connections to display according to

RADIUS scheme. radius-scheme-name specifies
the RADIUS scheme with a character string up to
32 characters in length.
vlan vlan-id
Specifies the connections to display using the VLAN ID.

vlan-id ranges from 1 to 4094.
ucibindex ucib-index
Specifies the connections to display using the

ucib-index. The ucib-index ranges from 0 to
1047.
user-name user-name

user-name. The user-name is a character string up
to 32 characters in length. The string cannot contain
the following characters:
150 display connection

Command Reference
<
>

Example
Display information about all user connections.

<S4200G>display connection
------------------unit 1-----------------------On Unit 1: Total 0 connections matched, 0 listed.
Total 1 connections matched, 1 listed.
Display information about the user connection with index 0.

[S4200G]dis connection ucibindex 0
Index=0
, Username=user1@system
MAC=000f-3d80-4ce5
, IP=192.168.0.3
Access=8021X ,Auth=CHAP
,Port=Ether ,Port NO=0x10003001
Initial VLAN=1, Authorization VLAN=1
ACL Group=Disable
CAR=Disable
Priority=Disable
Start=2000-04-03 02:51:53 ,Current=2000-04-03 02:52:22
,Online=00h00m29s
On Unit 1:Total 1 connections matched, 1 listed.
Total 1 connections matched, 1 listed.
Here, Port NO=0x10003001 means (by the binary bits):

Table 16 Description of the Port NO field
View
31 to 28
27 to 24
23 to 20
19 to 12
11 to 0
UNIT ID
Slot number
Subslot number
Port number
VLAN ID
Description
Any view
The output can help with user connection diagnosis and troubleshooting.
If no parameter is specified, this command displays the related information about all
connected users.
This command cannot display information about the connections of the FTP users.
Related Command
cut connection

Command Reference
display cpu 151
display cpu
Purpose
Use the display cpu command to display CPU usage of a specified switch.
Syntax
display cpu [ unit unit-id ]
Parameters
unit unit-id:
Example
Display the CPU usage of this switch.
Specify the Unit ID of the switch.
<S4200G>display cpu
Unit 1
Board 0 CPU busy status:
12% in last 5 seconds
12% in last 1 minute
12% in last 5 minutes
Table 17 Display information
View
Field
Description
12% in last 5 seconds
The CPU occupancy rate is 12% at last 5 seconds
12% in last 1 minute
The CPU occupancy rate is 12% at last 1 minute
12% in last 5 minutes
The CPU occupancy rate is 12% at last 5 minutes
Any view
152 display current-configuration

Command Reference
display current-configuration
Purpose
Use the display current-configuration command to display the current

configuration of a switch.
Syntax
display current-configuration [ configuration [ configuration-type ] |

interface [ interface-type ] [ interface-number ] | vlan [ vlan-id ] ]
[ by-linenum ] [ | { begin | include | exclude } regular-expression ]
Parameters
configuration
Displays the specified type of configurations.
configuration-type
Configuration type. You can select one of the

following types:
isp: specifies the configuration of the internet

service provider (ISP)
radius-template: specifies RADIUS template

configuration
system: specifies the system configuration
user-interface: specifies user interface configuration
interface
Displays the port configuration.
interface-type
Interface type, which can be AUX, Ethernet,

GigabitEthernet, or NULL.
interface-number
Port number.
vlan
Displays the VLAN configuration.
vlan-id
VLAN ID.
by-linenum
Displays the number of each line.
Uses a regular expression to filter the configurations of

the device to be displayed.
begin
Displays the configurations starting with the specified

text (regular-expression).
include
Displays the configurations that contain the specified

text (regular-expression).
exclude
Displays the configurations that do not contain the

specified text (regular-expression).
regular-expression
A Regular expression.

Command Reference
Table 18 Special characters used in a regular expression

Special Character Meaning
Use
If the first character of the expression

is not underline, the number of the
underlines is not limited in theory (but
is limited by the length of the command line in practice).
Underline. It is similar to a
wildcard and can
represent the following
characters: (^|$|[,(){}]),
space, start symbol and
end symbol.
If the first character of the expression

is underline, there can be four successive underlines at most at the
beginning of the expression.
If the underlines are not successive,
only the first group of successive
underlines is matched. The
subsequent groups of underlines are
ignored.
(
Left parenthesis. It
represents the in-stack
flag in programs.
It is recommended not to use this

character in regular expression.
Period. It is a wildcard
which matches any
character, including
space.
Asterisk. It means that the zo* can be matched by z and zoo.

preceding sub-expression
can be matched for zero
or multiple times.
Plus sign. It means that

the preceding
sub-expression can be
matched for one or
multiple times.
zo+ can be matched by "zo" and

zoo but not "z".
Display the currently valid configuration parameters on the Ethernet switch.

<S4200G> display current-configuration
#
sysname S4200G
#
radius scheme system
#
domain system
#
vlan 1
#
vlan 2
#
interface Vlan-interface2
#
interface Aux1/0/0
#
#
#
#
154 display current-configuration

Command Reference
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
interface NULL0
#
management-vlan 2
#
user-interface aux 0 7
user-interface vty 0 4
#
return
Display the lines that include 10* in the configuration information. * means that
the zero before it may not appear or appear multiple times continuously.
<S4200G> display current-configuration | include 10*
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
local-server nas-ip 127.0.0.1 key easyKey
vlan 1
ip address 10.1.1.2 255.255.255.0
speed 1000

Command Reference
interface
interface
interface
network
10.1.1.0 0.0.0.255
Display the configuration information starting with user.

<S4200G> display current-configuration | include ^user
user-interface aux 0
View
Description
Any view
This command will not display those configuration parameters that have the same
values with the corresponding default parameters.
After performing a group of configurations, you can use the display
current-configuration command to verify the configuration results by
checking the currently valid parameters in the display output. This command will not
display the parameters whose corresponding functions do not take effect even
though these parameters have been configured.
For example, although you can perform PPP-related configurations on an interface
encapsulated with X.25, the display current-configuration command does
not display the PPP configuration information.
Related Commands
display saved-configuration
reset saved-configuration
save
156 display debugging

Command Reference
display debugging
Purpose
Use the display debugging command to display the enabled debugging on a

specified device.
Syntax
display debugging [ unit unit-id ] [ interface interface-type

interface-number | module-name ]
Parameters
unit-id
interface-type
Specify the Ethernet port type.
interface-num
Specify the Ethernet port number.
module-name
Specify the functional module name.
Example
Show all the enabled debugging.

<S4200G> display debugging unit 1
IP icmp debugging is on
Rip packet debugging switch is on
Rip receive debugging switch is on
Rip send debugging switch is on
View
Any view
Description
Executing this command without any parameter will display all enabled debugging.
Related Command
debugging

Command Reference
display debugging habp 157
display debugging habp

Purpose
Use the display debugging habp command to display the state of HABP
debugging.
Syntax
Parameters
None
Example
To display the state of HABP debugging.

<S4200G> display debugging habp
HABP Debugging switch is on
The information displayed indicates that HABP debugging is enabled.
View
Any view
158 display device

Command Reference
display device
Purpose
Use the display device command to display the information, such as the module
type and operating status, about each board (main board and sub-board) of a
specified switch.
Syntax
display device [ manuinfo [ unit unit-id ] | unit unit-id ]
Parameters
manuinfo
Displays the manufacture information of the specified

switch.
unit unit-id
Specifies the Unit ID of the switch.
Example
Show device information.

<SW4200G>display device
Unit 1
SlotNo SubSNo PortNum PCBVer FPGAVer CPLDVer BootRomVer AddrLM Type
State
0
0
24
REV.A NULL
000
200
IVLMAIN Norma
View
Description
Any view
Displayed information can include slot number, sub-slot number, number of ports,
versions of PCB, FPGA, CPLD and BootROM software, address learning mode,
and interface board type.

Command Reference
display dhcp client 159
display dhcp client

Purpose
Use the display dhcp client command to display the DHCP client-related
information.
Syntax
display dhcp client [ verbose ]
Parameters
verbose
Example
Display the DHCP client information about address allocation.
Displays the detailed the DHCP client information

about address allocation.
<S4200G> display dhcp client verbose

DHCP client statistic information:
Vlan-interface1:
Current machine state: BOUND
Alloced IP: 169.254.0.2 255.255.0.0
Alloced lease: 86400 seconds, T1: 43200 seconds, T2: 75600 seconds
Lease from 2002.09.20 01:05:03
to
2002.09.21 01:05:03
Server IP: 169.254.0.1
Transaction ID = 0x3d8a7431
Default router: 2.2.2.2
DNS server: 1.1.1.1
Domain name: 3Com-3com.com
Client ID: 00e0-fc0a-c3ef
Next timeout will happen after 0 days 11 hours 56 minutes 1 seconds
Table 19 Description on the fields of the display dhcp client command
View
Field
Description
Vlan-interface1
VLAN interface operating as a DHCP client to obtain an

IP address dynamically
Current machine state
The state of the client state machine
Alloced IP
IP address allocated to the DHCP client
lease
Lease period
T1
Renewal timer readout
T2
Rebinding timer readout
Lease from.to.
The starting and end time of the lease period
Server IP
IP address of the DHCP server
Transaction ID
Transaction ID
Default router
Gateway address
Any view
160 display dhcp-security

Command Reference
Purpose
Use the display dhcp-security command to display one or all user address
entries, or a specified type of user address entries in the valid user address table of a
DHCP server group.
Syntax
display dhcp-security [ ip-address | dynamic | static | tracker ]
Parameters
ip-address
IP address. This argument is used to display the user

address entry with the specified IP address.
dynamic
Displays the dynamic user address entries.
static
Displays the static user address entries.
tracker
Displays the interval to update the user address entries

of a DHCP-security table.
Example
Display all user address entries contained in the valid user address table of the DHCP
server group.
<S4200G> display dhcp-security
IP Address
MAC Address
2.2.2.3
0005-5d02-f2b2
3.3.3.3
0005-5d02-f2b3
--2 dhcp-security item(s) found
IP Address Type
Static
Dynamic
---
Table 20 Description on the fields of the display dhcp-security command
View
Field
Description
IP Address
IP address of a user of the DHCP server

group
MAC Address
MAC address of the user of the DHCP

server group
IP Address Type
Type of the user address entry

(static/dynamic)
Any view

Command Reference
display dhcp-server 161
display dhcp-server
Purpose
Use the display dhcp-server command to display information about a specified

DHCP server group.
Syntax
display dhcp-server groupNo
Parameters
groupNo
Example
Display information about DHCP server group 0.
DHCP server group number. Valid values are 0 to 19.
<S4200G> display dhcp-server 0

IP address of DHCP server group 0:
1.1.1.1
2.2.2.2
3.3.3.3
4.4.4.4
5.5.5.5
6.6.6.6
7.7.7.7
8.8.8.8
Messages from this server group: 0
Messages to this server group: 0
Messages from clients to this server group: 0
Messages from this server group to clients: 0
DHCP_OFFER messages: 0
DHCP_ACK messages: 0
DHCP_NAK messages: 0
DHCP_DECLINE messages: 0
DHCP_DISCOVER messages: 0
DHCP_REQUEST messages: 0
DHCP_INFORM messages: 0
DHCP_RELEASE messages: 0
BOOTP_REQUEST messages: 0
BOOTP_REPLY messages: 0
Table 21 Description on the fields of the display dhcp-server command

Field
Description
DHCP server IP addresses of DHCP

server group 0
Messages from this server group
Number of the packets received from

the DHCP server group
Messages to this server group
Number of the packets sent to the

DHCP server group
Messages from clients to this server group
Number of the packets received from

the DHCP clients
Messages from this server group to clients
Number of the packets sent to the

DHCP clients
DHCP_OFFER messages
Number of the received DHCP-OFFER

packets
DHCP_ACK messages
Number of the received DHCP-ACK

packets
162 display dhcp-server

Command Reference
Table 21 Description on the fields of the display dhcp-server command
View
Related Commands
Field
Description
DHCP_NAK messages
Number of the received DHCP-NAK

packets
DHCP_DECLINE messages
Number of the received

DHCP-DECLINE packets
DHCP_DISCOVER messages

DHCP-DISCOVER packets
DHCP_REQUEST messages

DHCP-REQUEST packets
DHCP_INFORM messages
Number of the received DHCP-INFORM

packets
DHCP_RELEASE messages

DHCP-RELEASE packets
BOOTP_REQUEST messages
Number of the BOOTP request packets
BOOTP_REPLY messages
Number of the BOOTP response

packets
Any view
dhcp-server
dhcp-server ip

Command Reference
display dhcp-server interface vlan-interface 163

Purpose
Use the display dhcp-server interface vlan-interface command to

display information about the DHCP server group to which a VLAN interface is
mapped.
Syntax
display dhcp-server interface vlan-interface vlan-id
Parameters
vlan-id
Examples
Display information about the DHCP server group to which VLAN 2 interface is
mapped.
VLAN ID.
<S4200G> display dhcp-server interface vlan-interface 2.

The DHCP server group of this interface is 0.
The above display information indicates the VLAN 2 interface is mapped
to DHCP server group 0.
View
Related Commands
Any view
dhcp-server
display dhcp-server
164 display dhcp-snooping

Command Reference
display dhcp-snooping
Purpose
Use the display dhcp-snooping command to display the user IP-MAC address
mapping entries recorded by the DHCP snooping function.
Syntax
display dhcp-snooping [ unit unit-id ]
Parameters
unit-id
Example
Display the user IP-MAC address mapping entries recorded by the DHCP snooping
function.
ID of a unit in a fabric.
<S4200G> display dhcp-snooping

DHCP-Snooping is enabled.
Type : D--Dynamic , S--Static
Unit ID : 1
Type IP Address
MAC Address
Lease
VLAN Interface
==== =============== =============== ========= ==== =================
--0 dhcp-snooping item(s) of unit 1 found
---
View
Any view

Command Reference
Purpose
Use the display dhcp-snooping command to display the correspondence

between user IP addresses and MAC addresses recorded by the DHCP snooping
function.
Syntax
Parameters
None.
Example
Display the correspondence between user IP addresses and MAC addresses recorded
by the DHCP snooping function..
<S4200G> display dhcp-snooping
DHCP-Snooping is enabled.
The client binding table for all untrusted ports.
Type : D--Dynamic , S--Static
Unit ID : 1
Type IP Address
MAC Address
Lease
VLAN Interface
==== =============== =============== ========= ==== =================
--0 dhcp-snooping item(s) of unit 1 found
---
View
Any view
166 display dhcp-snooping trust

Command Reference
display dhcp-snooping trust

Purpose
Use the display dhcp-snooping trust command to display the

(enabled/disabled) state of the DHCP snooping function and the trusted ports.
Syntax
Parameters
None
Example
Display the state of the DHCP snooping function and the trusted ports.
<S4200G> display dhcp-snooping trust
dhcp-snooping is enabled
dhcp-snooping trust become effective
Interface
Trusted
=================================
Ethernet1/0/1
Trusted
The above display information indicates that the DHCP snooping function is enabled,
and the Ethernet1/0/1 port is a trusted port.
View
Any view

Command Reference

Purpose
Use the display dhcp-snooping trust command to display the

DHCP-Snooping state and information on trusted ports.
Syntax
Parameters
None
Example
Display DHCP-Snooping trust state and information on trusted ports.

<S4200G> display dhcp-snooping trust
dhcp-snooping is enabled
dhcp-snooping trust become effective
Interface
Trusted
=================================
Trusted
The above display indicates that DHCP-Snooping is enabled and that the rust function
is effective with GigabitEthernet1/0/1 being the trusted port.
View
Any view
168 display diagnostic-information

Command Reference
display diagnostic-information
Purpose
Use the display diagnostic-information command to display the system

diagnostic information, or save the system diagnostic information to a file (with a
suffix of "diag") in the flash memory.
Syntax
Parameters
None
Example
Save the system diagnostic information to the default.diag file.

<S4200G> display diagnostic-information
This operation may take a few minutes, continue?[Y/N]y
Diagnostic-information is saved to Flash or displayed(Y=save
N=display)?[Y/N]y
Please input the file name(*.diag)[flash:/default.diag]:
The file is already existing, overwrite it? [Y/N]y
% Output information to file: flash:/default.diag.
Please wait......
View
Any view

Command Reference
display domain 169
display domain
Purpose
Use the display domain command to view the configuration information of a

specified ISP domain or display the summary information of all ISP domains.
Syntax
display domain [ isp-name ]
Parameters
isp-name
Example
To display the configuration information about all ISP domains.
Specifies the ISP domain name with a character string

up to 24 characters in length. The specified ISP domain
must exist.
<S4200G> display domain

0 Domain = system
State = Active
Scheme = LOCAL
Access-limit = Disable
Vlan-assignment-mode = Integer
Domain User Template:
Idle-cut = Disable
Self-service = Disable
Messenger Time = Disable
Default Domain Name: system
Total 1 domain(s).1 listed.
Table 22 Description on the fields of the display domain command
View
Field
Description
Domain
Domain name
State
State
Scheme
AAA scheme
Access-Limit
Limit on the number of access users
Vlan-assignment-mode
VLAN assignment mode
Domain User Template
Domain user template
Idle-Cut
State of the idle-cut function
Self-service
State of the self service
Messenger Time
State of the messenger time service
Any view
170 display domain
Description
Related Commands

Command Reference
This command is used to output the configuration of a specified ISP domain or display
the summary information of all ISP domains. If an ISP domain is specified, the
configuration information (content and format) will be displayed exactly the same as
the displayed information of the display domain command. The output information
can help with ISP domain diagnosis and troubleshooting. Note that the accounting
scheme to be displayed should have been created.
access-limit
domain
radius-scheme
state

Command Reference
display dot1x 171
display dot1x
Purpose
Use the display dot1x command to view the relevant information of 802.1x.
Displayed information includes:
Configuration information
Operation information (session information)
Relevant statistics
Syntax
display dot1x [ sessions | statistics ] [ interface interface-list ]
Parameters
sessions
Displays the session connection information of 802.1x.
statistics
Displays the relevant statistics information of 802.1x.
interface
Displays the 802.1x information about a specific port.
interface-list
Ethernet port list. You can specify multiple Ethernet

ports by providing this argument in the for:
interface-list = { interface-name
[ to interface- name] & < 1-10 >
interface-name is the port index of an Ethernet
port and can be specified in this form:
interface-name = { interface-type
interface-num }
interface-type specifies the type of an Ethernet
port and interface-num identifies the number of the
port. Note that the interface name after the keyword
to must have an interface-num that is greater than or
equal to that of the interface-name before the
keyword to. "&<1-10>" means that up to 10 port
indexes/port index lists can be provided.
Default
By default, all the relevant 802.1x information about each interface will be displayed.
Example
To display 802.1x-related configuration information, enter the following:

<S4200G> display dot1x
Equipment 802.1X protocol is enabled
CHAP authentication is enabled
DHCP-launch is enabled
Proxy trap checker is disabled
Proxy logoff checker is disabled
Configuration: Transmit Period
Quiet Period
Supp Timeout
30 s,
60 s,
30 s,
Handshake Period
15 s
Quiet Period Timer is disabled
Server Timeout
100 s
172 display dot1x

Command Reference
Interval between version requests is 30s
Maximal request times for version information is 3
The maximal retransmitting times
2
Total maximum 802.1x user resource number is 1024
Total current used 802.1x resource number is 1
GigabitEthernet1/0/1 is link-down
802.1X protocol is disabled
Version-Check is disabled
The port is an authenticator
Authentication Mode is Auto
Port Control Type is Mac-based
Max number of on-line users is 256
Authentication Success: 0, Failed: 0
EAPOL Packets: Tx 0, Rx 0
Sent EAP Request/Identity Packets : 0
EAP Request/Challenge Packets: 0
Received EAPOL Start Packets : 0
EAPOL LogOff Packets: 0
EAP Response/Identity Packets : 0
EAP Response/Challenge Packets: 0
Error Packets: 0
Controlled User(s) amount to 0
GigabitEthernet1/0/2 is link-down
Port Control Type is Mac-based
Max number of on-line users is 256
Authentication Success: 0, Failed: 0
EAPOL Packets: Tx 0, Rx 0
Sent EAP Request/Identity Packets : 0
EAP Request/Challenge Packets: 0
Received EAPOL Start Packets : 0
EAPOL LogOff Packets: 0
EAP Response/Identity Packets : 0
EAP Response/Challenge Packets: 0
Error Packets: 0
Controlled User(s) amount to 0
Table 23 Description on the fields of the display dot1x command

Field
Description
Equipment 802.1X protocol is

enabled
802.1x protocol (802.1x for short) is enabled on the switch.
CHAP authentication is enabled CHAP authentication is enabled.

DHCP-launch is enabled
DHCP-triggered.802.1x authentication is disabled.

Command Reference
display dot1x 173
Table 23 Description on the fields of the display dot1x command (continued)

Field
Description
The proxy trap checker is disabled here, which means the switch
does not send Trap packets when it detects that a supplicant
system logs in through a proxy. It can also be configured as
enabled, in which case the switch sends Trap packets when it
detects that a supplicant system logs in through a proxy.
Proxy logoff checker is disabled The proxy logoff checker is disabled here, which means that a
switch does not disconnect a supplicant system when it detects
that the latter logs in through a proxy. It can also be configured
as enabled, in which case the switch disconnects a supplicant
system when it detects that the latter logs in through a proxy.
Transmit Period
Setting of the Transmission period timer (the tx-period)
Handshake Period
Setting of the handshake period timer (the handshake-period)
Quiet Period
Setting of the quiet period timer (the quiet-period)
Quiet Period Timer is disabled
The quiet period timer is disabled here. It can also be configured

as enabled when necessary.
Supp Timeout
Setting of the supplicant timeout timer (supp-timeout)
Server Timeout
Setting of the server-timeout timer (server-timeout)
The maximal retransmitting

times
The maximum number of times that a switch can send

authentication request packets to a supplicant system
Total maximum 802.1x user

resource number
The maximum number of 802.1x users that a switch can

accommodate
Total current used 802.1x

resource number
The number of online supplicant systems
GigabitEthernet1/0/1 is
link-down
GigabitEthernet1/0/1 port is in down state.
802.1x is disabled on the port
The proxy trap checker is disabled here. It can also be configured

as enabled, in which case the switch sends Trap packets when it
detects that a supplicant system logs in through a proxy.
Proxy logoff checker is disabled The proxy logoff checker is disabled here. It can also be
configured as enabled, in which case the switch disconnects a
supplicant system when it detects that the latter logs in through
a proxy.
The client version checking function is disabled here. It can also

be configured as enabled, in which case the switch checks client
version.
The port acts as an authenticator system.
The port access control mode is Auto.
Port Control Type is Mac-based The port access control method is MAC-based. That is,
supplicant systems are authenticated based on their MAC
addresses.
View
Max number of on-line users
The maximum number of online users that the port can

accommodate
Information omitted here
Description
Any view
When the interface-list argument is not provided, this command displays

802.1x-related information on all ports. The output information can be used to verify
802.1 x-related configurations and to troubleshoot.
174 display dot1x
Related Commands

Command Reference
dot1x
dot1x max-user
dot1x port-control
dot1x port-method
dot1x retry
reset dot1x statistics
dot1x timer

Command Reference
display fib 175
display fib
Purpose
Use the display fib command to view the summary of the forwarding information
base.
Syntax
display fib
Parameters
None
Example
To display the summary of the Forwarding Information Base, enter the following:
<S4200G> display fib
Flag:
U:Usable
G:Gateway
H:Host
B:Blackhole D:Dynamic
S:Static
R:Reject
E:Equal cost multi-path
L:Generated by ARP or ESIS
Destination/Mask
Nexthop
Flag TimeStamp
Interface
127.0.0.1/32
127.0.0.1
GHU t[50]
InLoopBack0
127.0.0.0/8
127.0.0.1
U
t[50]
InLoopBack0
Table 24 Description of the output information of the display fib command

Field
Description
Destination/Mask
Destination address/mask length
Nexthop
Forward address of the next hop
Flag
The flag options include:

B indicates this is a blacklist route.
D indicates this is a dynamic route.
E indicates this is an equal-cost route.
G indicates this is a gateway route.
H indicates this is a host route.
S indicates this is a static route.
U indicates this route is up and available.
R indicates this route is rejected and unavailable.
L indicates this route is generated by ARP or ESIS.
Interface
View
Description
Interface
Any view
The information includes: the destination address/mask length, next hop address,
current flag, and forward interface
176 display ftp-server

Command Reference
display ftp-server
Purpose
Use the display ftp-server command to display the FTP server-related settings of a
switch when it operates as an FTP server.
You can use this command to verify FTP server-related configurations.
Syntax
display ftp-server
Parameters
None
Example
Display the FTP server-related settings of the switch (assuming that the switch is
operating as an FTP server).
<S4200G> display ftp-server
FTP server is running
Max user number
1
User count 0
Timeout value (in minute)
30
Table 25 Description on the fields of the display ftp-server command

Field
Description
FTP server is running
The FTP server is started
Max user number
View
The FTP server can accommodate up to one user.
User count 0
The current login user number is 0.
Timeout value ( in minutes )

30
The connection idle time is 30 minutes.
Any view

Command Reference
display ftp-user 177
display ftp-user
Purpose
Use the display ftp-user command to display the settings of the current FTP
user, including the user name, host IP address, port number, connection idle time,
and authorized directory.
Syntax
display ftp-user
Parameters
None
Example
Display FTP user settings.

<S4200G> display ftp-user
UsernameHost IPPortIdleHomedir
S4200G10.110.3.510742flash:/S4200G
View
Any view
178 display garp statistics

Command Reference
display garp statistics

Purpose
Use the display garp statistics command to display the GARP statistics on
specified (or all) ports.
Syntax
display garp statistics [ interface interface-list ]
Parameters
interface-list
Example
Display the GARP statistics on the port GigabitEthernet1/0/1.
Ethernet port list, in the format of interface-list

= { interface-type interface-number [ to
interface-type interface-number ]
}&<1-10>. Where, interface-type is the port type,
interface-number is the port number (refer to the
parameter description of the port part in this
document for the meanings and ranges of the two
parameter), and &<1-10> means you can specify
totally 1 to 10 ports and port ranges.
<S4200G> display garp statistics interface GigabitEthernet1/0/1

GARP statistics on port GigabitEthernet1/0/1
Number Of GMRP Frames Received
: 0
Number Of GVRP Frames Received
: 0
Number Of GMRP Frames Transmitted
: 0
Number Of GVRP Frames Transmitted
: 0
Number Of Frames Discarded
: 0
View
Description
Any view
The displayed information includes:
Number of GMRP packets the port received
Number of GVRP packets the port received
Number of GMRP packets the port received
Number of GVRP packets the port received
Number of packets the port discarded

Command Reference
display garp timer 179
display garp timer

Purpose
Use the display garp timer command to display the values of the GARP timers
on specified or all ports.
Syntax
display garp timer [ interface interface-list ]
Parameters
interface-list
Example
Display the values of GARP timers of the port GigabitEthernet1/0/1.

<S4200G> display garp timer interface GigabitEthernet1/0/1

GARP timers on port GigabitEthernet1/0/1
Garp
Garp
Garp
Garp
View
Related Commands
:
:
:
:
Description
Join Time
Leave Time
LeaveAll Time
Hold Time
Any view
Value of the Join timer
Value of the Leave timer
Value of the LeaveAll timer
Value of the Hold timer
garp timer
garp timer leaveall
20 centiseconds
60 centiseconds
1000 centiseconds
10 centiseconds
180 display gvrp statistics

Command Reference
display gvrp statistics

Purpose
Use the display gvrp statistics command to display the GVRP statistics
about specified (or all) Trunk ports.
Syntax
display gvrp statistics [ interface interface-list ]
Parameters
interface-list
Example
Display the GVRP statistics about the port GigabitEthernet1/0/1.

<S4200G> display gvrp statistics interface ethernet1/0/1

GVRP statistics on port Ethernet1/0/1
GVRP
GVRP
GVRP
GVRP
GVRP
View
Description
Status
: Enabled
Running
: YES
Failed Registrations
: 0
Last Pdu Origin : 0000-0000-0000
Registration Type
: Normal
Any view
GVRP status
Whether GVRP is running
Number of the failed GVRP registrations
The source MAC address of the last GVRP PDU
GVRP registration type of the port

Command Reference
display gvrp status 181
display gvrp status

Purpose
Use the display gvrp status command to display the enable/disable status of
global GVRP.
Syntax
display gvrp status
Parameters
None
Example
Display the enable/disable status of global GVRP.

<S4200G> display gvrp status
GVRP is enabled
The above information indicates GVRP is enabled globally.
View
Any view
182 display habp

Command Reference
display habp
Purpose
Use the display habp command to display HABP configuration and status
information.
Syntax
display habp
Parameters
None
Example
To display HABP configuration and status information, enter the following:

<S4200>system-view
[S4200] display habp
Global HABP information:
HABP Mode: Server
Sending HABP request packets every 20 seconds
Bypass VLAN: 2
Table 26 Description on the fields of the display habp command
View
Field
Description
HABP Mode
Indicates the HABP mode of the switch.

A switch can operate as an HABP server
(displayed as Server) or an HABP client
(displayed as Client).
Sending HABP request packets every 20 seconds
HABP request packets are sent once in

every 20 seconds.
Bypass VLAN
Indicates the ID(s) of the VALN(s) to

which HABP request packets are sent
Any view

Command Reference
display habp table 183
display habp table

Purpose
Use the display habp table command to display the MAC address table
maintained by HABP.
Syntax
display habp table
Parameters
None
Default
body
Example
To display the MAC address table maintained by HABP, enter the following:
[S4200G] display habp table
MAC
Holdtime Receive Port
001f-3c00-0030 53
Table 27 Description on the fields of the display habp table command
View
Field
Description
MAC
MAC addresses listed in the HABP MAC address table.
Holdtime
Hold time of the entries in the HABP MAC address table. An

address will be removed from the table if it has not been updated
during the hold time.
Receive Port
The port from which a MAC address is learned
Any view
184 display habp traffic

Command Reference
display habp traffic

Purpose
Use the display habp traffic command to display statistics on HABP packets.
Syntax
Parameters
None
Example
To display statistics on HABP packets, enter the following:

<S4200G>system-view
[S4200G] display habp traffic
HABP counters :
Packets output: 0, Input: 0
ID error: 0, Type error: 0, Version error: 0
Sent failed: 0
Table 28 Description on the fields of the display habp traffic command
View
Field
Description
Packets output
Number of the HABP packets sent
Input
Number of the HABP packets received
ID error
Number of HABP packets with ID errors
Type error
Number of HABP packets with type errors
Version error
Number of HABP packets with version errors
Sent failed
Number of HABP packets that failed to be sent
Any view

Command Reference
display history-command 185
display history-command
Purpose
Use the display history-command command to display history commands.
Syntax
Parameters
None
Example
Display history commands.

<S4200G> display history-command
sys
quit
display his
View
Related Command
Any view
history-command max-size
186 display icmp statistics

Command Reference
display icmp statistics

Purpose
Use the display icmp statistics command to view the statistics information
about ICMP packets.
Syntax
Parameters
None
Example
To view statistics about ICMP packets, enter the following:

<S4200G> display icmp statistics
Input: bad formats
0
echo
5
source quench 0
echo reply
10
timestamp
0
mask requests 0
time exceeded 0
Output:echo
10
source quench 0
echo reply
5
timestamp
0
mask requests 0
time exceeded 0
bad checksum
destination unreachable
redirects
parameter problem
information request
mask replies
0
0
0
0
0
0
redirects
parameter problem
information reply
0
mask replies
0
0
0
Table 29 Output Description of the display icmp statistics command
View
Field
Description
bad formats
Number of input packets in bad format
bad checksum
Number of input packets with wrong checksum
echo
Number of input/output echo request packets
Number of input/output packets with unreachable destination
source quench
Number of input/output source quench packets
redirects
Number of input/output redirected packets
echo reply
Number of input/output echo reply packets
parameter problem
Number of input/output packets with parameter problem
timestamp
Number of input/output timestamp packets
information request
Number of input information request packets
mask requests
Number of input/output mask request packets
mask replies
Number of input/output mask reply packets
information reply
Number of output information reply packets
time exceeded
Number of time exceeded packets
Any view

Command Reference
Related Commands
display icmp statistics 187
reset ip statistics
188 display igmp-snooping configuration

Command Reference
display igmp-snooping configuration

Purpose
Use the display igmp-snooping configuration command to display the

configuration information about IGMP Snooping.
Syntax
Parameters
None
Example
Display the configuration information about IGMP Snooping on the switch.

<S4200G> display igmp-snooping configuration
Enable IGMP-Snooping.
The router port timeout is 105 second(s).
The max response timeout is 1 second(s).
The host port timeout is 260 second(s).
The above information shows: IGMP Snooping has already been enabled, the aging
time of the router port is 105 seconds, the maximum query response time is one
second, and the aging time of multicast member ports is 260 seconds.
View
Any view
Description
When IGMP Snooping is enabled on the switch, this command displays the following
information: IGMP Snooping status, aging time of the router port, query response
timeout time, and aging time of multicast member ports.
Related Command
igmp-snooping

Command Reference
display igmp-snooping group 189
display igmp-snooping group

Purpose
Use the display igmp-snooping group command to display information about

the IP and MAC multicast groups under one VLAN (with vlan vlan-id) or all
VLANs (without vlan vlan-id).
Syntax
display igmp-snooping group [ vlan vlan-id ]
Parameters
vlan vlan-id
Example
Display information about the multicast groups under VLAN 2.
Specifies a VLAN ID.
<S4200G> display igmp-snooping group vlan 2

***************Multicast group table***************
Vlan(id):2.
Router port(s):GigabitEthernet1/0/1
IP group(s):the following ip group(s) match to one mac group.
IP group address:230.45.45.1
Member port(s):GigabitEthernet1/0/2
MAC group(s):
MAC group address:01-00-5e-2d-2d-01
Member port(s):GigabitEthernet1/0/2
The above information shows:
View
There exist multicast groups under VLAN 2.
GigabitEthernet 1/0/1 is the router port.
The IP multicast group address is 230.45.45.1.
GigabitEthernet 1/0/2 is a member port of the IP multicast group.
The MAC multicast group address is 0100-5e2d-2d01.
GigabitEthernet 1/0/2 is a member port of the MAC multicast group.
Description
Any view
This command displays the following information: VLAN ID, router port, IP multicast
group address, member ports included in IP multicast group, MAC multicast group,
MAC multicast group address, member ports included in MAC multicast group.
190 display igmp-snooping statistics

Command Reference
display igmp-snooping statistics

Purpose
Use the display igmp-snooping statistics command to display the

message statistics about IGMP Snooping.
Syntax
Parameters
None
Example
Display the message statistics about IGMP Snooping.

<4200G> display igmp-snooping statistics
Received IGMP general query packet(s) number:0.
Received IGMP specific query packet(s) number:0.
Received IGMP V1 report packet(s) number:0.
Received IGMP V2 report packet(s) number:0.
Received IGMP leave packet(s) number:0.
Received error IGMP packet(s) number:0.
Sent IGMP specific query packet(s) number:0.
The above information shows that IGMP Snooping has received:
Zero IGMP general query message
Zero IGMP group-specific query message
Zero IGMP V1 report message
Zero IGMP V2 report message
Zero IGMP leave message
Zero IGMP error message
And IGMP Snooping has sent:
View
Zero IGMP group-specific query message
Any view
Description
This command displays the following information: the numbers of the IGMP general
query messages, IGMP group-specific query messages, IGMP V1 report messages,
IGMP V2 report messages, IGMP leave messages and error IGMP messages received,
and the number of the IGMP group-specific query messages sent.
Related Command
igmp-snooping

Command Reference
display info-center 191
display info-center
Purpose
Use the display info-center command to display system log settings and memory
buffer record statistics.
Syntax
display info-center
Parameters
unit-id
Example
Display system log settings.
[ unit unit-id ]
Unit identification
<S4200G> display info-center

Information Center:enabled
Log host:
Console:
channel number:0, channel name:console
Monitor:
channel number:1, channel name:monitor
SNMP Agent:
channel number:5, channel name:snmpagent
Log buffer:
enabled, max buffer size:1024, current buffer size:256
current messages:2, channel number:4, channel name:logbuffer
dropped messages:0, overwrote messages:0
Trap buffer:
enabled, max buffer size:1024, current buffer size:256
current messages:0, channel number:3, channel name:trapbuffer
dropped messages:0, overwrote messages:0
Information timestamp setting:
log - date, trap - date, debug - boot
SWITCH OF Device--Unit>1: LOG = disable; TRAP = disable; DEBUG = enable
Table 30 Description on the fields of the display info-center command

Field
Description
Information Center:
Whether the information center is enabled.
Log host:
Status of the log host, including its IP address, used

channel numbers, channel names, language and level.
Console:
Usage status of the control port, including the channel

number and channel name it uses.
Monitor:
Usage status of the monitor port, including the channel

number and channel name it uses.
SNMP Agent:
Usage status of the network proxy, including the

channel number and channel name it uses.
Log buffer:
Usage status of the log buffer, including whether it is

enabled, the utmost capacity, the current capacity, the
current item number, channel name, channel number,
discarded item number and covered item number.
Trap buffer:
Usage status of the trap buffer, including whether it is

enabled, the utmost capacity, the current capacity, the
current item number, channel name, channel number,
discarded item number and cover item number.
192 display info-center

Command Reference
Table 30 Description on the fields of the display info-center command (continued)
View
Field
Description
Information timestamp setting
Time stamp settings, describing the time stamp types of

log information, trap information and debug
information.
SWITCH OF Device--Unit>1
Device switch status, describing the switch status of log,

trap and debug information.
Description
Related Commands
Any view
If the information in the current log/trap buffer is less than the specified sizeval,
display the actual log/trap information.
info-center enable
info-center logbuffer
info-center console channel
info-center monitor channel

Command Reference
display interface
Purpose
Use the display interface command to view the configuration information on the
selected interface.
Syntax
display interface [ interface-type |

Parameters
interface-type
Specifies the port (interface) type. This can be either

Aux, Ethernet, GigabitEthernet, NULL, Vlan-interface.
interface-number
Specifies the port (interface) number in the format

unit-number/0/port-number.
Valid values for the port number are 1 to 16, 1 to 28,
or 1 to 52, depending on the number of ports you
have on your unit.
You can use the interface_name at this command. This consists of the
interface_type and the interface_number combined as a single parameter. For
example, Ethernet1/0/1.
Example
To display configuration information on Ethernet port 1/0/1, enter the following:

<S4200G>display interface GigabitEthernet 1/0/1
The information displays in the following format:

GigabitEthernet1/0/1 current state : ADMINISTRATIVELY DOWN
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0fc00-5104
Media type is twisted pair, loopback not set
Port hardware type is 1000_BASE_T
1000Mbps-speed mode, full-duplex mode
Link speed type is force link, link duplex type is force link
Flow-control is not enabled
The Maximum Frame Length is 9216
Broadcast-suppression ratio(%): 100%
Unknown Multicast Packet drop: Disable
Unknown Unicast Packet drop: Disable
Allow jumbo frame to pass
PVID: 1
Mdi type: auto
Port link-type: access
Tagged
VLAN ID : none
Untagged VLAN ID : 1
Last 300 seconds input: 0 packets/sec 0 bytes/sec
Last 300 seconds output: 0 packets/sec 0 bytes/sec
Input(total): - packets, - bytes
- broadcasts, - multicasts, - pauses
Input(normal): 0 packets, 0 bytes
0 broadcasts, 0 multicasts, - pauses
Input: 0 input errors, 0 runts, 0 giants, 0 throttles, 0 CRC
194 display interface

Command Reference
0 frame, 0 overruns, 0 aborts, - ignored, - parity errors
Output(total): - packets, - bytes
Output(normal): 0 packets, 0 bytes
0 broadcasts, 0 multicasts, 0 pauses
Output: 0 output errors, - underruns, - buffer failures
0 aborts, 0 deferred, 0 collisions, 0 late collisions
- lost carrier, - no carrier
Output: 0 output errors, - underruns, - buffer failures
- aborts, 0 deferred, 0 collisions, 0 late collisions
View
Description
Any view
Along with others, this interface could be a specific port's interface (for example,
Ethernet1/0/1) or a specific VLAN interface (for example, vlan-interface 1).
Table 31 Output Description of the display interface command
Field
Description
GigabitEthernet1/0/1 current state
Indicates the current state of the Ethernet port (up

or down)
IP Sending frames format
Displays the Ethernet frame format
Hardware address
Displays the port hardware address
The Maximum Transmit Unit
Indicates the maximum transmit unit
Media type
Indicates the type of media
loopback not set
Displays the port loopback test state
Port hardware type
Displays the port hardware type
1000Mbps-speed mode, full-duplex

mode
1000Mbps-speed mode, full-duplex mode
Link speed type is force link, link duplex

type is force link
Link speed type is force link, link duplex type is force

link
Flow control is not enabled
Port flow control state
The Maximum Frame Length
Indicates the maximum length of the Ethernet

frames that can pass through the port
Broadcast MAX ratio
Port broadcast storm suppression ratio
Unknown Multicast Packet drop: Disable
The unknown multicast packet dropping function is

disabled
Unknown Unicast Packet drop: Disable
The unknown multicast packet dropping function is

disabled
Allow jumbo frame to pass
Indicates that jumbo frame are allowed to pass

through the port
PVID
Indicates the port default VLAN ID.
Mdi type
Indicates the cable type
Port link-type
Indicates the port link type

Command Reference
Table 31 Output Description of the display interface command (continued)

Field
Description
Tagged VLAN ID
Indicates the VLANs with packets tagged
Untagged VLAN ID
Indicates the VLANs with packets untagged
Last 300 minutes input rate:

0 packets/sec, 0 bytes/sec
Displays the input/output rate and the number of

packets that were passed on this port in the last
300 seconds
Last 300 minutes output rate:

0 packets/sec, 0 bytes/sec
Input(total): 0 packets, 0 bytes
- broadcasts, - multicasts
The statistics information of input/output packets

and errors on this port. A - indicates that the
item isn't supported by the switch.
Input(normal): 0 packets, 0 bytes

0 broadcasts, 0 multicasts
Input: 0 input errors, 0 runts, 0 giants,
0 throttles, 0 CRC
0 frame, - overruns, - aborts, ignored, - parity errors
Output(total): 0 packets, 0 bytes
Output(normal): 0 packets, 0 bytes
Output: 0 output errors, - underruns, buffer failures
- aborts, 0 deferred, 0 collisions, 0
late collisions
Description
Use the display interface command to display port configuration.
If you specify neither port type nor port number, the command displays
information about all ports.
If you specify only port type, the command displays information about all ports of
this type.
If you specify both port type and port number, the command displays information
about the specified port.
196 display interface VLAN-interface

Command Reference

Purpose
Use the display interface vlan-interface command to display the

information about the management VLAN interface, including the physical and link
status, the format of the sent frames, the MAC address, IP address (and subnet
mask), description string and MTU (maximum transmit unit) of the management
VLAN.
Syntax
display interface vlan-interface [ vlan_id ]
Parameters
vlan_id
Example
To display information about the management VLAN interface (assume that VLAN 1 is
the management VLAN) type the following:
Specifies the ID of the management VLAN interface.
<S4200G> display interface vlan-interface 1

Vlan-interface1 current state : DOWN
Line protocol current state : DOWN
IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is
00e0-fc07-4101
Internet protocol processing : disabled
Description : 3COM, S4200G Series, Vlan-interface1 Interface
The Maximum Transmit Unit is 1500
View
Description
Related Command
Any view
The information displayed about the management VLAN interface includes:
Physical and link status
Format of the sent frames
MAC hardware address
IP address and subnet mask
Description string
Maximum Transmit Unit (MTU)
interface VLAN-interface

Command Reference
display ip host 197
display ip host
Purpose
Use the display ip host command to display all host names and their
corresponding IP addresses.
Syntax
display ip host
Parameters
None.
Example
To display all host names and their corresponding IP addresses, type the following:
<S4200G> display ip host
Host
Age
My
0
Aa
0
Flags
static
static
Address(es)
1.1.1.1
2.2.2.4
Table 32 Description on the fields of the display ip host command
View
Field
Description
Host
Host name
Age
Valid duration of the host address
Flags
Flag
Address(es)
Host IP address
Any view
198 display ip interface vlan-interface

Command Reference

Purpose
Use the display ip interface vlan-interface command to view information on

the specified interface.
Syntax
display ip interface [ brief ] interface-type interface-number
Parameters
brief
Displays the configuration information about the

specified interface in brief.
interface-type
Specifies the interface type. The interface type can be

either Aux, Ethernet, GigabitEthernet, NULL,
Vlan-interface.
interface-number
Specifies the interface number in the format

Specifies the unit number. Valid values are 1 to 8.
Specifies the port number. Valid values are 1 to 28 or 1
to 52, depending on the number of ports you have on
your unit.
Example
Display the information about VLAN 1 interface.

<S4200G> display ip interface vlan-interface 1
Vlan-interface1 current state : DOWN
Line protocol current state : DOWN
Internet Address is 1.1.1.1/8 Primary
Broadcast address : 1.255.255.255
The Maximum Transmit Unit : 1500 bytes
input packets : 0, bytes : 0, multicasts : 0
output packets : 0, bytes : 0, multicasts : 0
TTL invalid packet number:
0
ICMP packet input number:
0
Echo reply:
0
Unreachable:
0
Source quench:
0
Routing redirect:
0
Echo request:
0
Router advert:
0
Router solicit:
0
Time exceed:
0
IP header bad:
0
Timestamp request:
0
Timestamp reply:
0
Information request:
0
Information reply:
0
Netmask request:
0
Netmask reply:
0
Unknown type:
0

Command Reference
View
display ip interface vlan-interface 199
Any view
200 display ip routing-table

Command Reference
Purpose
Use the display ip routing-table command to display the summary information

about the routing table.
Syntax
Parameters
None
Example
Display the summary information about the routing table.

<S4200G> display ip routing-table
Routing Table: public net
Destination/Mask
Protocol
Pre Cost
1.1.1.0/24
DIRECT
0 0
1.1.1.1/32
DIRECT
0 0
127.0.0.0/8
DIRECT
0 0
127.0.0.1/32
DIRECT
0 0
Nexthop
Interface
1.1.1.1
Vlan-interface1
127.0.0.1 InLoopBack0
Table 33 Description of the fields for the display ip routing-table command

Field
Description
Destination/Mask
Destination IP address/Mask length
Protocol
Routing protocol that discovers the route
Pre
Routing preference
Cost
Route cost
Nexthop
Next hop IP address of the route
Interface
Output interface, through which packets destined for the destination

network segment are to be transmitted
Each line in the table represents one route. The displayed information includes
destination address/mask length, protocol, preference, cost, next hop and output
interface.
View
Description
Any view
This command displays the summary information about a routing table, with the
items of a routing entry contained in one line. The information displayed includes
destination IP address/mask length, protocol, preference, cost, next hop and
outbound interface.
The display ip routing-table command only displays the routes currently in use, that is,
the optimal routes

Command Reference
display ip routing-table acl

Purpose
Use the display ip routing-table acl command to display the routes permitted
by the specified basic ACL.
Syntax
display ip routing-table acl acl_number [ verbose ]
Parameters
acl-number
Specifies the number of the basic access control list

(ACL). Valid values are 2000 to 2999.
verbose
Displays the detailed information about the active and

inactive routes filtered by the specified ACL. If you do
not specify this keyword, the summary information
about the active routes filtered by the specified ACL is
displayed.
Example
Display the summary information about the active routes permitted by ACL 2000.
[S4200G-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255
[S4200G-acl-basic-2000] rule deny source any
[S4200G-acl-basic-2000] display ip routing-table acl 2000
Routes matched by access-list 2000:
Summary count: 2
Destination/Mask
Protocol Pre Cost
Nexthop
Interface
10.1.1.0/24
DIRECT
0 0
10.1.1.2
Vlan-interface1
10.1.1.2/32
DIRECT 0 0
127.0.0.1
InLoopBack0
The output information shown above is described in the following table.

Field
Description
Destination/Mask
Protocol
Pre
Routing preference
Cost
Route cost
Nexthop
Interface

Display the detailed information about the active and inactive routes permitted by
ACL 2000.
<S4200G> display ip routing-table acl 2000 verbose
Routes matched by access-list 2000:
+ = Active Route, - = Last Active, # = Both
* = Next hop in use
Summary count: 2
202 display ip routing-table acl

Command Reference
**Destination: 10.1.1.0
Mask: 255.255.255.0
Protocol: #DIRECT
Preference: 0
*NextHop: 10.1.1.2
Interface: 10.1.1.2(Vlan-interface1)
Vlinkindex: 0
State: <Int ActiveU Retain Unicast>
Age: 7:24
Cost: 0/0
Mask: 255.255.255.255
Protocol: #DIRECT
Preference: 0
*NextHop: 127.0.0.1
Interface: 127.0.0.1(InLoopBack0)
Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Gateway Unicast>
Age: 7:24
Cost: 0/0
Table 35
Output description of the ip routing-table acl verbose command
Field
Description
Destination
Destination address
Mask
Mask
Protocol
Preference
Routing preference
Nexthop
Next hop IP address
Interface
Outbound interface, through which the data packets destined for the
destination network segment are to be transmitted
Vlinkindex
Virtual link index
State
Descriptions on the route state are as follows:

ActiveU Valid unicast route. "U" stands for unicast.
Blackhole Blackhole route is the same as reject route except that a
router drops a packet traveling along a blackhole route without
sending ICMP unreachable messages to the source of the packets.
Delete The route is deleted.
Gateway The route is not a direct route.
Hidden The route is a hidden route. For routes that are temporarily
unavailable for some reasons (such as the policy configured or the
interface is down), you can hide them for later use.
Holddown The route is held down. Holddown is a kind of route
advertisement policy used in some D-V (distance vector) routing
protocols (such as RIP) to avoid the propagation of some incorrect
routes and improve the transmission speed of route-unreachable
information. For details, refer to corresponding routing protocols.
Int The route is discovered by the internal gateway protocol (IGP).
NoAdvise The route is not advertised when the router advertises
routes based on policies.
NotInstall The route are not loaded to the core routing table but
can be advertised. Normally, the routes with the highest preference in
the routing table are loaded to the core routing table and are
advertised.
Reject The packets travel along the route will be dropped. Besides,
the router sends ICMP unreachable messages to the source of the
dropped packets. The Reject routes are usually used for network
testing.
Retain The route is not deleted when the routes read from the core
routing table are deleted. You can enable static routes to remain in
the core routing table by configure them to be in retain state.
Static The route is not lost when you perform the save operation
and then restart the router. Routes marked as Static are configured
manually.
Unicast The route is a unicast route.

Command Reference
Table 35
View
Field
Description
Age
The time period during which the route is allowed in the routing
table, in the form of hh:mm:ss.
Cost
Cost of the route
Description
Output description of the ip routing-table acl verbose command
Any view.
This command is used to display the routes that passed the filtering rules in the
specified ACL.
The command only displays routes that passed basic ACL filtering rules.
204 display ip routing-table ip-address

Command Reference

Purpose
Use the display ip routing-table ip-address command to display the

information about the routes leading to the destination.
Syntax
display ip routing-table ip-address [ mask ] [ longer-match ] [ verbose

]
Parameters
ip-address
Specifies the destination IP address, in dotted decimal

notation.
mask
Specifies either the mask of the destination IP address,

which can be in dotted decimal notation or be an
integer ranging from 0 to 32.
longer-match
Displays all the routes leading to the destination

coupled with the default mask.
verbose

inactive routes leading to the destination. If this
keyword is not specified, only the summary
information about the active routes is displayed.
Example
Display the summary information of the corresponding routes with destination

addresses matched within the natural mask range.
<S4200G> display ip routing-table 169.0.0.0
Destination/Mask Protocol Pre Cost Nexthop Interface
169.0.0.0/16
Static 60 0
2.1.1.1 LoopBack1
For the explanations of the displayed information, see Table 36.

Field
Description
Destination/Mask
Protocol
Pre
Routing preference
Cost
Route cost
Nexthop
Interface

Display the summary information the longest matched routes.

<S4200G> display ip routing-table 169.253.0.0
Destination/MaskProtocolPreCost NexthopInterface
169.0.0.0/8Static6002.1.1.1LoopBack1
Display the detailed information of the routes with destination addresses matched
within the natural mask range.

Command Reference
display ip routing-table ip-address 205
<S4200G> display ip routing-table 169.0.0.0 verbose

Routing Tables:
Generate Default: no
+ = Active Route, - = Last Active, # = Both* = Next hop in use
Summary count:2
**Destination: 169.0.0.0Mask: 255.0.0.0
Protocol: #StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
State: <Int ActiveU Static Unicast>
Age: 3:47Cost: 0/0Tag: 0
Protocol: #StaticPreference: 60
*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)
Vlinkindex: 0
Display the detailed information of the longest matched routes.

<S4200G> display ip routing-table 169.253.0.0 verbose
Routing Tables:
Generate Default: no
+ = Active Route, - = Last Active, # = Both* = Next hop in use
Summary count:1
Protocol: #StaticPreference: -60
*NextHop: 2.1.1.1
Vlinkindex: 0
Refer to Table 37 for the description on the output fields.

Table 37 Output Description of the ip routing-table acl verbose command
Field
Description
Destination
Destination address
Mask
Mask
Protocol
Preference
Routing preference
Nexthop
Next hop IP address
Interface
Vlinkindex
Virtual link index
206 display ip routing-table ip-address

Command Reference

Field
Description
State

advertised.
testing.
manually.
View
Age
Cost
Cost of the route
Description
Any view
The output information of this command differs with the arguments/keywords

specified as follows:
For the destination address ip-address, if there are some routes matched within the
natural mask range, all subnet routes will be displayed. Otherwise, only the active
routes which match ip-address longest will be displayed.
display ip routing-table ip-address mask

Command Reference
display ip routing-table ip-address 207
Only the routes that match exactly the specified destination address and mask are
displayed.
display ip routing-table ip-address longer-match
All routes with destination addresses matched within the natural mask range will be
displayed.
If the destination address, ip_address, has a corresponding route in natural mask
range, this command will display all subnet routes or only the route best matching the
destination address, ip_address, is displayed. And only the active matching route is
displayed.
208 display ip routing-table ip-address1 ip-address2

Command Reference
display ip routing-table ip-address1

ip-address2
Purpose
Use the display ip routing-table ip-address1 ip-address2 command to

display the information about the routes with their destinations within the specified
destination IP address range.
Syntax
display ip routing-table ip-address1 mask1 ip-address2 mask2

[ verbose ]
Parameters
Example
ip-address1 ip-address2
Specifies the destination IP addresses in dotted decimal

notation.
ip-address1 and mask1
Together with ip-address2 and mask2 determine an

IP address range. The starting address of the IP address
range is obtained by performing an AND operation
between the ip-address1 and mask1 arguments, and
the end address of the IP address range is obtained by
permorming an AND operation between the
ip-address2 and mask2 arguments.
ip-address2 and mask2
Specifies the IP address masks. These two arguments

can be in dotted decimal notation or two integers
ranging from 0 to 32.
verbose

inactive routes. If you do not specify this keyword, only
the summary information about the active routes is
displayed.
Display the information about the routes with their destinations within the range of
1.1.1.0 to 2.2.2.0.
<S4200G> display ip routing-table 1.1.1.0 24 2.2.2.0 24
Routing tables:
Summary count: 3
Destination/Mask
Protocol
Pre Cost
Nexthop
Interface
1.1.1.0/24
DIRECT
0 0
1.1.1.1
Vlan-interface1
For detailed description of output information, refer to Table 33.

Field
Description
Destination/Mask
Protocol
Pre
Routing preference
Cost
Route cost
Nexthop

Command Reference
display ip routing-table ip-address1 ip-address2 209
View
Field
Description
Interface

Any view
210 display ip routing-table ip-prefix

Command Reference

Purpose
Use the display ip routing-table ip-prefix command to display the

information about the routes matching a specified IP prefix list.
Syntax
display ip routing-table ip-prefix ip-prefix-name [ verbose ]
Parameters
ip-prefix-name
Specifies the name of an ip prefix list, consisting of a

verbose

inactive routes matching a specified IP prefix list. If you
do not specify this keyword, only the summary
information about the active routes matching the IP
prefix list is displayed.
Example
Display the summary information about the active routes matching the IP prefix list
named abc2 (assuming that the IP prefix list permits the routes with their prefix being
10.1.1.0 and the mask length in the range of 24 to 32).
[S4200G] ip ip-prefix abc2 permit 10.1.1.0 24 less-equal 32
[S4200G] display ip routing-table ip-prefix abc2
Routes matched by ip-prefix abc2:
Summary count: 2
Destination/Mask
Protocol Pre Cost
Nexthop
Interface
10.1.1.0/24
DIRECT
0
0
10.1.1.2
Vlan-interface1
10.1.1.2/32
DIRECT
0
0
127.0.0.1
InLoopBack0

Field
Description
Destination/Mask
Protocol
Pre
Routing preference
Cost
Route cost
Nexthop
Interface

Display the detailed information about the active and inactive routes matching the IP
prefix list named abc2.
<S4200G> display ip routing-table ip-prefix abc2 verbose
Routes matched by ip-prefix abc2:
* = Next hop in use

Command Reference
display ip routing-table ip-prefix 211
Summary count: 2
Mask: 255.255.255.0
Protocol: #DIRECT
Preference: 0
*NextHop: 10.1.1.2
Interface: 10.1.1.2(Vlan-interface1)
Vlinkindex: 0
State: <Int ActiveU Retain Unicast>
Age: 3:23:44
Cost: 0/0
Tag: 0
Mask: 255.255.255.255
Protocol: #DIRECT
Preference: 0
*NextHop: 127.0.0.1
Vlinkindex: 0
State: <NoAdvise Int ActiveU Retain Gateway Unicast>
Age: 3:23:44
Cost: 0/0
Tag: 0

Field
Description
Destination
Destination address
Mask
Mask
Protocol
Preference
Routing preference
Nexthop
Next hop IP address
Interface
Vlinkindex
Virtual link index
212 display ip routing-table ip-prefix

Command Reference

Field
Description
State

advertised.
testing.
manually.
View
Age
Cost
Cost of the route
Description
Any view
You can use this command to trace routing policies and display the routes matching a
specified IP prefix list.
If the specified IP prefix list does not exist, the detailed information about all the active
and inactive routes is displayed when you execute this command with the verbose
keyword specified, and only the summary information about all the active routes is
displayed if you execute this command with the verbose keyword not specified.
Without the verbose parameter, this command displays the summary of the active
routes that passed filtering rules.

Command Reference
display ip routing-table protocol 213
display ip routing-table protocol

Purpose
Use the display ip routing-table protocol command to display the information

about specific routes.
Syntax
display ip routing-table protocol protocol [ inactive | verbose ]
Parameters
protocol
Example
Enter one of the following:
direct: Displays the direct connection route

information
static: Displays the static route information.
inactive
Displays inactive route information. If you do not

specify this keyword, the information about both
active and inactive routes is displayed.
verbose
Displays the detailed route information. If you do not

specify this keyword, only the summary route
information is displayed.
To display a summary of all direct connection routes, enter the following:

Display the summary information about all the direct routes.
<S4200G> display ip routing-table protocol direct
DIRECT Routing tables:
Summary count: 4
DIRECT Routing tables status:<active>:
Summary count: 3
Destination/MaskProtocol Pre Cost Nexthop Interface
20.1.1.1/32 DIRECT
0 0 127.0.0.1 InLoopBack0
127.0.0.0/8 DIRECT
127.0.0.1/32 DIRECT
DIRECT Routing tables status:<inactive>:
Summary count: 1
Destination/Mask Protocol
Pre Cost Nexthop Interface
210.0.0.1/32
DIRECT
0
0 127.0.0.1 InLoopBack0
Display the information about the static routs.

<S4200G> display ip routing-table protocol static
STATIC Routing tables:
Summary count: 1
STATIC Routing tables status:<active>:
Summary count: 0
STATIC Routing tables status:<inactive>:
Summary count: 1
Destination/Mask
Protocol
Pre Cost
Nexthop
1.2.3.0/24
STATIC
60 0
1.2.4.5
For detailed description of output information, refer to Table 33.
Interface
Vlan-interface1
214 display ip routing-table protocol

Command Reference
View
Field
Description
Destination/Mask
Protocol
Pre
Routing preference
Cost
Route cost
Nexthop
Interface

Any view

Command Reference
display ip routing-table radix 215
display ip routing-table radix

Purpose
Use the display ip routing-table radix command to view the route information
in a hierarchical (tree) structure.
Syntax
Parameters
None
Example
To display the route information, enter the following:

<S4200G> display ip routing-table radix
Radix tree for INET (2) inodes 2 routes 2:
+--8+--{127.0.0.0
+-32+--{127.0.0.1
Table 42 Output description of the display ip routing-table radix command
View
Field
Description
INET
Address family
Inodes
Number of nodes
Routes
Number of routes
Any view
216 display ip routing-table statistics

Command Reference

Purpose
Use the display ip routing-table statistics command to display the statistics

of a routing table.
Syntax
Parameters
None
Example
Display the statistics information about the routing table.

<S4200G> display ip routing-table statistics
Routing tables:
Proto
route
active
added
DIRECT
2
2
2
STATIC
0
0
0
Total
2
2
2
deleted
0
0
0
Table 43 Output description of the display ip routing-table statistics

command
View
Field
Description
Proto
Routing protocol: O_ASE indicates OSPF_ASE routes, O_NSSA

indicates OSPF NSSA routes, and AGGRE indicates the aggregated
routes.
route
Total number of routes .
active
Number of active routes that are in currently in use.
added
Number of the routes that are added to the routing table after the
switch starts or the routing table is cleared last time.
deleted
Number of the routes with deleted flags (this type of routes will be
freed after a period of time).
Total
Total of different types of routes.
Description
Any view
The statistics information displayed by this command includes:
The total number of routes
The number of the routes added/removed through protocols
The number of the routes with deleted flags
The number of the active/inactive routes

Command Reference
display ip routing-table verbose 217
display ip routing-table verbose

Purpose
Use the display ip routing-table verbose command to display the detailed

information about a routing table.
Syntax
Parameters
None
Example
Display the detailed information about the routing table.

<S4200G> display ip routing-table verbose
Routing Tables:
* = Next hop in use
Destinations: 2
Routes: 2
Holddown: 0
Delete: 0
Hidden: 0
Mask: 255.0.0.0
Protocol: #DIRECT
Preference: 0
*NextHop: 127.0.0.1
State: <NoAdvise Int ActiveU Retain Unicast>
Age: 57:12
Cost: 0/0
Mask: 255.255.255.255
Protocol: #DIRECT
Preference: 0
*NextHop: 127.0.0.1
State: <NotInstall NoAdvise Int ActiveU Retain Gateway Unicast>
Age: 57:12
Cost: 0/0
The statistics of the routing table are displayed first, and then the detailed
descriptions of each route. Other generated information is described in Table 44.
Table 44 Output description of the display ip routing-table verbose command
View
Descriptor
Meaning
Holddown
The number of the routes that are held down.
Delete
The number of deleted routes.
Hidden
The number of hidden routes.
Description
Any view
This command displays the detailed information about the routing table, in the order
of route state, statistics of the routing table, and the information about each route.
You can use this command to display all the routes, including the inactive and invalid
routes
218 display ip socket

Command Reference
display ip socket
Purpose
Use the display ip socket command to display the information about the sockets
in the current system.
Syntax
display ip socket [ socktype sock-type ] [ task-id socket-id ]
Parameters
sock-type
Specifies the type of a socket. The value can be 1, 2,

and 3 corresponding to TCP, UDP, and raw IP
respectively.
task-id
Specifies the ID of a task, with the value ranging from

1 to 100.
socket-id
Specifies the ID of a socket, with the value ranging

from 0 to 3072.
Example
To display the information about the socket of TCP type, enter the following:
<S4200G>display ip socket socktype 1
SOCK_STREAM:
Task = VTYD(18), socketid = 1, Proto = 6,
LA = 0.0.0.0:23, FA = 0.0.0.0:0,
sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,
socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_SENDVPNID
SO_SETKEEPALIVE,
socket state = SS_PRIV SS_ASYNC
LA = 10.153.17.99:23, FA = 10.153.17.56:1161,
socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE,
socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC
LA = 10.153.17.99:23, FA = 10.153.17.82:1121,
socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE,
socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC
Table 45 Output description of the display ip socket command

Field
Description
SOCK_STREAM
The socket type
Task
The ID of a task
socketid
The ID of a socket
Proto
The protocol number used by the socket
sndbuf
The sending buffer size of the socket
rcvbuf
The receiving buffer size of the socket
sb_cc
The current data size in the sending buffer. The value makes sense
only for the socket of TCP type, because only TCP is able to cache
data
rb_cc
The current data size in the receiving buffer

Command Reference
display ip socket 219
Table 45 Output description of the display ip socket command (continued)
View
Field
Description
socket option
The option of the socket
socket state
The state of the socket
Any view
220 display ip statistics

Command Reference
display ip statistics
Purpose
Use the display ip statistics command to view the statistics information about
IP packets.
Syntax
Parameters
None
Example
To view statistics about IP packets, enter the following:

<S4200G>display ip statistics
Input:
sum
7120
bad protocol
0
bad checksum
0
Output: forwarding
0
dropped
0
compress fails 0
Fragment:input
0
dropped
0
fragmented
0
Reassembling:sum
0
local
bad format
bad options
local
no route
112
0
0
27
2
output
couldn't fragment 0
timeouts
0
Table 46 Output Description of the display ip statistics command

Field
Input:
Output:
Fragment:
Reassembling:
Description
sum
Sum of input packets
local
Number of received packets whose destination is

the local device
bad protocol
Number of packets with wrong protocol number
bad format
Number of packets in bad format
bad checksum
Number of packets with wrong checksum
bad options
Number of packets that has wrong options
forwarding
Number of forwarded packets
local
Number of packets that are sent by the local device
dropped
Number of dropped packets during transmission
no route
Number of packets that cannot be routed
compress fails
Number of packets that cannot be compressed
input
Number of input fragments
output
Number of output fragments
dropped
Number of dropped fragments
fragmented
Number of packets that are fragmented
couldn't fragment
Number of packets that cannot be fragmented
sum
Number of packets that are reassembled
timeouts
Number of packets that time out

Command Reference
View
Related Commands
display ip statistics 221
Any view
reset ip statistics
222 display isolate port

Command Reference
display isolate port

Purpose
Use the display isolate port command to display the information about the
Ethernet ports added to an isolation group.
Syntax
Parameters
None
Example
Display the information about the Ethernet ports added to the isolation group.
<S4200G>display isolate port
Isolated port(s) on UNIT 1:
GigabitEthernet1/0/2, GigabitEthernet1/0/3, GigabitEthernet1/0/4
View
Any view

Command Reference
display lacp system-id 223
display lacp system-id

Purpose
Use the display lacp system-id command to view actor system ID, including
system priority and system MAC address.
Syntax
Parameters
None
Example
To display the local system ID.

<S4200G> display lacp system-id
Actor System ID: 0x8000, 00e0-fc00-0100
View
Related Commands
Any view
link-aggregation group mode
224 display link-aggregation interface

Command Reference

Purpose
Use the display link-aggregation interface command to display the link

aggregation details about a specified port or port range.
Syntax
display link-aggregation interface { interface-type interface-number [

to { interface-type interface-number ]
Parameters
interface-type
Specifies the port type. You can specify multiple

sequential ports with the to parameter, instead of
specifying only one port.
interface-name
Specifies the port name
to
Specifies a port range.
Example
Display the link aggregation details on the GigabitEthernet1/0/1 port.

<S4200G> display link-aggregation interface GigabitEthernet1/0/1
GigabitEthernet1/0/1:
Selected AggID: 1
Local:
Port-Priority: 32768, Oper key: 2, Flag: 0x45
Remote:
System ID: 0x8000, 0000-0000-0000
Port Number: 0, Port-Priority: 32768 , Oper-key: 0, Flag: 0x38
Received LACP Packets: 0 packet(s), Illegal: 0 packet(s)
Sent LACP Packets: 0 packet(s)
Table 47 Description on the fields of the display link-aggregation interface

command
Field
Description
Selected AggID
ID of the aggregation group to which

the specified port belongs
Local:
Port priority, operation key and status

flag of the local end
Port-Priority: 32768, Oper key: 1, Flag: 0x00

Remote:
System ID: 0x0, 0000-0000-0000
Device ID, MAC address, port number,

port priority, operation key and status
flag of the remote end
Port Number: 0, Port-Priority: 0, Oper-key: 0,

Flag: 0x00
View
Any view

Command Reference
Description
display link-aggregation interface 225
Use the display link-aggregation interface command to display the link

aggregation details about a specified port or port range, including:
Link aggregation group ID, port priority, operation key and protocol status flag of
the port at the local end,
Device ID, port number, port priority, operation key and protocol status flag at the
remote end, and,
LACP protocol packet statistics
For a manual aggregation group, value 0 is displayed for all the above items of the
remote end (which does not indicate the real information of the remote end), since
information about the remote end cannot be obtained for a manual aggregation
group.
Related Command
226 display link-aggregation summary

Command Reference

Purpose
Use the display link-aggregation summary command to display summary

information of all aggregation groups, including device ID of the local end,
aggregation group ID, aggregation group type, device ID of the remote end, number
of the selected ports, number of the unselected ports, load sharing type and master
port number.
Syntax
Parameters
None
Example
To display summary information of all aggregation information, enter the following:

<S4200G> display link-aggregation summary
Aggregation Group Type:D -- Dynamic, S -- Static , M -- Manual
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Actor ID: 0x8000, 00e0-fc00-5104
AL AL
Partner ID
Select Unselect Share Master
ID Type
Ports Ports
Type Port
------------------------------------------------------------------------------1
S
0x8000,0000-0000-0000 0
1
NonS GigabitEthernet1/0/2
2
M
none
0
1
NonS GigabitEthernet1/0/3
Table 48 Description of the fields of the display link -aggregation summary

command
View
Field
Description
Actor ID
Device ID and MAC address of the local end
AL ID
Aggregation group ID
AL Type
Aggregation group type: D (dynamic), S (static), or M

(manual)
Partner ID
Device ID and MAC address of the remote end
Select Ports
Number of the selected ports
Unselect Ports
Number of the unselected ports
Share Type
Load sharing type: Shar (load-sharing), or NonS

(non-load-sharing)
Master Port
Number of the master port
Any view

Command Reference
display link-aggregation verbose 227

Purpose
Use the display link-aggregation verbose command to display the details about
a specified aggregation group.
Syntax
display link-aggregation verbose [ agg-id ]
Parameters
agg-id
Example
To display detailed information about aggregation group 1, enter the following:
Aggregation group ID, which must be the valid ID of

an existing aggregation group. Valid values are 1 to 50.
<S4200G> display link-aggregation verbose 1

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Flags: A -- LACP_Activity, B -- LACP_timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregation ID: 1, AggregationType: Static,
Loadsharing Type: NonS
Aggregation Description:
System ID: 0x8000, 00e0-fc00-5104
Port Status: S -- Selected, U -- Unselected
Local:
Port
Status Priority Key
Flag
-----------------------------------------------------------------------------GigabitEthernet1/0/2
U
32768
2
{ACG}
U
1
2
{ACG}
Remote:
Actor
Partner Priority Key
SystemID
Flag
-----------------------------------------------------------------------------GigabitEthernet1/0/2
0
32768
0
0x8000,0000-0000-0000 {DEF}
0
32768
0
0x8000,0000-0000-0000 {DEF}
View
Description
Any view
Use the display link-aggregation verbose command to display the details

about a specified aggregation group, including:
Aggregation group ID, aggregation group type, load sharing type, aggregation
group description,
Local end details: device ID, member port, port status, port priority, operation key
and protocol status flag, and
Remote end details: local end port, and corresponding port index, port priority,
operation key, device ID and protocol status flag of the remote end.
For a manual aggregation group, value 0 is displayed for all the above items of the
remote end (which does not indicate the real information of the remote end), since
228 display link-aggregation verbose

Command Reference
information about the remote end cannot be obtained for a manual aggregation
group.

Command Reference
display local-server statistics 229
display local-server statistics

Purpose
Use the display local-server statistics command to view the statistics of all
local RADIUS authentication server.
Syntax
Parameters
None
Example
To display the statistics about local RADIUS authentication server, enter the following:
<S4200G> display local-server statistics
The localserver packet statistics:
Receive:
30
Send:
Discard:
0
Receive Packet Error:
Auth Receive:
10
Auth Send:
Acct Receive:
20
Acct Send:
View
Related Command
Any view
local-server
30
0
10
20
230 display local-user

Command Reference
display local-user
Purpose
Use the display local-user command to view information about all the local
users or the specified one(s).
Syntax
display local-user [ domain isp-name | idle-cut { enable | disable } |

vlan vlanid | service-type { ftp | lan-access | ssh | telnet |
terminal } | state { active | block } | user-name user-name ]
Parameters
domain isp-name
Specifies that all the local users in the specified ISP

domain are displayed.isp-name specifies the ISP
domain name with a character string up to
24 characters in length. The specified ISP domain must
exist.
idle-cut
Displays the local users who are inhibited from

enabling the idle-cut function, or the local users who
are allowed to enable the idle-cut function.
enable displays local users that are allowed.
disable displays local users that are prohibited.
vlan vlan-id
Displays the local users belonging to the specified

VLAN. vlan-id is an integer ranging from 1 to 4094.
service-type
Displays the local users of a specified type. One of the

following user types can be specified:
state
user-name user-name
ftp
lan-access (Ethernet accessing users, 802.1x

application for example)
ssh
telnet
terminal (users who log into the switch through the

Console port)
Displays the local users in the specified state.
active means that the system allows the user

requesting network service
block means the system does not allow the user

requesting network service.


Command Reference
display local-user 231
<
>

Example
Display information about all local users.

<S4200G> display local-user
The contents of local user user1:
State:
Active
Idle-cut:
Disable
Access-limit:
Disable
Bind location: Disable
Vlan ID:
Disable
IP address:
Disable
MAC address:
Disable
ServiceType Mask: None

Current AccessNum: 0
Total 1 local user(s) Matched, 1 listed.

ServiceType Mask Meaning: C--Terminal F--FTP
T-Telnet
L--LanAccess
S--SSH
The following table describes the fields in the display output.

Table 49 Description on the fields of the display local-user command
View
Field
Description
State
State of the local user
ServiceType Mask
Service type mark
Idle-Cut
State of the idle-cut function
Access-Limit
Limit on the number of access users
Current AccessNum
Number of current access users
Bind location
Whether or not bound to a port
Vlan ID
VLAN of the user
IP address
IP address of the user
MAC address
MAC address of the user
Any view
Description
This command displays the relevant information about a specified or all the local
users. The output can help you with the fault diagnosis and troubleshooting related
to local user.
Related Command
local-user
232 display logbuffer

Command Reference
display logbuffer
Purpose
Use the display logbuffer command to display the status of the log buffer and
the records in the log buffer.
Syntax
display logbuffer [ unit unit-id ] [ level severity | size buffersize

]* [ | { begin | exclude | include } regular-expression ]
Parameters
unit-id
Unit identification
level
Specifies an information severity level.
severity
Information severity, ranging from 1 to 8.
Table 50 Severity definitions made on the information center
Example
Severity
Value
Description
emergencies
Emergent errors
alerts
Errors that need to be corrected immediately
critical
Critical errors
errors
Errors that need to be considered but are not critical
warnings
Warnings that prompt possible errors
notifications
Information that needs to be noticed
informational
Normal prompting information
debugging
Debug information
size
Specifies the size of the memory buffer you want to

display.
buffersize
Size of the memory buffer, represented by the number

of messages it holds. It ranges from 1 to 1024 and
defaults to 256.
Filters output configuration information with a regular

expression.
begin
Displays configurations with the specified starting

characters.
exclude
Displays configurations excluding the specified

characters.
include
Displays configurations including the specified

characters.
regular-expression
Regular expression.
Display the status of the log buffer and the records in the log buffer.
screen display
<S4200G> display logbuffer
Logging buffer configuration and contents:enabled
Allowed max buffer size : 1024

Command Reference
display logbuffer 233
Actual buffer size : 512

Channel number : 4 , Channel name : logbuffer
Dropped messages : 0
Overwritten messages : 0
Current messages : 91
View
Any view
234 display logbuffer summary

Command Reference
display logbuffer summary

Purpose
Use the display logbuffer summary command to display the summary of the
log buffer.
Syntax
display logbuffer summary [ level severity ]
Parameters
Level severity
Example
Display the summary of the log buffer.
Specifies an information severity level. Valid values are

1 to 8.
<S4200G> display logbuffer summary

EMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG
0
0
0
0
94
0
1
0
View
Any view

Command Reference
display-loopback-detection 235
display-loopback-detection
Purpose
Use the display loopback-detection command to display the loopback

detection status on the port.
Syntax
display loopback-detection
Parameters
None
Example
Display whether loopback detection function is enabled or not.

<S4200G> display loopback-detection
Port GigabitEthernet1/0/1 loopback-detection is running
System Loopback-detection is running
Detection interval time is 30 seconds
There is no port existing loopback link
Table 51 Explanation of fields involved in loopback detection function
View
Fields
Explanation
Port GigabitEthernet1/0/1
loopback-detection is running.
Loopback detection function for

GigabitEthernet1/0/1 is enabled.
System Loopback-detection is running.
System loopback detection function is enabled.
Detection interval time is 30 seconds.
Detection time interval is set to be 30 seconds.
There is no port existing loopback link.
Currently no port is detected with loopback.
Description
Any view
If loopback detection is enabled, the time interval for loopback detection and the
loopback ports will also be displayed.
236 display mac-address

Command Reference
display mac-address
Purpose
Use the display mac-address command to display MAC address table information.
Syntax
display mac-address [ display-option ]
Parameters
display-option
Option used to display specific MAC address table

information, as described in Table 52.
Table 52 Descriptions for the display-option argument

Value
Description
mac-address [ vlan vlan-id ]
Displays information about a specified MAC

address entry.
{ static | dynamic | blackhole } [ interface

interface-type interface-number ] [
vlan vlan-id ] [ count ]
Displays information about dynamic, static, or

blackhole MAC address entries.
Displays information about the MAC address
interface-number [ vlan vlan-id ] [ count entries concerning a specified port.
]
Example
vlan vlan-id [ count ]
Displays information about the MAC address

entries concerning a specified VLAN.
count
Displays the total number of the MAC address

entries of the switch.
statistics
Displays the statistics on the MAC address

entries.
mac-addr
Specifies the MAC address.
static
Displays static MAC address entries. (A static MAC

address entry does not age.)
dynamic
Displays dynamic MAC address entries. (A dynamic

MAC address entry ages with time.)
blackhole
Displays blackhole MAC address entries. (A blackhole

MAC address entry does not age.)
interface-type
Specifies the port type.
interface-number
Specifies the port number.
vlan-id
Specifies the VLAN ID. Valid values are 1 to 4094.
count
Displays only the total number of MAC address entries.

in the MAC address table if the user enters this
parameter when using this command.
statistics
Displays the statistics on the MAC address entries.
Display the MAC address table information about the MAC address of
00e0-fc01-0101.
<S4200G> display mac-address 00e0-fc01-0101
MAC ADDR
VLAN ID STATEPORT INDEX
AGING TIME(s)
00

Command Reference
display mac-address 237
Table 53 Description of the fields for the display mac-address command
View
Field
Description
MAC ADDR
MAC address
VLAN ID
ID of the VLAN to which the network device identified by the MAC

address belongs
STATE
The state of the MAC address. The value of this field can be "Static",
"Learned", and so on.
PORT INDEX
Port index (including port type and port number)
AGING TIME(s)
Aging time
Description
Related Commands
Any view
Use the display mac-address command to display information about MAC address
entries in a MAC address table, including: MAC address, VLAN and port
corresponding to the MAC address, the type (static or dynamic) of a MAC address
entry, aging time and so on.
mac-address
mac-address timer
238 display mac-address aging-time

Command Reference
display mac-address aging-time

Purpose
Use the display mac-address aging-time command to display the aging time of
the dynamic entry in the MAC address table.
Syntax
Parameters
None
Example
Display the aging time of the dynamic MAC address entries.

<S4200G> display mac-address aging-time
MAC address aging time:300s.
The output information indicates that the aging time of the dynamic MAC address
entries is 300 second.
View
Related Commands
Any view
display mac-address
mac-address
mac-address timer

Command Reference
display mac-address multicast static 239

Purpose
Use the display mac-address multicast static command to display the

multicast MAC address entries manually configured on the switch, with each entry
containing the following information: multicast MAC address, VLAN ID, MAC address
state, port number(s), and aging time of each port.
Syntax
display mac-address multicast static [ count | mac-address vlan vlan-id

| vlan vlan-id ]
Parameters
mac-address vlan vlan-id Multicast MAC address entry in a specified VLAN.
Example
Display all the multicast MAC address entries manually configured in VLAN 1.
<S4200G>display mac-address multicast static vlan 1
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
0100-0000-0001 1 Config static GigabitEthernet1/0/1 NOAGED
000f-e207-f2e0 1 Learned GigabitEthernet1/0/28 AGING
--- 2 mac address(es) found ---
View
Description
Any view
Executing this command with neither mac-address vlan vlan-id nor vlan
vlan-id will display all the multicast MAC address entries added on the switch.
Executing this command with vlan vlan-id but without mac-address will
display all the multicast MAC address entries manually added in the specified
VLAN.
Executing this command with both mac-address and vlan vlan-id will display
the multicast MAC address entry manually added in the specified VLAN with the
specified multicast MAC address.
240 display mac-address security

Command Reference
display mac-address security

Purpose
Use the display mac-address security command to display the information

about Security MAC address.
Syntax
display mac-address security [ interface interface-type

interface-number ] [ vlan ] [ count ]
Parameters
interface-type
interface-number
vlan-id
Specifies the VLAN ID.
count
Displays the number of the Security MAC address.
Example
Display the Security MAC address configuration on GigabitEthernet1/0/1 port.

<S4200G> display mac-address security interface GigabitEthernet1/0/1
MAC ADDR
VLAN ID
STATE
PORT INDEX
AGING
TIME(s)
0001-0001-0001 1
Security
NOAGED
---
View
Description
1 mac address(es) found on port GigabitEthernet1/0/1 ---
Any view

Command Reference
display mac-authentication 241
display mac-authentication
Purpose
Use the display mac-authentication command to display global information

about centralized MAC address authentication
The information shown includes:
The state of centralized MAC address authentication (enabled/disabled)
Timer settings
The number of online users
The MAC addresses in quiet period
MAC authentication information about each port
Syntax
display mac-authentication [ interface interface-list ]
Parameters
interface-list
Example
To display the global information about centralized MAC address authentication,

Specifies the list of Ethernet ports. You can specify

multiple Ethernet ports by providing this argument in
the form of interface-list = { interface-type
interface-number [ to interface-type interface-number
] } where <110 means that you can provide up to 10
port indexes/port index lists for this argument.
<S4200G> display mac-authentication

mac address authentication is Enabled.
authentication mode is UsernameAsMacAddress
Fixed username:mac
Fixed password:not configured
offline detect period is 300s
quiet period is 1 minute(s).
server response timeout value is 100s
max allowed user number is 1024
current user number amounts to 0
current domain: not configured, use default domain
Silent Mac User info:
MAC ADDR
From Port
Port Index
GigabitEthernet1/0/1 is link-up
MAC address authentication is Enabled
Authenticate success: 0, failed: 0
Current online user number is 1
MAC ADDR
Authenticate state
AuthIndex
000d-88f8-4e71
MAC_AUTHENTICATOR_SUCCESS
0
242 display mac-authentication

Command Reference
Table 54 Description on the fields of the display mac-authentication command
View
Field
Description
mac address authentication is

Enabled
Centralized MAC address authentication is enabled.
authentication mode
Centralized MAC address authentication mode. The default

is the MAC address mode.
the Fixed username
User name used in the fixed mode, which defaults to mac.
the Fixed password
Password used in the fixed mode, which is not configured by

default.
offline detect period
Setting of the offline detect timer, which sets the time

interval to check whether a user goes offline and defaults to
300 seconds.
quiet period
Setting of the quiet timer, which sets the quiet period. A

switch goes through a quiet period if a user fails to pass the
MAC address authentication. The default value is 1 minute.
server response timeout value
Setting of the server timeout timer, which sets the timeout

time for the connection between a switch and the RADIUS
server. By default, it is 100 seconds.
max allowed user number
The maximum number of users supported by the switch. It is

1,024 by default.
current user number amounts to
The current number of users
current domain
The current domain. It is not configured by default.
Silent Mac User info
The information about the silent user. When the user fails to
pass MAC address authentication because of inputting error
user name and password, the switch sets the user to be in
quiet state. During quiet period, the switch does not
authenticate this user.
The link connected to GigabitEthernet1/0/1 port is up.
MAC address authentication is

Enabled
MAC address authentication is enabled for

GigabitEthernet1/0/1 port.
Authenticate success: 0, failed: 0
Statistics of the MAC address authentications performed on

the port, including the numbers of successful and failed
authentication operations.
Current online user number
The number of the users current access the network through

the port
Authenticate state
The state of the users accessing the network through the

port, which can be:
CONNECTING: Connecting
SUCCESS: Authentication passed
FAILURE: Fail to pass authentication
LOGOFF: Offline
MAC ADDR
Peer MAC address
Authenticate state
State of the current MAC address authentication
AuthIndex
Index of the current MAC address with regard to the

authentication port
Any view

Command Reference
display memory 243
display memory
Purpose
Use the display memory command to display the memory usage of a specified
switch.
Syntax
display memory [ unit unit-id ]
Parameters
unit-id
Example
Display the memory usage of this switch.
Specifies the unit ID.
<S4200G>display memory
Unit 1
System Available Memory(bytes): 37238784
System Used Memory(bytes): 8201352
Used Rate: 22%
The displayed information is defined in Table 55.

Table 55 Memory status
View
Field
Description
System Available Memory(bytes)
Available memory size of the system, in unit of bytes.
System Used Memory(bytes)
Used memory size of the system, in unit of bytes.
Used Rate
Percentage of the used memory.
Any view
244 display mirroring-group

Command Reference
display mirroring-group
Purpose
Use the display mirroring-group command to display the parameter settings

of a port mirroring group.
Syntax
display mirroring-group { group-id | all | local | remote-destination |

remote-source }
Parameters
group-id
The group number of a port mirroring group. Valid

values are 1 to 20.
local
Signifies that the specified mirroring group is a local

port mirroring group.
remote-destination
Signifies that the specified mirroring group is the

destination group for remote mirroring.
remote-source
Signifies that the specified mirroring group is the

source group for remote mirroring.
all
All mirroring groups.
Example
Display the parameter settings of the port mirroring group.

<S4200G> display mirroring-group all
mirroring-group 2:
type: local
status: active
mirroring
port:
GigabitEthernet1/0/20 both
mirroring mac:
mirroring vlan:
monitor port: GigabitEthernet1/0/22
View
Description
Any view
Local mirroring group information includes:
Group number
Group type: local
Group status
Information of the monitored port
Information of the monitored MAC address
Information of the monitored VLAN
Information of the monitoring port
Information displayed on the destination mirroring group of remote mirroring

includes:
Group number
Group type: remote-destination

Command Reference
display mirroring-group 245
Group status
Information of the destination port
Remote-probe vlan information
Information displayed on the source mirroring group of remote mirroring includes:
Group number
Group type: remote-source
Group status
Information of the source port
Information of the monitored MAC address
Information of the monitored VLAN
Information of the reflector port
Remote-probe vlan information
246 display ndp

Command Reference
display ndp
Purpose
Use the display ndp command to display global NDP configuration information,
including the interval to send NDP packets, the holdtime of NDP information, and the
information about the neighbors of all the ports.
Syntax
display ndp [ interface port-list ]
Parameters
interface port-list
Example
Display NDP configuration information.
Specifies a list of ports. The list can contain consecutive

or separated ports, or the combination of the both.
You need to provide the port-list argument in the form
of { interface-type interface-number | interface-name }
[ to { interface-type interface-number | interface-name
} ] } &<1-10>, where interface-type specifies the port
type, and interface-number specifies the port number
(in the form of slot number/port number).
<S4200G> display ndp

Neighbor Discovery Protocol is enabled.
Neighbor Discovery Protocol Ver: 1, Hello Timer: 60(s), Aging Timer:
180(s)
Interface: GigabitEthernet1/0/1
Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0
Neighbor 1: Aging Time: 122(s)
MAC Address : 00e0-fc00-2579
Port Name
: GigabitEthernet1/0/4
Software Ver: V200R001B01D015
Device Name : S5126C
Port Duplex : AUTO
Product Ver : 5100-EI-001
MAC Address : 00e0-fc00-3133
Port Name

Command Reference
display ndp 247

Device Name : S5126C
Port Duplex : AUTO
MAC Address : 000f-cbb8-9528
Port Name
Device Name : Switch 4200G 24-Port
Port Duplex : AUTO
Table 56 Description on the fields of the display ndp command

Field
Description
Neighbor Discovery
Protocol is enabled
The system NDP is enabled globally on the switch.
Neighbor Discovery
Protocol Ver: 1
The NDP version 1 is running.
Hello Timer:
The interval to send NDP packets is 60 seconds.
Aging Timer:
The holdtime of the NDP information sent by the local switch is 180
seconds.
Interface:
Port number that specifies a port.
Status: Enabled
NDP is enabled on the port.
Pkts Snd:
Number of NDP packets transmitted from a port.
Pkts Rvd:
Number of NDP packets received by a port.
Pkts Err:
Number of error NDP packets received by a port.
Neighbor 1: Aging
Time:
The holdtime of the NDP information received from the neighbors

connected to the port.
MAC Address
MAC address of a neighbor device.
Port Name
Port name of a neighbor device.
248 display ndp

Command Reference
Table 56 Description on the fields of the display ndp command (continued)
View
Field
Description
Software Ver
Software version of a neighbor device.
Device Name
Device name of a neighbor device.
Port Duplex
Port duplex mode of a neighbor device.
Product Ver
Product version of a neighbor device.
Any view

Command Reference
display ntdp 249
display ntdp
Purpose
Use the display ntdp command to display the global NTDP information. The
information includes the range (in hop count) within which topology information is
collected, the interval to collect topology information (the NTDP timer), the delay time
for a device to forward topology-collection requests, the delay time for a
topology-collection request to be forwarded through a port, and the time cost during
the last topology collection.
Syntax
display ntdp
Parameters
None
Example
Display the global NTDP information.

<S4200G>display ntdp
NTDP is running.
Hops
: 3
Timer
: 1 min (disable)
Hop Delay : 200 ms
Port Delay: 20 ms
Last collection total time: 3473ms
Table 57 Description of global NTDP configuration information

Field
Description
NTDP is running.
The global NTDP is enabled on the local device.
Hops
Hops for topology collection.
Timer
Interval of periodic topology collection.
Hop Delay
Delay that the device forwards topology collection request.
Port Delay
Delay that the port forwards topology collection request.
Last collection total time Time taken by last collection.
View
Any view
250 display ntdp device-list

Command Reference
display ntdp device-list

Purpose
Use the display ntdp device-list command to display the device information
collected through NTDP.
Syntax
display ntdp device-list [ verbose ]
Parameters
verbose
Example
Display the device list collected through NTDP.
Displays the detailed information about the device.
<S4200G> display ntdp device-list

MAC
HOP IP
00e0-fc00-3133 2
000f-e20f-c415 2
31.31.31.5/24
00e0-fc00-2579 1
00e0-fc00-1751 0
31.31.31.1/24
00e0-fd00-0043 2
00e0-fc00-3199 3
PLATFORM
S5100-EI
S5100-EI
S5100-EI
S5100-EI
3Com S3528P
S5100-EI
Table 58 Description of device list information collected through NTD
View
Field
Description
MAC
HOP
Hops to the collecting device
PLATFORM
Platform information about device
IP
IP address and mask length of the management VLAN interface on

the device
Any view

Command Reference
display ntdp single-device mac-address 251
display ntdp single-device mac-address

Purpose
Use the display ntdp single-device mac-address h-h-h command to

display the information about a specific device in detail.
Syntax
display ntdp single-device mac-address h-h-h
Parameters
h-h-h
Example
Display the information about the switch whose MAC address is 00e0-fc00-5111 in
detail.
MAC address of the device to be displayed.
[aaa_0.42-4]dis ntdp single-device mac-address 00e0-fc00-5111

Hostname : aaa_1.42-com2
MAC
: 00e0-fc00-5111
Hop
: 1
Platform : Switch 4200G
IP
: 16.168.1.2/24
Version
:
VRP (R) Software, Version V3.01.00s168c03
Copyright (c) Reserved.
4200G 24-Port 4200G
Cluster
: Member switch of cluster aaa , Administrator MAC:
00e0-fc00-5175
Stack
: Independent switch
Peer MAC
Duplex
00e0-fc00-5175
FULL
00e0-fc00-5175
FULL
Peer Port ID
Native Port ID
Speed
TenGigabitEthernet1/2/1 TenGigabitEthernet1/1/1 10000

1000
Table 59 Description on the fields of the display ntdp single-device command

Field
Description
Hostname
System name of the device
MAC
Hop
Number of hops away from the collector
Platform
Platform information of the device
IP
IP address and mask length of VLAN 1 interface on the device
Version
Version information
Cluster
Cluster information
Administrator MAC
MAC address of the master switch
Stack
Stack information
Peer MAC
MAC address of the neighboring devices
Peer Port ID
ID of the neighboring device port to which the device is connected
Native Port ID
ID of the local port used to connect to the neighboring device
252 display ntdp single-device mac-address

Command Reference
Table 59 Description on the fields of the display ntdp single-device command
View
Field
Description
Speed
Speed of the local port used to connect to the neighboring device
Duplex
Operation state of the local port used to connect to the neighboring
Cluster view

Command Reference
display ntp-service sessions 253
display ntp-service sessions

Purpose
Use the display ntp-service sessions command to display the status of all the
sessions maintained by NTP (Network Time Protocol) service provided by the local
equipment.
Syntax
display ntp-service sessions [ verbose ]
Parameters
verbose
Default
By default, the status of all the sessions maintained by NTP service provided by the
local equipment will be displayed.
Example
Display the status of all the sessions maintained by NTP service.
Displays detailed information about the NTP sessions.
<S4200G> display ntp-service sessions

source reference
stra reach pollnowoffsetdelay disper
********************************************************************
[12345]1.1.1.1LOCAL(0)3 377
512 178 0.040.1 22.8
note: 1 source(master),2 source(peer),3 selected,4 candidate,5
configured
Description
The following table describes the outputs.

Table 60 Description on the fields of the display ntp-service sessions command
View
Field
Description
source
IP address of the synchronization source (device to be synchronized)
reference
Reference clock ID of the synchronization source
stra
Stratum of the clock of the synchronization source
reach
Indicates whether or not the synchronization source is reachable.
poll
Polling interval in seconds, that is, the maximum interval between two
successive messages
now
The time elapsed since the latest NTP packet is sent
offset
Clock offset
delay
Network delay
disper
The maximum offset of the local clock with regard to the reference clock
Description
Any view
When you configure this command without the verbose parameter, the Switch will
only display brief information about all the sessions it maintains.
254 display ntp-service sessions

Command Reference
With the verbose parameter configured, the Switch will display detailed information
about all the sessions it maintains.

Command Reference
display ntp-service status 255
display ntp-service status

Purpose
Use the command display ntp-service status to display the NTP service status.
Syntax
Parameters
None
Example
Display NTP service status:

<S4200G> display ntp-service status
Clock status: unsynchronized
Clock stratum: 16
Reference clock ID: none
Nominal frequency: 100.0000 Hz
Actual frequency: 100.0000 Hz
Clock precision: 2^17
Clock offset: 0.0000 ms
View
Description
Any view.
The following table describes the outputs:

Table 61 NTP service status information
Output
Meaning
clock status:unsynchronized
Local clock status: do not synchronize to any remote NTP

server.
clock stratum: 16
Indicates the NTP stratum of local clock
reference clock ID
Address of the remote server or the ID of the reference

clock after the local system is synchronized to a remote NTP
server or a reference clock
nominal frequency
Nominal frequency of the local system hardware clock.
actual frequency
Actual frequency of the local system hardware clock.
clock precision
Precision of local system clock
clock offset
Offsets of the local clock to the NTP server clock.
root delay
Roundtrip delay between the local system and the server

that serves as the primary reference clock
root dispersion
The maximum dispersion of the local clock with regard to

the primary reference clock
peer dispersion
The maximum dispersion of the remote NTP server
reference time
Reference timestamp.
256 display ntp-service trace

Command Reference
display ntp-service trace

Purpose
Use the display ntp-service trace command to display the brief information of
each NTP time server along the time synchronization chain from the local device to
the reference clock source.
Syntax
Parameters
None
Example
Display the brief information of each NTP time server

<S4200G> display
server4: stratum
server3: stratum
server2: stratum
server1: stratum
'GPS Receiver'
ntp-service trace
4, offset 0.0019529,
3, offset 0.0124263,
2, offset 0.0019298,
1, offset 0.0019298,
synch
synch
synch
synch
distance
distance
distance
distance
0.144135
0.115784
0.011993
0.011993 refid
The above information displays the time synchronization chain of

server4: serve4 is synchronized to server3, server3 is synchronized to
server2, server2 is synchronized to server1, and server1 is
synchronized to the reference clock source GPS Receiver.
View
Any view

Command Reference
display packet-filter 257
display packet-filter
Purpose
Use the display packet-filter command to view the application information of

packet filtering, including the ACL name, rule names, and application status.
Syntax
display packet-filter { interface interface-type interface-num | unitid

unit-id }
Parameters
interface-type
interface-num }
unit-id
Example
Port of the switch.

Unit ID, used to specify to display the information of a
specific unit.
Display the application information of packet filtering on Unit 1.

<S4200G> display packet-filter unitid 1
View
Any view
258 display port

Command Reference
display port
Purpose
Use the display port command to display all current ports with their type indicated.
Syntax
display port { hybrid | trunk | combo | vlan-vpn }
Parameters
hybrid
Displays the current hybrid ports.
trunk
Displays the current trunked ports.
combo
Displays the current combo ports.
vlan-vpn
Displays all ports that have VLAN VPN enabled.
Example
To display the currently configured hybrid ports, enter the following:

<S4200G>display port hybrid
The following hybrid ports exist:
Ethernet1/0/2
The example above indicates that the current configuration has two hybrid ports,
Ethernet1/0/1 and Ethernet1/0/2.
View
Any view

Command Reference
display port-security 259
display port-security
Purpose
Use the display port-security command to display the information about

port security configuration (including global configuration and all or specific port
configuration).
Syntax
display port-security [ interface interface-list ]
Parameters
interface interface-list Specifies an Ethernet port list, which can contain
multiple Ethernet ports. The interface-list

argument is in the format of { interface-type
interface-number [ to interface-type
interface-number ] } & < 1-10 >, where
interface-type represents a port type,
interface-number represents a port number, and
& < 1-10 > means you can specify up to 10 ports or
port ranges.
Example
Display the security configuration on GigabitEthernet1/0/1 port.

<S4200G> display port-security interface GigabitEthernet1/0/1
Equipment port-security is enabled
AddressLearn trap is Enabled
Intrusion trap is Enabled
Dot1x logon trap is Enabled
Dot1x logoff trap is Enabled
Dot1x logfailure trap is Enabled
RALM logon trap is Enabled
RALM logoff trap is Enabled
RALM logfailure trap is Enabled
Vlan id assigned is NULL
Disableport Timeout: 20 s
OUI value:
Port mode is Userlogin
NeedtoKnow mode is disabled
Intrusion mode is disableportTemporarily
max mac-address num is not configured
Stored mac-address num is 0
260 display port-security

Command Reference
Table 62 Description of the output displayed above
View
Field
Description
Equipment port security is enabled
The port security function is enabled on the switch.
addressLearn trap is Enabled
Enable the sending of address-learning trap information.
Intrusion trap is Enabled
Enable the sending of intrusion-detection trap information.
Dot1x logon trap is Enabled
Enable the sending of 802.1x user logon (authentication

success) trap information.
Dot1x logoff trap is Enabled
Enable the sending of 802.1x user logoff trap information.
Dot1x logfailure trap is Enabled
Enable the sending of 802.1x user authentication failure trap

information.
RALM logon trap is Enabled
Enable the sending of RALM logon trap information.
RALM logoff trap is Enabled
Enable the sending of RALM logoff trap information.
RALM logfailure trap is Enabled
Enable the sending of RALM logfailure trap information.
Vlan id assigned is NULL
The delivered VLAN ID is Null.
Disableport Timeout: 20 s
The temporary port-disabling time is 20 seconds.
OUI value
The OUI value
The link state of port GigabitEthernet 1/0/1 is link-up.
Port mode is Userlogin
The security mode of the port is Userlogin.
NeedtoKnow mode is disabled
The NTK mode is disabled.
Intrusion mode is
disableportTemporarily
The intrusion detection mode is disableportTemporarily.
Max mac-address num is not

configured
The maximum number of MAC addresses allowed to access

the port is not configured here.
Stored mac-address num is 0
The number of current users is zero.
Description
Any view
Use the display port-security command to display the information about

port security configuration (including global configuration and all or specific port
configuration).
CAUTION:
This command will display global and all ports' security configuration information
if the interface-list argument is not specified.
This command will display global and particular port's security configuration
information if the interface-list argument is specified.

Command Reference
display port vlan-vpn 261
display port vlan-vpn

Purpose
Use the display port vlan-vpn command to display the information about the
VLAN VPN configuration of the current system, including current TPID value,
VLAN-VPN ports, and VLAN-VPN uplink ports.
Syntax
Parameters
None
Example
Display the VLAN-VPN configuration of the system.

<S4200G> display port vlan-vpn
VLAN-VPN TPID: 8100
VLAN-VPN status: enabled
VLAN-VPN VLAN: 1
VLAN-VPN VLAN: 1
VLAN-VPN VLAN: 1
(Omitted)
View
Any view
262 display protocol-priority

Command Reference
display protocol-priority
Purpose
Use the display protocol-priority command to display the priority of

protocol packets.
Syntax
Parameters
None
Example
To display the priority of protocol packets, enter the following:

<S4200G> display protocol-priority
View
Any view

Command Reference
display qos cos-drop-precedence-map 263
display qos cos-drop-precedence-map

Purpose
Use the display qos cos-drop-precedence-map command to display the

"COS->Drop-precedence" mapping relationship.
Syntax
Parameters
None
Example
To display the "COS->Drop-precedence" mapping relationship, enter the following:

<S4200G> display qos cos-drop-precedence-map
cos-drop-precedence-map:
cos :
0
1
2
3
4
5
6
7
------------------------------------------------------------------drop-precedence :
2
2
1
1
1
1
0
0
View
Any view
264 display qos cos-dscp-map

Command Reference
display qos cos-dscp-map

Purpose
Use the display qos cos-dscp-map command to display the "COS->DSCP"

mapping relationship.
Syntax
Parameters
None
Example
To display the "COS->DSCP" mapping relationship, enter the following:

<S4200G> display qos cos-dscp-map:
cos :
0
1
2
3
4
5
6
7
------------------------------------------------------------------dscp :
16
0
8
24
32
40
48
56
View
Any view

Command Reference
display qos cos-local-precedence-map 265
display qos cos-local-precedence-map

Purpose
Use the display qos cos-local-precedence-map command to view the

COS>Local-precedence map.
Syntax
Parameters
None
Example
To display COS and Local-precedence map, enter the following:

<S4200G> display qos cos-local-precedence-map
cos-local-precedence-map:
802.1p & local precedence : 0
1
2
3
4
5
6
-------------------------------------------------------------------queue: 2
0
1
3
4
5
6
7
View
Any view
266 display qos dscp-cos-map

Command Reference
display qos dscp-cos-map

Purpose
Use the display qos dscp-cos-map command to display the "DSCP->802.1

priority" mapping relationship.
Syntax
Parameters
None
Example
To display the "DSCP->801.1p priority" mapping relationship, enter the following:

<S4200G> display qos dscp-cos-map
dscp-cos-map:
dscp :
cos
---------------------------------------------0 :
1
1 :
1
2 :
1
3 :
1
4 :
1
5 :
1
6 :
1
7 :
1
8 :
2
9 :
2
10 :
2
11 :
2
12 :
2
13 :
2
14 :
2
15 :
2
16 :
0
17 :
0
18 :
0
19 :
0
20 :
0
---- More ----
View
Any view

Command Reference
display qos dscp-drop-precedence-map 267
display qos dscp-drop-precedence-map

Purpose
Use the display qos dscp-drop-precedence-map command to display the

"DSCP->Drop-precedence" mapping relationship.
Syntax
Parameters
None
Example
Display the "DSCP->Drop-precedence" mapping relationship.

<S4200G> display qos dscp-drop-precedence-map
dscp-drop-precedence-map
dscp : drop-precedence
---------------------------------------------0 :
1
1 :
1
2 :
1
3 :
1
4 :
1
5 :
1
6 :
1
7 :
1
8 :
1
9 :
1
10 :
1
11 :
1
12 :
1
13 :
1
14 :
1
15 :
1
16 :
1
17 :
1
18 :
1
19 :
1
20 :
1
---- More ----
View
Any view
268 display qos dscp-dscp-map

Command Reference
display qos dscp-dscp-map

Purpose
Use the display qos dscp-cos-map command to display the "DSCP->DSCP"

Syntax
Parameters
None
Example
To display the "DSCP->DSCP" mapping relationship, enter the following:

<S4200G> display qos dscp-dscp-map
dscp-dscp-map
dscp :
dscp
---------------------------------------------0 :
0
1 :
1
2 :
2
3 :
3
4 :
4
5 :
5
6 :
6
7 :
7
8 :
8
9 :
9
10 :
10
11 :
11
12 :
12
13 :
13
14 :
14
15 :
15
16 :
16
17 :
17
18 :
18
19 :
19
20 :
20
---- More ----
View
Any view

Command Reference
display qos dscp-local-precedence-map 269
display qos dscp-local-precedence-map

Purpose
Use the display qos dscp-local-precedence-map command to display the

"DSCP->Local-precedence" mapping relationship.
Syntax
Parameters
None
Example
To display the "DSCP->Local-precedence" mapping relationship, enter the following:

<S4200G> display qos dscp-local-precedence-map
dscp-local-precedence-map
dscp : local-precedence(queue)
---------------------------------------------0 :
0
1 :
0
2 :
0
3 :
0
4 :
0
5 :
0
6 :
0
7 :
0
8 :
1
9 :
1
10 :
1
11 :
1
12 :
1
13 :
1
14 :
1
15 :
1
16 :
2
17 :
2
18 :
2
19 :
2
20 :
2
---- More ----
View
Any view
270 display qos-interface all

Command Reference
display qos-interface all

Purpose
Use the display qos-interface all command to display all the QoS settings
of the port.
Syntax
display qos-interface { interface-name | interface-type interface-num |

unit-id } all
Parameters
interface-name |
interface-type
interface-num
unit-id
Example
Specifies the port of the switch. Specify this parameter

and the switch will display the parameter
configurations of the specified port.
Specifies the unit ID. Specify this parameter and the
switch will display the parameter configurations of the
specified unit. If the unit ID parameter is specified, the
QoS parameter settings of all the ports on the specified
switch will be displayed.
To display all the QoS settings on Gigabitethernt1/0/1, enter the following:

<S4200G> display qos-interface gigabitethernet1/0/1 all
GigabitEthernet1/0/1: priority-trust port
GigabitEthernet1/0/1 Port Shaping: Disable
0 kbps, 0 burst
QID:
status
max-rate(kbps)
burst-size(byte)
---------------------------------------------------0 :
Disable
0
0
1 :
Disable
0
0
2 :
Disable
0
0
3 :
Disable
0
0
4 :
Disable
0
0
5 :
Disable
0
0
6 :
Disable
0
0
7 :
Disable
0
0
View
Description
Any view
The switch displays the following information according to its configurations:
Traffic policing configurations
Priority remark configurations
Redirect configurations
Traffic statistics configurations

Command Reference
Related Commands
display qos-interface all 271
Traffic mirroring configurations
Precedence mapping configurations
Traffic shaping configurations
VLAN tag remark configurations
port
traffic-limit
272 display qos-interface priority-trust

Command Reference

Purpose
Use the display qos-interface priority-trust command to display the

precedence mapping mode of the switch.
Syntax
display qos-interface { interface-type interface-num | unit-id }

priority-trust
Parameters
interface-type
interface-num
unit-id
Example
Specifies the port of the switch. Input this parameter

Specifies the unit ID. Input this parameter and the
specified unit.
To display the precedence mapping mode configuration on Gigabitethernt1/0/1,

<S4200G> display qos-interface gigabitethernet 1/0/1 priority-trust
GigabitEthernet1/0/1: priority-trust port
View
Any view
Description
This command displays the name and priority-trust mode of the port.
Related Command
priority trust

Command Reference
display qos-interface traffic-limit 273

Purpose
Use the display qos-interface traffic-limit command to view the traffic limit
settings.
Syntax
display qos-interface { interface-name | interface-type interface-num |

unit-id } traffic-limit
Parameters
interface-name |
interface-type
interface-num
unit-id
Example

specified unit.
To display the parameter configurations of traffic policing on Gigabitethernt1/0/1,

<S4200G> display qos-interface gigabitethernet1/0/1 traffic-limit
GigabitEthernet1/0/1: traffic-limit
Inbound:
Matches: Acl 2000 rule 0 running
Target rate: 1 Kbps
View
Description
Related Commands
Any view
Use this command to display:
The name of the port and the name of the traffic policing action
The application direction of the function on the port
Referenced ACL
Committed average rate
Settings for related policing actions
The running state of traffic policing statistics
port
274 display qos-interface traffic-shape

Command Reference

Purpose
Use the display qos-interface traffic-shape command to view the

parameter configurations of traffic shaping on the port.
Syntax
display qos-interface { interface-type interface-num | unit-id }

traffic-shape
Parameters
interface-type
interface-num
unit-id
Example

specified unit.
To display the parameter configurations of traffic limit on the port, enter the
following:
<S4200G> display qos-interface gigabitethernet1/0/1 traffic-shape
GigabitEthernet1/0/1 Port Shaping: Enable
20 kbps, 4 burst
QID:
status
max-rate(kbps)
burst-size(byte)
---------------------------------------------------0 :
Disable
0
0
1 :
Disable
0
0
2 :
Disable
0
0
3 :
Disable
0
0
4 :
Disable
0
0
5 :
Disable
0
0
6 :
Disable
0
0
7 :
Disable
0
0
View
Description
Related Command
Any view
Whether traffic shaping is enabled
Parameter configurations of the port-based traffic shaping: maximum traffic rate

and burst size (in kbyte)
Parameter configurations of the queue-based traffic shaping: queue ID, status,

maximum rate and burst size
traffic shape

Command Reference
display qos-interface traffic-statistic 275

Purpose
Use the display qos-interface traffic-statistic command to view the traffic

statistics.
Syntax
display qos-interface { interface-name |interface-type interface-num |

unit-id } traffic-statistic
Parameters
interface-name |
interface-type
interface-num
unit-id
Example

specified unit.
To display the traffic statistics, enter the following:

<S4200G> display qos-interface gigabitethernet1/0/1 traffic-statistic
GigabitEthernet1/0/1: traffic-statistic
Inbound:
Matches: Acl 2000 rule 0 running
0 packet
View
Description
Related Commands
Any view
The name of the port and the name of the traffic statistics
The application direction of the function on the port
Referenced ACL
The number of packets matching with the ACL rules
port
traffic-statistic
276 display qos-profile

Command Reference
display qos-profile
Purpose
Use the display qos-profile command to view the configurations of the QoS
profile.
Syntax
display qos-profile { all | name profile-name | interface {

interface-name | interface-type interface-num } | user user-name }
Parameters
all
Displays all QoS profiles.
name profile-name
Displays the QoS profile with the specified name. The

name is a string in the range of 1 to 32 characters and
it cannot be reserved key words, such as all, interface,
user, undo, user-based, port-based and so on.
interface { interface-name
| interface-type
interface-num }
Displays QoS profiles applied on the specified port.
user user-name
Example
Displays QoS profiles corresponding to the specified

user.user-name is the user name in the range of 1 to
80 characters.
To display the configurations of all the QoS profiles, enter the following:
<S4200G> display qos-profile all
qos-profile: test, 2 actions
packet-filter inbound ip-group 2000 rule 0
traffic-limit inbound ip-group 2000 rule 0 1
View
Description
Any view
The name of the QoS profile and the number of configured actions
The definition of each action

Command Reference
display queue-scheduler 277
display queue-scheduler
Purpose
Use the display queue-scheduler command to view queue scheduling mode and
corresponding parameters.
Syntax
Parameters
None
Default
The default is Weighted Round Robin.
Example
To display the queue-scheduling mode and the related parameters, enter the
following:
<S4200G> display queue-scheduler
QID:
scheduling-group
weight
----------------------------------0 :
sp
0
1 :
sp
0
2 :
sp
0
3 :
sp
0
4 :
sp
0
5 :
sp
0
6 :
sp
0
7 :
sp
0
View
Description
Related Command
Any view
Queue ID
The scheduling group of the queue
The weight of the queue
queue-scheduler
278 display radius

Command Reference
display radius
Purpose
Use the display radius command to view the configuration information about all
RADIUS schemes or a specified scheme.
Syntax
display radius [ radius-scheme-name ]
Parameters
radius-scheme-name
Example
To display the configuration information about all RADIUS schemes, enter the
following:
Specifies the RADIUS scheme name with a character

string up to 32 characters in length. If not specified, all
RADIUS schemes are displayed by default.
<S4200G> display radius

-----------------------------------------------------------------SchemeName =system
Index=0
Type=3Com
Primary Auth IP =127.0.0.1
Port=1645
Primary Acct IP =127.0.0.1
Port=1646
Second Auth IP =0.0.0.0
Port=1812
Second Acct IP =0.0.0.0
Port=1813
Auth Server Encryption Key= 3Com
Acct Server Encryption Key= 3Com
Accounting method = required
Accounting-On packet enable, send times = 15 , interval = 3s
TimeOutValue(in second)=3 RetryTimes=3 RealtimeACCT(in minute)=12
Permitted send realtime PKT failed counts
=5
Retry sending times of noresponse acct-stop-PKT =500
Quiet-interval(min)
=5
Username format
=without-domain
Data flow unit
=Byte
Packet unit
=1
unit 1 :
Primary Auth State=active,
Second Auth State=block
Primary Acc State=active,
Second Acc State=block
-----------------------------------------------------------------Total 1 RADIUS scheme(s). 1 listed
Table 63 Description on the fields of the display radius command

Field
Description
SchemeName
Name of the RADIUS scheme
Index
Index number of the RADIUS scheme
Type
Type of the RADIUS servers
Primary Auth IP/ Port
IP address/access port number of the primary authentication

server
Primary Acct IP/ Port
IP address/access port number of the primary accounting server
Second Auth IP/ Port
IP address/access port number of the secondary authentication

server
Second Acct IP/ Port
IP address/access port number of the secondary accounting

server

Command Reference
display radius 279
Table 63 Description on the fields of the display radius command (continued)
View
Field
Description
Auth Server Encryption Key
Shared key of the authentication servers
Acct Server Encryption Key
Shared key of the accounting servers
Accounting method
Accounting method
Accounting-On packet enable,

send times = 15 , interval = 3s
The system sends up to 15 Accounting-on packets at intervals

of 3 seconds after restarting.
TimeOutValue (seconds)
RADIUS server response timeout time
RetryTimes
Maximum number of transmission attempts
RealtimeACCT(in minute)
Real-time accounting interval in minutes
Permitted send realtime PKT

failed counts
Maximum allowed number of continuous no-response

real-time accounting requests
Retry sending times of

nonresponse acct-stop-PKT
Maximum number of transmission attempts of the buffered

stop-accounting requests
Quiet-interval(min)
Wait time for the primary servers to restore the active state
Username format
User name format
Data flow unit
Unit of measure for data in data flows
Packet unit
Unit of measure for packets
Primary Auth State
Status of the primary authentication server
Second Auth State
Status of the secondary authentication server
Primary Acc State
Status of the primary accounting server
Second Acc State
Status of the secondary accounting server
Related Command
Any view
radius-scheme
280 display radius statistics

Command Reference
display radius statistics

Purpose
Use the display radius statistics command to view the statistics information
about RADIUS packet.
Syntax
Parameters
None
Example
To display the statistics about RADIUS packets, enter the following:

<S4200G> display radius statistics
state statistic(total=1048):
DEAD=1048
AuthProc=0
AcctStart=0
RLTSend=0
AcctStop=0
OnLine=0
StateErr=0
AuthSucc=0
RLTWait=0
Stop=0
Received and Sent packets statistic:

Unit 1........................................
Sent PKT total :0
Received PKT total:0
RADIUS received packets statistic:
Code= 2,Num=0
,Err=0
Code= 3,Num=0
,Err=0
Code= 5,Num=0
,Err=0
Code=11,Num=0
,Err=0
Running statistic:
RADIUS received messages statistic:
Normal auth request
, Num=0
EAP auth request
, Num=0
Account request
, Num=0
Account off request
, Num=0
PKT auth timeout
, Num=0
PKT acct_timeout
, Num=0
Realtime Account timer
, Num=0
PKT response
, Num=0
EAP reauth_request
, Num=0
PORTAL access
, Num=0
Update ack
, Num=0
PORTAL access ack
, Num=0
Session ctrl pkt
, Num=0
Set policy result
, Num=0
RADIUS sent messages statistic:
Auth accept
, Num=0
Auth reject
, Num=0
EAP auth replying
, Num=0
Account success
, Num=0
Account failure
, Num=0
Cut req
, Num=0
Set policy result
, Num=0
RecError_MSG_sum:0
SndMSG_Fail_sum :0
Timer_Err
:0
Alloc_Mem_Err
:0
State Mismatch :0
Other_Error
:0
,
,
,
,
,
,
,
,
,
,
,
,
,
,
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
Err=0
,
,
,
,
,
,
,
,
,
,
,
,
,
,
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0
Succ=0

Command Reference
display radius statistics 281
No-response-acct-stop packet =0
Discarded No-response-acct-stop packet for buffer overflow =0
0
View
Related Command
Any view
radius-scheme
282 display rmon alarm

Command Reference
display rmon alarm

Purpose
Use the display rmon alarm command to display the configuration of a specified
alarm entry or all the alarm entries.
Syntax
display rmon alarm [ entry-number ]
Parameters
alarm-table-entry
Example
Display the configuration of all the alarm entries.
Alarm entry index, in the range of 1 to 65535. If you

do not specify this argument, the configuration of all
alarm entries is displayed.
<S4200G> display rmon alarm

Alarm table 1 owned by user1 is Valid.
Samples type
: absolute
Variable formula
:
1.3.6.1.2.1.2.2.1.10.4228009<ifInOctets.4228009>
Sampling interval
: 6(sec)
Rising threshold
: 10000(linked with event 1)
Falling threshold
When startup enables : risingOrFallingAlarm
Latest value
: 0
Table 64 Description on the fields of the display rmon alarm command
View
Field
Description
Samples type
Indicates the type of a sample. This field can be delta, which

indicates the sample is an increment, or absolute, which
indicates the sample is an absolute value.
When startup enables
Indicates the condition to trigger the alarm.
Related Command
Any view
rmon alarm

Command Reference
display rmon event 283
display rmon event

Purpose
Use the display rmon event command to display the configuration of a specified
event entry or all the event entries.
Syntax
display rmon event [ event-entry ]
Parameters
event-entry
Example
Display the configuration of all the event entries.
Event entry index, in the range of 1 to 65535. If you do

not specify this argument, the configuration of all the
event entries is displayed.
<S4200G> display rmon event

Event table 1 owned by user1 is VALID.
Description: null.
Will cause log-trap when triggered, last triggered at 0days
00h:02m:27s.
Table 65 Output information of the display rmon event command
View
Field
Description
Event table 1
Event entry with index 1
VALID
The state of the entry is valid
cause log-trap when triggered
Logging and trapping triggered by events
Description
Event description
last triggered at 0days 00h:02m:27s
Time when the last event is triggered
Any view
Description
The displayed information includes: event entry index, event entry owner, event
description, the action triggered by the event (log or alarm messages), and the time
(in seconds) when the latest event is triggered (in terms of the time elapsed since the
system is started/initialized).
Related Command
rmon event
284 display rmon eventlog

Command Reference
display rmon eventlog

Purpose
Use the display rmon eventlog command to display the log of a specified event
entry or all the event entries.
Syntax
display rmon eventlog [ event-entry ]
Parameters
event-entry
Example
Display the log generated by the event entry numbered 1.
Event entry index, in the range of 1 to 65535. If you do

not specify this argument, the log of all the event
entries is displayed.
<S4200G> display rmon eventlog 1

Event table 1 owned by user1 is VALID.
Generates eventLog 1.1 at 0days 00h:01m:39s.
Description: The 1.3.6.1.2.1.16.1.1.1.4.1 defined in alarm table 1,
less than(or =) 100 with alarm value 0. Alarm sample type is absolute.
Generates eventLog 1.2 at 0days 00h:02m:27s.
Description: The alarm formula defined in private alarm table 1,
less than(or =) 100 with alarm value 0. Alarm sample type is absolute.
View
Description
Any view
The displayed information includes: the indexes and status of the event entries in the
event table, the time (in seconds) when an event log is generated (in terms of the
time elapsed since the system is started or initialized), and the event description.

Command Reference
display rmon history 285
display rmon history

Purpose
Use the display rmon history command to display the RMON history information
about a specified port. The information about the latest sample, including utilization,
the number of errors, the total number of packets and so on, is also displayed.
Syntax
display rmon history [ interface-type interface-number | unit

unit-number ]
Parameters
interface-type
Interface type, refers to GigabitEthernet here.
interface-number
Interface number
unit unit-number
Specifies a unit number.
Example
Display the RMON history information about GigabitEthernet1/0/1.

<S4200G> display rmon history GigabitEthernet 1/0/1
History control entry 1 owned by user1 is VALID
Samples interface
: GigabitEthernet1/0/1<ifIndex.4227817>
Sampling interval
: 5(sec) with 10 buckets max
Latest sampled values :
dropevents
: 0
, octets
: 0
packets
: 0
, broadcast packets
: 0
multicast packets : 0
, CRC alignment errors : 0
undersize packets : 0
, oversize packets
: 0
fragments
: 0
, jabbers
: 0
collisions
: 0
, utilization
: 0
View
Related Command
Any view
rmon history
286 display rmon prialarm

Command Reference
display rmon prialarm

Purpose
Use the display rmon prialarm command to display the configuration of a

specified extended alarm entry or all the extended alarm entries.
Syntax
display rmon prialarm [ prialarm-entry-number]
Parameters
prialarm-entry-number
Example
Display the configuration of all the extended RMON alarm entries.
Extended alarm entry Index, in the range of 1 to

65535. If you do not specify this argument, the
configuration of all the extended alarm entries is
displayed.
<S4200G> display rmon prialarm

Prialarm table 1 owned by user1 is VALID.
Samples type
: absolute
Variable formula
: .1.3.6.1.2.1.16.1.1.1.4.1
Description
:
Sampling interval
: 10(sec)
Rising threshold
Falling threshold
When startup enables : risingOrFallingAlarm
This entry will exist : forever.
Latest value
: 0
View
Related Command
Any view
rmon prialarm

Command Reference
display rmon statistics 287
display rmon statistics

Purpose
Use the display rmon statistics command to display the RMON statistics of a
specified port.
Syntax
display rmon statistics [ interface-type interface-number | unit

unit-number ]
Parameters
interface-type
Interface type.
interface-number
Interface number.
unit unit-number
Specifies a unit number.
Example
Display the RMON statistics information about GigabitEthernet1/0/1

<S4200G> display rmon statistics GigabitEthernet 1/0/1
Statistics entry 1 owned by user1-rmon is VALID.
Interface : GigabitEthernet1/0/1<ifIndex.4227817>
etherStatsOctets
: 0
, etherStatsPkts
etherStatsBroadcastPkts : 0
, etherStatsMulticastPkts
etherStatsUndersizePkts : 0
, etherStatsOversizePkts
etherStatsFragments
: 0
, etherStatsJabbers
etherStatsCRCAlignErrors : 0
, etherStatsCollisions
etherStatsDropEvents (insufficient resources): 0
Packets received according to length:
64
: 0
, 65-127 : 0
, 128-255 : 0
256-511: 0
, 512-1023: 0
, 1024-1518: 0
View
:
:
:
:
:
0
0
0
0
0
Any view
Description
The displayed information include the number of the following items: collisions,
packets with CRC errors, undersize or oversize packets, broadcast packets, multicast
packets, received bytes, and received packets.
Related Command
rmon statistics
288 display rsa local-key-pair public

Command Reference
display rsa local-key-pair public

Purpose
Use the display rsa local-key-pair public command to display the public
key of the server host key pair. If no key pair is generated, the system prompts %RSA
keys not found.
Syntax
Parameters
None
Example
Display the public key of the server host key pair:

<S4200G> display rsa local-key-pair public
=====================================================
Time of Key pair created: 02:15:56 2000/04/02
Key name: S4200G_Host
Key type: RSA encryption Key
=====================================================
Key code:
3047
0240
C968B224 D3DD880B 65758B4F AD281531 8BC8A915
48D30D34 F29B9BE3 4F35DFD6 C8AB3135 0727590B
80700BA1 6D62CF05 DF9960A4 59466486 E0A36F95
A76B28C7
0203
010001
Host public key for PEM format code:
---- BEGIN SSH2 PUBLIC KEY ---AAAAB3NzaC1yc2EAAAADAQABAAAAhADX9/Nk0pXI2n9A58Yt9+IGbssAdzN28FGk
tfHKrzw6MU8a57DYhETGhFmaVrqVG9COBn3Kk0RI2GsUUuI/ujN6tM1lzf0h/eZs
CaZfB6BnaTHH9X1A/Qc+WCa5jmWyB5u3V1CpTUWVd8smXZg8wHuOsd4DK6zcp48H
l1KgSYCK69A87Q==
---- END SSH2 PUBLIC KEY ---Public key code for pasting into OpenSSH authorized_keys file:
ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAAAhADX9/Nk0pXI2n9A58Yt9+IGbssAdzN28FGktfHKrz
w6
MU8a57DYhETGhFmaVrqVG9COBn3Kk0RI2GsUUuI/ujN6tM1lzf0h/eZsCaZfB6BnaTHH9X
1A/Qc+WCa5
jmWyB5u3V1CpTUWVd8smXZg8wHuOsd4DK6zcp48Hl1KgSYCK69A87Q== rsa-key
View
Related Command
Any view
rsa local-key-pair create

Command Reference
display rsa peer-public-key 289
display rsa peer-public-key

Purpose
Use the display rsa peer-public-key command to display the client public
key of the specified RSA key pair. If no key name is specified, the command displays
all public keys of the client
Syntax
display rsa peer-public-key [ brief | name keyname ]
Parameters
brief
Displays brief information about all public keys on the

client.
keyname
Name of the client public key, consisting of a string 1

Example
Display all public keys on the client.

<S4200G> display rsa peer-public-key brief
Address
Bits
Name
--------------------------1023
abcd
1024
hq
Display the public key of the client key pair abcd.

<S4200G> display rsa peer-public-key name abcd
=====================================
Key name: abcd
Key address:
=====================================
Key Code:
308186
028180
739A291A BDA704F5 D93DC8FD F84C4274 631991C1
3591C7D4
7D5381D0 9CE82913 D7EDF9C0 8511D83C A4ED2B30
045DE408
61B74A0E 135523CC D74CAC61 F8E58C45 2B2F3F2D
E187BDD9
44018B3B 69F3CBB0 A573202C 16BB2FC1 ACF3EC8F
BB45504F
0201
25
View
Any view
64B0DF17 8C55FA83
B809808E B0D1F52D
A0DCC48E 3306367F
828D55A3 6F1CDDC4
290 display saved-configuration

Command Reference
Purpose
Use the display saved-configuration command to display the content of the

main configuration file in the flash memory of a switch.
Syntax
display saved-configuration [ unit unit-id ] [ by-linenum ]
Parameters
unit unit-id
Specifies the unit ID of a switch.
by-linenum
Example
Display the content of the main configuration file in the Flash.

<S4200G> display current-configuration
#
sysname S4200G
#
radius scheme system
#
domain system
#
vlan 1
#
vlan 2
#
#
interface Aux1/0/0
#
interface Ethernet1/0/1
#
#
#
#
#
#
#
#
#
#
#
#

Command Reference
display saved-configuration 291
#
#
#
#
#
#
#
#
#
#
#
#
#
#
interface NULL0
#
management-vlan 2
#
user-interface aux 0 7
#
return
The configurations above are listed in the following order: global, port configuration,
and user interface configurations.
View
Description
Any view
If an Ethernet switch does not work normally after it is powered on, you can use the
display saved-configuration command to view the startup configurations
of the switch.
292 display schedule reboot

Command Reference
display schedule reboot

Purpose
Use the display schedule reboot command to display information about

scheduled reboot.
Syntax
Parameters
None
Example
Display the information about scheduled reboot.

<S4200G> display schedule reboot
System will reboot at 16:00:00 2002/11/1 (in 2 hours and 5 minutes).
View
Related Command
Any view
reboot
schedule reboot at

Command Reference
display snmp-agent 293
display snmp-agent
Purpose
Use the display snmp-agent command to view engine ID of the local or remote
SNMP entity.
Syntax
display snmp-agent { local-engineid | remote-engineid }
Parameters
local-engineid
Engine ID of a local SNMP entity.
remote-engineid
Engine ID of a remote SNMP entity.
Example
Display the engine ID of a local device.

<S4200G>display snmp-agent local-engineid
SNMP Local EngineID: 800007DB00E0FC0031006877
SNMP local EngineID in the above information represents the engine ID
of the local SNMP entity.
View
Description
Any view
The SNMP engine is a unique identifier of an SNMP entity in the SNMP domain. It
performs the function of sending, receiving and authenticating SNMP messages,
extracting PDUs, packet encapsulations, and communication with SNMP applications.
294 display snmp-agent community

Command Reference
display snmp-agent community

Purpose
Use the display snmp-agent community command to view the information about
the currently configured community names for SNMPv1 or SNMPv2c.
display snmp-agent community [ read | write ]
Parameters
Example
read
Displays read-only community information.
write
Displays read-write community information.
Display the currently configured community names.

<S4200G>display snmp-agent community
community name:public
group name:public
storage-type: nonVolatile
community name:private
group name:private
storage-type: nonVolatile
The following table describes the output fields

Table 66 Description on the fields of the display snmp-agent community command
View
Field
Description
community name
community name
Group name
Group name
storage-type
Storage type, including volatile, nonVolatile, permanent, readOnly and

other.
Any view

Command Reference
display snmp-agent group 295
display snmp-agent group

Purpose
Use the display snmp-agent group command to view group name, security model,
state of various views and storage models.
Syntax
display snmp-agent group [ group-name ]
Parameters
groupname
Example
Display SNMP group name and security model.
Group name. Valid values are 1 to 32 bytes.
<S4200G>display snmp-agent group

Group name: v3r2
Security model: v3 noAuthnoPriv
Readview: ViewDefault
Writeview: <no specified>
Notifyview :<no specified>
Storage-type: nonvolatile
The following table describes the output fields.

Table 67 Output description of the display snmp-agent group command
View
Field
Description
groupname
SNMP Group name of the user
Security model
Security model of that group, including authorization and encryption,

authorization and no encryption, no authorization and no encryption.
readview
Read-only MIB view name corresponding to that group
writeview
Writable MIB view corresponding to that group
notifyview
The name of the notify MIB view corresponding to that group
storage-type

other.
Any view
296 display snmp-agent mib-view

Command Reference
display snmp-agent mib-view

Purpose
The display snmp-agent mib-view command is used to view the MIB view
configuration information of the current Ethernet switch.
Syntax
display snmp-agent mib-view [ exclude | include | viewname view-name]
Parameters
exclude
Displays the SNMP mib view excluded.
include
Displays the SNMP mib view included.
viewname
Displays the SNMP mib view according to the view

name.
view-name
Specifies the mib view name.
Example
Display the information about the currently configured MIB view.

<S4200G>display snmp-agent mib-view
View name:ViewDefault
MIB Subtree:internet
Subtree mask:
Storage-type: nonVolatile
View Type:included
View status:active
MIB Subtree:snmpUsmMIB
Subtree mask:
View Type:excluded
View status:active
MIB Subtree:snmpVacmMIB
Subtree mask:
View Type:excluded
View status:active
MIB Subtree:snmpModules.18
Subtree mask:
View Type:excluded
View status:active

Command Reference
display snmp-agent mib-view 297

Table 68 Output description of the display snmp-agent group command
View
Field
Description
View name
View name
MIB Subtree
MIB Subtree
Storage-type
Storage type
ViewType: included/excluded
Permit or forbid access to an MIB object
View status
Indicate the line state in the table
Description
Any view
The display snmp-agent mib-view command is used to view the MIB view
configuration information of the Switch.
If the SNMP Agent is disabled, "SNMP Agent disabled" will be displayed after you
execute the above display commands.
298 display snmp-agent statistics

Command Reference
display snmp-agent statistics

Purpose
Use the display snmp-agent statistics command to view the statistics

information about SNMP packets.
Syntax
Parameters
None
Example
Display the statistics information about SNMP packets.

<S4200G> display snmp-agent statistics
1276 Messages delivered to the SNMP entity
0 Messages which were for an unsupported version
0 Messages which used a SNMP community name not known
0 Messages which represented an illegal operation for the community
supplied
0 ASN.1 or BER errors in the process of decoding
1291 Messages passed from the SNMP entity
0 SNMP PDUs which had badValue error-status
0 SNMP PDUs which had genErr error-status
7 SNMP PDUs which had noSuchName error-status
0 SNMP PDUs which had tooBig error-status (Maximum packet size 1500)
3669 MIB objects retrieved successfully
26 MIB objects altered successfully
420 GetRequest-PDU accepted and processed
832 GetNextRequest-PDU accepted and processed
0 GetBulkRequest-PDU accepted and processed
1276 GetResponse-PDU accepted and processed
24 SetRequest-PDU accepted and processed
15 Trap PDUs accepted and processed
0 Alternate Response Class PDUs droped silently
0 Forwarded Confirmed Class PDUs droped silently

Table 69 Output description of the display snmp-agent statistics command
Field
Description
0 Messages delivered to the SNMP entity Total number of the input SNMP packets
0 Messages which were for an
unsupported version
Number of packets with version information error
0 Messages which used a SNMP

community name not known
Number of packets with community name error
0 Messages which represented an illegal Number of packets with authority error

operation for the community supplied
corresponding to the community name
0 ASN.1 or BER errors in the process of
decoding
Number of SNMP packets with encoding error
0 Messages passed from the SNMP

entity
Total number of the output SNMP packets
0 SNMP PDUs which had a badValue

error
Number of SNMP packets with Bad_values error

Command Reference
display snmp-agent statistics 299
Table 69 Output description of the display snmp-agent statistics command

Field
Description
0 SNMP PDUs which had a general error Number of SNMP packets with General_errors
0 SNMP PDUs which had a noSuchName Number of the packets requesting nonexistent MIB
error
objects
0 SNMP PDUs which had a tooBig error
(Maximum packet size 1500)
Number SNMP packet with too_big error
0 MIB objects retrieved successfully
Number of variables requested by NMS
0 MIB objects altered successfully
The number of variables set by NMS
0 Get-request PDUs accepted and

processed
Number of the received packets requested by get
0 Get-next request PDUs accepted and

processed
Number of the received packets requested by

get-next
0 GetBulkRequest-PDU accepted and

processed
Number of PDUs requested by GetBulk.
0 GetResponse-PDU accepted and

processed
Number of PDUs requested by GetResponse.
0 Set-request PDUs accepted and

processed
Number of the received packets requested by set
3 Trap PDUs accepted and processed
Number of the sent Trap packets
0 Alternate Response Class PDUs droped Number of dropped PDUs.

silently
0 Forwarded Confirmed Class PDUs
droped silently
View
Description
Number of dropped forwarded PDUs.
Any view
This command provides a counter for SNMP operations.
300 display snmp-agent sys-info

Command Reference
display snmp-agent sys-info

Purpose
Use the display snmp-agent sys-info command to view the system information
of SNMP configuration.
Syntax
display snmp-agent sys-info [ contact | location | version ]*
Parameters
contact
Displays the contact information of the current device.
location
Displays the physical location of the current device.
version
Displays the version information about the SNMP

running in the system.
Example
Display the system information about the SNMP device.

<S4200G> display snmp-agent sys-info
The contact person for this managed node:
R&D 3Com Corporation
The physical location of this node:
Beijing China
SNMP version running in the system:
SNMPv1 SNMPv2c SNMPv3
Description
Any view
The information includes the character string sysContact (system contact), the
character string describing the system location, the version information about the
running SNMP in the system.

Command Reference
display snmp-agent trap-list 301
display snmp-agent trap-list

Purpose
Use the display snmp-agent trap-list command to display trap list

information.
Syntax
Parameters
None
Example
Display trap list information.

<S4200G> display snmp-agent trap-list
configuration trap enable
flash trap enable
standard trap enable
system trap enable
Enable traps :4; Disable traps 0
View
Related Command
Any view
snmp-agent trap enable
302 display snmp-agent usm-user

Command Reference
display snmp-agent usm-user

Purpose
Use the display snmp-agent usm-user command to view SNMP user

information.
Syntax
display snmp-agent usm-user [ engineid engineid | group groupname |

username username ]
Parameters
engineid
Displays the SNMPv3 user information of the specified

engine ID, which ranges from 10 to 64 hexadecimal
numerals.
username
Displays information about the specified SNMPv3 user,

which ranges from 1 to 32 bytes.
groupname
Displays information about users in the specified group

name, which ranges from 1 to 32 bytes.
Example
Display all user information.

<S4200G>display snmp-agent usm-user
User name: usm-user
Group name: usm-group
Engine ID: 800007DB00E0FC0031006877
UserStatus: active
Table 70 Description on the fields of the display snmp-agent usm-user command
View
Field
Description
User name
SNMP user name
Group name
The group name which the SNMP user name belongs to
Engine ID
The character string identifying the SNMP device
Storage type

other.
userStatus
SNMP user status
Any view

Command Reference
display ssh server 303
display ssh server

Purpose
Use the display ssh server command to display the status or session
information about the SSH server
Syntax
display ssh server { status | session }
Parameters
status
Displays SSH status information.
session
Displays SSH session information.
Example
Display the status information about the SSH server.

<S4200G> display ssh server status
SSH version : 1.99
SSH connection timeout : 60 seconds
SSH Authentication retries : 3 times
SFTP Server: Enable
Display the session information about the SSH server.

<S4200G> display ssh server session
Conn
Ver
Encry
State
Retry
VTY 0 2.0
AES
started
0
View
Related Commands
Any view
ssh server authentication-retries
ssh server timeout
Username
1
304 display ssh server-info

Command Reference
display ssh server-info

Purpose
Use the display ssh server-info command to display the association

between the server public keys configured on the client and the servers.
Syntax
Parameters
None
Example
Display the association between the server public keys and the servers.
<S4200G> display ssh server-info
Server Name(IP)
Server public key name
______________________________________________________
192.168.0.1
abc_key01
192.168.0.2
abc_key02
View
Any view

Command Reference
display ssh user-information 305
display ssh user-information

Purpose
Use the display ssh user-information command to display information

about the current SSH users, including user name, authentication mode, key name
and authorized service types. If the username is specified, the command displays
information about the specified user.
Syntax
display ssh user-information [ username ]
Parameters
username
Example
Display information about the current user.
SSH user name, consisting of a string 1 to 80

characters long.
<S4200G> display ssh user-information

Username
Authentication-type User-public-key-name
Service-type
kj
rsa
null
stelnet|sftp
View
Related Commands
Any view
ssh user assign rsa-key
ssh user service-type
ssh user authentication-type
306 display startup

Command Reference
display startup
Purpose
Use the display startup command to display the startup configuration of a

switch, including the name of the current startup configuration file, the names of the
main startup configuration file, and backup startup configuration file to be used
when the switch starts the next time, and so on.
Syntax
display startup [ unit unit-id ]
Parameters
unit unit-id
Example
Display the startup configuration of unit 1.
<S4300G> display startup unit 1

MainBoard:
Current Startup saved-configuration file:
Next main startup saved-configuration file:
Next backup startup saved-configuration file:
Bootrom-access enable state:
View
Related Command
Any view
startup saved-configuration
NULL
flash:/123.cfg
flash:/back.cfg
enabled

Command Reference
display stop-accounting-buffer 307
display stop-accounting-buffer
Purpose
Use the display stop-accounting-buffer command to view the no-response

stop-accounting request packets buffered in the device.
Syntax
display stop-accounting-buffer { radius-scheme radius-scheme-name |

session-id session-id | time-range start-time stop-time |
user-name user-name }
Parameters
radius-scheme
radius-scheme-name
session-id session-id
time-range start-time
stop-time
Displays the buffered stop-accounting requests of the

specified RADIUS scheme. radius-scheme-name is
a character up to 32 characters in length.
Displays the buffered stop-accounting requests of the
specified session ID. session-id is a character string
up to 50 characters in length.
Displays the buffered stop-accounting requests in the
specified time range.
start-time specifies the beginning time of the

request time range.
stop-time specifies the end time of the saving

time range.
The time is expressed in the format

hh:mm:ss-yyyy/mm/dd or hh:mm:ss-yyyy/mm/dd.
user-name user-name
Displays the buffered stop-accounting requests for the

specified username. user-name specifies the
username, a character string up to 32 characters in
length. This string cannot contain the following
characters:
<
>

username. The pure username (the part before @,
namely the user ID) cannot exceed 24 characters.
Example
To Display the buffered stop-accounting requests from 0:0:0 08/31/2002 to 23:59:59

08/31/2002, enter the following:
308 display stop-accounting-buffer

Command Reference
<S4200G> display stop-accounting-buffer time-range 0:0:0-08/31/2002

23:59:59-08/31/2002
Total find
0 record
View
Description
Any views
You can choose to display the buffered stop-accounting packets of a specified

RADIUS scheme, session ID, or user name. You can also specify a time range to display
those which are sent within the specified time range. The displayed packet
information helps you to diagnose and resolve problems relevant to RADIUS.
When the switch sends out a stop-accounting packet but gets no response from the
RADIUS server, it first buffers the packet and then retransmits it until the maximum
number of retransmission attempts (set by the retry stop-accounting
command) is reached.
Related Command
reset stop-accounting-buffer
stop-accounting-buffer enable
retry stop-accounting

Command Reference
display stp 309
display stp
Purpose
Use the display stp command to display the state and statistical information
about one or all spanning trees.
Syntax
display stp [ instance instance-id ] [ interface interface-list |

slot slot-number ] [ brief ]
Parameters
instance-id
ID of the spanning tree instance. Valid values are 0 to

16. A value of 0 specifies the common and internal
spanning tree (CIST).
interface-list
Specifies the Ethernet port list. You can specify

multiple ports by providing this argument in the form:
[ to interface-name] & < 1-10 >.
The interface-name is the port index of a port and
can be specified in this form:
interface-num }
interface-type specifies the type of a port
interface-num identifies the port number.

Note that the interface name after the keyword to
must have an interface-num that is greater than or
equal to that of the interface-name before to.
Example
&<1-10>means that up to 10 port indexes/port

index lists can be provided.
slot slot-number
Specifies the slot number whose spanning tree

protocol (STP) information is to be displayed.
brief
Displays only port status and protection measures

taken for the ports.
To display the state and statistical information about a spanning tree, enter the
following:
<S4200G> display stp instance 0 interface GigabitEthernet 1/0/1 to
GigabitEthernet 1/0/4 brief
MSTID
Port
Role STP State
Protection
0
ALTE DISCARDING
LOOP
0
DESI FORWARDING
NONE
0
DESI FORWARDING
NONE
0
DESI FORWARDING
NONE
310 display stp

Command Reference
Table 71 Description on the fields of the display stp command
View
Field
Description
MSTID
The ID of a spanning tree instance in the MST region
Port
Port number corresponding to the spanning tree instance
Role
Port role
STP State
STP state of the port, which can be forwarding or discarding.
Protection
Protection type of the port
Description
Any view
The state and statistical information about MSTP can be used to analyze and maintain
the topology of a network. It also can be used to make MSTP operating properly.
If neither spanning tree instance nor port list is specified, the command displays
spanning tree information about all spanning tree instances on all ports in order of
port number.
If only a spanning tree instance is specified, the command displays information

about the specified spanning tree instance on all ports in order of port number.
If only a port list is specified, the command displays information about all spanning
tree instances on these ports in order of port number.
If both a spanning tree instance and a port list are specified, the command displays
spanning tree information about the specified spanning tree instance and the
specified ports in order of spanning tree instance ID.
MSTP status information includes the following:
Global CIST parameters: Protocol operation mode, switch priority in the CIST
instance, MAC address, Hello time, Max Age, Forward delay, Max hop count, the
common root bridge of the CIST, the external path cost for the switch to reach the
CIST common root bridge, the region root, the internal path cost for the switch to
reach the region root, CIST root port of the switch, and the status of the BPDU
protection function (enabled or disabled).
CIST port parameters: Port protocol, port role, port priority, path cost, the
designated bridge, the designated port, edge port/non-edge port, connected/not
connected to a point-to-point link, the maximum transmission speed, the type of
the root protection feature, VLAN mappings, Hello time, Max age, Forward delay,
Message-age time, and Remaining-hops.
Global MSTI parameters: MSTI ID, bridge priority of the instance, region root,
internal path cost, MSTI root port, and Master bridge.
MSTI port parameters: Port status, role, priority, path cost, the designated bridge,
the designated port, and Remaining Hops.
The statistics includes the number of the TCN BPDUs, the configuration BPDUs, the
RST BPDUs, and the MST BPDUs transmitted/received by the port.
Related Command
reset stp

Command Reference
display stp region-configuration 311
display stp region-configuration

Purpose
Use the display stp region-configuration command to display the MST

region configuration.
Information displayed includes:
the region name
region revision level
spanning tree instance-to-VLAN mappings configured for the switch
Syntax
Parameters
None
Example
To display the configurations of the MST regions, enter the following:

<S4200G> display stp region-configuration
Oper Configuration
Format selector :0
Region name
:hello
Revision level :0
Instance
0
1
2
Vlans Mapped
21 to 4094
1 to 10
11 to 20
Table 72 Description on the fields of the display stp region-configuration

command
Field
Description
Format selector
Selector specified by MSTP
Region name
Name of the MST region
Revision level
Revision level of the MST region
Instance Vlans Mapped Spanning tree instance-to-VLAN mappings in the MST region
View
Related Command
Any view
stp region-configuration
312 display tcp statistics

Command Reference
display tcp statistics

Purpose
Use the display tcp statistics command to view the statistics information about
TCP packets.
Syntax
Parameters
None
Example
To view statistics about TCP packets, enter the following:

<S4200G> display tcp statistics
Received packets:
Total: 753
packets in sequence: 412 (11032 bytes)
window probe packets: 0, window update packets: 0
checksum error: 0, offset error: 0, short error: 0
duplicate packets: 4 (88 bytes), partially duplicate packets: 5 (7
bytes)
out-of-order packets: 0 (0 bytes)
packets of data after window: 0 (0 bytes)
packets received after close: 0
ACK packets: 481 (8776 bytes)
duplicate ACK packets: 7, too much ACK packets: 0
Sent packets:
Total: 665
urgent packets: 0
control packets: 5 (including 1 RST)
window probe packets: 0, window update packets: 2
data packets: 618 (8770 bytes) data packets retransmitted: 0 (0 bytes)
ACK-only packets: 40 (28 delayed)
Retransmitted timeout: 0, connections dropped in retransmitted timeout:
0
Keepalive timeout: 0, keepalive probe: 0, keepalive timeout, so
connections disconnected : 0
Initiated connections: 0, accepted connections: 0, established
connections: Closed connections: 0 (dropped: 0, initiated dropped: 0
Table 73 Description on the fields of the display tcp statistics command

Field
Description
Received packets
Indicates that the following is the statistics for the received packets.
Total
Total number of received packets
packets in sequence
Number of packets reached in sequence
window probe packets
Number of window probe packets
checksum error
Number of checksum error packets
offset error
Number of length error packets
short error
Number of too short packets
duplicate packets
Number of completely duplicate packets

Command Reference
display tcp statistics 313
Table 73 Description on the fields of the display tcp statistics command

Field
Description
partially duplicate
packets
Number of partly duplicate packets
out-of-order packets
Number of out-of-order packets
packets of data after

window
Number of after-window packets
packets received after

close
Number of packets reached after the connection is closed
ACK packets
Number of ACK packets
duplicate ACK packets
Number of duplicate ACK packets
Sent packets
Indicates that the following is the statistics for the sent packets.
Total
Total number of sent packets
urgent packets
Number of urgent data packets
control packets
Number of control packets
window probe packets
Number of window probe packets
window update packets Number of window update packets
View
data packets
Number of data packets
ACK-only packets
Number of ACK packets
Retransmitted timeout
Timeout times of the retransmission timer
connections dropped in
retransmitted timeout
Number of connections dropped due to out-of-limit retransmission

times
Keepalive timeout
Timeout times of the keepalive timer
keepalive probe
Number of sent keepalive probe packets
keepalive timeout, so
connections
disconnected
Number of connections torn down due to keepalive probe failure
Initiated connections
Number of initiated connections
accepted connections
Number of accepted connections
established connections
Number of established connections
Closed connections
Number of closed connections
Description
Related Commands
Any view
The statistics are mainly divided into two parts: those for received packets, and those
for sent packets. Each part contains information about different types of packets,
such as duplicate packets and checksum error packets in received packets. At the end
of the display output are the statistics relevant to the connections, such as the
accepted connections, the number of the retransmitted packets, and the number of
keepalive probe packets. Most of the above statistics are offered in packets; several
ones are offered in bytes.
display tcp status
reset tcp statistics
314 display tcp status

Command Reference
display tcp status

Purpose
Use the display tcp status command to view the TCP connection state.
Syntax
display tcp status
Parameters
None
Example
To display the state of all TCP connections, enter the following:

<S4200G> display tcp status
TCPCB
03e37dc4
04217174
Local Add:port
0.0.0.0:4001
100.0.0.204:23
Foreign Add:port
0.0.0.0:0
100.0.0.253:65508
Table 74 Description of the display tcp status command
View
Field
Description
Local Add:port
Local IP address: local port
Foreign Add:port
Remote IP address; remote port
State
State of the TCP link
Any view
State
Listening
Established

Command Reference
display this 315
display this
Purpose
Use the display this command to display the current configuration performed in
the current view of the system.
Syntax
display this [ by-linenum ]
Parameters
by-linenum
Example
Display the running configuration parameters in the current view of the system with
each line number.
<S4200G> display this

#
return
View
Description
Any view
After performing a group of configurations in a view, you can use the display
this command to verify the configuration results by checking the currently valid
parameters.
This command does not display the currently valid configuration parameters which
have the same values with the corresponding default working parameters.
This command does not display the parameters whose corresponding functions do
not take effect even though these parameters have been configured.
Executing this command in different interface views display the configurations on

the corresponding interfaces.
Executing this command in different protocol views display the configurations in

the corresponding protocol views.
Executing this command in different protocol sub-views display the configurations

in the corresponding protocol sub-views.
316 display time-range

Command Reference
display time-range
Purpose
Use the display time-range command to view the configuration and status of the
current time range. You will see the active or inactive state outputs respectively.
Syntax
display time-range { all | name }
Parameters
all
Specifies to display all time ranges.
name
Specifies the name of the time range. Valid values are a

character string that starts with a letter (a-z or A-Z),
and is 1 to 32 characters long.
Example
Display all the time ranges.

<S4200G> display time-range all
Current time is 14:36:36 Apr/2/2003 Thursday
Time-range : hhy ( Inactive )
from 08:30 2/5/2005 to 18:00 2/19/2005
Time-range : hhy1 ( Inactive )
from 08:30 2/5/2003 to 18:00 2/19/2003

Table 75 Field Descriptions for All Time Ranges
Field
Description
Current time is 14:36:36 Apr/3/2003

Thursday
The current time of the system.
Time-range : hhy ( Inactive ) from 08:30

2/5/2005 to 18:00 2-19-2005
Time range hhy. "Inactive" indicates that this time

range is currently in the inactive state (while "Active"
indicates that the time range is in the active state),
and the time range is from 8:30 February 5, 2005 to
18:00 February 19 2005.
Display the time range named "tm1".

<S4200G> display time-range tm1
Current time is 14:37:31 Apr/3/2003 Thursday
Time-range : tm1 ( Inactive )
from 08:30 2/5/2005 to 18:00 2/19/2005
Table 76 Field Descriptions for Specific Time Range

Field
Description
Current time is 14:36:36 Apr/3/2003

Thursday
The current time of the system
Time-range : tm1 ( Inactive ) from 08:30

2/5/2005 to 18:00 2/19/2005
Time range tm1. "Inactive" indicates that this time

range is currently in the inactive state (while "Active"
indicates that the time range is in the active state),
and the time range is from 8:30 February 5, 2005 to
18:00 February 19 2005

Command Reference
View
display time-range 317
Related Command
Any view
time-range
318 display trapbuffer

Command Reference
display trapbuffer
Purpose
Use the display trapbuffer command to display the status of the trap buffer
and the records in the trap buffer.
Syntax
display trapbuffer [ unit unit-id ] [ size buffersize ]
Parameters
unit-id
Unit identification.
size
Specifies the size of the trap buffer.
buffersize

of messages it holds. It ranges from 1 to 1024 and
defaults to 256.
Example
Display the status of the trap buffer and the records in the trap buffer.
<S4200G> display trapbuffer
Trapping Buffer Configuration and contents:
enabled
allowed max buffer size : 1024
actual buffer size : 256
channel number : 3 , channel name : trapbuffer
dropped messages : 0
overwrote messages : 0
current messages : 6
#Dec 31 14:01:25 2004 S4200G DEV/2/LOAD FINISHED:
Trap 1.3.6.1.4.1.2011.2.23.1.12.1.20: frameIndex is 0, slotIndex 0.4
#Dec 31 14:01:33 2004 S4200G DEV/2/BOARD STATE CHANGE TO NORMAL:
Trap 1.3.6.1.4.1.2011.2.23.1.12.1.11: frameIndex is 0, slotIndex 0.2
#Dec 31 14:01:40 2004 S4200G DEV/2/BOARD STATE CHANGE TO NORMAL:
Trap 1.3.6.1.4.1.2011.2.23.1.12.1.11: frameIndex is 0, slotIndex 0.
View
Description
Any view
Executing the command with the size buffersize parameters will display the latest trap
records, with the number of the records being the specified size at most.

Command Reference
display udp-helper server 319
display udp-helper server

Purpose
Use the display udp-helper server command to view the information of

destination Helper server corresponding to the VLAN interface.
Syntax
display udp-helper server [ interface vlan-interface vlan_id ]
Parameters
vlan_id
Example
To display the information of destination Helper server corresponding to the VLAN

interface 1, enter the following:
VLAN interface ID.
<SW4200G>display udp-helper server interface vlan-interface 1

interface name server addresspackets sent
VLAN-interface1 192.1.1.20
View
Any view
320 display user-interface

Command Reference
display user-interface
Purpose
Use the display user-interface command to view information on a user

interface.
Syntax
display user-interface [ type number | number ] [summary]
Parameters
type number
Specifies the type and number of the user interface

you want to display details on, for example VTY 3.
number
Specifies the index number of the user interface you

want to display details on.
summary
Displays the summary of a user interface.
Example
Display the information about user interface 0.

<S4200G> display user-interface 0
Idx Type
Tx/Rx
Modem Privi Auth
F 0
AUX 0
9600
3
N
Int
-
+
: Current user-interface is active.
F
: Current user-interface is active and work in async mode.
Idx : Absolute index of user-interface.
Type : Type and relative index of user-interface.
Privi: The privilege of user-interface.
Auth : The authentication mode of user-interface.
Int : The physical location of UIs.
A : Authenticate use AAA.
N: Current UI need not authentication.
P: Authenticate use current UI's password.
Table 77 Output description of the display user-interface command

Field
Description
Indicates that the user interface is in use
Indicates that the current user interface is in use and working in asynchronous
mode
Idx
Displays the absolute index number of the user interface
Type
Displays the user interface type and relative index of the user interface
Tx/Rx
Displays the transmission speed of the user interface
Modem
Indicates whether or not a modem is used
Privi
Indicates the command level that can be accessed from this user interface
Auth
Indicates the user interface authentication method
Int
Indicates the physical location of the user interface

Command Reference
display user-interface 321
Display the summary information of user interface 0.

<SW4200G>dis user-interface summary
User interface type : [AUX]
0:U
User interface type : [VTY]
1:XXXX X
1 character mode users.
5 UI never used.
1 total UIs in use.
(U)
(X)
Table 78 Output Description of the display user-interface summary command
View
Field
Description
0: U
User interface type
1 character mode users
One type of user interface
1 total UIs in use
The total number of user interfaces in use
UIs name
User interface name
Description
Any view
Use the display user-interface command to display the information about a

specified user interface or all user interfaces, including user interface type,
absolute/relative user interface number, transmission speed, available command level,
authentication mode, and physical position.
You can choose to access this information by user interface type and type number, or
by user interface index number. The information displayed is the same whichever
access method you use.
This command without the summary parameter displays user interface type,
absolute/relative index, transmission speed, priority, authentication methods, and
physical location. This command with the summary parameter displays one user
interface in use with user interface name and other user interface information.
322 display users

Command Reference
display users
Purpose
Use the display users command to display the information about user interfaces. If
you do not specify the all keyword, only the information about the current user
interface is displayed.
Syntax
display users [ all ]
Parameters
all
Example
To display information on the current user interface, enter the following
Displays information on all user interfaces.
<S4200G> display users

UI
Delay
Type
F 0
AUX 0
00:00:00
+
F
Ipaddress
Username
: Current operation user.

: Current operation user work in async mode.F 0
Userlevel
3
AUX 0
00:00:00
The categories of information displayed are as follows:

Table 79 Output description of the display users command
View
Field
Description
Indicates that the user interface is in use and is working in asynchronous mode
UI
The numbers in the left sub-column are the absolute user interface indexes, and
those in the right sub-column are the relative user interface indexes.
Delay
Indicates the interval from the latest input until now, in seconds.
Type
Indicates the user interface type.
IPaddress
Displays the IP address form which the user logs in.
Username
Display the login name of the user who is using this interface
Userlevel
Display the level of the user using this user interface
Any view

Command Reference
display users 323
display users
Purpose
Use the display users command to display the status and configuration
information about user terminal interfaces. Use the display users all command to
view the information on all user terminal interfaces.
Syntax
display users [ all ]
Parameters
all
Example
To display the status and configuration information about user terminal interfaces.
Displays the information about all user terminal

interfaces (including the inactive user terminal
interfaces).
<S4200G>
[S4200G] display users
UI
Delay
F 0
AUX 0
00:00:00
+
F
View
Type
Ipaddress
: Current operation user.

: Current operation user work in async mode.
Username
Any view
Userlevel
3
324 display version

Command Reference
display version
Purpose
Use the display version command to view the software version, issue date and the
basic hardware configuration information.
Syntax
display version
Parameters
None
Example
Display the information about the system version.

<S4200G> display version
Copyright Notice:
All rights reserved (Sep 23 2005).
Without the owner's prior written consent, no decompiling
nor reverse-engineering shall be allowed.
VRP(R) software, Version V2.11, Release 0001
Copyright (c) 2003-2005 3Com Corporation All rights reserved.
Copyright (c) 2000-2003 3Com Corporation All rights reserved.
Switch 4200G 24-Port uptime is 0 week, 0 day, 4 hours, 5 minutes
Switch 4200G 24-Port with 1 MIPS Processor
64M
bytes DRAM
8M
bytes Flash Memory
Config Register points to FLASH
Hardware Version is VER.A
Bootrom Version is 291
[Subslot 0] 24 GE
Hardware Version is VER.A
View
Any view

Command Reference
display vlan 325
display vlan
Purpose
Use the display vlan command to display the ports operating in the
manual/automatic mode in the current voice VLAN.
Syntax
display vlan vlan-id
Parameters
vlan-id
Example
Display the ports included in the current voice VLAN, assuming that the current voice
VLAN is VLAN 6.
Voice VLAN ID. Valid values are 1 to 4,094.
<S4200G> dis vlan 6

VLAN ID: 6
VLAN Type: static
Route Interface: not configured
Description: VLAN 0006
Name: VLAN 0006
Tagged
Ports:
Ethernet1/0/5
Untagged Ports:
Ethernet1/0/6
The output indicates that Ethernet1/0/5 and Ethernet1/0/6 ports are in the current
voice VLAN.
View
Related Command
Any view
voice vlan enable
326 display vlan

Command Reference
display vlan
Purpose
Use the display vlan command to view related information about specified
VLANs or all VLANs.
Syntax
display vlan [ vlan-id1 [ to vlan-id2 ] | all | static | dynamic ]
Parameters
vlan-id1
Specifies the beginning VLAN ID of the VLAN ID range.

Displays information about the VLANs with their ID
within this range. This value ranges from 1 to 4,094.
to
Specifies a VLAN ID range.
vlan-id2
Specifies the ending VLAN ID of the VLAN ID range.

This value ranges from 1 to 4,094 and must be larger
than vlan-id1.
all
Displays information on all VLANs.
static
Displays information on VLANs created statically by the

system.
dynamic
Displays information on VLANs created dynamically by

the system.
Example
To display information about VLAN 2:

<S4200G> display vlan 2
VLAN ID: 2
VLAN Type: static
Route interface: not configured
Description: VLAN 0001
Name: VLAN 0003
Tagged
Ports: none
Untagged Ports:
GigabitEthernet1/0/1 GigabitEthernet1/0/2
Table 80 Description on the fields of the display vlan command
View
Field
Description
VLAN ID
VLAN ID
VLAN Type
VLAN type (dynamic or static)
Route interface
Whether the routing function is enable for this VLAN
Description
Description string
Name
VLAN name
Tagged Ports
The ports that tag packets
Untagged Ports
The ports that do not tag packets
Any view

Command Reference
Description
display vlan 327
The information displayed includes:
VLAN ID
VLAN type (dynamic or static)
Whether the routing function is enabled (If yes, the primary IP address and mask
are displayed.)
VLAN description
Member ports
If no value or keyword is specified, this command displays the list of all the existing
VLANs. If the dynamic or static keyword is specified, this command displays the list of
the VLANs that are created dynamically or statically.
Related Command
vlan
328 display voice vlan oui

Command Reference
display voice vlan oui

Purpose
Use the display voice vlan oui command to display the currently supported
OUI addresses and the related information.
Syntax
Parameters
None
Examples
Display the OUI addresses and the related information of the voice VLAN.
<S4200G> display voice vlan oui
Oui Address
Mask
00e0-bb00-0000
ffff-ff00-0000
0003-6b00-0000
ffff-ff00-0000
00e0-7500-0000
ffff-ff00-0000
00d0-1e00-0000
ffff-ff00-0000
00aa-bb00-0000
ffff-ff00-0000
View
Related Command
Any view
voice vlan enable
Description
3com phone
Cisco phone
Polycom phone
Pingtel phone
ABC

Command Reference
display voice vlan status 329
display voice vlan status

Purpose
Use the display voice vlan status command to display voice VLAN-related
information, including voice VLAN operation mode, port mode (manual mode or
automatic mode), and so on.
Syntax
Parameters
None
Example
Display the information about the voice VLAN.

[S4200G] display voice vlan status
Voice Vlan status: ENABLE
Voice Vlan ID: 2
Voice Vlan security mode: Security
Voice Vlan aging time: 100 minutes
Current voice vlan enabled port mode:
PORT
MODE
-------------------------------Ethernet1/0/2
AUTO
Ethernet1/0/3
MANUAL
Table 81 Description on the fields of the display voice vlan status

command
Field
Description
Voice Vlan status: ENABLE
The voice VLAN function is enabled globally.
Voice Vlan ID: 2
The voice VLAN function is currently enabled on

VLAN 2.
Voice Vlan security mode: Security
The voice VLAN security mode is enabled.
Voice Vlan aging time: 100 minutes
The voice VLAN aging time is 100 minutes.
Current voice vlan enable port mode
The ports with the voice VLAN function enabled
CAUTION: The "Current voice vlan enable port mode" field lists the ports with the
voice VLAN function enabled. Note that a port listed in this field may not currently
operate in a voice VLAN.
View
Related Commands
Any view
display vlan
voice vlan enable
330 domain

Command Reference
domain
Purpose
Use the domain command to create an ISP domain and enter its view, or enter the
view of an existing ISP domain, or configure the default ISP domain.
Use the undo domain command to delete a specified ISP domain.
Syntax
domain { isp-name | default { disable | enable isp-name } }

undo domain isp-name
Parameters
isp-name
default
Specifies an ISP domain name. The name is character

string up to 24 characters in length, excluding:
<
>
Configures the default ISP domain, which is system by

default. There is one and only one default ISP domain.
enable: Enables the default ISP domain specified by

isp-name.
disable: Disables the default ISP domain.
Default
By default, a domain named system has been created in the system. The attributes of
system are all default values. There is one and only one default ISP domain.
Example
To create a new ISP domain, aabbcc.net, enter the following:

New Domain added.
[S4200G-isp-aabbcc.net]
View
System view

Command Reference
Description
domain 331
After you execute the domain command, the system creates a new ISP domain if the
specified ISP domain does not exist. Once an ISP domain is created, it is in the active
state. You can manually configure the default domain only when it already exists.
ISP domain is a group of users belonging to the same ISP. Generally, for a username in
the userid@isp-name format, taking gw20010608@3Com163.net as an example, the
isp-name (that is, 3Com163.net) following the @ is the ISP domain name. When
3Com 4200G Series Ethernet Switches control user access, as for an ISP user whose
username is in userid@isp-name format, the system will take userid part as
username for identification and take isp-name part as domain name.
The purpose of introducing ISP domain settings is to support the application
environment with several ISP domains. In this case, an access device may have
supplicants from different ISP domains. Because the attributes of ISP users, such as
username and password structures, service types, may be different, it is necessary to
separate them by setting ISP domains. In ISP Domain View, you can configure a
complete set of exclusive ISP domain attributes for each ISP domain, which includes
AAA schemes (RADIUS scheme applied and so forth.)
For a Switch, each supplicant belongs to an ISP domain. The system supports up to 16
ISP domains. If a user has not reported its ISP domain name, the system will put it into
the default domain.
When this command is used, if the specified ISP domain does not exist, the system
will create a new ISP domain. All the ISP domains are in the active state when they
are created.
Related Commands
access-limit
display domain
radius-scheme
state
332 dot1x

Command Reference
dot1x
Purpose
Use the dot1x command to enable 802.1x on the specified port or globally, (that is
on the current device).
Use the undo dot1x command to disable the 802.1x on the specified port or
globally.
Syntax
dot1x [ interface interface-list ]

undo dot1x [ interface interface-list ]
Parameters
interface interface-list Ethernet port list. You can specify multiple Ethernet
ports by providing this argument in the form:

[ to interface- name] & < 1-10 >.
The interface-name argument is the port index of an
Ethernet port and can be specified in this form:
interface-num }
interface-num identifies the port number. Note
that the interface name after the keyword to must
have an interface-num that is greater than or equal to
that of the interface-name before to.
&<1-10> means that up to 10 port indexes/port index
lists can be provided,
Default
By default, 802.1x is disabled on all the ports and globally on the device.
Example
To enable 802.1x for GigabitEthernet1/0/1 port, enter the following:

[S4200G] dot1x interface GigabitEthernet 1/0/1
To enable 802.1x globally, enter the following:

<S4200G>system-view
[S4200G] dot1x
View
System view

Command Reference
dot1x 333
Description
Ethernet Port view
When being executed in system view, the dot1x command enables 802.1x globally if
you do not provide the interface-list argument. And if you specify the interface-list
argument, the command enables 802.1x for the specified Ethernet ports. When
being executed in Ethernet port view, this command enables 802.1x for the current
Ethernet port only. In this case, the interface-list argument is not needed.
You can perform 802.1x-related configurations (globally or on specified ports) either
before or after 802.1x is enabled. If you do not previously perform other
802.1x-related configurations when enabling 802.1x globally, the switch adopts the
default 802.1x settings.
802.1x-related configurations take effect on a port only after 802.1x is enabled both
globally and on the port.
Configurations of 8021.x and the maximum number of MAX addresses that can be
learnt are mutually exclusive. This means that when 802.1x is enabled for a port, it
cannot also have the maximum number of MAX addresses to be learned configured
at the same time. And if you configure the maximum number of MAX addresses that
can be learnt for a port, 802.1x is unavailable to it.
Related Command
display dot1x
334 dot1x authentication-method

Command Reference
dot1x authentication-method
Purpose
Use the dot1x authentication-method command to set 802.1x authentication

mode.
Use the undo dot1x authentication-method command to revert to the
default 802.1x authentication mode.
Syntax
dot1x authentication-method { chap | pap | eap }

undo dot1x authentication-method
Parameters
chap
Authenticates with the help of challenge handshake

authentication protocol (CHAP). CHAP applies a
three-way handshaking procedure. In this method,
user names are transmitted rather than passwords.
Therefore this method is safer.
pap
Authenticates with the help of password

authentication protocol (PAP). PAP applies a two-way
handshaking procedure. In this method, passwords are
transmitted in plain text.
eap
Authenticates with the help of extensible

authentication protocol (EAP). In an EAP
authentication method, a switch sends 802.1x
authentication information directly to the RADIUS
server in EAP packets, instead of having to convert
them into RADIUS packets before forwarding to the
RADIUS server. EAP authentication can be realized in
one of the three sub-methods: PEAP, EAP-TLS, and
EAP-MD5.
Default
The default 802.1x authentication method is CHAP.
Example
To specify the authentication method to be PAP, enter the following:

<S4200G>system-view
[S4200G] dot1x authentication-method pap
View
Related Command
System view
display dot1x

Command Reference
dot1x dhcp-launch 335
dot1x dhcp-launch
Purpose
Use the dot1x dhcp-launch command to specify an 802.1x-enabled switch to

launch the process to authenticate a supplicant system when the supplicant system
applies for a dynamic IP address through DHCP.
Use the undo dot1x dhcp-launch command to disable an 802.1x-enabled switch
from authenticating a supplicant system when the supplicant system applies for a
dynamic IP address through DHCP.
Syntax
dot1x dhcp-launch
undo dot1x dhcp-launch
Parameters
None
Default
By default, an 802.1x-enabled switch does not authenticate a supplicant system

when the latter applies for a dynamic IP address through DHCP.
Example
To configure to authenticate a supplicant system when it applies for a dynamic IP

address through DHCP, enter the following:
<S4200G>system-view
[S4200G] dot1x dhcp-launch
View
Related Command
System view
dot1x
336 dot1x guest-vlan

Command Reference
dot1x guest-vlan
Purpose
Use the dot1x guest-vlan command to enable the Guest VLAN function for
specified ports.
Use the undo dot1x guest-vlan command to disable the Guest VLAN function
for specified ports.
Syntax
dot1x guest-vlan vlan-id [ interface interface-list ]

undo dot1x guest-vlan vlan-id [ interface interface-list ]
Parameters
vlan-id
VLAN ID to be assigned to the Guest VLAN. This

argument ranges from 1 to 4,094.
interface-list

interface-num }

Example

To specify the authentication method to be port-based authentication, enter the

following:
<S4200G>system-view
[S4200G] dot1x port-method portbased
To enable the Guest VLAN function for all ports, enter the following:
[S4200G] dot1x guest-vlan 1
View
System view
Ethernet Port view

Command Reference
Description
dot1x guest-vlan 337
When being executed in system view, these two commands apply to all ports if you
do not provide the interface-list argument. If you provide this argument, these two
commands apply to the specified ports.
When being executed in Ethernet port view, these two commands apply to the
current port and the interface-list argument is not needed.
CAUTION:
The Guest VLAN function is available only when the switch operates in the port-based
authentication mode.
Only one Guest VLAN can be configured for a switch.
Supplicant systems that are not authenticated, fail to pass the authentication, or are
offline belong to Guest VLANs.
Before configuring the Guest VLAN function, make sure the VLAN to be specified as
the Guest VLAN already exists.
Related Command
name
vlan-assignment-mode
338 dot1x max-user

Command Reference
dot1x max-user
Purpose
Use the dot1x max-user command to set the maximum number of systems an
Ethernet port can accommodate.
Use the undo dot1x max-user command to restore the default value.
Syntax
dot1x max-user user-number [ interface interface-list ]

undo dot1x max-user [ interface interface-list ]
Parameters
user-number
Maximum number of users a port can accommodate,

ranging from 1 to 256. The default number is 256.
interface-list

interface-num }

Example

To configure the maximum number of users that GigabitEthernet1/01 can

accommodate to be 32, enter the following;
[S4200G] dot1x max-user 32 interface GigabitEthernet 1/0/1
View
Description
System view
Ethernet Port view
When being executed in system view, these two commands apply to all Ethernet
ports of the switch if you do not provide the interface-list argument. And if you

Command Reference
dot1x max-user 339
specify the interface-list argument, these commands apply to the specified Ethernet
ports.
current Ethernet port only. In this case, the interface-list argument is not needed.
Related Command
display dot1x
340 dot1x port-control

Command Reference
dot1x port-control
Purpose
Use the dot1x port-control command to specify the access control method for
specified Ethernet ports.
Use the undo dot1x port-control command to revert to the default access control
method.
Syntax
dot1x port-control { auto | authorized-force | unauthorized-force }

[ interface interface-list ]
undo dot1x port-control [ interface interface-list ]
Parameters
auto
Specifies to operate in auto access control mode. In

this mode, a port is initialized to take all users as
unauthorized:
It only allows EAPoL packets to pass through and
grants users no permission to network resources.
Only after the users have passed the authentication
will the port classify them as authorized and allow
them access to the network resources, which is often
the case.
authorized-force
Specifies to operate in authorized-force access control

mode.
unauthorized-force
Specifies to operate in unauthorized-force access

control mode. Ports in this mode are constantly in
unauthorized state. Supplicant systems connected to
them cannot access the network.
interface-list

interface-num }



Command Reference
dot1x port-control 341
Default
The default access control method is auto.
Example
To specify GigabitEthernet1/0/1 port to operate in unauthorized-force access control

mode, enter the following:
[S4200G] dot1x port-control unauthorized-force interface
GigabitEthernet 1/0/1
View
Description
System view
Ethernet Port view
ports of the switch if you do not provide the interface-list argument. And if
you specify the interface-list argument, these commands apply to the
current Ethernet port only. In this case, the interface-list argument is not
needed.
Related Command
display dot1x
342 dot1x port-method

Command Reference
dot1x port-method
Purpose
Use the dot1x port-method command to specify the access control method for
Use the undo dot1x port-method command to restore the default access control
base.
Syntax
dot1x port-method { macbased | portbased } [ interface interface-list ]

undo dot1x port-method [ interface interface-list ]
Parameters
macbased
Configures the 802.1x authentication system to

perform authentication on the supplicant based on
MAC address.
portbased
Configures the 802.1x authentication system to

perform authentication on the supplicant based on
port number.
interface-list

interface-num }


Default
The default access control method is MAC address-based. That is, the macbased
keyword is specified by default.
View
Ethernet Port view

Command Reference
Example
dot1x port-method 343
To specify to authenticate supplicant systems connected to Ethernet1/0/1 port by port

numbers, enter the following:
<S4200G>system-view
[S4200G] dot1x port-method portbased interface Ethernet 1/0/1
Description
Related Command
Note:
If you specify to authenticate supplicant systems by MAC addresses (that is, the
macbased keyword is specified), all supplicant systems connected to the specified
Ethernet ports are authenticated separately. And if an online user logs off, others
are not affected.
If you specify to authenticate supplicant systems by port numbers (that is, the
portbased keyword is specified), all supplicant systems connected to a specified
Ethernet port are able to access the network without being authenticated if a
supplicant system among them passes the authentication. And when the
supplicant system logs off, the network is inaccessible to all other supplicant
systems either.
ports of the switch if you do not provide the interface-list argument. And if you
specify the interface-list argument, these commands apply to the specified
Ethernet ports.
current Ethernet port only. In this case, the interface-list argument is not needed.
display dot1x
344 dot1x quiet-period

Command Reference
dot1x quiet-period
Purpose
Use the dot1x quiet-period command to enable the quiet-period timer.

Use the undo dot1x quiet-period command to disable this timer.
Syntax
dot1x quiet-period
undo dot1x quiet-period
Parameters
None
Default
By default, the quiet-period timer is disabled.
Example
To enable the quiet-period timer, enter the following:

<S4200G>system-view
[S4200G] dot1x quiet-period
View
Description
Related Commands
System view
When a supplicant system fails to pass the authentication, the authenticator system
(such as a S4200G Ethernet switch) will stay quiet for a period (determined by the
quiet-period timer) before it performs another authentication. During the quiet
period, the authenticator system performs no 802.1x authentication.
display dot1x
dot1x timer

Command Reference
dot1x retry 345
dot1x retry
Purpose
Use the dot1x retry command to specify the maximum number of times a switch
can transmit the authentication request frame to supplicant systems.
Use the undo dot1x retry command to restore the default.
Syntax
dot1x retry max-retry-value

undo dot1x retry
Parameters
max-retry-value
Example
To specify the maximum number of times that the switch will re-send authentication
request packets to be 9, enter the following:
Maximum number of times that a switch sends

authentication request packets to online supplicant
systems. This argument ranges from 1 to 10 and
defaults to 2.
<S4200G>system-view
[S4200G] dot1x retry 9
View
System view
Description
After the Switch has transmitted an authentication request frame to the user for the
first time, if no user response is received during the specified time-range, the Switch
will re-transmit authentication request to the user. This command is used to specify
how many times the Switch can re-transmit the authentication request frame to the
supplicant. When the time is 1, the Switch is configured to transmit the
authentication request frame only once. 2 indicates that the Switch is configured to
transmit authentication request frame once again when no response is received for
the first time and so on. This command has an effect on all the ports after
configuration.
Related Command
display dot1x
346 dot1x retry-version-max

Command Reference
dot1x retry-version-max
Purpose
Use the dot1x retry-version-max command to set the maximum number of

retries for a switch to send version request packets to an online supplicant system.
Use the undo dot1x retry-version-max command to restore the default.
Syntax
dot1x retry-version-max max-retry-version-value

undo dot1x retry-version-max
Parameters
max-retry-version-value
Default
The default is 3.
Example
To configure the maximum number of times that the switch will re-send version
request packets to be 6, enter the following:
Specifies the maximum number of times that a switch

will send version request packets to a supplicant
system. This argument ranges from 1 to 10.
[S4200G] dot1x retry-version-max 6
View
Description
Related Commands
System view
Having sent a version request packet to the supplicant system, the switch will re-send
the packet if within a preset period (as determined by the client version timer) it still
has not received any response from the supplicant system. When the number set by
this command has reached and there is still no response from the supplicant system,
the switch will continue its following authentication without sending further version
requests. This command applies to all ports.
display dot1x
dot1x timer

Command Reference
dot1x timer 347
dot1x timer
Purpose
Use the dot1x timer command to set the 802.1x timers.

Use the undo dot1x timer command to restore the default values.
Syntax
dot1x timer { handshake-period handshake-period-value |

quiet-period quiet-period-value | tx-period tx-period-value |
supp-timeout supp-timeout-value | server-timeout server-timeout-value
|ver-period ver-period-value }
undo dot1x timer { handshake-period | quiet-period | tx-period |
supp-timeout | server-timeout | ver-period }
Parameters
handshake-period
Handshake period timer, triggered when the user has

successfully passed the authentication. It sets the time
interval for the switch to re-send handshake request
packets to check whether the user is still online. If after
N times (as specified by the dot1x retry command) of
retries, the switch still has not received any response
packet from the supplicant system, it will assume that
the user is offline.
handshake-period-value
Specifies the value of the handshake timer, in seconds.

This value can range from 1 to 1024 with a default
value of 15.
quiet-period
Specifies the quiet timer. If an 802.1x user has not

passed the authentication, the Authenticator will keep
quiet for a while (which is specified by quiet-period
timer) before launching the authentication again.
During the quiet period, the Authenticator does not do
anything related to 802.1x authentication.
quiet-period-value
Specifies how long the quiet period is. Valid values are
10 to 120 seconds. If not specified, the default is 60
seconds.
server-timeout
Specifies the timeout timer of an Authentication

Server. If an Authentication Server has not responded
before the specified period expires, the Authenticator
will re-send the authentication request.
server-timeout-value
Specifies how long the duration of a timeout timer of

an Authentication Server is. Valid values are 100 to
300 seconds. If not specified, the default is 100
seconds.
supp-timeout
Specifies the authentication timeout timer of a

Supplicant. After the Authenticator sends
Request/Challenge request packet which requests the
MD5 encrypted text, the supp-timeout timer of the
Authenticator begins to run. If the Supplicant does not
respond back successfully within the time range set by
348 dot1x timer

Command Reference
this timer, the Authenticator will re-send the above

packet.
Example
supp-timeout-value
Specifies how long the duration of an authentication

timeout timer of a Supplicant is. Valid values are 10 to
120 seconds. If not specified, the default is 30
seconds.
tx-period
Specifies the transmission timeout timer. After the

Authenticator sends the Request/Identity request
packet which requests the user name or user name
and password together, timer of the Authenticator
begins to run. If the Supplicant does not respond back
with authentication reply packet successfully, then the
Authenticator will re-send the authentication request
packet.
tx-period-value
Specifies how long the duration of the transmission

timeout timer is. Valid values are 10 to 120 seconds. If
not specified, the default is 30 seconds.
ver-period
Client-version-checking period timer, if within the

period, no response packet has been sent back from
the supplicant system, the switch will re-send the client
version checking request packet.
ver-period-value
Value of the client-version-checking period timer, in

seconds. This value can range from 1 to 30 with a
default value of 30.
To set the Authentication Server timeout timer to 150s, enter the following:
<SW4200G> system-view
[SW4200G]dot1x timer server-timeout 150.
View
System view
Description
During an 802.1x authentication process, multiple timers are triggered to ensure that
the supplicant systems, the authenticator systems, and the Authenticator servers
interact with each other in an arranged way. To make authentications being
processed in a desired way, you can use the dot1x timer command to set values for
these timers as needed. This may be necessary in certain situations or for some tough
network environments. Normally, the defaults are recommended. (Note that some
timers cannot be adjusted.)
Related Command
display dot1x

Command Reference
dot1x version-check 349
dot1x version-check
Purpose
Use the dot1x version-check command to enable 802.1x client version

checking for specified Ethernet ports.
Use the undo dot1x version-check command to disable 802.1x client version
checking for specified Ethernet ports.
Syntax
dot1x version-check [ interface interface-list ]

undo dot1x version-check [ interface interface-list ]
Parameters
interface-list

interface-num }


Default
By default, 802.1x client version checking is disabled on all Ethernet ports.
Example
To configure GigabitEthernet1/0/1 port to check the version of the 802.1x client upon
receiving authentication packets, enter the following:
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] dot1x version-check
View
System view
Ethernet Port view
350 dot1x version-check
Description

Command Reference
In system view, execution of the dot1x version-check command enables the client
version checking function for specified ports if the interface-list argument is specified,
otherwise it enables the function globally. In Ethernet port view, only the current port
can have their client version checking function enabled by executing this command
and the interface-list argument is not needed.

Command Reference
duplex 351
duplex
Purpose
Use the duplex command to set the port duplex attribute.

Use the undo duplex command to restore the default duplex mode (auto).
Syntax
duplex { auto | full | half }

undo duplex
Parameters
Example
auto
Sets the port to auto-negotiation mode.

If not specified, auto is the default duplex mode.
full
Sets the port to full-duplex mode.
half
Sets the port to half-duplex mode.
SEt the GigabitEthernet 1/0/1 port in auto duplex mode

<S4200G>system-view
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1]duplex auto
View
Related Command
Ethernet Port view
speed
352 enable snmp trap updown

Command Reference
enable snmp trap updown

Purpose
Use the enable snmp trap updown command to enable the port to send LINK
UP and LINK DOWN Trap information.
Use the undo enable snmp trap command to disable the port to send LINK UP
and LINK DOWN Trap information.
Syntax

undo enable snmp trap updown
Parameters
None
Default
By default, the port is enabled to send Trap information.
Example
Enable port GigabitEthernet1/0/1 to send LINK UP and LINK DOWN Trap information.
The community name public is used.
[S4200G] snmp-agent trap enable
[S4200G] snmp-agent target-host trap address udp-domain 10.1.1.1 params
securityname public
[S4200G-GigabitEthernet1/0/1] enable snmp trap updown
View
System view
Description
The enable snmp trap and snmp-agent target-host commands are used
at the same time. You can use the snmp-agent target-host command to
specify the hosts receiving Trap information. To send Trap information, you must
configure at least one snmp-agent target-host command.
Related Command
None

Command Reference
end-station polling ip-address 353
end-station polling ip-address

Purpose
Use the end-station polling ip-address command to configure the IP address

requiring periodic testing.
Use the undo end-station polling ip-address command to delete the IP address
requiring periodic testing.
Syntax
end-station polling ip-address ip-address

undo end-station polling ip-address ip-address
Parameters
ip-address
Example
Configure 202.38.160.244 requiring periodical testing.
Specifies the IP address.
<S4200G>system-view
[S4200G]end-station polling ip-address 202.38.160.244
View
Description
System view
The switch can ping an IP address every one minute to test if it is reachable. Three
PING packets can be sent at most for every IP address in every testing with a time
interval of five seconds. If the switch cannot ping successfully the IP address after the
three PING packets, it assumes that the IP address is unreachable.
You can configure up to 50 IP addresses by using the command repeatedly.
Related Commands
ping
tracert
354 execute

Command Reference
execute
Purpose
Use the execute command to execute the specified batch file.
Syntax
execute filename
Parameters
filename
Example
To execute the batch file test.bat in the directory of flash:/, enter the following:
Name of the batch file, consisting of a string up to 256

characters in length, with a suffix of .bat.
<S4200G>sys
[S4200G]execute test.bat
View
Description
System view
The batch command executes the command lines in the batch file one by one. There
should be no invisible character in the batch file. If invisible characters are found, the
batch command will quit the current execution. The forms and contents of the
commands are not restricted in the batch file.

Command Reference
exit 355
exit
Purpose
Use the exit command to terminate the connection to the remote SFTP server and
return to system view.
This command has the same function as the bye and quit commands.
Syntax
exit
Parameters
None
Example
Terminate the connection to the remote SFTP server.

sftp-client> exit
[S4200G]
View
SFTP Client view
356 file prompt

Command Reference
file prompt
Purpose
Use the file prompt command to modify the prompt mode of file operations on the
Switch.
Syntax
file prompt { alert | quiet }
Parameters
alert
Select confirmation on dangerous file operations.

If not specified, the default value is alert.
quiet
No confirmation prompt on file operations.
Example
Configure the prompt mode of file operation as quiet.

[S4200G] file prompt quiet
View
Description
System view
If the prompt mode is set as quiet, so no prompts are shown for file operations,
some non-recoverable operations may lead to system damage.

Command Reference
flow-control 357
flow-control
Purpose
Use the flow-control command to enable port flow control, to avoid packet loss in
the event of network congestion.
Use the undo flow-control command to disable flow control on the port.
Syntax
flow-control
undo flow-control
Parameters
None
Default
By default, flow control is disabled.
Example
Enable flow control on the GigabitEthernet1/0/1 port.

<S4200G>system-view
[S4200G-GigabitEthernet1/0/1]flow-control
Ethernet Port view
358 format

Command Reference
format
Purpose
Use the format command to format a storage device.
Syntax
format device
Parameters
device
Example
Format flash:
Device name.
<S4200G> format flash:

All data on Flash will be lost , proceed with format ? [Y/N] y
% Now begin to format flash, please wait for a while...
Format winc: completed
View
Description
User view
CAUTION:
Formatting a storage device causes all the files on the storage device to get lost.
The operation is irretrievable.
The format operation on the Flash leads to the loss of the configuration files.

Command Reference
free user-interface 359
free user-interface
Purpose
Use the free user-interface command to reset a specified user interface to its
default settings. The user interface will be disconnected after the reset.
Use free user-interface type to reset the interface with the specified type and
type number to its default settings.
Use free user-interface number to reset the interface with the specified index
number to its default settings.
Syntax
free user-interface [type ] number
Parameters
type
number
Example
Specifies the user interface type:
aux (auxilliary user terminal interface
vty (virtual user terminal interface)
Specifies the index number of the user interface. This

argument can be an absolute user interface index (if
you do not provide the type argument) or a relative
user interface index (if you provide the type argument).
Log into user interface 0 and clear user interface 1.

<S4200G> free user-interface 1
After you execute this command, user interface 1 will be disconnected. The user in it
must log in again to connect to the switch.
View
Description
User view
Note that the current user interface can not be cleared.
360 free web-users

Command Reference
free web-users
Purpose
Use the free web-users command to disconnect a specified Web user or all Web
users by force.
Syntax
free web-users { all | user-id userid | user-name username }
Parameters
userid
Web user ID.
username
User name of the Web user. This argument can contain

1 to 80 characters.
all
Specifies all Web users.
Example
Disconnect all Web users by force.

<S4200G> free web-users all
View
User view

Command Reference
ftp 361
ftp
Purpose
Use the ftp command to establish a control connection with an FTP server and enter
FTP client view.
Syntax
ftp [ ipaddress [ port-number ] ]
Parameters
ipaddress
Host name or the IP address of an FTP server. The host

name can be a string comprising 1 to 20 characters.
port-number
Port number of the FTP server, ranging from 0 to

65535. The default is 21.
Example
Connect to the FTP server whose IP address is 2.2.2.2.

<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:
[ftp]
View
User view
362 ftp cluster

Command Reference
ftp cluster
Purpose
Use the ftp cluster command to establish a control connection with a cluster FTP
server. This command also leads you to FTP client view.
Syntax
ftp cluster
Parameters
None
Example
Connect to the cluster FTP server.

<123_1.S4200G> ftp cluster
Trying ...
Connected.
220 FTP service ready.
User(none):hello
331 Password required for hello.
Password:
230 User logged in.
View
User view

Command Reference
ftp server
363
ftp server
Purpose
Use the ftp server command to configure an FTP server on the management device
for the member devices in the cluster.
Use the undo ftp server command to remove the FTP server configured for the
member devices in the cluster.
Syntax
ftp server ip-address

undo ftp server
Parameters
ip-address
Default
By default, the management device acts as the FTP Server.
Example
Configure the IP address of an FTP server on the management device.
IP address of the FTP server to be configured for the

cluster.
[aaa_0.S4200G]cluster
[aaa_0.S4200G-cluster] ftp-server 1.0.0.9
View
Description
System view
You need to configure the IP address of an FTP server first for the member
devices in a cluster to access the FTP server through the management device.
364 ftp server enable

Command Reference
ftp server enable

Purpose
Use the ftp server enable command to enable FTP server and allow FTP users to
log in.
Use the undo ftp server command to disable FTP server and inhibit FTP users
from logging in.
Syntax
ftp sever enable

undo ftp sever
Parameters
None
Default
By default, FTP server is disabled.
Example
Enable the FTP server.

[S4200G] ftp server enable
% Start FTP server
View
System view

Command Reference
ftp timeout 365
ftp timeout
Purpose
Use the ftp timeout command to configure connection timeout interval.

Use the undo ftp timeout command to restore the default connection timeout
interval.
Syntax
ftp timeout minute

undo ftp timeout
Connection idle time (in minutes) ranging from 1 to

35,791. The default connection idle time is 30
minutes.
Parameters
minute
Example
Set the connection idle time to 36 minutes.

[S4200G] ftp timeout 36
View
Description
System view
An FTP server considers an FTP connection to be invalid and terminates the FTP
connection if no data exchange occurs between it and the FTP client for a specific
period of time known as connection idle time.
366 garp timer

Command Reference
garp timer
Purpose
Use the garp timer command to set the GARP Hold, Join or Leaver timer value on
the current port.
Use the undo garp timer command to restore the default value of the GARP
Hold, Join or Leaver timer on the current port.
Syntax
garp timer { hold | join | leave } timer-value

undo garp timer { hold | join | leave }
Parameters
Example
hold
GARP Hold timer. When a GARP entity receives a piece

of registration information, it does not send out the
Join message immediately. Instead, it starts the Hold
timer, and sends out a Join message after the timer
times out, so that all the registration information
received before the timer times out can be put into the
same frame that will be sent to save the bandwidth
resources.
join
To transmit the Join messages reliably to other entities,

a GARP entity sends each Join message two times. The
Join timer is used to define the interval between the
two sending operations of each Join message.
leave
GARP Leave timer. When a GARP entity expects to

unregister a piece of attribute information, it sends out
a Leave message. Any GARP entity receives this
message starts its Leave timer, and unregister the
attribute information after the timer times out if it
does not receives a Join message again before the
timeout.
timer-value
Value of the specified GARP timer (Hold, Join or Leave)

in centiseconds, with a step size of five.
If no values are specified, the default values are 10, 20,
and 60 for Hold, Join and Leave timers respectively.
Set the timeout time of the GARP Join timer on the port GigabitEthernet1/0/1 to 20
centiseconds.
[S4200G-GigabitEthernet1/0/1] garp timer join 20
View
Ethernet Port view

Command Reference
Description
garp timer 367
The ranges of the timers vary depending on the values of other timers. You can set a
timer to a value out of the current range by set the associated timer to another value.
The following table describes the relations between the timers:
Table 82 Relations between the timers
Related Command
Timer
Lower threshold
Upper threshold
Hold
10 centiseconds
This upper threshold is less than or

equal to one-half of the value of the
Join timer. You can change the
threshold by changing the value of
the Join timer.
Join
This lower threshold is greater than or

equal to twice the value of the Hold
timer. You can change the threshold
by changing the value of the Hold
timer.
This upper threshold is less than

one-half of the value of the Leave
timer. You can change the
threshold by changing the value of
the Leave timer.
Leave
This lower threshold is greater than

twice the value of the Join timer. You
can change the threshold by changing
the value of the Join timer.
This upper threshold is less than the

value of the LeaveAll timer. You can
change the threshold by changing
the value of the LeaveAll timer.
LeaveAll
This lower threshold is greater than

32,765 centiseconds
the value of the Leave timer. You can
change threshold by changing the
value of the Leave timer.
display garp timer
368 garp timer leaveall

Command Reference
garp timer leaveall

Purpose
Use the garp timer leaveall command to set the GARP LeaveAll timer to a
specified value.
Use the undo garp timer leaveall command to restore the default value of
the GARP LeaveAll timer.
Syntax
garp timer leaveall timer-value

undo garp timer leaveall
Parameters
timer-value
Example
Set the value of the GARP LeaveAll timer to 100 centiseconds.
Value of the GARP LeaveAll timer (in centiseconds).

Valid values are 65 to 32,765 seconds, with a step size
of five. This value must be greater than the value of
the Leave timer.
If not specified, the default is 1,000 centiseconds (that
is, 10 seconds).
[S4200G] garp timer leaveall 100
View
System view
Description
Once a GARP entity starts up, it starts the LeaveAll timer, and sends out a LeaveALL
message after the timer times out, so that other GARP entities can re-register all the
attribute information on this entity. After that, the entity restarts the LeaveAll timer to
begin a new cycle.
Related Command
display garp timer

Command Reference
get 369
get
Purpose
Use the get command to download a remote file and save the file to the local device.
Syntax
get remotefile [ localfile ]
Parameters
localfile
Name assigned to the file to be saved at the local end.
remotefile
Name of the source file on the remote SFTP server.
Example
Download file temp1.c and save it with name temp.c.

sftp-client> get temp1.c temp.c
View
Description
SFTP Client view
If no local file name is specified, the switch will save the remote file locally with the
same file name as that on the remote FTP server
370 get

Command Reference
get
Purpose
Use the get command to download a remote file and save it as a local file.
Syntax
get remotefile [ localfile ]
Parameters
localfile
Local file name.
remotefile
File name on the FTP server.
Example

<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Download the file named temp.c.

[ftp] get temp.c
200 Port command okay.
150 Opening ASCII mode data connection for temp.c.
...............226 Transfer complete.
FTP: 749881 byte(s) received in 17.186 second(s) 43.00K byte(s)/sec.
View
Description
FTP Client view
If you do not specify the localfile argument, the downloaded file is saved using its
original name.

Command Reference
gratuitous-arp learning enable 371
gratuitous-arp learning enable

Purpose
Use the gratuitous-arp-learning enable command to enable the

gratuitous ARP packet learning function.
Use the undo gratuitous-arp-learning enable command to disable the
gratuitous ARP packet learning function.
Syntax
gratuitous-arp-learning enable
undo gratuitous-arp-learning enable
Parameters
None
Default
By default, the gratuitous ARP packet learning function is enabled.
Example
To enable the gratuitous ARP packet learning function on the switch named
S4200GA, enter the following:
<S4200GA> system-view
[S4200GA] gratuitous-arp-learning enable
View
Description
System view
When the gratuitous ARP packet learning function is enabled on a switch and the
switch receives a gratuitous ARP packet, the switch updates the corresponding ARP
entry (if available in the cache of the switch) using the hardware address of the sender
carried in the gratuitous ARP packet. A switch operates like this whenever it receives a
gratuitous ARP packet.
372 gvrp

Command Reference
gvrp
Purpose
Use the gvrp command to enable GVRP globally (in system view) or on a port (in
Ethernet port view).
Use the undo gvrp command to disable GVRP globally (in system view) or on a port
(in Ethernet port view).
Syntax
gvrp
undo gvrp
Parameters
None
Default
By default, GVRP is disabled both globally and on ports.
Example
Enable GVRP globally.

[S4200G] gvrp
View
Description
Related Command
System view
Ethernet Port view
Note:
Before enabling GVRP on a port, you must first enable GVRP globally.
If GVRP is disabled globally, it is also disabled on ports and you are not allowed to
enable it on any port.
You can enable/disable GVRP only on Trunk port.
After enabling GVRP on the Trunk port, you are not allowed to change the port to
a different type.
display gvrp status

Command Reference
gvrp registration 373
gvrp registration
Purpose
Use the gvrp registration command to configure the GVRP registration type on
a port.
Use the undo gvrp registration command to restore the default GVRP
registration type on a port.
Syntax
gvrp registration { fixed | forbidden | normal }

undo gvrp registration
Parameters
fixed
Allows the manual creation and registration of VLAN

on the current port, and inhibits the dynamic
registration and unregistration of VLAN on the current
port.
forbidden
Unregisters all the VLANs except VLAN 1 on the

current port, and inhibits the creation and registration
of any other VLAN on the current port.
normal
Allows both manual and dynamic creation,

registration, and unregistration of VLANs on the
current port.
Default
By default, the registration type is normal.
Example
Configure the GVRP registration type on the port Ethernet1/0/1 to fixed.

[S4200G] interface Ethernet1/0/1
[S4200G-Ethernet1/0/1] gvrp registration fixed
View
Ethernet Port view
Description
These commands can be operated only on Trunk port.
Related Command
374 habp enable

Command Reference
habp enable
Purpose
Use the habp enable command to enable HABP for a switch.

Use the undo habp enable command to disable HABP for a switch.
Syntax
habp enable
undo habp enable
Parameters
None
Default
By default, HABP is enabled on a switch.
Example
To enable HABP, enter the following:

<S4200G>system-view
[S4200G] habp enable
View
Description
System view
If an 802.1x-enabled switch does not have HABP enabled, it cannot manage the
switches attached to it.

Command Reference
habp server vlan 375
habp server vlan

Purpose
Use the habp server vlan command to configure a switch to operate as an

HABP server and HABP packets to be broadcast in specified VLAN.
Use the undo habp server vlan command to revert to the default HABP mode.
Syntax
habp server vlan vlan-id

undo habp server
Parameters
vlan-id
Default
By default, a switch operates as an HABP client.
Example
To specify the switch to operate as an HABP server and the HABP packets to be
broadcast in VLAN 2, enter the following:
VLAN ID, ranging from 1 to 4,094.
<S4200G>system-view
[S4200G] habp server vlan 2
View
Description
System view
To specify a switch to operate as an HABP server, you need to enable HABP (using the
habp enable command) for the switch first. Even if HABP is not enabled, the client
can still configure the switch to work as an HABP client, although this has no effect.
376 habp timer

Command Reference
habp timer
Purpose
Use the habp timer command to set the interval for a switch to send HABP request
packets.
Use the undo habp timer command to revert to the default interval.
Syntax
habp timer interval

undo habp timer
Parameters
interval
Example
To configure the switch to send HABP request packets once in every 50 seconds
(assuming that the switch operates as an HABP server), enter the following:
Interval (in seconds) to send HABP request packets.

This argument ranges from 5 to 600 and defaults to
20.
<S4200G>system-view
[S4200G] habp timer 50
View
Description
System view
Use these two commands on switches operating as HABP servers only.

Command Reference
header 377
header
Purpose
Use the header command to set the banners that are displayed when a user logs
into a switch. The login banner is displayed on the terminal when the connection is
established. And the session banner is displayed on the terminal if a user successfully
logs in.
Use the undo header command to disable displaying a specific banner or all
banners.
Syntax
header [ shell | incoming | login ] text

undo header [ shell | incoming | login ]
Parameters
login
Sets the login banner. The banner set by this keyword

is valid only when users are authenticated before they
log into the switch and appears while the switch
prompts for user name and password.
shell
Sets the session banner, which appears after a session

is established. If you specify to authenticate login
users, the banner appears after a user passes the
authentication.
Also sets the login banner for users that log in through
modems. If you specify to authenticate login users, the
banner appears after a user passes the authentication.
(The session does not appear in this case.)
text
Example
Banner to be displayed. If no keyword is specified, this

argument is the login banner. You can provide this
argument in two ways. One is to enter the banner in
the same line as the command (A command line can
accept up to 256 characters.) The other is to enter the
banner in multiple lines (you can start a new line by
pressing <Enter>,) where you can enter a banner that
can contain more than 256 characters. Note that the
CLI expects a character the same as the first character
of the banner as the end of the banner. After finishing
entering the banner, you can press <Enter> to exit the
interaction.
Set the session banner.

Option 1: Enter the banner in the same line as the command.
[S4200G] header shell %SHELL: Hello! Welcome%(Make sure the beginning
and end characters of the banner are the same.)
When you log in again, the session banner appears on the terminal as the following:
378 header

Command Reference
[S4200G] quit
<S4200G> quit
Please press ENTER
SHELL: Hello! Welcome(The beginning and end characters of the banner
are not displayed.)
<Quidway>
Option 2: Enter the banner in new lines.

[S4200G] header shell %SHELL: (Following appears when you press
<Enter>:)
Input banner text, and quit with the character '%'.
Continue entering the banner and end the banner with the character identical with
the beginning character of the banner.
Hello! Welcome % (Press <Enter>.)
[S4200G]
When you log in again, the session banner appears on the terminal as the following:
[S4200G] quit
<S4200G> quit
Please press ENTER
%SHELL: (Note that the beginning character of the banner appears.)
Hello! Welcome
<S4200G>purpose_body
View
Description
System view
Note:
If you specify any one of the three keywords without providing the text argument,
the specified keyword will be regarded as the login banner.
As for the beginning character of a banner, note that:
If you only type one character in the first line of a banner, the character is regarded
as the beginning mark and is not displayed.
If you type multiple characters in the first line of a banner and the beginning and
the end characters of the banner in this line are not the same, the character is
displayed.
If you type multiple characters in the first line for the banner and the beginning
and the end character are the same, the beginning character is not displayed.

Command Reference
help 379
help
Purpose
Use the help command to get the help information about the specified or all SFTP
client commands.
Syntax
help [ command ]
Parameters
command
Example
Display the help information about the get command.
Specifies the name of a command.
sftp-client> help get

get remote-path [local-path] Download file
Default local-path is the same with remote-path
View
Description
SFTP Client view
If the command argument is not specified, the help information about all commands
is displayed.
380 history-command max-size

Command Reference
Purpose
Use the history-command max-size command to set the size of the history
command buffer.
Use the undo history-command max-size command to revert to the default
history command buffer size.
Syntax
history-command max-size value

undo history-command max-size
Parameters
value
Example
Set the size of the history command buffer to 20 to enable it to store up to 20

commands.
Size of the history command buffer. Valid values for

this argument range from 0 to 256.
If no value is specified, the default to 10. That is, the
history command buffer can store 10 commands by
default.
[S4200G-ui-aux0] history-command max-size 20
View
User Interface view

Command Reference
holdtime 381
holdtime
Purpose
Use the holdtime command to configure the holdtime of a switch.

Use the undo holdtime command to restore the default holdtime value.
Syntax
holdtime seconds
undo holdtime
Parameters
seconds
Example
Set the holdtime to 30 seconds.
Holdtime (in seconds) ranging from 1 to 255.

If not specified, the default holdtime is 60 seconds.
[aaa_0.S4200G-cluster] holdtime 30
View
Description
Cluster view
If a switch does not receive any information of a peer device during the holdtime, it
sets the state of the peer device to "down". When the communication between the
two resumes, the corresponding member device is re-added to the cluster
(automatically). If the downtime does not exceed the holdtime, the member device
stays in the normal state and needs not to be added again.
Execute these two commands on management devices only. The member devices in a
cluster acquire the holdtime setting from the management device.
382 idle-cut

Command Reference
idle-cut
Purpose
Use the idle-cut command to set the user idle-cut function in current ISP domain.
Syntax
idle-cut { disable | enable minute flow }
Parameters
disable
Inhibits users from enabling the idle-cut function.
enable
Allows users to enable the idle-cut function.
minute
Specifies the maximum idle time. Valid values are 1 to

120 minutes.
flow
Specifies the minimum data flow. Valid values are 1 to

10,240,000 bytes.
Default
Example
To allow users in ISP domain aabbcc.net to enable the idle-cut attribute in user
template (that is, allow the user to use the idle-cut function), with the maximum idle
time of 50 minutes and the minimum data flow of 500 bytes, enter the following:
New Domain added.
[S4200G-isp-aabbcc.net] idle-cut enable 50 500
View
Description
ISP Domain view
The user template is a set of default user attributes. If a user requesting for the
network service does not have some required attributes, the corresponding attributes
in the template will be endeavored to him as default ones. The user template of the
Switch you are using may only provide user idle-cut settings. After a user is
authenticated, if the idle-cut is configured to enable or disable by neither the user nor
the RADIUS server, the user will adopt the idle-cut state in the template.
Because a user template only works in one ISP domain, it is necessary to configure
user template attributes for users from different ISP domain respectively.
Related Command
domain

Command Reference
idle-timeout 383
idle-timeout
Purpose
Use the idle-timeout command to configure the amount of time you want to allow
a user interface to remain idle before it is disconnected.
Use the undo idle-timeout command to revert to the default timeout time.
Syntax
idle-timeout minutes [ seconds ]

undo idle-timeout
Parameters
Example
minutes
Specifies the number of minutes you want to allow a

user interface to remain idle before it is disconnected.
Valid values are 0 to 35,791.
If not specified, the default is 10 minutes.
seconds
Specifies the number of seconds in addition to the

number of minutes. Valid values are 0 to 59. This
parameter is optional.
To configure the timeout value to 1 minute on the AUX user interface, enter the
following:
<S4200G>system-view
[S4200G]user-interface aux 0
[S4200G-ui-aux0]idle-timeout 1 0
View
Description
User Interface view
The connection to a user interface is terminated if no operation is performed in the

user interface within the specified period.
You can use the idle-timeout 0 command to disable the timeout function.
384 igmp host-join vlan

Command Reference
igmp host-join vlan

Purpose
Use the igmp host-join vlan command to configure a routing port to join to a
multicast group.
Use the undo igmp host-join vlan command to remove the configuration.
Syntax
igmp host-join group-address vlan vlan-id

undo igmp host-join group-address vlan vlan-id
Parameters
group-address
Default
By default, a switch port does not belong to any multicast group.
Example
Configure GigabitEthernet 1/0/1 port to join to the multicast group 225.0.0.1.
Address of the target multicast group
[S4200G] interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1] port access vlan 10
[S4200G-GigabitEthernet1/0/1] igmp host-join 225.0.0.1 vlan 10
View
Ethernet Port view
Description
Use this command to configure a routing port to join or remove from a multicast
group.
Related Command
igmp group-policy

Command Reference
igmp-snooping 385
igmp-snooping
Purpose
Use the igmp-snooping command to enable or disable the IGMP Snooping.
Syntax
igmp-snooping { enable | disable }
Parameters
enable
Enables IGMP Snooping.
disable
Disables IGMP Snooping.
Default
By default, IGMP Snooping is disabled on the switch.
Example
Enable IGMP Snooping on the switch.

<4200G>system-view
[S4200G] igmp-snooping enable
View
System view
VLAN view
386 igmp-snooping fast-leave

Command Reference
igmp-snooping fast-leave
Purpose
Use the igmp-snooping fast-leave command to enable IGMP fast leave

processing.
Use the undo igmp-snooping fast-leave command to cancel the
configuration.
Syntax
undo igmp-snooping fast-leave
Parameters
None
Default
By default, IGMP fast leave processing is disabled.
Example
Enable IGMP fast leave processing on the GigabitEthernet1/0/1 port.

<S4200G>system-view
[S4200G-GigabitEthernet1/0/1] igmp-snooping fast-leave
View
Description
Ethernet Port view
Normally, when receiving an IGMP Leave message, IGMP Snooping does not
immediately remove the port from the multicast group, but sends a group-specific
query message. If no response is received in a given period, it then removes the port
from the multicast group.
If this command is executed, when receiving an IGMP Leave message, IGMP Snooping
removes the port from the multicast group immediately. When the port has only one
user, enabling IGMP fast leave processing can save bandwidth.
Note: If the client(s) under the port are IGMP V2enabled, this feature operates
normally (that is, it functions only when the port has only one user). Otherwise, when
the port has multiple users, the leave of one user may disrupt the multicast to every
other user under the port in the same multicast group.

Command Reference
igmp-snooping group-limit 387
igmp-snooping group-limit
Purpose
Use the igmp-snooping group-limit command to set the maximum number

of multicast groups the port can join.
Use the undo igmp-snooping group-limit command to restore the default
setting.
Syntax
igmp-snooping group-limit [ vlan vlan-list
| overflow-replace ]
undo igmp-snooping group-limit [ vlan vlan-list ]
Parameters
limit
Maximum number of multicast groups the port can

join. Valid values are 1 to 256.
overflow-replace
Allows new multicast groups to replace existing

multicast groups in this order: the multicast group with
the least IP address will be replaced first.
vlan-list
VLAN list, in the format of { vlan-id [ to vlan-id ]

}&<1-10>, where vlan-id ranges from 1 to 4,094,
and &<1-10> represents you can input at most 10
VLAN IDs/ VLAN ID ranges.
Default
By default, there is no limit on the number of multicast groups the port can join.
Example
Allow the GigabitEthernet1/0/1 port to join at most 200 multicast groups.

<S4200G>system-view
[S4200G-GigabitEthernet1/0/1] igmp-snooping group-limit 200
View
Ethernet Port view
388 igmp-snooping group-policy

Command Reference
igmp-snooping group-policy
Purpose
Use the igmp-snooping group-policy command to configure an IGMP

Snooping filter ACL.
Use the undo igmp-snooping group-policy command to remove the IGMP
Snooping filter ACL.
Syntax
igmp-snooping group-policy acl-number vlan vlan-id

undo igmp-snooping group-policy vlan vlan-id
Parameters
acl-number
Basic ACL number, in the range of 2000 to 2999.
vlan-id
ID of the VLAN for the Ethernet port, in the range of 1

to 4094.
Default
By default, no IGMP Snooping filter ACL is configured on the switch.
Example
Configure ACL 2000 to allow users under port Ethernet 1/0/1 to access the multicast
streams in groups 225.0.0.0 to 225.255.255.255.
Configure ACL 2000.
<S4200G>system-view
[S4200G-acl-basic-2000] rule permit source 225.0.0.0 0.255.255.255
Create VLAN 2 and add GigabitEthernet 1/0/1 port to VLAN 2.
[S4200G] vlan 2
[S4200G-vlan2] port GigabitEthernet 1/0/1
Configure ACL 2000 on the GigabitEthernet 1/0/1 port to allow this VLAN 2 port
to join only the IGMP multicast groups defined in the rule of ACL 2000.

[S4200G-GigabitEthernet1/0/1] igmp-snooping group-policy 2000 vlan 2
Configure ACL 2001 to allow users under GigabitEthernet 1/0/2 port to access the
multicast streams in any groups except groups 225.0.0.0 to 225.0.0.255.
Configure ACL 2001.

[S4200G-acl-basic-2001] rule deny source 225.0.0.0 0.0.0.255
[S4200G-acl-basic-2001] rule permit source any
Create VLAN 2 and add GigabitEthernet 1/0/2 port to VLAN 2.
[S4200G] vlan 2
[S4200G-vlan2] port GigabitEthernet 1/0/2
Configure ACL 2001 on the GigabitEthernet 1/0/2 port to allow this VLAN 2 port
to join any IGMP multicast groups except those defined in the deny rule of ACL
2001.

Command Reference
igmp-snooping group-policy 389

[S4200G-GigabitEthernet1/0/2] igmp-snooping group-policy 2001 vlan 2
View
Description
System view
Ethernet Port view
You can configure some multicast filter ACLs globally or on the switch ports
connected to user ends so as to use the IGMP Snooping filter function to limit the
multicast programs that the users can access. With this function, you can treat
different VoD users in different ways by allowing them to access the multicast streams
in different multicast groups.
In practice, when a user orders a multicast program, an IGMP report message is
generated. When the message arrives at the switch, the switch examines the
multicast filter ACL configured on the access port to determine if the port can join the
corresponding multicast group or not. If yes, it adds the port to the forward port list
of the multicast group. If not, it drops the IGMP report message and does not forward
the corresponding data stream to the port. In this way, you can control the multicast
programs that users can access.
An ACL rule defines a multicast address or a multicast address range (for example
224.0.0.1 to 239.255.255.255) and is used to:
Allow the port(s) to join only the multicast group(s) defined in the rule by a permit
statement.
Inhibit the port(s) from joining the multicast group(s) defined in the rule by a deny
statement.
One port can belong to multiple VLANs. But for each VLAN on the port, you can
configure only one ACL.
If no ACL rule is configured or the port does not belong to the specified VLAN, the
filter ACL you configured does not take effect on the port.
Since most devices broadcast unknown multicast packets, this function is often
used together with the unknown multicast packet drop function to prevent
multicast streams from being broadcasted to a filtered port as unknown multicast.
390 igmp-snooping host-aging-time

Command Reference
igmp-snooping host-aging-time
Purpose
Use the igmp-snooping host-aging-time command to set the aging time of

multicast member ports.
Use the undo igmp-snooping host-aging-time command to restore the
default aging time.
Syntax
igmp-snooping host-aging-time seconds

undo igmp-snooping host-aging-time
Parameters
seconds
Default
By default, the aging time of multicast member ports is 260 seconds.
Example
Set the aging time of multicast member ports to 300 seconds.
Aging time of multicast member ports. Valid values are

200 to 1000 (in seconds).
<S4200G>system-view
[S4200G] igmp-snooping host-aging-time 300
View
System view
Description
The aging time of multicast member ports determines the refresh frequency of
multicast group members. In an environment where multicast group members
change frequently, you should set a relatively short aging time, and vice versa.
Related Command
igmp-snooping

Command Reference
igmp-snooping max-response-time 391
Purpose
Use the igmp-snooping max-response-time command to configure the

maximum query response time.
Use the undo igmp-snooping max-response-time command to restore the
default maximum time.
Syntax
igmp-snooping max-response-time seconds

undo igmp-snooping max-response-time
Parameters
seconds
Default
By default, the maximum query response time is 10 seconds.
Example
Set the maximum response time to an IGMP Snooping query message to 15 seconds.
Maximum query response time. Valid values are 1 to

25 (in seconds).
<S4200G>system-view
[S4200G] igmp-snooping max-response-time 15
View
Description
Related Commands
System view
The maximum response time you configured determines how long the switch can
wait for a response to an IGMP Snooping query message.
igmp-snooping
392 igmp-snooping router-aging-time

Command Reference
Purpose
Use the igmp-snooping router-aging-time command to configure the aging

time of the router port.
Use the undo igmp-snooping router-aging-time command to restore the
default aging time.
Syntax
igmp-snooping router-aging-time seconds

undo igmp-snooping router-aging-time
Parameters
seconds
Default
By default, the aging time of the router port is 260 seconds.
Example
Set the aging time of the router port to 500 seconds.
Aging time of the router port. Valid values are 1 to

1000 (in seconds).
<S4200G>system-view
[S4200G] igmp-snooping router-aging-time 500
View
Description
Related Commands
System view
The router port here refers to the port connecting the Layer 2 switch to the router.
The Layer 2 switch receives IGMP general query messages from the router through
this port. The aging time of the router port should be a value about 2.5 times of the
general query interval.
igmp-snooping

Command Reference
info-center channel name 393
info-center channel name

Purpose
Use the info-center channel name command to name the channel of the specified
number.
Syntax
info-center channel channel-number name channel-name
Parameters
channel-number
channel-name
Example

Channel name. Valid values are a character string not
exceeding 30 characters, excluding "-", "/" or "\".
Rename channel 0 as execconsole.

[S4200G] info-center channel 0 name execconsole
View
Description
System view
Note: The channel name cannot be duplicated.
394 info-center console channel

Command Reference

Purpose
Use the info-center console channel command to enable information

output to the console through a specified channel.
Use the undo info-center console channel command to disable the
information output.
Syntax
info-center console channel { channel-number | channel-name }
undo info-center console channel
Parameters
channel-number
channel-name

Channel name. The name can be channel6, channel7,
monitor, snmpagent, or trapbuffer.
Default
By default, the switch does not output log information to the console.
Example
Configure channel 0 to output log information to the console.

[S4200G] info-center console channel 0
View
System view
Description
This command works only when the information center is enabled for the system.
Related Command
display info-center
info-center enable

Command Reference
info-center enable 395
info-center enable
Purpose
Use the info-center enable command to enable the information center.

Use the undo info-center enable command to disable the information center.
Syntax
info-center enable
undo info-center enable
Parameters
None
Default
By default, the information center is enabled.
Example
Enable the information center.

[S4200G] info-center enable
View
Description
Related Commands
System view
The switch can output system log information to the log host, the console, and
other destinations only when the information center is enabled.
display info-center
396 info-center logbuffer

Command Reference
Purpose
Use the info-center logbuffer command to enable information output to the

log buffer through the specified channel (you can also set the size of the log buffer in
this command).
Use the undo info-center logbuffer command to disable the information
output.
Syntax
info-center logbuffer [ channel { channel-number | channel-name } |

[size buffersize ]
undo info-center logbuffer [ channel | size ]
Parameters
channel
channel-number
Sets the channel through which output information

goes to the memory buffer.
channel-name
Channel name, which can be channel6, channel7,

monitor, snmpagent or trapbuffer.
size
Configures the size of buffer.
buffersize

of messages it holds. This argument ranges from 0 to
1024 and defaults to 512.
Default
By default, the switch outputs information to the log buffer, which holds 512 records
by default.
Example
Configure the switch to output information to the log buffer with the size of 50.
[S4200G] info-center logbuffer size 50
View
System view
Description
This command takes effect only after system logging is enabled.
Related Command
info-center enable
display info-center

Command Reference
info-center monitor channel 397

Purpose
Use the info-center monitor channel command to enable information output to

terminals through a specified channel.
Use undo info-center monitor channel command to disable the information
output.
Syntax
info-center monitor channel { channel-number | channel-name }

undo info-center monitor channel
Parameters
channel-number

channel-name
Channel name. Valid values are channel6, channel7,

monitor, snmpagent, and trapbuffer.
Default
By default, switches do not output log information to user terminal.
Example
Set channel 0 to send log information to user terminal.

[S4200G] info-center monitor channel 0
View
System view
Description
This command works only when the information center is enabled for the system
Related Commands
display info-center
info-center enable
398 info-center snmp channel

Command Reference
info-center snmp channel

Purpose
Use the info-center snmp channel command to enable information output to the
SNMP through a specified channel.
Use undo info-center snmp channel command to restore the default SNMP
channel, that is, channel 5.
Syntax
info-center snmp channel { channel-number | channel-name }

undo info-center snmp channel
Parameters
Example
channel-number

channel-name
Channel name. Valid values are channel6, channel7,

monitor, snmpagent, and trapbuffer.
Set channel 6 as the SNMP information channel.

[S4200G] info-center snmp channel 6
View
Related Command
System view
snmp-agent
display info-center

Command Reference
info-center source
Purpose
Use the info-center source command to add a record (that is, an information
source) to an information channel.
Use the undo info-center source command to delete an information source from
an information channel.
Syntax
info-center source { modu-name | default } channel { channel-number |

channel-name } [ debug { level severity | state state }* | log { level
severity | state state }* | trap { level severity | state state } ] *
undo info-center source { modu-name | default } channel {
channel-number | channel-name }
Parameters
modu-name
Module name. See Table 83.
default
All the modules.
log
Specifies to output log information.
trap
Specifies to output trap information.
debugging
Specifies to output debug information.
level
Specifies an information severity level.
severity
Information severity level. The information with

severity level greater than this level will not be output.
If not specified, the default log information level is
warnings; the default trap information level is
debugging; and the default debugging information
level is debugging.
Note: If you only specify the level for one or two of the three types of information,
the level(s) of the unspecified type(s) return to the default. For example, if you only
define the level of the log information, then the levels of the trap and debugging
information return to the defaults.
You may specify any of the following severity levels:
emergencies
Level 1 information, which cannot be used by the

system.
alerts
Level 2 information, to be reacted immediately.

critical
Level 3 information, critical information.

errors
Level 4 information, error information.

warnings
level 5 information, warning information.

notifications
400 info-center source

Command Reference
Level 6 information, showed normally and

important.
informational
Level 7 information, notice to be recorded.

debugging
Level 8 information, generated during the

debugging progress.
channel-number
Channel number to be set.
channel-name
Channel name to be set. Valid values are channel6,

channel7, channel8, channel9, console, logbuffer,
loghost, monitor, snmpagent, and trapbuffer.
state
Set the state of the information.
state
Specify the state as on or off.

By default, the log information level is warnings, the
trap information level is debugging, the debugging
information level is debugging.
Table 83 Module names in logging information

Module name
Description
8021X
802.1X module
ACL
Access control list module
AM
Access management module
ARP
Address resolution protocol module
CFAX
Configuration proxy module
CFG
Configuration management platform module
CFM
Configuration file management module
CMD
Command line module
COMMONSY
Common system MIB module
DEV
Device management module
DHCC
DHCP Client module
DHCP
Dynamic host configuration protocol module
DRV
Driver module
DRV_MNT
Driver maintenance module
ESP
End-station polling module
ETH
Ethernet module
FIB
Forwarding module
FTM
Fabric topology management module
FTMCMD
Fabric topology management command line

module
FTPS
FTP server module
HA
High availability module
HTTPD
HTTP server module
IFNET
Interface management module
IGSP
IGMP snooping module
IP
IP module
IPC
Inter-process communication module
IPMC
IP multicast module
L2INF
Interface management module

Command Reference
Table 83 Module names in logging information (continued)
Example
Module name
Description
LACL
LANswitch ACL module
LQOS
LANswitch QoS module
LS
Local server module
MPM
Multicast port management module
NTP
Network time protocol module
PPRDT
Protocol packet redirection module
PTVL
Driver port, VLAN (Port & VLAN) module
QACL
QoS/ACL module
QOSF
Qos profile module
RDS
Radius module
RM
Routing management
RMON
Remote monitor module
RSA
Revest, shamir and adleman encryption system
RTPRO
Routing protocol
SHELL
User interface
SNMP
Simple network management protocol
SOCKET
Socket
SSH
Secure shell module
STP
Spanning tree protocol module
SYSMIB
System MIB module
TELNET
Telnet module
UDPH
UDP helper module
VFS
Virtual file system module
VTY
Virtual type terminal module
WCN
Web management module
XM
XModem module
Configure to output the log information of the VLAN module on the snmp channel,
and only output the log information above the "emergencies" severity.
[S4200G] info-center source vlan channel snmpagent log level
emergencies
View
Description
System view
This command can be used for filtering of log, trap, or debug information. For
example, it can control log output from the IP module to any direction. You can
configure IP module log information above the "warning" severity to be output to
the log host, and those above the "informational" severity output to the log buffer.
You can also configure IP module trap information to be output to a specific trap
host.
402 info-center source

Command Reference
In addition, you can use this command to specify the filtering channel for each output
direction. Information is sent to the proper direction after being filtered through the
specified channel. Therefore, in this command, you can set the channel to be used for
an output direction and the filter of the channel for information filtering and
redirection.
Each output direction is assigned with a default information channel at present,
shown as follows:
Table 84 Information channel in each output direction by default
Output direction
Information channel name
Console
console
Monitor terminal
monitor
Log buffer
logbuffer
Trap buffer
trapbuffer
snmp
snmpagent
Each information channel is configured with a default record, whose module name is
"all" and module number is 0xffff0000. In the record, the default settings for log,
trap and debug information may differ with channels. If no record is configured for a
channel, this default record is adopted.

Command Reference
info-center synchronous 403
info-center synchronous
Purpose
Use the info-center synchronous command to enable synchronous terminal

output.
Use the undo info-center synchronous command to disable synchronous
terminal output.
Syntax
undo info-center synchronous
Parameters
None
Default
By default, the synchronous terminal output function is disabled.
Example
Enable synchronous terminal output.

[S4200G]info-center synchronous
Current IC terminal output sync is on
View
Description
System view
Use the info-center synchronous command to enable synchronous terminal

output, so that if system information (such as log information) is output when the
user is inputting, the command prompt and input information are echoed after the
output (note that, the command prompt is echoed in command edit state but is not
echoed in interactive state).
While enabled, the synchronous information output function allows the system to
display command line prompts and users input so far after each system output,
helping users continue with their input.
Note:
Use the info-center synchronous command to prevent users input from

being interrupted by system output and to realize synchronous information
output.
It is recommended that you disable this function during debugging, as the

info-center synchronous command produces unnecessary output by
displaying command line prompts after each piece of debugging information.
404 info-center timestamp

Command Reference
info-center timestamp
Purpose
Use the info-center timestamp command to set the format of time stamp
included in the log/trap/debug information or specify not to include time stamp in the
information.
Use the undo info-center timestamp command to restore the default time stamp
format.
Syntax
info-center timestamp { log | trap | debugging } { boot | date | none }

undo info-center timestamp { log | trap | debugging }
Parameters
log
Specifies log information.
trap
Specifies trap information.
debugging
Specifies debug information.
boot
Specifies to adopt the time elapsed since system boot,

which is in the format of "xxxxxx.yyyyyy", where
xxxxxx is the high 32 bits and yyyyyy the low 32 bits of
the elapsed milliseconds.
date
Specifies to adopt the current system date and time,

which is in format "yyyy/mm/dd-hh:mm:ss" for
Chinese environment and "mm/dd/yyyy-hh:mm:ss" for
English environment.
None
Specifies not to include time stamp in specified output

information.
Default
By default, the date time stamp is adopted for all types of information.
Example
Set the boot time stamp for debug information.

[S4200G] info-center timestamp debugging boot
View
System view

Command Reference
info-center trapbuffer 405
info-center trapbuffer
Purpose
Use the info-center trapbuffer command to enable information output to the

trap buffer.
Use the undo info-center trapbuffer command to disable information output to
the trap buffer.
Syntax
info-center trapbuffer [ size buffersize ][ channel { channel-number |

channel-name } ]
undo info-center trapbuffer [ channel | size ]
Parameters
Example
size
Sets the size of the trap buffer.
buffersize
Size of the trap buffer, represented by the number of

messages it holds, ranging from 0 to 1024 and
defaulting to 256.
channel
Sets the channel through which information is sent to

the trap buffer.
channel-number

channel-name
Channel name.
Enable the switch to send information to the trap buffer, whose size is set to 30.
[S4200G] info-center trapbuffer size 30
View
System view
Description
This command takes effect only after system logging is enabled.
Related Commands
display info-center
info-center enable
406 instance

Command Reference
instance
Purpose
Use the instance command to map specified VLANs to a specified spanning tree
instance.
Use the undo instance command to remove the mappings from specified VLANs
to a specified spanning tree instance.
Syntax
instance instance-id vlan vlan-list

undo instance instance-id [ vlan vlan-list ]
Parameters
instance-id
Specifies the ID of a spanning tree instance. Valid

values are 0 to 16. A value of 0 specifies the CIST.
vlan-list
Specifies the list of VLANs. You must provide this

argument in the form:
vlan-list = { vlan-id [ to vlan-id ] }&<1-10>
&<1-10> means that you can provide up to 10 VLAN
IDs/VLAN ID lists for this argument. Normally, a VLAN
ID can be a number ranging from 1 to 4094. VLANs
with their IDs beyond this range (if the switch supports
this kind VLAN IDs), such as VLAN 4095 and VLAN
4096, can only be mapped to the CIST (spanning tree
instance 0).
Default
By default, all VLANs are mapped to the CIST.
Example
To map VLAN 2 to spanning tree instance 1, enter the following:

[S4200G-mst-region] instance 1 vlan 2
View
Description
MST Region view
VLAN-to-spanning tree instance mappings are recorded in the VLAN mapping table of
an MSTP switch. So these two commands are actually used to manipulate the VLAN
mapping table. You can add/remove a VLAN to/from the VLAN mapping table of a
specific spanning tree instance by using these two commands.
Note that a VLAN cannot be mapped to multiple spanning tree instances at the same
time. A VLAN-to-spanning tree instance mapping is automatically removed if you map
the VLAN to another spanning tree instance.

Command Reference
Related Commands
instance 407
region-name
revision-level
vlan-mapping modulo
408 interface

Command Reference
interface
Purpose
Use the command interface command to enter Ethernet port view. To configure
parameters for a port, you must enter the port view first.
Syntax
interface interface-type interface-number

interface-type
Specifies the port (interface) type. The interface type

can be either Aux, Ethernet, GigabitEthernet , NULL,
Vlan-interface.
interface-number
Specifies the port (interface) number in the format

Specifies the unit number. Valid values are 1 to 8.
Specifies the port number. Valid values are 1 to 28 or 1
to 52, depending on the number of ports you have on
your unit.
Example
Enter GigabitEthernet1/0/1 port view.

<S4200G>system-view
[S4200G]interface GigabitEthernet1/0/1
View
System view

Command Reference
409
Purpose
Use the interface vlan-interface command to create a management VLAN

interface and enter management VLAN interface view.
Use the undo interface vlan-interface command to remove the management
VLAN interface.
Syntax
interface vlan-interface vlan-id

undo interface vlan-interface vlan-id
Parameters
vlan-id
Example
Create VLAN 10 and configure it to be the management VLAN. Enter VLAN 10

interface view.
The ID of the management VLAN interface you want

to configure. Valid values are 1 to 4094.
If not specified, the default is VLAN1, which cannot be
deleted.
[S4200G] vlan 10
[S4200G-vlan10] quit
[S4200G-Vlan-interface10]
View
Description
System view
Before creating a management VLAN interface, make sure the VLAN identified by the
vlan-id argument is created and is configured to be the management VLAN.
Note:
To configure the management VLAN of a switch operating as a cluster management
device to be a cluster management VLAN (using the management-vlan vlan-id
command) successfully, make sure the vlan-id argument provided in the
management-vlan vlan-id command is consistent with that of the management
VLAN.
Related Command
410 ip address

Command Reference
ip address
Purpose
Use the ip address command to assign an IP address (and mask) to a management

VLAN interface.
Use the undo ip address command to remove the IP address assigned to a
management VLAN interface.
Syntax
ip address ip-address net-mask

undo ip address [ ip-address netmask ]
Parameters
Example
ip-address
Specifies the IP address to be assigned to the

management VLAN interface.
If not specified, the default IP address is Null.
net-mask
Specifies the mask of the IP address to be assigned to

the management VLAN interface.
Assign an IP address (and the mask) to the management VLAN interface. (Assume
that VLAN 1 is the management VLAN.)
[S4200G-Vlan-interface1] ip address 1.1.1.1 255.0.0.0
View
Description
VLAN Interface view
Usually, only one IP address is required for each interface. If you want to connect the
interface to several subnets, you can configure an IP addresses for each subnet.
Before you can cancel the primary IP address of an interface, you must cancel any
secondary IP addresses.
The subnet address of an IP address can be identified by subnet mask. For instance,
the IP address of an interface is 202.38.10.102, and the mask is 255.255.0.0. You can
confirm that the subnet address is 202.38.0.0 by performing the logic operation
AND on the IP address and mask.
Note: The VLAN interface cannot be configured with the secondary IP address if its IP
address is set to be allocated by BOOTP or DHCP.
Related Command

Command Reference
ip address bootp-alloc 411
ip address bootp-alloc
Purpose
Use the ip address bootp-alloc command to configure VLAN interface to obtain IP

address using BOOTP.
Use the undo ip address bootp-alloc command to cancel the configuration.
Syntax
undo ip address bootp-alloc
Parameters
None
Default
By default, the VLAN interface does not use BOOTP to obtain an IP address.
Example
Configure the management VLAN interface to obtain an IP address through BOOTP.

(Assume that VLAN 1 is the management VLAN.):
[S4200G-Vlan-interface1] ip address bootp-alloc
View
Related Command
VLAN Interface view
412 ip address dhcp-alloc

Command Reference
ip address dhcp-alloc
Purpose
Use the ip address dhcp-alloc command to configure VLAN interface to

obtain an IP address using DHCP.
Use the undo ip address dhcp-alloc command to cancel the configuration.
Syntax
undo ip address dhcp-alloc
Parameters
None
Default
By default, the VLAN interface does not use DHCP to obtain an IP address.
Example
Configure the management VLAN interface to obtain an IP address through DHCP.

(Assume that VLAN 1 is the management VLAN.)
[S4200G-Vlan-interface1] ip address dhcp-alloc
View
VLAN Interface view

Command Reference
ip host 413
ip host
Purpose
Use the ip host command to configure a host name and the corresponding IP
address for a switch.
Use the undo ip host command to remove the host name and the corresponding IP
address of a switch.
Syntax
ip host hostname ip-address

undo ip host hostname [ ip-address ]
Parameters
Example
hostname
Specifies the host name of the connecting device,

which may be up to 20 characters long. The character
string can include letters, numbers, "_", and ",", and
must contain at least one letter.
If not specified, the default host name is Null.
ip-address
Specifies the hosts IP address, in dotted decimal

notation.
If not specified, the default IP address is Null.
Configure the host name and the corresponding IP address of a switch to be

Lanswitch2 and 10.110.0.2
[S4200G] ip host Lanswitch2 10.110.0.2
View
Related Command
System view
display ip host
414 ip http acl

Command Reference
ip http acl
Purpose
Use the ip http acl command to apply an ACL to filter Web users.
Use the undo ip http acl command to disable the switch from filtering Web users
using the ACL.
Syntax
ip http acl acl-number

undo ip http acl
Parameters
acl-number
Example
Apply ACL 2000 to filter Web users (assuming that ACL 2,000 already exists.)
Specifies a basic ACL. Valid values are a number from

2000 to 2999.
[S4200G] ip http acl 2000
View
System view
User Interface view

Command Reference
ip-pool 415
ip-pool
Purpose
Use the ip-pool command to configure a private IP address range for cluster
members on the switch to be set as the management device.
Use the undo ip-pool command to cancel the IP address configurations of the
cluster.
Syntax
ip-pool administrator-ip-address { ip-mask | ip-mask-length }

undo ip-pool
Parameters
Example
administrator-ipaddress
IP address of the management device of a cluster.
ip-mask
Mask of the cluster IP address pool.
ip-mask-length
Mask length of the cluster IP address pool.
Configure the IP address range of a cluster.

<S4200G>system-view
[S4200G]cluster
[S4200G-cluster] ip-pool 10.200.0.1 20
View
Description
Cluster view
Before setting up a cluster, the user should configure a private IP address pool for
cluster member devices. When a candidate device is added, the management device
will dynamically assign a private IP address, which can be used for communication
inside the cluster. In this way, the user can use the management device to manage
and maintain the member devices.
The commands can only be executed on a non-cluster-member switch. The IP address
range of an existing cluster cannot be modified.
416 ip route-static

Command Reference
ip route-static
Purpose
Use the ip route-static command to configure a static route.

Use the ip route-static command to configure a static route, whose validity
depends on detecting results as follows: valid when the detecting result is reachable
or invalid when the detecting result is unreachable.
Use the undo ip route-static command to remove an existing static route.
Syntax
ip route-static ip-address { mask | mask-length } { null

null-interface-number | gateway-address } [ preference preference-value
] [ reject | blackhole ] description text ]
undo ip route-static ip-address { mask | mask-length } { null
null-interface-number | gateway-address } [ preference preference-value
]
Parameters
ip-address
Destination IP address in dotted decimal notation.
mask
IP address mask.
mask-length
Mask length, consisting of an integer from 0 to 32.
null null-interface-numberSpecifies a null interface. A null interface is a virtual
interface. Packets destined for a null interface is

discarded. Null interface helps to reduce system load.
gateway-address
IP address of the next hop of this route, in dotted

decimal notation.
preference-value
Preference value of the route. Valid values are 1 to

255.
reject
Specifies the route to be an unreachable route.
blackhole
Specifies the route to be a blackhole route.
description text
Specifies a descriptive string for the static route. The

text argument is a string comprised of 1 to 60
characters.
Default
By default, the system can obtain the routes to the subnets directly connected to a
router.
Example
Configure the next hop of the default route to be 129.102.0.2.

[S4200G] ip route-static 0.0.0.0 0.0.0.0 129.102.0.2
View

Command Reference
ip route-static 417
Description
System view
If you do not specify the preference when configuring a static route, the value
specified by the ip route-static default-preference command (which defaults to 60) is
adopted. Note that routes with the same destinations, the same next hops, but
different preferences are different routes. Among these routes, the one with least
preference (which means the highest preference) is chosen to be the current route. A
route configured using the ip route-static command is a reachable route if neither of
the reject and blackhole keywords is specified.
Note the following when configuring a static route:
Related Command
The next hop address of a static route cannot be the VLAN interface address of the
local switch.
A static route with both its destination IP address and mask both being 0.0.0.0 is
the default route. When no matched entry is found in the routing table, a received
packet is forwarded according to the default route.
ip route-static default-preference
418 ip route-static

Command Reference
ip route-static
Purpose
Use the ip route-static command to configure a static route, whose validity

depends on detecting results as follows: valid when the detecting result is reachable
or invalid when the detecting result is unreachable.
Use the undo ip route-static command to remove the configured static route.
Syntax
ip route-static ip-address { mask | mask-length } [ interface-type

interface-number | next-hop [ preference preference-value ] [ reject |
blackhole ]
undo ip route-static ip-address { mask | mask-length }[interface-type
interface-number ] [ next-hop ] [ preference preference-value ][ reject
| blackhole ]
Parameters
ip-address
Destination IP address in dotted decimal notation.
mask
Subnet mask.
mask-length
Length of the subnet mask, that is, the number of

successive bits in the subnet mask whose values are 1.
interface-type
interface-number
Example
Specifies the interface of the route. The packets that

are sent to a NULL interface, a kind of virtual interface,
will be discarded immediately. This can decrease the
system load.
next-hop
Next hop IP address in dotted decimal notation.
preference-value
Preference value of the route. This argument ranges

from 1 to 255. The default preference is 60.
reject
Specifies the route to be unreachable. If you specify

this keyword when executing this command, any
packet destined for the specified IP address is
discarded, and the system informs the source that the
destination is unreachable.
blackhole
Specifies the route to be a black hole. If you specify

this keyword when executing this command, all
outbound interfaces of the static route are the Null 0
interfaces regardless of the next hop. In addition, the
system discards any packet transmitted along this
route without informing the source.
Configure the next hop of the default route as 129.102.0.2.

[S4200G] ip route-static 0.0.0.0 0.0.0.0 129.102.0.2

Command Reference
View
ip route-static 419
System view
420 jumboframe enable

Command Reference
jumboframe enable
Purpose
Use this command to allow jumbo frames to pass through the Ethernet port.
Syntax
jumboframe enable
undo jumboframe enable
Example
To allow jumbo frames to pass through GigabitEthernet1/0/3.

[4200G] interface GigabitEthernet 1/0/3
[4200G-GigabitEthernet1/0/3]dis this
#
undo jumboframe enable
#
return
[4200G-GigabitEthernet1/0/3]jumboframe enable
[4200G-GigabitEthernet1/0/3]dis this
#
#
return
[4200G-GigabitEthernet1/0/3]q
[4200G]
View
Description
Ethernet port view
Use the jumboframe enable command to allow jumbo frames to pass through the
current Ethernet port. The maximum frame size supported is 9216 bytes.
Use the undo jumboframe enable command to inhibit jumbo frames from passing
through the current Ethernet port.

Command Reference
key 421
key
Purpose
Use the key command to specify a shared key for the RADIUS
authentication/authorization packets or accounting packets.
Use the undo key command to restore the corresponding default shared key.
Syntax
key { accounting | authentication } string

undo key { accounting | authentication }
Parameters
Example
accounting
Specifies the shared key for the RADIUS accounting

packets.
authentication
Specifies a shared the encryption key for RADIUS

authentication/authorization packet.
string
Specifies the key with a character string not exceeding

16 characters.
If not specified, the default key is 3Com.
To set the shared key for the RADIUS accounting packets in RADIUS scheme radius1
to ok.
New Radius scheme
[S4200G-radius-radius1] key authentication hello
To set the shared key for the RADIUS accounting packets in RADIUS scheme radius1
to ok.
New Radius scheme
[S4200G-radius-radius1] key accounting ok
View
Description
RADIUS Scheme view
The RADIUS client and server adopt MD5 algorithm to encrypt the RADIUS packets
exchanged with each other. The two parties verify the validity of the exchanged
packets by using the shared keys that have been set on them, and can accept and
respond to the packets sent from each other only if both of them have the same
shared keys. If the authentication/authorization server and the accounting server are
422 key

Command Reference
two separate devices and the two servers have different shared keys, you must set the
shared keys for authentication/authorization packets and accounting packets
respectively on the switch.
Related Commands
primary accounting
primary authentication
radius scheme.

Command Reference
lacp enable 423
lacp enable
Purpose
Use the lacp enable command to enable the LACP protocol on the current port.
Use the undo lacp enable command to disable the LACP protocol on the current
port.
Syntax
lacp enable
undo lacp enable
Parameters
None
Example
Enable LACP protocol on the port GigabitEthernet1/0/1.

[S4200G-GigabitEthernet1/0/1] lacp enable
View
Description
Ethernet Port view
The Switch will select the lowest port number as the master port for the link
aggregation. This applies to all types of link aggregation. If the aggregation spans a
stack of units and the same ports are used, the unit number will be the tie-breaker.
For example, 1/0/1 and 2/0/1 are in an aggregation. Port 1/0/1 will be the master port.
424 lacp port-priority

Command Reference
lacp port-priority
Purpose
Use the lacp port priority command to configure port priority value.
Use the undo lacp port-priority command to restore the default port priority
value.
Syntax
lacp port-priority port-priority

undo lacp port-priority
Parameters
port-priority
Example
Set the priority of the port GigabitEthernet1/0/1 to 64.
Port priority value. Valid values are 0 to 65,535.

If not specified, the default value set is 32,768.
[S4200G-GigabitEthernet1/0/1] lacp port-priority 64
View
Related Commands
Ethernet Port view

Command Reference
lacp system-priority 425
lacp system-priority
Purpose
Use the lacp system-priority command to configure system priority value.

Use the undo lacp system-priority command to restore the default system priority
value.
Syntax
lacp system-priority system-priority

undo lacp system-priority
Parameters
system-priority
Example
Set the system priority to 64.
System priority value. Valid values are 0 to 65,535.

If not specified, the default is 32,768.
[S4200G] lacp system-priority 64
View
Related Command
System view
426 language-mode

Command Reference
language-mode
Purpose
Use the language-mode command to toggle between the language modes (that is,
language environments) of the command line interface (CLI) to meet your
requirement.
Syntax
language-mode { chinese | english }
Parameters
chinese
Sets the CLI language environment to Chinese.
english
Sets the CLI language environment to English.
Default
By default, the CLI language mode is english.
Example
Toggle from the english mode to the chinese mode.

<S4200G> language-mode chinese
View
User view

Command Reference
lcd 427
lcd
Purpose
Use the lcd command to display the local work directory on the FTP client.
Syntax
lcd
Parameters
None
Example

<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Display the local work directory.

[ftp] lcd
% Local directory now flash:/temp
View
FTP Client view
428 level

Command Reference
level
Purpose
Use the level command to set the priority level of the user.
Use the undo level command to restore the default priority level of the user.
Syntax
level level
undo level
Parameters
level
Default
The default user priority level is 0.
Example
To set the level of user1 to 3, enter the following:
Specifies the priority level of the user. level is an

integer ranging from 0 to 3.
[S4200G-luser-user1] level 3
View
Description
Local User view
The priority level of the user corresponds to the command level of the user. Refer to
the description of the command-privilege level command in the command
line interface module.
If the configured authentication mode is none authentication or password
authentication, the command level that a user can access after login depends on the
priority of user interface. In the case of authentication requiring both username and
password, however, the accessible command level depends on user priority level.
lIf the configured authentication method requires a user name and a password, the
command level that a user can access after login is determined by the priority level of
the user. For SSH users, when they use RSA shared keys for authentication, the
commands they can access are determined by the levels sets on the user interfaces.
Related Command
local-user

Command Reference
link-aggregation group description 429

Purpose
Use the link-aggregation group description command to set a description for

an aggregation group.
Use the undo link-aggregation group agg-id description command to remove
the description of an aggregation group.
Syntax
link-aggregation group agg-id description agg-name

undo link-aggregation group agg-id description
Parameters
Example
agg-id
Aggregation group ID. Valid values are 1 to 50.
agg-name
Aggregation group name, consisting of a character

Set the description "abc" for aggregation group 22.

[S4200G] link-aggregation group 22 description abc
View
System view
Description
If you have saved the current configuration with the save command, after system
reboot, the manual and static aggregation groups and their descriptions still exist, but
the dynamic aggregation groups and their descriptions disappear.
Related Command
430 link-aggregation group mode

Command Reference

Purpose
Use the link-aggregation group mode command to create a manual or static

aggregation group.
Use the undo link-aggregation group command to delete an aggregation group.
Syntax
link-aggregation group agg-id mode { manual | static }

undo link-aggregation group agg-id
Parameters
Example
agg-id
manual
Creates a manual aggregation group.
static
Creates a static aggregation group.
To create manual aggregation group 22, enter the following:

[S4200G] link-aggregation group 22 mode manual
View
Description
System view
The Switch will select the lowest port number as the master port for the link
aggregation. This applies to all types of link aggregation. If the aggregation spans a
stack of units and the same ports are used, the unit number will be the tie-breaker.
For example, 1/0/1 and 2/0/1 are in an aggregation. Port 1/0/1 will be the master port.
A manual or static aggregation group can have up to eight ports. You can use the
link-aggregation group agg-id mode command to change an existing dynamic
aggregation group into a manual or static one. If the port number in a group exceeds
eight, this operation fails and the system prompts you about the configuration failure.
Related Command

Command Reference
local-server 431
local-server
Purpose
Use the local-server command to configure the parameters of local RADIUS server.
Use the undo local-server command to cancel a local RADIUS server.
Syntax
local-server nas-ip ip-address key password

undo local-server nas-ip ip-address
Parameters
nas-ip ip-address
Specifies the IP address of the local RADIUS server.

ip-address is expressed in the format of dotted
decimal.
key password
Specifies the shared key of the local RADIUS server.

password is a character string up to 16 characters in
length.
Default
By default, a local RADIUS authentication server has already been created with the
NAS-IP and key set to 127.0.0.1 and 3Com respectively.
Example
To create a local RADIUS authentication server with an IP address of 10.110.1.2 and a

shared key of aabbcc, enter the following:
[S4200G] local-server nas-ip 10.110.1.2 key aabbcc
View
Description
System view
Note:
The switch not only supports the traditional RADIUS client service to accomplish
user AAA management through foreign authentication/authorization server and
accounting server, but also provides a simple local RADIUS server function for
authentication and authorization. This function is called local RADIUS
authentication server function.
When you use the local RADIUS authentication server function, the UDP port
number for the authentication/authorization service must be 1645, the UDP port
number for the accounting service is 1646.
The packet encryption key set by the local-server command with the key
password parameter must be identical with the authentication/authorization
packet encryption key set by the key command in RADIUS scheme view.
The switch supports at most 16 local RADIUS authentication servers (including the
default local RADIUS authentication server).
432 local-server
Related Commands

Command Reference
key
radius-scheme
state

Command Reference
local-user 433
local-user
Purpose
Use the local-user command to add a local user and enter local user view.
Use the undo local-user command to delete the specified local users.
Syntax
local-user user-name
undo local-user { user-name | all [ service-type { ftp | lan-access |
ssh | telnet | terminal } ] }
Parameters
user-name user-name

<
>

Example
all
Specifies all users.
service-type
Specifies local users of a specific type. You can specify

one of the following user types:
ftp
lan-access (users are mainly Ethernet access users,

for example, 802.1x users)
ssh
telnet
terminal (users can log into the switch through the

Console port)
To add a local user named user1, enter the following:

[S4200G-luser-user1]
434 local-user
View
Related Command

Command Reference
System view
display local-user
service-type

Command Reference
local-user password-display mode 435

Purpose
Use the local-user password-display-mode command to set the password

display mode of all users.
Use the undo local-user password-display-mode command to restore the
default password display mode.
Syntax
local-user password-display-mode { auto | cipher-force }

undo local-user password-display-mode
Parameters
auto
Adopts the forcible cipher mode so that the passwords

of all the access users must be displayed in cipher text.
cipher-force
Adopts the automatic mode so that the passwords of

access users are displayed in the modes set with the
password command.
Default
By default, the password display mode of all access users is auto.
Example
To display all access user passwords in cipher text forcibly, enter the following:
[S4200G] local-user password-display-mode cipher-force
View
Description
Related Command
System view
When the cipher-force mode is adopted, all passwords will be displayed in cipher text
even through some users have specified to display their passwords in plain text by
using the password command with the simple keyword.
display local-user
password
436 lock

Command Reference
lock
Purpose
Use the lock command to lock the current user interface and prevent unauthorized
users from accessing it.
Syntax
lock
Parameters
None
Example
To lock the current user interface, enter the following:

<S4200G>lock
Password: xxxx
Again: xxxx
View
Description
User view
An authorized user must enter a valid password to access the interface.

Command Reference
logging-host 437
logging-host
Purpose
Use the logging-host command to configure a public logging host on the

management device for member devices.
Use the undo logging-host command to cancel the logging host configuration.
Syntax
logging-host ip-address
undo logging-host
Parameters
ip-address
Default
By default, no public logging host is configured.
Example
Configure the IP address of the logging host on the management device.
IP address of the logging host configured for the

cluster.
[aaa_0.S4200G-cluster] logging-host 10.10.10.9
View
Description
Cluster view
Only after you assign an IP address for the logging host of the cluster, member
devices can send log information to the logging host through the management
device.
438 loopback-detection control enable

Command Reference

Purpose
Use the loopback-detection control enable command to enable loopback

detection and control function for Trunk ports and Hybrid ports.
Use the undo loopback-detection control enable command to disable
loopback detection and control function for Trunk ports and Hybrid ports.
Syntax

undo loopback-detection control enable
Parameters
None
Default
By default, the loopback detection and control function is disabled for both the Trunk
and Hybrid ports.
Example
Enable loopback port control on the GigabitEthernet1/0/1 trunk port.

[S4200G] loopback-detection enable
[S4200G-GigabitEthernet1/0/1] loopback-detection enable
[S4200G-GigabitEthernet1/0/1] loopback-detection control enable
View
Description
Ethernet Port view
Note:
When the loopback port control function is enabled on the trunk or hybrid port
and loopback is found on the port, the system disables the port, sends a Trap
message to the client and removes the corresponding MAC forwarding entry.
When the loopback port control function is disabled, the system sends a Trap
message to the client if a loopback port is found. The port still operates normally.
CAUTION:
This command is invalid for the access port, since the loopback port control function
is always enabled on the access port.

Command Reference
loopback-detection enable 439
loopback-detection enable
Purpose
Use the loopback-detection enable command to enable the loopback

detection function globally or for a specific port.
Use the undo loopback-detection enable command to disable the loopback
detection function globally or for a specific port.
Syntax
undo loopback-detection enable
Parameters
None
Default
By default, the loopback detection function is disabled.
Example
Enable the loopback detection function for Ethernet1/0/1 port.

[S4200G] loopback-detection enable
[S4200G-Ethernet1/0/1] loopback-detection enable
View
Description
System view
Ethernet Port view
CAUTION:
Loopback detection for a port is enabled only when the loopback-detection

enable command is enabled under both system view and port view.
When the undo loopback-detection enable command is used under

system view, the loopback detection function will be disabled for all ports.
Note:
For Access port: If system detects loopback for a port, it will shut down that port,
send a Trap message to the terminal, and delete the corresponding MAC address
forwarding entry.
For Trunk ports and Hybrid ports: If system detects loopback for a port, it will send
a Trap message to the terminal. If the loopback detection and control function for
that port is enabled at the same time, the system will then shut down the given
port, send a Trap message to the terminal, and delete the corresponding MAC
address forwarding entry.
440 loopback-detection enable
Related Command

Command Reference

Command Reference
loopback-detection interval-time 441
Purpose
Use the loopback-detection interval-time command to set the time

interval for detecting the external loopback for a port.
Use the undo loopback-detection interval-time command to restore the
time interval to default value.
Syntax
loopback-detection interval-time time

undo loopback-detection interval-time
Parameters
Time
Example
Set the time interval for regular external loopback detection to 10 seconds.
Time interval for detecting the external loopback for a

port, in seconds. Valid values are 5 to 300.
[S4200G] loopback-detection interval-time 10
View
Related Command
System view
442 loopback-detection per-vlan enable

Command Reference

Purpose
Use the loopback-detection per-vlan enable command to configure the

system to run loopback detection on all VLANs for the Trunk and Hybrid ports.
Use the undo loopback-detection per-vlan enable command to restore
the default setting, that is, to enable loopback detection function only for the default
VLANs with Trunk and Hybrid ports.
Syntax

undo loopback-detection per-vlan enable
Parameters
None
Default
By default, system runs loopback detection only on the default VLAN for the trunk
and hybrid ports.
Example
Configure the system to run loopback detection on all VLANs for the
GigabitEthernet1/0/1 trunk port.
[S4200G-GigabitEthernet1/0/1] loopback-detection per-vlan enable
View
Description
Ethernet Port view
CAUTION:
This command is invalid for the Access ports.

Command Reference
ls 443
ls
Purpose
Use the ls command to display the files in the specified directory.
Syntax
ls [ remote-path ]
Parameters
remote-path
Example
Display the files in directory flash:/.

sftp-client>
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
-rwxrwxrwx
drwxrwxrwx
drwxrwxrwx
-rwxrwxrwx
View
ls flash:/
1 noone
1 noone
1 noone
1 noone
1 noone
1 noone
1 noone
nogroup
nogroup
nogroup
nogroup
nogroup
nogroup
nogroup
1759
225
283
225
0
0
225
Aug
Aug
Aug
Sep
Sep
Sep
Sep
23
24
24
28
28
28
28
06:52
08:01
07:39
08:28
08:24
08:18
08:30
vrpcfg.cfg
pubkey2
pubkey1
pub1
new1
new2
pub2
Description
Name of the intended directory.
SFTP Client view
If the remote-path argument is not specified, the files in the current directory are
displayed.
This command has the same function as the dir command.
444 ls

Command Reference
ls
Purpose
Use the ls command to display the information about a specified remote file.
Syntax
ls [ remotefile [ localfile ] ]
Parameters
remotefile
Name of the remote file to be queried.
Localfile
Name of the local file where the querying result is to

be saved.
Example

<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Display the names of all the files in the current directory.

[ftp] ls
4.app
5.app
6.app
6.app.bak
abc.BTM
TEST
21.bin
FTP: 1235 byte(s) received in 1.595 second(s) 774.00byte(s)/sec.
View
Description
FTP Client view
If you do not specify the remotefile argument, the names of all the files in the current
directory are displayed.
The ls command only displays file names, while the dir command displays file
information in more detail, including file size, creation date and so on.

Command Reference
mac-address 445
mac-address
Purpose
Use the mac-address command to add/modify the MAC address table entry.
Use the undo mac-address command to delete MAC address table entry
Syntax
In System view:
mac-address { static | dynamic | blackhole } mac-address interface
interface-type interface-number } vlan vlan-id
undo mac-address [ mac-address-attribute ]
In Port view:
mac-address { static | dynamic | blackhole } mac-address vlan vlan-id
undo mac-address [ { static | dynamic | blackhole } mac-address vlan
vlan-id
Parameters
static
Specifies that the MAC address entry to be

added/updated is of static type.
dynamic
Specifies that the MAC address entry to be

added/updated is of dynamic type.
blackhole
Specifies the MAC address entry to be added/updated

is of blackhole type.
mac-address
Specifies the MAC address.
interface-type
interface-number
vlan-id
Specifies the VLAN ID. Valid values are 1 to 4094.
mac-address-attribute
Specifies the string used to specify the MAC address

entries to be removed, as described in Table 85
Table 85 Description on the mac-address-attribute argument

Value
Description
{ static | dynamic | blackhole } interface

interface-type
interface-number
Remove the static, dynamic, or blackhole MAC

address entries concerning a specified port.
{ static | dynamic | blackhole } vlan

vlan-id
Remove the static, dynamic, or blackhole MAC

address entries concerning a specified VLAN.
{ static | dynamic | blackhole }

mac-address [ interface
interface-type
interface-number ] vlan vlan-id
Remove a specified static, dynamic, or blackhole

MAC address entry.
interface-number
Remove all the MAC address entries concerning a

specified port.
vlan vlan-id
Remove all the MAC address entries concerning a

specified VLAN.
446 mac-address

Command Reference
Table 85 Description on the mac-address-attribute argument (continued)
Example
Value
Description
mac-address [ interface
interface-type
Remove a specified MAC address entry.
Configure a static MAC address entry with the following settings:
MAC address: 00e0-fc01-0101
Outbound port: GigabitEthernet1/0/1 port
GigabitEthernet1/0/1 port belongs to VLAN 2.
[S4200G] mac-address static 00e0-fc01-0101 interface GigabitEthernet
1/0/1 vlan 2
View
Description
System view
Port view
If the MAC address you input in the mac-address command already exists in the MAC
address table, the system will modify the attributes of the corresponding MAC
address entry according to your settings in the command.
When being executed in port view, these two commands only apply to the current
port. In this case, the interface keyword is unnecessary.
Related Command
display mac-address

Command Reference
mac-address max-mac-count
Purpose
Use the mac-address max-mac-count command to configure the maximum number

of MAC addresses an Ethernet port can learn.
Use the undo mac-address-table max-mac-count command to cancel the limitation
on the number of MAC addresses an Ethernet port can learn.
Syntax
mac-address max-mac-count count

undo mac-address max-mac-count
Parameters
count
Default
By default, the number of MAC addresses an Ethernet port can learn is unlimited.
Example
Set the maximum number of MAC addresses GgiabitEthernet1/0/3 port can learn to
600.
The maximum number of MAC addresses a port can

learn. Valid values are 0 to 4,096. A value of 0 disables
the port from learning MAC addresses.
If no maximum limit is set, the MAC address table
controls the number of MAC addresses a port can
learn.
[S4200G-GigabitEthernet1/0/3] mac-address max-mac-count 600
View
Description
Ethernet Port view
These mac-address max-mac-count and undo mac-address-table max-mac-count

commands are not applicable to upstream ports.
The port stops learning MAC addresses when the specified limit is reached.
448 mac-address max-mac-count 0

Command Reference
Purpose
Use the mac-address max-mac-count0 command to disable a switch from learning

MAC address in a VLAN.
Use the undo mac-address-table max-mac-count0 command to enable a switch to
learn MAC address in a VLAN.
Syntax
undo mac-address max-mac-count
Parameters
None
Default
By default, a switch learns MAC addresses in any VLAN.
Example
Disable the switch from learning MAC address in VLAN 3.

[S4200G] vlan 3
[S4200G-vlan3] mac-address max-mac-count 0
View
VLAN view

Command Reference
mac-address multicast interface vlan 449

Purpose
Use the mac-address multicast command to add a multicast MAC address

entry.
Use the undo mac-address multicast command to remove a multicast MAC
address entry.
Syntax
mac-address multicast mac-address interface interface-list vlan vlan-id

undo mac-address multicast [ mac-address [ interface interface-list ]
vlan vlan-id ]
Parameters
Example
mac-address
Multicast MAC address.
interface-list
Forward port list, in the format of { {

interface-type interface-num |
interface-name } [ to { interface-type
interface-num | interface-name } ] }&<1-10>.
Where, interface-type and interface-num is
the type and number of a port, interface-name is
the name of a port, and &<1-10> means you can
specify up to 10 ports/port ranges. For the value
ranges of the three arguments, refer to the command
parameter description in the Port Configuration
module of this document.
vlan-id
VLAN ID.
Add a multicast MAC address entry, with multicast address 0100-5e0a-0805, forward
port GigabitEthernet 1/0/1, and VLAN 1 to which the entry belongs.
[S4200G] mac-address multicast 0100-5e0a-0805 interface GigabitEthernet
1/0/1 vlan 1
View
System view
Description
A multicast address entry contains the following information: multicast MAC address,
Forward port, and VLAN ID.
Related Command
450 mac-address multicast vlan

Command Reference
mac-address multicast vlan

Purpose
Use the mac-address multicast vlan command to add a multicast MAC

address entry.
Use the undo mac-address multicast vlan command to remove a multicast
MAC address entry.
Syntax
mac-address multicast mac-address vlan vlan-id

undo mac-address multicast [ [ mac-address ] vlan vlan-id ]
Parameters
Example
mac-address
Multicast MAC address.
vlan-id
VLAN ID.
Add a multicast MAC address entry on the GigabitEthernet1/0/1 port, with multicast
address 0100-1000-1000 and VLAN 1 to which the entry belongs.
[S4200G-GigabitEthernet1/0/1]mac-address multicast 0100-1000-1000 vlan
1
View
Ethernet Port view
Description
A multicast MAC address entry contains a multicast MAC address, a VLAN ID, and
other information.
Related Command

Command Reference
mac-address security 451
mac-address security
Purpose
Use the mac-address security command to add Security MAC address

manually.
Use the undo mac-address security command to delete Security MAC
address.
Syntax
mac-address security mac-address [ interface interface-type

Parameters
interface-type
interface-number
vlan-id
Specifies the VLAN ID.
Default
By default, no Security MAC address is added.
Example
Enter system view.

Enable port-security feature globally.

[S4200G] port-security enable
Configure the maximum number of MAC addresses allowed to access the port to
100.
[S4200G-GigabitEthernet1/0/1] port-security max-mac-count 100
Configure the port mode to autolearn.

[S4200G-GigabitEthernet1/0/1] port-security port-mode autolearn
Add the Security MAC address 0001-0001-0001 to VLAN 1.

[S4200G-GigabitEthernet1/0/1] mac-address security 0001-0001-0001 vlan 1
View
Description
Ethernet Port view
System view
You can add Security MAC address only when the port-security is enabled globally
and the port-security port-mode autolearn command is configured on
the port.
452 mac-address timer

Command Reference
mac-address timer
Purpose
Use the mac-address timer command to set the aging time for dynamic MAC
address entries.
Use the undo mac-address timer command to revert to the default aging time.
Syntax
mac-address timer { aging age-time | no-aging }

undo mac-address timer aging
Parameters
Example
aging age-time
Specifies the aging time (measured in seconds) for

dynamic MAC address entries. Valid values for
age-time are 10 to 630.
If not specified, the default aging time is 300 seconds.
no-aging
Specifies not to age dynamic MAC address entries.
Set the aging time of MAC address entries to 500 seconds.

[S4200G] mac-address timer aging 500
View
Description
System view
Setting the aging time on the switch to be too long or too short will cause the switch
to broadcast data packets without MAC addresses, this will affect the operational
performance of the switch.
If the aging time is set too long, the switch will store out-of-date MAC address tables.
This will consume MAC address table resources and the switch will not be able to
update MAC address table according to the network change.
If aging time is set too short, the switch may delete valid MAC address table entries.

Command Reference
mac-authentication 453
mac-authentication
Purpose
Use the mac-authentication command to enable centralized MAC address

authentication globally (current device) or on specified ports.
Use the undo mac-authentication command to disable centralized MAC
address authentication globally or on specified ports.
Syntax
mac-authentication [ interface interface-list ]

undo mac-authentication [ interface interface-list ]
Parameters
interface-list
Default
By default, centralized MAC address authentication is disabled both globally and on

any port.
Example
To enable centralized MAC address authentication for GigabitEthernet 1/0/1 port,

Specifies the list of Ethernet ports. You can specify

multiple Ethernet ports by providing this argument in
the form of interface-list = { interface-type
interface-number [ to interface-type interface-number
] } where <110> means that you can provide up to 10
port indexes/port index lists for this argument.
[S4200G] mac-authentication interface GigabitEthernet 1/0/1
Enable centralized MAC address authentication globally.

[S4200G] mac-authentication
View
Description
System view
Ethernet Port view
When being executed in system view, the mac-authentication command

enables centralized MAC address authentication globally if you do not provide the
interface-list argument, otherwise, the command enables centralized MAC address
authentication on the specified ports.
When being executed in Ethernet port view, the command enables centralized MAC
address authentication on the current port only. In this case, the interface-list is
unnecessary.
454 mac-authentication

Command Reference
You can configure centralized MAC address authentication-related parameters no

matter whether or not centralized MAC authentication is enabled. If you do not
configure the parameters before enabling centralized MAC address authentication
globally, the default parameters are adopted.
Note:
Centralized MAC address authentication configuration takes effect on a port only

after you enable centralized MAC address authentication globally.
The configuration of the maximum number of learned MAC addresses (refer to

the mac-address max-mac-count command) is unavailable for the ports with
centralized MAC address authentication enabled. Similarly, the centralized MAC
address authentication is unavailable for the ports with the maximum number of
learned MAC addresses configured.

Command Reference
mac-authentication authmode 455
mac-authentication authmode
Purpose
Use the mac-authentication authmode command to set MAC address

authentication mode.
Use the undo mac-authentication authmode command to cancel the
configured MAC address authentication mode.
Syntax
mac-authentication authmode { usernameasmacaddress | usernamefixed }

undo mac-authentication authmode
Parameters
usernameasmacaddress
Authenticates users in MAC address mode. The

usernameasmacaddress keyword specifies to adopt the
MAC address mode, where user the MAC address is
used as both user name and password.
usernamefixed
Authenticates users in fixed mode. The usernamefixed

keyword specifies to adopt the fix mode, where user
name and password are configured previously.
Default
By default, the MAC address mode is adopted.
Example
To specify to perform MAC address authentication in the fixed mode, enter the
following:
[S4200G] mac-authentication authmode usernamefixed
View
System view
456 mac-authentication authpassword

Command Reference
Purpose
Use the mac-authentication authpassword command to set a password for

MAC address authentication when the fixed mode is adopted.
Use the undo mac-authentication authpassword command to cancel the
configured password.
Syntax
mac-authentication authpassword password

undo mac-authentication authpassword
Parameters
password
Default
By default, no password is configured for the fixed mode of MAC address

authentication.
Example
To Set the password to mac, enter the following:
Specifies the password used for authentication. The

password consists of a character string from 1 to 63
characters long.
[S4200G] mac-authentication authpassword mac
View
System view

Command Reference
mac-authentication authusername 457
Purpose
Use the mac-authentication authusername command to set a user name

when a switch authenticates users in fixed mode.
Use the undo mac-authentication authusername command to restore the
default user name.
Syntax
mac-authentication authusername username

undo mac-authentication authusername
Parameters
username
Default
By default, the user name used in MAC address authentication (in the fixed mode) is
mac.
Example
To set the user name to vipuser for MAC addresses authentication (in the fixed mode),
User name for authentication consisting of a character

string from1 to 55 characters long.
[S4200G] mac-authentication authusername vipuser
Restore the default user name for fixed mode.

[S4200G] undo mac-authentication authusername
View
System view
458 mac-authentication domain

Command Reference
mac-authentication domain
Purpose
Use the mac-authentication domain command to configure an ISP domain for

centralized MAC address authentication users.
Use the undo mac-authentication domain command to restore the default
ISP domain.
Syntax
mac-authentication domain isp-name

undo mac-authentication domain
Parameters
isp-name
Default
By default, the domain for centralized MAC address authentication users is not
configured.
Example
To configure the domain for centralized MAC address authentication to be Cams,

ISP domain name consisting of a string up to 24

characters long. Note that this argument cannot
contain /, :, *, ?, <, and >.
[S4200G] mac-authentication domain Cams
View
System view

Command Reference
mac-authentication timer 459
mac-authentication timer
Purpose
Use the mac-authentication timer command to configure the timers used in

centralized MAC address authentication.
Use the undo mac-authentication timer command to restore the default
timer setting.
Syntax
mac-authentication timer { offline-detect offline-detect-value |

quiet quiet-value | server-timeout server-timeout-value }
undo mac-authentication timer { offline-detect | quiet |
server-timeout }
Parameters
offline-detect
offline-detect-value
quiet quiet-value
server-timeout
server-timeout-value
Example
Sets the offline-detect timer (in seconds). This timer

sets the interval for a switch to test whether or not a
user goes offline. Valid values for the
offline-detect-value argument are 1 to 65,535. If not
specified, the default is 300.
Sets the quiet timer. If a user fails to pass the
authentication performed by a switch, the switch stops
authenticating users for a period specified by the
quiet-value before it authenticates users again. Valid
values for the quiet-value argument are 1 to 65,535 (in
minutes). If not specified, the default is 1.
Sets the server-timeout timer. If the connection
between a switch and a RADIUS server times out when
the switch authenticates a user on one of its ports, the
switch turns down the user. Valid values for the
server-timeout-value argument are 1 to 65,535 (in
seconds). If not specified, the default is 100.
To set the server timeout timer to 150 seconds, enter the following:
[S4200G] mac-authentication timer server-timeout 150
View
Related Command
System view
460 management-vlan

Command Reference
management-vlan
Purpose
Use the management-vlan command to specify the management VLAN on the

switch.
Use the undo management-vlan command to restore the default management
VLAN.
Syntax
management-vlan vlan-id
undo management-vlan
Parameters
vlanid
Default
By default, VLAN 1 is set as the management VLAN.
Example
Specify VLAN 2 as the management VLAN of the current switch.
ID of the VLAN to be specified as the management

VLAN.
<S4200G>system-view
View
Description
System view
Follow these items when you configure the management VLAN:
The management VLAN specified for devices in the same cluster must be the same
VLAN.
The management VLAN must be specified before the cluster is set up. You cannot
change the management VLAN of an existing VLAN. If necessary, you can delete
the cluster, re-specify the management VLAN and then re-create the cluster.

Command Reference
management-vlan synchronization enable 461
management-vlan synchronization enable

Purpose
Use the management-vlan synchronization enable command to enable

the management VLANs of the member devices of a cluster to be synchronized.
Use the undo management-vlan synchronization enable command to
disable the management VLANs of the member devices of a cluster from being
synchronized.
Syntax

undo management-vlan synchronization enable
Parameters
None
Default
By default, the management VLAN of a member device is not synchronized.
Example
Enable management VLAN synchronization on the master switch.

[3Com_0.S4200G-cluster]management-vlan synchronization enable
Disable management VLAN synchronization on the master switch.

[3Com_0.S4200G-cluster]undo management-vlan synchronization enable
View
Description
Cluster view
This command can be executed only on master switches.

After enabling management VLAN synchronization, the master device advertises
packets synchronizing the management VLANs to the attached switches regularly for
the latter to configure their management VLANs, so that the management VLAN of
the master device and those of the attached switches are synchronized. After the
management VLANs are synchronized, the attached switch can join the cluster.
462 mdi

Command Reference
mdi
Purpose
Use the mdi command to set port MDI attribute.

Use the undo mdi command to restore the default type.
Syntax
mdi { across | auto | normal }

undo mdi
Parameters
across
Sets the port to support MDIX.
auto
Sets the port to support auto-MDI/MDIX.

If no parameter is specified, the port MDI attribute is
set to auto.
normal
Sets the port to support MDI.
Default
By default, the network cable type is recognized automatically (the mdi auto
command).
Example
Set the port to support auto-MDI/MDIX.

<S4200G>system-view
[SW4200G]interface GigabitEthernet 1/0/1
[SW4200G-GigabitEthernet1/0/1]mdi auto
View
Description
Ethernet Port view
Note: The mdi and undo mdi commands cannot be configured on the combo
ports.

Command Reference
messenger 463
messenger
Purpose
Use the messenger time command to enable or disable the messenger alert and
configure the related parameters.
Use the undo messenger time command to restore messenger alert to default
settings.
Syntax
messenger time { enable limit interval | disable }

undo messenger time
Parameters
limit
Remaining-online-time threshold in minutes. Valid

values are 1 to 60. When the remaining online time of
a user is equal to this threshold, the Switch begins to
send alert messages to the client.
interval
Specifies the sending interval of prompts in minutes.

Valid values are of 5 to 60 and must be specifies in
intervals of 5.
Default
By default, the messenger alert is disabled on the Switch.
Example
To enable the switch to send prompt messages at intervals of 5 minutes to the users
in the ISP domain system after the remaining online time is less than 30 minutes.
[S4200G] domain system
[S4200G-isp-system] messenger time enable 30 5
View
Description
ISP Domain view
This function allows the clients to inform the online users about their remaining
online time through a message dialog.
You can use messenger time enable command to set a remaining online time
limit and the interval to send prompt messages. After that, the switch regularly sends
prompt messages at the set interval to the clients of the users whose remaining online
time is less than the set limit, and the clients inform the users of their remaining
online time in the form of message dialog.
464 mirroring group

Command Reference
mirroring group
Purpose
Use the mirroring-group command to configure the port mirroring group.

Use the undo mirroring-group command to delete the port mirroring group.
Syntax
mirroring-group group-id { local | remote-destination | remote-source }

undo mirroring-group { group-id | all | local | remote-destination |
remote-source }
Parameters
Example
group-id
Group number of a port mirroring group. Valid values

are 1 to 20.
local
Specifies the mirroring group as a local port mirroring

group.
remote-destination
Specifies the mirroring group as the destination

mirroring group for remote port mirroring.
remote-source
Specifies the mirroring group as the source mirroring

group for remote mirroring.
all
Deletes all mirroring groups.
Configure the mirroring group on the local switch.

[S4200G] mirroring-group 1 local
View
System view

Command Reference
mirroring-group mirroring-port 465
mirroring-group mirroring-port
Purpose
Use the mirroring-group mirroring-port command to configure the

monitored port.
Use the undo mirroring-group mirroring-port command to remove the
configuration of the monitored port.
Syntax
mirroring-group group-id mirroring-port mirroring-port-list { both |

inbound | outbound }
undo mirroring-group group-id mirroring-port mirroring-port-list { both
| inbound | outbound }
Parameters
group-id
mirroring-port
mirroring-port-list
Example

are 1 to 20.
Specifies a list of mirrored ports.
mirroring-port-list is available in System view
only, but not in Ethernet Port view.
both
Mirrors packets both received and sent via the port.
inbound
Mirrors only packets received via the port.
outbound
Mirrors only packets sent via the port.
Configure GigabitEthernet1/0/1 as the source port and monitor all packets received
via this port.
[S4200G] mirroring-group 1 mirroring-port Gigabitethernet1/0/1 inbound
View
System view
466 mirroring-group reflector-port

Command Reference
mirroring-group reflector-port
Purpose
Use the mirroring-group reflector-port command to configure a reflector

port.
Use the undo mirroring-group reflector-port command to remove the
configuration of a reflector port.
Syntax
mirroring-group group-id reflector-port reflector-port

undo mirroring-group group-id reflector-port reflector-port
Parameters
group-id
reflector-port
reflector-port
Example

are 1 to 20.
Specifies a reflector port. reflector-port is
available in System view only, but not in Ethernet Port
view.
Configure GigabitEthernet1/0/1 as a reflector port and monitor all packets received and
sent via this port.
[S4200G] mirroring-group 1 reflector-port Ethernet1/0/1
View
System view

Command Reference
mirroring-group remote-probe vlan 467

Purpose
Use the mirroring-group remote-probe vlan command to specify the

remote-probe VLAN for a given mirroring group.
Use the undo mirroring-group remote-probe vlan command to delete the
remote-probe VLAN configuration for a given mirroring group.
Syntax
mirroring-group group-id remote-probe vlan remote-probe-vlan-id

undo mirroring-group group-id remote-probe vlan remote-probe-vlan-id
Parameters
group-id
remote-probe vlan
remote-probe-vlan-id
Example
The group number of a mirroring group. Valid values

are 1 to 20.
Specifies a remote-probe VLAN for a specified
mirroring group.
Configure the remote-probe VLAN of mirroring group to be VLAN 100.

[S4200G] mirroring-group 1 remote-probe vlan 100
View
System view
468 mirroring-port

Command Reference
mirroring-port
Purpose
Use the mirroring-port command to configure a mirroring port.

Use the undo mirroring-port command to remove the configuration of a source
port.
Syntax
mirroring-port { inbound | outbound | both }

undo mirroring-port
Parameters
Example
inbound| outbound | both Direction of mirrored packets:
inbound; only mirrors the packets received via the

port
outbound; only mirrors the packets sent by the port
both; mirrors all packets received and sent by the

port
Configure GigabitEthernet1/0/1 as the source port and mirror all packets received and
sent and via this port.
[S4200G-GigabitEthernet1/0/1] mirroring-port both
View
Ethernet Port view
Description
The Switch supports one monitor port and one mirroring port. If several Switches
form a Fabric, only one monitor port and one mirroring port can be configured in the
Fabric. You need to configure the monitor port before configuring the monitored
port.
Related Command

Command Reference
mkdir 469
mkdir
Purpose
Use the mkdir command to create a directory on the remote SFTP server.
Syntax
mkdir remote-path
Parameters
remote-path
Example
Create directory test on the remote SFTP server.
Name of a directory on the remote SFTP server.
sftp-client> mkdir test
View
SFTP Client view
470 mkdir

Command Reference
mkdir
Purpose
Use the mkdir command to create a directory in a specified directory of a specified

storage device.
Syntax
mkdir directory
Parameters
directory
Example
Create a directory in the current directory, with the name being dd.
Name of the directory, comprised of a string from 1 to

142 characters longS.
<S4200G> mkdir dd
% Created dir flash:/dd
View
Description
User view
When using the mkdir command to create a directory, the names of the directories
and files in the same directory must be unique.

Command Reference
mkdir 471
mkdir
Purpose
Syntax
mkdir pathname
Parameters
Pathname
Example
Path name.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Create the directory flash:/lanswitch on the FTP server.

[ftp] mkdir flash:/lanswitch
257 "flash:/ lanswitch" new directory created.
View
Description
FTP Client view
The mkdir command is only available to the FTP clients that are assigned the
permission to create directories on FTP servers.
472 monitor-port

Command Reference
monitor-port
Purpose
Use the monitor-port command to configure the destination monitor port.

Use the undo monitor-port command to remove the configuration of a destination
port monitor.
Syntax
monitor-port
undo monitor-port
Parameters
None
Example
Configure GigabitEthernet1/0/1 as the destination port.

[S4200G-GigabitEthernet1/0/1] monitor-port
View
Description
Ethernet Port view
You can configure only one destination port on the switch; all mirrored packets will
be sent to the destination port.
The Switch supports one monitor port and one mirroring port. If several Switches
form a Fabric, only one monitor port and one mirroring port can be configured in the
Fabric. You need to configure monitor port before configuring monitored port.
Related Command

Command Reference
more 473
more
Purpose
Use the more command to display the content of a specified file.
Syntax
more file-url
Parameters
file-url
Example
Display contents of file test.txt.
The path name or file name of a file in the Flash,

comprised of a string from 1 to 142 characters long.
<S4200G> more test.txt

AppWizard has created this test application for you.
This file contains a summary of what you will find in each of the files
that make up your test application.
Test.dsp
This file (the project file) contains information at the project level
and is used to build a single project or subproject. Other users can
share the project (.dsp) file, but they should export the makefiles
locally.
View
Description
User view
Currently, the content of a file can only be displayed in text.
474 move

Command Reference
move
Purpose
Use the move command to move a file to a specified directory. You can also assign a
new name for the file.
Syntax
move fileirl-source fileurl-dest
Parameters
fileurl-source
fileurl-dest
Example
Path name or file name of the source file in the

Flash, a string comprising 1 to 142 characters.
Path name or file name of the target file in the Flash,
a string comprising 1 to 142 characters.
Move the file named sample.txt from flash:/test/ to flash:/, with the name not
changed.
<S4200G> move flash:/test/sample.txt flash:/sample.txt
Move flash:/test/sample.txt to flash:/sample.txt ?[Y/N]:y
% Moved file flash:/test/sample.txt to flash:/sample.txt
View
Description
User view
When the destination filename is the same as that of an existing file, the system will
ask whether to overwrite the existing file.

Command Reference
name 475
name
Purpose
Use the name command to set a name for the assigned VLAN.
Use the undo name command to restore to the default VLAN name.
Syntax
name string
undo name
Parameters
string
Default
By default, the VLAN ID (like VLAN 0001) is used as the name of the assigned VLAN.
Example
Set the name of VLAN 2 to abc.
Name of the assigned VLAN, consisting of a character

[S4200G] vlan 2
[S4200G-vlan2] name abc
View
VLAN view
476 name

Command Reference
name
Purpose
Use the undo name command to delete the name of the assigned VLAN.
Syntax
name string
undo name
Parameters
string
Default
By default, a VLAn uses its VLAN ID (like VLAN 0001) as its name.
Example
To set the name of VLAN 100 to test, enter the following:
Name of the assigned VLAN. string is a character

[S4200G] vlan 100
[S4200G-vlan100] name test
View
Description
Related Commands
VLAN view
This command is used for the dynamic VLAN assignment function. For details about
this function, refer to the vlan-assignment-mode command.
dot1x guest-vlan

Command Reference
nas-ip 477
nas-ip
Purpose
Use the nas-ip command to set the source IP address used by the switch to send
RADIUS packets.
Use the undo nas-ip command to remove the source IP address setting.
Syntax
nas-ip ip-address
undo nas-ip
Parameters
ip-address
Default
By default, the IP address of the outbound interface is used as the source IP address of
the packet.
Example
To set the source IP address used by the switch to send the RADIUS packets to
10.1.1.1, enter the following:
Specifies the source IP address for RADIUS packets.

This address cannot be the all zero address or the
Class-D address.
New Radius scheme
[S4200G-radius-radius1] nas-ip 10.1.1.1
View
Description
Related Commands
RADIUS Scheme view
You can specify the source IP address used to send RADIUS packets to prevent the
unreachability of the packets returned from the server due to physical interface
trouble. It is recommended to use the loopback interface address as the source IP
address.
display radius
radius nas-ip
478 ndp enable

Command Reference
ndp enable
Purpose
Use the ndp enable command in system view to enable NDP globally on the
switch. When being executed in Ethernet port view, this command enables NDP for
an Ethernet port.
Use the undo ndp enable command in system view to disable NDP globally on the
switch. When being executed in Ethernet port view, this command disables NDP for
an Ethernet port.
Syntax
ndp enable [ interface port-list ]

undo ndp enable [ interface port-list ]
Parameters
port-list
Default
By default, NDP is enabled both globally on the switch and on an Ethernet port.
Example
Enable NDP globally on the system.
Specifies a list of ports. The list can contain consecutive

or separated ports, or the combination of the both.
You need to provide the port-list argument in the form
of { interface-type interface-number | interface-name }
[ to { interface-type interface-number | interface-name
} ] } &<1-10>, where interface-type specifies the port
type, and interface-number specifies the port number
(in the form of slot number/port number). Using to
specifies a range of ports.
<S4200G>system-view
[S4200G] ndp enable
View
System view
Ethernet Port view

Command Reference
ndp timer aging 479
ndp timer aging

Purpose
Use the ndp timer aging command to set how long a device will hold the NDP
packets received from the local device. After the aging timer expires, the device will
discard the received NDP neighbor node information.
Use the undo timer aging command to restore the default NDP information
aging time (180 seconds).
Syntax
ndp timer aging aging-in-seconds

undo ndp timer aging
Parameters
aging-in-seconds
Example
Configure the holdtime of the NDP information sent by the local switch to be 60
seconds.
Time to hold the NDP information on the neighbor

node in seconds. Valid values are 5 to 255 seconds
If not specified, the NDP is aged in 180 seconds, by
default.
<S4200G>system-view
[S4200G] ndp timer aging 60
View
Description
System view
A user can specify how long an adjacent device will hold the NDP information sent by
the local device. An adjacent device holds the NDP information of the local switch
according to the holdtime carried in the NDP packets received from the local switch
and removes the NDP information when the aging timer expires.
Normally, NDP information holdtime is longer than the interval to send NDP packets.
Otherwise, the neighbor information table of an NDP port becomes unstable.
480 ndp timer hello

Command Reference
ndp timer hello

Purpose
Use the ndp timer hello command to define how often to transmit the NDP
packets.
Use the undo ndp timer hello command to restore the default NDP packet
interval (60 seconds).
Syntax
ndp timer hello timer-in-seconds

undo ndp timer hello
Parameters
timer-in-seconds
Default
By default, NDP packets are transmitted every 60 seconds.
Example
Configure the interval to send NDP packets to be 80 seconds.
Interval (in seconds) to send NDP packets ranging from

5 to 254. If not specified, NDP packets are transmitted
every 60 seconds, by default.
<S4200G>system-view
[S4200G] ndp timer hello 80
View
Description
System view
NDP information in a neighbor information table is updated regularly. This enables

neighbor information table to contain the actual network topology information. You
can use these two commands to adjust the updating frequency of NDP information.

Command Reference
nm-interface vlan-interface 481
nm-interface vlan-interface
Purpose
Use the nm-interface vlan-interface command to configure an NMS

interface of the management device.
Syntax
nm-interface vlan-interface vlan-id
Parameters
vlan-id
Example
Configure VLAN-interface 2 as an NMS interface.
ID of a VLAN. It is an existing virtual interface ID.
<123> system-view
[123] cluster
[123-cluster] nm-interface Vlan-interface 2
View
Description
Cluster view
Note:
In an NAT-enabled cluster network, the NAT server is configured on the

management VLAN interface of the management device by default. The NAT
server can perform address translation between an internal IP address and a public
IP address. NMS devices outside the cluster network can use SNMP, FTP, and HTTP
to manage the devices inside the cluster through NAT.
If the VLAN where the port connected with the NMS device resides is not a
management VLAN, since no NAT server is configured on this interface by default,
IP addresses cannot be translated. In this case, the network administrator of the
external network is unable to access the management device, so he cannot
manage internal devices of the cluster.
By specifying an NMS interface on the management device, you can enable the
NAT server configuration on the NMS interface instead of the management VLAN
interface. In this case, the network administrator can access the management
device through the NMS interface to manage internal devices of this cluster.
482 ntdp enable

Command Reference
ntdp enable
Purpose
Use the ntdp enable command in system view to enable NTDP globally. When
being executed in Ethernet port view, this command enables NTDP for an Ethernet
port.
Use the undo ntdp enable command in system view to disable NTDP globally.
When being executed in Ethernet port view, this command disables NTDP for an
Ethernet port.
Syntax
ntdp enable
undo ntdp enable
Parameters
None
Default
By default, NTDP is enabled globally on the switch and the ports supporting NDP. For
a port that does not support NDP, NTDP cannot operate even if NTDP is enabled on it.
Example
Enable NTDP globally on the switch.

<S4200G>system-view
[S4200G] ntdp enable
View
System view
Ethernet Port view

Command Reference
ntdp explore 483
ntdp explore
Purpose
Use the ntdp explore command to start topology information collection manually.
Syntax
ntdp explore
Parameters
None
Example
Start the topology collection.

<S4200G> ntdp explore
View
Description
User view
Normally, NTDP collects network topology information periodically. You can also start
topology information collection manually whenever needed by executing this
command. When you execute this command, NTDP collects the NDP information of
every device and the information about the connections between the local switch and
all of its neighbor switches in the specified network scope. The information is useful
for the management device or network management system to acquire the network
topology and to manage and monitor the devices.
484 ntdp hop

Command Reference
ntdp hop
Purpose
Use the ntdp hop command to set a range (in terms of hop count) for topology
information collection.
Use the undo ntdp hop command to restore the default range for topology
information collection.
Syntax
ntdp hop hop-value

undo ntdp hop
Parameters
hop-value
Example
Set the hop count for topology information collection to 5.
Maximum hops for collecting topology information,

ranging from 1 to 16. By default, the value is 3.
[aaa_0.S4200G] ntdp hop 5
View
Description
System view
With the ntdp hop command, you can specify to collect the topology information of
the devices within a specified range to avoid infinitive collection. The limit is
performed by controlling the permitted hops from collection origination. For example,
if you set the hop number limit to 2, only the switches less than 2 hops away from the
switch starting the topology collection are collected.
This command is only applicable to the topology-collecting device. A broader
collection scope requires more memory of the topology-collecting device.

Command Reference
ntdp timer 485
ntdp timer
Purpose
Use the ntdp timer command to configure the interval to collect topology
information.
Use the undo ntdp timer command to restore the default topology collection
interval.
Syntax
ntdp timer interval-in- minutes

undo ntdp timer
Parameters
Interval-in-minutes
Interval (in minutes) to collect topology information,
ranging from 0 to 65,535. This argument defaults to 0,

which specifies not to collect topology information.
Example
Set the interval to collect topology information to 30 minutes.

<S4200G>system-view
[S4200G] ntdp timer 30
View
Description
System view
A switch collects topology information once in each period set by the ntdp timer
command.
486 ntdp timer hop-delay

Command Reference
ntdp timer hop-delay

Purpose
Use the ntdp timer hop-delay command to set the delay time for a switch to
forward topology-collection request packets.
Use the undo ntdp timer hop-delay command to restore the default delay
value.
Syntax
ntdp timer hop-delay time

undo ntdp timer hop-delay
Parameters
time
Example
Set the delay time for the switch to forward topology-collection request packets
through the first port to 300 ms.
Delay time (in milliseconds) for a switch to forward

topology-collection request packets. This argument
ranges from 1 to 1,000 and defaults to 200.
[aaa_0.S4200G] ntdp timer hop-delay 300
View
Description
System view
To avoid network congestion caused by large amount of topology response packets

received in short periods, a switch delays for specific period before it forwards a
received topology-collection request packet through its first ports. You can use the
ntdp timer hop-delay command to set the delay time.
These two commands are intended for switches that collect topology information.
They actually set the hop-delay value for topology-collection request packets sent by
these switches. The hop-delay value determines the delay time for a switch receiving
topology-collection request packets to forward them through its first port.

Command Reference
ntdp timer port-delay 487
ntdp timer port-delay

Purpose
Use the ntdp timer port-delay command to set the delay time for a switch to
forward a received topology-collection request packet through its successive ports.
Use the undo ntdp timer port-delay command to restore the default delay
time.
Syntax
ntdp timer port-delay time

undo ntdp timer port-delay
Parameters
time
Example
Set the delay time for the switch to forward topology-collection request packets
through the successive ports to 40 ms.
Delay time (in milliseconds) for a switch to forward a

topology-collection request packet through its
successive ports. This argument ranges from 1 to 100
and defaults to 20.
[aaa_0.S4200G] ntdp timer port-delay 40
View
Description
System view
Use the ntdp timer port-delay command to set the delay time for a switch to
forward a received topology-collection request packet through its successive ports. A
switch forwards received topology request packets to all its ports in turn. After
forwarding a received topology-collection request packet through one port, the
switch delays for specific period before it forwards the packet through the next port.
To avoid network congestion caused by large amount of topology response packets
received in short periods, a switch delays for specific period before it forwards a
received topology-collection request packet through the next port. You can use the
ntdp timer port-delay command to set the delay time.
These two commands are intended for switches that collect topology information.
They actually set the port-delay value for topology-collection request packets sent by
these switches. The port-delay value determines the delay time for a switch receiving
topology-collection request packets to forward them through the next port.
488 ntp-service access

Command Reference
ntp-service access
Purpose
Use the ntp-service access command to set the authority to access the local
equipment.
Use the undo ntp-service access command to cancel the access authority
settings.
Syntax
ntp-service access { peer | server | synchronization | query }

acl-number
undo ntp-service access { peer | server | synchronization | query }
Parameters
peer
Allows time request and query on the local NTP server.

The local clock can also be synchronized to the remote
server.
server
Allows time request and query on the local NTP server.

The local clock cannot be synchronized to the remote
server.
synchronization
Allows only time request on the local NTP server.
query
Allows only query on the local NTP server.
acl-number
Basic access control list (ACL) number, in the range of

2000 to 2999.
Default
By default, the access permission to the local NTP server is peer.
Example
Configure the access permission of the peer defined in ACL 2076 to be peer.
[S4200G] ntp-service access peer 2076
Configure the access permission of the peer defined in ACL 2028 to be server.
[S4200G] ntp-service access server 2028
View
Description
System view
Configuring access control permission to the NTP server only provides a least security
measure. Performing authentication is a more reliable way to improve security.
A received access is matched in this order: peer, server, synchronization, and query.

Command Reference
ntp-service access 489
490 ntp-service authentication enable

Command Reference

Purpose
Use the ntp-service authentication enable command to enable the NTP-service

authentication function.
Use the undo ntp-service authentication enable command to disable this
function.
Syntax

undo ntp-service authentication enable
Parameters
None
Default
By default, the authentication is disabled.
Example
Enable NTP authentication function.

[S4200G] ntp-service authentication enable
View
System view

Command Reference
ntp-service authentication-keyid 491
Purpose
Use the ntp-service authentication-keyid command to configure an NTP

authentication key.
Use the undo ntp-service authentication-keyid command to remove an NTP
authentication key.
Syntax
ntp-service authentication-keyid keyid authentication-mode md5 value

undo ntp-service authentication-keyid keyid
Parameters
Default
keyid
Authentication key ID, in the range of 1 to

4294967295.
value
Authentication key, a string comprising 1 to 32

characters. Up to 1024 keys can be configured.
By default, no NTP authentication key is configured.

For the encryption algorithm, only message digest 5 (MD5) is currently supported.
Example
Configure an MD5 authentication key, with the key ID being 10 and the key being
BetterKey.
[S4200G] ntp-service authentication-keyid 10 authentication-mode md5
BetterKey
View
System view
492 ntp-service broadcast-client

Command Reference
ntp-service broadcast-client
Purpose
Use the ntp-service broadcast-client command to configure an Ethernet switch

to operate in NTP broadcast client mode.
Use the undo ntp-service broadcast-client command to disable the NTP
broadcast client mode.
Syntax
undo ntp-service broadcast-client
Parameters
None
Default
By default, the NTP broadcast client mode is disabled.
Example
Configure to receive NTP broadcast packets via Vlan-Interface1.

[S4200G] interface vlan-interface1
[S4200G-Vlan-Interface1] ntp-service broadcast-client
View
Description
VLAN Interface view
Designate an interface on the local Switch to receive NTP broadcast messages and
operate in broadcast client mode. The local Switch listens to the broadcast from the
server. When it receives the first broadcast packet, it starts a brief client/server mode
to switch messages with a remote server for estimating the network delay. Thereafter,
the local Switch enters broadcast client mode and continues listening to the
broadcast and synchronizes the local clock according to the arrived broadcast
message.

Command Reference
ntp-service broadcast-server 493
ntp-service broadcast-server
Purpose
Use the ntp-service broadcast-server command to configure NTP broadcast

server mode.
Use the undo ntp-service broadcast-server command to disable the NTP
broadcast server mode.
Syntax
ntp-service broadcast-server [ authentication-keyid keyid ] [ version

number ]
undo ntp-service broadcast-server
Parameters
authentication-keyid
Specifies the authentication key.
keyid
Specifies the Key ID used in broadcast. Valid values are

1 to 4294967295.
version
Defines the NTP version.
number
Defines the NTP version number. Valid values are 1

to 3.
Default
By default, the broadcast service is disabled.
Example
Configure to send NTP broadcast packets through VLAN interface 1, using the key
numbered 4 for encryption and setting the NTP version number to 3.
[S4200G-Vlan-Interface1] ntp-service broadcast-server
authentication-key 4 version 3
View
Description
VLAN Interface view
Designate an interface on the local equipment to broadcast NTP packets. The local
equipment runs in broadcast-server mode and regularly broadcasts packets to its
clients.
494 ntp-service in-interface disable

Command Reference
ntp-service in-interface disable

Purpose
Use the ntp-service in-interface disable command to disable an interface to

receive NTP message.
Use the undo ntp-service in-interface disable command to enable an interface
to receive NTP message.
Syntax

undo ntp-service in-interface disable
Parameters
None
Default
By default, an interface is enabled to receive NTP message.
Example
Disable Vlan-Interface1 to receive NTP message.

[S4200G-Vlan-Interface1] ntp-service in-interface disable
View
VLAN Interface view

Command Reference
ntp-service max-dynamic sessions 495

Purpose
Use the ntp-service max-dynamic-sessions command to set how many sessions

can be created locally.
Use the undo ntp-service max-dynamic-sessions command to resume the
default maximum session number
Syntax
ntp-service max-dynamic-sessions number

undo ntp-service max-dynamic-sessions
Parameters
number
Example
Set the local equipment to allow up to 50 sessions.
The maximum of the NTP sessions that can be created

locally. Valid values are 0 to 100.
[S4200G] ntp-service max-dynamic-sessions 50
View
System view
496 ntp-service multicast-client

Command Reference
ntp-service multicast-client
Purpose
Use the ntp-service multicast-client command to configure an Ethernet switch

to operate in NTP multicast client mode.
Use the undo ntp-service multicast-client command to disable the NTP
multicast client mode.
Syntax
ntp-service multicast-client [ ip-address ]

undo ntp-service multicast-client [ ip-address ]
Parameters
ip-address
Default
By default, the multicast client service is disabled.
Example
Configure to receive NTP multicast packets through VLAN interface 1, with the
corresponding multicast group address being 224.0.1.1.
Multicast IP address. If not specified, it defaults to

224.0.1.1.
[S4200G-Vlan-Interface1] ntp-service multicast-client 224.0.1.1
View
Description
VLAN Interface view
Designate an interface on the local Switch to receive NTP multicast messages and
operate in multicast client mode. The local Switch listens to the multicast from the
server. When it receives the first multicast packet, it starts a brief client/server mode to
switch messages with a remote server for estimating the network delay. Thereafter,
the local Switch enters multicast client mode and continues listening to the multicast
and synchronizes the local clock according to the arrived multicast message.

Command Reference
ntp-service multicast-server 497
ntp-service multicast-server
Purpose
Use the ntp-service multicast-server command to configure an Ethernet switch

to operate in NTP multicast server mode.
Use the undo ntp-service multicast-server command to disable NTP multicast
server mode.
Syntax
ntp-service multicast-server [ ip-address ] [ authentication-keyid

keyid ] [ ttl ttl-number ] [ version number ]*
undo ntp-service multicast-server [ ip-address ]
Parameters
ip-address
Multicast IP address, which defaults to 224.0.1.1.
Specifies authentication key.
keyid
Specifies Key ID used in multicast. Valid values are 1 to

4294967295.
ttl
Defines the time to live of a multicast packet.
ttl-number
Specifies the ttl of a multicast packet. Valid values are 1

to 255 and defaults to 16.
version
Defines the NTP version.
number
Specifies the NTP version number. Valid values are 1 to

3. If not specified, the default is 3.
Default
By default, an Ethernet switch does not operate in multicast server mode.
Example
Configure to send NTP multicast packets through VLAN interface 1, with the
multicast group address being 224.0.1.1, the key numbered 4 used for encryption,
and the NTP version number set to 3.
[S4200G-Vlan-Interface1]ntp-service multicast-server 224.0.1.1
authentication-keyid 4 version 3
View
Description
VLAN Interface view
Designate an interface on the local equipment to transmit NTP multicast packet. The
local equipment operates in multicast-server mode and multicasts packets regularly to
its clients.
498 ntp-service reliable authentication-keyid

Command Reference
ntp-service reliable authentication-keyid

Purpose
Use the ntp-service reliable authentication-keyid command to

specify an authentication key to be a trusted key.
Use the undo ntp-service reliable authentication-keyid command
to cancel the configuration.
Syntax
ntp-service reliable authentication-keyid key-id

undo ntp-service reliable authentication-keyid key-id
Parameters
key-id
Default
By default, an authentication key is not a trusted key.
Example
Enable NTP authentication, with MD5 algorithm adopted, key ID being 37, the key of
BetterKey and being a trusted key.
Authentication key ID. Valid values are 1 to

4294967295.
[S4200G] ntp-service authentication enable
[S4200G] ntp-service authentication-keyid 37 authentication-mode md5
BetterKey
[S4200G] ntp-service reliable authentication-keyid 37
View
Description
System view
If authentication is enabled, a client can only be synchronized to a server that can

provide a trusted key.

Command Reference
ntp-service source-interface 499
ntp-service source-interface
Purpose
Use the ntp-service source-interface command to designate an interface to

transmit NTP message.
Use the undo ntp-service source-interface command to cancel the current
setting.
Syntax
ntp-service source-interface { interface-name | interface-type

interface-number }
undo ntp-service source-interface
Parameters
vlan-interface
Example
Specify the source IP addresses of all the NTP packets sent to be the IP address of
VLAN interface 1.
VLAN interface through which NTP packets are to be

sent.
[S4200G] ntp-service source-interface Vlan-Interface 1
View
Description
System view
The source address specifies where the packets are transmitted from.
You can use this command to designate an interface to transmit all the NTP packets
and take the source address of these packets from its IP address. If you do not want
any other interface to receive the acknowledgement packets, use this command to
specify one interface to send all the NTP packets.
500 ntp-service unicast-peer

Command Reference
ntp-service unicast-peer
Purpose
Use the ntp-service unicast-peer command to be an active NTP peer.

Use the undo ntp-service unicast-peer command to cancel NTP peer mode.
Syntax
ntp-service unicast-peer { remote-ip | string } [ authentication-keyid

key-id | priority | source-interface Vlan-interface
vlan-interface-number | version number ]
undo ntp-service unicast-peer { remote-ip | string }
Parameters
remote-ip
IP address of the peer. This argument can only

be a host address instead of a broadcast
address, a multicast address or the IP address
of a reference clock.
string
Peer name, a string comprising 1 to 20

characters.
version number
Defines the NTP version number. Valid values

are 1 to 3.
Defines authentication key. By default, the

authentication is not enabled.
keyid
Defines the key ID used for transmitting

messages to a remote server. Valid values are 1
to 4294967295.
source-interface
Vlan-interface
Specifies an interface whose IP address is to be

used as the IP addresses of the NTP packets
sent to the peer.
vlan-interface-number
Number of the VLAN interface.
priority
Specified the peer identified by the remote-ip

argument to be the preferred peer for
synchronization. By default, a peer is not a
preferred peer.
Default
By default, an Ethernet switch is not an active NTP peer.
Example
Configure the switch to obtain time information from the peer with the IP of
128.108.22.44. The local peer can also provide time information to the remote peer.
Set the NTP version number to 3. The source IP addresses of NTP packets sent are that
of VLAN interface 1.

Command Reference
ntp-service unicast-peer 501
[S4200G] ntp-service unicast-peer 128.108.22.44 version 3

source-interface Vlan-Interface 1
View
Description
System view
This command sets the remote server at ip-address as a peer of the local
equipment, which operates in symmetric active mode. ip-address specifies a host
address other than an IP address of broadcast, multicast, or reference clock. By
operating in this mode, a local device can synchronize and be synchronized by a
remote server.
Note:
If you specify a remote server to be the peer of the local Ethernet switch by providing
the remote-ip argument in the ntp-service unicast-peer command, the local switch
operates in the active peer mode. In this case, the local switch and the remote server
can be synchronized to each other.
502 ntp-service unicast-server

Command Reference
ntp-service unicast-server
Purpose
Use the ntp-service unicast-server command to configure an Ethernet switch to

operate in NTP server mode.
Use the undo ntp-service unicast-server command to disable NTP server mode.
Syntax
ntp-service unicast-server { remote-ip | string } [

authentication-keyid key-id | priority | source-interface Vlaninterface vlaninterface-number | version number ]
undo ntp-service unicast-server { remote-ip | string }
Parameters
remote-ip
IP address of an NTP server. This argument can only be

a host address instead of a broadcast address,
multicast group address or the IP address of a
reference clock.
string
Peer host name, a string comprising 1 to 20 characters.
number
Defines the NTP version number. Valid values are 1

to 3.
Specifies the key ID used when sending messages to

the NTP server
keyid
The key-id argument ranges from 1 to 4294967295.

By default, the authentication is enabled.
priority
Specifies the server identified by the remote-ip

argument is the preferred server. By default, a server is
not preferred.
source-interface
Specifies an interface whose IP address is to be used as

the source IP addresses of the NTP packets sent by the
local device to the server.
vlan-interface-number
Interface number.
version
Specifies the NTP version.
number
The version number argument ranges from 1 to 3 and

defaults to 3.
Default
By default, an Ethernet switch does not operate in NTP server mode.
Example
Configure the local device to be synchronized to the NTP server using the IP address
of 128.108.22.44, with the version number set to 3.
[S4200G] ntp-service unicast-server 128.108.22.44 version 3

Command Reference
View
ntp-service unicast-server 503
Description
System view
An Ethernet can operate as a client and be synchronized to the remote NTP server
identified by the remote-ip argument. Note that an NTP server will not be
synchronized to the local switch.
504 open

Command Reference
open
Purpose
Use the open command to establish a control connection with an FTP server.
Syntax
open { ip-address | server-name } [ port ]
Parameters
ip-address
IP address of an FTP server
server-name
Host name of the FTP server, a string comprising 1 to

20 characters
port
Port number on the remote FTP server, ranging from 0

to 65535. The default value is 21.
Example

<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Establish a control connection with the FTP server whose IP address is 1.1.1.1.
[ftp]open 1.1.1.1
Trying ...
Connected.
User(none):abc
Password:
View
Related Command
FTP Client view
close

Command Reference
packet-filter 505
packet-filter
Purpose
Use the packet-filter command to define the packet filter function in the QoS
profile.
Use the undo packet-filter command to disable the definition of the packet
filter function in the QoS profile.
Syntax
packet-filter inbound acl-rule

undo packet-filter inbound acl-rule
Parameters
inbound
Indicates that filter is performed on the packets

received on the port.
acl-rule
Specifies the issued ACL rules which can be the

combination of various ACL rules. The way of
combination is described in the following table:
Table 86 The ways of issuing combined ACLs
Example
The way of combination
The form of acl-rule
Issue all the rules in an IP ACL separately
ip-group acl-number
Issue a rule in an IP ACL separately
ip-group acl-number rule rule
Issue all the rules in a Link ACL separately
link-group acl-number
Issue a rule in a Link ACL separately
link-group acl-number rule rule
Issue a rule in an IP ACL and a rule in a Link ACL at

the same time

To add the packet filter function in the QoS profile named h3c to filter the received
packets matching with ACL 4000 rules, enter the following:
[S4200G] qos-profile h3c
[S4200G-qos-profile-h3c] packet-filter inbound link-group 4000
View
QoS Profile view
506 packet-filter

Command Reference
packet-filter
Purpose
Use the packet-filter command to apply ACL rules on the port to filter packets.
Use the undo packet-filter command to remove the ACL rules applied on the
port.
Syntax
packet-filter inbound acl-rule

undo packet-filter inbound acl-rule
Parameters
inbound
Applied ACL rules, which can be the combination of

different types of ACL
acl-rule
The following table describes the ACL combinations.
Table 87 Combined Application of ACLs
Example
Combination mode
Form of acl-rule
Apply all rules in an IP type ACL separately
ip-group acl-number
Apply one rule in an IP type ACL separately
Apply all rules in a Link type ACL separately
Apply one rule in a Link type ACL separately
Apply one rule in an IP type ACL and one rule in a Link

type ACL simultaneously
ip-group acl-number rule rule link-group

acl-number rule rule
Apply ACL 2100 on GigabitEthernet 1/0/1 to filter packets.

[S4200G-GigabitEthernet1/0/1] packet-filter inbound ip-group 2000
View
Ethernet Port view

Command Reference
parity 507
parity
Purpose
Use the parity command to set the check mode of the user interface.
Use the undo parity command to revert to the default check mode.
Syntax
parity { even | mark | none | odd | space }

undo parity
Parameters
even
Performs even checks.
mark
Performs mark checks.
none
Does not check.
odd
Performs odd checks.
space
Performs space checks.
Default
By default, no check is performed.
Example
Set to perform mark checks.

[S4200G-ui-aux0] parity mark
View
Description
User Interface view
The parity and undo parity commands can only be used in AUX User
Interface view.
508 passive

Command Reference
passive
Purpose
Use the passive command to set the data transmission mode to be passive mode.
Use the undo passive command to set the data transmission mode to be active
mode.
Syntax
passive
undo passive
Parameters
None
Default
By default, the data transmission mode is passive mode
Example
Set the data transmission to passive mode.

<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:*****
[ftp] passive
% Passive is on
View
FTP Client view

Command Reference
password 509
password
Purpose
Use the password command to configure or change the system login password
for a user.
Syntax
password
Parameters
None.
Example
Configure the system login password for the user test to 9876543210.
S4200G<S4200G> system-view
S4200G[S4200G] local-user test
[S4200G-luser-test] password
Password:**********
confirm:**********
Change the system login password for the user test to 0123456789.
[S4200G-luser-test]password
Password:**********
Confirm :**********
Updating the password file ,please wait ...
View

n
Local User view
510 password

Command Reference
password
Purpose
Use the password command to set a password for the local users.
Use the undo password command to cancel the specified password display mode.
Syntax
password { simple | cipher } password

undo password
Parameters
Example
simple
Specifies to display passwords in simple text.
cipher
Specifies to display passwords in cipher text
password
For simple mode, the password must be in plain

text. A password in plain text can be a string with
no more than 63 consecutive characters, for
example, aabbcc.
For cipher mode, the password can be either in

cipher text or in plain text, which it is depends on
your input. A password in cipher text can be a
string with 1 to 63 characters, or 88 characters, for
example, _(TT8F]Y\5SQ=^Q`MAF4<1!!.
To set the password of user1 to 20030422 and to specify that the password be
displayed in plain text, enter the following:
[S4200G-luser-user1] password simple 20030422
22
View
Local User View
Description
After the local-user password-display-mode cipher-force command is

executed, the password will be displayed in cipher text even though you use the
password command to set the display mode of the password to simple.
Related Command
display local-user

Command Reference
peer-public-key end 511
peer-public-key end
Purpose
Use the peer-public-key end command to return to system view from public key
view.
Syntax
peer-public-key end
Parameters
None
Example
Exit from public key view.

[S4200G] rsa peer-public-key S4200G003
[S4200G-rsa-public-key] peer-public-key end
[S4200G]
View
Related Commands
Public Key view
public-key-code begin
rsa peer-public-key
512 ping

Command Reference
ping
Purpose
Use the ping command to check the IP network connection and the reachability of
the host.
Syntax
ping [ -a ip-address ] [-c count ] [ -d ] [ -f ] [ -h ttl ] [ -i [ null

null-interface-number ] | [ Vlan-interface vlan-interface-number ] ] [
ip ] [ -n ] [ - p pattern ] [ -q ] [ -r ] [ -s packetsize ] [ -t timeout
] [ -tos tos ] [ -v ] host
Parameters
-a ip-address
Specifies the source IP address to transmit ICMP

ECHO-REQUEST.
-c: count
Specifies how many times the ICMP ECHO-REQUEST

packet will be transmitted, ranging from 1 to
4294967295.
-d
Configures the socket to be in DEBUGGING mode. By

default, it is non-DEBUGGING mode.
-f
Specifies to discard a packet directly instead of

fragmenting it if its length is greater than the MTU
(maximum transmission unit) of the interface.
-h ttl
Configures TTL value for echo requests to be sent,

range from 1 to 255. By default, the TTL value is 255.
-i
Selects the port to send the packets.
null-interfacenumber
Null interface number.
vlan-interfacenumber
VLAN interface number.
interface-name
Specifies the interface name.
ip
Chooses IP ICMP packet.
-n
-p
-q
-r
Specifies to regard the host argument as an IP

address without performing domain name resolution.
By default, the host argument is first regarded as an
IP address. If it is not an IP address, domain name
resolution is performed.
Pattern - Specifies the padding byte pattern of the
ICMP ECHO-REQUEST packets. The pattern
argument is a byte in hexadecimal. For example, -p ff
fills a packet with only ff. By default, the system fills a
packet with 0x01, 0x02, and so on, until 0x09; then it
repeats this procedure from 0x01 again.
Specifies to display only the statistics and not to
display the details. By default, all the information
including the details and statistics will be displayed.
Specifies to record the routes. By default, the system
does not record any routes.

Command Reference
ping 513
-s packetsize
-t timeout
-tos tos
host
Example
Sets the timeout time (in ms) waiting for an ICMP

ECHO-REPLY packet after an ICMP
ECHO-REQUEST packet is sent. The timeout
argument ranges from 0 to 65535 and defaults to
2,000 ms.
Sets the ToS value of the ICMP ECHO-REQUEST
packets in the range of 0 to 255. By default, this value
is 0.
Specifies to display other ICMP packets received
(that is, non-ECHO-REPLY packets) as well as the
ECHO-REPLY packets. By default, except for the
ECHO-REPLY packets, other ICMP packets are not
displayed.
-v
Default
Specifies the size (in bytes) of each ICMP

ECHO-REQUEST packet (excluding the IP and
ICMP headers). The packetsize argument ranges
from 20 to 32,000 and defaults to 56 bytes.
Destination host domain name or IP address.
By default, when the parameters are not specified:
the ECHO-REQUEST message will be sent for 5 times
socket is not in DEBUGGING mode
the TTL value for echo requests is 255
host will be treated as IP address first. If it is not an IP address, perform domain

name resolution
the default padding operation starts from 0x01 and ends on 0x09 (progressively),
then performs again,
show all the information including statistics
routes are not recorded
send ECHO-REQUEST according to route selection
default length of ECHO-REQUEST is 56 bytes
default timeout of ECHO-RESPONSE is 2000 ms
do not display other ICMP packets (non ECHO-RESPONSE)
the TOS value of echo requests is 0
Check whether the host 202.38.160.244 is reachable.

<S4200G>ping 202.38.160.244
ping 202.38.160.244 : 56 data bytes
Reply from 202.38.160.244 : bytes=56
Reply from 202.38.160.244 : bytes=56
Reply from 202.38.160.244 : bytes=56
Reply from 202.38.160.244 : bytes=56
Reply from 202.38.160.244 : bytes=56
--202.38.160.244 ping statistics-5 packets transmitted
5 packets received
sequence=1
sequence=2
sequence=3
sequence=4
sequence=5
ttl=255
ttl=255
ttl=255
ttl=255
ttl=255
time
time
time
time
time
=
=
=
=
=
1ms
2ms
1ms
3ms
2ms
514 ping

Command Reference
0% packet loss
round-trip min/avg/max = 1/2/3 ms
View
Description
Description
Any view
By default, when the parameters are not specified:
the ECHO-REQUEST message will be sent for 5 times
socket is not in DEBUGGING mode
the TTL value for echo requests is 255
host will be treated as IP address first. If it is not an IP address, perform domain

name resolution
the default padding operation starts from 0x01 and ends on 0x09 (progressively),
then performs again,
show all the information including statistics
routes are not recorded
send ECHO-REQUEST according to route selection
default length of ECHO-REQUEST is 56 bytes
default timeout of ECHO-RESPONSE is 2000 ms
do not display other ICMP packets (non ECHO-RESPONSE)
the TOS value of echo requests is 0
The executing procedure of the ping command is as follows: First, the source host
sends an ICMP ECHO-REQUEST packet to the destination host. If the connection
to the destination network is normal, the destination host receives this packet and
responds with an ICMP ECHO-REPLY packet.
You can use the ping command to check the network connectivity and the quality
of a network line. This command can output the following information:
Response status of the destination to each ICMP ECHO-REQUEST packet. If

no response packet is received within the timeout time, including the number of
bytes, packet sequence number, TTL and response time of the response
packet. If no response packet is received within the timeout time, the message
"Request time out" is displayed instead.
Final statistics, including the numbers of sent packets and received response
packets, the irresponsive packet percentage, and the minimum, average and
maximum values of response time.
You can set a relatively long timeout time waiting for response packet if the
network transmission is slow.
Related Command
tracert

Command Reference
port 515
port
Purpose
Using the port command, you can add one port or one group of ports to a VLAN.
Using the undo port command, you can cancel one port or one group of ports from
a VLAN.
Syntax
port interface-list
undo port interface-list
Parameters
interface-list
&<1-10>
List of Ethernet ports to be added to or deleted from a

certain VLAN, expressed as interface-list =
{ interface-type interface-num
[ to interface-type interface-num ]
}&<1-10>.
interface-type is the port type.
interface-num is the port number
to is the keyword that specifies a group of

successive ports. The port number to the right of
the to keyword must be larger than or equal to
the one to the left of the keyword.
Represents the repeatable times of parameters. A

value of 1 is the minimum and 10 is the maximum.
CAUTION: The port command is only applicable to access ports. To add trunk ports
and hybrid ports to a VLAN, use the port trunk permit vlan and port
hybrid vlan commands in Ethernet port view.
Default
By default, all the ports belong to the default VLAN.
Example
Add GigabitEthernet1/0/1 through GigabitEthernet1/0/4 ports to VLAN 2.

[S4200G] vlan 2
[S4200G-vlan2] port GigabitEthernet1/0/1 to GigabitEthernet1/0/4
View
VLAN view
516 port access vlan

Command Reference
port access vlan

Purpose
Use the port access vlan command to assign the access port to a specified VLAN.
Use the undo port access vlan command to remove the access port from the
specified VLAN.
Syntax
port access vlan vlan_id

undo port access vlan
Parameters
vlan_id
Example
Add the GigabitEthernet port 1/0/1 to VLAN3.
Specifies a VLAN ID. Valid values are 1 to 4094. (You

must specify the ID of an existing VLAN.)
<S4200G>system-view
[S4200G]vlan 3
[S4200G-vlan3]quit
[S4200G-GigabitEthernet1/0/1]port access vlan 3
View
Ethernet Port view

Command Reference
port hybrid pvid vlan 517
port hybrid pvid vlan

Purpose
Use the port hybrid pvid vlan command to configure the default VLAN ID of the
hybrid port.
Use the undo port hybrid pvid command to restore the default VLAN ID of the
hybrid port.
Syntax
port hybrid pvid vlan vlan_id

undo port hybrid pvid
Parameters
vlan_id
Default
To guarantee the proper packet transmission, the default VLAN ID of the local hybrid
port should be identical with that of the hybrid port on the peer switch.
Example
Set the default VLAN ID for the GigabitEthernet1/0/1 hybrid port as 100.
Specifies a VLAN ID. Valid values are 1 to 4094.

If not specified, the default value is 1.
<S4200G>system-view
[S4200G-GigabitEthernet1/0/1]port hybrid pvid vlan 100
View
Related Command
Ethernet Port view
port link-type
518 port hybrid vlan

Command Reference
port hybrid vlan

Purpose
Use the port hybrid vlan command to add the port to the specified VLAN(s). The
port needs to have been made a hybrid port before you can do this. See the related
command below.
Use the undo port hybrid vlan command to remove the port from the specified
VLAN(s).
Syntax
port hybrid vlan vlan-id-list { tagged | untagged }

undo port hybrid vlan vlan-id-list
Parameters
vlan-id-list
vlan-id-list = [ vlan-id1 [ to vlan-id2 ]

]&<1-10>, specifies the VLAN range to which the
hybrid ports are added. vlan-id is in the range of 1

to 4094 and can be discrete. &<1-10> means you can
enter the parameter for ten times, at most.
You can enter up to ten vlan_id parameters in one
port hybrid vlan command.
Example
tagged
Specifies to tag the port for the specified VLAN.
untagged
Specifies to leave the port untagged for the specified

VLAN.
Add the GigabitEthernet1/0/1 hybrid port to VLAN 2, VLAN 5 and VLAN 50 through
VLAN 100, with tags assigned to their packets.
<S4200G>system-view
[S4200G-GigabitEthernet1/0/1]port hybrid vlan 2 4 50 to 100 tagged
View
Ethernet Port view
Description
A hybrid port can belong to multiple VLANs. A port can only be added to a VLAN if
the VLAN has already been created. When you use the command several times, all
VLANs specified in the commands will be allowed to pass the port.
Related Command
port link-type

Command Reference
port isolate 519
port isolate
Purpose
Use the port isolate command to add an Ethernet port to the isolation group.
Use the undo port isolate command to remove an Ethernet port from an isolation
group.
Syntax
port isolate
undo port isolate
Parameters
None
Default
By default, a port is not in an isolation group, namely Layer 2 forwarding is achievable

between this port and other ports.
Example
Add GigabitEthernet1/0/1 port to the isolation group.

<S4200G>system-view
[S4200G-GigabitEthernet1/0/1] port isolate
Remove GigabitEthernet1/0/1 port from the isolation group.

[S4200G-GigabitEthernet1/0/1] undo port isolate
View
Ethernet Port view
520 port link-aggregation group

Command Reference
port link-aggregation group

Purpose
Use the port link-aggregation group agg_id command to add an Ethernet port
to a manual or static aggregation group.
Use the undo port link-aggregation group command to delete an Ethernet port
from a manual or static aggregation group
Syntax
port link-aggregation group agg-id

undo port link-aggregation group
Parameters
agg-id
Example
Add the port GigabitEthernet 1/0/1 to aggregation group 22.
[S4200G-GigabitEthernet1/0/1] port link-aggregation group 22
View
Related Command
Ethernet Port view

Command Reference
port link-type 521
port link-type
Purpose
Use the port link-type command to configure the link type of the Ethernet port.
Use the undo port link-type command to restore the default link type, that is,
access.
Syntax
port link-type { access | hybrid | trunk }

undo port link-type
Parameters
access
Specifies to configure the port as an access port.
hybrid
Specifies to configure the port as a hybrid port
trunk
Specifies to configure the port as a trunk port.
Default
By default, the link type for all ports is access.
Example
To configure the Ethernet port Ethernet1/0/1 as a trunk port, enter the following:
<S4200G>system-view
[S4200G-Ethernet1/0/1]port link-type trunk
View
Description
Ethernet Port view
You can configure the three types of ports on the same device. However, note that
you cannot directly switch a port between trunk and hybrid and you must set the port
as access before the switching. For example, to change a trunk port to hybrid, you
must first set it as access and then hybrid.
522 port-security enable

Command Reference
port-security enable
Purpose
Use the port-security enable command to enable port security.

Use the undo port-security enable command to disable port security.
Syntax
undo port-security enable
Parameters
None
Default
By default, port security is disabled.
Example
Enter system view.

Enable port security.

Notice: the port-control of 802.1x will be restricted to auto when
port-security enabled.
Please wait... Done.
View
Description
System view
CAUTION: To avoid confliction, the following limitation on the 802.1x and the MAC
address authentication will be taken after port security is enabled:
The access control mode (set by the dot1x port-control command) automatically
changes to auto.
The dot1x port-method command can be successfully executed only when no user
is online.
The dot1x, dot1x port-method, dot1x port-control and mac-authentication

commands cannot be used.

Command Reference
port-security intrusion-mode 523
port-security intrusion-mode
Purpose
Use the port-security intrusion-mode command to set the action mode of

the Intrusion Protection feature.
Use the undo port-security intrusion-mode command to cancel the set
action mode.
Syntax
port-security intrusion-mode { disableport | disableport-temporarily |

blockmac }
undo port-security intrusion-mode
Parameters
disableport
Represents permanently disabling the port and

sending trap message.
disableport-temporarily
Represents temporarily disabling the port, re-enabling

the port after a prescribed period, and sending trap
message.
blockmac
Represents discarding the packets with illegal source

MAC addresses, and sending trap messages.
Default
By default, no security mode is configured.
Example
Enter system view.



[[S4200G] interface GigabitEthernet1/0/1
Set the action mode of the Intrusion Protection feature on GigabitEthernet1/0/1 port
to disableport.
[S4200G-GigabitEthernet1/0/1] port-security intrusion-mode disableport
View
Description
Ethernet Port view
In the disableport-temporarily mode, users can configure a temporary port by

disconnecting time with the port-security timer disableport command.
524 port-security intrusion-mode

Command Reference
By way of checking the source MAC addresses of the data frames received on a port,
the Intrusion Protection feature discovers illegal packets and takes appropriate action
(temporarily/permanently disabling the port, or filtering out the packets with these
source MAC addresses) to guarantees the security on the port.
The illegal packets include:
Packets with unknown source MAC addresses received when MAC address
learning is disabled on the port
Packets with unknown source MAC addresses received when the number of MAC
addresses on the port has reached the set maximum number of MAC addresses
allowed to access the port.
Packets received from users who fail the authentication.
The action mode of the Intrusion Protection feature can be set to disableport,
disableport-temporarily or blockmac. For the
disableport-temporarily mode, you can set the time during which the system
temporarily disables a port by using the port-security timer disableport
command.
Related Command
port-security timer disableport

Command Reference
port-security max-mac-count 525
port-security max-mac-count
Purpose
Use the port-security max-mac-count command to set the maximum

number of MAC addresses allowed to access the port.
Use the undo port-security max-mac-count command to cancel this limit.
Syntax
port-security max-mac-count count-value

undo port-security max-mac-count
Parameters
count-value
Default
By default, there is no limit on the number of MAC addresses allowed to access the
port.
Example
Enter system view
Maximum number of MAC addresses.

This argument is 0 by default, which represents there is
no limit on the number of MAC addresses.


Set the maximum number of MAC addresses allowed to access the port to 100.
[S4200G-GigabitEthernet1/0/1] port-security max-mac-count 100
View
Description
Ethernet Port view
Use the port-security max-mac-count command to set the maximum number of MAC
addresses allowed to access the port. The number is the sum of the following:
The MAC address which pass the 802.1x authentication
The MAC address which pass the MAC address authentication
Security MAC address
CAUTION: The maximum number of MAC addresses set by this command does not
include the number of the static MAC address entries set manually.
526 port-security max-mac-count
Related Commands

Command Reference
port-security port-mode

Command Reference
port-security ntk-mode 527
port-security ntk-mode
Purpose
Use the port-security ntk-mode command to set the packet transmission

mode of the Need to Know (NTK) feature.
Use the undo port-security ntk-mode command to cancel the setting.
Syntax
port-security ntk-mode { ntkonly | ntk-withbroadcasts |

ntk-withmulticasts }
undo port-security ntk-mode
Parameters
ntkonly
Allows the system to transmit only unicast packets

with successfully authenticated destination MAC
addresses.
ntk-withbroadcasts
Allows the system to transmit the broadcast packets

and the unicast packets with successfully
authenticated destination MAC addresses.
ntk-withmulticasts
Allows the system to transmit the multicast packets,

broadcast packets and the unicast packets with
successfully authenticated destination MAC addresses.
Default
By default, no packet transmission mode of the NTK feature is set on the port.
Example
Enter system view.



Set the packet transmission mode of the NTK feature to ntkonly on the current port.
[S4200G-GigabitEthernet1/0/1] port-security ntk-mode ntkonly
View
Description
Ethernet Port view
By way of checking the destination MAC addresses of the data frames to be sent
from a port, this feature ensures that only successfully authenticated devices can
528 port-security ntk-mode

Command Reference
obtain data frames from the port so as to prevent illegal devices from filching
network data.
The packet transmission mode of the NTK feature can be set to ntkonly,
ntk-withbroadcasts or ntk-withmulticasts.
CAUTION: The port-security ntk-mode command and the unknown-multicast drop
enable command (which enables the unknown multicast packet drop function),
cannot be used together. Or else, the system prompts a failure.

Command Reference
port-security OUI 529
port-security OUI
Purpose
Use the port-security OUI command to set an OUI value for authentication.
Use the undo port-security OUI command to cancel an OUI value setting.
Syntax
port-security OUI OUI-value index index-value

undo port-security OUI index id-value
Parameters
OUI-value
OUI value. You can input a complete MAC address (in

hexadecimal) for this argument and the system will
calculate the OUI value from your input.
index-value
OUI index. Valid values are 1 to 16.
The organizationally unique identifiers (OUIs) are assigned by IEEE to different

equipment providers. Each OUI uniquely identifies an equipment provider in the
world and is the higher 24 bits of MAC address.
You need only to input a complete hexadecimal MAC address in this command, and
the system will automatically convert the address to binary format and then take the
higher 24 bits of the resulting binary data as the OUI value.
Example
Enter system view.

Set an OUI value by specifying the MAC address 00ef-ec00-0000, and set the OUI
index to five.
[S4200G] port-security oui 00ef-ec00-0000 index 5
View
System view
Description
CAUTION: The OUI value set by this command takes effect only when the security
mode of the port is set to userlogin-withoui (by the port-security port-mode
command).
Related Command
530 port-security port-mode

Command Reference
Purpose
Use the port-security port-mode command to set the security mode of the
port.
Use the undo port-security port-mode command to restore the normal
operating mode of the port.
Syntax
port-security port-mode mode

undo port-security port-mode
Parameters
mode
Default
By default, no security mode is set on the port.
Example
Enter system view.
Security mode of the port. See Table 88for the values

of this argument.


Set the security mode on GigabitEthernet1/0/1 port to userlogin.

[S4200G-GigabitEthernet1/0/1] port-security port-mode userlogin
View
Description
Ethernet Port view
Table 88describes the available security modes in details:

Command Reference
port-security port-mode 531
Table 88 Description of the port security modes

Security mode
Description
Feature
autolearn
the learned MAC addresses will be

changed to Security MAC addresses.
In this mode, only

the NTK and
Intrusion Protection
features take effect.
This security mode will automatically

change to the secure mode after the
system has learned the maximum number
of Security MAC from this port, and new
Security MAC cannot be added.
The packets whose original MAC
addresses are not the current Security
MAC addresses cannot pass the port.
secure
In this mode, the system is disabled from

learning MAC addresses from this port.
Only the packets whose original MAC
addresses are the configured static MAC
addresses can pass the port.
userlogin
In this mode, port-based 802.1x

In this mode, the
authentication is performed for connected NTK and Intrusion
users.
Protection features
do not take effect.
userlogin-secure
The port opens only after the access user

passes the 802.1x authentication. Even
after the port opens, only the packets of
the successfully authenticated user can
pass through the port.
In this mode, only one
802.1x-authenticated user is allowed to
access the port.
When the port changes from the normal
mode to this security mode, the system
automatically removes the already existing
dynamic MAC address entries and
authenticated MAC address entries on the
port.
userlogin-withoui
This mode is similar to the userlogin-secure

mode, except that there can be one
OUI-carried MAC address being
successfully authenticated in addition to
the single 802.1x-authenticated user who
is allowed to access the port.
When the port changes from the normal
mode to this security mode, the system
automatically removes the already existing
dynamic/authenticated MAC address
entries on the port.
mac-authentication
In this mode, MAC addressbased

authentication is performed for access
users.
userlogin-secure-or-mac
In this mode, the two kinds of

authentication in mac-authentication and
userlogin-secure modes can be performed
simultaneously. If both kinds of
authentication succeed, the
userlogin-secure mode takes precedence
over the mac-authentication mode.
userlogin-secure-else-mac
In this mode, first the MAC-based

authentication is performed. If this
authentication succeeds, the
mac-authentication mode is adopted, or
else, the authentication in userlogin-secure
mode is performed.
In these modes, only

the NTK and
Intrusion Protection
features take effect.
532 port-security port-mode

Command Reference
Table 88 Description of the port security modes (continued)

Security mode
Description
userlogin-secure-ext
This mode is similar to the userlogin-secure

mode, except that there can be more than
one 802.1x-authenticated user on the
port.
userlogin-secure-or-mac-ext
This mode is similar to the

userlogin-secure-or-mac mode, except
that there can be more than one
802.1x-authenticated user on the port.
userlogin-secure-else-mac-ext
This mode is similar to the

userlogin-secure-else-mac mode, except
that there can be more than one
802.1x-authenticated user on the port.
Feature

Command Reference
port-security timer disableport 533

Purpose
Use the port-security timer disableport command to set the time during
which the system temporarily disables a port.
Use undo port-security timer disableport command restore the default
time.
Syntax
port-security timer disableport timer

undo port-security timer disableport
Parameters
timer
Example
Set the time during which the system temporarily disables a port to 50 seconds.
Valid values for this argument are 20 to 300.

[S4200G] port-security timer disableport 50
View
Description
System view
The time set by the port-security timer disableport command takes effect when the
disableport-temporarily mode is set by the port-security intrusion-mode command.
534 port-security trap

Command Reference
port-security trap
Purpose
Use the port-security trap command to enable the sending of the specified
type(s) of trap messages.
Use the undo port-security trap command to disable the sending of the
specified type(s) of trap messages.
Syntax
port-security trap { addresslearned | intrusion | dot1xlogon |

dot1xlogoff | dot1xlogfailure | ralmlogon | ralmlogoff | ralmlogfailure
}*
undo port-security trap { addresslearned | intrusion | dot1xlogon |
dot1xlogoff | dot1xlogfailure | ralmlogon | ralmlogoff | ralmlogfailure
}*
Parameters
addresslearned
Enables/disables the sending of MAC address learning

trap messages.
intrusion
Enables/disables the sending of intrusion packet

discovery trap messages.
dot1xlogon
Enables/disables the sending of 802.1x user logon trap

messages.
dot1xlogoff
Enables/disables the sending of 802.1x user logoff trap

messages.
dot1xlogfailure
Enables/disables the sending of 802.1x user

authentication failure trap messages.
ralmlogon
Enables/disables the sending of RALM user logon trap

messages.
ralmlogoff
Enables/disables the sending of RALM user logoff trap

messages.
ralmlogfailure
Enables/disables the sending of RALM user

authentication failure trap messages.
RADIUS authenticated login using MAC-address (RALM) refers to MAC address-based

RADIUS authentication.
Default
By default, the system disables the sending of any types of trap messages.
Example
Enter system view.

Allow the sending of the intrusion packet discovery trap messages.

[S4200G] port-security trap intrusion

Command Reference
View
port-security trap 535
Description
System view
This command is designed based on the Device Tracking feature. The Device Tracking
feature enables the switch to send trap messages in case special data packets
(generated by special actions such as illegal intrusion, and abnormal user
logon/logoff) pass through a port for the convenience of network administrator to
monitor these special actions.
536 port trunk pvid vlan

Command Reference
port trunk pvid vlan

Purpose
Use the port trunk pvid vlan command to configure the default VLAN ID for a
trunk port.
Use the undo port trunk pvid command to restore the default VLAN ID for a trunk
port.
Syntax
port trunk pvid vlan vlan_id

undo port trunk pvid
Parameters
vlan_id
Default
The default VLAN ID of local trunk port should be consistent with that of the trunk
port on the peer switch, otherwise packets cannot be properly transmitted.
Example
To configure the trunk port Ethernet1/0/1 to the default VLAN of 100, enter the
following:
Specifies a VLAN ID. Valid values are 1 to 4094.

<S4200G>system-view
[SW4200G]interface GigabitEthernet 1/0/1
[SW4200G-GigabitEthernet1/0/1]port trunk pvid vlan 100
View
Related Command
Ethernet Port view
port link-type

Command Reference
port trunk permit vlan 537
port trunk permit vlan

Purpose
Use the port trunk permit vlan command to add a trunk port to one VLAN, a
selection of VLANs, or all VLANs.
Use the undo port trunk permit vlan command to remove the hybrid port from
one VLAN, a selection of VLANs or all VLANs.
Syntax
port trunk permit vlan {vlan-id-list | all}

undo port trunk permit vlan {vlan-id-list| all}
Parameters
Example
vlan-id
vlan-id-list = [ vlan-id1 [ to vlan-id2 ]

]&,1-10., specifies the VLAN range to which the trunk
ports are added. vlan-id is in the range of 1 to 4094
and can be discrete &,1-10. means you can enter the
parameter for ten times at most.
all
Adds the trunk port to all VLANs.
Add the GigabitEthernet1/0/1 trunk port to VLAN 2, VLAN 5 and VLAN 50 through
VLAN 100.
<S4200G>system-view
[SW4200G-GigabitEthernet1/0/1]port trunk permit vlan 2 4 50 to 100
Please wait...
Done.
View
Ethernet Port view
Description
A trunk port can belong to multiple VLANs. If the port trunk permit vlan
command is used many times, then the VLAN enabled to pass on trunk port is the set
of these vlan_id_list.
Related Command
port link-type
538 primary accounting

Command Reference
primary accounting
Purpose
Use the primary accounting command to set the IP address and port number for
the primary accounting server.
Use the undo primary accounting command to restore the default IP address and
port number of the primary RADIUS accounting server.
Syntax
primary accounting ip-address [ port-number ]

undo primary accounting
Parameters
Default
ip-address
Specifies the IP address in dotted decimal format.
port-number
Specifies the UDP port number. ranging from 1 to

65535.
By default, the IP address of the primary accounting server is 0.0.0.0 and the UDP
port number of the primary accounting service is 1813.
The IP address and UDP port number of the primary accounting server used by the
default RADIUS scheme system are 127.0.0.1 and 1646.
Example
To set the IP address and UDP port number of the primary accounting server of the
RADIUS scheme radius1 to 10.110.1.2 and 1813, enter the following:
New Radius scheme
[S4200G-radius-radius1] primary accounting 10.110.1.2 1813
View
Description
RADIUS Scheme view
After creating a RADIUS scheme, you are supposed to set IP addresses and UDP port
numbers for the RADIUS servers, including primary/second
authentication/authorization servers and accounting servers. In real networking
environments, the above parameters shall be set according to the specific
requirements. However, you must set at least one authentication/authorization server
and an accounting server. Besides, ensure that the RADIUS service port settings on the
Switch is consistent with the port settings on the RADIUS server.

Command Reference
Related Commands
primary accounting 539
key
radius scheme
state
540 primary authentication

Command Reference
Purpose
Use the primary authentication command to configure the IP address and port
number for the primary RADIUS authentication/authorization server.
Use the undo primary authentication command to restore the default IP address
and port number of the primary RADIUS authentication/authorization server.
Syntax
primary authentication ip-address [ port-number ]

undo primary authentication
Parameters
ip-address
port-number
Specifies UDP port number ranging from 1 to 65535.
Default
By default, the IP addresses of the primary authentication/authorization is at 0.0.0.0

and the UDP port for authentication/authorization service is 1812.
Example
To set the IP address and UDP port number of the primary

authentication/authorization server used by the RADIUS scheme radius1 to
10.110.1.1 and 1812, enter the following:
New Radius scheme
[S4200G-radius-radius1] primary authentication 10.110.1.1 1812
View
Description
RADIUS Server Group view
Note:
After creating a new RADIUS scheme, you should configure the IP address and
UDP port number of each RADIUS server you want to use in this scheme. These
RADIUS servers fall into two types: authentication/authorization, and accounting.
And for each kind of server, you can configure two servers in a RADIUS scheme:
primary and secondary servers. A RADIUS scheme has the following attributes: IP
addresses of the primary and secondary servers, shared keys, and types of the
RADIUS servers.
In an actual network environment, you can configure the above parameters as

required. But you should configure at least one authentication/authorization server
and one accounting server, and at the same time, you should keep the RADIUS
service port settings on the switch consistent with those on the RADIUS servers.

Command Reference
Related Commands
primary authentication 541
key
radius scheme
state
542 priority

Command Reference
priority
Purpose
Use the priority command to set the priority of Ethernet port.

Use the undo priority command to restore the default value.
Syntax
priority priority-level
undo priority
Parameters
priority-level
Default
The default priority level of a port is 0.
Example
To set the priority of the GigabitEthernet1/0/1 port to 7, enter the following:
Specifies the priority level of the port. Valid values are

0 to 7.
[S4200G-GigabitEthernet1/0/1] priority 7
View
Description
Ethernet Port view
This command is used to set the priority of Ethernet ports. After the command is
configured, the switch replaces the 802.1p priority carried in the packet with the
priority of the port receiving the packet. Then the switch places the packet in the
corresponding port output queue according to the new priority of the packet.

Command Reference
priority trust 543
priority trust
Purpose
Use the priority trust command to configure the precedence mapping mode on
the port of the switch.
Syntax
priority trust { cos [ automap ] | dscp [ automap | remap ] }
Parameters
cos [ automap ]
The mapping is performed based on 802.1p priority

and the mapping modes are as follows:
If automap is not input, it is the default mode in

which the switch does not replace the priority
carried in the packet with the mapped priority.
If automap is input, it is the automap mode in

which the switch replaces the priority carried in the
packet with the mapped priority.
dscp [ automap | remap]
The mapping is performed based on DSCP precedence,

and the mapping modes are as follows:
If keywords are not input after DSCP, it is the

default mode in which the switch does not replace
the priority carried in the packet with the mapped
priority.
If automap is input, it is the automap mode in

which the switch replaces the priority carried in the
packet with the mapped priority.
If remap is input, it is the remap mode. In this

mode, the switch firstly gets new DSCP precedence
by the "DSCP-> DSCP" mapping relationship, and
then searches "DSCP->other precedence" mapping
relationship through the new DSCP precedence,
and replaces the precedence carried in the packet
with the mapped precedence.
Default
By default, the switch trusts the port priority.
Example
To configure to map in remap mode on GigabitEthernet1/0/1 according to DSCP

precedence, enter the following:
[S4200G-GigabitEthernet1/0/1] priority-trust dscp remap
View
544 priority trust

Command Reference
Related Command
Ethernet Port view
priority

Command Reference
protocol inbound
Purpose
Use the protocol inbound command to configure the protocols supported in the
current user interface.
Syntax
protocol inbound { all | ssh | telnet }
Parameters
all
Supports all protocols, including Telnet and SSH.
ssh
Supports only SSH.
telnet
Supports only Telnet.
Default
By default, both SSH and Telnet are supported.
Example
Configure vty0 through vty4 to support SSH only.

[S4200G] user-interface vty 0 4
[S4200G-ui-vty0-4] protocol inbound ssh
View
Description
VTY User Interface view
After you use this command with SSH enabled, your configuration cannot take effect
till next login if no RSA key pair is configured.
CAUTION:
When SSH protocol is specified, to ensure a successful login, you must configure
the AAA authentication using the authentication-mode scheme command.
The protocol inbound ssh configuration fails if you configured

authentication-mode password and authentication-mode none.
When you configured SSH protocol successfully for the user interface, then you
cannot configure authentication-mode password and authentication-mode none
any more.
546 protocol inbound

Command Reference
protocol inbound
Purpose
Use the protocol inbound command to specify the protocols supported by the
user interface.
Syntax
protocol inbound { all | ssh | telnet }
Parameters
all
Supports all protocols, including Telnet and SSH.
ssh
Supports SSH protocol.
telnet
Supports Telnet protocol.
Default
Both Telnet protocol and SSH protocol are supported by default.
Example
Configure that only SSH protocol is supported in VTY 0.

[S4200G-ui-vty0] protocol inbound ssh
View
User Interface view
Description
Use the protocol inbound command in VTY User Interface view only.
Related Command
user-interface vty

Command Reference
protocol-priority protocol-type 547
protocol-priority protocol-type
Purpose
Use the protocol-priority command to set the global traffic priority that
applies to a given protocol.
Use the undo protocol-priority command to remove such a configuration.
Syntax
protocol-priority protocol-type protocol-type { ip-precedence

ip-precedence | dscp dscp-value }
undo protocol-priority protocol-type protocol-type
Parameters
protocol-type
protocol-type
ip-precedence
ip-precedence
dscp dscp-value
Example
Specifies the type of the protocol. Only TELNET, SNMP,

and ICMP are supported currently.
Specifies the value of IP precedence. Valid values are 0
to 7.
Specifies the value of DSCP precedence. Valid values
are 0 to 63.
To set the IP precedence of SNMP protocols to 3, enter the following:

[S4200G] protocol-priority protocol-type snmp ip-precedence 3
View
System view
548 public-key-code begin

Command Reference
Purpose
Use the public-key-code begin command to enter public key edit view and
input the client public key.
Syntax
Parameters
None
Example
Enter public key edit view and input client public keys.
[S4200G-rsa-public-key] public-key-code begin
[S4200G-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[S4200G-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[S4200G-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[S4200G-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[S4200G-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[S4200G-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[S4200G-key-code] public-key-code end
[S4200G-rsa-public-key]
View
Description
Related Commands
Public Key view
You can key in a blank space between characters (since the system can remove the
blank space automatically), or press <Enter> to continue your input at the next line.
But the public key, which is generated randomly by the SSH 2.0-supported client
software, should be composed of hexadecimal characters.
public-key-code end
rsa peer-public-key

Command Reference
Purpose
Use the public-key-code begin command to enter public key edit view and set
server public keys.
Syntax
Parameters
None
Example
Enter public key edit view and set server public keys.
[S4200G-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[S4200G-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[S4200G-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[S4200G-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[S4200G-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[S4200G-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[S4200G-key-code] public-key-code end
View
Description
Related Commands
Public Key view
You can key in a blank space between characters (since the system can remove the
blank space automatically), or press <Enter> to continue your input at the next line.
But the public key, which are generated randomly after you use the rsa
local-key-pair create command on the server, should be composed of
hexadecimal characters.
public-key-code end
rsa peer-public-key
550 public-key-code end

Command Reference
public-key-code end
Purpose
Use the public-key-code end command to return from public key edit view to
public key view and save the public keys you set.
Syntax
public-key-code end
Parameters
None
Example
Exit from public key edit view and save the public keys.
[S4200G]rsa peer-public-key zhangshan
[S4200G-rsa-public-key]public-key-code begin
[S4200G-rsa-key-code] public-key-code end
View
Description
Related Command
Public Key Edit view
After you use this command to terminate the public key editing, public key validity
will be checked before the keys are saved. If there are illegal characters in the keys,
the prompt will be given and the keys will be discarded. Your configuration this time
fails. If the keys are valid, they will be saved in the public key list of the client.
rsa peer-public-key

Command Reference
public-key-code end
Purpose
Use the public-key-code end command to return from public key edit view to
public key view and save the public keys you set.
Syntax
public-key-code end
Parameters
None
Example
Exit from public key edit view and save the public keys.
[S4200G-rsa-key-code] public-key-code end
View
Description
Related Commands
After you use this command to terminate the public key editing, public key validity
will be checked before the keys are saved. If there are illegal characters in the keys,
the prompt will be given and the keys will be discarded. Your configuration this time
fails. If the keys are valid, they will be saved in the public key list of the client.
rsa peer-public-key
552 put

Command Reference
put
Purpose
Use the put command to upload a local file to the remote SFTP server.
Syntax
put local-file [ remote-file ]
Parameters
local-file
Name of the source file at the local end.
remote-file
Name assigned to the file to be saved on the remote

SFTP server.
Example
Upload local file temp.c to the remote SFTP server and save it with the name temp1.c.
sftp-client> put temp.c temp1.c
View
Description
SFTP Client view
If no name is specified for the file to be saved on the remote SFTP server, the name of
the source file is used.

Command Reference
put 553
put
Purpose
Use the put command to upload a local file to the remote FTP server.
Syntax
put localfile [ remotefile ]
Parameters
local-file
Name of the source file at the local end.
remote-file
Name assigned to the file to be saved on the remote

FTP server.
Example
Upload local file temp.c to the remote STP server and save it with the name temp1.c.
<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
Upload the local file named temp.c to the FTP server.

[ftp] put temp.c temp1.c
200 Port command okay.
150 Opening ASCII mode data connection for temp.c.
226 Transfer complete.
FTP: 749881 byte(s) sent in 17.691 second(s) 42.00Kbyte(s)/sec.
View
Description
FTP Client view
If no name is specified for the file to be saved on the remote FTP server, the name of
the source file is used.
554 pwd

Command Reference
pwd
Purpose
Use the pwd command to display the current directory on the SFTP server.
Syntax
pwd
Parameters
None
Example
Display the current directory on the SFTP server.

sftp-client> pwd
flash:/
View
SFTP Client view

Command Reference
pwd 555
pwd
Purpose
Use the pwd command to display the current path. If the current path is not
configured, an error occurs when you execute this command.
Syntax
pwd
Parameters
None
Example
Display the current path.

<S4200G> pwd
unit1>flash:
View
User view
556 pwd

Command Reference
pwd
Purpose
Use the pwd command to display the current directory on the remote FTP Server.
Syntax
pwd
Parameters
None
Example
Show the current directory on the remote FTP Server.

<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:*****
[ftp] pwd
257 "flash:/temp" is current directory.
View
FTP Client view

Command Reference
qos cos-drop-precedence-map 557
qos cos-drop-precedence-map
Purpose
Use the qos cos-drop-precedence-map command to configure the

"COS->Drop-precedence" mapping relationship.
Use the undo qos cos-drop-precedence-map command to restore the
"COS->Drop-precedence" mapping relationship to the default value.
Syntax
qos cos-drop-precedence-map cos0-map-drop-prec cos1-map-drop-prec

cos2-map-drop-prec cos3-map-drop-prec cos4-map-drop-prec
cos5-map-drop-prec cos6-map-drop-prec cos7-map-drop-prec
undo qos cos-drop-precedence-map
Parameters
Default
cos0-map-drop-prec
Specifies the mapped value from COS 0 to the drop

precedence. Valid values are 0 to 1.
cos0-map-drop-prec

cos0-map-drop-prec

cos0-map-drop-prec

cos0-map-drop-prec

cos0-map-drop-prec

cos0-map-drop-prec

cos0-map-drop-prec

By default, the system provides the default "COS->Drop-precedence" mapping

relationship.
Table 89 The default "COS->Drop-precedence" mapping relationship
COS Value
Drop-precedence
558 qos cos-drop-precedence-map
Example

Command Reference
The configuration of the "COS->Drop-precedence" mapping relationship is described

in the following table.
Table 90 The "COS->Drop-precedence" mapping relationship
COS Value
Drop-precedence
The configuration procedure is as follows:

[S4200G] qos cos-drop-precedence-map 1 1 1 1 1 0 0 0
View
Description
System view
The switch will assign a set of service parameters to one packet according to a certain
rule when it receives the packet. Service parameters include CoS value, local
precedence and drop precedence. Service parameters are assigned according to the
802.1p priority of the packet. COS value is the 802.1p priority of the packet, and local
precedence and drop precedence are obtained through the "COS
->Local-precedence" mapping relationship and the "COS ->Drop-precedence"
mapping relationship respectively. You can use this command to modify the
"COS->Drop-precedence" mapping relationship as required.

Command Reference
qos cos-dscp-map 559
qos cos-dscp-map
Purpose
Use the qos cos-dscp-map command to configure the "COS->DSCP" mapping

relationship.
Use the undo qos cos-dscp-map command to restore the "COS->DSCP"
mapping relationship to the default value.
Syntax
qos cos-dscp-map cos0-map-dscp cos1-map-dscp cos2-map-dscp

cos3-map-dscp cos4-map-dscp cos5-map-dscp cos6-map-dscp cos7-map-dscp
undo qos cos-dscp-map
Parameters
Default
cos0-map-dscp
Sets the mapped value from COS 0 to DSCP. Valid

values are 0 to 63.
cos0-map-dscp

values are 0 to 63.
cos0-map-dscp

values are 0 to 63.
cos0-map-dscp

values are 0 to 63.
cos0-map-dscp

values are 0 to 63.
cos0-map-dscp

values are 0 to 63.
cos0-map-dscp

values are 0 to 63.
cos0-map-dscp

values are 0 to 63.
By default, the system provides the default "COS->DSCP" mapping relationship.

Table 91 The default "COS->DSCP" mapping relationship
COS Value
DSCP
16
24
32
40
48
56
560 qos cos-dscp-map
Example

Command Reference
The configuration of "COS->DSCP" mapping relationship is described in the

following table.
Table 92 The "COS->DSCP" mapping relationship
COS Value
DSCP

[S4200G] qos cos-dscp-map 0 1 2 3 4 5 6 7
View
System view

Command Reference
qos cos-local-precedence-map 561
qos cos-local-precedence-map
Purpose
Use the qos cos-local-precedence-map command to configure the

"COS->Local-precedence" mapping relationship.
Use the undo qos cos-local-precedence-map command to restore the
"COS->Local-precedence" mapping relationship to the default value.
Syntax
qos cos-local-precedence-map cos0-map-local-prec cos1-map-local-prec

cos2-map-local-prec cos3-map-local-prec cos4-map-local-prec
cos5-map-local-prec cos6-map-local-prec cos7-map-local-prec
undo qos cos-local-precedence-map
Parameters
Default
cos0-map-local-prec
Sets the mapped value from COS 0 to

local-precedence. Valid values are 0 to 7.
cos1-map-local-prec

cos2-map-local-prec

cos3-map-local-prec

cos4-map-local-prec

cos5-map-local-prec

cos6-map-local-prec

cos7-map-local-prec

By default, the system provides the default "COS->Local-precedence" mapping

relationship.
Table 93 The default "COS->Local-precedence" mapping relationship
COS Value
DSCP
562 qos cos-local-precedence-map
Example

Command Reference
The configuration of "COS->Local-precedence" mapping relationship is described in

the following table.
Table 94 The default "COS->Local-precedence" mapping relationship
COS Value
DSCP

[S4200G] qos cos-local-precedence-map 0 1 2 3 4 5 6 7
View
System view

Command Reference
qos dscp-cos-map 563
qos dscp-cos-map
Purpose
Use the qos dscp-cos-map command to configure the "COS->802.1p priority"

Use the undo qos dscp-cos-map command to restore the "DSCP->802.1p
priority" mapping relationship to the default value.
Syntax
qos dscp-cos-map dscp-list : cos-value

undo qos dscp-cos-map [ dscp-list ]
Parameters
Default
dscp-list
Specifies the list of DSCP values. It can include only

one DSCP value or many DSCP values. DSCP values are
separated by space. dscp-list is connected with
cos-value by the ":" after it to indicate the mapping
relationship between them. Valid values for the
dscp-list are 0 to 63.
cos-value
Specifies the 802.1p priority corresponding to the

DSCP list. Valid values for the cos-value are 0 to 7.
By default, the system provides the default "DSCP->802.1p priority" mapping

relationship.
Table 95 The default "COS->801.1p precedence" mapping relationship
DSCP
802.1p priority
0 to 7
8 to 15
16 to 23
24 to 31
32 to 39
40 to 47
48 to 55
56 to 63
564 qos dscp-cos-map
Example

Command Reference
Modify the "DSCP->802.1p priority" mapping relationship according to the following

table.
Table 96 The "DSCP->802.1p priority" mapping relationship
DSCP
802.1p priority

[S4200G] qos dscp-cos-map 0 1 2 3 4 5 6 7 : 1
View
System view

Command Reference
qos dscp-drop-precedence-map 565
qos dscp-drop-precedence-map
Purpose
Use the qos dscp-drop-precedence-map command to configure the

"DSCP->Drop-precedence" mapping relationship.
Use the undo qos dscp-drop-precedence-map command to restore the
"DSCP->Drop-precedence" mapping relationship to the default value.
Syntax
qos dscp-drop-precedence-map dscp-list : drop-precedence

undo qos dscp-drop-precedence-map [ dscp-list ]
Parameters
Default
dscp-list

cos-value by the ":" after it to indicate the mapping
drop-precedence
Specifies the drop precedence corresponding to the

DSCP list. Valid values for the drop-precedence are 0 to
1.
By default, the system provides the default "DSCP->Drop-precedence" mapping

relationship.
Table 97 The default "DSCP->Drop-precedence" mapping relationship
DSCP
Drop Precedence
0 to 7
8 to 15
16 to 23
24 to 31
32 to 39
40 to 47
48 to 55
56 to 63
566 qos dscp-drop-precedence-map
Example

Command Reference
Modify the "DSCP->Drop-precedence" mapping relationship according to the

following table.
Table 98 The "DSCP->Drop-precedence" mapping relationship
DSCP
Drop Precedence

[S4200G] qos dscp-drop-precedence-map 0 1 2 3 4 5 6 7 : 1
View
System view

Command Reference
qos dscp-dscp-map 567
qos dscp-dscp-map
Purpose
Use the qos dscp-dscp-map command to configure the "DSCP->DSCP" mapping

relationship.
Use the undo qos dscp-dscp-map command to restore the "DSCP->DSCP"
mapping relationship to the default value.
Syntax
qos dscp-dscp-map dscp-list : dscp-value

undo qos dscp-dscp-map [ dscp-list ]
Parameters
Default
dscp-list

dscp-value by the ":" after it to indicate the mapping
dscp-value
Specifies the DSCP precedence corresponding to the

DSCP list. Valid values for the dscp-value are 0 to 63.
By default, the system provides the default "DSCP->DSCP" mapping relationship.

Table 99 The "DSCP->DSCP" mapping relationship and its default value
Example
DSCP
New DSCP
61
61
62
62
63
63
Modify the "DSCP->DSCP" mapping relationship according to the following table.

Table 100 The "DSCP->DSCP" mapping relationship
DSCP
New DSCP
568 qos dscp-dscp-map

Command Reference

[S4200G] qos dscp-dscp-map 0 1 2 3 4 5 6 7 : 1
View
System view

Command Reference
qos dscp-local-precedence-map 569
qos dscp-local-precedence-map
Purpose
Use the qos dscp-local-precedence-map command to configure the

"DSCP->Local-precedence" mapping relationship.
Use the undo qos dscp-local-precedence-map command to restore the
"DSCP->Local-precedence" mapping relationship to the default value.
Syntax
qos dscp-local-precedence-map dscp-list : local-precedence

undo qos dscp-local-precedence-map [dscp-list ]
Parameters
Default
dscp-list

local-precedence by the ":" after it to indicate the
mapping relationship between them. Valid values for
the dscp-list are 0 to 63.
local-precedence
Specifies the local precedence corresponding to the

DSCP list. Valid values for the local-precedence are 0 to
7.
By default, the system provides the default "DSCP->Local-precedence" mapping

relationship.
Table 101 The default "DSCP->Local-precedence" mapping relationship
DSCP
Local Precedence
0 to 7
8 to 15
16 to 23
24 to 31
32 to 39
40 to 47
48 to 55
56 to 63
570 qos dscp-local-precedence-map
Example

Command Reference
Modify the "DSCP->Local-precedence" mapping relationship according to the

following table.
Table 102 The "DSCP->Local-precedence" mapping relationship
DSCP
Local Precedence

[S4200G] qos dscp-local-precedence-map 0 1 2 3 4 5 6 7 : 1
View
System view

Command Reference
qos-profile 571
qos-profile
Purpose
Use the qos-profile command to create a QoS profile and enter the corresponding
view.
If this profile has existed, use the qos-profile command to enter view of this
profile.
Use the undo qos-profile command to delete a specific QoS profile or all QoS
profiles.
Syntax
qos-profile profile-name
undo qos-profile { profile-name | all }
Parameters
Example
profile-name
Specifies the QoS profile name, consisting of a string

of one to 32 characters, starting with letters [a-z, A-Z]
and excluding all, interface, and user which are
reserved as keywords.
all
Deletes all the QoS profiles.
To create a profile named h3c, enter the following:

[S4200G] qos-profile h3c
[S4200G-qos-profile-h3c]
View
Description
System view
The switch does not allow your deletion of QoS profiles applied to ports.
572 qos-profile port-based

Command Reference
qos-profile port-based
Purpose
Use the qos-profile port-based command to configure the port-based

application mode of QoS profiles on ports.
Use the undo qos-profile port-based command to restore the default
application mode of QoS profiles on ports.
Syntax
undo qos-profile port-based
Parameters
None
Default
By default, the application mode of QoS profiles is user-based.
Example
If MAC-address-based authentication mode is configured in 802.1x, the

application mode of QoS profiles must be user-based.
If port-based authentication mode is configured in 802.1x, the application mode

of QoS profiles must be port-based.
To configure the port-based application mode of QoS profiles on ports, enter the
following:
[S4200G-GigabitEthernet1/0/1] qos-profile port-based
View
Description
Ethernet Port view
After the QoS profile function is configured, the switch will apply the QoS profiles
corresponding to you to your access port when you pass the authentication. The
processing procedures of the switches of different application modes are as follows
respectively:
User-based mode: If the source information (source MAC, source IP, or source
MAC + source IP) is defined in the traffic rule adopted by the QoS profile, the QoS
profile cannot be applied dynamically successfully. If the source information is not
defined, the switch will create a new traffic rule by adding the source MAC and
source IP information of the user into the former rule, and then apply all the traffic
actions in the QoS profile to the user access port.
Port-based mode: The switch will apply all the actions in the QoS profile to the
user access port directly. When the mode is used, all the users with the same
access port must use the same QoS profile.

Command Reference
queue-scheduler 573
queue-scheduler
Purpose
Use the queue-scheduler command to set the queue-scheduling algorithm and

parameters.
Use the undo queue-scheduler command to restore the default values.
Syntax
queue-scheduler wrr { group1 { queue-id queue-weight } &<1-8> |

group2 { queue-id queue-weight } &<1-8> }*
undo queue-scheduler [ queue-id ] &<1-8>
Parameters
wrr
Indicates SDWRR scheduling algorithm is adopted in

the queue.
group1
Adds the queue into WRR scheduling group1.
group2
Adds the queue into WRR scheduling group2.
queue-id
ID of the output queue on the port, in the range of 0

to 7.
queue-weight
Weight of the queue, in the range of 1 to 255.
&<1-8>
Indicates that the queue-id and queue-weight

arguments can be input up to 8 times.
Default
By default, all the output queues on the ports of the switch adopt SP
queue-scheduling algorith.
Example
To:
Set the scheduling mode of queue0 through queue5 to SDWRR scheduling
Add queue3, queue4, and queue5 into WRR scheduling group1 and their weights
are 20, 20, and 30 respectively.
Add queue0, queue1, and queue2 into WRR scheduling group2, and their weights
are 20, 20, and 40 respectively.
Queue6 and queue7 are scheduled according the default strict priority.
[S4200G] queue-scheduler wrr group1 3 20 4 20 5 30 group2 0 20 1 20 2 40
View
Description
System view
One port of the switch supports 8 output queues. Different queues can adopt
different queue-scheduling algorithms in the switch. You can respectively set the
574 queue-scheduler

Command Reference
queue-scheduling group that each queue belongs to as required: SP group, WRR

group1, and WRR group2. During the queue scheduling, the scheduling sequence is:
1. Each scheduling group is scheduled according to its strict priority, and the
scheduling group with the highest queue priority is scheduled firstly.
2. The scheduling group with the second highest priority is scheduled after the
scheduling group with the highest priority is scheduled.
Note: The 8 output queues are divided into groups in the following principle:
Related Command
The queues in each group must be consecutive. For example, queue3, queue4,
and queue5 are consecutive queues.
Each can be allocated to the same queue-scheduling group, while queue3,

queue4, and queue7 cannot be allocated to the same queue-scheduling group.

Command Reference
quit 575
quit
Purpose
Use the quit command to terminate the connection to the remote SSH server.
Syntax
quit
Parameters
None
Example
Terminate the connection to the remote SSH server.

<S4200G> quit
View
User view
576 quit

Command Reference
quit
Purpose
Use the quit command to terminate the connection to the remote SFTP server and
exit to system view.
Syntax
quit
Parameters
None
Example
Terminate the connection to the remote SFTP server.

sftp-client> quit
[S4200G]
View
Description
SFTP Client view
This command has the same function as the bye and exit commands.

Command Reference
quit 577
quit
Purpose
Use the quit command to terminate FTP control connection and FTP data connection
and quit to user view. This command has the same effect as that of the bye
command.
Syntax
quit
Parameters
None.
Example
Terminate the FTP control connection and FTP data connection and quit to user view.
[ftp] quit
<S4200G>
View
FTP Client view
578 quit

Command Reference
quit
Purpose
Use the quit command to return from current view to lower level view, or exit the
system if current view is user view.
Syntax
quit
Parameters
None.
Example
Return from system view to user view.

[S4200G] quit
<S4200G>
View
Description
Related Command
Any view
The following lists the three levels of views available (from lower level to higher level):
User view
System view
VLAN view, Ethernet port view, and so on
return and system-view

Command Reference
radius nas-ip 579
radius nas-ip
Purpose
Use the radius nas-ip command to set the source IP address used by the switch to
send RADIUS packets.
Use the undo radius nas-ip command to restore the default setting.
Syntax
radius nas-ip ip-address

undo radius nas-ip
Parameters
ip-address
Default
By default, no source IP address is specified, and the IP address of the outbound

interface is used as the source IP address of the packet.
Example
To set the source IP address used by the switch to send the RADIUS packets to
129.10.10.1, enter the following:
IP address in dotted decimal format.
[S4200G] radius nas-ip 129.10.10.1
View
Description
Related Command
System view
Note:
By specifying the source address of the RADIUS packet, you can avoid unreachable
packets as returned from the server upon interface failure. The source address is
normally recommended to be a loopback interface address.
This command specifies only one source address; therefore, the newly configured
source address may overwrite the original one.
nas-ip
580 radius-scheme

Command Reference
radius-scheme
Purpose
Use the radius-scheme command to specify the RADIUS scheme to be used by the
current ISP domain.
Syntax
radius-scheme radius-scheme-name
Parameters
radius-scheme-name
Example
To specify the scheme 3Com as the RADIUS scheme to be used by current ISP domain
3Com163.net, enter the following.
Specifies a RADIUS scheme, consisting of a character

string up to 32 characters in length.
[S4200G-isp-3Com163.net] radius-scheme 3Com
View
Description
Related Commands
ISP Domain view
The RADIUS scheme specified in the radius-scheme command must exist. This
command is equivalent to the scheme radius-scheme command.
display radius
radius scheme
scheme

Command Reference
radius scheme 581
radius scheme
Purpose
Use the radius scheme command to create a RADIUS scheme and enter its view.
Use the undo radius scheme command to delete the specified RADIUS scheme.
Syntax
radius scheme radius-scheme-name

undo radius scheme radius-scheme-name
Parameters
radius-scheme-name
Default
By default, a RADIUS scheme named system exists in the system.
Example
To create a RADIUS scheme named radius1 and enter its view, enter the following:
Specifies the Radius scheme name with a character

string up to 32 characters in length.
New Radius scheme
[S4200G-radius-radius1]
View
Description
System view
Note:
A default RADIUS scheme named system has been created in the system. The
attributes of system are all default values.
RADIUS protocol configuration is performed on a per-RADIUS-scheme basis. Every

RADIUS scheme shall at least have the specified IP address and UDP port number
of the RADIUS authentication/authorization/accounting server and some necessary
parameters exchanged with the RADIUS client end (Switch). It is necessary to
create the RADIUS scheme and enter its view before performing other RADIUS
protocol configurations.
A RADIUS scheme can be used by multiple ISP domains simultaneously. You can
configure up to 16 RADIUS schemes, including the default RADIUS scheme named
as System.
Although undo radius scheme can remove a specified RADIUS scheme, the
default one cannot be removed. Note that a scheme currently in use by the online
user cannot be removed.
582 radius scheme
Related Commands

Command Reference
key
retry realtime-accounting
radius-scheme
timer realtime-accounting
server-type
state
user-name-format
retry
display radius
display radius statistics.

Command Reference
radius trap 583
radius trap
Purpose
Use the radius trap command to enable the switch to send trap messages when
its RADIUS authentication or accounting server turns down.
Use the undo radius trap command to disable the switch from sending trap
messages when its RADIUS authentication or accounting server turns down.
Syntax
radius trap { authentication-server-down | accounting-server-down }

undo radius trap { authentication-server-down |
accounting-server-down }
Parameters
authentication-server-downSends trap message when the RADIUS authentication
server turns down.

accounting-server-down
Sends trap message when the RADIUS accounting

server turns down.
Default
Example
To enable the switch to send trap messages when its RADIUS authentication server
turns down, enter the following:
[S4200G]radius trap authentication-server-down
View
Description
System view
This configuration effects all RADIUS schemes.

A device considers its RADIUS server as being down if it has tried the configured
maximum times to send packets to the RADIUS server but does not receive any
response.
584 reboot

Command Reference
reboot
Purpose
Use the reboot command to restart an Ethernet switch.
Syntax
reboot [ unit unit-id ]
Parameters
unit-id
Example
Directly restart the switch without saving the current configuration.
<S4200G> reboot
This will reboot device. Continue? [Y/N] y
Start to check configuration with next startup configuration file,
please wait......
This command will reboot the device. Current configuration may be lost
in next
startup if you continue.
Continue? [Y/N] y
<S4200G>
%Apr 2 00:06:01:148 2000 S4200G DEV/5/DEV_LOG:- 1 Switch is rebooted.
Starting......
Description
The system will check whether there is any configuration change before it restarts,
and will ask whether you want to proceed or not if there is any change, to prevent
you from losing your original configuration due to forgetting after the restart.
View
User view

Command Reference
reboot member 585
reboot member
Purpose
Use the reboot member command to reboot a specified member device on the
management device.
Syntax
reboot member { member-number | mac-address H-H-H } [ eraseflash ]
Parameters
member-number

0 to 255.
mac-address H-H-H
MAC address of the member device to be rebooted.
eraseflash
Deletes the configuration file when the member device

reboots.
Example
Reboot the member device numbered 2.

[aaa_0.S4200G-cluster] reboot member 2
View
Description
Cluster view
Communication between the management and member devices may be interrupted

due to some configuration errors. Through the remote control function of member
devices, you can control them remotely on the management device. For example, you
can reboot a member device that operates improperly and specify to delete the
booting configuration file when the member device reboots, and thus restore normal
communication between the management and member devices.
The eraseflash keyword specifies to delete the booting configuration file when the
member device reboots.
586 region-name

Command Reference
region-name
Purpose
Use the region-name command to set an MST region name to a switch.

Use the undo region-name command to restore the default MST region name.
Syntax
region-name name
undo region-name
Parameters
name
Default
The default MST region name of a switch is its MAC address.
Example
To set the MST region name of the switch to hello, enter the following:
Specifies the MST region name for a switch with a

string that is 1 to 32 characters in length.
[S4200G-mst-region] region-name hello
View
Description
Related Commands
MST Region view
The MST region name, along with MST region VLAN mapping table and MSTP
revision level, determines the MST region to which a switch belongs.
instance
revision-level
vlan-mapping modulo

Command Reference
remote-probe vlan 587
remote-probe vlan
Purpose
Use the remote-probe vlan enable command to enable the remote-probe port
mirror port feature on the VLAN of the switch.
Use the undo remote-probe vlan enable command to disable the
remote-probe port mirror port feature on the VLAN of the switch.
Syntax
remote-probe vlan enable

undo remote-probe vlan enable
Parameters
None
Example
Configure VLAN 5 to be remote-probe VLAN.

[S4200G] vlan 5
[S4200G-vlan5] remote-probe vlan enable
View
Description
VLAN view
After setting a VLAN as remote-probe VLAN, you cannot add any more access port to
the VLAN.
588 remotehelp

Command Reference
remotehelp
Purpose
Use the remotehelp command to display help information about the FTP protocol
command.
Syntax
remotehelp [ protocol-command ]
Parameters
protocol-command
Example
Show the syntax of the protocol command user.
FTP protocol command.
<SW4200G>ftp 1.1.1.1
Trying ...
Connected.
220 FTP service ready.
User(none):hello
331 Password required for hello.
Password:
230 User logged in
[ftp]remotehelp user
214 Syntax: USER <sp> <username>
[ftp]
Description
This command works only when the FTP server provides the help information about
FTP protocol commands.
CAUTION:
View
This command is always valid when a S4200G series switch operates as the FTP
server.
Common FTP software does not support this command.
FTP Client view

Command Reference
remove 589
remove
Purpose
Use the remove command to delete the specified file from the server.
Syntax
remove remote-file
Parameters
remote-file
Example
Delete file temp.c from the server.
Name of a file on the server.
sftp-client> remove temp.c
View
Description
SFTP Client view
This command has the same function as the delete command.
590 rename

Command Reference
rename
Purpose
Use the rename command to change the name of the specified file on the SFTP
server.
Syntax
rename old name new name
Parameters
old name
Original file name.
new name
New file name.
Example
Change the name of file temp1 on the SFTP server to temp2.

sftp-client> rename temp1 temp2
View
SFTP Client view

Command Reference
rename 591
rename
Purpose
Use the rename command to rename a file or a directory. If the target file name or
directory name is the same with any existing file name or directory name, you will fail
to rename a file.
Syntax
rename fileurl-source fileurl-dest
Parameters
fileurl-source
Path name or file name of a file in the Flash, comprised

of a string from 1 to 142 characters long.
fileurl-dest
Path name or a file name, comprised of a string from 1

Example
Rename the file named sample.txt as sample.bak.

<S4200G> rename sample.txt sample.bak
Rename flash:/sample.txt to flash:/sample.bak ?[Y/N]:y
View
User view
592 rename

Command Reference
rename
Purpose
Use the rename command to rename a file on a remote host.
Syntax
rename remote-source remote-dest
Parameters
remote-source
Name of a file on a remote host.
remote-dest
Destination file name.
Example
Rename the file named temp.c as forever.c.

<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:*****
[ftp]
[ftp] rename temp.c forever.c
350 Enter the name to rename it to...
250 File renamed successfully
View
Description
FTP Client view
If when renaming a file the destination file name conflicts with the name of an
existing file or directory, you will fail to rename the file.

Command Reference
reset arp 593
reset arp
Purpose
Use the reset arp command to remove information that is no longer required from
the ARP mapping table.
Syntax
reset arp [ dynamic | static | interface interface_name interface_type

interface_num ]
Parameters
dynamic
Clears the dynamic ARP mapping entries.
static
Clears the static ARP mapping entries. Note that static

ARP entries are deleted permanently.
interface_name
Specifies the interface name.
interface_type
interface_num
Example
To clear static ARP entries, enter the following:

<S4200G> reset arp static
View
Related Command
User view
arp static
display arp
594 reset counters interface

Command Reference
reset counters interface

Purpose
Use the reset counters interface command to clear the statistics of the port,
preparing for a new statistics collection.
Syntax
reset counters interface [ interface-type | interface-type

interface-number ]
Parameters
interface-type
interface-number
Example
Clear the statistics of the GigabitEthernet1/0/1 port.

<4200G>reset counters interface GigabitEthernet1/0/1
View
Description
User view
If you specify neither port type nor port number, the command clears statistics of
all ports.
If specify only port type, the command clears statistics of all ports of this type.
If specify both port type and port number, the command clears statistics of the
specified port

Command Reference
reset dot1x statistics 595

Purpose
Use the reset dot1x statistics command to clear the statistics of 802.1x.
Syntax
reset dot1x statistics [ interface interface-list ]
Parameters
interface-list

interface-num }

Example

Clear the 802.1x statistics on Ethernet 1/0/2.

<SW4200G>reset dot1x statistics interface ethernet 1/0/2
View
User view
Description
Execution of the reset dot1x statistics command clears statistics globally and on all
ports if the interface-list argument is not provided, otherwise only resets statistics on
ports specified by the interface-list argument.
Related Command
display dot1x
596 reset garp statistics

Command Reference
reset garp statistics

Purpose
Use the reset garp statistics command to clear the GARP statistics (such as
the information about the packets received/sent/discarded by GVRP/GMRP) on
specified (or all) ports.
Use the reset garp statistics command without parameters to clear the
GARP statistics on specified (or all) ports.
Syntax
reset garp statistics [ interface interface-list ]
Parameters
interface-list
Example
Clear GARP statistics about all ports.

parameters), and &<1-10> means you can specify
<S4200G> reset garp statistics
View
Related Command
User view

Command Reference
reset igmp-snooping statistics 597
reset igmp-snooping statistics

Purpose
Use the reset igmp-snooping statistics command to clear the IGMP

Snooping statistics.
Syntax
Parameters
None
Example
Clear the IGMP Snooping statistics.

<S4200G> reset igmp-snooping statistics
View
Related Command
User view
igmp-snooping
598 reset ip statistics

Command Reference
reset ip statistics
Purpose
Use the reset ip statistics command to clear the IP statistics information.
Syntax
reset ip statistics
Parameters
None
Example
To clear the IP statistics information, enter the following:

<S4200G>reset ip statistics
View
Related Commands
User view

Command Reference
reset logbuffer 599
reset logbuffer
Purpose
Use the reset logbuffer command to clear information in the log buffer.
Syntax
reset logbuffer [ unit unit-id ]
Parameters
unit-id
Example
Clear information in log buffer.
Unit ID
<S4200G>reset logbuffer
View
User view
600 reset ndp statistics

Command Reference
reset ndp statistics

Purpose
Use the reset ndp statistics command to reset the NDP counters to clear the
NDP statistics.
Syntax
reset ndp statistics [ interface port-list ]
Parameters
interface port-list
Example
Clear NDP statistics.
Specifies a list of ports connected with the specified

port. A list may contain consecutive or separated ports,
or the combination of consecutive and separated
ports. The argument is expressed as
{interface-type interface-number |
interface-name } [ to { interface-type
interface-number | interface-name } ] }
&<1-10>, where interface-type specifies the
port type, and interface-number specifies the
port number, expressed as slot number/port number.
<S4200G> reset ndp statistics
View
User view

Command Reference
reset radius statistics 601
reset radius statistics

Purpose
Use the reset radius statistics command to clear the statistics information
about the RADIUS protocol.
Syntax
Parameters
None
Example
To clear the RADIUS protocol statistics, enter the following:

<S4200G> reset radius statistics
View
Related Command
User view
display radius
602 reset recycle-bin

Command Reference
reset recycle-bin
Purpose
Use the reset recycle-bin command to completely delete file(s) in the recycle
bin in the Flash.
Syntax
reset recycle-bin [ file-url ] [ /force ]
Parameters
file-url
Path name or file name of a file in the Flash, a string

comprising 1 to 142 characters. This argument
supports the wildcard "*".
/force
Gives no prompt for the delete operation.
Example
Clear the recycle bin.

<S4200G> reset recycle-bin
Clear flash:/sunday.diag ?[Y/N]:
Before pressing ENTER you must choose 'YES' or 'NO'[Y/N]:y
Clearing files from flash may take a long time. Please wait...
...
%Cleared file unit1>flash:/~/sunday.diag.
View
Description
User view
The files that are deleted using the delete command are still stored in the recycle
bin. To delete them completely, use the reset recycle-bin command.

Command Reference
reset saved-configuration 603
Purpose
Use the reset saved-configuration command to delete the configuration file

that is of the specified attribute from the Flash, including the main and backup
configuration files to be used when the switch starts the next startup.
Syntax
reset saved-configuration [ backup | main ]
Parameters
main
Main backup configuration file.
backup
Backup configuration file.
Example
Delete the main configuration file to be used for next startup.

<S4200G>reset saved-configuration main
The saved configuration will be erased.
Are you sure?[Y/N]y
Configuration in flash is being cleared.
Please wait ...
...
Configuration in flash is cleared.
View
Description
User view
Executing the reset saved-configuration command with neither backup

nor main keyword deletes the main configuration file in the Flash.
Generally, the reset saved-configuration command is used in the following
cases:
The configuration files in the Flash are not compatible with the system software.
(This may occur after you upgrade the software of the switch.)
The network where the switch operates changes. In this case, the existing
configuration files may conflict with the new network. You need to delete the
existing configuration files and configure the switch again.
CAUTION:
Related Command
Use the reset saved-configuration command with caution. You are

recommended to use this command under the guidance of technical support
personnel.
Upon powered on, a switch initiates using the default parameters if the Flash
contains no configuration file.
save
604 reset saved-configuration

Command Reference

Command Reference
reset stop-accounting-buffer 605
Purpose
Use the reset stop-accounting-buffer command to delete the buffered

no-response stop-accounting request packets.
Syntax
reset stop-accounting-buffer { radius-scheme radius-scheme-name |

session-id session-id | time-range start-time stop-time |
user-name user-name }
Parameters
radius-scheme
radius-scheme-name
session-id session-id
time-range start-time
stop-time
Specifies the buffered stop-accounting requests to

delete based on the specified RADIUS scheme.
radius-scheme-name is the name of a RADIUS
scheme. This name is a character string up to 32
delete based on the specified session ID. session-id
is a character string up to 50 characters in length.
delete based on the time of the stop-accounting
request. Where, start-time is the start time of the
request period, the stop-time is the end time of the
request period, and both are in the format
hh:mm:ss-mm/dd/yyyy or hh:mm:ss-yyyy/mm/dd.
user-name user-name
user-name user-name
Specifies the buffered stop-accounting request packets

to delete based on the specified user name.
user-name is a character string up to 80 characters
in length. The string cannot include the following
characters:
<
>

606 reset stop-accounting-buffer
Example

Command Reference
To delete the stop-accounting request packets buffered in the system for the user
user0001@aabbcc.net, enter the following:
<S4200G> reset stop-accounting-buffer user-name user0001@aabbcc.net
Delete the stop-accounting request packets buffered from 0:0:0 08/31/2002 to

23:59:59 08/31/2002 in the system.
<S4200G> reset stop-accounting-buffer time-range 0:0:0-08/31/2002
23:59:59-08/31/2002
View
Example
User view
By default, after transmitting the stopping accounting requests, if there is no response

from the RADIUS server, the Switch will save the packet in the buffer and retransmit it
several times, which is set through the retry realtime-accounting command.
You can select to delete the packets transmitted to a specified RADIUS server, or
according to the session-id or username, or delete the packets transmitted during the
specified time-range.
Related Commands

Command Reference
reset stp 607
reset stp
Purpose
Use the reset stp command to clear the STP statistics of specified Ethernet ports.
Syntax
reset stp [ interface interface-list ]
Parameters
interface-list

interface-num }

Example

To clear the spanning tree-related statistics on ports GigabitEthernet1/0/1 through

GigabitEthernet1/0/3, enter the following:
<S4200G> reset stp interface GigabitEthernet 1/0/1 to GigabitEthernet
1/0/3
View
Description
User view
The spanning tree statistics include the numbers of the TCN BPDUs, configuration
BPDUs, RST BPDUs, and MST BPDUs sent/received through one or more specified
ports or all ports (note that STP BPDUs and TCN BPDUs are counted only for CISTs.)
This command clears the spanning tree-related statistics on specified ports if you
specify the interface-list argument. If you do not specify the interface-list argument,
this command clears the spanning tree-related statistics on all ports.
Related Command
display stp
608 reset tcp statistics

Command Reference

Purpose
Use the reset tcp statistics command to clear the TCP statistics information.
Syntax
Parameters
None
Example
To clear the TCP statistics information, enter the following:

<S4200G>reset tcp statistics
View
Related Command
User view

Command Reference
reset traffic-limit 609
reset traffic-limit
Purpose
Use the reset traffic-limit command to clear the statistics of the traffic
policing matching with the specified ACL rules.
Syntax
reset traffic-limit inbound acl-rule
Parameters
inbound
Indicates that statistics of the packets received on the

port is cleared.
acl-rule
Specifies the ACL rules which can be the combination

of various ACL rules. The way of combination is
described in the following table:
Example
ip-group acl-number
Issue a rule in an IP ACL and a rule in a Link ACL at the

same time

To clear the statistics of the traffic policing matching with ACL 2000, enter the
following:
[S4200G-GigabitEthernet1/0/1] reset traffic-limit inbound ip-group 2000
View
Ethernet Port view
610 reset traffic-statistic

Command Reference
reset traffic-statistic
Purpose
Use the reset traffic-statistic command to clear the traffic statistics of the
packets matching with the specified ACL rules.
Syntax
reset traffic-statistic inbound acl-rule
Parameters
inbound
Indicates that statistics of the packets received on the

port is cleared.
acl-rule


ip-group acl-number
Issue a rule in an IP ACL and a rule in a Link ACL at the ip-group acl-number rule rule
same time
Example
To clear the traffic statistics of the packets matching with ACL 2000 rules, enter the
following:
[S4200G-GigabitEthernet1/0/1] reset traffic-statistic inbound ip-group
2000
View
Ethernet Port view

Command Reference
reset trapbuffer 611
reset trapbuffer
Purpose
Use the reset trapbuffer command to clear information in the trap buffer.
Syntax
reset trapbuffer [ unit unit-id ]
Parameters
unit-id
Example
Clear information in the trap buffer.
Unit ID
<S4200G>reset trapbuffer
View
User view
612 retry

Command Reference
retry
Purpose
Use the retry command to set the maximum number of transmission attempts of
RADIUS requests.
Use the undo retry command to restore the default maximum number of
transmission attempts.
Syntax
retry retry-times
Parameters
retry-times
Example
To set the maximum transmission times of RADIUS requests in the RADIUS scheme
radius1 to five, enter the following:
Retry times during a detect operation. Valid values are

1 to 20.
If not specified, the default number of retries is 3.
New Radius scheme
[S4200G-radius-radius1] retry 5
View
Description
Related Command
Detecting Group view
Note:
The communication in RADIUS is unreliable because this protocol adopts UDP

packets to carry data. Therefore, it is necessary for the switch to retransmit a
RADIUS request if it gets no response from the RADIUS server after the response
timeout timer expires. If the maximum number of transmission attempts is reached
but the switch still receives no response, the switch considers that the request fails.
Appropriately set this maximum number of transmission attempts according to the

network situation can improve the reacting speed of the system.
radius scheme

Command Reference
retry realtime-accounting 613
Purpose
Use the retry realtime-accounting command to set the maximum allowed

number of continuous no-response real-time accounting requests.
Use the undo retry realtime-accounting command to restore the default
maximum allowed number of continuous no-response real-time accounting requests.
Syntax
retry realtime-accounting retry-times

undo retry realtime-accounting
Parameters
retry-times
Default
This function defaults 5.
Example
To allow the switch to continuously send at most 10 real-time accounting requests if it

gets no response for the RADIUS scheme radius1, enter the following:
Specifies the maximum number of continuous

no-response real-time accounting requests. Valid
New Radius scheme
[S4200G-radius-radius1] retry realtime-accounting 10
View
Description
RADIUS Scheme view
Note:
Generally, the RADIUS server uses the connection timeout timer to determine
whether a user is online or not. If the RADIUS server receives no real-time
accounting packet for a specified period of time, it will consider that the line or the
switch is in trouble and stop the accounting of the user. To make the switch
cooperate with this feature on the RADIUS server, it is necessary to cut down the
user connection on the switch as soon as possible after the RADIUS server
terminates the charging and connection of the user in the case of unforeseen
trouble. For this purpose, you can limit the number of continuous real-time
no-response accounting requests, and the switch will cut down the user
connection if it sends out the maximum number of real-time accounting requests
but does not receive any response.
Suppose that the response timeout time of the RADIUS server is T (three seconds
for example), the real-time accounting interval is t (12 minutes for example), and
the maximum number of continuous no-response real-time accounting requests is
retry-times (five for example). In this case, the switch sends an accounting request
614 retry realtime-accounting

Command Reference
every 12 minutes; if the switch does not receive a response within 3 seconds after
it sends out an accounting request, it re-sends the request; If the switch
continuously sends five accounting requests but does not receive any response, it
considers this real-time accounting a failure. Generally, T x retry-times should be
less than t.
Related Command
radius-scheme

Command Reference
retry stop-accounting 615
Purpose
Use the retry stop-accounting command to set the maximum number of

transmission attempts of the stop-accounting requests buffered due to no response.
Use the undo retry stop-accounting command to restore the default maximum
number of transmission attempts of the buffered stop-accounting requests.
Syntax
retry stop-accounting retry-times

undo retry stop-accounting
Parameters
retry-times
Default
The default is 500.
Example
To indicate that, when stopping accounting request for the server 3Com in the
RADIUS server group, the Switch will retransmit the packets for up to 1000 times,
Specifies the number of transmission attempts of the

buffered stop-accounting requests. Valid values are 10
to 65535.
To specify that the switch can transmit a buffered stop-accounting request at most
1000 times in RADIUS scheme radius1, enter the following:
New Radius scheme
[S4200G-radius-radius1] retry stop-accounting 1000
View
Description
Related Commands
RADIUS Scheme view
Stop-accounting requests are critical to billing and will eventually affect the charges of
the users; they are important for both the users and the ISP. Therefore, the switch
should do its best to transmit them to the RADIUS accounting server. If the RADIUS
server does not respond to such a request, the switch should first buffer the request
on itself, and then retransmit the request to the RADIUS accounting server until it gets
a response, or the maximum number of transmission attempts is reached (in this case,
it discards the request).
radius-scheme
616 return

Command Reference
return
Purpose
Use the return command to return to user view from any other view.
Syntax
return
Parameters
None
Example
To return to user view from any other view (the example below shows the command
entered from the system view), enter the following.
[S4200G] return
<S4200G>
Description
Performs the same function as Ctrl+Z.

To return to the next highest level of view, use quit.
View
System view or higher level views

Command Reference
revision-level 617
revision-level
Purpose
Use the revision-level command to set the MSTP revision level for a switch.
Use the undo revision-level command to restore the default revision level.
Syntax
revision-level level
undo revision-level
Parameters
level
Default
By default, the MSTP revision level of a switch is 0.
Example
To set the MSTP revision level of the MST region to 5, enter the following:
MSTP revision level for the switch. Valid values are 0 to

65535.
[S4200G-mst-region] revision-level 5
View
Description
Related Commands
MST Region view
MSTP revision level, along with MST region name and VLAN mapping table,
determines the MST region to which a switch belongs.
instance
region-name
vlan-mapping modulo
618 rmdir

Command Reference
rmdir
Purpose
Use the rmdir command to delete the specified directory from the remote SFTP
server.
Syntax
rmdir remote-path
Parameters
remote-path
Example
Delete directory D:/temp1 from the remote SFTP server.
Name of a directory on the remote SFTP server.
sftp-client> rmdir D:/temp1
View
SFTP Client view

Command Reference
rmdir 619
rmdir
Purpose
Use the rmdir command to delete a directory.
Syntax
rmdir directory
Parameters
directory
Example
Delete the directory named MyDoc.
Name of a directory, a string comprising 1 to 142

characters.
<S4200G> rmdir MyDoc

Rmdir MyDoc?[Y/N]:y
% Removed directory MyDoc
View
Description
User view
Because only empty directories can be deleted, you need to delete the files in a
directory before deleting it.
620 rmdir

Command Reference
rmdir
Purpose
Use the rmdir command to delete the specified directory from the remote FTP
server.
Syntax
rmdir pathname
Parameters
pathname
Example
Remove the directory flash:/temp1 on the FTP server. (Assume that the
directory is empty.)
Name of a directory on an FTP server.
<S4200G> ftp 2.2.2.2

Trying ...
Connected.
User(none):switch
Password:*****
[ftp] rmdir flash:/temp1
200 RMD command successful.
View
Description
FTP Client view
You can only use this command to remove directories that are empty.

Command Reference
rmon alarm 621
rmon alarm
Purpose
Use the rmon alarm command to add an entry to the alarm table.
Use the undo rmon alarm command to delete an entry from this table.
Syntax
rmon alarm entry-number alarm-variable sampling-time { delta | absolute

} rising-threshold threshold-value1 event-entry1 falling-threshold
threshold-value2 event-entry2 [ owner text ]
undo rmon alarm entry-number
Parameters
entry-number
Number of the entry to be added/deleted. Valid values

are 1 to 65535.
alarm-variable
Alarm variable, a string comprising 1 to 256 characters

in dotted node OID format (such as
1.3.6.1.2.1.2.1.10.1). Only the variables that can be
resolved to ASN.1 INTEGER data type (that is, INTEGER,
Counter, Gauge, or TimeTicks) can be used as alarm
variables.
sampling-time
Specifies the sampling interval. Valid values are 5 to

65535 (measured in seconds).
delta
Specifies to sample increments (that is, the current

increment with regard to the latest sample)
absolute
Specifies to sample absolute values.
rising-threshold
threshold-value1
Specifies the upper threshold. The threshold-value1

argument ranges from 0 to 2,147,483,647.
event-entry1
Index of the event entry corresponding to the upper

threshold, in the range of 0 to 65535.
falling-threshold
threshold-value2
Example
Specifies the lower threshold. The threshold-value2

argument ranges from 0 to 2,147,483,647.
event-entry2
Index of the event entry corresponding to the lower

threshold, in the range of 0 to 65535.
owner text
Specifies the owner of the entry. The text argument is

a string comprising 1 to 127 characters.
Add the alarm entry numbered 1 as follows:
The node to be monitored: 1.3.6.1.2.1.16.1.1.1.4.1
Sampling interval: 10 seconds
Upper threshold: 50
The event-entry1 argument identifies event 1.
Lower threshold: 5
622 rmon alarm

Command Reference
The event-entry2 argument identifies event 2
Owner: user1.
[S4200G] rmon event 1 log
[S4200G] rmon event 2 none
[S4200G]rmon alarm 1 1.3.6.1.2.1.16.1.1.1.4.1 10 absolute
rising_threshold 50 1 falling_threshold 5 2 owner user1
Delete the alarm entry numbered 15 from the alarm table.

[S4200G] undo rmon alarm 15
View
Description
System view
You can use the rmon alarm command to define an alarm entry so that a specific
alarm event can be triggered under specific circumstances. The act (such as logging
and sending trap messages to NMS) taken after an alarm event occurs is determined
by the corresponding alarm entry.
With an alarm entry is defined in an alarm group, a network device performs the
following operations accordingly:
Sample the defined alarm variables (alarm-variable) once in each specified period,
which is specified by the sampling-time argument.
Comparing the sampled value with the set threshold and performing the
corresponding operations, as described in Error! Reference source not found.
Table 105 Sample value and the corresponding operation

Comparison
Operation
The sample value is larger than or equal to the set

upper threshold (threshold-value1)
Triggering the event identified by the

event-entry1 argument
The sample value is smaller than the set lower threshold Triggering the event identified by the
(threshold-value2)
Note:
Before adding an alarm entry, you need to use the rmon event command to define
the events to be referenced by the alarm entry.
Make sure the node to be monitored exists before executing the rmon alarm
command.

Command Reference
rmon event 623
rmon event
Purpose
Use the rmon event command to add an entry to the event table.
Use the undo rmon event command to delete an entry from this table.
Syntax
rmon event event-entry [ description string ] { log | trap

trap-community | log-trap log-trapcommunity | none } [ owner text ]
undo rmon event event-entry
Parameters
Example
event-entry

are 1 to 65535.
description string
Specifies the event description, consisting of a string

from1 to 127 characters long.
log
Logs events.
trap
Sends trap message to the NMS.
trap-community
Community name of the NMS that receives the trap

messages, comprised of a string from 1 to 127
characters long.
log-trap
Logs the event and sends trap messages to NMS.
log-trapcommunity
Community name of the NMS that receives the log

messages, comprised of a character string from 1 to
127 characters long.
none
Specifies that the event triggers no action.
owner rmon-station
Specifies the owner of the event entry. The argument

may be any text string from 1 to 127 characters long.
Add the event entry numbered 10 to the event table and configure it to be a log
event.
[S4200G] rmon event 10 log
View
Description
System view
When adding an event entry to an event table, you need to specify the event index.
You need also to specify the corresponding actions, including logging the event,
sending trap messages to the NMS, or both, for the network device to perform
corresponding operation when an alarm referencing the event is triggered.
624 rmon history

Command Reference
rmon history
Purpose
Use the rmon history command to add an entry to the history control table.
Use the undo rmon history command to delete an entry from history control table.
Syntax
rmon history entry-number buckets number interval sampling-interval

[owner text ]
undo rmon history entry-number
Parameters
entry-number

are from 1 to 65535.
buckets number
Capacity of the history table corresponding to the

control line.
interval sampling-intervalSampling interval. Valid values are from 5 to 3600
(measured in seconds).
owner text
Example
Specifies the owner of the entry, a string comprising 1

to 127 characters in length.
Create the history entry numbered 1 for Ethernet1/0/1 port, with the table size being
10, the sampling interval being 5 seconds, and the owner being user1.
[S4200G-GigabitEthernet1/0/1]rmon history 1 buckets 10 interval 5 owner
user1
Remove the history entry numbered 15.

[S4200G-GigabitEthernet1/0/1] undo rmon history 15
View
Description
Ethernet Port view
You can use the rmon history command to sample a specific port. You can also
set the sampling interval and the number of the samples that can be saved. After you
execute this command, the RMON system samples the port periodically and stores the
samples for later retrieval. The sampled information includes utilization, the number
of errors, and total number of packets.
You can use the display rmon history command to display the statistics of the
history control table.

Command Reference
rmon prialarm 625
rmon prialarm
Purpose
Use the rmon prialarm command to add an entry to the extended RMON alarm
table.
Use the undo rmon prialarm command to delete an entry from the extended RMON
alarm table.
Syntax
rmon prialarm entry-number prialarm-formula prialarm-des sampling-timer

{ delta | absolute | changeratio } rising_threshold threshold-value1
event-entry1 falling_threshold threshold-value2 event-entry2 entrytype
{ forever | cycle cycle-period } [ owner text ]
undo rmon prialarm entry-number
Parameters
entry-number
Extended alarm entry index. Valid values are 1 to

65535.
prialarm-formula
Expression used to perform operations on the alarm

variables, a string comprising 1 to 256 characters. The
alarm variables in the expression must be represented
by OIDs, for example, (.1.3.6.1.2.1.2.1.10.1)*8. The
operations available are addition, subtraction,
multiplication and division operations. The operation
results are rounded to values that are of long integer
type. To prevent invalid operation results, make sure
the operation results of each step are valid long
integers.
prialarm-des
Alarm description, comprised of a string from 1 to 256

characters long.
sampling-timer
Sets the sampling interval (in seconds). Valid values are

10 to 65535 seconds.
delta | absolute |
changeratio
Specifies sample type, which can be deltas, absolute

values, or change ratios.
threshold-value1
Upper threshold. Valid values are 0 to 4,294,967,295.
event-entry1
Index of the event entry that corresponds to the upper

threshold. Valid values are 0 to 65535.
threshold-value2
Lower threshold. Valid values are 0 to 4,294,967,295.
event-entry2
Index of the event entry that corresponds to the lower

threshold. Valid values are 0 to 65535.
forever
Specifies the alarm entry is valid indefinitely.

| cycle cycle-period
Specifies the type of the alarm instance line.
cycle-period specifies the functional cycle of the
instance.
626 rmon prialarm
Example

Command Reference
cycle
Specifies the alarm entry is valid periodically.
cycle-period
Cycle period (in seconds). Valid values are 0 to

2,147,483,647.
owner text
Specifies the owner of the alarm entry, consisting of a

Add the extended alarm entry numbered 2 as follows:
Perform operations on the corresponding alarm variables using the expression

((1.3.6.1.2.1.16.1.1.1.4.1)*100).
Sampling interval: 10 seconds
Upper threshold: 50
Lower threshold: 5
Event 1 is triggered when the change ratio is larger than the upper threshold.
Event 2 is triggered when the change ratio is less than the lower threshold.
The alarm entry is valid forever.
Entry owner: user1
[S4200G-GigabitEthernet1/0/1] rmon statistics 1
[S4200G-GigabitEthernet1/0/1] quit
[S4200G] rmon prialarm 2 ((.1.3.6.1.2.1.16.1.1.1.4.1)*100) test 10
changeratio rising_threshold 50 1 falling_threshold 5 2 entrytype
forever owner user1
Remove the extended alarm entry numbered 2 from the extended alarm table.
[S4200G] undo rmon prialarm 2
View
Description
System view
With an extended alarm entry defined in an extended alarm group, the network
devices perform the following operations accordingly:
Sampling the alarm variables referenced in the defined extended alarm expressions
(prialarm-formula) once in each period specified by the sampling-timer argument.
Performing operations on sampled values according to the defined extended

alarm expressions (prialarm-formula)
Comparing the operation result with the set thresholds and perform
corresponding operations, as described in the following Table.
Table 106 Operation result and corresponding operation

Comparison
Operation
The operation result is larger than or equal to the set

upper threshold (threshold-value1)

The operation result is smaller than or equal to the set

lower threshold (threshold-value2)


Command Reference
rmon prialarm 627
Note:
Before adding an extended alarm entry, you need to use the rmon event
command to define the events to be referenced by the entry.
Make sure the node to be monitored exists before executing the rmon event
command.
You can define up to 50 extended alarm entries.
628 rmon statistics

Command Reference
rmon statistics
Purpose
Use the rmon statistics command to add an entry to the statistic table.
Use the undo rmon statistics command to delete an entry from statistic table.
Syntax
rmon statistics entry-number [ owner text ]

undo rmon statistics entry-number
Parameters
Example
entry-number

are 1 to 65535.
owner text
Creator of the entry. The length of the character string

can be from 1 to127 characters.
Add the statistics entry numbered 20 to take statistics of GigabitEthernet1/0/1 port.

[S4200G-GigabitEthernet1/0/1] rmon statistics 20
View
Description
Ethernet Port view
The RMON statistics management function is used to take statistics of the usage of
the monitored ports and errors occurred to them. The statistics include the number of
the following items: collisions, packet with CRC errors, undersize (or oversize)
packets, broadcast and multicast packets, received packets and bytes.
You can use the display rmon statistics command to display the statistics entries.
Note:
For each port, only one rmon alarm table entry can be created, that is to say, if one
RMON alarm table entry was already created for a given port, creation of another
entry with a different index number for the same port will not succeed.

Command Reference
rsa local-key-pair create 629

Purpose
Use the rsa local-key-pair create command to generate RSA key pairs,
whose names are in the format of switch name plus _host, for example,
S4200G_host.
Syntax
Parameters
None
Example
Generate a local RSA key pair.

[S4200G] rsa local-key-pair create
The key name will be: S4200G_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
...............++++++++++++
...............++++++++++++
.................................++++++++
.......................++++++++
....
View
Description
System view
After you use the command, the system prompts you to define the key length.
In SSH1.x, the key length is in the range of 512 to 2,048 (bits).
In SSH 2.0, the key length is in the range of 1024 to 2048 (bits). To make SSH 1.x
compatible, 512- to 2,048-bit keys are allowed on clients, but the length of server
keys must be more than 1,024 bits. Otherwise, clients cannot be authenticated.
CAUTION:
If you use this command to generate an RSA key provided an old one exits, the
system will prompt you to replace the previous one or not.
For a successful SSH login, you must generate the local RSA key pairs first. You just
need to execute the command once, with no further action required even after the
system is rebooted.
Related Commands
630 rsa local-key-pair create

Command Reference
rsa local-key-pair destroy

Command Reference
rsa local-key-pair destroy 631

Purpose
Use the rsa local-key-pair destroy command to destroy all existing RSA key
pairs at the server end.
Syntax
Parameters
None
Example
Destroy all existing RSA key pairs at the server end.

[S4200G] rsa local-key-pair destroy
% The name for the keys which will be destroyed is S4200G_Host .
% Confirm to destroy these keys? [Y/N]:y
............
View
Related Command
System view
632 rsa peer-public-key

Command Reference
rsa peer-public-key
Purpose
Use the rsa peer-public-key command to enter public key view.
Syntax
rsa peer-public-key key-name
Parameters
key-name
Examples
Enter S4200G002 public key view.
Client public key name, consisting of a string from 1 to

64 characters long.
View
Description
Related Commands
System view
You can use this command along with the public-key-code begin command
to configure on the server client public keys, which are generated randomly by the
SSH 2.0-supported client software.
public-key-code end

Command Reference
rsa peer-public-key
Purpose
Syntax
rsa peer-public-key key-name
Parameters
key-name
Examples
Enter S4200G002 public key view.
Server public key name, consisting of a string from 1 to

64 characters long.
View
Description
Related Commands
System view
You can use this command along with the public-key-code begin command
to configure on the client the server public keys, which are generated randomly after
you use the rsa local-key-pair create command.
public-key-code end
634 rule (Advanced ACL)

Command Reference
rule (Advanced ACL)

Purpose
Use the rule command to define an ACL rule.

Use the undo rule command to delete an ACL rule or the attribute information of
an ACL rule.
Syntax
rule [ rule-id ] { permit | deny } rule-string

undo rule rule-id [ destination ] [ destination-port ] [ dscp ] [
fragment ] [ icmp-type ] [ precedence ] [ source ] [ source-port ] [
time-range ] [ tos ]
Parameters
Parameters of the rule command:

rule-id
The ACL rule ID. Valid values are 0 to 65,534.
deny
Drops packets that satisfy the condition.
permit
Permits packets that satisfy the condition to pass.
rule-string
Rule information, which can be combination of the

parameters given in the table below. The following
table describes the specific parameters. You must
configure the protocol argument in the rule
information before you can configure other
arguments.
Table 107 Rule information

Parameter
Type
Function
Description
protocol
Protocol type
Type of protocol
over IP
When expressed in numerals, the

value range is 1 to 255. When
expressed with a name, the value
can be GRE, ICMP, IGMP, IP, IPinIP,
OSPF, TCP, and UDP
source { sour-addr
sour-wildcard | any }
Source address
information
Specifies the
source address
information in the
rule
sour-addr sour-wildcard is used to

specify the source address of the
packet, expressed in dotted
decimal notation. any represents
any source address.
destination {
dest-addr
dest-wildcard | any }
Destination
address
information
Specifies the
destination
address
information in the
rule
dest-addr dest-wildcard is used to

specify the destination address of
the packet, expressed in dotted
decimal notation. any represents
any destination address
precedence
precedence
Packet
precedence
Packet priority
Value range: 0 to 7
tos tos
Packet
precedence
ToS priority
Value range: 0 to 15
dscp dscp
Packet
precedence
DSCP priority
Value range: 0 to 63
fragment
Fragment
information
Specifies that the

rule is effective
for non-initial
fragment packets

Command Reference
Table 107 Rule information (continued)

Parameter
Type
Function
Description
time-range
time-name
Time range
information
Specifies the time range in which

the rule is active
If the protocol type is TCP or UDP, you can also define the following information:
Table 108 TCP/UDP-specific rule information
Parameter
Type
Function
Description
source-port operator
port1 [ port2 ]
Source port(s)
Defines the source

port information of
UDP/TCP packets
The value of operator can be

lt (less than), gt (greater
than), eq (equal to), neq (not
equal to), or range (within
the range of). Only the range
requires two port numbers
as the operands, and other
operators require only one
port number as the operand
port1 and port2: TCP/UDP
port number(s), expressed
with name(s) or numerals;
when expressed with
numerals, the value range is
0 to 65,535.
destination-port
Destination
operator port1 [ port2 ] port(s)
established
Defines the
destination port
information of
UDP/TCP packets
"TCP connection Specifies that the rule

established" flag will match TCP
connection packets
with the ack or rst
flag
TCP-specific argument
If the protocol type is ICMP, you can also define the following information:
Table 109 ICMP-Specific Rule Information
Parameter
Type
Function
Description
icmp-type icmp-type
icmp-code
Type and
message code
information of
ICMP packets
Specifies the type and

icmp-type: ICMP
message code information of message type, ranging
ICMP packets in the rule
0 to 255.
icmp-code: ICMP
message code, ranging
0 to 255.
If the protocol type is ICMP, you can also directly input the ICMP message name after
the icmp-type argument. The following table describes some common ICMP
messages.
Table 110 ICMP messages
Name
ICMP TYPE
ICMP CODE
echo
Type=8
Code=0
echo-reply
Type=0
Code=0
fragmentneed-DFset
Type=3
Code=4
host-redirect
Type=5
Code=1
host-tos-redirect
Type=5
Code=3
host-unreachable
Type=3
Code=1
information-reply
Type=16
Code=0
636 rule (Advanced ACL)

Command Reference
Table 110 ICMP messages (continued)

Name
ICMP TYPE
ICMP CODE
information-request
Type=15
Code=0
net-redirect
Type=5
Code=0
net-tos-redirect
Type=5
Code=2
net-unreachable
Type=3
Code=0
parameter-problem
Type=12
Code=0
port-unreachable
Type=3
Code=3
protocol-unreachable
Type=3
Code=2
reassembly-timeout
Type=11
Code=1
source-quench
Type=4
Code=0
source-route-failed
Type=3
Code=5
timestamp-reply
Type=14
Code=0
timestamp-request
Type=13
Code=0
ttl-exceeded
Type=11
Code=0
II. Parameters of the undo rule command:
Example
source
Deletes the settings of the source address part in the

rule corresponding to the rule ID
source-port
Deletes the settings of the source port part in the rule

corresponding to the rule ID. This keyword is available
only when TCP or UDP is defined in the rule.
destination
Deletes the settings of the destination address part in

the rule corresponding to the rule ID.
destination-port
Deletes the settings of the destination port part in the

rule corresponding to the rule ID. This keyword is
available only when TCP or UDP is defined in the rule.
icmp-type
Deletes the settings of the ICMP type and message

code part in the rule corresponding to the rule ID. This
keyword is available only when ICMP is defined in the
rule.
precedence
Deletes the precedence-related settings in the rule

corresponding to the rule ID.
tos
Deletes the ToS-related settings in the rule

dscp
Deletes the DSCP-related settings in the rule

time-range
Deletes the time range settings in the rule

fragment
Deletes the settings effective for non-initial fragment

packets in the rule corresponding to the rule ID.
Define a rule to permit packets from hosts in the network segment of 129.9.0.0 to
hosts in the network of 202.38.160.0 and with the port number of 80 to pass.

Command Reference
[S4200G-acl-adv-3101] rule permit tcp source 129.9.0.0 0.0.255.255
destination 202.38.160.0 0.0.0.255 destination-port eq 80
View
Description
Advanced ACL view
Before you can delete a rule, you must specify the rule ID. If you do not know the rule
ID, you can view it by using the display acl command.
In the case that you specify the rule ID when defining a rule:
If the rule corresponding to the specified rule ID already exists, you will edit the
rule, and the modified part in the rule will replace the original content, while other
parts remain unchanged.
If the rule corresponding to the specified rule ID does not exists, you will create
and define a new rule.
The content of a modified or created rule must not be identical with the content
of any existing rule; otherwise the rule modification or creation will fail, and the
system will prompt that the rule already exists.
If you do not specify a rule ID, you will create and define a new rule, and the system
will assign an ID for the rule automatically.
638 rule (Basic ACL)

Command Reference
rule (Basic ACL)

Purpose

an ACL rule.
Syntax
rule [ rule-id ] { permit | deny } [ fragment ] [ source { sour-addr

sour-wildcard | any } ] [ time-range time-name ]
undo rule rule-id [ fragment ] [ source ] [ time-range ]
Parameters
I. Parameters of the rule command:

rule-id
deny
permit
fragment
Specifies that the rule is effective for non-initial

fragment packets.
source { sour-addr
sour-wildcard | any }
time-range time-name
{ sour-addr sour-wildcard | any }: Specifies the source

address information in the rule. If the source keyword
is not included in the command, any source address of
packets will be matched. sour-addr sour-wildcard is
used to specify the source address of the packet,
expressed in dotted decimal notation. The any
parameter refers to any address.
Specifies that this ACL rule is effective only in this time
range.

rule-id
Rule ID, which must the ID of an existing ACL rule. If

no other arguments are specified, the system will
completely delete this ACL rule. If any argument is
given, the system will delete only the specified
information of the ACL rule.
fragment
Deletes the settings effective for non-initial fragment

packets in the rule corresponding to the rule ID.
source
Deletes the settings of the source address part in the

rule corresponding to the rule ID.
time-range
Deletes the time range settings in the rule


Command Reference
Example
rule (Basic ACL) 639
Define a rule to deny packets whose source IP address is 1.1.1.1.

[S4200G-acl-basic-2000] rule deny source 1.1.1.1 0
View
Description
Basic ACL view
an ACL rule.
640 rule comment

Command Reference
rule comment
Purpose
Use the rule comment command to define the comment string for an ACL rule.
Use the undo rule comment command to delete the comment string for an ACL
rule.
Syntax
rule rule-id comment text

undo rule rule-id comment
Parameters
comment text
Example
Define the comment string of Rule 0 of ACL 3000 as "test".
Specifies the comment string for an ACL rule, which

must a string of up to 127 characters.
[S4200G-acl-adv-3000] rule 0 comment test
View
Description
Advanced ACL view / Layer 2 ACL view
Before defining the comment string for an ACL rule, make sure that this ACL rule
exists.

Command Reference
rule (Layer 2 ACL) 641
rule (Layer 2 ACL)

Purpose

Use the undo rule command to delete an ACL rule.
Syntax
rule [ rule-id ] { permit | deny } [ rule-string ]

undo rule rule-id
Parameters
I. Parameters of the rule command:

rule-id
deny
permit
rule-string
Rule information, which can be combination of the

parameters given in the table below. The following
table describes the specific parameters.
Table 111 Rule information

Parameter
Type
Function
Description
format-type
Link layer
encapsulation
type
Defines the link

layer encapsulation
type in the rule
format-type: the value can be

802.3/802.2, 802.3, ether_ii,
or snap
lsap lsap-code
lsap-wildcard
lsap field
Defines the lsap

field in the rule
lsap-code: the encapsulation

format of data frames, a 16-bit
hexadecimal number
lsap-wildcard: mask of the lsap
value, a 16-bit hexadecimal
number used to specify the
mask bit
source { source-addr
Source MAC
source-mask | vlan-id }* address
information
Specifies the source source-addr: source MAC

MAC address range address, in the format of
in the rule
H-H-Hsource- mask: source
MAC address mask, in the
format of H-H-Hvlan-id: source
VLAN ID, in the range of 1 to
4,094
dest dest-addr
dest-mask
Destination MAC Specifies the

address
destination MAC
information
address range in the
rule
dest-addr: destination MAC

address, in the format of
H-H-H dest- mask: destination
MAC address mask, in the
format of H-H-H
cos vlan-pri
Priority
Defines the 802.1p

priority of the rule
vlan-pri: VLAN priority, in the

range of 0 to 7
time-range time-name Time range

information
Specifies the time

range in which the
rule is active
time-name: specifies the name

of the time range in which the
rule is active; a string of 1 to 32
characters
type protocol-type
protocol-mask
Defines the protocol protocol-type: protocol type

type of Ethernet
protocol-mask: protocol type
frames
mask
Protocol type of
Ethernet frames
642 rule (Layer 2 ACL)

Command Reference

rule-id
Example
The Rule ID, which must the ID of an existing ACL rule.
Define a rule to deny packets whose 802.1p priority is 3.

[S4200G-acl-ethernetframe-4000] rule deny cos 3
View
Description
Layer 2 ACL view

Command Reference
save 643
save
Purpose
Use the save command to save the current configuration to a configuration file in
the flash memory.
Syntax
save [ cfgfile | [ safely ] [ backup | main ] ]
Parameters
cfgfile
Path name or file name of the configuration file in the

flash memory to which the current configurations will
be saved. Valid values are a character string from 5 to
56 characters long.
safely
Safe mode. Saving the current configuration in this

mode is relatively slow, but the configuration file still
remains in the flash without being lost even if the
switch restarts or powers down during the saving.
backup
Assigns the backup attribute to the configuration file.
main
Assigns the main attribute to the configuration file.
Example
Save the current configuration to the main configuration file.

<S4200G>save main
The configuration will be written to the device.
Are you sure?[Y/N]y
Please input the file name(*.cfg)(To leave the existing filename
unchanged press the enter key):123.cfg
Now saving current configuration to the device.
Saving configuration. Please wait...
............
Unit1 save configuration flash:/123.cfg successfully
Unit2 save configuration flash:/123.cfg successfully
%Apr 2 02:58:01:682 2000 S4200G CFM/3/CFM_LOG:- 1 -Unit1 save
configuration successfully.
%Apr 2 02:58:01:783 2000 S4200G CFM/3/CFM_LOG:- 1 -Unit2 save
Save the current configuration to the configuration file 234.cfg on unit 1.

<S4200G> save unit1>flash:/234.cfg
The current configuration will be saved to unit1>flash:/234.cfg [Y/N]:y
Now saving current configuration to the device.
Saving configuration. Please wait...
...........
Unit1 save configuration unit1>flash:/234.cfg successfully
<S4200G>
%Apr 2 04:07:21:805 2000 4200G-EI CFM/3/CFM_LOG:- 1 -Unit1 save
644 save
View

Command Reference
Description
Any view
Executing the save command with neither backup nor main assigns the main
attribute to the file to which the current configurations are saved.
The system provides two methods to save the current configurations.
If the safely keyword is not used, the system saves the current configurations in
fast mode. This mode is fast, but the configuration file may be lost if the switch
restarts or powers down.
If the safely keyword is used, the system saves the current configurations in safe
mode. This mode is relatively slow, but the configuration file still remains in the
flash memory without being lost even if the switch restarts or powers down during
the saving.
The fast mode is recommended under the circumstances with stable power system,
while the safe mode is recommended under the circumstances with bad power
system or in the case of remote maintenance.
If the cfgfile argument is not specified, the system saves the current configuration
to the configuration file used in this startup, or saves the current configuration
with the default configuration file name if the default configuration is used in this
startup.
To make a switch to adopt the current configuration when it starts the next time,
save the current configuration using the save command before restarting the
switch.

Command Reference
schedule reboot at 645
schedule reboot at
Purpose
Use the schedule reboot at command to schedule a reboot on the current

switch and set the reboot date and time.
Use the undo schedule reboot command to cancel the scheduled reboot.
Syntax
schedule reboot at hh:mm [ mm/dd/yyyy | yyyy/mm/dd ]

undo schedule reboot
Parameters
hh:mm
Reboot time, where hh (hour) ranges from 0 to 23,

and mm (minute) ranges from 0 to 59.
mm/dd/yyyy or yyyy/mm/dd
Reboot date, where yyyy (year) ranges from 2,000 to

2,099, mm (month) ranges from 1 to 12, and the
range of dd (day) depends on the specific month.
Default
By default, no scheduled reboot is set on the switch.
Example
Suppose the current time is 05:06, schedule a reboot so that the switch reboots at
22:00 on the current day.
<S4200G> schedule reboot at 22:00
Reboot system at 22:00 2000/04/02(in 16 hours and 53 minutes)
confirm?[Y/N]:y
<S4200G>
View
Description
User view
After you execute the schedule reboot at command with a future date specified, the
switch will reboot at the specified time with at most one minute delay.
After you execute the schedule reboot at command without specifying a date, the
switch will:
lReboot at the specified time on the current day if the specified time is later than the
current time.
lReboot at the specified time on the next day if the specified time is earlier than the
current time.
After you execute the command, the system will prompt you to confirm. Enter "Y" or
"y" for your setting to take effect, and your setting will overwrite the old one (if
available).
646 schedule reboot at

Command Reference
If you adjust the system time by the clock command after executing the schedule
reboot at command, the schedule reboot at command will be invalid and the
scheduled reboot will not happen.
Related Command
reboot

Command Reference
schedule reboot delay 647
schedule reboot delay

Purpose
Use the schedule reboot delay command to schedule a reboot on the switch,
and set the reboot waiting delay.
Use the undo schedule reboot command to cancel the scheduled reboot.
Syntax
schedule reboot delay { hhh:mm | mmm }

undo schedule reboot
Parameters
hhh:mmm
Reboot waiting delay, where hhh ranges from 0 to

720, and mm ranges from 0 to 59.
mmm
Reboot waiting delay (in minutes). Valid values are 0

to 43,200 minutes.
Default
By default, no scheduled reboot is set on the switch.
Example
Suppose the current time is 05:02, schedule a reboot so that the switch reboots after
70 minutes.
<S4200G> schedule reboot delay 70
Reboot system at 06:12 2000/04/02(in 1 hours and 10 minutes)
confirm?[Y/N]:y
<S4200G>
View
Description
User view
After you execute the schedule reboot at command with a future date specified, the
switch will reboot at the specified time with at most one minute delay.
You can set the reboot waiting delay in two formats: hhh:mm and mmm. The former
is hours:minutes, the latter is the absolute minutes, and both must be less than or
equal to 302460 (that is, 30 days).
After you execute the command, the system will prompt you to confirm. Enter "Y" or
"y" for your setting to take effect. Your setting will overwrite the old one (if
available).
If you adjust the system time by the clock command after executing the schedule
reboot delay command, the schedule reboot delay command will be invalid and the
scheduled reboot will not happen.
Related command: reboot, schedule reboot at, undo schedule reboot, and display
schedule reboot.
648 scheme

Command Reference
scheme
Purpose
Use the scheme command to configure the AAA scheme to used by the current ISP
domain.
Use the undo scheme command to restore the default AAA scheme used by the ISP
domain.
Syntax
scheme { local | none | radius-scheme radius-scheme-name [ local ] }

undo scheme { radius-scheme | none }
Parameters
radius-scheme-name
Specifies the name of the RADIUS scheme. This name

is a character string from 1 to 32 characters long.
local
Specifies to use local authentication.
none
Specifies not to perform authentication.
Default
By default, the ISP domain uses the local AAA scheme.
Example
To specify the RADIUS scheme radius1 as the primary AAA scheme referenced by the
ISP domain aabbcc.net and specify the local scheme as the secondary authentication
scheme, enter the following:
New Domain added.
[S4200G-isp-aabbcc.net] scheme radius-scheme raduis1 local
View
Description
ISP Domain view
When the scheme command is used to specify the RADIUS scheme to be referenced
by current ISP domain, the specified RADIUS scheme must has already been
configured.
If you execute the scheme radius-scheme radius-scheme-name local command, the
local scheme becomes the secondary scheme in case the RADIUS server does not
response normally. That is, if the communication between the switch and the RADIUS
server is normal, no local authentication is performed; otherwise, local authentication
is performed.

Command Reference
scheme 649
If you execute the scheme local command, the local scheme is adopted as the primary
scheme. In this case, only local authentication is performed, no RADIUS
authentication is performed. If you execute the scheme none command, no
authentication is performed.
Related Command
radius scheme
650 screen-length

Command Reference
screen-length
Purpose
Use the screen-length command to set the number of lines the terminal screen
can contain.
Use the undo screen-length command to revert to the default number of lines.
Syntax
screen-length screen-length
undo screen-length
Parameters
screen-length
The maximum number of information lines that you

can display on a terminal screen. Valid values are 0 to
512.
Set the number of lines the terminal screen can contain to 20.
[S4200G-ui-aux0] screen-length 20
View
Description
User Interface view
You can use the screen-length 0 command to disable the function to display
information in pages.

Command Reference
secondary accounting 651
secondary accounting
Purpose
Use the secondary accounting command to set the IP address and port number of
the secondary RADIUS accounting server.
Use the undo secondary accounting command to restore the default IP address and
port number of the secondary RADIUS accounting server.
Syntax
secondary accounting ip-address [ port-number ]

undo secondary accounting
Parameters
ip-address
port-number
Specifies the UDP port number. Valid values are 1 to

65535.
Default
By default, the IP addresses of secondary accounting server is at 0.0.0.0 and the port
number is 1813.
Example
To set the IP address and UDP port number of the secondary accounting server of the
RADIUS scheme radius1 to 10.110.1.1 and 1813, enter the following:
New Radius scheme
[S4200G-radius-radius1] secondary accounting 10.110.1.1 1813
View
Related Commands
RADIUS Scheme view
key
radius scheme
state
652 secondary authentication

Command Reference
secondary authentication
Purpose
Use the secondary authentication command to set the IP address and port
number of the secondary RADIUS authentication/authorization server.
Use the undo secondary authentication command to restore the default IP
address and port number of the secondary RADIUS authentication/authorization
server.
Syntax
secondary authentication ip-address [ port-number ]

undo secondary authentication
Parameters
ip-address
Specifies the IP address in dotted decimal notation.
port-number
Specifies the UDP port number. Valid values are 1 to

65535.
Default
By default, the IP addresses of secondary authentication/authorization server is

0.0.0.0 and the port number is 1812.
Example
To set the IP address of the second authentication/authorization server of RADIUS

scheme, 3Com, to 10.110.1.2 and the UDP port 1812 to provide RADIUS
authentication/authorization service, enter the following:
To set the IP address and UDP port number of the secondary
authentication/authorization server used by the RADIUS scheme radius1 to
10.110.1.2 and 1812, enter the following:
New Radius scheme
[S4200G-radius-radius1] secondary authentication 10.110.1.2 1812
View
Related Commands
RADIUS Scheme view
key
radius scheme
state

Command Reference
security-policy-server 653
security-policy-server
Purpose
Use the security-policy-server command to set the IP address of a security

policy server.
Use the undo security-policy-server command to remove the IP address
configuration of a security policy server.
Syntax
security-policy-server ip-address
undo security-policy-server [ ip-address | all ]
Parameters
Example
ip-address
The IP address of security policy server.
all
The IP addresses of all the security policy servers.
Configure the IP address of the security policy server to be 192.168.0.1.

<S4200G>system-view
[S4200G] radius scheme S4200G
[S4200G-radius-S4200G] security-policy-server 192.168.0.1
[S4200G-radius-S4200G] display current-configuration
radius scheme S4200G

primary authentication 1.1.11.29 1812
secondary authentication 127.0.0.1 1645
View
Description
RADIUS Scheme view
For each RADIUS scheme, a maximum of eight security policy servers with different IP
addresses can be configured. While users are surfing the Internet, the switch will only
respond to the session control packets sent from the authentication server and the
security policy server.
654 self-service-url

Command Reference
self-service-url
Purpose
Use the self-service-url command to either enable or disable the self-service

server location function.
Use the undo self-service-url command to restore the default state of this
function.
Syntax
self-service-url { disable | enable url-string }

undo self-service-url
Parameters
url-string
Default
Example
Using the default ISP domain system, set the URL of the web page used to modify
user password on the self-service server to
http://10.153.89.94/selfservice/modPasswd1x.jsp|userName, by entering the
following:
Specifies the URL address of the page used to modify

the user password on the self-service server.
url-string is a string that is 1 to 64 characters
long. The string cannot contain the ? character. If the ?
is contained in the URL address, replace it with a |
when inputting the URL address in the command line.
[S4200G] domain system
[S4200G-isp-system] self-service-url enable
http://10.153.89.94/selfservice/modPasswd1x.jsp|userName
View
Description
ISP Domain view
Note: 3Com's CAMS Server is a service management system used to manage

networks and secure networks and user information. Cooperating with other
network devices (such as switches) in a network, the CAMS Server accomplishes the
AAA (authentication, authorization and accounting) services and rights management.
This command must be used with the cooperation of a self-service-supported RADIUS
server (such as CAMS). Through self-service, users can manage and control their
accounts or card numbers by themselves. A server installed with the self-service
software is called a self-service server.
After this command is executed on the switch, users can locate the self-service server
through the following operation: choose [change user password] on the 802.1x

Command Reference
self-service-url 655
client, the client opens the default browser (for example, IE or NetScape) and locates
the specified URL page used to change user password on the self-service server. Then,
the user can change the password.
A user can choose the [change user password] option on the client only after passing
the authentication. If the user fails the authentication, this option is in grey and is
unavailable.
656 send

Command Reference
send
Purpose
Use the send command to send messages to a specified user interface or all user
interfaces.
Syntax
send { all | number | type }
Parameters
all
Specifies to send a message to all user interfaces.
number
Specifies the absolute/relative number of the interface

that you want to send a message to.
type
Specifies the type and type number of the user

interface that you want to send a message to.
Example
To send a message to all the user interfaces, enter the following:

<S4200G>send all
View
User view

Command Reference
server-type 657
server-type
Purpose
Use the server-type command to configure the RADIUS server type supported by
the Switch.
Use the undo server-type to restore the RADIUS server type to the default value.
Syntax
server-type { 3com | standard }

undo server-type
Parameters
3Com
Specifies the 3Com private RADIUS protocol (such as

the procedure and packet format) to interact with the
3Com RADIUS server, which is generally the CAMS.
standard
Specifies to use the standard RADIUS protocol. That is,

it is required that the RADIUS client (on the switch) and
the RADIUS server interact with each other following
the procedure and packet format of the standard
RADIUS protocol (RFC2138/2139 or above).
Default
By default, the switch supports the standard type of RADIUS server. The type of
RADIUS server in the default RADIUS scheme "system" is 3Com.
Example
To set the RADIUS server type in RADIUS scheme radius1 to 3Com, enter the
following:
New Radius scheme
[S4200G-radius-radius1] server-type 3Com
View
RADIUS Scheme view
Description
The Switch 4200G supports standard RADIUS protocol and the extended RADIUS
service platform independently developed by 3Com.
Related Command
radius-scheme
658 service-type

Command Reference
service-type
Purpose
Use the command service-type to authorize a user access to the specified services.
Use the command undo service-type to inhibit the user for accessing the specified
services.
Syntax
service-type { ftp [ ftp-directory directory ] | lan-access |{ssh |

telnet | terminal }* [ level level ]}
undo service-type { ftp [ ftp-directory directory ] | lan-access |{ssh
| telnet | terminal }* [ level level ]}
Parameters
ftp
Specifies the user type as ftp.
lan-access
Specifies the user type as lan-access. For example

Ethernet accessing users using 802.1x applications.
telnet
Authorizes the user to access the Telnet.
ssh
Specifies user type as SSH.
terminal
Authorizes the user to use the terminal service (login

from the Console port).
level level
Specifies the level of Telnet, SSH, or terminal users.

Valid values are integers from 0 to 3.
If no value is specified, the default is 0.
ftp-directory directory
Specifies the directory of ftp users. Valid values for

directory are a character string up to 64 characters
long.
Default
By default, the user is inhibited from accessing any type of service.
Example
To authorize user1 to access the Telnet service, enter the following:

[S4200G-luser-user1] service-type telnet
View
Local User view

Command Reference
Description
service-type 659
Commands are classified into four levels, as follows:
0 - Visit level. Users at this level have access to network diagnosis tools (such as
ping and tracert), and the Telnet commands. A user at this level cannot save the
configuration file.
1 - Monitoring level. Users at this level can perform system maintenance, service
fault diagnosis, and so on. A user at this level cannot save the configuration file.
2 - System level. Users at this level can perform service configuration operations,
including routing, and can enter commands that affect each network layer.
Configuration level commands are used to provide direct network service to the
user.
3 - Management level. Users at this level can perform basic system operations, and
can use file system commands, FTP commands, TFTP commands, XModem
downloading commands, user management commands and level setting
commands.
660 service-type

Command Reference
service-type
Purpose
Use the service-type command to specify the login type and the corresponding
available command level.
Use the undo service-type command to cancel login type configuration.
Syntax
service-type { ftp | lan-access | { ssh | telnet | terminal }* [ level

level ] }
undo service-type { ftp | lan-access | { ssh | telnet | terminal }* }
Parameters
Example
ftp
Specifies the users to be of FTP type.
lan-access
Specifies the users to be of LAN-access type, which

normally means Ethernet users, such as 802.1x users.
ssh
Specifies the users to be of SSH type.
telnet
Specifies the users to be of Telnet type.
terminal
Makes terminal services available to users logging in

through the Console port.
level level
Specifies the user level for Telnet users, Terminal users,

or SSH users. The level argument ranges from 0 to
Configure commands of level 0 are available to the users logging in using the user
name of zbr.
[S4200G] local-user zbr
[S4200G-luser-zbr] service-type telnet level 0
To verify the above configuration, you can quit the system, log in again using the user
name of zbr, and then list the available commands, as listed in the following.
[S4200G] quit
<S4200G> ?
User view commands:
cluster
Run cluster command
language-mode Specify the language environment
ping
Ping function
quit
Exit from current command view
super
Privilege specified user priority level
telnet
Establish one TELNET connection
tracert
Trace route function
undo
Negate a command or set its default

Command Reference
View
service-type 661
Description
Local User view
Commands fall into four command levels: access, monitor, system, and
administration, which are described as follows:
Access level: Commands of this level are used to diagnose network and change
the language mode of user interface, such as the ping, tracert, and
language-mode command. The Telnet command is also of this level.
Commands of this level cannot be saved in configuration files.
Monitor level: Commands of this level are used to maintain the system, to debug
service problems, and so on. The display and debugging command are of
monitor level. Commands of this level cannot be saved in configuration files.
System level: Commands of this level are used to configure services. Commands
concerning routing and network layers are of system level. You can utilize network
services by using these commands.
Administration level: Commands of this level are for the operation of the entire
system and the system supporting modules. Services are supported by these
commands. Commands concerning file system, file transfer protocol (FTP), trivial
file transfer protocol (TFTP), downloading using XModem, user management, and
level setting are of administration level.
662 service-type multicast

Command Reference
service-type multicast
Purpose
Use the service-type multicast command to set the current VLAN as a

multicast VLAN.
Use the undo service-type multicast command to cancel the multicast
VLAN setting.
Syntax
undo service-type multicast
Parameters
None
Default
By default, no VLAN is a multicast VLAN.
Example
Configure VLAN 2 as a multicast VLAN.

[S4200G] vlan 2
[S4200G-vlan2] service-type multicast
View
Description
VLAN view
By configuring a multicast VLAN, adding corresponding switch ports to the multicast

VLAN and enabling IGMP Snooping, you can make users in different VLANs share the
same multicast VLAN. This saves bandwidth since multicast stream is transmitted only
within the multicast VLAN, and also guarantees the security because the multicast
VLAN is completely isolated from the user VLANs.

Command Reference
set authentication password 663
set authentication password

Purpose
Use the set authentication password command to set the local password.
Use the undo set authentication password command to remove the local
password.
Syntax
set authentication password { cipher | simple } password

undo set authentication password
Parameters
Default
cipher
Specifies to display the local password in encrypted

text when you display the current configuration.
simple
Specifies to display the local password in plain text

when you display the current configuration.
password
If the authentication is in the simple mode, the

password must be in plain text. If the authentication is
in the cipher mode, the password can be either in
encrypted text or in plain text. Whether the password
is in encrypted text or plain text depends on the
password string entered. Strings containing up to 16
characters (such as 123) are regarded as plain text
passwords and are converted to the corresponding
24-character encrypted password (such as
!TP<\*EMUHL,408`W7TH!Q!!). A encrypted password
must contain 24 characters and must be in ciphered
text (such as !TP<\*EMUHL,408`W7TH!Q!!).
By default, a password is required for users connecting over Modem or Telnet. If a

password has not been set, the following prompt is displayed: Login password has
not been set!
Example
Set the local password of VTY 0 to "3Com".

<S4200G>system-view
[S4200G]user-interface vty 0
[S4200G-ui-vty0]set authentication password simple 3com
View
Description
User Interface view
The password in plain text is required when performing authentication, regardless of

whether the configuration is plain text or cipher text.
664 sftp

Command Reference
sftp
Purpose
Use the sftp command to establish a connection to the SFTP server and enter SFTP
client view.
Syntax
sftp { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 |

dh_exchange_group } ] [ prefer_ctos_cipher { des | aes128 } ] [
prefer_stoc_cipher { des | aes128 } ] [ prefer_ctos_hmac { sha1 |
sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 |
md5_96 } ]
Parameters
host-ip
IP address of the server.
host-name
Name of the server, consisting of a string from 1 to 20

characters long.
port-num
Port number of the server. Valid values are 0 to 65,535.

If not specified, the default port number is 22.
prefer_kex
Key exchange algorithm preference. Choose one of

the two algorithms available.
dh_group1
Diffie-Hellman-group1-sha1 key exchange algorithm. It

is the default key exchange algorithm.
dh_exchange_group
Diffie-Hellman-group-exchange-sha1 key exchange

algorithm.
prefer_ctos_cipher
Encryption algorithm preference from the client to

server. It defaults to AES128.
prefer_stoc_cipher
Encryption algorithm preference from the server to

client. It defaults to AES128.
des
DES_cbc encryption algorithm.
aes128
AES_128 encryption algorithm.
prefer_ctos_hmac
HMAC algorithm preference from the client to server.

It defaults to SHA1_96.
prefer_stoc_hmac
HMAC algorithm preference from the server to client.

It defaults to SHA1_96.
sha1
HMAC-SHA1 algorithm.
sha1_96
HMAC-SHA1_96 algorithm.
md5
HMAC-MD5 algorithm.
md5_96
HMAC-MD5-96 algorithm.
Example
Establish a connection to the SFTP server with IP address 10.1.1.2 and use the default
encryption algorithms.
[S4200G] sftp 10.1.1.2

Command Reference
View
sftp 665
System view
666 sftp server enable

Command Reference
sftp server enable

Purpose
Use the sftp server enable command to enable the secure FTP (SFTP) server.
Use the undo sftp server enable command to disable the SFTP server.
Syntax
sftp server enable

undo sftp server
Parameters
None
Default
By default, the SFTP server is disabled.
Example
Enable the SFTP server.

[S4200G] sftp server enable
Disable the SFTP server.

[S4200G] undo sftp server
View
System view

Command Reference
sftp time-out 667
sftp time-out
Purpose
Use the sftp time-out command to set the timeout time for the SFTP user
connection.
Use the undo sftp time-out command to restore the default timeout time.
Syntax
sftp time-out time-out-value

undo sftp time-out
Parameters
time-out-value
Example
Set the timeout time for the SFTP user connection to 500 minutes.
Timeout time. Valid values are 1 to 35,791 minutes.

[S4200G] sftp timeout 500
View
Description
System view
After you set the timeout time for the SFTP user connection, the system will
automatically release the connection when the time is up.
668 shell

Command Reference
shell
Purpose
Use the shell command to make terminal services available for the user interface.
Use the undo shell command to make terminal services unavailable to the user
interface.
Syntax
shell
undo shell
Parameters
None
Default
By default, terminal services are available in all user interfaces.
Example
Log into user interface 0 and make terminal services unavailable in VTY 0 through
VTY 4.
<S4200G>system-view
[S4200G]user-interface vty 0 4
[S4200G-ui-vty0-4]undo shell
View
Description
User Interface view
When using the undo shell command, note the following points.
For reasons of security, the undo shell command can only be used on user
interfaces other than the AUX user interface. The AUX port (also the Console) is
exclusively used for configuring the switch.
You cannot use this command on the current user interface.
This command prompts for confirmation when being executed in any valid user
interface.

Command Reference
shutdown 669
shutdown
Purpose
Use the shutdown command to disable an Ethernet port.

Use the undo shutdown command to enable an Ethernet port.
Syntax
shutdown
undo shutdown
Parameters
None
Default
By default, the Ethernet port is enabled.
Example
Enable the GigabitEthernet1/0/1 port.

<S4200G>system-view
[S4200G-GigabitEthernet1/0/1]undo shutdown
View
Ethernet Port view
670 shutdown

Command Reference
shutdown
Purpose
Use the shutdown command to disable the VLAN interface.

Use the undo shutdown command to enable the VLAN interface.
Syntax
shutdown
undo shutdown
Parameters
None
Default
By default, a management VLAN interface is down if all the Ethernet ports in the
management VLAN are down, and the management VLAN interface is up if one or
more Ethernet ports in the management VLAN are up.
Example
Bring up the management VLAN interface. (Assume that VLAN 1 is the management
VLAN.)
[S4200G-Vlan-interface1] undo shutdown
View
Description
VLAN Interface view
This command can be used to start the interface after the related parameters and
protocols of VLAN interface are set. Or when the VLAN interface fails, the interface
can be shut down first and then restarted, in this way, the interface may be restored
to normal status. Shutting down or starting VLAN interface will not take any effect on
any Ethernet port of this VLAN.

Command Reference
smarton 671
smarton
Purpose
Use the smarton command to enable the SmartOn function for an Ethernet port
with supplicant systems attached.
Use the undo smarton command to disable the SmartOn function.
Syntax
smarton
undo smarton
Parameters
None
Default
By default, the SmartOn function is disabled.
Example
To enter system view, enter the following:

To enter GigabitEthernet1/0/2 port view, enter the following:

To enable 802.1x authentication and the SmartOn function, enter the following:
[S4200G-GigabitEthernet1/0/2] dot1x
802.1X is enabled on port GigabitEthernet1/0/2
View
Description
Ethernet Port view
Caution: When executing the smarton command, make sure 802.1x authentication
is enabled on the port.
672 smarton password

Command Reference
smarton password
Purpose
Use the smarton password command to set the password to be used by the
SmartOn function.
Use the undo smarton password command to revert to the default password.
Syntax
smarton password { cipher password | simple password }

undo smarton password
Parameters
cipher
Specifies to enter ciphered password.
simple
Specifies to enter password in plain text.
Password
Password to be set. This argument is a string

comprising up to 16 characters.
Default
The default password is NULL.
Example
To Enter system view. enter the following:

To set the password to be used by the SmartOn function to Test, enter the following:
[S4200G] smarton password Test
View
System view

Command Reference
smarton switchid 673
smarton switchid
Purpose
Use the smarton switchid command to set the switch ID.

Use the undo smarton switchid command to revert to the default switch ID.
Syntax
smarton switchid switch-ID

undo smarton switchid
Parameters
switch-ID
Default
The default switch ID is NULL.
Example
To enter system view and set the switch ID to Switch, enter the following:
Specifies the switch ID. This argument is a string

comprised of up to 30 characters.
[S4200G] smarton switchid Switch
View
System view
674 smarton timer

Command Reference
smarton timer
Purpose
Use the smarton timer command to set the supplicant timeout timer for
SmartOn-enabled supplicant systems.
Use the undo smarton timer command to revert to the default supplicant timeout
timer setting.
Syntax
smarton timer { supp-timeout supp-timeout-value | max-tx value }

undo smarton timer { supp-timeout | max-tx }
Parameters
supp-timeout
Sets the supplicant timeout timer.
supp-timeout-value
Value of the supplicant timeout timer (in seconds). This

argument ranges from 10 to 120 and defaults to 30.
After sending an authentication request packet to an
802.1x client, a switch sends another authentication
request packet if the switch does not receive responses
from the SmartOn-enabled 802.1x client when the
supplicant timeout timer expires.
max-tx value
Specifies the maximum number of retries to send

authentication request packets. The value argument
ranges from 1 to 10 and defaults to 3. The SmartOn
checking ends if the maximum number of retries to
send authentication request packets is reached.
Default
Normally, the default supplicant timeout timer setting is recommended.
Example
To enter system view and set the supplicant timeout timer to 50 seconds, enter the
following:
[S4200G] smarton timer supp-timeout 50
View
System view

Command Reference
snmp-agent 675
snmp-agent
Purpose
Use the snmp-agent command to enable SNMP Agent.

Use the undo snmp-agent command to disable SNMP Agent.
Syntax
snmp-agent
undo snmp-agent
Parameters
None
Default
By default, SNMP Agent is disabled.
Example
Disable running SNMP Agent.

[S4200G] undo snmp-agent
View
Related Command
System view
None
676 snmp-agent community

Command Reference
snmp-agent community
Purpose
Use the snmp-agent community command to set a community name and to enable
users to access the switch through SNMP. You can also optionally use this command
to apply an ACL to filter network management users.
Use the undo snmp-agent community command to cancel community-related
configuration for the specified community.
Syntax
snmp-agent community { read | write } community-name [ mib-view

view-name ] [ acl acl-number ] ]
undo snmp-agent community community-name
Parameters
read
Specifies that the community has read-only permission

in the specified view.
write
Specifies that the community has read/write

permission in the specified view.
community-name
Community name character string.
mib-view
Sets the name of the MIB view accessible to the

community.
view-name
MIB view name.
acl acl-number
Specifies the ACL number. The acl-number argument

ranges from 2,000 to 2,999.
Default
By default, SNMPV1 and SNMPV2C access a switch by community names
Example
Set the community name to "3Com", enable users to access the switch in the name
of the community (with read-only permission), and apply ACL 2,000 to filter network
management users (assuming that ACL 2000 already exists.).
[S4200G] snmp-agent community read 3Com acl 2000
View
System view

Command Reference
Purpose
Use the snmp-agent community command to set the community access name and
enable access to SNMP.
Use the undo snmp-agent community command to cancel the settings of
community access name.
Syntax
snmp-agent community { read | write } community-name [ mib-view

view-name ] [ acl acl-list ] ]
undo snmp-agent community community-name
Parameters
Example
read
Indicates that MIB object can only be read. Only the

read-only community can query device information.
write
Indicates that MIB object can be read and written. The

read-write community can configure the device.
community-name
The community name, a character string of 1 to 32

characters.
view-name
The MIB view name, a character string of 1 to 32

characters.
acl acl-list
The basic access control list (ACL) number specified by

the community, ranging from 2,000 to 2,999.
Configure community name as comaccess and permit read-only access by this

community name.
[S4200G] snmp-agent community read comaccess
Configure community name as mgr and permit read-write access.

[S4200G] snmp-agent community write mgr
Remove community name comaccess.

[S4200G] undo snmp-agent community comaccess
View
System view
678 snmp-agent group

Command Reference
snmp-agent group
Purpose
Use the snmp-agent group command to configure a SNMP group. You can also
optionally use this command to apply an ACL to filter network management users.
Use the undo snmp-agent group command to delete a specified SNMP group.
Syntax
snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [

write-view write-view ] [ notify-view notify-view ] [ acl acl-number]
undo snmp-agent group { v1 | v2c } group-name
snmp-agent group v3 group-name [ authentication | privacy ] [ read-view
read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl
acl-number ]
undo snmp-agent group v3 group-name [ authentication | privacy ]
Parameters
Example
v1
Specifies to adopt V1 security scheme.
v2
v3
group-name
Specifies a group name, up to 32 characters in length.
authentication
Specifies to authenticate SNMP data without

encrypting the data.
privacy
Specifies that the packet is authenticated and

encrypted.
read-view
Sets a read-only view.
read-view
Name of the view to be set to read-only, up to 32

write-view
Sets a readable & writable views.
write-view
Name of the view to be set to readable and writable,

up to 32 characters in length.
notify-view
Sets a notifying view.
notify-view
Name of the view to be set to a notifying view, up to

32 characters in length.
acl acl-number
Specifies an ACL. The acl-number argument ranges

from 2,000 to 2,999.
Create a SNMP group named "3Com" and apply ACL 2001 to filter network
management users (assuming that ACL 2001 already exists).
[S4200G] snmp-agent group v1 3Com acl 2001

Command Reference
View
Description
System view
3Com recommends that you do not use the notify-view parameter when
configuring an SNMP group, for the following reasons:
The snmp-agent target-host command automatically generates a notify-view

for a user, and adds it to the corresponding group.
Any change of the SNMP group notify-view will affect all the users related to
this group.
680 snmp-agent group

Command Reference
snmp-agent group
Purpose
Use the snmp-agent group command to configure a new SNMP group, that is, to
map SNMP user to SNMP view.
Use the undo snmp-agent group command to cancel a specified SNMP group.
Syntax
For Versions V1 and V2C:

snmp-agent group { v1 | v2c } group_name [ read-view read-view ] [
write-view write-view ] [ notify-view notify-view ] [ acl acl-list ]
undo snmp-agent group { v1 | v2c } group-name
For Version V3:

snmp-agent group v3 group-name [ authentication | privacy ] [ read-view
read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl
acl-list ]
undo snmp-agent group v3 group-name [ authentication | privacy ]
Parameters
Example
v1
Specifies to use version V1.
v2c
Specifies to use version V2c.
v3
Specifies to use version V3.
group-name
Enter a group name, up to 32 characters in length.
authentication
Configures to authenticate the packet without

encryption.
privacy
Configures to authenticate and encrypt the packet.
read-view
Configures read-only view settings.
read-view
Enter a read-only view name, up to 32 characters in

length.
write-view
Configures read and write view settings.
write-view
Enter a read and write view name, up to 32 characters

in length.
notify-view
Configures notify view settings.
notify-view
Enter a notify view name, up to 32 characters in

length.
acl acl-list
Enter the access control list for this group name.
Create SNMP group 1.


Command Reference
[S4200G] snmp-agent group v3 group1
View

System view
Description
Related Command
3Com recommends that you do not use the notify-view parameter when
configuring an SNMP group, for the following reasons:
The snmp-agent target-host command automatically generates a notify-view

for a user, and adds it to the corresponding group.
Any change of the SNMP group notify-view will affect all the users related to
this group.
snmp-agent mib-view
snmp-agent usm-user
682 snmp-agent local-engineid

Command Reference
snmp-agent local-engineid
Purpose
Use the snmp-agent local-engineid command to set the engine ID of the local
SNMP entity.
Use the undo snmp-agent local-engineid command to restore the default setting
of engine ID.
Syntax
snmp-agent local-engineid engineid

undo snmp-agent local-engineid
Parameters
engineid
Example
Configure the local device name as 123456789A.
Specifies the engine ID with a character string, only

composed of hexadecimal numbers between 10 and
64 inclusive.
[S4200G] snmp-agent local-engineid 123456789A
View
Description
Related Command
System view
By default, the device engine ID is "Enterprise Number + device information". Device

information is determined according to different products. It can be IP address, MAC
address or user-defined hexadecimal numeral string.
snmp-agent usm-user

Command Reference
snmp-agent log 683
snmp-agent log
Purpose
Use the snmp-agent log command to enable the logging function for network
management.
Use the undo snmp-agent log command to disable the logging function.
Syntax
snmp-agent log { set-operation | get-operation | all }

undo snmp-agent log { set-operation | get-operation | all }
Parameters
set-operation
Logs the information about the set operation.
get-operation
Logs the information about the get operation.
all
Logs the information about both the get and set

operations.
Default
By default, the logging function is disabled.
Example
Enable the logging function for both the get and the set operations.
[S4200G] snmp-agent log all
View
Description
System view
You can use the display logbuffer command to display logging information for the get
and the set operations sent from network management station (NMS).
In a network that contains no fabric, you can use the display logbuffer
command to view the logs of the get and set operations performed by the
network administrator.
As for a fabric, you can execute the display logbuffer command on the
master device to view the logs of the set operations performed by the network
administrator, and execute the display logbuffer command on the devices
to which the get operations are performed to view the logs of corresponding get
operations.
684 snmp-agent mib-view

Command Reference
snmp-agent mib-view
Purpose
Use the snmp-agent mib-view command to create or update the view information,
limiting the MIB objects to be accessed by the NMS.
Use the undo snmp-agent mib-view command to cancel the current setting.
Syntax
snmp-agent mib-view { included | excluded } view-name oid-tree

undo snmp-agent mib-view view-name
Parameters
included
Includes this MIB subtree.
excluded
Excludes this MIB subtree.
view-name
Specifies the view name, consisting of a character

oid-tree
The OID MIB subtree of the MIB object subtree. It can

be a character string of the variable OID (such as
1.4.5.3.1), or a variable name (such as system). The
character string can include wildcards (such as
1.4.5.*.*.1).
Default
By default, the view name is viewDefault. OID is 1.
Example
Create a view that consists of all the objects of MIB2.

[S4200G] snmp-agent mib-view included mib2 1.3.6.1
Related Command
System view
snmp-agent group

Command Reference
snmp-agent packet max-size 685
snmp-agent packet max-size

Purpose
Use the snmp-agent packet max-size command to set the maximum size of SNMP
packet that the Agent can send/receive.
Use the undo snmp-agent packet max-size command to restore the default size of
SNMP packet.
Syntax
snmp-agent packet max-size max-size

undo snmp-agent packet max-size
Parameters
max-size
Example
Set the maximum size of SNMP packet that the Agent can send/receive to 1,042
bytes.
Specifies the maximum size of SNMP packet (measured

in bytes) that the agent can send or receive. Valid
values are 484 to 17940 bytes.
If not specified, the default size is 1500 bytes.
[S4200G] snmp-agent packet max-size 1042
View
Description
System view
The sizes of the SNMP packets received/sent by the Agent are different in different
network environments.
686 snmp-agent sys-info

Command Reference
snmp-agent sys-info
Purpose
Use the snmp-agent sys-info command to configure system information such as

geographical location of the device, contact information for system maintenance and
version information of running SNMP.
Use the undo snmp-agent sys-info location command to restore the default
value.
Syntax
snmp-agent sys-info { contact sys-contact | location sys-location |

version { { v1 | v2c | v3 } * | all } }
undo snmp-agent sys-info {{ contact | location | version { { v1 | v2c |
v3 }* | all }}
Parameters
Example
sys-contact
A character string describing the system maintenance

contact. Valid values are 1 to 255 characters long.
If not specified, the default contact information is
"3Com Marlborough USA".
sys-location
A character string to describe the system location.

If not specified, the default character string is
"Marlborough USA".
version
Version of running SNMP.
v1
SNMP V1.
v2c
SNMP V2C.
v3
SNMP V3.
all
All SNMP version (includes SNMP V1, SNMP V2C,

SNMP V3).
Set contact information for system maintenance as Dial System Operator # 1234.
[S4200G] snmp-agent sys-info contact Dial System Operator # 1234
View
Related Command
System view
diplay snmp-agent sys-info

Command Reference
snmp-agent target-host 687
snmp-agent target-host
Purpose
Use the snmp-agent target-host command to command to configure destination

of SNMP Trap packets.
Use the undo snmp-agent target-host command to cancel the host currently
configured to receive SNMP notification.
Syntax
snmp-agent target-host trap address udp-domain ip-addr [ udp-port

udp-port-number ] params securityname security-string [ v1 | v2c | v3 [
authentication | privacy ] ]
undo snmp-agent target-host ip-addr securityname security-string
Parameters
trap
Specifies the host to receive traps or notifications
address
Specifies the transport address to be used in the

generation of SNMP messages.
udp-domain
Specifies the transport domain over UDP for the target

address.
ip-addr
The IPv4 address of the host receiving Trap packets.
udp-port udp-port-number Specifies the UDP port number of the host to receive
the SNMP notification.
Example
params
Specifies the SNMP target host information to be used

in the generation of SNMP messages.
security-string
The community name of SNMP V1 and SNMP V2C, or

SNMP V3 user name, ranging from 1 to 32 characters.
v1
Specifies SNMP version 1.
v2c
Specifies SNMP version 2C.
v3
Specifies SNMP version 3.
authentication
Specifies that the packet is authenticated without

encryption.
privacy
Specifies that the packet is authenticated and

encrypted.
Enable sending SNMP Trap packets to 10.1.1.1 with community name public.
[S4200G] snmp-agent trap enable standard
securityname public
688 snmp-agent target-host
Description
View
Related Command

Command Reference
The snmp-agent target-host command and the snmp-agent trap enable or enable
snmp trap updown command must be used at the same time on the device to send
Trap packets.
Use the snmp-agent trap enable or enable snmp trap updown command to set
Trap packets allowed to send (all Trap packets can be sent by default).
Use the snmp-agent target-host command to set the address of the destination
host receiving SNMP Trap packets.
System view
snmp-agent trap source
snmp-agent trap life

Command Reference
snmp-agent trap enable 689

Purpose
Use the snmp-agent trap enable command to enable the device to send Trap
packets.
Use the undo snmp-agent trap enable command to disable Trap package sending.
Syntax
snmp-agent trap enable [ configuration | flash | standard [

authentication | coldstart | linkdown | linkup | warmstart ]* | system
]
undo snmp-agent trap enable [ configuration | flash | standard [
authentication | coldstart | linkdown | linkup | warmstart ]* | system
]
Parameters
configuration
Configure to send SNMP configuration Trap packets.
flash
Configure to send SNMP flash Trap packets.
standard
Configures to send SNMP standard notification or Trap

messages.
authentication
Sends SNMP authentication failure Trap messages in

cases of authentication failures.
coldstart
Configures to send SNMP cold start Trap messages

when the device is rebooted.
linkdown
Configures to send SNMP link down Trap messages

when the port is down.
linkup
Configures to send SNMP link up Trap messages when

the port is up.
warmstart
Configures to send SNMP warm start Trap messages

when SNMP is rebooted.
system
Configures to send sysMIB (private MIB) Trap

messages.
Default
By default, Trap message sending is enabled.
Example
Enable to send the Trap packet of SNMP authentication failure to 10.1.1.1. The
community name is public.
[S4200G] snmp-agent trap enable authentication
securityname public
View
System view
690 snmp-agent trap enable
Description

Command Reference
The snmp-agent trap enable and snmp-agent target-host commands

must be used at the same time. The snmp-agent target-host command
specifies which hosts can receive Trap message. However, to send Trap message, you
must configure snmp-agent target-host command.

Command Reference
snmp-agent trap life 691

Purpose
Use the snmp-agent trap life command to set aging time for Trap packets.
Use the undo snmp-agent trap life command to restore the default aging time for
Trap packets.
Syntax
snmp-agent trap life seconds

undo snmp-agent trap life
Parameters
seconds
Example
Configure the timeout interval of Trap packet as 60 seconds.
Specifies the timeouts (in seconds). Valid values are 1

to 2,592,000.
If not specified, the default timeout interval is 120
seconds.
<S4200G>system-view
[S4200G] snmp-agent trap life 60
View
System view
Description
The Trap packets exceeding the aging time are discarded.
Related Commands
692 snmp-agent trap queue-size

Command Reference
snmp-agent trap queue-size

Purpose
Use the snmp-agent trap queue-size command to configure the information

queue length of a Trap packet sent to the destination host.
Use the undo snmp-agent trap queue-size command to restore the default value.
Syntax
snmp-agent trap queue-size size

undo snmp-agent trap queue-size
Parameters
size
Example
Configure the queue length to 200.
Length of queue. Valid values are 1 to 1000.

If not specified, the default length is 100.
[S4200G] snmp-agent trap queue-size 200
View
Related Commands
System view

Command Reference
snmp-agent trap source 693

Purpose
Use the snmp-agent trap source command to configure the source address for
sending Trap messages.
Use the undo snmp-agent trap source command to cancel the source address for
sending Trap messages.
Syntax
snmp-agent trap source interface-type interface-number

undo snmp-agent trap source
Parameters
interface-type
interface-number
Default
By default, SNMP chooses an outgoing interface.
Example
Configure the IP address of the VLAN interface 1 as the source address for
transmitting the Trap packets.
[S4200G] snmp-agent trap source Vlan-interface 1
View
Description
System view
The SNMP Trap message sent from a server has a source IP address no matter which
interface the Trap message is sent from.
You can configure this command to trace a specific event using the source address of
a Trap packet
Note: Before setting the IP address of an interface address as the source address of
the sent Trap packet, you must configure an IP address for the interface.
694 snmp-agent usm-user

Command Reference
snmp-agent usm-user
Purpose
Use the snmp-agent usm-user command to add a new community name or, if you
use the V3 parameter, a new user to an SNMP group.
Use the undo snmp-agent usm-user command to delete a user from an SNMP
group.
Syntax
snmp-agent usm-user { v1 | v2c } username groupname [ acl acl-list ]

undo snmp-agent usm-user { v1 | v2c } username groupname
snmp-agent usm-user v3 username groupname [ authentication-mode { md5 |
sha } authpassstring [ privacy-mode { des56 privpassstring }]]
[ acl acl-list ]
undo snmp-agent usm-user v3 username groupname { local | engineid
engine-id }
Parameters
username
Enter the user name, up to 32 characters in length.
groupname
Enter the group name corresponding to that user, up

to 32 characters in length.
v1
Specifies the use of V1 safe mode.
v2c
Specifies the use of V2c safe mode.
v3
authentication-mode
Specifies the use of authentication.
md5
Specifies that the MD5 algorithm is used in

authentication. MD5 authentication uses a128-bit
password. The computation speed of MD5 is faster
than that of SHA
sha
Specifies that the SHA algorithm is used in

authentication. SHA authentication uses a 160-bit
password. The computation speed of SHA is slower
than that of MD5, but SHA offers higher security.
authpassstring
Enter the authentication password, up to 64 characters

in length.
privacy-mode
Specifies the use of authentication and encryption.
des 56
Specifies that the DES encryption algorithm is used.

Must be entered if you enter the privacy-mode
parameter.
privpassstring
Enter the encryption password with a character string,

ranging from 1 to 64 bytes.
acl acl-list
Enter the access control list for this user, based on USM
name.

Command Reference
Example
To add a user named JohnQ to the SNMP group 3Com, then configure the use
of MD5, and set the authentication password to pass, enter the following:
[SW4200G]snmp-agent usm-user v3 JohnQ 3Com authentication-mode md5 pass
[SW4200G]
View
Description
Related Commands
System view
Note:
SNMP engineID (for authentication) is required when configuring remote users.

This command will not be effective if engineID is not configured.
For V1 and V2C, this command will add a new community name. For V3, it will
add a new user for an SNMP group. See Related Commands below.
display snmp-agent
snmp-agent local engineid

Command Reference
snmp-agent usm-user
Purpose
Use the snmp-agent usm-user command to add a new user to an SNMP group. You
can also optionally use this command to apply an ACL to filter network management
users.
Use the undo snmp-agent usm-user command to remove the user from the
corresponding SNMP group. The operation also frees the user from the corresponding
ACL-related configuration.
Syntax
snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number

]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5
| sha } auth-password ] [ acl acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid
engineid-string }
Parameters
v1
Specifies to adopt V 1 security mode.
v2c
v3
user-name
The user name. Valid values are from 1 to 32 bytes.
group-name
The corresponding group name of the user. Valid

values are from 1 to 32 bytes.
authentication-mode
Specifies the security level to "to be authenticated"
md5
Specifies the authentication protocol as

HMAC-MD5-96.
sha

HMAC-SHA-96.
auth-password
Authentication password, consisting of a character

string from 1 to 64 bytes.
privacy
Specifies the security level as encryption.
des56
Specifies the DES encryption protocol.
priv-password
Encryption password, character string, ranging from 1

to 64 bytes.
acl acl-number
The number identifier of basic number-based ACLs,

local
Local entity user.
engineid
Specifies the engine ID related to the user.
engineid-string
Engine ID character string, comprised of 10 to 64

characters.

Command Reference
Example
Add the user named "3Com" to the SNMP group named "3Comgroup", specifying
to authenticate the user, specifying the authentication protocol to be
HMAC-MD5-96, the authentication password to be "S4200G", and applying ACL
2002 to filter network management users (assuming that ACL 2002 already exists).
[S4200G] snmp-agent usm-user v3 3Com 3Comgroup authentication-mode md5
S4200G acl 2002
View
System view

Command Reference
snmp-agent usm-user
Purpose
Use the snmp-agent usm-user command to add a new user to an SNMP group.
Use the undo snmp-agent usm-user command to remove the user from the related
SNMP group.
Syntax
For Versions V1 and V2C:

snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number
]
undo snmp-agent usm-user { v1 | v2c } user-name group-name
For Version V3:

snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5
| sha } auth-password ] [ privacy-mode des56 priv-password ][ acl
acl-number ]
undo snmp-agent usm-user v3 user-name group-name { local | engineid
engineid-string }
Parameters
v1
V 1 security mode.
v2c
V 2 security mode.
v3
V 3 security mode.
user-name
The user name. Valid values are from 1 to 32

characters.
group-name
The corresponding group name of the user. Valid

values are from 1 to 32 characters.
authentication-mode
Specifies the security level to "to be authenticated."

Absence of this parameter indicates that neither
authentication nor encryption is required.
md5

sha

HMAC-SHA-96 algorithm.
auth-password
Authentication password, consisting of a character

privacy
Specifies the security level as encryption.
des56
Specifies the DES encryption protocol.
priv-password
Encryption password, character string, ranging from 1

to 64 bytes.
acl-number
The number identifier of basic number-based ACLs,

local
Represents a local entity user.

Command Reference
Example
engineid
Specifies the engine ID related to the user.
engineid-string
Specifies the engine ID character string, ranging from

10 to 64 hexadecimal numerals.
Add a user John to SNMP group Johngroup. Configure to authenticate using

HMAC-MD5-96 algorithm, require authentication and set authentication password as
hello.
[S4200G] snmp-agent group v3 Johngroup
[S4200G] snmp-agent usm-user v3 John Johngroup authentication-mode md5
hello
View
Description
System view
The snmp-agent usm-user command is used to delete the stopping accounting

requests from the Switch buffer.
While using SNMPV3, SNMP engineID (for authentication) is required when you
configure a remote user for an agent. If you change engineID after configuring a user,
the user corresponding to the original engineID is not effective.
For V1 and V2C, this command will add a new community name. For V3, it will add a
new user for an SNMP group.
Related Commands
snmp-agent group
snmp-agent local-enginid

Command Reference
snmp-agent usm-user
Purpose
Use the snmp-agent usm-user command to add a new community name or, if you
use the V3 parameter, a new user to an SNMP group.
Use the undo snmp-agent usm-user command to delete a user from an SNMP
group.
Syntax
snmp-agent usm-user { v1 | v2c } username groupname [ acl acl-list ]

undo snmp-agent usm-user { v1 | v2c } username groupname
snmp-agent usm-user v3 username groupname [ authentication-mode { md5 |
sha } authpassstring [ privacy-mode { des56 privpassstring }]]
[ acl acl-list ]
undo snmp-agent usm-user v3 username groupname { local | engineid
engine-id }
Parameters
username
Specifies the user name, consisting of a character

string from 1 to 32 characters in length.
groupname
Specifies the group name corresponding to that user,

consisting of a character string from 1 to 32 characters
in length.
v1
v2c
Specifies the use of V2c safe mode.
v3
authentication-mode
Specifies the use of authentication.
md5
Specifies that the MD5 algorithm is used in

authentication. MD5 authentication uses a128-bit
password. The computation speed of MD5 is faster
than that of SHA
sha
Specifies that the SHA algorithm is used in

authentication. SHA authentication uses a 160-bit
password. The computation speed of SHA is slower
than that of MD5, but SHA offers higher security.
authpassstring
Enter the authentication password, up to 64 characters

in length.
privacy-mode
Specifies the use of authentication and encryption.
des 56
Specifies that the DES encryption algorithm is used.

Must be entered if you enter the privacy-mode
parameter.
privpassstring
Specifies the encryption password with a character

string from 1 to 64 bytes.
acl acl-list
Specifies the access control list for this user, based on

USM name.

Command Reference
Example
To add a user named JohnQ to the SNMP group 3Com, then configure the use
of MD5, and set the authentication password to pass, enter the following:
[SW4200G]snmp-agent usm-user v3 JohnQ 3Com authentication-mode md5 pass
[SW4200G]
View
Description
Related Commands
System view
Note:
SNMP engineID (for authentication) is required when configuring remote users.

This command will not be effective if engineID is not configured.
For V1 and V2C, this command will add a new community name. For V3, it will
add a new user for an SNMP group. See Related Commands below.
display snmp-agent
snmp-agent usm-user
702 snmp-host

Command Reference
snmp-host
Purpose
Use the snmp-host command to configure an SNMP host for the member devices
inside a cluster on the management device.
Use the undo snmp-host command to cancel the SNMP host configuration.
Syntax
snmp-host ip-address
undo snmp-host
Parameters
ip-address
Default
By default, no public SNMP host is configured.
Example
Configure an SNMP host for the cluster on the management device.
IP address of the SNMP host configured for the cluster.
[aaa_0.S4200G-cluster] snmp-host 1.0.0.9
View
Description
Cluster view
Only after you configure the IP address of the network management site for the
cluster, cluster members can send the trap information to the site through the
management device.
These commands can only be executed on the management device.

Command Reference
speed 703
speed
Purpose
Use the speed command to set the transmission speed of the user interface.
Use the undo speed command to revert to the default transmission speed.
Syntax
speed speed-value
undo speed
Parameters
speed-value
Example
To configure the transmission speed on the AUX (Console) port as 9600 b/s, enter the
following:
Specifies the transmission rate on the AUX (Console)

port in bits per second (bps). Valid values are any of the
following: 300, 600, 1200, 2400, 4800, 9600, 19200,
38400, 57600, or 115200.
If not specified, the default rate is 9,600 bps.
<S4200G>system-view
[S4200G-ui-aux0]speed 9600
View
Description
User Interface view
Note: The speed and undo speed commands can only be performed in AUX User
Interface view
704 speed

Command Reference
speed
Purpose
Use the speed command to configure the port rate.

Use the undo speed command to restore the default port rate.
Syntax
speed { 10 | 100 | 1000 | auto }

undo speed
Parameters
10
Sets the port rate to 10 Mbps.
100
Sets the port rate to 100 Mbps.
1000
Sets the port rate to 1000 Mbps. (Only available on

Gigabit ports).
auto
Sets the port speed to auto-negotiation rate mode.
Default
By default, the port is in auto-negotiation rate mode.
Example
Set the rate of the GigabitEthernet1/0/1 port to 10 Mbps.

<S4200G>system-view
[S4200G-Ethernet1/0/1]speed 10
View
Ethernet Port view
Description
Note: The speed and undo speed commands cannot be configured on a combo
port.
Related Command
duplex

Command Reference
ssh client assign rsa-key 705
ssh client assign rsa-key

Purpose
Use the ssh client assign rsa-key command to specify on the client the
public key for the server to be connected to guarantee the client can be connected to
a reliable server.
Use the undo ssh client assign rsa-key command to remove the
association between the public keys and servers.
Syntax
ssh client { server-ip | server-name } assign rsa-key keyname

undo ssh client server-ip assign rsa-key
Parameters
Example
server-ip
Server IP address.
server-name
Server name, consisting of a string from 1 to 80

characters long.
keyname
Server public key name, consisting of a string from 1 to

64 characters long.
Specify on the client the public key of the server (with IP address 192.168.0.1) as abc.
[S4200G] ssh client 192.168.0.1 assign rsa-key abc
View
System view
706 ssh client first-time enable

Command Reference
ssh client first-time enable

Purpose
Use the ssh client first-time enable command to configure the client to
run the initial authentication.
Use the undo ssh client first-time command to remove the configuration.
Syntax

undo ssh client first-time
Parameters
None
Default
By default, the client runs the initial authentication.
Example
Configure the client to run the initial authentication.

[S4200G] ssh client first-time enable
View
Description
System view
In the initial authentication, if the SSH client does not have the public key for the
server which it accesses for the first time, the client continues to access the server and
save locally the public key of the server. Then at the next access, the client can
authenticate the server with the public key saved locally.
When the initial authentication function is not available, the client does not access
the server if it does not have the public key of the server locally. In this case, you need
first to save the public key of the target server to the client in other ways.

Command Reference
ssh server authentication-retries 707

Purpose
Use the ssh server authentication-retries command to set

authentication retry number for SSH connections.
Use the undo ssh server authentication-retries command to restore
the default authentication retry number. The default value takes effect at next login.
Syntax
ssh server authentication-retries times

undo ssh server authentication-retries
Parameters
times
Example
Set the authentication retry number to 4.
Authentication retry number. Valid values are 1 to 5.

[S4200G] ssh server authentication-retries 4
View
System view
Description
Note: If you have used the ssh user authentication-type command to configure the
authentication type to password-publickey, you must set the authentication retry
times to a number greater than or equal to 2, for one is counted when a client sends
a public key to the server.
Related Command
display ssh server
708 ssh server timeout

Command Reference
ssh server timeout

Purpose
Use the ssh server timeout command to set authentication timeout time for
SSH connections.
Use the undo ssh server timeout command to restore the default timeout
time. The default value takes effect at next login.
Syntax
ssh server timeout seconds

undo ssh server timeout
Parameters
seconds
Example
Set the authentication timeout time to 80 seconds.
Authentication timeout time (in seconds). Valid values

are 1 to 120.
[S4200G] ssh server timeout 80
View
Related Command
System view
display ssh server

Command Reference
ssh user assign rsa-key 709

Purpose
Use the ssh user assign rsa-key command to allocate public keys to SSH
users.
Use the undo ssh user assign rsa-key command to remove the association
between the public keys and SSH users. The configuration takes effect at the next
login.
Syntax
ssh user username assign rsa-key keyname

undo ssh user username assign rsa-key
Parameters
Example
username
SSH user name, consisting of a string from 1 to 80

characters long.
keyname
Client public key name, consisting of a string from 1 to

64 characters long.
Set the client public key for the zhangsan user to key1.
[S4200G] ssh user zhangsan assign rsa-key key1
[S4200G]
View
System view
Description
If the user already has a public key, the new public key overrides the old one.
Related Command
710 ssh user authentication-type

Command Reference

Purpose
Use the ssh user authentication-type command to define on the server the
available authentication type for an SSH user.
Use the undo ssh user authentication-type command to restore the
default setting.
Syntax
ssh user username authentication-type { password | rsa |

password-publickey | all }
undo ssh user username authentication-type
Parameters
username
Valid SSH user name, consisting of a string from 1 to

80 characters long.
password
Specifies the authentication type as password.
rsa
Specifies the authentication type as RSA public key.
password-publickey
Specifies the authentication type as both password

and RSA public key. That is, the user can pass the
authentication only if both the password and RSA
public key are correct.
For the authentication type specified by the password-publickey keyword,
SSHv1 client users can access the switch as long as they pass one of the two
authentications.
SSHv2 client users can access the switch only when they pass both the
authentications.
all
Default
Specifies the authentication type as either password or

RSA public key. That is, the user can pass the
authentication if either the password or RSA public key
is correct.
By default, no authentication type is specified for new users, so they cannot access
the switch.
New users must specify authentication type. Otherwise, they cannot access the
switch. The new authentication type configured takes effect at the next login.
Example
Set the authentication type for the zhangsan user as password.

[S4200G] ssh user zhangsan authentication-type password
View

Command Reference
ssh user authentication-type 711
System view
Description
This command defines available authentication type on the server. The actual
authentication type, however, is determined by the client.
Related Command
712 ssh user service-type

Command Reference

Purpose
Use the ssh user service-type command to specify service type for a user.
Use the undo ssh user service-type command to restore the default service
type for the SSH user in the system.
Syntax
ssh user username service-type { stelnet | sftp | all }

undo ssh user username service-type
Parameters
Example
username
Local user name or the user name defined on the

remote RADIUS server, consisting of a string from 1 to
80 characters long.
stelnet
Sets the service type to Telnet.

If no service type is specified, Telnet is used as the
default.
sftp
Sets the service type to SFTP.
all
Includes Telnet and SFTP two services types.
Specify SFTP service for SSH user zhangsan.

[S4200G] ssh user zhangsan service-type sftp
View
Related Command
System view

Command Reference
ssh2 713
ssh2
Purpose
Use the ssh2 command to enable the connection between SSH client and server,
define key exchange algorithm preference, encryption algorithm preference and
HMAC algorithm preference on the server and client.
Syntax
ssh2 { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 |

dh_exchange_group } ] [ prefer_ctos_cipher { des | aes128 } ] [
prefer_stoc_cipher { des | aes128 } ] [ prefer_ctos_hmac { sha1 |
sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 |
md5_96 } ]
Parameters
host-ip
Server IP address.
host-name
Server name, consisting of a string from 1 to 20

characters long.
port-num
Server port number. Valid values are 0 to 65,535.

prefer_kex
Key exchange algorithm preference. Choose one of

the two algorithms available.
dh_group1
Diffie-Hellman-group1-sha1 key exchange algorithm.

If not specified, Diffie-Hellman-group1-sha1 key
exchange is the default algorithm.
dh_exchange_group
Diffie-Hellman-group-exchange-sha1 key exchange

algorithm.
prefer_ctos_cipher
Encryption algorithm preference from the client to

server.
If not specified, the default is AES128.
prefer_stoc_cipher
Encryption algorithm preference from the server to

client.
If not specified, the default is AES128.
des
DES_cbc encryption algorithm.
aes128
AES_128 encryption algorithm.
prefer_ctos_hmac
HMAC algorithm preference from the client to server.

If not specified, the default is SHA1_96.
prefer_stoc_hmac
HMAC algorithm preference from the server to client.

If not specified, the default is SHA1_96.
sha1
HMAC-SHA1 algorithm.
sha1_96
HMAC-SHA1_96 algorithm.
md5
HMAC-MD5 algorithm.
md5_96
714 ssh2
Example

Command Reference
Log into the SSH 2.0 server with IP address 10.214.50.51 and make these settings:
Key exchange algorithm preference as dh_exchange_group
encryption algorithm preference from the server to client as aes128
HMAC algorithm preference from the client to server as md5
HMAC algorithm preference from the server to client as sha1_96
[S4200G] ssh2 10.214.50.51 prefer_kex dh_exchange_group
prefer_stoc_cipher aes128 prefer_ctos_hmac md5 prefer_stoc_hmac sha1_96
View
System view

Command Reference
startup bootrom-access enable 715
startup bootrom-access enable

Purpose
Use the startup bootrom-access enable command to specify a switch to

prompt for the customized password before entering the BOOT menu.
Use the undo startup bootrom-access enable to disable the user from
entering the main Boot Menu with customized password.
Syntax

undo startup bootrom-access enable
Parameters
None
Default
By default, the user is disabled from entering the main Boot Menu with customized
password.
Example
Specify to prompt for the customized password before entering the BOOT menu.
<S4200G> startup bootrom-access enable
View
Related Command
User view
You can use the display startup command to check the executing results of the
above commands.
716 startup saved-configuration

Command Reference
Purpose
Use the startup saved-configuration command to specify the main or

backup configuration file for a switch to start the next time.
Use the undo startup saved-configuration command to specify a switch to
start without loading the configuration file.
Syntax
startup saved-configuration cfgfile [ backup | main ]

undo startup saved-configuration [ unit unit-id ]
Parameters
cfgfile
Path name or file name of a configuration file in the

flash memory, consisting of a character string from 5
backup
Assigns the backup attribute to the file.
main
Assigns the main attribute to the file.
unit unit-id
CAUTION: To make a switch to start without loading the configuration file, do not
execute the save command after executing the undo startup
saved-configuration command.
Example
Configure the file named vrpcfg.cfg to be the main configuration file for the switch to
start the next time.
<S4200G>startup saved-configuration vrpcfg.cfg main
Please wait......Done!
%Apr 2 02:55:10:025 2000 S4200G CFM/3/CFM_LOG:- 1 -Unit1 set the
configuration
successfully.
View
User view
Description
Executing the startup saved-configuration command with neither backup

nor main parameter assigns the main attribute to the file.
Related Command
display startup

Command Reference
state 717
state
Purpose
Use the state command to configure the state of the current ISP domain/current
user.
In ISP Domain view or Local User view, use the state command to configure the
state of the current ISP domain/current user.
In RADIUS view, use the state command to set the status of a RADIUS server.
Syntax
In ISP Domain view or Local User view:

state { active | block }
In RADIUS view:
state { block | active } { primary | secondary } { accounting |
authentication }
Parameters
active

Sets the current ISP domain in ISP Domain View or
local user in Local User View. In other words, allow
users in the current ISP domain or the current local
user to access the network.
In RADIUS view:
Sets the status of the specified RADIUS server to
active (that is, the normal working state).
block

Inhibits the current ISP domain in ISP domain view
or local user in Local User view. In other words,
blocks users in current ISP domain or current local
user from accessing the network.
In RADIUS view:
Sets the status of the specified RADIUS server to
block (that is, the down state).
Default
primary
Specifies the server to be set is a primary RADIUS

server.
secondary
Specifies the server to be set is a secondary RADIUS

server.
accounting
Specifies the server to be set is a RADIUS accounting

server.
authentication
Specifies the server to be set is a RADIUS

authentication/authorization server.
In ISP Domain view or Local User view, an ISP domain and the local user are in the
active state upon creation.
718 state

Command Reference
In RADIUS view, all the RADIUS servers in a user-defined RADIUS scheme are in the
active state; and the RADIUS servers in the default RADIUS scheme "system" are in
the block state.
Example
In ISP Domain view or Local User view to set the ISP domain aabbcc.net to the block
state, so that all its offline users cannot access the network, enter the following:
New Domain added.
[S4200G-isp-aabbcc.net] state block
In ISP Domain view or Local User view to set user1 to the block state.
[S4200G-user-user1] state block
In RADIUS view to set the timeout time of the response timeout timer for the RADIUS
scheme radius1 to 5 seconds, enter the following:
New Radius scheme
[S4200G-radius-radius1] timer 5
View
Description
ISP Domain view
Local User view
RADIUS view
After an ISP domain is set to the block state, except the online users, the users
under this domain are not allowed to access the network.
After the local user is set to the block state, the user is not allowed to access the
network.
In RADIUS view for the primary and secondary servers (authentication/authorization

servers, or accounting servers) in a RADIUS scheme, note that:
If the switch gets no response from the RADIUS server after sending out a RADIUS
request (authentication/authorization request or accounting request) and waiting
for a time, it should retransmit the packet to ensure that the user can obtain the
RADIUS service. This wait time is called response timeout time of RADIUS server;
and the timer in the switch system that is used to control this time is called the
response timeout timer of RADIUS server. You can use the timer command to set
the timeout time of this timer.
Appropriately setting the timeout time of this timer according to the network
situation can improve the performance of the system.

Command Reference
state 719
Related Command
The timer command has the same effect with the timer response-timeout
command.
For ISP Domain view or Local User view)
domain
For RADIUS view:
radius scheme
retry
720 state

Command Reference
state
Purpose
Use the state command to configure the state of RADIUS server.
Syntax
state { primary | secondary } { accounting | authentication } { block |

active }
Parameters
primary
Configures to set the state of the primary RADIUS

server.
secondary
Configures to set the state of the second RADIUS

server.
accounting
Configures to set the state of RADIUS accounting

server.
authentication
Configures to set the state of RADIUS

authentication/authorization.
block
Configures the RADIUS server to be in the state of

block.
active
Configures the RADIUS server to be active, namely the

normal operation state.
Default
By default, as for the newly created RADIUS scheme, the primary and secondary
accounting/authentication servers are in the state of block; as for the "system"
RADIUS scheme created by the system, the primary accounting/authentication servers
are in the state of active, and the secondary accounting/authentication servers are in
the state of block.
Example
To set the second authentication server of RADIUS scheme, 3Com, to be active,

[SW4200G]radius scheme 3Com
[SW4200G-radius-3Com]state secondary authentication active
View
Description
RADIUS Scheme view
For the primary and second servers (no matter an authentication/authorization or an

accounting server), if the primary server is disconnected to NAS for some fault, NAS
will automatically turn to exchange packets with the second server. However, after
the primary one recovers, NAS will not resume the communication with it at once,
instead, it continues communicating with the second one. When the second one fails
to communicate, NAS will turn to the primary one again. This command is used to set

Command Reference
state 721
the primary server to be active manually, in order that NAS can communicate with it
right after the troubleshooting.
When the primary and second servers are all active or block, NAS will send the
packets to the primary server only.
Related Commands
primary accounting
radius-scheme
722 stop-accounting-buffer enable

Command Reference
Purpose
Use the stop-accounting-buffer enable command to enable the switch to buffer

the stop-accounting requests that bring no response.
Use the undo stop-accounting-buffer enable command to disable the switch
from buffering the stop-accounting requests that bring no response.
Syntax
undo stop-accounting-buffer enable
Parameters
None
Default
By default, the switch is enabled to buffer the stop-accounting requests that bring no
response.
Example
To enable the switch to buffer the stop-accounting requests that bring no response
from the servers in RADIUS scheme radius1, enter the following:
New Radius scheme
[S4200G-radius-radius1] stop-accounting-buffer enable
View
Description
Related Commands
RADIUS Scheme view
Stop-accounting requests are critical to billing and will eventually affect the charges;
they are important for both the users and the ISP. Therefore, the switch should do its
best to transmit them to the RADIUS server. If the RADIUS accounting server does not
respond to such a request, the switch should first buffer the request on itself, and
then retransmit the request to the RADIUS accounting server until it gets a response,
or the maximum number of transmission attempts is reached (in this case, it discards
the request).
radius scheme

Command Reference
stopbits 723
stopbits
Purpose
Use the stopbits command to set the stop bits of the user interface.
Use the undo stopbits command to revert to the default stop bits.
Syntax
stopbits { 1 | 1.5 | 2 }
undo stopbits
Parameters
Example
Sets the stop bits to 1.

If no value is specified, 1 is the default.
1.5
Sets the stop bits to 1.5.
Sets the stop bits to 2.
Set the stop bits to 2.

<S4200G>system-view
[S4200G-ui-aux0]stopbits 2
View
Description
User Interface view
This command can only be performed in AUX User Interface view.
724 stp

Command Reference
stp
Purpose
Use the stp command to enable or disable MSTP globally or for a port.
Use the undo stp command to restore the default MSTP status globally or for a
port.
Syntax
stp { enable | disable }

undo stp
Parameters
enable
Enables MSTP globally or for a port.
disable
Disables MSTP globally or for a port.
Default
By default, MSTP is disabled.
Example
To enable MSTP globally, enter the following:

[S4200G] stp enable
To disable MSTP for port Ethernet1/0/1, enter the following:

[S4200G-GigabitEthernet1/0/1] stp disable
View
Description
System view
Ethernet Port view
With MSTP enable, a switch determines whether to operate in STP mode, RSTP mode,
or MSTP mode according to your configuration. A switch becomes a transparent
bridge if you disable MSTP.
With MSTP enabled, a switch dynamically maintains the status of spanning trees by
processing BPDUs of the corresponding VLANs. After MSTP is disabled, the switch
stops doing so.
Related Commands
stp interface
stp mode

Command Reference
stp bpdu-protection 725
stp bpdu-protection
Purpose
Use the stp bpdu-protection command to enable the BPDU protection

function.
Use the undo stp bpdu-protection command to restore the default operation
mode of the BPDU protection function,
Syntax
stp bpdu-protection
undo stp bpdu-protection
Parameters
None
Default
By default, the BPDU protection function is disabled.
Example
To enable the BPDU protection function, enter the following:

[S4200G] stp bpdu-protection
View
Description
System view
Normally, access ports of access layer devices have terminals (such as PCs) or file
servers directly connected to them. These ports are usually configured to be edge
ports to achieve rapid transition. When they receive BPDUs, however, they are set as
non-edge ports automatically, which causes MSTP to recalculate the spanning trees,
resulting in network topology jitters.
In normal cases, edge ports are free of BPDUs. But malicious users may attack the
switches by sending forged BPDUs to the edge ports to create network jitters. You
can prevent this type of attack by utilizing the BPDU protection function. With this
function enabled on a switch, once an edge port receives a BPDU, the system
automatically shut it down and notifies the network administrator of the situation.
Only the administrator can restore edge ports that are shut down.
CAUTION:
As 1000 Mbps ports of a 3Com Switch 4200G Family switch cannot be shut down,
the BPDU protection function is not applicable to these ports even you enable the
BPDU protection function and specify these ports to be MSTP edge ports.
726 stp bridge-diameter

Command Reference
stp bridge-diameter
Purpose
Use the stp bridge-diameter command to set the network diameter of a

switched network, which is represented in terms of the maximum number of switches
between any two terminals in a switched network.
Use the undo stp bridge-diameter command to restore the default network
diameter.
Syntax
stp bridge-diameter bridgenum

undo stp bridge-diameter
Parameters
bridgenum
Default
By default, the network diameter of a switched network is 7.
Example
To set the network diameter to 5, enter the following:
Sets the network diameter for the switched network.

Valid values are 2 to 7.
[S4200G] stp bridge-diameter 5
View
Description
System view
An MSTP-enabled switch adjusts its Hello time, Forward delay, and Max age settings
accordingly after you configure the network diameter on the switch. With the
network diameter set to 7 (the default), the three time settings are set to their
defaults as well.
The stp bridge-diameter command applies to CISTs only; it is invalid for MSTIs.
Related Commands
stp timer forward-delay
stp timer hello
stp timer max-age

Command Reference
stp config-digest-snooping 727
stp config-digest-snooping
Purpose
Use the stp config-digest-snooping command to enable the digest

snooping feature.
Use the undo stp config-digest-snooping command to disable the digest
snooping feature.
Syntax
undo stp config-digest-snooping
Parameters
None
Default
The digest snooping feature is disabled by default.
Example
To enable the digest snooping feature for GigabitEthernet1/0/1 port, enter the
following:
[S4200G-GigabitEthernet1/0/1] stp config-digest-snooping
[S4200G-GigabitEthernet1/0/1] quit
[S4200G]stp config-digest-snooping
View
Description
Ethernet Port view
According to IEEE 802.1s, two connected switches can interwork with each other
through MSTIs in an MST region only when the two switches have the same MST
region-related configuration. With MSTP employed, interconnected switches
determine whether or not they are in the same MST region by checking the
configuration IDs of the BPDUs between them. (A configuration ID contains
information such as region ID and configuration digest.)
As some partners' switches adopt proprietary spanning tree protocols, they cannot
interwork with other switches in an MST region even if they are configured with the
same MST region-related settings as other switches in the MST region.
This kind of problems can be overcome by implementing the digest snooping feature.
If a switch port is connected to a partner's switch that has the same MST
region-related settings but adopts a proprietary spanning tree protocol, you can
enable digest snooping on the port. Then the switch regards the peer switch
connected to the port as in the same region and records the configuration digests
carried in the BPDUs received from the switch, which will be put in the BPDUs to be
728 stp config-digest-snooping

Command Reference
send to the peer switch.. In this way, the switch can interwork with the partners'
switches in an MST region.
Note:
The digest snooping feature is needed only when your S5100-EI series switch is
connected to partner's proprietary protocol-adopted switches.
To enable the digest snooping feature successfully, you must first enable it on all
the switch ports that connect to partner's proprietary protocol-adopted switches
and then enable it globally.
To enable the digest snooping feature, the interconnected switches must be

configured with exactly the same MST settings.
The digest snooping feature must be enabled on all the switch ports that connect
to partners' proprietary protocol-adopted switches in the same MST region..
To change MST region-related configuration, be sure to disable the digest

snooping feature first to prevent possible broadcast storms.

Command Reference
stp cost 729
stp cost
Purpose
Use the stp cost command to set the path cost of a port in a spanning tree
instance.
Use the undo stp cost command to restore the default.
Syntax
stp [ instance instance-id ] cost cost

undo stp [ instance instance-id ] cost
Parameters
instance-id
Specifies the ID of a spanning tree instance. Valid

values are 0 to 16. A value of 0 specifies the CIST.
cost
Specifies the path cost for the port. Valid values are 1
to 200,000,000.
Default
By default, a switch automatically calculates the path costs of a port in different

spanning tree instances based on a specified standard.
Example
To set the path cost of GigabitEthernet1/0/3 port in spanning tree instance 2 to 200.
[S4200G-GigabitEthernet1/0/3] stp instance 2 cost 200
View
Description
Ethernet Port view
The path cost of a port affects the role of the port. By configuring the same ports to
have different path costs in different MSTIs, you can enable flows of different VLANs
to travel along different physical links, implementing VLAN-based load balancing.
Path cost changes for ports of an MSTP-enabled switch can cause MSTP to
redetermine the roles of the ports and to perform state transitions.
If you specify the instance-id argument to be 0 or do not specify this argument,
the stp cost command sets the path cost of the port in the CIST.
Related Command
stp interface cost
730 stp edged-port

Command Reference
stp edged-port
Purpose
Use the stp edged-port command to configure the current Ethernet port as
either an edge port or a non-edge port.
Use the undo stp edged-port command to restore the current Ethernet port to
its default state.
Syntax
stp edged-port { enable | disable }

undo stp edged-port
Parameters
enable
Configures the current Ethernet port to be an edge

port.
disable
Configures the current Ethernet port to be a non-edge

port.
Default
By default, all Ethernet ports of a switch are non-edge ports.
Example
To Configure GigabitEthernet1/0/1 port as a non-edge port, enter the following:

[S4200G-GigabitEthernet1/0/1] stp edged-port disable
View
Description
Ethernet Port view
An edge port is a port that is directly connected to a user terminal instead of another
switch or a network segment. Rapid transition is applied to edge ports because, on
these ports, no loops can be incurred by network topology changes. You can enable a
port to transit to the forwarding state rapidly by setting it to an edge port. And you
are recommended to configure the Ethernet ports directly connected to user
terminals as edge ports to enable them to transit to the forwarding state rapidly.
Normally, configuration BPDUs cannot reach an edge port because the port is not
connected to another switch. But when the BPDU protection function is disabled on
an edge port, configuration BPDUs sent deliberately by a malicious user may reach the
port. If an edge port receives a BPDU, it turns to a non-edge port.
CAUTION:
Among loop prevention function, root protection function and edge port setting,
only one can be valid on the same port.

Command Reference
Related Command
stp edged-port 731
stp interface edged-port
732 stp interface

Command Reference
stp interface
Purpose
Use the stp interface command in system view to enable or disable MSTP for
specified ports.
Syntax
stp interface interface-list { enable | disable }
Parameters
interface-list

interface-num }

Default

enable
Enables MSTP on the specified ports.
disable
Disables MSTP on the specified ports.
By default, MSTP is enabled on ports of a switch if MSTP is globally enabled; and

MSTP is disabled on ports of a switch if MSTP is disabled globally.
An MSTP-disabled port does not participate in any calculation of spanning trees and is
always in forwarding state.
Example
To Enable MSTP on GigabitEthernet1/0/1 port in system view, enter the following:

[S4200G] stp interface GigabitEthernet 1/0/1 enable
View
System view

Command Reference
Description
stp interface 733
CAUTION:
Disabling MSTP on ports may result in loops.
Related Command
stp
stp mode
734 stp interface config-digest-snooping

Command Reference

Purpose
Use the stp interface config-digest-snooping command to enable the

digest snooping feature.
Use the undo stp interface config-digest-snooping command to
disable the digest snooping feature.
Syntax
stp interface interface-list config-digest-snooping

undo stp interface interface-list config-digest-snooping
Parameters
interface-list

interface-num }


Default
By default, the digest snooping feature is disabled.
Example
To enable the digest snooping feature on GigabitEthernet1/0/1 port in system view,

[S4200G] stp interface GigabitEthernet 1/0/1 config-digest-snooping
View
Description
System view
According to IEEE 802.1s, two interconnected MSTP switches can interwork with
each other through MSTIs in an MST region only when the two switches have the
same MST region-related configuration. Interconnected MSTP switches determine

Command Reference
stp interface config-digest-snooping 735
whether or not they are in the same MST region by checking the configuration IDs of
the BPDUs between them. (A configuration ID contains information such as region ID
and configuration digest.)
As some partners' switches adopt proprietary spanning tree protocols, they cannot
interwork with other switches in an MST region even if they are configured with the
same MST region-related settings as other switches in the MST region.
This problem can be overcome by implementing the digest snooping feature. If a port
on an S5100-EI series switch is connected to a partner's switch that has the same
MST region-related settings as its own but adopts a proprietary spanning tree
protocol, you can enable digest snooping on the port. Then the S5100-EI switch
regards the partner's switch as in the same region; it records the configuration digests
carried in the BPDUs received from the partner's switch, and put them in the BPDUs
to be send to the partner's switch. In this way, the S5100-EI switches can interwork
with the partners' switches in the same MST region.
Note:
The digest snooping feature is needed only when your S5100-EI series switch is
connected to partner's proprietary protocol-adopted switches.
To enable the digest snooping feature successfully, you must first enable it on all
the ports of your S5100-EI series switch that are connected to partner's proprietary
protocol-adopted switches and then enable it globally.
To enable the digest snooping feature, the interconnected switches must be

configured with exactly the same MST region-related configuration.
The digest snooping feature must be enabled on all the ports of your S5100-EI
series switch that are connected to partners' proprietary protocol-adopted
switches in the same MST region.
To change MST region-related configuration, be sure to disable the digest

snooping feature first to prevent possible broadcast storms.
736 stp interface cost

Command Reference
stp interface cost

Purpose
Use the stp interface cost command to set the path cost of specified ports in
a specified spanning tree instance.
Use the undo stp interface cost command to restore the default path costs.
Syntax
stp interface interface-list [ instance instance-id ] cost cost

undo stp interface interface-list [ instance instance-id ] cost
Parameters
interface-list

interface-num }

Default

instance-id
Specifies the spanning tree instance ID. Valid values are

0 to 16. A value of 0 specifies the CIST.
cost
Specifies the path cost for the ports. Valid values are
1 to 200,000,000.
By default, a switch calculates the path costs of ports in each spanning tree instance
automatically according to the specified standard.
If you specify the instance-id argument to be 0 or do not specify this argument,
the stp interface cost command sets the path cost of the port in the CIST.
Example
To set the path cost of GigabitEthernet1/0/3 port in spanning tree instance 2 to 400 in
system view, enter the following:
[S4200G] stp instance 2 interface GigabitEthernet 1/0/3 cost 400

Command Reference
View
stp interface cost 737
System view
Description
The path cost of a port affects the role of the port. By configuring the same ports to
have different path costs in different MSTIs, you can enable flows of different VLANs
to travel along different physical links, implementing VLAN-based load balancing.
Path cost changes for ports of an MSTP-enabled switch can cause MSTP to recalculate
the roles of the ports and to perform state transitions.
Related Command
stp cost
738 stp interface edged-port

Command Reference

Purpose
Use the stp interface edged-port command to configure the specified

Ethernet ports to be either edge ports or non-edge ports.
Use the stp interface edged-port enable command to configure the
specified Ethernet port(s) as edge ports.
Use the stp interface edged-port disable command to configure the
specified Ethernet port(s) as non-edge ports.
Use the undo stp interface edged-port command to restore the specified
Ethernet ports to their default states.
Syntax
stp interface interface-list edged-port { enable | disable }

undo stp interface interface-list edged-port
Parameters
interface-list

interface-num }

Default

enable
Configures the specified Ethernet ports to be edge

ports.
disable
Configures the specified Ethernet ports to be

non-edge ports.
By default, all Ethernet ports of a switch are non-edge ports.

Command Reference
Example
stp interface edged-port 739
To configure GigabitEthernet1/0/3 port as an edge port in system view, enter the

following:
[S4200G] stp interface GigabitEthernet 1/0/3 edged-port enable
View
Description
System view
An edge port is a port that is directly connected to a user terminal instead of another
switch or a network segment. Rapid transition is applied to edge ports because, on
these ports, no loops can be incurred by network topology changes. You can enable a
port to transit to the forwarding state rapidly by setting it to an edge port. And you
are recommended to configure the Ethernet ports directly connected to user
terminals as edge ports to enable them to transit to the forwarding state rapidly.
Normally, configuration BPDUs cannot reach an edge port because the port is not
connected to another switch. But when the BPDU protection function is disabled on
an edge port, configuration BPDUs sent deliberately by a malicious user may reach the
port. If an edge port receives a BPDU, it turns to a non-edge port.
CAUTION:
Only one function among loop prevention, root protection, and edge port can be
valid at a time.
Related Command
stp edged-port
740 stp interface loop protection

Command Reference
stp interface loop protection

Purpose
Use the stp interface loop-protection command to enable the loop

prevention function.
Use the undo stp interface loop-protection command to restore the
default state of the loop prevention function.
Syntax
stp interface interface-list loop-protection

undo stp interface interface-list loop-protection
Parameters
interface-list

interface-num }


Default
The loop prevention function is disabled by default.
Example
To enable the loop prevention function on GigabitEthernet1/0/1 port, enter the

following:
[S4200G] stp interface GigabitEthernet 1/0/1 loop-protection
View
System view

Command Reference
Description
stp interface loop protection 741
CAUTION:
valid at a given time.
Related Command
stp loop-protection
742 stp interface mcheck

Command Reference
stp interface mcheck

Purpose
Use the stp interface mcheck command to perform the mCheck operation for
specified ports.
Syntax
stp [ interface interface-list ] mcheck
Parameters
interface-list

interface-num }

Example

To perform the mCheck operation on GigabitEthernet1/0/3 port, enter the following:

[S4200G] stp interface GigabitEthernet 1/0/3 mcheck
View
Description
Related Commands
System view
A port on an MSTP-enabled switch toggles to the STP/RSTP mode automatically if an

STP-/RSTP-enabled switch is connected to it. But when the STP-/RSTP-enabled switch
is disconnected from the port, the port cannot toggle back to the MSTP mode
automatically. In this case, you can force the port to toggle to the MSTP mode by
performing the mCheck operation on the port.
stp mcheck
stp mode

Command Reference
stp interface no-agreement-check 743

Purpose
Use the stp interface no-agreement-check command to enable the rapid

transition feature on a specified port.
Use the undo stp interface no-agreement-check command to disable the
rapid transition feature on a specified port.
Syntax
stp interface interface-type interface-number no-agreement-check

undo stp interface interface-type interface-number no-agreement-check
Parameters
interface-type
Port type.
interface-number
Port number.
Default
The rapid transition feature is disabled on any port by default.
Example
To enable the rapid transition feature for GigabitEthernet1/0/1 port, enter the
following:
[S4200G]stp interface GigabitEthernet1/0/1 no-agreement-check
View
Description
System view
Some partners' switches adopt proprietary spanning tree protocols that are similar to
RSTP in the way to implement rapid transition on designated ports. When a switch of
this kind operates as the upstream switch of the 4200G series switch running MSTP,
the upstream designated port fails to change their states rapidly.
The rapid transition feature is developed to avoid this case. When the 4200G series
switch running MSTP is connected in the upstream direction to a partner's switch
running proprietary spanning tree protocol, you can enable the rapid transition
feature on the ports of the 4200G series switch operating as the downstream switch.
Among these ports, those operating as the root ports will then send agreement
packets to their upstream ports after they receive proposal packets from the upstream
designated ports, instead of waiting for agreement packets from the upstream
switch. This enables designated ports of the upstream switch to change their states
rapidly.
Note: Enable the rapid transition feature on root ports or alternate ports only.
Related Command
744 stp interface point-to-point

Command Reference
stp interface point-to-point

Purpose
Use the stp interface point-to-point command to specify whether the

specified Ethernet ports are point-to-point links.
Use the undo stp interface point-to-point command to restore the
default setting.
Syntax
stp interface interface-list point-to-point { force-true | force-false

| auto }
undo stp interface interface-list point-to-point
Parameters
interface-list

interface-num }

Default

force-true
Specifies that the links connected to the specified

Ethernet ports are point-to-point links.
force-false
Specifies that the links connected to the specified

Ethernet ports are not point-to-point links.
auto
Specifies to automatically determine whether or not

the links connected to the specified Ethernet ports are
point-to-point links.
If no keyword is specified in the stp interface point-to-point command,

the auto keyword is used by default, and so MSTP automatically determines the types
of the links connected to the specified ports.

Command Reference
Example
stp interface point-to-point 745
To configure the link connected to GigabitEthernet1/0/3 port as a point-to-point link

in system view, enter the following:
[S4200G] stp interface GigabitEthernet 1/0/3 point-to-point force-true
View
Description
System view
The rapid transition feature is not applicable to ports on non-point-to-point links.

If an Ethernet port is the master port of an aggregated port or operates in full-duplex
mode, the link connected to the port is a point-to-point link.
You are recommended to let MSTP automatically determine the link types.
These two commands only apply to CIST and MSTIs. If you configure the link to which
a port is connected to be a point-to-point link (or a non-point-to-point link), the
configuration applies to all spanning tree instances (that is, the port is configured to
connect to a point-to-point link (or a non-point-to-point link) in all spanning tree
instances). If the actual physical link is not a point-to-point link and you configure the
link to which the port is connected to be a point-to-point link, loops may temporarily
occur.
Related Command
stp point-to-point
746 stp interface port priority

Command Reference
stp interface port priority

Purpose
Use the stp interface port priority command to set the port priority of
specified ports in a spanning tree instance.
Use the undo stp interface port priority command to restore the
default port priority of the specified ports in the spanning tree instance.
Syntax
stp interface interface-list instance instance-id port priority

priority
undo stp interface interface-list instance instance-id port priority
Parameters
interface-list

interface-num }

Example

instance-id

priority
Specifies the priority for the ports. Valid values are 0 to

240 but must be a multiple of 16 (such as 0, 16 or 32).
If not specified, the default port priority is 128.
To set the port priority of GigabitEthernet1/0/3 port (with regard to spanning tree
instance 2) to 16, enter the following:
[S4200G] stp interface GigabitEthernet 1/0/3 instance 2 port priority
16

Command Reference
View
stp interface port priority 747
System view
Description
If you specify the instance-id argument to be 0, the configured priorities apply to

the CIST. The role a port plays in a spanning tree instance can be affected by its
priority. A port on an MSTP-enabled switch can have different port priorities and play
different roles in different MSTIs. This enables packets of different VLANs to be
forwarded along different physical paths, implementing VLAN-based load balancing.
Changes of port priorities can cause MSTP to redetermine the roles of ports, resulting
in state transition of ports.
Related Command
stp port priority
748 stp interface root-protection

Command Reference
stp interface root-protection

Purpose
Use the stp interface root-protection command to enable the root

protection function for specified ports.
Use the undo stp interface root-protection command to restore the
default operation state of the root protection function.
Syntax
stp interface interface-list root-protection

undo stp interface interface-list root-protection
Parameters
interface-list

interface-num }


Default
By default, the root protection function is disabled.
Example
To enable the root protection function on GigabitEthernet1/0/1 port, enter the

following:
[S4200G] stp interface GigabitEthernet 1/0/1 root-protection
View
System view

Command Reference
Description
stp interface root-protection 749
Configuration errors and malicious attacks may cause legal root bridges to receive
BPDUs of higher priorities, and give up their roles as root bridges, which means
network topology jitters. In this case, flows that should travel along high-speed links
may be led to low-speed links, and network congestions may occur.
You can avoid this problem by utilizing the root protection function. Ports with this
function enabled can retain their roles in all spanning tree instances. When such a
port receives BPDUs of higher priorities, its state is set to discarding and it stops
forwarding any packets as if the connected link were down. Only when it receives no
BPDUs of higher priorities in a specified period, does it resumes its normal state.
CAUTION:
valid at a time.
Related Command
stp root-protection
750 stp interface transmit-limit

Command Reference
stp interface transmit-limit

Purpose
Use the stp interface transmit-limit command to set the maximum

number of BPDUs that each specified port can send within a Hello time interval.
Use the undo stp interface transmit-limit command to restore the
default.
Syntax
stp interface interface-list transmit-limit packetnum

undo stp interface interface-list transmit-limit
Parameters
interface-list

interface-num }

packetnum
Example

Specifies the maximum number of BPDUs that the

ports can send within a Hello time interval, also known
as maximum transmission speed. Valid values are 1 to
To set the maximum transmitting speed of GigabitEthernet1/0/3 port to 5, enter the

following:
[S4200G] stp interface GigabitEthernet 1/0/3 transmit-limit 5
View
System view

Command Reference
stp interface transmit-limit 751
Description
A larger packetnum value means a greater number of packets can be transmitted in

each Hello time interval and more switch resources will be consumed. Configure the
packetnum argument to a proper value to limit the number of BPDUs sent in each
Hello time interval, preventing MSTP from occupying too much network resources
when network topology jitters occur.
Related Command
stp transmit-limit
752 stp loop-protection

Command Reference
stp loop-protection
Purpose
Use the stp loop-protection command to enable the loop prevention function
for the current port.
Use the undo stp loop-protection command to restore the default operation
state of the loop prevention function.
Syntax
stp loop-protection
undo stp loop-protection
Parameters
None
Default
By default, the loop prevention function is disabled.
Example
To enable the loop prevention function on GigabitEthernet1/0/1 port, enter the

following:
[S4200G-GigabitEthernet1/0/1] stp loop-protection
View
Ethernet Port view

Command Reference
stp max-hops 753
stp max-hops
Purpose
Use the stp max-hops command to set the maximum hop count of the MST region
to which the switch belongs.
Use the undo stp max-hops command to restore the default.
Syntax
stp max-hops hops

undo stp max-hops
Parameters
hops
Default
. The default maximum hops value of an MST region is 20.
Example
To set the maximum hops of the current MST region to 35, enter the following:
Specifies the maximum hop count. Valid values are 1

to 40. If not specified, the default is 20.
[S4200G] stp max-hops 35
View
Description
System view
The maximum hop count configured on the region root for an MST region is used to
limit the size of the MST region.
A BPDU contains a hop counter field. In a MST region, after a BPDU leaves the root
bridge, its hop counter decreases by 1 whenever it is forwarded by a switch; once its
hop counter reaches 0, it is dropped. Such a mechanism disables the switches that are
beyond the maximum hop count from participating in spanning tree calculation, and
thus limits the size of an MST region.
With such a mechanism, once a switch becomes the root bridge of a CIST or MSTI,
the maximum hop count configured on it determines the network diameter of the
spanning tree and limits the size of the spanning tree. The switches that are not the
root bridge in an MST region adopts the maximum hop count configured on the root
bridge.
754 stp mcheck

Command Reference
stp mcheck
Purpose
Use the stp mcheck command to perform the mCheck operation for the current
port.
Syntax
stp mcheck
Parameters
None
Example
To perform the mCheck operation on GigabitEthernet1/0/1 port, enter the following:

[S4200G-GigabitEthernet1/0/1] stp mcheck
View
Description
Ethernet Port view
System view
A port on an MSTP-enabled switch automatically toggles to the STP/RSTP mode when

an STP-/RSTP-enabled switch is connected to it. But when the STP-/RSTP-enabled
switch is disconnected from the port, the port cannot automatically toggle back to
the MSTP mode and still remains in the STP/RSTP mode.
In this case, you can force the port to toggle to the MSTP mode by performing the
mCheck operation on the port.
Related Commands
stp mode

Command Reference
stp mode 755
stp mode
Purpose
Use the stp mode command to set the MSTP operation mode of the switch.
Use the undo stp mode command to restore the default MSTP operation mode.
Syntax
stp mode { stp | rstp | mstp }

undo stp mode
Parameters
stp
Specifies the MSTP to operate in STP mode.
mstp
Specifies the MSTP to operate in MSTP mode.
rstp
Specifies the MSTP to operate in RSTP mode.
Default
By default, a switch operates in MSTP mode.
Example
To configure the switch to operate in STP mode, enter the following:

[S4200G] stp mode stp
View
Description
Related Commands
System view
To make a switch compatible with STP/RSTP, MSTP provides another two operation
modes besides the MSTP mode: STP and RSTP. When a switch operates in STP mode,
the packets sent by the ports of the switch are STP BPDUs. When a switch operates in
RSTP mode, the packets sent by the ports of the switch are RSTP BPDUs. And when a
switch operates in MSTP mode, the packets sent by the ports of the switch are MSTP
BPDUs. When a switch detects that STP-/RSTP-enabled switches are connected to its
ports, the corresponding ports change to operate in STP/RSTP mode automatically.
stp
stp interface
stp mcheck
756 stp no-agreement-check

Command Reference
stp no-agreement-check
Purpose
Use the stp no-agreement-check command to enable the rapid transition

feature on the current port.
Use the stp no-agreement-check command to disable the rapid transition
feature.
Syntax
undo stp no-agreement-check
Parameters
None
Default
By default, the rapid transition feature is disabled on any port.
Example
To enable the rapid transition feature on GigabitEthernet1/0/1 port, enter the

following:
[S4200G]interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1]stp no-agreement-check
View
Description
Ethernet Port view
Some partners' switches adopt proprietary spanning tree protocols that are similar to
RSTP in the way to implement rapid transition on designated ports. When a switch of
this kind operates as the upstream switch of an S5100-EI series switch running MSTP,
the upstream designated port fails to change their states rapidly.
The rapid transition feature is developed to resolve this problem. When an S5100-EI
series switch running MSTP is connected in the upstream direction to a partner's
switch running proprietary spanning tree protocol, you can enable the rapid transition
feature on the ports of the S5100-EI series switch operating as the downstream
switch. Among these ports, those operating as the root ports will then send
agreement packets to their upstream ports after they receive proposal packets from
the upstream designated ports, instead of waiting for agreement packets from the
upstream switch. This enables designated ports of the upstream switch to change
their states rapidly.
Note: Enable the rapid transition feature on root ports or alternate ports only.
Related Command

Command Reference
stp pathcost-standard 757
stp pathcost-standard
Purpose
Use the stp pathcost-standard command to set the standard used for
calculating the default path costs of ports.
Use the undo stp pathcost-standard command to restore the default
standard.
Syntax
stp pathcost-standard { dot1d-1998 | dot1t | legacy }

undo stp pathcost-standard
Parameters
dot1d-1998
Specifies the IEEE 802.1D-1998 standard to calculate

the default path costs for ports.
dot1t
Specifies the IEEE 802.1t standard to calculate the

default path costs for ports.
legacy
Specifies the standard defined by 3Com to calculate

the default path costs for ports.
Default
By default, the switch uses the legacy standard to calculate the default path costs of
ports
Example
To configure the switch to use the IEEE 802.1D-1998 standard to calculate the default
path costs of its ports, enter the following:
[S4200G] stp pathcost-standard dot1d-1998
To configure the switch to use the IEEE 802.1t standard to calculate the default path
costs of its ports, enter the following:
[S4200G] stp pathcost-standard dot1t
View
System view
758 stp pathcost-standard
Description

Command Reference
The following table lists transmission speeds and their corresponding path costs.
Table 112 Transmission speeds and the corresponding path costs
Standard
defined by
3Com
Transmission
speed
Operation mode
(half-/full-duplex)
802.1D-1998
IEEE 802. 1t
65,535
200,000,000 200,000
10 Mbps
Half-Duplex
100
2,000,000
2,000
Full-Duplex
99
1,999,999
2,000
Aggregated Link 2 Ports 95
1,000,000
1,800
666,666
1,600
500,000
1,400
Half-Duplex
19
200,000
200
Full-Duplex
18
199,999
200
100,000
180
66,666
160
50,000
140
Full-Duplex
20,000
20
10,000
18
6,666
16
5,000
14
Full-Duplex
2,000
1,000
666
500
100 Mbps
1,000 Mbps
10 Gbps
Normally, the path cost of a port in full-duplex mode is slightly less than that of the
port in half-duplex mode.
When calculating the path cost of an aggregate link, the 802.1D-1998 standard does
not take the number of the aggregated links into account, whereas the 802.1T
standard does so by using the following equation:
Path cost = 200,000,000/link transmission speed
Where, the link transmission speed is the sum of the speeds of the unblocked ports
for the aggregate link measured in 100 kbps units.

Command Reference
stp point-to-point 759
stp point-to-point
Purpose
Use the stp point-to-point command to specify whether the port must
connect to point-to-point link.
Use the undo stp point-to-point command to restore the default setting.
Syntax
stp point-to-point { force-true | force-false | auto }

undo stp point-to-point
Parameters
force-true
Specifies that the link connected to the current

Ethernet port is a point-to-point link
force-false
Specifies that the link connected to the current

Ethernet port is not a point-to-point link.
auto
Specifies to automatically determine whether or not

the link connected to the current Ethernet port is a
point-to-point link
Default
If no keyword is specified in the stp point-to-point command, the auto keyword is

used by default, and so MSTP automatically determines the type of the link connected
to the current port.
Example
To configure the link connected to GigabitEthernet1/0/3 port as a point-to-point link,

[S4200G-GigabitEthernet1/0/3] stp point-to-point force-true
View
Description
Ethernet Port view
The rapid transition feature is not applicable to ports that are connected to
non-point-to-point links.
If an Ethernet port is the master port of an aggregation port or operates in full-duplex
mode, then the link to which the port is connected is a point-to-point link. It is
recommended that you specify the auto keyword in the stp interface
point-to-point command for links of this kind to enable the type of the links
being automatically determined by MSTP.
These two commands only apply to CISTs and MSTIs. If you configure the link to
which a port is connected is a point-to-point link (or a non-point-to-point link), the
configuration applies to all spanning tree instances (that is, the port is configured to
760 stp point-to-point

Command Reference
connect to a point-to-point link [or a non-point-to-point link] in all spanning tree

instances). If the actual physical link is not a point-to-point link and you configure the
link to which the port is connected to be a point-to-point link, loops may temporarily
occur.
Related Command

Command Reference
stp port priority 761
stp port priority

Purpose
Use the stp port priority command to set the priority of the current port in a
specified spanning tree instance.
Use the undo stp port priority command to restore the default priority.
Syntax
stp [ instance instance-id ] port priority priority

undo stp [ instance instance-id ] port priority
Parameters
instance-id

port priority priority
Specifies the priority for the port. Valid values are 0 to

240 but must be a multiple of 16 (such as 0, 16, and
32). If not specified, the default port priority is 128.
Example
To set the port priority of GigabitEthernet1/0/3 port in spanning tree instance 2 to 16,
[S4200G-GigabitEthernet1/0/3] stp instance 2 port priority 16
View
Ethernet Port view
Description
If you specify the instance-id argument to be 0 or do not specify the argument, these
two commands apply to the port priorities on the CIST. The role a port plays in a
spanning tree instance is determined by the port priority in the instance. A port on a
MSTP-enabled switch can have different port priorities and play different roles in
different MSTIs. This enables packets of different VLANs to be forwarded along
different physical paths, so as to achieve load balancing by VLANs. Changing port
priorities result in port roles being re-determined and may cause state transitions.
Related Command
762 stp priority

Command Reference
stp priority
Purpose
Use the stp priority command to set the priority of a switch in a spanning tree
instance.
Use the undo stp priority command to restore the default priority of a switch.
Syntax
stp [ instance instance-id ] priority priority

undo stp [ instance instance-id ] priority
Parameters
instance-id

priority
Specifies t he priority for the switch. Valid values are 0

to 61,440 but must be a multiple of 4,096 (such as 0,
4096, and 8192). The total number of switch priorities
is 16.
Default
The default priority of a switch is 32,768.
Example
To set the priority of the switch in spanning tree instance 1 to 4,096, enter the
following:
[S4200G] stp instance 1 priority 4096
View
Description
System view
The priorities of switches are used for spanning tree generation. Switch priorities are
spanning tree-specific. That is, you can set different priorities for the same switch in
different spanning tree instances.
If you do not specify the instance-id argument, the configuration applies to the
CIST.

Command Reference
stp region-configuration 763
Purpose
Use the stp region-configuration command to enter MST region view.

Use the undo stp region-configuration command to restore the default
MST region settings.
Syntax
undo stp region-configuration
Parameters
None
Default
The three MST region settings default to:
Example
MST region name: the first MAC address of the switch.
All VLANs are mapped to the CIST.
MSTP revision level: 0.
To enter MST region view, enter the following:

[S4200G-mst-region]
View
Description
System view
MST region-related settings include: region name, revision level, and VLAN mapping
table. The three MST region-related settings default to:
MST region name: The first MAC address of the switch
VLAN mapping table: All VLANs are mapped to the CIST.
MSTP revision level: 0
And you can modify the three settings after entering MST region view by using the
stp region-configuration command.
764 stp root primary

Command Reference
stp root primary

Purpose
Use the stp root primary command to configure the current switch to be the
root bridge of a specified spanning tree instance.
Use the undo stp root command to cancel the configuration.
Syntax
stp [ instance instance-id ] root primary [ bridge-diameter bridgenum ]

[ hello-time centi-seconds ]
undo stp [ instance instance-id ] root
Parameters
Default
instance-id

bridgenum
Specifies the network diameter of the specified

spanning tree. Valid values are 2 to 7.
centi-seconds
Specifies the hello time of the specified spanning tree

in centiseconds. Valid values are 100 to 1,000.
By default, a switch does not operate as a root bridge.

CIST.
Example
To configure the current switch as the root bridge of spanning tree instance 1, setting
the network diameter of the switched network to 4, and the Hello time to 500
centiseconds, enter the following:
[S4200G] stp instance 1 root primary bridge-diameter 4 hello-time 500
View
Description
System view
You can specify the current switch as the root bridge of a spanning tree instance
regardless of the priority of the switch. You can also specify the network diameter of
the switched network by using the stp root primary command. The switch will
then figure out the following three time parameters: Hello time, Forward delay, and
Max age. As the Hello time figured out by the network diameter is not always the
optimal one, you can set it manually through the hello-time keyword. Normally, you
are recommended to set the network diameter and leave the Forward delay and Max
age parameters being automatically determined by the network diameter you set.

Command Reference
stp root primary 765
CAUTION:
You can configure only one root bridge for a spanning tree instance and can
configure one or more secondary root bridges for a spanning tree instance.
Configuring multiple root bridges for a spanning tree instance causes
unpredictable results.
Once a switch is configured to be the root bridge or a secondary root bridge, its
priority cannot be modified.
766 stp root-protection

Command Reference
stp root-protection
Purpose
Use the stp root-protection command to enable the root protection function
for the current port.
Use the undo stp root-protection command to restore the default operation
state of the root protection function.
Syntax
stp root-protection
undo stp root-protection
Parameters
None
Default
By default, the root protection function is disabled.
Example
To enable the root protection function on GigabitEthernet1/0/1 port, enter the

following:
[S4200G-GigabitEthernet1/0/1] stp root-protection
View
Description
Ethernet Port view
Configuration errors and malicious attacks may cause legal root bridges to receive
BPDUs of higher priorities, and give up their roles as root bridges, which means
network topology jitters. In this case, flows that should travel along high-speed links
may be led to low-speed links, and network congestions may occur.
You can avoid this problem by utilizing the root protection function. Ports with this
function enabled can retain their roles in all spanning tree instances. When such a
port receives BPDUs of higher priorities, its state is set to discarding and it stops
forwarding any packets as if the connected link were down. Only when it receives no
BPDUs of higher priorities in a specified period, does it resumes its normal state.
Related Command

Command Reference
stp root secondary 767
stp root secondary

Purpose
Use the stp root secondary command to configure the current switch as a
secondary root bridge of a specified spanning tree instance.
Use the undo stp root command to cancel the configuration.
Syntax
stp [ instance instance-id ] root secondary [ bridge-diameter bridgenum

] [ hello-time centi-seconds ]
undo stp [ instance instance-id ] root
Parameters
Default
instance-id

bridgenum
Specifies the network diameter of the specified

spanning tree. Valid values are 2 to 7. If not specified,
the default is 7.
centi-seconds
Specifies the hello time of the specified spanning tree

in centiseconds. Valid values are 100 to 1,000. If not
specified, the default is 200.
By default, a switch does not operate as a secondary root bridge.

CIST.
Example
To configure the current switch to be a secondary root bridge of spanning tree

instance 4, setting the network diameter of the switched network to 5 and the Hello
time to 300 centiseconds, enter the following:
[S4200G] stp instance 4 root secondary bridge-diameter 5 hello-time 300
View
Description
System view
You can configure one or more secondary root bridges for a spanning tree instance. If
the switch operating as the root bridge fails or is turned off, the secondary root
bridge with the smallest MAC address becomes the root bridge.
You can also specify the network diameter and the Hello time of the switch while
specifying a switch to be a secondary root bridge. The switch will then figures out the
other two correlated settings (that is, the Forward delay and Max age). You can
configure only one root bridge for a spanning tree instance and can configure one or
more secondary root bridges for a spanning tree instance.
768 stp root secondary

Command Reference
Once a switch is configured to be the root bridge or a secondary root bridge, its
priority cannot be modified.

Command Reference
stp tc-protection 769
stp tc-protection
Purpose
Use the stp tc-protection command to enable or disable the TC-BPDU attack
prevention function for the switch.
Syntax
stp tc-protection { enable | disable }
Parameters
None
Default
By default, the TC-BPDU attack prevention function is enabled.
Example
To enable the TC-BPDU attack prevention function for the switch, enter the following:
[S4200G] stp tc-protection enable
View
Description
System view
A switch removes MAC address entries and ARP entries upon receiving TC-BPDUs. If a
malicious user sends large amounts of TC-BPDUs to a switch in a short period, the
switch may be busy removing MAC address entries and ARP entries, which may
decrease the performance of the switch and introduce potential stability risks.
With the TC-BPDU attack prevention function enabled, a switch performs removing
operation only once in a specified period (10 seconds by default) after it receives a
TC-BPDU. The switch also checks to see if other TC-BPDUs arrive and performs
another removing operation in the next period if a TC-BPDU is received. Such a
mechanism prevents a switch from being busy removing address entries and ARP
entries.
770 stp timer-factor

Command Reference
stp timer-factor
Purpose
Use the stp timer-factor command to set the timeout time of a switch in terms
of the multiple of the Hello time.
For example, with the number argument set to 3, the timeout time is three times of
the Hello time.
Use the undo stp timer-factor command to restore the default.
Syntax
stp timer-factor number

undo stp timer-factor
Parameters
number
Example
To set the Hello time factor to 7, enter the following:
Specifies the timeout time factor. Valid values are 1 to

[S4200G] stp timer-factor 7
View
Description
System view
A switch sends protocol packets to its neighboring devices in the specified Hello time
interval to test the connectivity of links. Normally, if a switch does not receive any
protocol packets from its upstream switch in a period three times of the Hello time, it
assumes that the upstream switch is down and recalculates the spanning trees.
Spanning tree recalculation may also occur in a very stable network where certain
upstream switches are busy. In this case, you can increase the timeout time to four or
more times of the Hello time. For stable networks, a timeout time of five to seven
times of the Hello time is recommended.

Command Reference
stp timer forward-delay 771

Purpose
Use the stp timer forward-delay command to set the Forward delay for a
switch.
Use the undo stp timer forward-delay command to restore the default.
Syntax
stp timer forward-delay centi-seconds

undo stp timer forward-delay
Parameters
centi-seconds
Example
To set the Forward delay to 2,000 centiseconds, enter the following:
Forward delay in centiseconds. Valid values are 400 to

3,000. If not specified, the default is 1,500.
[S4200G] stp timer forward-delay 2000
View
Description
System view
To prevent temporary loops while ports change their states, each port undergoes an
intermediate period when it changes from the discarding state to the forwarding
state to allow for synchronizing with the remote switches. This intermediate period is
determined by the Forward delay configured on the root bridge.
The Forward delay setting configured for a root bridge applies to all switches
operating in the spanning tree instance, including the root bridge.
As for the configuration of the three time-related parameters (that is, the Hello time,
Forward delay, and Max age parameters), you can refer to the following expressions
to prevent networks from jittering frequently.
2 * (Forward delay 1 second) >= Max age,
Max age >= 2 * (Hello time + 1 second).
It is recommended that you specify the network diameter and the Hello time
parameter by using the stp root primary or stp root secondary command
in a network with MSTP employed, after which the three optimized time-related
parameters are automatically determined.
772 stp timer forward-delay
Related Commands

Command Reference
stp bridge-diameter
stp timer hello
stp timer max-age

Command Reference
stp timer hello 773
stp timer hello

Purpose
Use the stp timer hello command to set the Hello time for a switch.
Use the undo stp timer hello command to restore the default Hello time.
Syntax
stp timer hello centi-seconds

undo stp timer hello
Parameters
centi-seconds
Example
To set the Hello time to 400 centiseconds, enter the following:
Integer for the Hello time in centiseconds. Valid values

are 100 to 1,000. If not specified, the default is 200.
[S4200G] stp timer hello 400
View
Description
System view
A root bridge regularly sends out configuration BPDUs to maintain the existing
spanning trees. The Hello time is used to set the sending interval. When a switch
becomes a root bridge, it regularly sends BPDUs at the interval specified by the hello
time you have configured on it. While, the other none-root-bridge switches listen to
the BPDUs; if they do not receive a BPDU in a specific period, spanning trees will be
regenerated.
As for the configuration of the three time-related parameters (that is, the Hello time,
Forward delay, and Max age parameters), the following formulas must be met to
prevent network jitter.
2 * (Forward delay 1 second) >= Max age
Max age >= 2 * (Hello time + 1 second)
It is recommended that you specify the network diameter and the Hello time by using
the stp root primary or stp root secondary command. MSTP will then
automatically calculate the optimal values of the three parameters.
Related Commands
stp bridge-diameter
stp timer max-age
774 stp timer max-age

Command Reference
stp timer max-age

Purpose
Use the stp timer max-age command to set the maximum age of a switch.
Use the undo stp timer max-age command to restore the default.
Syntax
stp timer max-age centi-seconds

undo stp timer max-age
Parameters
centi-seconds
Example
To set the maximum age to 1,000 centiseconds, enter the following:
Specifies the maximum age in centiseconds. Valid

values are 600 to 4,000. If not specified, the default is
2,000.
[S4200G] stp timer max-age 1000
View
Description
System view
MSTP is capable of detecting link problems and automatically setting redundant links
to forwarding state. In a CIST, the Max age is the criterion for switches to judge
whether or not a received BPDU is timed out. And spanning trees will be regenerated
if a BPDU received by a port is timed out.
The Max age argument is meaningless to MSTIs. All switches in a CIST uses the Max
age configured for the root bridge of the CIST to judge whether a BPDU is timed out.
The settings of the three MSTP time parameters must satisfy the following expressions
to prevent frequent network jitters:
2 * (Forward delay 1 second) >= Max age
Max age >= 2 * (Hello time + 1 second)
It is recommended that you specify the network diameter and the Hello time by using
the stp root primary or stp root secondary command. MSTP will then
automatically calculate the optimal values of the three parameters.
Related Commands
stp bridge-diameter
stp timer hello

Command Reference
stp transmit-limit 775
stp transmit-limit
Purpose
Use the stp transmit-limit command to set the maximum number of

configuration BPDUs the current port can transmit within a Hello time.
Use the undo stp transmit-limit command to restore the default.
Syntax
stp transmit-limit packetnum

undo stp transmit-limit
Parameters
packetnum
Example
To set the maximum number of configuration BPDUs that can be transmitted by the
GigabitEthernet1/0/1 port in each Hello time to 5, enter the following:
Specifies the maximum number of BPDUs that the port

can transmit within a Hello time interval. Valid values
are 1 to 255. If not specified, the default is 3.
[S4200G-GigabitEthernet1/0/1] stp transmit-limit 5
View
Ethernet Port view
Description
A larger number configured by the stp transmit-limit command allows more

configuration BPDUs can be transmitted in each Hello time, which may occupy more
switch resources. So configure it to a proper value to avoid MSTP from occupying too
many network resources.
Related Command
776 super

Command Reference
super
Purpose
Use the super command to switch the current user level to the one identified by the
level argument.
Syntax
super [ level ]
Parameters
level
Specifies a user level. Valid values are 0 to 3.

Example
Switch to user level 3.

<S4200G> super 3
Password:
View
Description
User view
If a password is previously set by using the super password [ level level ] {

simple | cipher } password command, you need to provide the password, as well,
to switch to the higher user level. You will remain in the original user level if you fail to
provide the correct password.
Note:
Related Command
Users logging into a switch also fall into four levels, each of which corresponding
to one of the command levels. Users at a specific level can only use the commands
at the same level and the commands at the lower levels.
You can specify an AUX user to provide a password when he switches from a
lower user level to a higher user level and specify the password by using the
super password [ level level ] { simple | cipher } password
command. With a password configured, an AUX user remains in the original user
level if the password provided is incorrect when the AUX user attempts to switch
to a higher user level. If the password is not configured, an AUX user can switch to
a higher user level directly.
A password is necessary for a VTY user to switch to a higher user level. You can
use the super password [ level level ] { simple | cipher } password
command to set the password. With the password not configured, a VTY user fails
to switch to a higher user level and is prompted the message reading Password is
not set.
An AUX user or a VTY user can switch to a lower user level directly regardless of
the password.
super password

Command Reference
super 777
778 super password

Command Reference
super password
Purpose
Use the super password command to set the password for users to switch to a
higher user level.
Use the undo super password command to cancel the configuration.
Syntax
super password [ level level ] { simple | cipher } password

undo super password [ level level ]
Parameters
level
User level. Valid values for this argument are 1 to 3. If

not specified, the is 3. If you execute this command
with the level argument not provided, this
command sets the password to switch to level 3.
simple
Specifies to provide the password in plain text.
cipher
Specifies to provide the password in encrypted text.
password
Password to be set. If you specify the simple keyword,

provide this argument in plain text. If you specify the
cipher keyword, you can provide this argument in
either encrypted text or plain text. In this case, a
password containing no more than 16 characters (such
as 123) is regarded to be in plain text and is converted
to the corresponding 24-character encrypted form (
such as !TP<\*EMUHL,408`W7TH!Q!!) automatically.
You can also provide a 24-character encrypted
password directly if you are aware of the actual
password.
No matter what form of the password (plain text or encrypted text) is in, the
password entered for verification must be in plain text.
Example
Set the password to switch from the current user level to user level 3 to zbr.
[S4200G] super password level 3 simple zbr
View
Description
System view
To prevent unauthorized accesses, you can use this command to require users to
provide the password when they switch to a higher user level. For security purpose,
the password a user enters when switching to a higher user level is not displayed. A
user will remain at the original user level if the user has tried three times to enter the
correct password but fails to do this.

Command Reference
super password 779
780 sysname

Command Reference
sysname
Purpose
Use the sysname command to set a domain name for the switch.
Use the undo sysname command to restore the default domain name.
Syntax
sysname text
undo sysname
Parameters
text
Example
Set the domain name of the switch to "ABC".
Specifies the host/domain name of the switch. The

host/domain name must be no more than 30
characters long.
If not specified, the default host name is S4200G.
<S4200G>system-view
[S4200G]sysname ABC
[ABC]
View
Description
System view
The CLI prompt reflects the domain name of a switch. For example, if the domain
name of a switch is "S4200G", then the prompt of user view is <S4200G>.

Command Reference
sysname 781
sysname
Purpose
Use the sysname command to set the system name of the Switch.
Use the undo sysname command to restore the default value of the system name.
Syntax
sysname sysname
undo sysname
Parameters
sysname
Default
By default, the system name of the Switch is 3Com.
Example
Set the system name of the Ethernet switch to S4200GLANSwitch.
Specifies the system name, comprised of a character

string from1 to 30 characters long.
[S4200G] sysname S4200GLANSwitch
[S4200GLANSwitch]
View
Description
System view
Changing the system name of the Switch will affect the prompt of the command line
interface. For example, the system name of the Switch is 4200G, and the prompt in
user view is <S4200G>.
782 system-view

Command Reference
system-view
Purpose
Enter system-view to enter the system view from the user view.
Syntax
system-view
Parameters
None
Example
To enter system view from user view, enter the following:

[S4200G]
View
Related Commands
User view
quit
return

Command Reference
tcp timer fin-timeout 783
tcp timer fin-timeout

Purpose
Use the tcp timer fin-timeout command to configure the TCP finwait timer.
Use the undo tcp timer fin-timeout command to restore the default value of the
TCP finwait timer.
Syntax
tcp timer fin-timeout time-value

undo tcp timer fin-timeout
Parameters
time-value
Example
To configure the TCP finwait timer value as 800 seconds, enter the following:
Specifies the TCP finwait timer value in seconds. Valid

<S4200G>system-view
[S4200G]tcp timer fin-timeout 800
View
Description
Related Commands
System view
When the TCP connection state changes from FIN_WATI_1 to FIN_WAIT_2, the
finwait timer is enabled. If the switch does not receive FIN packet before finwait timer
timeouts, the TCP connection is terminated.
tcp timer syn-timeout
tcp window
784 tcp timer syn-timeout

Command Reference

Purpose
Use the tcp timer syn-timeout command to configure the TCP synwait timer.
Use the undo tcp timer syn-timeout command to restore the default value of the
timer.
Syntax
tcp timer syn-timeout time-value

undo tcp timer syn-timeout
Parameters
time-value
Example
To configure the TCP synwait timer value as 80 seconds, enter the following:
Specifies the TCP synwait timer value measured in

seconds. Valid values are 2 to 600.
If not specified, the default time-value is 75 seconds.
<S4200G>system-view
[S4200G]tcp timer syn-timeout 80
View
Description
Related Commands
System view
When a SYN packet is sent, TCP starts the synwait timer. If no response packet is
received before the synwait timer times out, the TCP connection is terminated.
tcp window

Command Reference
tcp window 785
tcp window
Purpose
Use the tcp window command to configure the size of the transmission and receiving
buffers of the connection-oriented socket.
Use the undo tcp window command to restore the default size of the buffer.
Syntax
tcp window window-size

undo tcp window
Parameters
window-size
Example
To configure the size of the transmission and receiving buffers as 3 KB, enter the
following:
Specifies the size of the transmission and receiving

buffers measured in kilobytes (KB). Valid values are 1 to
32.
If not specified, the default window-size is 8 KB.
<S4200G>system-view
[S4200G]tcp window 3
View
Related Commands
System view
786 telnet

Command Reference
telnet
Purpose
Use the telnet command to log in to another Ethernet switch from the current
switch via Telnet for remote management.
Syntax
telnet { hostname | ip-address } [ service-port ]
Parameters
hostname
Specifies the host name of the remote Switch. You can

use the ip host command to assign a host name to a
switch.
ip-address
Specifies the IP address or the host name of the remote

Switch.
If you enter the host name, the Switch must be set to
static resolution.
service-port
Example
Designates the TCP port number of the port that

provides Telnet service on the switch. Valid values are 0
to 65535.
If not specified, the default Telnet port number of 23 is
used.
Telnet to the switch with the host name of S4200G2 and IP address of 129.102.0.1
from the current switch (with the host name of S4200G1).
<S4200G1> telnet 129.102.0.1
<S4200G2>
View
User view
Description
Use the telnet command to Telnet to another switch from the current switch to
manage the former remotely. You can terminate a Telnet connection by pressing
<Ctrl+K> or <Ctrl+]>.
Related Command
display tcp status

Command Reference
terminal debugging
Purpose
Use the terminal debugging command to configure to display the debugging

information on the terminal.
Use the undo terminal debugging command to configure not to display the
debugging information on the terminal.
Syntax
terminal debugging
undo terminal debugging
Parameters
None
Default
By default, the debug displaying function is disabled.
Example
Enable debug terminal display.

<S4200G> terminal debugging
View
Related Command
User view
debugging
788 terminal debugging

Command Reference
terminal debugging
Purpose
Use the terminal debugging command to configure to display the debugging

information on the terminal.
Use the undo terminal debugging command to configure not to display the
debugging information on the terminal.
Syntax
terminal debugging
undo terminal debugging
Parameters
None
Default
By default, the displaying function is disabled.
Example
Enable the terminal display debugging.

<S4200G> terminal debugging
View
Related Command
User view
debugging

Command Reference
terminal logging 789
terminal logging
Purpose
Use the terminal logging command to enable log terminal display.

Use the undo terminal logging command to disable log terminal display.
Syntax
terminal logging
undo terminal logging
Parameters
None
Default
By default, log terminal display is enabled for console users and disabled for terminal
users.
Example
Disable log terminal display.

<S4200G> undo terminal logging
View
User view
790 terminal monitor

Command Reference
terminal monitor
Purpose
Use the terminal monitor command to enable the debug/log/trap terminal display
function.
Use the undo terminal monitor command to disable the function.
Syntax
terminal monitor
undo terminal monitor
Parameters
None
Default
By default, this function is enabled for the console user but disabled for terminal
users.
Example
Disable terminal display.

<S4200G> undo terminal monitor
View
Description
User view
This command works only on the current terminal. Only after the command has been
executed in user view, can the debug/log/trap information be output on the current
terminal. Disabling the function has the same effect as executing the following three
commands: undo terminal debugging, undo terminal logging and undo terminal
trapping. That is, no debug/log/trap information will be displayed on the current
terminal. If the function is enabled, you can run the terminal debugging/undo
terminal debugging, terminal logging/undo terminal logging or terminal
trapping/undo terminal trapping command to enable or disable debug/log/trap
terminal output respectively.

Command Reference
terminal trapping 791
terminal trapping
Purpose
Use the terminal trapping command to enable terminal trap information display.
Use the undo terminal trapping command to disable trap terminal display.
Syntax
terminal trapping
undo terminal trapping
Parameters
None
Default
By default, this function is enabled.
Example
Enable trap terminal display.

<S4200G> terminal trapping
View
User view
792 tftp

Command Reference
tftp
Purpose
Use the tftp command to set the TFTP data transfer mode.
Syntax
tftp { ascii | binary }
Parameters
ascii
Transfers data in the ASCII mode.
binary
Transfers data in the binary mode.
Default
By default, the binary mode is adopted.
Example
Specify to adopt the ASCII mode.

[S4200G] tftp ascii
TFTP transfer mode changed to ASCII.
View
System view

Command Reference
tftp cluster get 793
tftp cluster get

Purpose
Use the tftp cluster get command to download a specified file from a cluster
TFTP server.
Syntax
tftp cluster get source-file [ destination-file ]
Parameters
source-file
Directory and the name of the file to be downloaded

on the cluster TFTP server.
destination-file
Local directory and the file name which the

downloaded file is to be saved as.
Example
Download the file named LANSwitch.app from the cluster TFTP server and save it as
vs.app.
<123_1.S4200G> tftp cluster get LANSwitch.app vs.app
View
Related Command
User view
tftp cluster put
794 tftp cluster put

Command Reference
tftp cluster put

Purpose
Use the tftp put command to upload a specified file to a specified directory of a
cluster TFTP server.
Syntax
tftp cluster put source-file [ destination-file ]
Parameters
source-file
Directory and the name of the file to be uploaded.
destination-file
Remote directory and the file name which the

uploaded file is to be saved as.
Example
Upload the local file named vrpcfg.txt to the cluster TFTP server and save it as
Temp.txt.
<123_1.S4200G> tftp cluster put vrpcfg.txt temp.txt
View
Related Command
User view
tftp cluster get

Command Reference
tftp get 795
tftp get
Purpose
Use the tftp get command to download a file from a TFTP server to this switch.
Syntax
tftp tftp-server get source-file [ dest-file ]
Parameters
tftp-server
IP address or host name of a TFTP server.
source-file
Name of the file which will be downloaded from the

TFTP server.
dest-file
Name of the file to which the downloaded file will be

saved on the switch.
Example
Download the file named abc.txt from the TFTP server whose IP address is 1.1.1.1 and
save it as efg.txt.
<S4200G>tftp 1.1.1.1 get abc.txt efg.txt
File will be transferred in binary mode.
Downloading file from remote tftp server, please wait......
TFTP:
35 bytes received in 0 second(s).
File downloaded successfully.
View
Related Command
User view
tftp put
796 tftp put

Command Reference
tftp put
Purpose
Use the tftp put command to upload a file from the switch to the specified directory
on the TFTP server.
Syntax
tftp tftp-server put source-file [ dest-file ]
Parameters
tftp-server
IP address or host name of the TFTP server. The name

of the TFTP server should be a string from 1 to 20
characters long.
source-file
Name of the file to be uploaded to the TFTP server.
dest-file
Specifies the file name of the destination file that will

be saved on the TFTP server.
Example
Upload the file named vrpcfg.txt to the TFTP server whose IP address is 1.1.1.1 and
save it as temp.txt.
<S4200G>tftp 1.1.1.1 put vrpcfg.cfg temp.cfg
File will be transferred in binary mode.
Copying file to remote tftp server. Please wait... /
TFTP:
962 bytes sent in 0 second(s).
File uploaded successfully.
View
Related Command
User view
tftp get

Command Reference
tftp-server 797
tftp-server
Purpose
Use the tftp-server command to configure a TFTP server for cluster members on
the management device.
Use the undo tftp-server command to cancel the TFTP server configuration.
Syntax
tftp-server ip-address
undo tftp-server
Parameters
ip-address
Default
By default, no TFTP server is configured.
IP address of TFTP server configured for the cluster.
Only after you assign an IP address for TFTP server of the cluster, member devices can
access it through the management device.
Example
Configure a TFTP server on the management device.

[aaa_0.S4200G-cluster] tftp-server 1.0.0.9
View
Description
Cluster view
You need to configure the IP address of a TFTP server first for the member devices in a
cluster to access the TFTP server through the management device.
Execute these two commands on management devices only.
798 tftp-server acl

Command Reference
tftp-server acl
Purpose
Use the tftp-server acl command to specify the ACL (Access Control List)
adopted for the connection between a TFTP client and a TFTP server.
Use the undo tftp-server acl command to cancel all ACLs adopted.
Syntax
tftp-server acl acl-number

undo tftp-server acl
Parameters
acl-number
Example
Specify to adopt ACL 2000 on the TFTP client.
The Basic ACL number. Valid values are 2000 to 2999.
[S4200G] tftp-server acl 2000
The ACL number is not existent or contains no rule. Continue? [Y/N] y
[S4200G]
View
System view

Command Reference
time-range 799
time-range
Purpose
Use the time-range command to define a time range.

Use the undo time-range command to delete a time range.
Use the undo time-range all command to delete all time ranges.
Syntax
time-range time-name { start-time to end-time days-of-the-week [ from

start-time start-date ] [ to end-time end-date ] | from start-time
start-date [ to end-time end-date ] | to end-time end-date }
undo time-range {time-name [ start-time to end-time days-of-the-week [
from start-time start-date ] [ to end-time end-date ] | from start-time
start-date [ to end-time end-date ] | to end-time end-date ] | all }
Parameters
time-name
Name of a special time range to be referenced.
start-time
Start time of the special time range, format as hh:mm.

Optional argument.
end-time
End time of the special time range, format as hh:mm.

Optional argument.
days-of-the-week
Means the special time is effective on a specified day

every week. You can input the following parameters:
Numbers (ranging from 0 to 6)
Monday, Tuesday, Wednesday, Thursday, Friday,

Saturday or Sunday
Working-day, representing 5 working days, from

Monday to Friday
Off-days, representing Saturday and Sunday;
Daily, namely everyday of the week
from start-time start-dateSpecifies the start date of a special time range,
optional. In the form of hh:mm MM/DD/ YYYY,

start-time start-date and end-time end-date jointly
define a date in which the special time range takes
effect.
to end-time end-date
Specifies the end date of a special time range,

optional. In the form of hh:mm MM/DD/ YYYY,
start-time start-date and end-time end-date jointly
define a date on which the special time range takes
effect.
all
Deletes all time ranges.
If the two parameters above are not configured, it means there is no restriction to
time-range.
800 time-range
Example

Command Reference
Define a time range that is effective from 12:00 January 1, 2000 to 12:00 January 1,
2001.
[S4200G] time-range test from 12:00 1/1/2000 to 12:00 1/1/2001
View
Description
System view
The time range defined by means of the time-range command can include absolute
time sections and periodic time sections. The start-time and end-time
days-of-the-week jointly define a periodic time section, while start-time start-date and
end-time end-date jointly define an absolute time section.
If only a periodic time section is defined in a time range, the time range is active only
within the defined periodic time section.
If only an absolute time section is defined in a time, the time range is active only
within the defined absolute time section.
If both a periodic time section and an absolute time section are defined in a time
range, the time range is active only when the periodic time range and the absolute
time range are both matched. Assume that a time range defines an absolute time
section from 00:00 January 1, 2004 to 23:59 December 31, 2004, and a periodic time
section from 12:00 to 14:00 every Wednesday. This time range is active only from
12:00 to 14:00 every Wednesday in 2004.
If you include any argument with the undo time-range command, the system will
delete only the content defined by the argument from the time range.

Command Reference
timer 801
timer
Purpose
Use the timer command to set the interval to send handshake packets.
Use the undo timer command to restore the default interval value.
Syntax
timer interval
undo timer
Parameters
Interval
Example
Configure the interval to send handshake packets to be 3 seconds.
Handshake packet interval. Valid values are 1 to 255

seconds.
[aaa_0.S4200G-cluster] timer 3
View
Description
Cluster view
Inside a cluster, the connections between member devices and the management
device are kept through transmitting handshake packets. Handshake packets in a
cluster enable the management device to acquire the information about member
states link states.
Execute these two commands on management devices only. All the member devices
in a cluster acquire the handshake interval setting from the management device.
802 timer

Command Reference
timer
Purpose
Use the timer command to set the response timeout time of RADIUS server (that is,
the timeout time of the response timeout timer of RADIUS server).
Use the undo timer command to restore the default response timeout timer of
RADIUS server.
Syntax
timer seconds
undo timer
Parameters
seconds
Example
To set the timeout time of the response timeout timer for the RADIUS scheme radius1
to 5 seconds, enter the following:
Sets the response timeout time (in seconds) of RADIUS

server. Valid values are 1 to 10 seconds.
New Radius scheme
[S4200G-radius-radius1] timer 5
View
Description
Related Commands
RADIUS Scheme view
Note:
RADIUS service. This wait time is called response timeout time of RADIUS server;
response timeout timer of RADIUS server. You can use the timer command to set
the timeout time of this timer.
The timer command has the same effect with the timer
response-timeout command.
radius scheme
retry

Command Reference
timer quiet 803
timer quiet
Purpose
Use the timer quiet command to set the wait time for the primary server to
restore the active state.
Use the undo timer quiet command to restore the default wait time.
Syntax
timer quiet minutes

undo timer quiet
Parameters
minutes
Example
To set the wait time for the primary server to restore the active state to 10 minutes,
Specifies the wait time (in minutes) the primary server

waits before restoring the active state. Valid values are
1 to 255 minutes.
New Radius scheme
[S4200G-radius-radius1] timer quiet 10
View
Related Command
RADIUS Scheme view
display radius
804 timer realtime-accounting

Command Reference
Purpose
Use the timer realtime-accounting command to set the real-time accounting

interval.
Use the undo timer realtime-accounting command to restore the default
real-time accounting interval.
Syntax
timer realtime-accounting minutes

undo timer realtime-accounting
Parameters
minutes
Example
To set the real-time accounting interval of the RADIUS scheme radius1 to 51 minutes.
Specifies the real-time accounting interval (in minutes).

Valid values are 3 to 60 minutes in multiples of 3.
If not specified, the default interval is 12 minutes.
New Radius scheme
[S4200G-radius-radius1] timer realtime-accounting 51
View
Description
RADIUS Scheme view
Note:
To charge the users in real time, you should set the interval of real-time
accounting. After the setting, the switch sends the accounting information of
online users to the RADIUS server at regular intervals.
The setting of the real-time accounting interval depends to some degree on the
performance of the switch and the RADIUS server. The higher the performance of
the switch and the RADIUS server is, the shorter the interval can be. You are
recommended to set the interval as long as possible when the number of users is
relatively great (f1000). Table 113 lists the numbers of users and the
corresponding recommended intervals.
Table 113 Numbers of users and corresponding recommended intervals

Number of users
Real-time accounting interval

(minute)
1 to 99
100 to 499
500 to 999
12
f1000
f15

Command Reference
Related Commands
timer realtime-accounting 805
radius scheme
806 timer response-timeout

Command Reference
timer response-timeout
Purpose
Use the timer response-timeout command to set the response timeout time of
RADIUS servers.
Use the undo timer command to restore the default response timeout timer of
RADIUS servers.
Syntax
timer response-timeout seconds

undo timer response-timeout
Parameters
seconds
Example
To set the response timeout time in the RADIUS scheme radius1 to five seconds, enter
the following:
Sets the response timeout time (in seconds) of RADIUS

servers. Valid values are 1 to 10 seconds.
If not specified, the default timeout time is 3 seconds.
New Radius scheme
[S4200G-radius-radius1] timer response-timeout 5
View
Description
Related Commands
RADIUS Scheme view
Note:
RADIUS service. This wait time is called response timeout time of RADIUS servers;
response timeout timer of RADIUS servers. You can use the timer
response-timeout command to set the timeout time of this timer.
This command has the same effect with the timer command.
radius scheme
retry

Command Reference
topology accept 807
topology accept
Purpose
Use the topology accept command to confirm the current topology information
of the cluster and save that as a standard topology.
Use the undo topology accept command to delete the current topology
information of the cluster.
Syntax
topology accept { all [ save-to { administrator | local-flash } ] |

mac-address mac-address | member-id member-number }
undo topology accept { all | mac-address mac-address | member-id
member-number }
Parameters
Example
mac-address
Specifies a bridge MAC address of the device while the

device authenticates the topology authenticated by
the topology, in the format of H-H-H.
member-number
Specifies the member number from which the

topology displays or the member numbers at the
starting point and ending point of a specified path.
save-to
Configures to save a standard topology to the FTP

server or the flash while saving the standard topology.
This file is named topology.top universally.
Accept the current topology as a standard topology.

<123> system-view
[123] cluster
[123.abc-cluster] topology accept all
View
Description
Cluster view

The topology.top file is used to save standard topology information on the FTP server
or the local flash. The saved information includes information of the white list and
blacklist. The blacklist is a list of devices that are not allowed to join the cluster. The
white list is a list of devices that can join the cluster.
808 topology restore-from

Command Reference
topology restore-from
Purpose
Use the topology restore-from command to obtain and restore the standard
topology information from the local flash.
Syntax
topology restore-from local flash
Parameters
None
Example
Obtain and restore the standard topology information.

<123> system-view
[123] cluster
[123.abc-cluster] topology restore-from local-flash
View
Description
Cluster view

Command Reference
topology save-to 809
topology save-to
Purpose
Use the topology save-to command to save the standard topology information
into the local flash.
Syntax
topology save-to local flash
Parameters
None
Example
Save the standard topology information into the local flash.

<123> system-view
[123] cluster
[123.abc-cluster] topology save-to local-flash
View
Description
Cluster view
The topology includes white list and blacklist. The file is named topology.top
universally.
810 tracemac

Command Reference
tracemac
Purpose
Use the tracemac command to locate a device by MAC address or IP address.
Syntax
tracemac { by-mac mac-address vlan vlan-id | by-ip ip-address } [ nondp

]
Parameters
by-mac
Configures to locate a device by MAC address.
mac-address
Specifies a MAC address of the device to be traced, in

the format of H-H-H.
vlan-id
Configures to trace a device by a specified VLAN ID,

by-ip
Configures to locate a device by IP address.
ip-address
Specifies the IP address of a device to be traced.
nondp
Configures not to use neighboring information of the

NDP protocol.
Example
Locate a device by MAC address.

<123> system-view
[123] tracemac by-mac 000f-3232-0005 vlan 1
Tracing MAC address 000f-3232-0005 in vlan 1
1 000f-3232-0001abc01 ethernet1/0/2
2 000f-3232-0002abc02 ethernet1/0/7
3 000f-3232-0003abc03 ethernet1/0/4
4 000f-3232-0005abc05 Local
Locate a device by IP address.

[123] tracemac by-ip 1922.168.1.5
Tracing MAC address 000f-3232-0005 in vlan 1
1 000f-3232-0001abc01 ethernet0/2
2 000f-3232-0002abc02 ethernet0/7
3 000f-3232-0003abc03 ethernet0/4
4 000f-3232-0005abc05 Local
View
Any view

Command Reference
tracert 811
tracert
Purpose
Use the tracert command to trace the gateways the test packets passes through
during its journey from the source to the destination.
tracert [[ -a source-ip] -f first-TTL ] [ -m max-TTL ] [ -p port ] [ -q
num-packet ] [ -w timeout ] string
Parameters
-a source-IP
Sets the initial TTL of the packets to be sent, so that

this command displays the addresses of only those
gateways on the path whose hop counts are not
smaller than the hop count specified by the first-TTL
argument. The first-TTL argument ranges from 1 to
-f
Sets the maximum TTL value of the packets to be

sent, so that this command displays the addresses of
only those gateways on the path whose hop counts
are not greater than the hop count specified by the
max-TTL argument. After the command sends a
packet with the maximum TTL, it will not send any
more packets. The max-TTL argument ranges from 1
to 255 and defaults to 30.
-m
Sets the destination port of the packets to be sent.

The port argument ranges from 0 to 65535 and
defaults to 33434. Generally, you need not change
the argument.
-p
Sets the number of packets to be sent every time.

The nqueries argument ranges from 0 to 65,535 and
defaults to 3.
-q
Sets the timeout time to wait for ICMP error packets.

The timeout argument ranges from 0 to 65,535 and
defaults to 5,000 (in milliseconds).
-w
string
Default
Example
Configures the source IP address used by tracert

command.
IP address of the destination host, or host name of

the remote system with 1 to 20 characters.
By default, when the parameters are not specified,
first-TTL is 1,
max-TTL is 30,
port is 33434,
nqueries is 3
timeout is 5000 ms.
Test the gateways passed by the packets to the destination host at 18.26.0.115.
812 tracert

Command Reference
<S4200G>tracert 18.26.0.115
tracert to allspice.lcs.mit.edu (18.26.0.115), 30 hops max
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms
9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms
10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms
11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms
12 * * *
13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms
View
Description
Any view
The tracert command is primarily used to check the network connectivity. It can
also help you locate the trouble spot of the network.
If you find that the network is in trouble by using the ping command, you can use
the tracert command to find where the trouble is in the network.
The executing procedure of the tracert command is as follows. First, the source
sends a packet with the TTL of 1, and the first hop device returns an ICMP error
message indicating that it cannot forward this packet because of TTL timeout.
Then, the source re-sends a packet with the TTL of 2, and the second hop device
also returns an ICMP TTL timeout message. This procedure continues until a
packet gets to the destination or the maximum TTL is reached. During the
procedure, the system records the source address of each ICMP TTL timeout
message in order to offer the path that the packets pass through to the destination.
The tracert command can output the IP addresses of all the gateways the
packets pass through to the destination. You will see the string "***" if a gateway
times out.

Command Reference
traffic-limit 813
traffic-limit
Purpose
Use the traffic-limit command to use ACL rules in traffic identifying and traffic
policing for the packet matching with the ACL rules and to set traffic policing
parameters.
Use the undo traffic-limit command to disable traffic policing.
Syntax
traffic-limit inbound acl-rule target-rate

undo traffic-limit inbound acl-rule
Parameters
inbound
Indicates that traffic policing is performed on the

packets received on the port.
acl-rule


ip-group acl-number
Issue a rule in an IP ACL and a rule in a Link ACL at ip-group acl-number rule rule link-group
the same time
acl-number rule rule
target-rate
Example
Specifies the rate at which to limit the packets received

on the port in kbps. Its value range varies with
different ports as follows:
Gigabit port: In the rang of 1 to 1000000
10G port: In the rang of 1 to 100000000
To perform traffic policing for packets matching with ACL 4000 rules. Limit the rate
within 128 kbps and drop the packets exceeding the traffic limit, enter the following:
[S4200G-GigabitEthernet1/0/1] traffic-limit inbound link-group 4000 128
View
Ethernet Port view
814 traffic-limit
Description

Command Reference
The command is used in traffic policing for packets matching with the specified ACL
rules. It is applicable only to ACL rules with permit action.
The granularity of traffic policing is described in the following table:
Table 115 The granularity of traffic policing
The rang of total rate
Granularity (bps)
0 to 1M
1K
0 to 10M
10K
0 to 100M
100K
0 to 1G
1M
0 to 10G
10M

Command Reference
traffic shape 815
traffic shape
Purpose
Use the traffic-shape command to enable traffic shaping and send the packets
out at an even rate.
Use the undo traffic-shape command to disable traffic shaping.
Syntax
traffic-shape [ queue queue-id ] max-rate burst-size

undo traffic-shape [ queue queue-id ]
Parameters
Example
queue queue-id
Specifies the ID of a queue. Valid values are 1 to 7.
max-rate
Specifies the maximum traffic rate on a port, in kbps.
burst-size
Specifies the burst size measured in kbyte. Valid values

are 12 to 16000. The value must be in multiples of 4
kbytes.
To perform traffic shaping on the current port. Set the max rate to 650kbps and the
burst size to 12kbytes, enter the following:
[S4200G-GigabitEthernet1/0/1] traffic-shape 650 12
View
Description
Ethernet Port view
The switch supports two forms of traffic shaping:
Traffic shaping for all the traffic of a port. The function can be implemented when
queue queue-id in the traffic-shape command is not specified.
Traffic shaping for the specified output queues. The function can be implemented
when queue queue-id in the traffic-shape command is specified.
Table 116 The granularity of traffic shaping

Port class
The set traffic

shaping value
Granularity (bps)
GE ports
0 to 80M
20K
GE ports
80M to 1G
260K
10GE ports
0 to 10G
2500K
816 traffic-statistic

Command Reference
traffic-statistic
Purpose
Use the traffic-statistic command to use ACL rules in traffic identifying and
perform traffic statistics on the packets matching with the ACL rules.
Use the undo traffic-statistic command to disable traffic statistics.
Syntax
traffic-statistic inbound acl-rule

undo traffic-statistic inbound acl-rule
Parameters
inbound
Indicates that traffic redirect is performed on the

packets received on the port.
acl-rule

Example
ip-group acl-number
Issue a rule in an IP ACL and a rule in a Link ACL at

the same time

To perform traffic statistics on packets matching with ACL 2000 rules, enter the
following:
[S4200G-GigabitEthernet1/0/1] traffic-statistic inbound ip-group 2000
View
System view
Description
Use the display qos-interface traffic-statistic command to display the times of

hardware matching in packet forwarding.
Related Command

Command Reference
udp-helper enable 817
udp-helper enable
Purpose
Use the udp-helper enable command to enable the UDP Helper function.
Use the undo udp-helper enable command to disable the UDP Helper function.
Syntax
udp-helper enable
undo udp-helper enable
Parameters
None
Default
By default, UDP Helper function is disabled.
Example
To enable the UDP Helper function.

[SW4200G]udp-helper enable
View
System view
818 udp-helper port

Command Reference
udp-helper port
Purpose
Use the udp-helper port command to configure the UDP port with relay function.
Use the undo udp-helper port command to remove the UDP configuration.
Syntax
udp-helper port { port | dns | netbios-ds | netbios-ns | tacacs | tftp

| time }
undo udp-helper port { port | dns | netbios-ds | netbios-ns | tacacs |
tftp | time }
Parameters
Example
port
Specifies the ID of the UDP port with relay function to

be enabled. Valid values are 1 to 65535.
dns
Domain name service, corresponding to UDP port 53.
netbios-ds
NetBios datagram service, corresponding to UDP port

138.
netbios-ns
NetBios name service, corresponding to UDP port 137.
tacacs
TAC access control system, corresponding to UDP port

49.
tftp
Trivial file transfer protocol, corresponding to UDP port

69.
time
Time service, corresponding to UDP port 37.
To configure the UDP port with relay function as the UDP port corresponding to DNS,
[SW4200G]udp-helper port dns
View
System view

Command Reference
udp-helper server 819
udp-helper server
Purpose
Use the udp-helper server command to configure the relay destination server for
UDP broadcast packets.
Use the undo udp-helper server command to delete the relay destination server.
Syntax
udp-helper server ip-address

undo udp-helper server [ ip-address ]
Parameters
ip-address
Default
By default, no relay destination server is configured.
Example
To configure the relay destination server with IP address 192.1.1.2, enter the
following:
Specifies the IP address of the destination server.
[SW4200G]interface vlan-interface 1
[SW4200G-Vlan-interface1]udp-helper server 192.1.1.2
View
Related Command
VLAN Interface view
820 undelete

Command Reference
undelete
Purpose
Use the undelete command to restore a deleted file.
Syntax
undelete file-url
Parameters
file-url
Example
Restore the deleted file named sample.bak.
Path name or the file name of a file in the Flash,

comprised of a string from1 to 142 characters long.
<S4200G> undelete sample.bak

Undelete flash:/sample.bak ?[Y/N]:y
% Undeleted file flash:/sample.bak
View
Description
User view
The file name to be recovered cannot be the same as an existing directory name. If
the destination file name is the same as an existing file name, a prompt will be
displayed asking whether to overwrite the existing file.

Command Reference
user 821
user
Purpose
Use the user command to switch to a specified user.
Syntax
user username [ password ]
Parameters
username
User name used to log into an FTP server.
password
Password used to log into an FTP server.
Example
Log into the FTP server using the user account with the user name being
tom and the password being 111.
<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:*****
[ftp] user tom 111
View
Description
FTP Client view
After logging into an FTP server, you can switch to another user by using the user
command.
822 user-interface

Command Reference
user-interface
Purpose
Using user-interface command to enter one or more user interface views to

perform configuration.
Syntax
user-interface [ type ] first-number [ last-number ]
Parameters
type
Specifies the user interface type, which can be aux or

vty.
first-number
Specifies the user interface index, which identifies the

first user interface to be configured.
last-number
Specifies the user interface index, which identifies the

last user interface to be configured.
Example
Enter VTY 0 user interface view.

[S4200G] user-interface vty 0
[S4200G-ui-vty0]
View
System view

Command Reference
user-name-format 823
user-name-format
Purpose
Use the user-name-format command to set the format of the user names to be sent
to RADIUS server.
Syntax
user-name-format { with-domain | without-domain }
Parameters
with-domain
Specifies to include ISP domain names in the user

names to be sent to RADIUS servers.
without-domain
Specifies to exclude ISP domain names from the user

names to be sent to RADIUS servers.
Default
By default, except for the default RADIUS scheme "system", the user names sent to
RADIUS servers in any RADIUS scheme carry ISP domain names.
Example
To specify that the user names sent to a RADIUS server in RADIUS scheme radius1
does not carry ISP domain names, enter the following:
View
Description
Related Command
RADIUS Scheme view
Note:
Generally, an access user is named in the userid@isp-name format. Where,

isp-name behind the @ character represents the ISP domain name, by which the
device determines which ISP domain it should ascribe the user to. However, some
old RADIUS servers cannot accept the user names that carry ISP domain names. In
this case, it is necessary to remove the domain names carried in the user names
before sending the user names to the RADIUS server. For this reason, the
user-name-format command is designed for you to specify whether or not ISP
domain names are carried in the user names sent to the RADIUS server.
For a RADIUS scheme, if you have specified that no ISP domain names are carried
in the user names, you should not use this RADIUS scheme in more than one ISP
domain. Otherwise, such errors may occur: the RADIUS server regards two
different users having the same name but belonging to different ISP domains as
the same user (because the user names sent to it are the same).
radius scheme
824 user privilege level

Command Reference
user privilege level

Purpose
Use the user privilege level level command to configure the command
level that a user can access from the specified user interface.
Use the undo user privilege level command to restore the default
command level.
Syntax
user privilege level level

undo user privilege level
Parameters
level
Default
By default, a user can access all commands at Level 3 after logging in through the
AUX user interface, and all commands at Level 0 after logging in through a VTY user
interface.
Example
Configure that commands of level 0 are available to the users logging into VTY 0.
Specifies the level of command that a user can access.

[S4200G-ui-vty0] user privilege level 0
You can verify the above configuration by Telneting to VTY 0 and displaying the
available commands, as listed in the following.
<S4200G> ?
User view commands:
cluster
Run cluster command
language-mode Specify the language environment
ping
Ping function
quit
Exit from current command view
super
Privilege specified user priority level
telnet
Establish one TELNET connection
tracert
Trace route function
View
Description
User Interface view
The user can use all the available commands at this command level.

Command Reference
verbose 825
verbose
Purpose
Use the verbose command to enable the verbose function, which displays execution
and response information of other related commands.
Use the undo verbose command to disable verbose.
Syntax
verbose
undo verbose
Parameters
None
Default
By default, verbose is disabled.
Example
Enable verbose.
<S4200G> ftp 2.2.2.2
Trying ...
Connected.
User(none):switch
Password:*****
[ftp] verbose
View
FTP Client view
826 virtual-cable-test

Command Reference
virtual-cable-test
Purpose
Use the virtual-cable-test command to enable the system to test the cable
connected to a specific port and to display the results.
Syntax
virtual-cable-test
Parameters
None
Default
By default, the test of the connection cable of the Ethernet port is closed, that is, the
system does not test the cable connected to the Ethernet port.
Example
Enable the system to test the cable connected.

[S4200G-GigabitEthernet0/1] virtual-cable-test
Cable status: abnormal(open), 7 metres
Pair Impedance mismatch: yes
Pair skew: 4294967294 ns
Pair swap: swap
Pair polarity: normal
Insertion loss: 7 db
Return loss: 7 db
Near-end crosstalk: 7 db
View
Description
Ethernet Port view
The system can test these attributes of the cable:
Cable status, including normal, abnormal, abnormal-open, abnormal-short and

failure
Cable length
Pair Impedance mismatch
Pair skew
Pair swap
Pair polarity
Insertion loss
Return loss
Near-end crosstalk

Command Reference
virtual-cable-test 827
Note:
If the cable is in normal state, the displayed length value is the total length of the
cable.
If the cable is in any other state, the displayed length value is the length from the
port to the faulty point.
The speed and undo speed commands cannot be configured on a combo port.
828 vlan

Command Reference
vlan
Purpose
Use the vlan command to enter the VLAN view.

Use the undo vlan command to remove a VLAN.
Syntax
vlan vlan-id
undo vlan { vlan-id1 to vlan-id2 | all }
Parameters
vlan-id
Specifies the ID of the VLAN you want to configure.

vlan-id1
Beginning VLAN ID. Valid values are 1 to 4094.
to
Specifies a VLAN ID range.
vlan-id2
Ending VLAN ID. Valid values are 1 to 4094. Note that

this value cannot be less than the vlan-id2 argument.
all
Delete all VLANs.
CAUTION: The undo vlan all command cannot be used to remove the VLANs
kept by protocols, voice VLANs, the default VLANs (VLAN 1), management VLANs,
and the remote probe VLANs.
Default
VLAN 1 is the default VLAN and cannot be deleted.

If the VLAN to be removed is the management VLAN, but not the default
management VLAN, VLAN 1 becomes the management VLAN after the VLAN is
removed.
Example
To enter VLAN 1 view, enter the following:

[S4200G] vlan 1
[S4200G-vlan1]
Remove VLAN 2 through VLAN 9, assuming that VLAN 5 is a voice VLAN.

[S4200G] undo vlan 2 to 9
This may delete all static VLAN except the VLAN kept by protocol, the
voice VLAN, the default VLAN, the management VLAN and the remote probe
VLAN.
[S4200G] display vlan
The following VLANs exist:
1(default), 5

Command Reference
View
vlan 829
Description
System view
If the VLAN identified by the vlan-id argument does not exist, this command creates
the VLAN and then enters VLAN view.
830 vlan-assignment-mode

Command Reference
Purpose
Use the vlan-assignment-mode command to set the VLAN assignment mode on

the switch.
Syntax
vlan-assignment-mode { integer | string }
Parameters
integer
Sets the VLAN assignment mode to integer.
string
Sets the VLAN assignment mode to string.
Default
By default, the VLAN assignment mode is integer. That is, the switch supports the
integer type of VLAN IDs assigned by RADIUS authentication server.
Example
To set the VLAN assignment mode to string, enter the following:

[S4200G-isp-3Com163.net] vlan-assignment-mode string
View
Description
ISP Domain view
Through dynamic VLAN assignment, the Ethernet switch dynamically adds the ports
of the successfully authenticated users to different VLANs depending on the attribute
values assigned by RADIUS server, so as to control the network resources the users
can access.
In actual application, to cooperate with Guest VLAN, port control is usually set to the
port-based mode. If it is set to the MAC addressbased mode, each port can have
only one user end connected.
Currently, the switch supports the following two data types of VLAN ID assigned by
RADIUS authentication server:
Integer: If the RADIUS server assigns integer type of VLAN IDs, you can set the
VLAN assignment mode to integer on the switch (this is also the default mode on
the switch). Then, upon receiving an integer ID assigned by the RADIUS
authentication server, the switch adds the port to the VLAN whose VLAN ID is
equal to the assigned integer ID. If no such a VLAN exists, the switch first creates a
VLAN with the assigned ID, and then adds the port to the newly created VLAN.
String: If the RADIUS server assigns string type of VLAN IDs, you can set the VLAN
assignment mode to string on the switch. Then, upon receiving a string ID
assigned by the RADIUS authentication server, the switch compares the ID with
existing VLAN names on the switch. If it finds a match, it adds the port to the
corresponding VLAN. Otherwise, the VLAN assignment fails and the user cannot
pass the authentication.

Command Reference
vlan-assignment-mode 831
Note: In string mode, if the VLAN ID assigned by the RADIUS server is a character
string containing only digits (for example, 1024), the switch first regards it as an
integer VLAN ID: the switch transforms the string to an integer value and judges if the
value is in the valid VLAN ID range; if it is, the switch adds the authenticated port to
the VLAN with the value as the VLAN ID (VLAN 1024, for example).
Related Commands
dot1x guest-vlan
name
832 vlan-mapping modulo

Command Reference
vlan-mapping modulo
Purpose
Use the vlan-mapping modulo command to map VLANs to specific spanning tree
instances.
Syntax
vlan-mapping modulo modulo
Parameters
modulo
Default
By default, all VLANs in a network are mapped to the CIST (spanning tree instance 0).
Example
To map VLANs to spanning tree instances using the modulo of 16, enter the
following:
Specifies the modulo. Valid values are 1 to 16.
[S4200G-mst-region] vlan-mapping modulo 16
View
Description
MST Region view
MSTP uses VLAN mapping tables to describe VLAN-to-spanning tree instance

mappings. You can use this command to establish VLAN mapping tables and to map
VLANs to specific spanning tree instances.
Note that a VLAN cannot be mapped to multiple spanning tree instances at a time. A
VLAN-to-spanning tree instance mapping becomes invalid when you map the VLAN
to another spanning tree instance.
You can map large amounts of VLANs to specific spanning tree instances quickly by
using the vlan-mapping modulo modulo command. The ID of the spanning tree
instance to which a VLAN is mapped can be figured out by using the following
expression:
(VLAN ID-1) % modulo + 1
where (VLAN ID-1) % modulo yields the module of (VLAN ID-1) with regards to
modulo. For example, if you set the modulo argument to 16, VLAN 1 is mapped to
spanning tree instance 1, VLAN 2 is mapped to spanning tree instance 2, , VLAN 16
is mapped to spanning tree instance 16, VLAN 17 is mapped to spanning tree
instance 1, and so on.

Command Reference
Related Commands
vlan-mapping modulo 833
region-name
revision-level
834 vlan-vpn enable

Command Reference
vlan-vpn enable
Purpose
Use the vlan-vpn enable command to enable the VLAN-VPN function for a port.
Use the undo vlan-vpn command to disable the VLAN-VPN function for a port.
Syntax
vlan-vpn enable
undo vlan-vpn
Parameters
None
Default
By default, the VLAN-VPN function is disabled.
Example
Enable the VLAN-VPN function for Ethernet1/0/1 port.

[S4200G]interface Ethernet 1/0/1
[S4200G-Ethernet1/0/1] vlan-vpn enable
View
Description
Ethernet Port view
With the VLAN VPN function enabled, a received packet is tagged with the default
VLAN tag of the receiving port no matter whether or not the packet already carries a
VLAN tag. If the packet already carries a VLAN tag, the packet becomes a dual-tagged
packet. Otherwise, the packet becomes a packet carrying the default VLAN tag of the
port.
CAUTION: The VLAN-VPN function is unavailable if the port has any of the protocols
among GVRP, GMRP, STP, IRF, NTDP and 802.1x enabled.
CAUTION: If this port is a remote mirror reflection port, the VLAN-VPN function
cannot be enabled on the port.

Command Reference
vlan-vpn tpid 835
vlan-vpn tpid
Purpose
Use the vlan-vpn tpid command to set a TPID value for a port. The setting takes
effect only when the VLAN-VPN or VLAN-VPN uplink function is enabled.
Use the undo vlan-vpn tpid command to restore the default TPID value.
Syntax
vlan-vpn tpid value

undo vlan-vpn tpid
Parameters
value
Default
The default TPID value is 0x8100.
Example
Set the TPID value to 0x12 for Ethernet1/0/2 port.
TPID value (in hexadecimal format) to be set. Valid

values for this argument are from 1 to 0xFFFF.
[S4200G-GigabitEthernet 1/0/2] vlan-vpn tpid 12
View
Description
Ethernet Port view
Do not set the TPID value to a value that conflicts with the known protocol type
values (such as 0x0806, which is that of ARP packets). Otherwise, the packet may be
discarded.
Table 118 Common Ethernet frame protocol type values
Protocol type
Value
ARP
0x0806
IP
0x0800
MPLS
0x8847/0x8848
IPX
0x8137
IS-IS
0x8000
LACP
0x8809
802.1x
0x888E
836 vlan-vpn tunnel

Command Reference
vlan-vpn tunnel
Purpose
Use the vlan-vpn tunnel command to enable the BPDU tunnel function.
Use the undo vlan-vpn tunnel command to disable the BPDU tunnel function.
Syntax
vlan-vpn tunnel
undo vlan-vpn tunnel
Parameters
None
Default
By default, the BPDU tunnel function is disabled.
Example
To enable the BPDU tunnel function for the switch, enter the following:
[S4200G] vlan-vpn tunnel
Note:
View
You must enable STP on a device before enabling the BPDU tunnel function on it.
The BPDU tunnel function is only available to access ports.
To implement the BPDU tunnel function, the links between operator networks
must be trunk links.
As the VLAN VPN function is unavailable to the ports with 802.1x, GVRP, GMRP,
STP, or NTDP employed, the BPDU tunnel function is unavailable to these ports.
Description
System view
The BPDU tunnel function enables BPDUs to be transparently transmitted between

geographically dispersed user networks through specified VLAN VPNs in operators
networks, allowing spanning trees to be generated across these user networks and
keep independent of those of the operators networks.

Command Reference
vlan-vpn uplink enable 837
vlan-vpn uplink enable

Purpose
Use the vlan-vpn uplink enable command to configure a port to be a

VLAN-VPN uplink port.
Use the undo vlan-vpn uplink command to remove the configuration.
Syntax

undo vlan-vpn uplink
Parameters
None
Example
Configure Ethernet1/0/2 port to be a VLAN-VPN uplink port.

[S4200G]interface Ethernet 1/0/2
[S4200G-Ethernet1/0/2] vlan-vpn uplink enable
VLAN-VPN uplink status: enabled
View
Description
Ethernet Port view
When sending a VLAN-VPN packet, a VLAN-VPN uplink port replaces the TPID value in
the outer VLAN tag of the packet with the customized TPID value. You can use the
vlan-vpn tpid command to set the TPID value used by the VLAN-VPN uplink port.
CAUTION: The vlan-vpn uplink enable command and the vlan-vpn enable
command are mutually exclusive. That is, if you execute the vlan-vpn
enable command on a port, you will fail to execute the vlan-vpn uplink
enable command on the same port. Similarly, if you execute the vlan-vpn
uplink enable command on a port, you will fail to execute the vlan-vpn
enable command on the same port.
838 voice vlan

Command Reference
voice vlan
Purpose
Use the voice vlan command to enable the voice VLAN function globally.
Use the undo voice vlan enable command to disable the voice VLAN function
globally.
Syntax
voice vlan vlan-id enable
undo voice vlan enable
Parameters
vlan-id
Example
Enable the voice VLAN function for VLAN 2.
ID of the VLAN for which the voice VLAN function is to

be enabled. Valid values for this argument are from
2 to 4,094.
[S4200G] vlan 2
[S4200G-vlan2] quit
[S4200G] voice vlan 2 enable
With the voice VLAN function enabled for VLAN 2, the following message appears if
you enable the voice VLAN function for another VLAN, for example, VLAN 4.
[S4200G] voice vlan 4 enable
Can't change voice vlan configuration when other voice vlan is running
View
Description
System view
globally.
CAUTION:
Related Command
Before enabling the voice VLAN function, make sure the VLAN for which the voice
VLAN function is to be enabled exists. Otherwise, you will fail to perform the
operation.
To remove a VLAN with the voice VLAN function enabled, you need to disable the
voice VLAN function first.
Only one VLAN can have the voice VLAN function enabled at a time.

Command Reference
voice vlan aging 839
voice vlan aging

Purpose
Use the voice vlan aging command to set the aging time for a voice VLAN.
Use the undo voice vlan aging command to restore the default aging time for
a voice VLAN.
Syntax
voice vlan aging minutes

undo voice vlan aging
Parameters
minutes
Example
Set the aging time of the voice VLAN to 100 minutes.
Aging time (in minutes) to be set for a voice VLAN.

Valid values for this argument are from 5 to 43,200.
If not specified, the default is 1,440.
[S4200G] voice vlan aging 100
View
Related Command
System view
840 voice vlan enable

Command Reference
voice vlan enable

Purpose
Use the voice vlan enable command to enable the voice VLAN function for a
port.
for a port.
Syntax
voice vlan enable

undo voice vlan enable
Parameters
None
Example
Enable the voice VLAN function for GigabitEthernet1/0/2 port.

[S4200G-Ethernet1/0/2] voice vlan enable
View
Ethernet Port view
Description
The voice VLAN function takes effect on a port only when it is enabled in both system
view and port view. Note that the operation to enable the voice VLAN function for a
port is independent of that to enable the function globally.
Related Command

Command Reference
voice vlan mac-address 841
voice vlan mac-address

Purpose
Use the voice vlan mac-address command to set a MAC address used for a
voice VLAN to identify voice devices.
Use the undo voice vlan mac-address command to remove a MAC address
used to identify voice devices.
Syntax
voice vlan mac-address oui mask oui-mask [ description string ]

undo voice vlan mac-address oui
Parameters
Example
oui
MAC address to be set. You need to provide this

argument in the format of H-H-H.
oui-mask
MAC address mask in the format of H-H-H. This

argument specifies the valid bits of the MAC address.
string
Description of the MAC address, consisting of a string

Set 00aa-bb00-0000 as an OUI address, with a description of "ABC".

[S4200G] voice vlan mac-address 00aa-bb00-0000 mask ffff-ff00-0000
description ABC
View
Description
System view
A switch can use up to 16 MAC addresses to identify voice devices, including the four
default MAC addresses (as listed in Table 2-2). When the number of MAC addresses
reaches 16, you will fail to add new MAC addresses.s
Table 119 Default OUI address
Related Command
Number
OUI
Description
00e0-bb00-0000
3com phone
0003-6b00-0000
Cisco phone
00e0-7500-0000
Polycom phone
00d0-1e00-0000
Pingtel phone
842 voice vlan mode

Command Reference
voice vlan mode

Purpose
Use the voice vlan mode auto command to configure an Ethernet port to
operate in the automatic voice VLAN mode.
Use the undo voice vlan mode auto command to configure an Ethernet port
to operate in the manual voice VLAN mode.
Syntax
voice vlan mode auto

undo voice vlan mode auto
Parameters
None
Default
By default, an Ethernet port operates in the automatic voice VLAN mode.
Example
Configure Ethernet 1/0/2 port to operate in the manual voice VLAN mode.
[S4200G] interface ethernet 1/0/2
[S4200G-Ethernet1/0/2] undo voice vlan mode auto
View
Description
Ethernet Port view
Use the voice vlan mode auto command to configure an Ethernet port to
operate in the automatic voice VLAN mode.
Use the undo voice vlan mode auto command to configure an Ethernet port
to operate in the manual voice VLAN mode.
These two commands are valid only before you enable the voice VLAN function
globally.
Related Command

Command Reference
voice vlan security enable 843
voice vlan security enable

Purpose
Use the voice vlan security enable command to enable the voice VLAN
security mode.
Use the undo voice vlan security enable command to disable the voice
VLAN security mode.
Syntax

undo voice vlan security enable
Parameters
None
Default
By default, the voice VLAN security mode is enabled.
Example
Disable the voice VLAN security mode.

[S4200G] undo voice vlan security enable
View
Description
System view
In the voice VLAN security mode, the ports in a voice VLAN and with voice devices
attached to can only forward voice data. Data packets with their MAC addresses not
among the OUI addresses that can be identified by the system will be dropped. This
mode has no effects on other VLANs.
These two commands are valid only before you enable the voice VLAN function
globally.
Related Command
844 voice vlan security enable

Command Reference

Command Reference
845
Numerics
Commands by
Function
COMMANDS BY FUNCTION
This section lists all commands by function.

Numerics
802.1x
display dot1x
display habp
display habp table
dot1x
dot1x dhcp-launch
dot1x guest-vlan
dot1x max-user
dot1x port-control
dot1x port-method
dot1x quiet-period
dot1x retry
dot1x timer
dot1x version-check
habp enable
habp server vlan
habp timer
smarton
smarton password
smarton switchid
smarton timer
157
171
182
183
184
332
334
335
336
338
340
342
344
345
346
347
349
374
375
376
595
671
672
673
674
AAA and Radius

access-limit
accounting
accounting optional
attribute
authentication
authorization
cut connection
data-flow-format
debugging radius
display connection
display domain
display local-user
display radius
domain
14
15
19
17
36
38
42
89
91
102
149
169
229
230
278
280
307
330
846

Command Reference
key
level
local-server
messenger
name
nas-ip
primary accounting
radius nas-ip
radius trap
radius-scheme
scheme
self-service-url
server-type
state
timer
timer quiet
user-name-format
421
428
431
463
476
477
538
540
579
583
580
601
605
613
615
648
651
652
654
657
717, 720
722
802
803
804
806
823
830
ACL
acl
description
display acl
display time-range
packet-filter
rule (Advanced ACL)
rule (Basic ACL)
rule (Layer 2 ACL)
rule comment
time-range
22
114
126
257
316
506
634
638
641
640
799
ARP
arp check enable
arp static
arp timer aging
display arp
display arp count
reset arp
31
32
34
96
128
130
131
371
593
Auto-detect
ip route-static
retry
418
612

Command Reference
847
Centralized MAC
mac-authentication
241
453
455
456
457
458
459
CLI
super
super password
Cluster
add-member
auto-build
black-list add-mac
build
cluster
cluster enable
cluster switch-to
cluster switch-to-sysname
cluster-local-user
cluster-mac
delete-member
display cluster
ftp cluster
holdtime
ip-pool
logging-host
management-vlan
reboot member
snmp-host
tftp cluster get
tftp cluster put
timer
topology accept
86
185
776
778
25
27
43
46
47
55
70
71
83
84
72
73
74
75
77
79
81
109
139
141
142
143
145
147
251
362
381
415
437
460
461
481
585
702
793
794
801
807
808
848

Command Reference
topology save-to
tracemac
Configuration File Management

display startup
display this
save
809
810
152
290
306
315
603
643
716
DHCP
accounting domain
address-check
dhcp-server
dhcp-server ip
display dhcp-server
display dhcp-server intervace vlan-interface
164,
166,
16
26
98
115
116
117
118
119
160
161
163
165
167
DLDP
debugging DLDP
100
EAD
653
Ethernet Switch
acl
authentication-mode
databits
display users
free user-interface
free web-users
header
idle-timeout
ip http acl
jumboframe enable
lock
parity
protocol inbound
screen-length
send
service-type
21
40
44
93
320
322
359
360
377
380
383
414
420
436
507
546
650
656
660
663

Command Reference
849
shell
snmp-agent group
snmp-agent usm-user
speed
stopbits
sysname
telnet
user-interface
668
676
678
696
703
723
780
786
824
822
File System Management

boot boot-loader
boot web-packege
cd
copy
delete
display boot-loader
file prompt
format
local-user
mkdir
more
move
pwd
rename
reset recycle-bin
rmdir
undelete
48
49
51
53
59
87
105
132
356
358
433
435
470
473
474
555
591
602
619
715
820
FTP
ascii
binary
bye
cd
cdup
close
delete
dir
disconnect
display ftp-server
display ftp-user
ftp
ftp server
ftp server enable
ftp timeout
get
lcd
ls
mkdir
open
passive
put
35
45
57
60
62
69
107
122
125
176
177
361
363
364
365
370
427
444
471
504
508
553
850

Command Reference
pwd
quit
remotehelp
rename
rmdir
user
verbose
556
577
588
592
620
821
825
GARP and GVRP

display garp timer
display gvrp status
garp timer
garp timer leaveall
gvrp
gvrp registration
178
179
180
181
366
368
372
373
596
IGMP
gmp-snooping fast-leave
gmp-snooping max-response-time
igmp host-join vlan
igmp-snooping
188
189
190
239
386
391
384
385
387
388
390
392
449
450
662
Information Center
display channel
display info-center
display logbuffer
display trapbuffer
info-center enable
info-center source
reset logbuffer
reset trapbuffer
terminal debugging
terminal logging
137
191
232
234
318
393
394
395
396
397
398
399
403
404
405
599
611
787
789

Command Reference
851
terminal monitor
terminal trapping
790
791
Link Aggregation
lacp enable
lacp port-priority
link-aggregation group agg-id description
link-aggregation group agg-id mode
224
226
227
423
424
425
429
430
520
Loopback Detection
235
MAC Address Table

display mac-address
mac-address timer
236, 445
238
447
452
Management VLAN
97
description
113
134
display dhcp client
159
196
display ip host
197
198
200
201
display ip routing-table ip address
204
display ip routing-table ip address1 ip address2 208
210
216
217
409
ip address
410
411
412
ip host
413
shutdown
670
Mirroring
mirroring group
mirroring-port
monitor-port
remote-probe vlan
244
464
465
466
467
468
472
587
852

Command Reference
MSTP
display stp
instance
region-name
reset stp
revision-level
stp
stp bpdu-protection
stp bridge-diameter
stp cost
stp edged-port
stp interface
stp interface cost
stp loop-protection
stp max-hops
stp mcheck
stp mode
stp point-to-point
stp port priority
stp priority
stp root primary
stp root secondary
stp root-protection
stp tc-protection
stp timer hello
stp timer max-age
stp timer-factor
stp transmit-limit
vlan-mapping modulo
vlan-vpn tunnel
24
63
309
311
406
586
607
617
724
725
726
727
729
730
732
734
736
738
740
742
743
744
746
748
750
752
753
754
755
756
757
759
761
762
763
764
767
766
769
771
773
774
770
775
832
836
Multicast Protocol
igmp-snooping
188
189
190
385
387
388
392
597
662

Command Reference
853
NDP
display ndp
ndp enable
ndp timer aging
ndp timer hello
246
478
479
480
600
Network Protocol
arp check enable
reset ip statistics
31
598
NTDP
display ntdp
ntdp enable
ntdp explore
ntdp hop
ntdp timer
249
250
482
483
484
485
486
487
NTP
ntp-service access
101
253
255
256
488
490
491
492
493
494
495
496
497
499
500
502
Password Control
password
509
Port
am user-bind
copy configuration
description
display interface
28
54
88
111
127
135
193
222
223
854

Command Reference

display port
duplex
flow-control
interface
mdi
port access vlan
port hybrid vlan
port isolate
port link-type
port-security OUI
port-security trap
shutdown
speed
virtual-cable-test
240
258
259
351
357
408
438
439
441
442
451
462
516
517
518
519
521
537
536
522
523
525
527
529
530
533
534
594
669
704
826
QoS
apply qos-profile
display qos-profile
packet-filter
priority
priority trust
qos cos-dscp-map
qos dscp-cos-map
29
30
262
263
264
265
266
267
268
269
270
272
273
274
275
276
277
505
542
543
547
557
559
561
563

Command Reference
855
qos dscp-dscp-map
qos-profile
queue-scheduler
reset traffic-limit
snmp-agent usm-user
traffic shape
traffic-limit
traffic-statistic
565
567
569
571
572
573
609
610
694
815
813
816
RMON
display rmon alarm
display rmon event
rmon alarm
rmon event
rmon history
rmon prialarm
rmon statistics
Routing Protocol
ip route-static
282
283
284
286
287
621
623
624
625
628
110
213
215
416, 418
SNMP
snmp-agent
snmp-agent group
snmp-agent log
snmp-agent mib-view
snmp-agent sys-info
snmp-agent usm-user
103
294
295
296
298
300
301
302
352
675
677
680
682
683
684
685
686
687
689
691
692
693
698
856

Command Reference
SSH
bye
cd
cdup
dir
display ssh server
exit
get
help
ls
mkdir
peer-public-key end
protocol inbound
public-key-code end
put
pwd
quit
remove
rename
rmdir
rsa peer-public-key
sftp
sftp server enable
sftp time-out
ssh server timeout
ssh2
56
58
61
124
288
289
303
304
305
355
369
379
443, 444
469, 471
511
545
548, 549
550, 551
552
554
575, 576
589
590
618
629
631
632, 633
664
666
667
705
706
707
708
709
710
712
713
Static Route
ip route-static
110
416
System Access
free user-interface
return
service-type
359
616
658
System Maintenance
boot boot-loader
boot bootrom
clock datetime
clock summer-time
clock timezone
debugging
display boot-loader
50
52
65
66
68
95
133

Command Reference
857
display clock
display cpu
display device
display fib
display ip socket
display memory
display tcp status
display users
display version
language-mode
ping
quit
reboot
schedule reboot at
sysname
system-view
tcp window
terminal debugging
tracert
138
151
158
168
175
186
218
220
243
292
312
314
323
324
426
512
578
584
608
645
647
781
782
783
784
785
788
811
System Management
debugging
display cpu
display snmp-agent
execute
snmp-agent usm-user
94, 95
101
292
285
286
293
353
354
448
700
TFTP
tftp get
tftp put
tftp-server
795
796
797
UDP Helper
udp-helper enable
udp-helper port
udp-helper server
104
319
817
818
819
VLAN
description
112
858

Command Reference
display vlan
name
port
vlan
326
475
515
828
VLAN-VPN
vlan-vpn enable
vlan-vpn tpid
261
834
835
837
Voice VLAN
display vlan
voice vlan
voice vlan aging
voice vlan enable
voice vlan mode
325
328
329
838
839
840
841
842
843
3COM SWITCH 4200G FAMILY

QUICK REFERENCE GUIDE
Overview
This Command Reference applies to the following Switch 4200G models:
Switch 4200G 12-Port (3CR17660-91)
Switch 4200G 48-Port FX (3CR17662-91)
Switch 4200G 24-Port (3CR17661-91)
Switch 4200G 1-Port 10Gigabit Module (XFP) (3C17666)
About the Command Line Interface

To use and navigate the command line interface of your unit, please refer to the following points for assistance:
When initially accessing the command line interface, press Enter when prompted. The User View menu for the unit
displays. This is indicated by the chevron brackets around the name of the unit at the prompt, for example,
<sw4200G>.
When in the System View menu, square brackets appear around the name of the unit at the prompt, for example,
[sw4200G].
You must be in the System View menu to access the configurable CLI commands.
Some commands can be entered directly at any prompt from anywhere in the interface.
If you enter part of a command followed by a ? (with no space between), the CLI will show you all the commands
that begin in that way.
The term view may be used interchangeably with the term menu.
The undo command is placed before the command you wish to undo, for example, undo setauthentication password.
<CTRL-A> places the cursor back to the start of the command line.
Enter the first few characters of a command and press TAB to enter the full command without having to input the
entire command (where there is only one command that starts with the entered characters).
Use the Up Arrow key at the prompt to repeat the previous command string.
Use the Delete key to delete the character after the cursor; the Backspace key deletes the character before the cursor.
When entering physical port numbers, Enter the port number as x/0/z, where x is the unit number and z is the
physical port number.
Copyright 2006-2007, 3Com Corporation. All rights reserved.

www.3Com.com
Part Number: 10014917 Rev. AC
Published: February 2007

Command Reference
Displaying Command Parameters

At the prompt, enter the name of the command followed by a space and ?. For example:
<sw4200G>boot ?
The following parameters are displayed:

attribute-switch
Exchange the file main-attribute and backup-attribute.
boot-loader
Select a file to boot at the next time
bootrom
Update Bootrom
web-package
Set web resource package
To specify boot loader, enter the command as follows:

<sw4200G>boot boot-loader ?
You only need to enter ? if parameters exist for the command.
Displaying Parent Menus

At the prompt, enter quit.
Displaying the User View Menu

Press <CTRL-Z>.
Obtaining Help
At the prompt, enter ?.
Further Information
For further information about how to use the command line interface, refer to the Command Reference Guide and
the Configuration Guide, which are both available as PDF documents on the CD that accompanied the unit.
Commands
access-limit
Use the access-limit command to set the maximum number of access users that can be contained in
current ISP domain.
ISP Domain view
accounting
Use the accounting command to configure an accounting scheme for the current ISP domain.
ISP Domain view
accounting domain
Use the accounting domain command to enable the DHCP accounting function.
DHCP Address Pool view
Use the accounting-on enable command to enable user re-authentication upon device restart function.
RADIUS Scheme view
accounting optional
Use the accounting optional command to open the accounting-optional switch.

ISP Domain view
RADIUS Scheme view

Command Reference
acl
Use the acl command to reference ACL and implement the ACL control to the TELNET users.
User Interface view
acl
Use the acl command to define an ACL identified by a number, and enter the corresponding ACL View.
System view
Use the active region-configuration command to activate the settings of an MST (multiple spanning
tree) region.
MST Region view
add-member

Cluster view
address-check
Use the address-check command to enable or disable DHCP relay security on a VLAN interface, so as to
start or stop the validity check on user addresses under the VLAN interface.
VLAN Interface view
Use the administrator-address command to store the MAC address of the management device on a
member device.
Cluster view
am user-bind
Use the am user-bind command to bind the MAC and IP addresses of a legal user to a specified port.
System view
Ethernet Port view
apply qos-profile
Use the apply qos-profile command to manually apply the QoS profile to the current port.
Ethernet Port view
Use the apply qos-profile interface command to manually apply a QoS profile to one or more
consecutive ports.
System view
arp check enable
Use the arp check enable command to enable the ARP entry checking function, that is, to disable a switch
from creating multicast MAC address ARP entries for MAC addresses learned.
System view
arp static
Use the arp static command to configure the static ARP mapping entries in the ARP mapping table.
System view
arp timer aging
Use the arp timer aging command to configure the aging time for dynamic ARP mapping entries.
System view
ascii
Use the ascii command to configure data transmission mode as ASCII mode.
FTP Client view
attribute
Use the attribute command to configure attributes of a user whose service type is lan-access.
Local User view
authentication
Use the authentication command to configure an authentication scheme for the current ISP domain.
ISP Domain view
authentication-mode
Use the command authentication-mode to specify the authentication mode.

User Interface view
authorization
Use the authorization none command to allow users in the current ISP domain to use network services
without being authorized.
ISP Domain view

Command Reference
auto-build
Use the auto-build command to create a cluster automatically.

Cluster view
Use the auto-execute command command to set the command that is executed automatically after a user
logs in.
User Interface view
binary
Use the binary command to specify that files be transferred in binary mode. That is, data is transferred in
binary streams.
FTP Client view
black-list add-mac
Use the black-list add-mac command to add a device into the blacklist.
Cluster view
Use the black-list delete-mac command to delete a device from the blacklist.
Cluster view
Use the boot attribute-switch command to switch between the main and backup attribute for all the files
or a specified type of files. This changes a file with the main attribute to one with the backup attribute, or
vice versa.
User view
boot boot-loader
Use the boot boot-loader command to configure an app file to be of the main attribute. The app file
specified by this command becomes the main startup file when the device starts the next time.
User view
boot boot-loader
Use the boot boot-loader command to specify the host software that will be adopted when the current
switch or a specified switch in the fabric reboots next time.
User view
Use the boot boot-loader backup-attribute command to configure an app file to be of the backup
attribute.
User view
boot bootrom
Use the boot bootrom command to update the BootROM.

User view
boot web-package
Use the boot web-package command to configure a Web file to be of the main or backup attribute.
User view
Use the broadcast-suppression command to define the broadcast traffic ratio allowed on one port or each
of the ports.
System view
build
Use the build command to configure a cluster with the current switch as the management device. Argument
name specifies the name of the cluster.
Cluster view
bye
Use the bye command to terminate the connection to the remote SFTP server and return to system view.
SFTP Client view
bye
Use the bye command to terminate the control connection and data connection with the remote FTP server
and quit to user view.
FTP Client view
cd
Use the cd command to change the current path on the remote SFTP server.
SFTP Client view

Command Reference
cd
Use the cd command to enter a specified directory on the Ethernet switch.

User view
cd
Use the cd command to change the work path on the remote FTP server.
FTP Client view
cdup
Use the cdup command to return to the upper directory.

SFTP Client view
cdup
Use the cdup command to enter the parent directory.

FTP Client view
Use the check region-configuration command to display the configurations of the MST regions that are
not activated.
MST Region view
clock datetime
Use the clock datetime command to set the current system time and date.
User view
clock summer-time
Use the clock summer-time command to set the name, time range, and offset of the daylight saving time.
User view
clock timezone
Use the clock timezone command to set local time zone information.
User view
close
Use the close command to terminate an FTP connection without quitting FTP client view.
FTP Client view
cluster
Use the cluster command to enter cluster view.

System view
cluster enable
Use the cluster enable command to enable the cluster function on a switch.
System view
cluster-local-user
Use the cluster-local-user command to configure a Web username and password for all cluster
members.
Cluster view
cluster-mac
Use the cluster-mac command to configure a multicast MAC address for cluster management. Run this
command only on the management device only.
Cluster view
Use the cluster-mac syn-interval command to set the interval for the management device to send
multicast packets. This command can be executed on the management device only.
Cluster view
Use the cluster-snmp-agent community command to configure a SNMP community for a cluster to enable
SNMP access.
Cluster view
Use the cluster-snmp-agent group command to configure a SNMP group for a cluster to map SNMP
users to the SNMP view.
Cluster view
Use the cluster-snmp-agent mib-view command to create or update the information about the MIB view
configured for a cluster.
Cluster view

Command Reference
Use the cluster-snmp-agent usm-user v3 command to add an account to the SNMPV3 group configured
for a cluster.
Cluster view
cluster switch-to
Use the cluster switch-to command to switch between the management device and member devices
for configuration and management.
User view
cluster switch-to sysname
Use the cluster switch-to sysname command to switch between the master device and a member
device.
User view
Use the command-privilege level command to set the level of the specified command in a specified view.
System view
copy
Use the copy command to copy a file.

User view
copy configuration
Use the copy configuration command to copy the configuration of a specific port to other ports, to ensure
consistent configuration.
System view
cut connection
Use the cut connection command to cut the connection a user or a category of users by force.
System view
data-flow-format
Use the data-flow-format command to set the units of measure for the data flow sent to the RADIUS
Server.
RADIUS Scheme view
databits
Use the databits command to set the databits for the user interface.
User Interface view
debugging

User view
debugging

User view
Use the debugging arp packet command to enable ARP debugging.

User view
Use the debugging dhcp client command to enable debugging for the DHCP client/BOOTP client.
User view
Use the debugging dhcp-relay command to enable DHCP relay debugging.

User view
debugging DLDP
Use the debugging dldp command to enable specific debugging for DLDP on all ports with DLDP enabled.
User view
Use the debugging ntp-service command to debug different NTP (network time protocol) services.
User view
debugging radius
Use the debugging radius command to enable the debugging for RADIUS protocol.
User view
Use the debugging snmp-agent command to enable SNMP Agent debugging.

User view

Command Reference
Use the debugging udp-helper command to enable UDP Helper debugging.

User view
delete

User view
delete
Use the delete command to delete the specified file from the server.
SFTP Client view
delete
Use the delete command to delete the specified remote file.

FTP Client view
delete-member
Use the delete-member command to remove a member device from the cluster.
Cluster view
Use the delete static-routes all command to delete all the static routes.
System view
description
Use the description command to enter a description of an Ethernet port.

Ethernet Port view
description
Use the description command to assign a description string for the VLAN.
VLAN view
description
Use the description command to assign a description string to a VLAN or a VLAN interface.
VLAN view
VLAN Interface view
description
Use the description command to define the description information of an ACL to describe the specific
purpose of the ACL.
Basic ACL view
Advanced ACL view
Layer 2 ACL view
Use the dhcp relay information enable command to enable option 82 supporting on a DHCP relay,
through which you can enable the DHCP relay to insert option 82 into DHCP request packets sent to a
DHCP server.
System view
Use the dhcp relay information strategy command to instruct a DHCP relay to perform specified
operations to DHCP request packets that carry option 82.
System view
Use the dhcp-security static command to configure a static user address entry.
System view
dhcp-server
Use the dhcp-server command to map the current VLAN interface to a DHCP server group.
VLAN Interface view
dhcp-server ip
Use the dhcp-server ip command to configure the DHCP server IP address(es) in a specified DHCP
server group.
System view
dir
Use the dir command to display the information about the specified files or directories on a switch.
User view

Command Reference
dir
Use the dir command to query specified files.

FTP Client view
dir
Use the dir command to display the files in the specified directory.
SFTP Client view
disconnect
Use the disconnect command to terminate a FTP connection without quitting FTP client view.
FTP Client view
display acl
Use the display acl command to view the detailed configuration information of an ACL, including each
rule and its number as well as the number and size in bytes of the data packets that match the statement.
Any view
Use the display am command to view whether address management is enabled and to display IP address
pool configuration.
Any view
display arp
Use the display arp command to display the ARP mapping table entries by entry type, or by a specified
IP address.
Any view
display arp count
Use the display arp count command to display the number of the specified type of ARP mapping entries.
Any view
Use the display arp timer aging command to view the current setting of the dynamic ARP aging timer.
Any view
display boot-loader
Use the display boot-loader command to display the information about the app startup files of a switch,
including the current app startup file name, the main and backup app startup files to be used when the switch
starts the next time.
Any view
display boot-loader
Use the display boot-loader command to display the host software (.bin file) that will be adopted when
the switch reboots.
Any view
Use the display bootp client command to display BOOTP client-related information, including the MAC
address of the BOOTP client and the IP address obtained.
Any view
Use the display brief interface command to display the configuration information about one specific
or all ports in brief, including the port type, connection state, connection rate, duplex attribute, link type and
default VLAN ID.
Any view
display channel
Use the display channel command to display the details about the information channel.
Any view
display clock
Use the display clock command to display the current date and time of the system, so that you can adjust
them if they are wrong.
Any view
display cluster
Use the display cluster command to display the state and basic configuration information of the cluster
that contains the current switch.
Any view
Use the display cluster topology command to display the standard topology view of the cluster.
Any view

Command Reference
Use the display cluster black-list command to display the current blacklist of the cluster.
Any view
Use the display cluster candidates command to display candidate devices of a cluster.
Any view
Use the display cluster current topology command to display the current topology view or the topology
path between two points.
Any view
Use the display cluster members command to display the information about cluster members.
Any view
display connection
Use the display connection command to view the information for a specified connection type.
Any view
display cpu
Use the display cpu command to display CPU usage of a specified switch.
Any view
Use the display current-configuration command to display the current configuration of a switch.
Any view
display debugging
Use the display debugging command to display the enabled debugging on a specified device.
Any view
Use the display debugging habp command to display the state of HABP debugging.
Any view
display device
Use the display device command to display the information, such as the module type and operating
status, about each board (main board and sub-board) of a specified switch.
Any view
display dhcp client
Use the display dhcp client command to display the DHCP client-related information.
Any view
Use the display dhcp-security command to display one or all user address entries, or a specified type
of user address entries in the valid user address table of a DHCP server group.
Any view
display dhcp-server
Use the display dhcp-server command to display information about a specified DHCP server group.
Any view
Use the display dhcp-server interface vlan-interface command to display information about the
DHCP server group to which a VLAN interface is mapped.
Any view
Use the display dhcp-snooping command to display the user IP-MAC address mapping entries recorded
by the DHCP snooping function.
Any view
Use the display dhcp-snooping command to display the correspondence between user IP addresses and
MAC addresses recorded by the DHCP snooping function.
Any view
Use the display dhcp-snooping trust command to display the (enabled/disabled) state of the DHCP
snooping function and the trusted ports.
Any view
10

Command Reference
Use the display dhcp-snooping trust command to display the DHCP-Snooping state and information
on trusted ports.
Any view
Use the display diagnostic-information command to display the system diagnostic information, or save
the system diagnostic information to a file (with a suffix of "diag") in the flash memory.
Any view
display domain
Use the display domain command to view the configuration information of a specified ISP domain or
display the summary information of all ISP domains.
Any view
display dot1x
Use the display dot1x command to view the relevant information of 802.1x.
Any view
display fib
Use the display fib command to view the summary of the forwarding information base.
Any view
display ftp-server
Use the display ftp-server command to display the FTP server-related settings of a switch when it
operates as an FTP server.
You can use this command to verify FTP server-related configurations.
Any view
display ftp-user
Use the display ftp-user command to display the settings of the current FTP user, including the user
name, host IP address, port number, connection idle time, and authorized directory.
Any view
Use the display garp statistics command to display the GARP statistics on specified (or all) ports.
Any view
display garp timer
Use the display garp timer command to display the values of the GARP timers on specified or all ports.
Any view
Use the display gvrp statistics command to display the GVRP statistics about specified (or all) Trunk
ports.
Any view
display gvrp status
Use the display gvrp status command to display the enable/disable status of global GVRP.
Any view
display habp
Use the display habp command to display HABP configuration and status information.
Any view
display habp table
Use the display habp table command to display the MAC address table maintained by HABP.
Any view
Use the display habp traffic command to display statistics on HABP packets.
Any view
Use the display history-command command to display history commands.

Any view
Use the display icmp statistics command to view the statistics information about ICMP packets.
Any view
Use the display igmp-snooping configuration command to display the configuration information about
IGMP Snooping.
Any view

Command Reference
11
Use the display igmp-snooping group command to display information about the IP and MAC multicast
groups under one VLAN (with vlan vlan-id) or all VLANs (without vlan vlan-id).
Any view
Use the display igmp-snooping statistics command to display the message statistics about IGMP
Snooping.
Any view
display info-center
Use the display info-center command to display system log settings and memory buffer record statistics.
Any view
display interface
Use the display interface command to view the configuration information on the selected interface.
Any view
Use the display interface vlan-interface command to display the information about the management
VLAN interface, including the physical and link status, the format of the sent frames, the MAC address, IP
address (and subnet mask), description string and MTU (maximum transmit unit) of the management VLAN.
Any view
display ip host
Use the display ip host command to display all host names and their corresponding IP addresses.
Any view
Use the display ip interface vlan-interface command to view information on the specified interface.
Any view
Use the display ip routing-table command to display the summary information about the routing table.
Any view
Use the display ip routing-table acl command to display the routes permitted by the specified basic
ACL.
Any view.
Use the display ip routing-table ip-address command to display the information about the routes
leading to the destination.
Any view
display ip routing-table ip-address1 ip-address2
Use the display ip routing-table ip-address1 ip-address2 command to display the information
about the routes with their destinations within the specified destination IP address range.
Any view
Use the display ip routing-table ip-prefix command to display the information about the routes
matching a specified IP prefix list.
Any view
Use the display ip routing-table protocol command to display the information about specific routes.
Any view
Use the display ip routing-table radix command to view the route information in a hierarchical (tree)
structure.
Any view
Use the display ip routing-table statistics command to display the statistics of a routing table.
Any view
Use the display ip routing-table verbose command to display the detailed information about a routing
table.
Any view
12

Command Reference
display ip socket
Use the display ip socket command to display the information about the sockets in the current system.
Any view
Use the display ip statistics command to view the statistics information about IP packets.
Any view
Use the display isolate port command to display the information about the Ethernet ports added to an
isolation group.
Any view
Use the display lacp system-id command to view actor system ID, including system priority and system
MAC address.
Any view
Use the display link-aggregation interface command to display the link aggregation details about a
specified port or port range.
Any view
Use the display link-aggregation interface command to display the link aggregation details about a
specified port or port range, including:
Use the display link-aggregation summary command to display summary information of all aggregation
groups, including device ID of the local end, aggregation group ID, aggregation group type, device ID of the
remote end, number of the selected ports, number of the unselected ports, load sharing type and master
port number.
Any view
Use the display link-aggregation verbose command to display the details about a specified
aggregation group.
Any view
Use the display local-server statistics command to view the statistics of all local RADIUS
authentication server.
Any view
display local-user
Use the display local-user command to view information about all the local users or the specified
one(s).
Any view
display logbuffer
Use the display logbuffer command to display the status of the log buffer and the records in the log
buffer.
Any view
Use the display logbuffer summary command to display the summary of the log buffer.
Any view
Use the display loopback-detection command to display the loopback detection status on the port.
Any view
display mac-address
Use the display mac-address command to display MAC address table information.
Any view
Use the display mac-address aging-time command to display the aging time of the dynamic entry in the
MAC address table.
Any view
Use the display mac-address multicast static command to display the multicast MAC address entries
manually configured on the switch, with each entry containing the following information: multicast MAC
address, VLAN ID, MAC address state, port number(s), and aging time of each port.
Any view

Command Reference
13
Use the display mac-address security command to display the information about Security MAC address.
Any view
Use the display mac-authentication command to display global information about centralized MAC
address authentication
Any view
display memory
Use the display memory command to display the memory usage of a specified switch.
Any view
Use the display mirroring-group command to display the parameter settings of a port mirroring group.
Any view
display ndp
Use the display ndp command to display global NDP configuration information, including the interval to
send NDP packets, the holdtime of NDP information, and the information about the neighbors of all the
ports.
Any view
display ntdp
Use the display ntdp command to display the global NTDP information. The information includes the
range (in hop count) within which topology information is collected, the interval to collect topology
information (the NTDP timer), the delay time for a device to forward topology-collection requests, the delay
time for a topology-collection request to be forwarded through a port, and the time cost during the last
topology collection.
Any view
Use the display ntdp device-list command to display the device information collected through NTDP.
Any view
Use the display ntdp single-device mac-address h-h-h command to display the information about a
specific device in detail.
Cluster view
Use the display ntp-service sessions command to display the status of all the sessions maintained by
NTP (Network Time Protocol) service provided by the local equipment.
Any view
Use the command display ntp-service status to display the NTP service status.
Any view.
Use the display ntp-service trace command to display the brief information of each NTP time server
along the time synchronization chain from the local device to the reference clock source.
Any view
Use the display packet-filter command to view the application information of packet filtering, including
the ACL name, rule names, and application status.
Any view
display port
Use the display port command to display all current ports with their type indicated.
Any view
Use the display port-security command to display the information about port security configuration
(including global configuration and all or specific port configuration).
Any view
Use the display port vlan-vpn command to display the information about the VLAN VPN configuration
of the current system, including current TPID value, VLAN-VPN ports, and VLAN-VPN uplink ports.
Any view
14

Command Reference
Use the display protocol-priority command to display the priority of protocol packets.
Any view
Use the display qos cos-drop-precedence-map command to display the "COS->Drop-precedence"

Any view
Use the display qos cos-dscp-map command to display the "COS->DSCP" mapping relationship.
Any view
Use the display qos cos-local-precedence-map command to view the COS>Local-precedence map.
Any view
Use the display qos dscp-cos-map command to display the "DSCP->802.1 priority" mapping relationship.
Any view
Use the display qos dscp-drop-precedence-map command to display the "DSCP->Drop-precedence"

Any view
Use the display qos dscp-cos-map command to display the "DSCP->DSCP" mapping relationship.
Any view
Use the display qos dscp-local-precedence-map command to display the "DSCP->Local-precedence"

Any view
Use the display qos-interface all command to display all the QoS settings of the port.
Any view
Use the display qos-interface priority-trust command to display the precedence mapping mode of
the switch.
Any view
Use the display qos-interface traffic-limit command to view the traffic limit settings.
Any view
Use the display qos-interface traffic-shape command to view the parameter configurations of traffic
shaping on the port.
Any view
Use the display qos-interface traffic-statistic command to view the traffic statistics.
Any view
display qos-profile
Use the display qos-profile command to view the configurations of the QoS profile.
Any view
Use the display queue-scheduler command to view queue scheduling mode and corresponding
parameters.
Any view
display radius
Use the display radius command to view the configuration information about all RADIUS schemes or a
specified scheme.
Any view
Use the display radius statistics command to view the statistics information about RADIUS packet.
Any view

Command Reference
15
display rmon alarm
Use the display rmon alarm command to display the configuration of a specified alarm entry or all the
alarm entries.
Any view
display rmon event
Use the display rmon event command to display the configuration of a specified event entry or all the
event entries.
Any view
Use the display rmon eventlog command to display the log of a specified event entry or all the event
entries.
Any view
Use the display rmon history command to display the RMON history information about a specified port.
The information about the latest sample, including utilization, the number of errors, the total number of
packets and so on, is also displayed.
Any view
Use the display rmon prialarm command to display the configuration of a specified extended alarm entry
or all the extended alarm entries.
Any view
Use the display rmon statistics command to display the RMON statistics of a specified port.
Any view
Use the display rsa local-key-pair public command to display the public key of the server host key
pair. If no key pair is generated, the system prompts %RSA keys not found.
Any view
Use the display rsa peer-public-key command to display the client public key of the specified RSA key
pair. If no key name is specified, the command displays all public keys of the client
Any view
Use the display saved-configuration command to display the content of the main configuration file in
the flash memory of a switch.
Any view
Use the display schedule reboot command to display information about scheduled reboot.
Any view
display snmp-agent
Use the display snmp-agent command to view engine ID of the local or remote SNMP entity.
Any view
Use the display snmp-agent community command to view the information about the currently configured
community names for SNMPv1 or SNMPv2c.
Any view
Use the display snmp-agent group command to view group name, security model, state of various views
and storage models.
Any view
The display snmp-agent mib-view command is used to view the MIB view configuration information of
the current Ethernet switch.
Any view
Use the display snmp-agent statistics command to view the statistics information about SNMP
packets.
Any view
16

Command Reference
Use the display snmp-agent sys-info command to view the system information of SNMP configuration.
Any view
Use the display snmp-agent trap-list command to display trap list information.
Any view
Use the display snmp-agent usm-user command to view SNMP user information.
Any view
display ssh server
Use the display ssh server command to display the status or session information about the SSH server
Any view
Use the display ssh server-info command to display the association between the server public keys
configured on the client and the servers.
Any view
Use the display ssh user-information command to display information about the current SSH users,
including user name, authentication mode, key name and authorized service types. If the username is
specified, the command displays information about the specified user.
Any view
display startup
Use the display startup command to display the startup configuration of a switch, including the name of
the current startup configuration file, the names of the main startup configuration file, and backup startup
configuration file to be used when the switch starts the next time, and so on.
Any view
Use the display stop-accounting-buffer command to view the no-response stop-accounting request
packets buffered in the device.
Any views
display stp
Use the display stp command to display the state and statistical information about one or all spanning
trees.
Any view
Use the display stp region-configuration command to display the MST region configuration.
Any view
Use the display tcp statistics command to view the statistics information about TCP packets.
Any view
display tcp status
Use the display tcp status command to view the TCP connection state.
Any view
display this
Use the display this command to display the current configuration performed in the current view of the
system.
Any view
display time-range
Use the display time-range command to view the configuration and status of the current time range. You
will see the active or inactive state outputs respectively.
Any view
display trapbuffer
Use the display trapbuffer command to display the status of the trap buffer and the records in the trap
buffer.
Any view
Use the display udp-helper server command to view the information of destination Helper server
corresponding to the VLAN interface.
Any view

Command Reference
17
Use the display user-interface command to view information on a user interface.

Any view
display users
Use the display users command to display the information about user interfaces. If you do not specify the
all keyword, only the information about the current user interface is displayed.
Any view
display users
Use the display users command to display the status and configuration information about user terminal
interfaces. Use the display users all command to view the information on all user terminal interfaces.
Any view
display version
Use the display version command to view the software version, issue date and the basic hardware
configuration information.
Any view
display vlan
Use the display vlan command to display the ports operating in the manual/automatic mode in the current
voice VLAN.
Any view
display vlan
Use the display vlan command to view related information about specified VLANs or all VLANs.
Any view
Use the display voice vlan oui command to display the currently supported OUI addresses and the
related information.
Any view
Use the display voice vlan status command to display voice VLAN-related information, including voice
VLAN operation mode, port mode (manual mode or automatic mode), and so on.
Any view
domain
Use the domain command to create an ISP domain and enter its view, or enter the view of an existing ISP
domain, or configure the default ISP domain.
System view
dot1x
Use the dot1x command to enable 802.1x on the specified port or globally, (that is on the current device).
System view
Ethernet Port view
Use the dot1x authentication-method command to set 802.1x authentication mode.

System view
dot1x dhcp-launch
Use the dot1x dhcp-launch command to specify an 802.1x-enabled switch to launch the process to
authenticate a supplicant system when the supplicant system applies for a dynamic IP address through
DHCP.
System view
dot1x guest-vlan
Use the dot1x guest-vlan command to enable the Guest VLAN function for specified ports.
System view
Ethernet Port view
dot1x max-user
Use the dot1x max-user command to set the maximum number of systems an Ethernet port can
accommodate.
System view
Ethernet Port view
dot1x port-control
Use the dot1x port-control command to specify the access control method for specified Ethernet ports.
System view
Ethernet Port view
18

Command Reference
dot1x port-method
Use the dot1x port-method command to specify the access control method for specified Ethernet ports.
Ethernet Port view
dot1x quiet-period
Use the dot1x quiet-period command to enable the quiet-period timer.

System view
dot1x retry
Use the dot1x retry command to specify the maximum number of times a switch can transmit the
authentication request frame to supplicant systems.
System view
Use the dot1x retry-version-max command to set the maximum number of retries for a switch to send
version request packets to an online supplicant system.
System view
dot1x timer
Use the dot1x timer command to set the 802.1x timers.

System view
dot1x version-check
Use the dot1x version-check command to enable 802.1x client version checking for specified Ethernet
ports.
System view
Ethernet Port view
duplex
Use the duplex command to set the port duplex attribute.

Ethernet Port view
Use the enable snmp trap updown command to enable the port to send LINK UP and LINK DOWN Trap
information.
System view
Use the end-station polling ip-address command to configure the IP address requiring periodic testing.
System view
execute
Use the execute command to execute the specified batch file.

System view
exit
Use the exit command to terminate the connection to the remote SFTP server and return to system view.
This command has the same function as the bye and quit commands.
SFTP Client view
file prompt
Use the file prompt command to modify the prompt mode of file operations on the Switch.
System view
flow-control
Use the flow-control command to enable port flow control, to avoid packet loss in the event of network
congestion.
Ethernet Port view
format
Use the format command to format a storage device.

User view
free user-interface
Use the free user-interface command to reset a specified user interface to its default settings. The user
interface will be disconnected after the reset.
User view
free web-users
Use the free web-users command to disconnect a specified Web user or all Web users by force.
User view
ftp
Use the ftp command to establish a control connection with an FTP server and enter FTP client view.
User view

Command Reference
19
ftp cluster
Use the ftp cluster command to establish a control connection with a cluster FTP server. This command
also leads you to FTP client view.
User view
ftp server
Use the ftp server command to configure an FTP server on the management device for the member
devices in the cluster.
Use the undo ftp server command to remove the FTP server configured for the member devices in the
cluster.
System view
ftp server enable
Use the ftp server enable command to enable FTP server and allow FTP users to log in.
System view
ftp timeout
Use the ftp timeout command to configure connection timeout interval.

System view
garp timer
Use the garp timer command to set the GARP Hold, Join or Leaver timer value on the current port.
Ethernet Port view
garp timer leaveall
Use the garp timer leaveall command to set the GARP LeaveAll timer to a specified value.
System view
get
Use the get command to download a remote file and save the file to the local device.
SFTP Client view
get
Use the get command to download a remote file and save it as a local file.
FTP Client view
Use the gratuitous-arp-learning enable command to enable the gratuitous ARP packet learning
function.
System view
gvrp
Use the gvrp command to enable GVRP globally (in system view) or on a port (in Ethernet port view).
System view
Ethernet Port view
gvrp registration
Use the gvrp registration command to configure the GVRP registration type on a port.
Ethernet Port view
habp enable
Use the habp enable command to enable HABP for a switch.

System view
habp server vlan
Use the habp server vlan command to configure a switch to operate as an HABP server and HABP
packets to be broadcast in specified VLAN.
System view
habp timer
Use the habp timer command to set the interval for a switch to send HABP request packets.
System view
header
Use the header command to set the banners that are displayed when a user logs into a switch. The login
banner is displayed on the terminal when the connection is established. And the session banner is displayed
on the terminal if a user successfully logs in.
System view
help
Use the help command to get the help information about the specified or all SFTP client commands.
SFTP Client view
20

Command Reference
Use the history-command max-size command to set the size of the history command buffer.
User Interface view
holdtime
Use the holdtime command to configure the holdtime of a switch.

Cluster view
idle-cut
Use the idle-cut command to set the user idle-cut function in current ISP domain.
ISP Domain view
idle-timeout
Use the idle-timeout command to configure the amount of time you want to allow a user interface to
remain idle before it is disconnected.
User Interface view
igmp host-join vlan
Use the igmp host-join vlan command to configure a routing port to join to a multicast group.
Ethernet Port view
igmp-snooping
Use the igmp-snooping command to enable or disable the IGMP Snooping.

System view
VLAN view
Use the igmp-snooping fast-leave command to enable IGMP fast leave processing.
Ethernet Port view
Use the igmp-snooping group-limit command to set the maximum number of multicast groups the port
can join.
Ethernet Port view
Use the igmp-snooping group-policy command to configure an IGMP Snooping filter ACL.
System view
Ethernet Port view
Use the igmp-snooping host-aging-time command to set the aging time of multicast member ports.
System view
Use the igmp-snooping max-response-time command to configure the maximum query response time.
System view
Use the igmp-snooping router-aging-time command to configure the aging time of the router port.
System view
Use the info-center channel name command to name the channel of the specified number.
System view
Use the info-center console channel command to enable information output to the console through a
specified channel.
System view
info-center enable
Use the info-center enable command to enable the information center.

System view
Use the info-center logbuffer command to enable information output to the log buffer through the
specified channel (you can also set the size of the log buffer in this command).
System view
Use the info-center monitor channel command to enable information output to terminals through a
specified channel.
System view

Command Reference
21
Use the info-center snmp channel command to enable information output to the SNMP through a
specified channel.
System view
info-center source
Use the info-center source command to add a record (that is, an information source) to an information
channel.
System view
Use the info-center synchronous command to enable synchronous terminal output.

System view
Use the info-center synchronous command to enable synchronous terminal output, so that if system
information (such as log information) is output when the user is inputting, the command prompt and input
information are echoed after the output (note that, the command prompt is echoed in command edit state
but is not echoed in interactive state).
Use the info-center timestamp command to set the format of time stamp included in the log/trap/debug
information or specify not to include time stamp in the information.
System view
Use the info-center trapbuffer command to enable information output to the trap buffer.
System view
instance
Use the instance command to map specified VLANs to a specified spanning tree instance.
MST Region view
interface
Use the command interface command to enter Ethernet port view. To configure parameters for a port, you
must enter the port view first.
System view
Use the interface vlan-interface command to create a management VLAN interface and enter
management VLAN interface view.
System view
ip address
Use the ip address command to assign an IP address (and mask) to a management VLAN interface.
VLAN Interface view
Use the ip address bootp-alloc command to configure VLAN interface to obtain IP address using
BOOTP.
VLAN Interface view
Use the ip address dhcp-alloc command to configure VLAN interface to obtain an IP address using
DHCP.
VLAN Interface view
ip host
Use the ip host command to configure a host name and the corresponding IP address for a switch.
System view
ip http acl
Use the ip http acl command to apply an ACL to filter Web users.
System view
User Interface view
ip-pool
Use the ip-pool command to configure a private IP address range for cluster members on the switch to
be set as the management device.
Cluster view
ip route-static
Use the ip route-static command to configure a static route.

Use the ip route-static command to configure a static route, whose validity depends on detecting results
as follows: valid when the detecting result is reachable or invalid when the detecting result is unreachable.
System view
22

Command Reference
ip route-static
Use the ip route-static command to configure a static route, whose validity depends on detecting results
as follows: valid when the detecting result is reachable or invalid when the detecting result is unreachable.
System view
jumboframe enable
Use this command to allow jumbo frames to pass through the Ethernet port.
Ethernet port view
key
Use the key command to specify a shared key for the RADIUS authentication/authorization packets or
accounting packets.
RADIUS Scheme view
lacp enable
Use the lacp enable command to enable the LACP protocol on the current port.
Ethernet Port view
lacp port-priority
Use the lacp port priority command to configure port priority value.
Ethernet Port view
Use the lacp system-priority command to configure system priority value.

System view
language-mode
Use the language-mode command to toggle between the language modes (that is, language environments)
of the command line interface (CLI) to meet your requirement.
User view
lcd
Use the lcd command to display the local work directory on the FTP client.
FTP Client view
level
Use the level command to set the priority level of the user.
Local User view
Use the link-aggregation group description command to set a description for an aggregation group.
System view
Use the link-aggregation group mode command to create a manual or static aggregation group.
System view
local-server
Use the local-server command to configure the parameters of local RADIUS server.
System view
local-user
Use the local-user command to add a local user and enter local user view.
System view
Use the local-user password-display-mode command to set the password display mode of all users.
System view
lock
Use the lock command to lock the current user interface and prevent unauthorized users from accessing it.
User view
logging-host
Use the logging-host command to configure a public logging host on the management device for member
devices.
Cluster view
Use the loopback-detection control enable command to enable loopback detection and control function
for Trunk ports and Hybrid ports.
Ethernet Port view

Command Reference
23
Use the loopback-detection enable command to enable the loopback detection function globally or for
a specific port.
System view
Ethernet Port view
Use the loopback-detection interval-time command to set the time interval for detecting the external
loopback for a port.
System view
Use the loopback-detection per-vlan enable command to configure the system to run loopback
detection on all VLANs for the Trunk and Hybrid ports.
Ethernet Port view
ls
Use the ls command to display the files in the specified directory.

SFTP Client view
ls
Use the ls command to display the information about a specified remote file.
FTP Client view
mac-address
Use the mac-address command to add/modify the MAC address table entry.
System view
Port view
Use the mac-address max-mac-count command to configure the maximum number of MAC addresses an
Ethernet port can learn.
Ethernet Port view
Use the mac-address max-mac-count0 command to disable a switch from learning MAC address in a
VLAN.
VLAN view
Use the mac-address multicast command to add a multicast MAC address entry.
System view
Use the mac-address multicast vlan command to add a multicast MAC address entry.
Ethernet Port view
Use the mac-address security command to add Security MAC address manually.
Ethernet Port view
System view
mac-address timer
Use the mac-address timer command to set the aging time for dynamic MAC address entries.
System view
mac-authentication
Use the mac-authentication command to enable centralized MAC address authentication globally (current
device) or on specified ports.
System view
Ethernet Port view
Use the mac-authentication authmode command to set MAC address authentication mode.
System view
Use the mac-authentication authpassword command to set a password for MAC address authentication
when the fixed mode is adopted.
System view
Use the mac-authentication authusername command to set a user name when a switch authenticates
users in fixed mode.
System view
24

Command Reference
Use the mac-authentication domain command to configure an ISP domain for centralized MAC address
authentication users.
System view
Use the mac-authentication timer command to configure the timers used in centralized MAC address
authentication.
System view
management-vlan
Use the management-vlan command to specify the management VLAN on the switch.
System view
Use the management-vlan synchronization enable command to enable the management VLANs of the
member devices of a cluster to be synchronized.
Cluster view
mdi
Use the mdi command to set port MDI attribute.

Ethernet Port view
messenger
Use the messenger time command to enable or disable the messenger alert and configure the related
parameters.
ISP Domain view
mirroring group
Use the mirroring-group command to configure the port mirroring group.

System view
Use the mirroring-group mirroring-port command to configure the monitored port.

System view
Use the mirroring-group reflector-port command to configure a reflector port.

System view
Use the mirroring-group remote-probe vlan command to specify the remote-probe VLAN for a given
mirroring group.
System view
mirroring-port
Use the mirroring-port command to configure a mirroring port.

Ethernet Port view
mkdir
SFTP Client view
mkdir
Use the mkdir command to create a directory in a specified directory of a specified storage device.
User view
mkdir
FTP Client view
monitor-port
Use the monitor-port command to configure the destination monitor port.

Ethernet Port view
more
Use the more command to display the content of a specified file.

User view
move
Use the move command to move a file to a specified directory. You can also assign a new name for the file.
User view
name
VLAN view

Command Reference
25
name
VLAN view
nas-ip
Use the nas-ip command to set the source IP address used by the switch to send RADIUS packets.
RADIUS Scheme view
ndp enable
Use the ndp enable command in system view to enable NDP globally on the switch. When being executed
in Ethernet port view, this command enables NDP for an Ethernet port.
System view
Ethernet Port view
ndp timer aging
Use the ndp timer aging command to set how long a device will hold the NDP packets received from the
local device. After the aging timer expires, the device will discard the received NDP neighbor node
information.
System view
ndp timer hello
Use the ndp timer hello command to define how often to transmit the NDP packets.
System view
Use the nm-interface vlan-interface command to configure an NMS interface of the management
device.
Cluster view
ntdp enable
Use the ntdp enable command in system view to enable NTDP globally. When being executed in Ethernet
port view, this command enables NTDP for an Ethernet port.
System view
Ethernet Port view
ntdp explore
Use the ntdp explore command to start topology information collection manually.
User view
ntdp hop
Use the ntdp hop command to set a range (in terms of hop count) for topology information collection.
System view
ntdp timer
Use the ntdp timer command to configure the interval to collect topology information.
System view
Use the ntdp timer hop-delay command to set the delay time for a switch to forward topology-collection
request packets.
System view
Use the ntdp timer port-delay command to set the delay time for a switch to forward a received
topology-collection request packet through its successive ports.
System view
Use the ntdp timer port-delay command to set the delay time for a switch to forward a received
topology-collection request packet through its successive ports. A switch forwards received topology
request packets to all its ports in turn. After forwarding a received topology-collection request packet through
one port, the switch delays for specific period before it forwards the packet through the next port.
ntp-service access
Use the ntp-service access command to set the authority to access the local equipment.
System view
Use the ntp-service authentication enable command to enable the NTP-service authentication
function.
System view
Use the ntp-service authentication-keyid command to configure an NTP authentication key.

System view
26

Command Reference
Use the ntp-service broadcast-client command to configure an Ethernet switch to operate in NTP
broadcast client mode.
VLAN Interface view
Use the ntp-service broadcast-server command to configure NTP broadcast server mode.
VLAN Interface view
Use the ntp-service in-interface disable command to disable an interface to receive NTP message.
VLAN Interface view
Use the ntp-service max-dynamic-sessions command to set how many sessions can be created locally.
System view
Use the ntp-service multicast-client command to configure an Ethernet switch to operate in NTP
multicast client mode.
VLAN Interface view
Use the ntp-service multicast-server command to configure an Ethernet switch to operate in NTP
multicast server mode.
VLAN Interface view
ntp-service reliable authentication-keyid
Use the ntp-service reliable authentication-keyid command to specify an authentication key to be

a trusted key.
System view
Use the ntp-service source-interface command to designate an interface to transmit NTP message.
System view
Use the ntp-service unicast-peer command to be an active NTP peer.

System view
Use the ntp-service unicast-server command to configure an Ethernet switch to operate in NTP server
mode.
System view
open
Use the open command to establish a control connection with an FTP server.
FTP Client view
packet-filter
Use the packet-filter command to define the packet filter function in the QoS profile.
QoS Profile view
packet-filter
Use the packet-filter command to apply ACL rules on the port to filter packets.
Ethernet Port view
parity
Use the parity command to set the check mode of the user interface.
User Interface view
passive
Use the passive command to set the data transmission mode to be passive mode.
FTP Client view
password
Use the password command to configure or change the system login password for a user.
Local User view
password
Use the password command to set a password for the local users.
Local User View
peer-public-key end
Use the peer-public-key end command to return to system view from public key view.
Public Key view

Command Reference
27
ping
Use the ping command to check the IP network connection and the reachability of the host.
Any view
port
Using the port command, you can add one port or one group of ports to a VLAN.
VLAN view
port access vlan
Use the port access vlan command to assign the access port to a specified VLAN.
Ethernet Port view
Use the port hybrid pvid vlan command to configure the default VLAN ID of the hybrid port.
Ethernet Port view
port hybrid vlan
Use the port hybrid vlan command to add the port to the specified VLAN(s). The port needs to have been
made a hybrid port before you can do this. See the related command below.
Ethernet Port view
port isolate
Use the port isolate command to add an Ethernet port to the isolation group.
Ethernet Port view
Use the port link-aggregation group agg_id command to add an Ethernet port to a manual or static
aggregation group.
Ethernet Port view
port link-type
Use the port link-type command to configure the link type of the Ethernet port.
Ethernet Port view
Use the port-security enable command to enable port security.

System view
Use the port-security intrusion-mode command to set the action mode of the Intrusion Protection
feature.
Ethernet Port view
Use the port-security max-mac-count command to set the maximum number of MAC addresses allowed
to access the port.
Ethernet Port view
Use the port-security ntk-mode command to set the packet transmission mode of the Need to Know
(NTK) feature.
Ethernet Port view
port-security OUI
Use the port-security OUI command to set an OUI value for authentication.
System view
Use the port-security port-mode command to set the security mode of the port.
Ethernet Port view
Use the port-security timer disableport command to set the time during which the system temporarily
disables a port.
System view
port-security trap
Use the port-security trap command to enable the sending of the specified type(s) of trap messages.
System view
Use the port trunk pvid vlan command to configure the default VLAN ID for a trunk port.
Ethernet Port view
28

Command Reference
Use the port trunk permit vlan command to add a trunk port to one VLAN, a selection of VLANs, or all
VLANs.
Ethernet Port view
primary accounting
Use the primary accounting command to set the IP address and port number for the primary accounting
server.
RADIUS Scheme view
Use the primary authentication command to configure the IP address and port number for the primary
RADIUS authentication/authorization server.
RADIUS Server Group view
priority
Use the priority command to set the priority of Ethernet port.

Ethernet Port view
priority trust
Use the priority trust command to configure the precedence mapping mode on the port of the switch.
Ethernet Port view
protocol inbound
Use the protocol inbound command to configure the protocols supported in the current user interface.
VTY User Interface view
protocol inbound
Use the protocol inbound command to specify the protocols supported by the user interface.
User Interface view
Use the protocol-priority command to set the global traffic priority that applies to a given protocol.
System view
Use the public-key-code begin command to enter public key edit view and input the client public key.
Public Key view
Use the public-key-code begin command to enter public key edit view and set server public keys.
Public Key view
public-key-code end
Use the public-key-code end command to return from public key edit view to public key view and save the
public keys you set.
public-key-code end
Use the public-key-code end command to return from public key edit view to public key view and save the
public keys you set.
put
Use the put command to upload a local file to the remote SFTP server.
SFTP Client view
put
Use the put command to upload a local file to the remote FTP server.
FTP Client view
pwd
Use the pwd command to display the current directory on the SFTP server.
SFTP Client view
pwd
Use the pwd command to display the current path. If the current path is not configured, an error occurs when
you execute this command.
User view
pwd
Use the pwd command to display the current directory on the remote FTP Server.
FTP Client view

Command Reference
29
Use the qos cos-drop-precedence-map command to configure the "COS->Drop-precedence" mapping

relationship.
System view
qos cos-dscp-map
Use the qos cos-dscp-map command to configure the "COS->DSCP" mapping relationship.
System view
Use the qos cos-local-precedence-map command to configure the "COS->Local-precedence" mapping

relationship.
System view
qos dscp-cos-map
Use the qos dscp-cos-map command to configure the "COS->802.1p priority" mapping relationship.
System view
Use the qos dscp-drop-precedence-map command to configure the "DSCP->Drop-precedence" mapping

relationship.
System view
qos dscp-dscp-map
Use the qos dscp-dscp-map command to configure the "DSCP->DSCP" mapping relationship.
System view
Use the qos dscp-local-precedence-map command to configure the "DSCP->Local-precedence"

System view
qos-profile
Use the qos-profile command to create a QoS profile and enter the corresponding view.
System view
Use the qos-profile port-based command to configure the port-based application mode of QoS profiles
on ports.
Ethernet Port view
queue-scheduler
Use the queue-scheduler command to set the queue-scheduling algorithm and parameters.
System view
quit
Use the quit command to terminate the connection to the remote SSH server.
User view
quit
Use the quit command to terminate the connection to the remote SFTP server and exit to system view.
SFTP Client view
quit
Use the quit command to terminate FTP control connection and FTP data connection and quit to user view.
This command has the same effect as that of the bye command.
FTP Client view
quit
Use the quit command to return from current view to lower level view, or exit the system if current view is
user view.
Any view
radius nas-ip
Use the radius nas-ip command to set the source IP address used by the switch to send RADIUS packets.
System view
radius-scheme
Use the radius-scheme command to specify the RADIUS scheme to be used by the current ISP domain.
ISP Domain view
radius scheme
Use the radius scheme command to create a RADIUS scheme and enter its view.
System view
30

Command Reference
radius trap
Use the radius trap command to enable the switch to send trap messages when its RADIUS
authentication or accounting server turns down.
System view
reboot
Use the reboot command to restart an Ethernet switch.

User view
reboot member
Use the reboot member command to reboot a specified member device on the management device.
Cluster view
region-name
Use the region-name command to set an MST region name to a switch.

MST Region view
remote-probe vlan
Use the remote-probe vlan enable command to enable the remote-probe port mirror port feature on the
VLAN of the switch.
VLAN view
remotehelp
Use the remotehelp command to display help information about the FTP protocol command.
FTP Client view
remove
Use the remove command to delete the specified file from the server.
SFTP Client view
rename
Use the rename command to change the name of the specified file on the SFTP server.
SFTP Client view
rename
Use the rename command to rename a file or a directory. If the target file name or directory name is the
same with any existing file name or directory name, you will fail to rename a file.
User view
rename
Use the rename command to rename a file on a remote host.

FTP Client view
reset arp
Use the reset arp command to remove information that is no longer required from the ARP mapping table.
User view
Use the reset counters interface command to clear the statistics of the port, preparing for a new
statistics collection.
User view
Use the reset dot1x statistics command to clear the statistics of 802.1x.
User view
Use the reset garp statistics command to clear the GARP statistics (such as the information about the
packets received/sent/discarded by GVRP/GMRP) on specified (or all) ports.
User view
Use the reset igmp-snooping statistics command to clear the IGMP Snooping statistics.
User view
reset ip statistics
Use the reset ip statistics command to clear the IP statistics information.

User view
reset logbuffer
Use the reset logbuffer command to clear information in the log buffer.
User view
Use the reset ndp statistics command to reset the NDP counters to clear the NDP statistics.
User view

Command Reference
31
Use the reset radius statistics command to clear the statistics information about the RADIUS protocol.
User view
reset recycle-bin
Use the reset recycle-bin command to completely delete file(s) in the recycle bin in the Flash.
User view
Use the reset saved-configuration command to delete the configuration file that is of the specified
attribute from the Flash, including the main and backup configuration files to be used when the switch starts
the next startup.
User view
Use the reset stop-accounting-buffer command to delete the buffered no-response stop-accounting
request packets.
User view
reset stp
Use the reset stp command to clear the STP statistics of specified Ethernet ports.
User view
Use the reset tcp statistics command to clear the TCP statistics information.
User view
reset traffic-limit
Use the reset traffic-limit command to clear the statistics of the traffic policing matching with the
specified ACL rules.
Ethernet Port view
Use the reset traffic-statistic command to clear the traffic statistics of the packets matching with the
specified ACL rules.
Ethernet Port view
reset trapbuffer
Use the reset trapbuffer command to clear information in the trap buffer.
User view
retry
Use the retry command to set the maximum number of transmission attempts of RADIUS requests.
Detecting Group view
Use the retry realtime-accounting command to set the maximum allowed number of continuous
no-response real-time accounting requests.
RADIUS Scheme view
Use the retry stop-accounting command to set the maximum number of transmission attempts of the
stop-accounting requests buffered due to no response.
RADIUS Scheme view
return
Use the return command to return to user view from any other view.
System view or higher level views
revision-level
Use the revision-level command to set the MSTP revision level for a switch.
MST Region view
rmdir
Use the rmdir command to delete the specified directory from the remote SFTP server.
SFTP Client view
rmdir
Use the rmdir command to delete a directory.

User view
Because only empty directories can be deleted, you need to delete the files in a directory before deleting it.
32

Command Reference
rmdir
Use the rmdir command to delete the specified directory from the remote FTP server.
FTP Client view
You can only use this command to remove directories that are empty.
rmon alarm
Use the rmon alarm command to add an entry to the alarm table.
System view
rmon event
Use the rmon event command to add an entry to the event table.
System view
rmon history
Use the rmon history command to add an entry to the history control table.
Ethernet Port view
rmon prialarm
Use the rmon prialarm command to add an entry to the extended RMON alarm table.
System view
rmon statistics
Use the rmon statistics command to add an entry to the statistic table.
Ethernet Port view
Use the rsa local-key-pair create command to generate RSA key pairs, whose names are in the format
of switch name plus _host, for example, S4200G_host.
System view
Use the rsa local-key-pair destroy command to destroy all existing RSA key pairs at the server end.
System view
rsa peer-public-key

System view
rsa peer-public-key

System view
rule (Advanced ACL)

Advanced ACL view
rule (Basic ACL)

Basic ACL view
rule comment
Use the rule comment command to define the comment string for an ACL rule.
Advanced ACL view / Layer 2 ACL view
rule (Layer 2 ACL)

Layer 2 ACL view
save
Use the save command to save the current configuration to a configuration file in the flash memory.
Any view
schedule reboot at
Use the schedule reboot at command to schedule a reboot on the current switch and set the reboot date
and time.
User view
Use the schedule reboot delay command to schedule a reboot on the switch, and set the reboot waiting
delay.
User view
scheme
Use the scheme command to configure the AAA scheme to used by the current ISP domain.
ISP Domain view

Command Reference
33
screen-length
Use the screen-length command to set the number of lines the terminal screen can contain.
User Interface view
Use the secondary accounting command to set the IP address and port number of the secondary RADIUS
accounting server.
RADIUS Scheme view
Use the secondary authentication command to set the IP address and port number of the secondary
RADIUS authentication/authorization server.
RADIUS Scheme view
Use the security-policy-server command to set the IP address of a security policy server.
RADIUS Scheme view
self-service-url
Use the self-service-url command to either enable or disable the self-service server location function.
ISP Domain view
send
Use the send command to send messages to a specified user interface or all user interfaces.
User view
server-type
Use the server-type command to configure the RADIUS server type supported by the Switch.
RADIUS Scheme view
service-type
Use the command service-type to authorize a user access to the specified services.
Local User view
service-type
Use the service-type command to specify the login type and the corresponding available command level.
Local User view
Use the service-type multicast command to set the current VLAN as a multicast VLAN.
VLAN view
Use the set authentication password command to set the local password.
User Interface view
sftp
Use the sftp command to establish a connection to the SFTP server and enter SFTP client view.
System view
sftp server enable
Use the sftp server enable command to enable the secure FTP (SFTP) server.
System view
sftp time-out
Use the sftp time-out command to set the timeout time for the SFTP user connection.
System view
shell
Use the shell command to make terminal services available for the user interface.
User Interface view
shutdown
Use the shutdown command to disable an Ethernet port.

Ethernet Port view
shutdown
Use the shutdown command to disable the VLAN interface.

VLAN Interface view
smarton
Use the smarton command to enable the SmartOn function for an Ethernet port with supplicant systems
attached.
Ethernet Port view
34

Command Reference
smarton password
Use the smarton password command to set the password to be used by the SmartOn function.
System view
smarton switchid
Use the smarton switchid command to set the switch ID.

System view
smarton timer
Use the smarton timer command to set the supplicant timeout timer for SmartOn-enabled supplicant
systems.
System view
snmp-agent
Use the snmp-agent command to enable SNMP Agent.

System view
Use the snmp-agent community command to set a community name and to enable users to access the
switch through SNMP. You can also optionally use this command to apply an ACL to filter network
management users.
System view
Use the snmp-agent community command to set the community access name and enable access to SNMP.
System view
snmp-agent group
Use the snmp-agent group command to configure a SNMP group. You can also optionally use this
command to apply an ACL to filter network management users.
System view
snmp-agent group
Use the snmp-agent group command to configure a new SNMP group, that is, to map SNMP user to SNMP
view.
Use the snmp-agent local-engineid command to set the engine ID of the local SNMP entity.
System view
snmp-agent log
Use the snmp-agent log command to enable the logging function for network management.
System view
snmp-agent mib-view
Use the snmp-agent mib-view command to create or update the view information, limiting the MIB objects
to be accessed by the NMS.
System view
Use the snmp-agent packet max-size command to set the maximum size of SNMP packet that the Agent
can send/receive.
System view
snmp-agent sys-info
Use the snmp-agent sys-info command to configure system information such as geographical location of
the device, contact information for system maintenance and version information of running SNMP.
System view
Use the snmp-agent target-host command to command to configure destination of SNMP Trap packets.
System view
Use the snmp-agent trap enable command to enable the device to send Trap packets.
System view
Use the snmp-agent trap life command to set aging time for Trap packets.
System view
Use the snmp-agent trap queue-size command to configure the information queue length of a Trap packet
sent to the destination host.
System view

Command Reference
35
Use the snmp-agent trap source command to configure the source address for sending Trap messages.
System view
snmp-agent usm-user
Use the snmp-agent usm-user command to add a new community name or, if you use the V3 parameter,
a new user to an SNMP group.
System view
snmp-agent usm-user
Use the snmp-agent usm-user command to add a new user to an SNMP group. You can also optionally
use this command to apply an ACL to filter network management users.
System view
snmp-agent usm-user
Use the snmp-agent usm-user command to add a new user to an SNMP group.
System view
snmp-agent usm-user
Use the snmp-agent usm-user command to add a new community name or, if you use the V3 parameter,
a new user to an SNMP group.
System view
snmp-host
Use the snmp-host command to configure an SNMP host for the member devices inside a cluster on the
management device.
Cluster view
speed
Use the speed command to set the transmission speed of the user interface.
User Interface view
speed
Use the speed command to configure the port rate.

Ethernet Port view
Use the ssh client assign rsa-key command to specify on the client the public key for the server to be
connected to guarantee the client can be connected to a reliable server.
System view
Use the ssh client first-time enable command to configure the client to run the initial authentication.
System view
Use the ssh server authentication-retries command to set authentication retry number for SSH
connections.
System view
ssh server timeout
Use the ssh server timeout command to set authentication timeout time for SSH connections.
System view
Use the ssh user assign rsa-key command to allocate public keys to SSH users.
System view
Use the ssh user authentication-type command to define on the server the available authentication type
for an SSH user.
System view
Use the ssh user service-type command to specify service type for a user.
System view
ssh2
Use the ssh2 command to enable the connection between SSH client and server, define key exchange
algorithm preference, encryption algorithm preference and HMAC algorithm preference on the server and
client.
System view
36

Command Reference
Use the startup bootrom-access enable command to specify a switch to prompt for the customized
password before entering the BOOT menu.
User view
Use the startup saved-configuration command to specify the main or backup configuration file for a
switch to start the next time.
User view
state
Use the state command to configure the state of the current ISP domain/current user.
ISP Domain view
Local User view
RADIUS view
state
Use the state command to configure the state of RADIUS server.

RADIUS Scheme view
Use the stop-accounting-buffer enable command to enable the switch to buffer the stop-accounting
requests that bring no response.
RADIUS Scheme view
stopbits
Use the stopbits command to set the stop bits of the user interface.
User Interface view
stp
Use the stp command to enable or disable MSTP globally or for a port.
System view
Ethernet Port view
stp bpdu-protection
Use the stp bpdu-protection command to enable the BPDU protection function.
System view
stp bridge-diameter
Use the stp bridge-diameter command to set the network diameter of a switched network, which is
represented in terms of the maximum number of switches between any two terminals in a switched network.
System view
Use the stp config-digest-snooping command to enable the digest snooping feature.
Ethernet Port view
stp cost
Use the stp cost command to set the path cost of a port in a spanning tree instance.
Ethernet Port view
stp edged-port
Use the stp edged-port command to configure the current Ethernet port as either an edge port or a
non-edge port.
Ethernet Port view
stp interface
Use the stp interface command in system view to enable or disable MSTP for specified ports.
System view
Use the stp interface config-digest-snooping command to enable the digest snooping feature.
System view
stp interface cost
Use the stp interface cost command to set the path cost of specified ports in a specified spanning tree
instance.
System view
Use the stp interface edged-port command to configure the specified Ethernet ports to be either edge
ports or non-edge ports.
System view

Command Reference
37
Use the stp interface loop-protection command to enable the loop prevention function.
System view
Use the stp interface mcheck command to perform the mCheck operation for specified ports.
System view
Use the stp interface no-agreement-check command to enable the rapid transition feature on a specified
port.
System view
Use the stp interface point-to-point command to specify whether the specified Ethernet ports are
point-to-point links.
System view
Use the stp interface port priority command to set the port priority of specified ports in a spanning
tree instance.
System view
Use the stp interface root-protection command to enable the root protection function for specified
ports.
System view
Use the stp interface transmit-limit command to set the maximum number of BPDUs that each
specified port can send within a Hello time interval.
System view
stp loop-protection
Use the stp loop-protection command to enable the loop prevention function for the current port.
Ethernet Port view
stp max-hops
Use the stp max-hops command to set the maximum hop count of the MST region to which the switch
belongs.
System view
stp mcheck
Use the stp mcheck command to perform the mCheck operation for the current port.
Ethernet Port view
System view
stp mode
Use the stp mode command to set the MSTP operation mode of the switch.
System view
Use the stp no-agreement-check command to enable the rapid transition feature on the current port.
Ethernet Port view
Use the stp pathcost-standard command to set the standard used for calculating the default path costs
of ports.
System view
stp point-to-point
Use the stp point-to-point command to specify whether the port must connect to point-to-point link.
Ethernet Port view
stp port priority
Use the stp port priority command to set the priority of the current port in a specified spanning tree
instance.
Ethernet Port view
stp priority
Use the stp priority command to set the priority of a switch in a spanning tree instance.
System view
38

Command Reference
Use the stp region-configuration command to enter MST region view.

System view
stp root primary
Use the stp root primary command to configure the current switch to be the root bridge of a specified
spanning tree instance.
System view
stp root-protection
Use the stp root-protection command to enable the root protection function for the current port.
Ethernet Port view
stp root secondary
Use the stp root secondary command to configure the current switch as a secondary root bridge of a
specified spanning tree instance.
System view
stp tc-protection
Use the stp tc-protection command to enable or disable the TC-BPDU attack prevention function for
the switch.
System view
stp timer-factor
Use the stp timer-factor command to set the timeout time of a switch in terms of the multiple of the Hello
time.
System view
Use the stp timer forward-delay command to set the Forward delay for a switch.
System view
stp timer hello
Use the stp timer hello command to set the Hello time for a switch.
System view
stp timer max-age
Use the stp timer max-age command to set the maximum age of a switch.
System view
stp transmit-limit
Use the stp transmit-limit command to set the maximum number of configuration BPDUs the current
port can transmit within a Hello time.
Ethernet Port view
super
Use the super command to switch the current user level to the one identified by the level argument.
User view
super password
Use the super password command to set the password for users to switch to a higher user level.
System view
sysname
Use the sysname command to set a domain name for the switch.
System view
sysname
Use the sysname command to set the system name of the Switch.
System view
system-view
Enter system-view to enter the system view from the user view.
User view
Use the tcp timer fin-timeout command to configure the TCP finwait timer.
System view
Use the tcp timer syn-timeout command to configure the TCP synwait timer.
System view

Command Reference
39
tcp window
Use the tcp window command to configure the size of the transmission and receiving buffers of the
connection-oriented socket.
System view
telnet
Use the telnet command to log in to another Ethernet switch from the current switch via Telnet for remote
management.
User view
terminal debugging
Use the terminal debugging command to configure to display the debugging information on the terminal.
User view
terminal debugging
Use the terminal debugging command to configure to display the debugging information on the terminal.
User view
terminal logging
Use the terminal logging command to enable log terminal display.

User view
terminal monitor
Use the terminal monitor command to enable the debug/log/trap terminal display function.
User view
terminal trapping
Use the terminal trapping command to enable terminal trap information display.
User view
tftp
Use the tftp command to set the TFTP data transfer mode.
System view
tftp cluster get
Use the tftp cluster get command to download a specified file from a cluster TFTP server.
User view
tftp cluster put
Use the tftp put command to upload a specified file to a specified directory of a cluster TFTP server.
User view
tftp get
Use the tftp get command to download a file from a TFTP server to this switch.
User view
tftp put
Use the tftp put command to upload a file from the switch to the specified directory on the TFTP server.
User view
tftp-server
Use the tftp-server command to configure a TFTP server for cluster members on the management
device.
Cluster view
tftp-server acl
Use the tftp-server acl command to specify the ACL (Access Control List) adopted for the connection
between a TFTP client and a TFTP server.
System view
time-range
Use the time-range command to define a time range.

System view
timer
Use the timer command to set the interval to send handshake packets.
Cluster view
timer
Use the timer command to set the response timeout time of RADIUS server (that is, the timeout time of the
response timeout timer of RADIUS server).
RADIUS Scheme view
timer quiet
Use the timer quiet command to set the wait time for the primary server to restore the active state.
RADIUS Scheme view
40

Command Reference
Use the timer realtime-accounting command to set the real-time accounting interval.
RADIUS Scheme view
Use the timer response-timeout command to set the response timeout time of RADIUS servers.
RADIUS Scheme view
topology accept
Use the topology accept command to confirm the current topology information of the cluster and save that
as a standard topology.
Cluster view
Use the topology restore-from command to obtain and restore the standard topology information from
the local flash.
Cluster view
topology save-to
Use the topology save-to command to save the standard topology information into the local flash.
Cluster view
tracemac
Use the tracemac command to locate a device by MAC address or IP address.

Any view
tracert
Use the tracert command to trace the gateways the test packets passes through during its journey from
the source to the destination.
Any view
The tracert command is primarily used to check the network connectivity. It can also help you locate the
trouble spot of the network.
traffic-limit
Use the traffic-limit command to use ACL rules in traffic identifying and traffic policing for the packet
matching with the ACL rules and to set traffic policing parameters.
Ethernet Port view
traffic shape
Use the traffic-shape command to enable traffic shaping and send the packets out at an even rate.
Ethernet Port view
traffic-statistic
Use the traffic-statistic command to use ACL rules in traffic identifying and perform traffic statistics on
the packets matching with the ACL rules.
System view
udp-helper enable
Use the udp-helper enable command to enable the UDP Helper function.
System view
udp-helper port
Use the udp-helper port command to configure the UDP port with relay function.
System view
udp-helper server
Use the udp-helper server command to configure the relay destination server for UDP broadcast packets.
VLAN Interface view
undelete
Use the undelete command to restore a deleted file.

User view
user
Use the user command to switch to a specified user.

FTP Client view
After logging into an FTP server, you can switch to another user by using the user command.
user-interface
Using user-interface command to enter one or more user interface views to perform configuration.
System view
user-name-format
Use the user-name-format command to set the format of the user names to be sent to RADIUS server.
RADIUS Scheme view

Command Reference
41
Use the user privilege level level command to configure the command level that a user can access
from the specified user interface.
User Interface view
verbose
Use the verbose command to enable the verbose function, which displays execution and response
information of other related commands.
FTP Client view
virtual-cable-test
Use the virtual-cable-test command to enable the system to test the cable connected to a specific port
and to display the results.
Ethernet Port view
vlan
Use the vlan command to enter the VLAN view.

System view
Use the vlan-assignment-mode command to set the VLAN assignment mode on the switch.
ISP Domain view
vlan-mapping modulo
Use the vlan-mapping modulo command to map VLANs to specific spanning tree instances.
MST Region view
vlan-vpn enable
Use the vlan-vpn enable command to enable the VLAN-VPN function for a port.
Ethernet Port view
vlan-vpn tpid
Use the vlan-vpn tpid command to set a TPID value for a port. The setting takes effect only when the
VLAN-VPN or VLAN-VPN uplink function is enabled.
Ethernet Port view
vlan-vpn tunnel
Use the vlan-vpn tunnel command to enable the BPDU tunnel function.
System view
Use the vlan-vpn uplink enable command to configure a port to be a VLAN-VPN uplink port.
Ethernet Port view
voice vlan
System view
voice vlan aging
Use the voice vlan aging command to set the aging time for a voice VLAN.
System view
voice vlan enable
Use the voice vlan enable command to enable the voice VLAN function for a port.
Ethernet Port view
Use the voice vlan mac-address command to set a MAC address used for a voice VLAN to identify voice
devices.
System view
voice vlan mode
Use the voice vlan mode auto command to configure an Ethernet port to operate in the automatic voice
VLAN mode.
Ethernet Port view
Use the voice vlan security enable command to enable the voice VLAN security mode.
System view

Manual Del Comando de Referencia 3com

Загружено:

Сведения о документе

Авторское право

Доступные форматы

Поделиться этим документом

Поделиться или встроить документ

Параметры публикации

Этот документ был вам полезен?

Это неприемлемый материал?

Авторское право:

Доступные форматы

Manual Del Comando de Referencia 3com

Загружено:

Авторское право:

Доступные форматы

3Com Switch 4200G Family

Command Reference Guide

ALPHABETICAL LISTING OF COMMANDS

ABOUT THIS GUIDE

About This Software

The manual is intended for the following readers:

Users who are familiar with the basics of networking

This manual uses the following conventions:

Information that describes important features or instructions.

Information that alerts you to potential loss of data or

Information that alerts you to potential personal injury.

3Com Switch 4200G Family

Table 2 Text conventions

Screen displays This typeface represents text as it appears on the screen.

Alternative items, one of which must be entered, are grouped in braces

Items shown in square brackets [ ] are optional.

This section lists all commands in alphabetical order.

6 Alphebetical Listing of Commands

3Com Switch 4200G Family

display domain 169

3Com Switch 4200G Family

Alphebetical Listing of Commands 7

display local-server statistics 229

display radius 278

8 Alphebetical Listing of Commands

dot1x port-method 342

3Com Switch 4200G Family

info-center console channel 394

3Com Switch 4200G Family

Alphebetical Listing of Commands 9

mac-address max-mac-count 0 448

10 Alphebetical Listing of Commands

public-key-code end 550

3Com Switch 4200G Family

reset traffic-limit 609

3Com Switch 4200G Family

Alphebetical Listing of Commands 11

smarton timer 674

stp interface loop protection 740

12 Alphebetical Listing of Commands

3Com Switch 4200G Family

The commands in this document are listed in alphabetical order.

3Com Switch 4200G Family

access-limit { disable | enable max-user-number }

Specifies not to limit the number of access users that

Specifies the maximum number of access users that

This command can be used in the following views:

ISP Domain view

3Com Switch 4200G Family

accounting { none | radius-scheme radius-scheme-name }

Specifies not to perform accounting.

Name of a RADIUS scheme, consisting of a character

By default, no accounting scheme is configured for the ISP domain.

To specify radius as the RADIUS accounting scheme that will be referenced by

This command can be used in the following views:

ISP Domain view

3Com Switch 4200G Family

accounting domain domain-name

Enter system view.

Name of a domain, consisting of a string from 1 to 24

Enter DHCP address pool view.

This command can be used in the following views:

DHCP Address Pool view

3Com Switch 4200G Family