Академический Документы
Профессиональный Документы
Культура Документы
www.3Com.com
Part Number: 10014916 Rev. AD
Published: April, 2007
3Com Corporation Copyright © 2006-2007, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any
350 Campus Drive form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without
written permission from 3Com Corporation.
Marlborough, MA
3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time
USA 01752-3064 without obligation on the part of 3Com Corporation to provide notification of such revision or change.
3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or
expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality,
and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s)
described in this documentation at any time.
If there is any software on removable media described in this documentation, it is furnished under a license agreement
included with the product as a separate document, in the hard copy documentation, or on the removable media in a
directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will
be provided to you.
UNITED STATES GOVERNMENT LEGEND
If you are a United States government agency, then this documentation and the software described herein are provided to
you subject to the following:
All technical data and computer software are commercial in nature and developed solely at private expense. Software is
delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item”
as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Com’s standard commercial
license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or
FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided
on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.
Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered
in other countries.
3Com and the 3Com logo are registered trademarks of 3Com Corporation.
Cisco is a registered trademark of Cisco Systems, Inc.
Funk RADIUS is a registered trademark of Funk Software, Inc.
Aegis is a registered trademark of Aegis Group PLC.
Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are
registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a
registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd.
IEEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers, Inc.
All other company and product names may be trademarks of the respective companies with which they are associated.
ENVIRONMENTAL STATEMENT
It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed
to:
Establishing environmental performance standards that comply with national legislation and regulations.
Conserving energy, materials and natural resources in all operations.
Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards.
Maximizing the recyclable and reusable content of all products.
Ensuring that all products can be recycled, reused and disposed of safely.
Ensuring that all products are labelled according to recognized environmental standards.
Improving our environmental record on a continual basis.
End of Life Statement
3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.
Regulated Materials Statement
3Com products do not contain any hazardous or ozone-depleting material.
CONTENTS
COMMANDS
Commands 13
NUMERICSCOMMANDS BY FUNCTION
Commands by Function 845
2 CONTENTS
ABOUT THIS GUIDE
This guide describes the command line interface (CLI) configuration commands
used to control the 3Com Switch 4200G Family of switches.
About This Software The software in the 3Com Switch 4200G Family is a subset of that used in some
Version other 3Com products. Depending on the capabilities of your hardware platform,
some commands described in this guide may not be available on your Switch,
although the unavailable commands may still display on the command line
interface (CLI). If you try to use an unavailable command, an error message
displays.
CAUTION: Any command that displays on the CLI, but is not described in this
guide, is not supported in Version #.# software. 3Com only supports the
commands described in this guide. Other commands may result in the loss of data,
and are entered at the user’s risk.
Organization of the The 3Com Switch 4200G Family Command Reference Guide list all commands in
Manual alphabetical order. A index of commands organized by function is provided at the
end of this document.
Convention Description
Screen displays This typeface represents text as it appears on the screen.
Keyboard key names If you must press two or more keys simultaneously, the key names are
linked with a plus sign (+), for example:
Press Ctrl+Alt+Del
The words “enter” When you see the word “enter” in this guide, you must type something,
and “type” and then press Return or Enter. Do not press Return or Enter when an
instruction simply says “type.”
Fixed command This typeface indicates the fixed part of a command text. You must type
text the command, or this part of the command, exactly as shown, and press
Return or Enter when you are ready to enter the command.
Example: The command display history-command must be entered
exactly as shown.
Variable This typeface indicates the variable part of a command text. You must type
command text a value here, and press Return or Enter when you are ready to enter the
command.
Example: in the command super level, a value in the range 0 to 3 must
be entered in the position indicated by level
{ x | y | ... } Alternative items, one of which must be entered, are grouped in braces
and separated by vertical bars. You must select and enter one of the items.
Example: in the command flow-control {hardware | none |
software}, the braces and the vertical bars combined indicate that you
must enter one of the parameters. Enter either hardware, or none, or
software.
[] Items shown in square brackets [ ] are optional.
Example 1: in the command display users [all], the square brackets
indicate that the parameter all is optional. You can enter the command
with or without this parameter.
Example 2: in the command user-interface [type] first-number
[last-number] the square brackets indicate that the parameters [type]
and [last-number] are both optional. You can enter a value in place of
one, both or neither of these parameters.
Alternative items, one of which can optionally be entered, are grouped in
square brackets and separated by vertical bars.
Related Manuals The 3Com Switch 4200G Family Getting Started Guide provides information about
installation.
The 3Com Switch 4200G Family Configuration Guide provides information about
configuring your network using the commands described in this guide.
ALPHABETICAL LISTING OF
COMMANDS
access-limit
Purpose Use the access-limit command to set the maximum number of access users that
can be contained in current ISP domain.
Use the undo access-limit command to restore the default maximum number.
undo access-limit
Parameters disable Specifies not to limit the number of access users that
can be contained in current ISP domain.
If not specified, disable is selected by default.
enable max-user-number Specifies the maximum number of access users that
can be contained in current ISP domain. Valid values
are 1 to 1048.
Example To allow ISP domain aabbc.net to contain at most 500 access users, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G]domain aabbc.net
New Domain added.
[S4200G-isp-aabbcc.net] access-limit enable 500
Description This command limits the amount of supplicants contained in the current ISP domain.
Because resource contention may occur between access users, there is a need to
properly limit the number of access users in an ISP domain to provide reliable
performance to the users in the ISP domain.
3Com Switch 4200G Family accounting ● 15
Command Reference
accounting
Purpose Use the accounting command to configure an accounting scheme for the current
ISP domain.
undo accounting
Example To specify “radius” as the RADIUS accounting scheme that will be referenced by
current ISP domain, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain aabbcc.net
New Domain added.
Description When you use the accounting command to specify a RADIUS scheme for the
current ISP domain, the RADIUS scheme must already be defined.
If the accounting command is used in an ISP domain view, the system uses the
scheme specified in this command to charge the users. Otherwise, the system uses
the scheme specified in the scheme command to charge the users.
accounting domain
Purpose Use the accounting domain command to enable the DHCP accounting function.
Use the undo accounting domain command to disable the DHCP accounting
function.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
Enable the DHCP accounting function (assuming that domain 123 already exists).
accounting-on enable
Purpose Use the accounting-on enable command to enable user re-authentication upon
device restart function.
Use the undo accounting-on send command to restore the default maximum
number of attempts to transmit the Accounting-On packet.
Example To enable the user re-authentication upon device restart function for the RADIUS
scheme named CAMS, enter the following:
<S4200G> system-view
[S4200G] radius scheme CAMS
[S4200G-radius-CAMS] accounting-on enable
Description The purpose of this feature is to resolve the following problem: users cannot re-log
onto the network after the switch reboots because they are already online. After this
feature is enabled, every time the switch reboots:
■ Once the CAMS receives the Accounting-On packet, it sends a response to the
switch. At the same time it finds and deletes the existing online information of the
user who was accessing the network through the switch before the reboot based
on the NAS-ID, NAS-IP and session ID contained in the Accounting-On packet, and
ends the charging of the user according to the last accounting update packet.
■ Once the switch receives the response from the CAMS, it stops sending other
Accounting-On packets.
■ If the switch has tried the set maximum times to transmit the Accounting-On
packet but still does not receive any response from the CAMS, it stops the sending
of the Accounting-On packet.
Note: The switch can automatically generate the main attributes (NAS-ID, NAS-IP and
session ID) of the Accounting-On packets. However, you can also manually configure
the NAS-IP attribute with the nas-ip command. When doing this, be sure to
configure a correct and valid IP address. If this attribute is not configured manually,
the switch will automatically select the IP address of the VLAN interface as the NAS-IP
address.
accounting optional
Purpose Use the accounting optional command to open the accounting-optional switch.
Parameters None
Example To open the accounting-optional switch for the ISP domain named aabbcc.net, enter
the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain aabbcc.net
New Domain added.
[S4200G-isp-aabbcc.net] accounting optional
To open the accounting-optional switch for the RADIUS scheme radius1, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] accounting optional
Description Note:
■ When the system charges an online user but it does not find any available RADIUS
accounting server or fails to communicate with any RADIUS accounting server, the
user can continue the access to network resources if the accounting
optional command has been used, otherwise the user is disconnected from the
system. The accounting optional command is often used in the cases
where only authentication is needed and no accounting is needed.
20 ● accounting optional 3Com Switch 4200G Family
Command Reference
■ After the accounting optional command is used for a RADIUS scheme, the
system will no longer send real-time accounting update packets and
stop-accounting packets for any user in an ISP domain referencing the RADIUS
scheme.
■ This configuration takes effect only on the accounting using this RADIUS scheme.
3Com Switch 4200G Family acl ● 21
Command Reference
acl
Purpose Use the acl command to reference ACL and implement the ACL control to the
TELNET users.
Use the undo acl command to remove the control from the TELNET users.
Example Apply ACL 2000 to filter users Telneting to the current switch (assuming that ACL
2,000 already exists.).
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] user-interface vty 0 4
[S4200G-ui-vty0-4] acl 2000 inbound
acl
Purpose Use the acl command to define an ACL identified by a number, and enter the
corresponding ACL View.
Use the undo acl command to delete all entries of an ACL or to delete all ACLs.
Parameters number acl-number Specifies the number of an access control list (ACL) in
the range of:
2,000 to 2,999: identifies basic ACLs.
3,000 to 3,999: identifies advanced ACLs.
4,000 to 4,999: identifies layer 2 ACLs.
match-order Specifies the match order for the ACL rules. The
match-order keyword is not available for the definition
of a Layer 2 ACL. Match orders include config and
auto.
config Specifies to match ACL rules according to the
user-defined order.
auto Specifies to match ACL rules according to the
"depth-first" order.
all Specifies to delete all ACLs.
Example Define rules for ACL 2000, and specify "depth-first" order as the rule match order.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] acl number 2000 match-order auto
[S4200G-acl-basic-2000]
■ System view
Description After entering the corresponding ACL view, you can use the rule command to add
entries to the ACL.
■ Configured order: ACL rules are matched according to the configured order.
■ Automatic ordering: ACL rules are matched according to the "depth-first" order
You can use the match-order keyword to specify whether to use the configured order
or "depth-first" order (rules with smaller ranges are matched first) to match rules. If
neither match orders are specified, the configured match order will be adopted.
You cannot modify the match order for an ACL once you have specified it, unless you
delete all the entries of the ACL.
The ACL match order feature is effective only when the ACL is referenced by software
for data filtering and traffic classification.
active region-configuration
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp region-configuration
[S4200G-mst-region] active region-configuration
Description This command causes the switch to operate with the new MST region settings, when
spanning trees are regenerated.
Changes of MST region parameters, especially those of the VLAN mapping tables, can
cause MSTP to recalculate the spanning trees, creating network topology jitters across
the network. To reduce network topology jitters caused by configuration changes,
MSTP does not recalculate the spanning trees immediately in response to region
configuration changes. Rather, MSTP brings the configurations into effect only after
you activate the new MST region settings or enable MSTP.
add-member
Example Add a candidate device to the cluster, setting the member number to 6. (Assume that
the MAC address and user password of the candidate device are 00E0-fc00-35e7 and
123456.)
<aaa_0.S4200G>system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G-cluster]
[aaa_0.S4200G-cluster] add-member 6 mac-address 00E0-fc00-35e7 password
123456
■ Cluster view
You can add a candidate device to a cluster on the management device only.
If you do not specify the member number when adding a cluster member, the
management device assigns the least available member number to it.
After a candidate device is added to a cluster, its device password becomes the
management device password.
26 ● address-check 3Com Switch 4200G Family
Command Reference
address-check
Purpose Use the address-check command to enable or disable DHCP relay security on a
VLAN interface, so as to start or stop the validity check on user addresses under the
VLAN interface.
address-check disable
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
administrator-address
Purpose Use the administrator-address command to store the MAC address of the
management device on a member device.
undo administrator-address
<S4200G>system-view
System View: return to User View with Ctrl+Z
[S4200G] cluster
[S4200G-cluster] undo administrator-address
■ Cluster view
Description A cluster contains one (and only one) management device. After rebooting, a
member device identifies the management device by the MAC address of the
management device.
The recommended way to remove a cluster member from a cluster is to execute the
delete-member command on the management device.
28 ● am user-bind 3Com Switch 4200G Family
Command Reference
am user-bind
Purpose Use the am user-bind command to bind the MAC and IP addresses of a legal user
to a specified port.
Example Bind the legal user whose MAC address is 00e0-fc00-3900 and IP address is
10.153.1.1 to GigabitEthernet1/0/2 port.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] am user-bind mac-addr 00e0-fc00-5100 ip-addr 10.153.1.1
interface GigabitEthernet1/0/2
■ System view
■ Ethernet Port view
Description After a binding operation, only the valid user's packets can pass through the port.
■ You need to specify the bound port if you use this command in system view.
■ You do not need to specify the bound port if you use this command in Ethernet
port view, because the MAC and IP address will be bound to the current port.
You can bind up to 128 pairs of MAC and IP addresses on a unit. The system allows
only one binding operation for the same MAC address.
3Com Switch 4200G Family apply qos-profile ● 29
Command Reference
apply qos-profile
Purpose Use the apply qos-profile command to manually apply the QoS profile to the
current port.
Use the undo apply qos-profile command to manually remove the QoS profile
from a port.
Example To apply the qos-profile named h3c on the current port manually, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] apply qos-profile h3c
Description You cannot delete a QoS profile which has been applied to a port. Likewise a profile
has to be created before it can be assigned to a port.
30 ● apply qos-profile interface 3Com Switch 4200G Family
Command Reference
Purpose Use the apply qos-profile interface command to manually apply a QoS profile
to one or more consecutive ports.
Use the undo apply qos-profile command to manually remove the configuration
from one or more consecutive ports.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] apply qos-profile h3c interface gigabitethernet1/0/1 to
gigabitethernet1/0/4
■ System view
Description You cannot delete the specific QoS profile that has been applied to the port.
3Com Switch 4200G Family arp check enable ● 31
Command Reference
Purpose Use the arp check enable command to enable the ARP entry checking function,
that is, to disable a switch from creating multicast MAC address ARP entries for MAC
addresses learned.
Use the undo arp check enable command to disable the ARP entry checking
function. In this case, a switch creates multicast MAC address ARP entries for MAC
addresses learned.
Parameters None
Default By default, the checking of ARP entry is enabled and the device does not learn the
ARP entry where the MAC address is a multicast MAC address.
Example To configure to create multicast MAC address ARP entries for MAC addresses learned,
enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] undo arp check enable
■ System view
32 ● arp static 3Com Switch 4200G Family
Command Reference
arp static
Purpose Use the arp static command to configure the static ARP mapping entries in the ARP
mapping table.
Use the undo arp ip_address command to remove a ARP mapping entry from the
ARP table.
Default By default, the ARP mapping table is empty, and the Switch uses dynamic ARP to
maintain its address mapping.
Example To Create a static ARP mapping entry, with the IP address of 202.38.10.2, the MAC
address of 00e0-fc01-0000. The ARP mapping entry belongs to GigabitEthernet1/0/1
port (assuming that GigabitEthernet1/0/1 port belongs to VLAN1), enter following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] arp static 202.38.10.2 00e0-fc01-0000 1 GigabitEthernet1/0/1
■ System view
3Com Switch 4200G Family arp static ● 33
Command Reference
Description The system ARP mapping table is empty when a switch is just started. And the
dynamic address mapping entries are generated by ARP.
Note:
■ Static ARP mapping entries are valid as long as the Ethernet switch operates.
However, an ARP mapping entry is removed if the corresponding VLAN is
removed. By default, a dynamic ARP mapping entry remains valid for 20 minutes.
■ As for the arp static command, the value of the vlan-id argument must be
the ID of an existing VLAN, and the port identified by the interface-type and
interface-number arguments must belong to the VLAN.
Purpose Use the arp timer aging command to configure the aging time for dynamic ARP
mapping entries.
Use the undo arp timer aging command to restore the default aging time.
Parameters aging-time Specifies the aging time (in minutes) of the dynamic
ARP mapping entries. Valid values are from 1 to 1,440.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] arp timer aging 10
■ System view
ascii
Purpose Use the ascii command to configure data transmission mode as ASCII mode.
Syntax ascii
Parameters None
[ftp] ascii
200 Type set to A.
Description Perform this command if the user needs to change the file transmission mode to
default mode.
36 ● attribute 3Com Switch 4200G Family
Command Reference
attribute
Purpose Use the attribute command to configure attributes of a user whose service type is
lan-access.
Use the undo attribute command to cancel the attributes that have been defined
for this user.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] local-user user1
New local user added.
[S4200G-luser-user1] attribute ip 10.110.50.1
authentication
Purpose Use the authentication command to configure an authentication scheme for the
current ISP domain.
undo authentication
Parameters radius-scheme
radius-scheme-name Specifies a RADIUS authentication scheme.
local Specifies to use local authentication scheme.
none Specifies not to perform authentication.
Example To Specify “radius” as the RADIUS authentication scheme to be referenced by the ISP
domain aabbcc.net, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain aabbcc.net
New Domain added.
[S4200G-isp-aabbcc.net] authentication radius-scheme radius
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain aabbcc
New Domain added.
[S4200G-isp-aabbcc] authentication radius-scheme rd local
Description Before you use the authentication command to specify a RADIUS scheme to be
referenced by the current ISP domain, the specified RADIUS scheme must has already
been defined.
authentication-mode
Default By default, users logging in through the Console port are not authenticated, whereas
modem users and Telnet users are authenticated.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] user-interface aux0
[S4200G-ui-aux0] authentication-mode password
Description This command configures the authentication method for a user at log in.
■ If you specify the password keyword to authenticate users using the local
password, remember to set the local password using the set authentication
password { cipher | simple } password command.
■ If you specify the scheme keyword to authenticate users locally or remotely using
usernames and passwords, the actual authentication mode depends on other
related configuration. Refer to the Security module of this manual for more.
3Com Switch 4200G Family authentication-mode ● 41
Command Reference
The type of the authentication depends on your network configuration. For further
information, see “AAA and RADIUS”.
42 ● authorization 3Com Switch 4200G Family
Command Reference
authorization
Purpose Use the authorization none command to allow users in the current ISP domain
to use network services without being authorized.
undo authorization
Parameters None
Example Allow users in current ISP domain to access the network services without being
authorized.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain aabbcc.net
New Domain added.
[S4200G-isp-aabbcc.net] authorization none
auto-build
<S4200G>system-view
System View: return to User View with Ctrl+Z
[S4200G] cluster
[S4200G-cluster] auto-build
■ Cluster view
When you use this command on a candidate device, you are required to input a
cluster name to create a cluster. Then the cluster collects candidates through NTDP
and adds them to the cluster upon your confirmation.
When you use this command on a management device, the system will collect
candidates directly.
Note:
Ensure that NTDP is enabled, because it is the basis of candidate and member
collection. The collection range is also decided through NTDP. You can use the hop
command to modify the collection range.
auto-execute command
Purpose Use the auto-execute command command to set the command that is executed
automatically after a user logs in.
Example Configure the telnet 10.110.100.1 command to be executed automatically after users
log into VTY 0.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] user-interface vty0
[S4200G-ui-vty0] auto-execute command telnet 10.110.100.1
Description Normally, the telnet command is specified to be executed automatically to enable the
user to Telnet to a specific network device automatically.
CAUTION:
■ The auto-execute command command may cause you unable to perform
common configuration in the user interface, so use it with caution.
■ Before executing the auto-execute command command and save your
configuration, make sure you can log into the switch in other modes and cancel
the configuration.
3Com Switch 4200G Family binary ● 45
Command Reference
binary
Purpose Use the binary command to specify that files be transferred in binary mode. That is,
data is transferred in binary streams.
Syntax binary
Parameters None
[ftp] binary
200 Type set to I.
black-list add-mac
Purpose Use the black-list add-mac command to add a device into the blacklist.
Parameters mac-address The MAC address of the device that will be added into
the blacklist, in the format of H-H-H.
<S4200G>system-view
System View: return to User View with Ctrl+Z
[S4200G] cluster
[S4200G-cluster] black-list add-mac 0ec0-fc00-0001
■ Cluster view
black-list delete-mac
Purpose Use the black-list delete-mac command to delete a device from the blacklist.
Parameters mac-address The MAC address of the device that will be deleted
from the blacklist, in the format of H-H-H.
<S4200G>system-view
System View: return to User View with Ctrl+Z
[S4200G] cluster
[S4200G-cluster] black-list delete-mac 0ec0-fc00-0001
■ Cluster view
boot attribute-switch
Purpose Use the boot attribute-switch command to switch between the main and
backup attribute for all the files or a specified type of files. This changes a file with the
main attribute to one with the backup attribute, or vice versa.
■ User view
Description This command changes a file with the main attribute to one with the backup
attribute, or vice versa.
Note:
■ An app file is an executable file, with bin as the extension.
■ A configuration file is used to store and restore configuration, with cfg as the
extension.
■ A Web files is used for Web-based network management, with web as the
extension.
3Com Switch 4200G Family boot boot-loader ● 49
Command Reference
boot boot-loader
Purpose Use the boot boot-loader command to configure an app file to be of the main
attribute. The app file specified by this command becomes the main startup file when
the device starts the next time.
Parameters file-url Path name or file name of an App file in the flash
memory, consisting of a character string from 1 to 64
characters long.
■ User view
Description The app file specified by this command becomes the main startup file when the
device starts the next time.
CAUTION:
Make sure the app file to be specified as the most preferred startup file exists before
executing this command.
50 ● boot boot-loader 3Com Switch 4200G Family
Command Reference
boot boot-loader
Purpose Use the boot boot-loader command to specify the host software that will be
adopted when the current switch or a specified switch in the fabric reboots next time.
Example Specify the host software that will be adopted when the current switch reboots next
time.
■ User view
Description You can use this command to specify a .bin file in the Flash memory as the host
software to be adopted at reboot.
3Com Switch 4200G Family boot boot-loader backup-attribute ● 51
Command Reference
Parameters file-url Path name or file name of an App file in the flash
memory, consisting of a character string from 1 to 64
characters long.
■ User view
Description The app file specified by this command becomes the backup startup file when the
device starts up the next time. When the main startup file is unavailable, the backup
startup file is used to start the switch.
CAUTION:
Make sure the app file to be specified as the backup startup file exists before
executing this command.
52 ● boot bootrom 3Com Switch 4200G Family
Command Reference
boot bootrom
Parameters file-path File path and file name of Bootrom. This is a .btm file in
the Flash memory.
device-name File name, beginning with a device name in the form
of unit[NO.]>flash, used to save the specified file to the
Flash memory of a specified switch.
■ User view
3Com Switch 4200G Family boot web-package ● 53
Command Reference
boot web-package
Purpose Use the boot web-package command to configure a Web file to be of the main or
backup attribute.
Example Configure the Web file named boot.web to be of the main attribute.
■ User view
Description CAUTION:
■ Make sure the Web file which the webfile argument identifies exists before
executing this command.
■ The configuration of the main or backup attribute of a Web file takes effect
immediately without restarting the device.
54 ● broadcast-suppression 3Com Switch 4200G Family
Command Reference
broadcast-suppression
Purpose Use the broadcast-suppression command to define the broadcast traffic ratio
allowed on one port or each of the ports.
undo broadcast-suppression
Example Allow the broadcast traffic passing through the Ethernet1/0/1 port to occupy at most
20% of the bandwidth.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface ethernet1/0/1
[S4200G-Ethernet1/0/1] broadcast-suppression 20
■ System view
Description Once broadcast traffic exceeds the value set by the user, the system maintains an
appropriate broadcast traffic ratio by discarding the overflow traffic, so as to suppress
broadcast storm, avoid network congestion, and ensure normal network services.
3Com Switch 4200G Family build ● 55
Command Reference
build
Purpose Use the build command to configure a cluster with the current switch as the
management device. Argument name specifies the name of the cluster.
Use the undo build command to configure the current management device as a
candidate.
undo build
Example Configure the current switch to be a management device and specify the cluster
name to be 3COM.
<S4200G>system-view
System View: return to User View with Ctrl+Z
[S4200G] cluster
[S4200G-cluster] build 3COM
■ Cluster view
Description After a cluster is created, the device on which the command is executed becomes the
management device and is assigned a member number of 0.
bye
Purpose Use the bye command to terminate the connection to the remote SFTP server and
return to system view.
Syntax bye
Parameters None
Example Terminate the connection to the remote SFTP server (assume that the server IP address
is 10.1.1.2).
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] sftp 10.1.1.2
sftp-client> bye
[S4200G]
Description This command has the same function as the exit and quit commands.
3Com Switch 4200G Family bye ● 57
Command Reference
bye
Purpose Use the bye command to terminate the control connection and data connection
with the remote FTP server and quit to user view.
Syntax bye
Parameters None
Terminate the connections with the remote FTP server and quit to user view.
[ftp] bye
<S4200G>
Description This command has the same effect as that of the quit command.
58 ● cd 3Com Switch 4200G Family
Command Reference
cd
Purpose Use the cd command to change the current path on the remote SFTP server.
Syntax cd [ remote-path ]
Parameters remote-path Name of a path on the server. If you do not specify the
remote-path argument, the current path is
displayed.
sftp-client> cd new1
Current Directory is:
flash:/new1
Description You can use the cd.. command to return to the upper level directory.
You can use the cd / command to return to the root directory of the system (that is,
flash:/).
3Com Switch 4200G Family cd ● 59
Command Reference
cd
Purpose Use the cd command to enter a specified directory on the Ethernet switch.
Syntax cd directory
<S4200G> cd flash:
<S4200G> pwd
flash:
■ User view
60 ● cd 3Com Switch 4200G Family
Command Reference
cd
Purpose Use the cd command to change the work path on the remote FTP server.
Syntax cd pathname
[ftp] cd flash:/temp
Description You can only use this command to enter authorized directories.
3Com Switch 4200G Family cdup ● 61
Command Reference
cdup
Syntax cdup
Parameters None
sftp-client> cdup
cdup
Syntax cdup
Parameters None
[ftp] cdup
check region-configuration
■ revision level
■ VLAN mapping table
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp region-configuration
[S4200G-mst-region] check region-configuration
Admin Configuration
Format selector :0
Region name :00e0fc005100-EI
Revision level :0
Field Description
Format selector Selector specified by MSTP
Region name Name of the MST region
Revision level Revision level of the MST region
Instance Vlans Mapped Spanning tree instance-to-VLAN mappings in the MST region
Description You can use this command to find the MST region the switch currently belongs to or
check to see whether or not the MST region-related configuration is correct.
MSTP-enabled switches are in the same region only when they have the same MST
region-related configuration. A switch cannot be in a respected region if any one of
the above three MST region-related settings does not be consistent with that of
another switch in the region.
64 ● check region-configuration 3Com Switch 4200G Family
Command Reference
clock datetime
Purpose Use the clock datetime command to set the current system time and date.
Example Set the current date and time of the Ethernet switch to 0:0:0 2001/01/01.
■ User view
clock summer-time
Purpose Use the clock summer-time command to set the name, time range, and offset of
the daylight saving time.
Example Set the summer time named abc1, which starts from 06:00:00 2005/08/01, ends until
06:00:00 2005/09/01, and is one hour ahead of the standard time.
Set the summer time named abc2, which starts from 06:00:00 08/01, ends until
06:00:00 09/01, and is one hour ahead of the standard time every year from 2005
on.
■ User view
3Com Switch 4200G Family clock summer-time ● 67
Command Reference
Description After the setting, you can use the display clock command to check the result.
68 ● clock timezone 3Com Switch 4200G Family
Command Reference
clock timezone
Purpose Use the clock timezone command to set local time zone information.
Use the undo clock timezone command to return to the default, which is
Universal Time Coordinated (UTC).
Parameters zone_name Specifies the name of the time zone, which may be up
to 32 characters long.
add Specifies that time is ahead of UTC.
minus Specifies that time is behind UTC.
HH:MM:SS Specifies the time difference between the time zone
and UTC.
Example To set the local time zone as zone 5, and configure the local time to be 5 hours ahead
of UTC, enter the following:
■ User view
Description Use the display clock command to check the summer time settings.
close
Purpose Use the close command to terminate an FTP connection without quitting FTP client
view.
Syntax close
Parameters None
[ftp] close
221 Server closing.
[ftp]
Description The close command has the same effect as that of the disconnect command.
70 ● cluster 3Com Switch 4200G Family
Command Reference
cluster
Syntax cluster
Parameters None
<S4200G>system-view
System View: return to User View with Ctrl+Z
[S4200G] cluster
[S4200G-cluster]
■ System view
3Com Switch 4200G Family cluster enable ● 71
Command Reference
cluster enable
Purpose Use the cluster enable command to enable the cluster function on a switch.
Use the undo cluster enable command to disable the cluster function on a
switch.
Parameters None
Default By default, the cluster function is enabled on all the devices supporting cluster.
<S4200G>system-view
System View: return to User View with Ctrl+Z
[S4200G] cluster enable
■ System view
Description You need to create a cluster with the build command before using the cluster enable
command on the management device.
These two commands can be used on any device supporting the cluster function.
When you execute the undo cluster enable command on a management device, the
cluster is removed, and the switch stops operating as a management device. When
you execute this command on a member device, the cluster function is disabled on
the switch, and the switch quit the cluster. When you execute this command on a
switch that belongs to no cluster, the cluster function is disabled on the switch.
72 ● cluster-local-user 3Com Switch 4200G Family
Command Reference
cluster-local-user
■ Cluster view
cluster-mac
Purpose Use the cluster-mac command to configure a multicast MAC address for cluster
management. Run this command only on the management device only.
<aaa_0.S4200G> system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G] cluster
[aaa_0.S4200G-cluster] cluster-mac 0180-C200-0028
■ Cluster view
Description Multicast MAC addresses enable the member devices of a cluster to receive multicast
information delivered by the management device, and thus multicast information
sending function is implemented on the management device.
74 ● cluster-mac syn-interval 3Com Switch 4200G Family
Command Reference
cluster-mac syn-interval
Purpose Use the cluster-mac syn-interval command to set the interval for the
management device to send multicast packets. This command can be executed on
the management device only.
<aaa_0.S4200G> system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G] cluster
[aaa_0.S4200G-cluster]
[aaa_0.S4200G-cluster] cluster-mac syn-interval 1
■ Cluster view
Description When the interval is set as 0, the management device does not send multicast packets
to member devices.
3Com Switch 4200G Family cluster-snmp-agent community ● 75
Command Reference
cluster-snmp-agent community
Example In the cluster view of the master switch, set the community name to comaccess and
set the community to be read-only.
■ Cluster view
Description If you have configured a community name the same as the one configured by this
command, the current one replaces the one originally configured on a member
switch.
cluster-snmp-agent group v3
Purpose Use the cluster-snmp-agent group command to configure a SNMP group for a
cluster to map SNMP users to the SNMP view.
■ Cluster view
Description Use this command in the cluster view of the master switch. You can configure only
one SNMP group for a cluster.
78 ● cluster-snmp-agent group v3 3Com Switch 4200G Family
Command Reference
■ Use this command in the cluster view of the master switch. You can configure only
one SNMP group for a cluster.
■ The cluster-snmp-agent group command synchronizes the settings
specified in it to all authenticated members, including those passing the
authentication after the command is executed. The configuration applies to all the
authenticated cluster members. If you have configured a group name the same as
the one configured by this command, the current one replaces the one originally
configured on a member switch.
■ The configuration remains valid on a member device even if the latter quits the
cluster.
Default The default MIB view of a cluster is ViewDefault, in which the sub-tree with OID being
1 (that is, iso) can be accessed.
Example Create a view named "mib2" that contains all objects of mib-2.
■ Cluster view
Description ■ Use this command in the cluster view of a master switch. You must configure this
command manually. By default, this command is not configured. You can
configure only one such command.
■ The cluster-snmp-agent mib-view command synchronizes the settings
specified in it to all authenticated members, including those passing the
authentication after the command is executed. The configuration applies to all the
authenticated cluster members.
■ The configuration remains valid on a member device even if the latter quits the
cluster.
80 ● cluster-snmp-agent mib-view included 3Com Switch 4200G Family
Command Reference
cluster-snmp-agent usm-user v3
Example Add a user named "wang" to the SNMP group named "3Com", with authentication
enabled, authentication protocol set to MD5, and authentication password set to
"pass".
■ Cluster view
cluster switch-to
Purpose Use the cluster switch-to command to switch between the management
device and member devices for configuration and management.
Example Switch from the management device to the member device numbered 6 and then
switch back to the management device.
■ User view
Description You can manage member devices in a cluster through the management device, on
which you can switch to member view to configure or manage specified member
devices, and then switch back to the management device.
The view is inherited from the management device when you switch to a member
device from the management device. For example, the user view remains unchanged
after you switch from the management device to a member device.
Authentication is also required when you switch from a member device to the
management device. After passing the authentication, the system will enter user view
automatically.
When you execute this command on the management device, if the specified
member number n does not exist, an error message appears. Enter quit to stop the
switchover operation.
84 ● cluster switch-to sysname 3Com Switch 4200G Family
Command Reference
Purpose Use the cluster switch-to sysname command to switch between the master
device and a member device.
Example Switch to the member switch with the system name being abc (assuming that the
member number of the switch is 6) and then switch back to the master device by
executing the quit command.
Enter the member switch with the member number of 5 (assuming that member
devices numbered 5 and 6 share the system name of switch).
■ User view
■ You can manage member devices through the master device. You can switch to a
specific member device from the master device to manage the member device and
then switch back to the master device.
■ When you execute this command, an error occurs if the member device to switch
to does not exist. Enter “quit” to stop switching.
■ Authentication is performed when you switch to a member device. If the
authentication succeeds, you can switch to the member device; otherwise, the
switch fails.
3Com Switch 4200G Family cluster switch-to sysname ● 85
Command Reference
■ When you switch to a member device, the user level remains the same. For
example, if you are in user view when switching to a member device, you are in
user view after switching to the member device.
■ Authentication is also performed when you switch back to the master device.
Once the authentication succeeds, you are in user view of the master device
automatically.
86 ● command-privilege level 3Com Switch 4200G Family
Command Reference
command-privilege level
Purpose Use the command-privilege level command to set the level of the specified
command in a specified view.
Use the undo command-privilege view command to restore the level of the
specified command in the specified view to the default.
Default By default, the ping, tracert, and telnet commands are at the visit level (level
0); the display and debugging commands are at the monitor level (level 1); all
configuration commands are at the system level (level 2); and FTP/TFTP/XModem and
file system related commands are at the manage level (level 3).
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] command-privilege level 0 view system interface
■ System view
Description Commands fall into four command levels: visit, monitor, system, and manage, which
are identified as 0, 1, 2, and 3, respectively. The administrator can change the level of
a command to enable users of specific level to utilize the command.
3Com Switch 4200G Family copy ● 87
Command Reference
copy
Parameters fileurl-source Path name or file name of the source file in the Flash, a
string comprising 1 to 142 characters.
fileurl-dest Path name or file name of the destination file in the
Flash, a string comprising 1 to 142 characters.
Example Copy the file named test.txt as the file named test.bak.
■ User view
Description If the fileurl-dest argument identifies an existing file, the system prompts you for the
confirmation to overwrite the existing file.
88 ● copy configuration 3Com Switch 4200G Family
Command Reference
copy configuration
Purpose Use the copy configuration command to copy the configuration of a specific port
to other ports, to ensure consistent configuration.
Note:
■ If you specify the source aggregation group ID, the system uses the port with the
smallest port number in the aggregation group as the source.
■ If you specify the destination aggregation ID, the configuration of the source port
will be copied to all ports in the aggregation group.
■ The port that is in an aggregation group will be removed from the destination
ports, that is, copy configuration cannot take effect on this port. If you need the
port to keep consistent configuration with the source port, you should configure
the aggregation group to which the port belongs as destination parameter.
■ The port that is enabled Voice VLAN feature will be removed from the destination
ports, that is, copy configuration cannot take effect on this port.
Example Copy the configuration of aggregation group 1 to all ports in aggregation group 2.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] copy configuration source aggregation-group 1 destination
aggregation-group
■ System view
3Com Switch 4200G Family cut connection ● 89
Command Reference
cut connection
Purpose Use the cut connection command to cut the connection a user or a category of
users by force.
This command cannot cut the connections of Telnet and FTP users.
Example To cut all user connections in the ISP domain named aabbcc.net.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] cut connection domain aabbcc.net
■ System view
data-flow-format
Purpose Use the data-flow-format command to set the units of measure for the data flow
sent to the RADIUS Server.
Use the undo data-flow format command to restore the default unit of measure.
Default By default, the unit of measure for data is byte and that for packets is one-packet.
Example To specify to measure data and packets in data flows sent to RADIUS server in
kilobytes and kilo-packets respectively. enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] data-flow-format data kilo-byte packet
kilo-packet
Description By default, the data unit is byte and the data packet unit is one-packet.
92 ● data-flow-format 3Com Switch 4200G Family
Command Reference
databits
Purpose Use the databits command to set the databits for the user interface.
Use the undo databits command to revert to the default data bits.
Syntax databits { 7 | 8 }
undo databits
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] user-interface aux0
[S4200G-ui-aux0] databits 7
Description This command can only be performed in the AUX user interface view.
94 ● debugging 3Com Switch 4200G Family
Command Reference
debugging
Syntax debugging
undo debugging
Parameters None
[ftp] debugging
Debug is on.
■ User view
3Com Switch 4200G Family debugging ● 95
Command Reference
debugging
■ User view
Description Enabling debugging will generate a great deal of debugging information and thus
will affect the efficiency of the system. Therefore, it is recommended not to enable
debugging for multiple functional modules at the same time. The undo debugging all
command brings great convenience for you to disable all debugging at a time instead
of disabling them one by one.
Purpose Use the debugging arp packet command to enable ARP debugging.
Use the undo debugging arp packet command to disable the corresponding ARP
debugging.
Field Description
operation Type of ARP packets:
■ 1 ARP request packet
■ 2 ARP reply packet
sender_eth_addr Source MAC address
sender_ip_addr Source IP address
target_eth_addr MAC address of the target. For an ARP request packets, it is all zeros. This
field is set to the target MAC address in the ARP reply packets.
target_ip_addr Target IP address
■ User view
Purpose Use the debugging dhcp client command to enable debugging for the DHCP
client/BOOTP client.
Use the undo debugging dhcp client command to disable debugging output.
■ User view
98 ● debugging dhcp-relay 3Com Switch 4200G Family
Command Reference
debugging dhcp-relay
Purpose Use the debugging dhcp-relay command to enable DHCP relay debugging.
Parameters None
*0.7200230-DHCP-8-dhcp_debug:
From server to client:
Interface: VLAN-Interface 1
ServerGroupNo: 0
Type: dhcp-ack
ClientHardAddress: 0010-dc19-695d
AllocatedIpAddress: 10.1.1.1
*0.7200580-DHCP-8-largehop:
Discard DHCP request packet because of too large hop count!
*0.7200725-DHCP-8-invalidpkt:
Wrong DHCP packet!
Field Description
Interface VLAN interface carrying the DHCP
relay function
ServerGroupNo DHCP server group number of the
DHCP relay
Type DHCP packet type of the DHCP relay
ClientHardAddress MAC address of the DHCP client
ServerIpAddress IP address of the DHCP server
AllocatedIpAddress IP address assigned to the DHCP client
3Com Switch 4200G Family debugging dhcp-relay ● 99
Command Reference
■ User view
debugging DLDP
Purpose Use the debugging dldp command to enable specific debugging for DLDP on all
ports with DLDP enabled.
Use the undo debugging dldp command to disable debugging for DLDP on all
ports with DLDP enabled.
■ User view
3Com Switch 4200G Family debugging ntp-service ● 101
Command Reference
debugging ntp-service
Purpose Use the debugging ntp-service command to debug different NTP (network time
protocol) services.
■ User view
102 ● debugging radius 3Com Switch 4200G Family
Command Reference
debugging radius
Purpose Use the debugging radius command to enable the debugging for RADIUS
protocol.
Use the undo debugging radius command to disable the debugging for RADIUS
protocol.
Example To enable the debugging for RADIUS protocol, enter the following:
■ User view
3Com Switch 4200G Family debugging snmp-agent ● 103
Command Reference
debugging snmp-agent
Purpose Use the debugging snmp-agent command to enable SNMP Agent debugging.
Use the undo debugging snmp-agent command to cancel the current setting.
■ User view
debugging udp-helper
Purpose Use the debugging udp-helper command to enable UDP Helper debugging.
Use the undo debugging udp-helper command to disable UDP Helper debugging.
■ User view
3Com Switch 4200G Family delete ● 105
Command Reference
delete
Purpose Use the delete command to delete a specified file stored on a switch.
<S4200G>delete test/test.txt
Delete unit1>flash:/test/test.txt?[Y/N]:y
.
%Delete file unit1>flash:/test/test.txt...Done.
<S4200G>delete running-files
Delete the running files ? [Y/N]:y
Start deleting ..........
Unit1 delete success!
%Apr 4 11:25:40:973 2000 S4200G VFS/6/OPLOG:- 1 - Unit1 delete
success!
Deleting ... done
■ User view
Description Use the delete command to delete a specified file stored on a switch.
If you execute the delete command with the /unreserved keyword specified, the
specified file is completely deleted. (That is, the file cannot be restored.)
If you execute the delete command with the /unreserved keyword not specified, the
specified file is moved to the recycle bin. Following are the notes on deleted files:
■ The dir command cannot display the information about deleted files.
■ To display the information about deleted files, use the dir /all command.
106 ● delete 3Com Switch 4200G Family
Command Reference
You can also use the delete command to delete files by file attribute. The delete
running-file command deletes all the files with the main attribute, and the delete
standby-file command deletes all the files with the backup attribute.
CAUTION:
For deleted files whose names are the same, only the latest deleted file can be
restored.
3Com Switch 4200G Family delete ● 107
Command Reference
delete
Purpose Use the delete command to delete the specified file from the server.
Description This command has the same function as the remove command.
108 ● delete 3Com Switch 4200G Family
Command Reference
delete
Purpose Use the delete command to delete the specified remote file.
delete-member
Purpose Use the delete-member command to remove a member device from the cluster.
<aaa_0.S4200G> system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G] cluster
[aaa_0.S4200G-cluster]
[aaa_0.S4200G-cluster] delete-member 2
■ Cluster view
Description This command can be performed on the management device only. Otherwise, an
error message will appear.
110 ● delete static-routes all 3Com Switch 4200G Family
Command Reference
Purpose Use the delete static-routes all command to delete all the static routes.
Parameters None
<SW4200G>system-view
System View: return to User View with Ctrl+Z.
[SW4200G]delete static-routes all
Are you sure to delete all the static routes?[Y/N]
■ System view
Description The system requests your confirmation before it deletes all the configured static
routes.
description
undo description
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface ethernet 1/0/1
[S4200G-Ethernet1/0/1]description lanswitch-interface
[S4200G-Ethernet1/0/1]
description
Purpose Use the description command to assign a description string for the VLAN.
Use the undo description command to restore the default description string.
undo description
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan 1
[S4200G-vlan1] description research
■ VLAN view
3Com Switch 4200G Family description ● 113
Command Reference
description
Purpose Use the description command to assign a description string to a VLAN or a VLAN
interface.
Use the undo description command to restore the default description string.
undo description
Example To configure VLAN 2 to be the management VLAN and give of the description
“RESEARCH” to the VLAN 2 interface, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan 2
[S4200G-vlan2] quit
[S4200G] management-vlan 2
[S4200G] interface vlan-interface 2
[S4200G-Vlan-interface2] description RESEARCH
■ VLAN view
■ VLAN Interface view
114 ● description 3Com Switch 4200G Family
Command Reference
description
Purpose Use the description command to define the description information of an ACL to
describe the specific purpose of the ACL.
<S4200G> system-view
[S4200G] acl number 3100
[S4200G-acl-adv-3100] description This acl is used in eth 0
Purpose Use the dhcp relay information enable command to enable option 82
supporting on a DHCP relay, through which you can enable the DHCP relay to insert
option 82 into DHCP request packets sent to a DHCP server.
Use the undo dhcp relay information enable command to disable option 82
supporting on a DHCP relay, through which you can disable the DHCP relay from
inserting option 82 into DHCP request packets sent to a DHCP server.
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
■ System view
Purpose Use the dhcp relay information strategy command to instruct a DHCP
relay to perform specified operations to DHCP request packets that carry option 82.
Default By default, the DHCP relay replaces the option 82 carried by a DHCP request packet
with its own option 82.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
Instruct the DHCP relay to discard the DHCP request packets that carry option 82.
Instruct the DHCP relay to perform the default operations to DHCP request packets
that carry option 82.
■ System view
dhcp-security static
Purpose Use the dhcp-security static command to configure a static user address
entry.
Use the undo dhcp-security command to remove one or all user address entries,
or all user address entries of a specified type.
<S4200G> system-view
System View: return to User View with Ctrl+Z
Configure a user address entry for the DHCP server group, with the user IP address
being 1.1.1.1 and the user MAC address being 0005-5D02-F2B3.
■ System view
dhcp-server
Purpose Use the dhcp-server command to map the current VLAN interface to a DHCP
server group.
undo dhcp-server
Parameters groupNo DHCP server group number. Valid values for this
argument are 0 to 19.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G-Vlan-interface1] dhcp-server 1
dhcp-server ip
Purpose Use the dhcp-server ip command to configure the DHCP server IP address(es) in
a specified DHCP server group.
Use the undo dhcp-server command to remove all DHCP server IP addresses in a
DHCP server group.
Parameters groupNo DHCP server group number. Valid values are 0 to 19.
ipaddress-1 IP address of DHCP server 1 in the DHCP server group.
ipaddress-list IP addresses of other DHCP servers in the DHCP server
group. You can provide up to seven other DHCP sever
IP addresses.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
Configure three DHCP server IP addresses 1.1.1.1, 2.2.2.2, and 3.3.3.3 for DHCP
server group 1, so that this group contains three DHCP servers (server 1, server 2 and
server 3).
■ System view
dir
Purpose Use the dir command to display the information about the specified files or
directories on a switch.
Parameters /all Displays the information about all the files, including
those in the recycle bin.
file-url Path name or the name of a file in the Flash, a string
comprising 1 to 142 characters. You can specify
multiple files by inserting the "*" character as
wildcards in this argument. For example, the dir *.txt
command displays the information about all the files
with the extension of txt in the current directory.
Example Display the information about all the normal files in the root directory of the file
system on the local unit.
<S4200G> dir
Directory of unit1>flash:/
1 (*) -rw- 5792495 Apr 02 2000 00:06:50 s5100.bin
2 (*) -rw- 1965 Apr 01 2000 23:59:13 3comoscfg.cfg
3 -rw- 5841301 Apr 02 2000 21:42:13 s5100d8.bin
4 -rw- 224 Apr 02 2000 01:36:30 s5100d9.bin
5 -rw- 279296 Apr 02 2000 00:22:01 test.abc
15367 KB total (3720 KB free)
(*) -with main attribute (b) -with backup attribute
(*b) -with both main and backup attribute
Display the information about all the files in the root directory of the file system,
including the files in the recycle bin.
Display the information about all the files whose names begin with the character t
(including those in the recycle bin) in the local directory unit1>flash:/test/.
■ User view
Description In the output information, files with the main, backup or main/backup attribute are
tagged. This command supports the wildcard of "*".
Note: In the output information of the dir /all command, deleted files (that is,
those in the recycle bin) are embraced in brackets.
122 ● dir 3Com Switch 4200G Family
Command Reference
dir
Display the information about all the files in the current directory.
[ftp] dir
200 PORT command okay
7 File Listing Follows in ASCII mode
-rwxrwxrwx 1 noone nogroup 430585 Dec 21 2004 4.bin
-rwxrwxrwx 1 noone nogroup 430585 Dec 21 2004 5.bin
-rwxrwxrwx 1 noone nogroup 430585 Dec 23 2004 6. bin
-rwxrwxrwx 1 noone nogroup 430585 Dec 21 2004 6. bin.bak
-rwxrwxrwx 1 noone nogroup 638912 Nov 15 2004 abc.BTM
drwxrwxrwx 1 noone nogroup 0 Dec 15 2004 TEST
-rwxrwxrwx 1 noone nogroup 3212176 Jul 14 2004 21.bin
226 Transfer finished successfully.
FTP: 5346 byte(s) received in 6.782 second(s) 788.00 byte(s)/sec.
Display the information about the file named 4.app and save the output information
in the file named temp1.
Description The output information includes the name, size and creation time of a file in the
current directory.
If you do not specify the filename argument, the information about all the files in the
current directory is displayed.
124 ● dir 3Com Switch 4200G Family
Command Reference
dir
Purpose Use the dir command to display the files in the specified directory.
disconnect
Purpose Use the disconnect command to terminate a FTP connection without quitting FTP
client view.
Syntax disconnect
Parameters None
[ftp] disconnect
221 Server closing.
[ftp]
Description The disconnect command has the same effect as that of the close command.
126 ● display acl 3Com Switch 4200G Family
Command Reference
display acl
Purpose Use the display acl command to view the detailed configuration information of an
ACL, including each rule and its number as well as the number and size in bytes of
the data packets that match the statement.
■ Any view
Description The matched times displayed by this command are software matched times, namely,
the matched times of the ACL to be processed by the Switch CPU. You can use the
traffic-statistic command to calculate the matched times of hardware during
packet-forwarding
3Com Switch 4200G Family display am user-bind ● 127
Command Reference
display am user-bind
Purpose Use the display am command to view whether address management is enabled
and to display IP address pool configuration.
Total: 1 found.
■ Any view
Description By checking the output of this command, you can verify the current configuration.
128 ● display arp 3Com Switch 4200G Family
Command Reference
display arp
Purpose Use the display arp command to display the ARP mapping table entries by entry
type, or by a specified IP address.
Example To display the ARP entries from the first ARP mapping entry that contains the string 1,
enter the following:
Example2 To display all ARP entries in the mapping table, enter the following:
■ Any view
3Com Switch 4200G Family display arp ● 129
Command Reference
Purpose Use the display arp count command to display the number of the specified
type of ARP mapping entries.
Default If no optional parameter is specified, the number of all types of ARP mapping entries
is displayed.
Example To display the number of all types of ARP mapping entries, enter the following:
■ Any view
Purpose Use the display arp timer aging command to view the current setting of the
dynamic ARP aging timer.
Parameters None
Example To display the current setting of the ARP aging timer, enter the following:
■ Any view
display boot-loader
Purpose Use the display boot-loader command to display the information about the
app startup files of a switch, including the current app startup file name, the main
and backup app startup files to be used when the switch starts the next time.
Example Display the information about the app startup files of unit 1.
■ Any view
3Com Switch 4200G Family display boot-loader ● 133
Command Reference
display boot-loader
Purpose Use the display boot-loader command to display the host software (.bin file)
that will be adopted when the switch reboots.
Parameters None
Example Display the host software that will be adopted when the switch reboots.
<S4200G>display boot-loader
Unit 1:
Field Description
The current boot app is Current boot file of the system
The main boot app is Main boot file of the system
The backup boot app is Backup boot file of the system
■ Any view
134 ● display bootp client 3Com Switch 4200G Family
Command Reference
Purpose Use the display bootp client command to display BOOTP client-related
information, including the MAC address of the BOOTP client and the IP address
obtained.
■ Any view
3Com Switch 4200G Family display brief interface ● 135
Command Reference
Purpose Use the display brief interface command to display the configuration
information about one specific or all ports in brief, including the port type,
connection state, connection rate, duplex attribute, link type and default VLAN ID.
Example Display the brief configuration information about the Ethernet1/0/3 port.
Field Description
Interface Port type
Link Link state UP or DOWN
Speed Link rate
Duplex Duplex attribute
Link-type Link type access, hybrid or trunk
PVID Default VLAN ID
■ Any view
136 ● display brief interface 3Com Switch 4200G Family
Command Reference
Description This command functions similarly to the display interface command but
displays the port information in brief.
Currently, for a non-Ethernet port, the system only displays its connection state and
displays "--" in other configuration information fields.
display channel
Purpose Use the display channel command to display the details about the information
channel.
■ Any view
Description Without a parameter, the display channel command shows the configurations of
all the channels.
138 ● display clock 3Com Switch 4200G Family
Command Reference
display clock
Purpose Use the display clock command to display the current date and time of the system,
so that you can adjust them if they are wrong.
Parameters None
Field Description
18:36:31 beijing Sat Current date and time of the system
2002/02/02
Time Zone Configured time zone information
Summer-Time Configured summer time information
■ Any view
display cluster
Purpose Use the display cluster command to display the state and basic configuration
information of the cluster that contains the current switch.
Parameters None
Example Display cluster information (assuming that the current switch is a management
device).
Display cluster information (assuming that the current switch is a member device).
cluster-mac:0180-c200-000a
Handshake timer:10 sec
Handshake hold-time:60 sec
Field Description
Cluster name Name of the cluster
Role Cluster role of the switch
Member number Member number of the switch
Handshake timer Value of handshake timer
Handshake hold-time Value of handshake hold-time
140 ● display cluster 3Com Switch 4200G Family
Command Reference
Field Description
Administrator device MAC address of management device
mac address
Administrator status State of the management device
■ Any view
Description When being executed on a member device, this command displays the information
such as cluster name, member number of the current switch, the MAC address and
state of the management device, holdtime, and the interval to send packets.
Errors occur if you execute this command on a switch that does not belong to any
cluster.
3Com Switch 4200G Family display cluster base-topology ● 141
Command Reference
Purpose Use the display cluster topology command to display the standard topology
view of the cluster.
■ Any view
Description You can create a standard topology view by using the build or auto-build
command or save the current topology view as a standard topology view by using the
topology accept command. This command can be executed only on the
management device.
142 ● display cluster black-list 3Com Switch 4200G Family
Command Reference
Purpose Use the display cluster black-list command to display the current
blacklist of the cluster.
Parameters None
Field Description
Device ID ID of a device
Access Device ID ID of an access device
Access port Access port
■ Any view
Description You can create a standard topology view by using the build or auto-build
command or save the current topology view as a standard topology view by using the
topology accept command. This command can be executed only on the
management device.
3Com Switch 4200G Family display cluster candidates ● 143
Command Reference
Purpose Use the display cluster candidates command to display candidate devices
of a cluster.
Field Description
MAC MAC address of a candidate device
Hop Hops from a candidate device to the management device
IP IP address of a candidate device
Platform Platform of a candidate device
Field Description
Hostname Name of the candidate device
MAC MAC address of a candidate device
Hop Hops from a candidate device to the management device
IP IP address of a candidate device
Platform Platform of a candidate device
■ Any view
Purpose Use the display cluster current topology command to display the current
topology view or the topology path between two points.
Field Description
PeerPort Port of the peer device
ConnectFlag Connection flag
NativePort Local port
SysName System name of the device
normal connect Normal connection
odd connect Unidirectional connection
in blacklist in the blacklist
lost device Lost device
new device Newly added device
STP discarding STP block
146 ● display cluster current-topology 3Com Switch 4200G Family
Command Reference
■ Any view
Purpose Use the display cluster members command to display the information about
cluster members.
Example Display the information about all the devices in the cluster.
Field Description
SN Member number
Device Device type
MAC Address MAC address of the device
Status State of a device
Name Name of a device
Display the detailed information about the management device and all member
devices.
IP: 31.31.31.4/24
Version:
3Com Versatile Routing Platform Software
VRP (tm) Software, Version 3.10
Copyright (c) 2002-2005 By 3Com
S5100-EI 5100-EI-001
Field Description
Member number Device member number
Name Name of a device
Device Device type
MAC Address MAC address of a device
Member status State of a device
Hops to administrator Hops from the current device to the management device
device
IP IP address of a device
Version Software version of the current device
■ Any view
display connection
Purpose Use the display connection command to view the information for a specified
connection type.
■ ?
■ <
■ >
The @ character can only be used once in one
username. The pure username (the characters before
the @, namely the user ID) cannot exceed 55
characters and the domain name (the characters
behind the @) cannot be longer than 24 characters.
<S4200G>display connection
------------------unit 1------------------------
On Unit 1: Total 0 connections matched, 0 listed.
31 to 28 27 to 24 23 to 20 19 to 12 11 to 0
UNIT ID Slot number Subslot number Port number VLAN ID
■ Any view
Description The output can help with user connection diagnosis and troubleshooting.
If no parameter is specified, this command displays the related information about all
connected users.
This command cannot display information about the connections of the FTP users.
display cpu
Purpose Use the display cpu command to display CPU usage of a specified switch.
<S4200G>display cpu
Unit 1
Board 0 CPU busy status:
12% in last 5 seconds
12% in last 1 minute
12% in last 5 minutes
Field Description
12% in last 5 seconds The CPU occupancy rate is 12% at last 5 seconds
12% in last 1 minute The CPU occupancy rate is 12% at last 1 minute
12% in last 5 minutes The CPU occupancy rate is 12% at last 5 minutes
■ Any view
152 ● display current-configuration 3Com Switch 4200G Family
Command Reference
display current-configuration
#
interface GigabitEthernet1/0/5
#
interface GigabitEthernet1/0/6
#
interface GigabitEthernet1/0/7
#
interface GigabitEthernet1/0/8
#
interface GigabitEthernet1/0/9
#
interface GigabitEthernet1/0/10
#
interface GigabitEthernet1/0/11
#
interface GigabitEthernet1/0/12
#
interface GigabitEthernet1/0/13
#
interface GigabitEthernet1/0/14
#
interface GigabitEthernet1/0/15
#
interface GigabitEthernet1/0/16
#
interface GigabitEthernet1/0/17
#
interface GigabitEthernet1/0/18
#
interface GigabitEthernet1/0/19
#
interface GigabitEthernet1/0/20
#
interface GigabitEthernet1/0/21
#
interface GigabitEthernet1/0/22
#
interface GigabitEthernet1/0/23
#
interface GigabitEthernet1/0/24
#
interface NULL0
#
management-vlan 2
#
user-interface aux 0 7
user-interface vty 0 4
#
return
Display the lines that include 10* in the configuration information. “*” means that
the zero before it may not appear or appear multiple times continuously.
interface GigabitEthernet1/0/2
interface GigabitEthernet1/0/3
interface GigabitEthernet1/0/4
network 10.1.1.0 0.0.0.255
■ Any view
Description This command will not display those configuration parameters that have the same
values with the corresponding default parameters.
display debugging
Purpose Use the display debugging command to display the enabled debugging on a
specified device.
■ Any view
Description Executing this command without any parameter will display all enabled debugging.
Purpose Use the display debugging habp command to display the state of HABP
debugging.
Parameters None
■ Any view
158 ● display device 3Com Switch 4200G Family
Command Reference
display device
Purpose Use the display device command to display the information, such as the module
type and operating status, about each board (main board and sub-board) of a
specified switch.
<SW4200G>display device
Unit 1
SlotNo SubSNo PortNum PCBVer FPGAVer CPLDVer BootRomVer AddrLM Type
State
0 0 24 REV.A NULL 000 200 IVLMAIN Norma
■ Any view
Description Displayed information can include slot number, sub-slot number, number of ports,
versions of PCB, FPGA, CPLD and BootROM software, address learning mode,
and interface board type.
3Com Switch 4200G Family display dhcp client ● 159
Command Reference
Purpose Use the display dhcp client command to display the DHCP client-related
information.
Field Description
Vlan-interface1 VLAN interface operating as a DHCP client to obtain an
IP address dynamically
Current machine state The state of the client state machine
Alloced IP IP address allocated to the DHCP client
lease Lease period
T1 Renewal timer readout
T2 Rebinding timer readout
Lease from….to…. The starting and end time of the lease period
Server IP IP address of the DHCP server
Transaction ID Transaction ID
Default router Gateway address
■ Any view
160 ● display dhcp-security 3Com Switch 4200G Family
Command Reference
display dhcp-security
Purpose Use the display dhcp-security command to display one or all user address
entries, or a specified type of user address entries in the valid user address table of a
DHCP server group.
Example Display all user address entries contained in the valid user address table of the DHCP
server group.
Field Description
IP Address IP address of a user of the DHCP server
group
MAC Address MAC address of the user of the DHCP
server group
IP Address Type Type of the user address entry
(static/dynamic)
■ Any view
3Com Switch 4200G Family display dhcp-server ● 161
Command Reference
display dhcp-server
Purpose Use the display dhcp-server command to display information about a specified
DHCP server group.
Parameters groupNo DHCP server group number. Valid values are 0 to 19.
Field Description
IP address of DHCP server group 0: DHCP server IP addresses of DHCP
server group 0
Messages from this server group Number of the packets received from
the DHCP server group
Messages to this server group Number of the packets sent to the
DHCP server group
Messages from clients to this server group Number of the packets received from
the DHCP clients
Messages from this server group to clients Number of the packets sent to the
DHCP clients
DHCP_OFFER messages Number of the received DHCP-OFFER
packets
DHCP_ACK messages Number of the received DHCP-ACK
packets
162 ● display dhcp-server 3Com Switch 4200G Family
Command Reference
Field Description
DHCP_NAK messages Number of the received DHCP-NAK
packets
DHCP_DECLINE messages Number of the received
DHCP-DECLINE packets
DHCP_DISCOVER messages Number of the received
DHCP-DISCOVER packets
DHCP_REQUEST messages Number of the received
DHCP-REQUEST packets
DHCP_INFORM messages Number of the received DHCP-INFORM
packets
DHCP_RELEASE messages Number of the received
DHCP-RELEASE packets
BOOTP_REQUEST messages Number of the BOOTP request packets
BOOTP_REPLY messages Number of the BOOTP response
packets
■ Any view
Examples Display information about the DHCP server group to which VLAN 2 interface is
mapped.
■ Any view
display dhcp-snooping
Purpose Use the display dhcp-snooping command to display the user IP-MAC address
mapping entries recorded by the DHCP snooping function.
Example Display the user IP-MAC address mapping entries recorded by the DHCP snooping
function.
■ Any view
3Com Switch 4200G Family display dhcp-snooping ● 165
Command Reference
display dhcp-snooping
Parameters None.
Example Display the correspondence between user IP addresses and MAC addresses recorded
by the DHCP snooping function..
■ Any view
166 ● display dhcp-snooping trust 3Com Switch 4200G Family
Command Reference
Parameters None
Example Display the state of the DHCP snooping function and the trusted ports.
Interface Trusted
=================================
Ethernet1/0/1 Trusted
The above display information indicates that the DHCP snooping function is enabled,
and the Ethernet1/0/1 port is a trusted port.
■ Any view
3Com Switch 4200G Family display dhcp-snooping trust ● 167
Command Reference
Parameters None
Interface Trusted
=================================
GigabitEthernet1/0/1 Trusted
The above display indicates that DHCP-Snooping is enabled and that the rust function
is effective with GigabitEthernet1/0/1 being the trusted port.
■ Any view
168 ● display diagnostic-information 3Com Switch 4200G Family
Command Reference
display diagnostic-information
Parameters None
■ Any view
3Com Switch 4200G Family display domain ● 169
Command Reference
display domain
Purpose Use the display domain command to view the configuration information of a
specified ISP domain or display the summary information of all ISP domains.
Parameters isp-name Specifies the ISP domain name with a character string
up to 24 characters in length. The specified ISP domain
must exist.
Field Description
Domain Domain name
State State
Scheme AAA scheme
Access-Limit Limit on the number of access users
Vlan-assignment-mode VLAN assignment mode
Domain User Template Domain user template
Idle-Cut State of the idle-cut function
Self-service State of the self service
Messenger Time State of the messenger time service
■ Any view
170 ● display domain 3Com Switch 4200G Family
Command Reference
Description This command is used to output the configuration of a specified ISP domain or display
the summary information of all ISP domains. If an ISP domain is specified, the
configuration information (content and format) will be displayed exactly the same as
the displayed information of the display domain command. The output information
can help with ISP domain diagnosis and troubleshooting. Note that the accounting
scheme to be displayed should have been created.
display dot1x
Purpose Use the display dot1x command to view the relevant information of 802.1x.
■ Configuration information
■ Operation information (session information)
■ Relevant statistics
Default By default, all the relevant 802.1x information about each interface will be displayed.
GigabitEthernet1/0/1 is link-down
802.1X protocol is disabled
Proxy trap checker is disabled
Proxy logoff checker is disabled
Version-Check is disabled
The port is an authenticator
Authentication Mode is Auto
Port Control Type is Mac-based
Max number of on-line users is 256
GigabitEthernet1/0/2 is link-down
802.1X protocol is disabled
Proxy trap checker is disabled
Proxy logoff checker is disabled
Version-Check is disabled
The port is an authenticator
Authentication Mode is Auto
Port Control Type is Mac-based
Max number of on-line users is 256
GigabitEthernet1/0/3
……
Table 23 Description on the fields of the display dot1x command
Field Description
Equipment 802.1X protocol is 802.1x protocol (802.1x for short) is enabled on the switch.
enabled
CHAP authentication is enabled CHAP authentication is enabled.
DHCP-launch is enabled DHCP-triggered.802.1x authentication is disabled.
3Com Switch 4200G Family display dot1x ● 173
Command Reference
Field Description
Proxy trap checker is disabled The proxy trap checker is disabled here, which means the switch
does not send Trap packets when it detects that a supplicant
system logs in through a proxy. It can also be configured as
enabled, in which case the switch sends Trap packets when it
detects that a supplicant system logs in through a proxy.
Proxy logoff checker is disabled The proxy logoff checker is disabled here, which means that a
switch does not disconnect a supplicant system when it detects
that the latter logs in through a proxy. It can also be configured
as enabled, in which case the switch disconnects a supplicant
system when it detects that the latter logs in through a proxy.
Transmit Period Setting of the Transmission period timer (the tx-period)
Handshake Period Setting of the handshake period timer (the handshake-period)
Quiet Period Setting of the quiet period timer (the quiet-period)
Quiet Period Timer is disabled The quiet period timer is disabled here. It can also be configured
as enabled when necessary.
Supp Timeout Setting of the supplicant timeout timer (supp-timeout)
Server Timeout Setting of the server-timeout timer (server-timeout)
The maximal retransmitting The maximum number of times that a switch can send
times authentication request packets to a supplicant system
Total maximum 802.1x user The maximum number of 802.1x users that a switch can
resource number accommodate
Total current used 802.1x The number of online supplicant systems
resource number
GigabitEthernet1/0/1 is GigabitEthernet1/0/1 port is in down state.
link-down
802.1X protocol is disabled 802.1x is disabled on the port
Proxy trap checker is disabled The proxy trap checker is disabled here. It can also be configured
as enabled, in which case the switch sends Trap packets when it
detects that a supplicant system logs in through a proxy.
Proxy logoff checker is disabled The proxy logoff checker is disabled here. It can also be
configured as enabled, in which case the switch disconnects a
supplicant system when it detects that the latter logs in through
a proxy.
Version-Check is disabled The client version checking function is disabled here. It can also
be configured as enabled, in which case the switch checks client
version.
The port is an authenticator The port acts as an authenticator system.
Authentication Mode is Auto The port access control mode is Auto.
Port Control Type is Mac-based The port access control method is MAC-based. That is,
supplicant systems are authenticated based on their MAC
addresses.
Max number of on-line users The maximum number of online users that the port can
accommodate
… Information omitted here
■ Any view
Description When the interface-list argument is not provided, this command displays
802.1x-related information on all ports. The output information can be used to verify
802.1 x-related configurations and to troubleshoot.
174 ● display dot1x 3Com Switch 4200G Family
Command Reference
display fib
Purpose Use the display fib command to view the summary of the forwarding information
base.
Parameters None
Example To display the summary of the Forwarding Information Base, enter the following:
Field Description
Destination/Mask Destination address/mask length
Nexthop Forward address of the next hop
Flag
The flag options include:
B indicates this is a blacklist route.
D indicates this is a dynamic route.
E indicates this is an equal-cost route.
G indicates this is a gateway route.
H indicates this is a host route.
S indicates this is a static route.
U indicates this route is up and available.
R indicates this route is rejected and unavailable.
L indicates this route is generated by ARP or ESIS.
Interface Interface
■ Any view
Description The information includes: the destination address/mask length, next hop address,
current flag, and forward interface
176 ● display ftp-server 3Com Switch 4200G Family
Command Reference
display ftp-server
Purpose Use the display ftp-server command to display the FTP server-related settings of a
switch when it operates as an FTP server.
Parameters None
Example Display the FTP server-related settings of the switch (assuming that the switch is
operating as an FTP server).
Field Description
FTP server is running The FTP server is started
Max user number 1 The FTP server can accommodate up to one user.
User count 0 The current login user number is 0.
Timeout value ( in minutes ) The connection idle time is 30 minutes.
30
■ Any view
3Com Switch 4200G Family display ftp-user ● 177
Command Reference
display ftp-user
Purpose Use the display ftp-user command to display the settings of the current FTP
user, including the user name, host IP address, port number, connection idle time,
and authorized directory.
Parameters None
■ Any view
178 ● display garp statistics 3Com Switch 4200G Family
Command Reference
Purpose Use the display garp statistics command to display the GARP statistics on
specified (or all) ports.
■ Any view
Purpose Use the display garp timer command to display the values of the GARP timers
on specified or all ports.
■ Any view
Purpose Use the display gvrp statistics command to display the GVRP statistics
about specified (or all) Trunk ports.
■ Any view
■ GVRP status
■ Whether GVRP is running
■ Number of the failed GVRP registrations
■ The source MAC address of the last GVRP PDU
■ GVRP registration type of the port
3Com Switch 4200G Family display gvrp status ● 181
Command Reference
Purpose Use the display gvrp status command to display the enable/disable status of
global GVRP.
Parameters None
■ Any view
182 ● display habp 3Com Switch 4200G Family
Command Reference
display habp
Purpose Use the display habp command to display HABP configuration and status
information.
Parameters None
Example To display HABP configuration and status information, enter the following:
<S4200>system-view
System View: return to User View with Ctrl+Z.
[S4200] display habp
Global HABP information:
HABP Mode: Server
Sending HABP request packets every 20 seconds
Bypass VLAN: 2
Table 26 Description on the fields of the display habp command
Field Description
HABP Mode Indicates the HABP mode of the switch.
A switch can operate as an HABP server
(displayed as Server) or an HABP client
(displayed as Client).
Sending HABP request packets every 20 seconds HABP request packets are sent once in
every 20 seconds.
Bypass VLAN Indicates the ID(s) of the VALN(s) to
which HABP request packets are sent
■ Any view
3Com Switch 4200G Family display habp table ● 183
Command Reference
Purpose Use the display habp table command to display the MAC address table
maintained by HABP.
Parameters None
Default body
Example To display the MAC address table maintained by HABP, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] display habp table
MAC Holdtime Receive Port
001f-3c00-0030 53 GigabitEthernet1/0/1
Table 27 Description on the fields of the display habp table command
Field Description
MAC MAC addresses listed in the HABP MAC address table.
Holdtime Hold time of the entries in the HABP MAC address table. An
address will be removed from the table if it has not been updated
during the hold time.
Receive Port The port from which a MAC address is learned
■ Any view
184 ● display habp traffic 3Com Switch 4200G Family
Command Reference
Purpose Use the display habp traffic command to display statistics on HABP packets.
Parameters None
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] display habp traffic
HABP counters :
Packets output: 0, Input: 0
ID error: 0, Type error: 0, Version error: 0
Sent failed: 0
Table 28 Description on the fields of the display habp traffic command
Field Description
Packets output Number of the HABP packets sent
Input Number of the HABP packets received
ID error Number of HABP packets with ID errors
Type error Number of HABP packets with type errors
Version error Number of HABP packets with version errors
Sent failed Number of HABP packets that failed to be sent
■ Any view
3Com Switch 4200G Family display history-command ● 185
Command Reference
display history-command
Parameters None
■ Any view
Purpose Use the display icmp statistics command to view the statistics information
about ICMP packets.
Parameters None
Field Description
bad formats Number of input packets in bad format
bad checksum Number of input packets with wrong checksum
echo Number of input/output echo request packets
destination unreachable Number of input/output packets with unreachable destination
source quench Number of input/output source quench packets
redirects Number of input/output redirected packets
echo reply Number of input/output echo reply packets
parameter problem Number of input/output packets with parameter problem
timestamp Number of input/output timestamp packets
information request Number of input information request packets
mask requests Number of input/output mask request packets
mask replies Number of input/output mask reply packets
information reply Number of output information reply packets
time exceeded Number of time exceeded packets
■ Any view
3Com Switch 4200G Family display icmp statistics ● 187
Command Reference
Parameters None
Example Display the configuration information about IGMP Snooping on the switch.
The above information shows: IGMP Snooping has already been enabled, the aging
time of the router port is 105 seconds, the maximum query response time is one
second, and the aging time of multicast member ports is 260 seconds.
■ Any view
Description When IGMP Snooping is enabled on the switch, this command displays the following
information: IGMP Snooping status, aging time of the router port, query response
timeout time, and aging time of multicast member ports.
Purpose Use the display igmp-snooping group command to display information about
the IP and MAC multicast groups under one VLAN (with vlan vlan-id) or all
VLANs (without vlan vlan-id).
■ Any view
Description This command displays the following information: VLAN ID, router port, IP multicast
group address, member ports included in IP multicast group, MAC multicast group,
MAC multicast group address, member ports included in MAC multicast group.
190 ● display igmp-snooping statistics 3Com Switch 4200G Family
Command Reference
Parameters None
■ Any view
Description This command displays the following information: the numbers of the IGMP general
query messages, IGMP group-specific query messages, IGMP V1 report messages,
IGMP V2 report messages, IGMP leave messages and error IGMP messages received,
and the number of the IGMP group-specific query messages sent.
display info-center
Purpose Use the display info-center command to display system log settings and memory
buffer record statistics.
Field Description
Information Center: Whether the information center is enabled.
Log host: Status of the log host, including its IP address, used
channel numbers, channel names, language and level.
Console: Usage status of the control port, including the channel
number and channel name it uses.
Monitor: Usage status of the monitor port, including the channel
number and channel name it uses.
SNMP Agent: Usage status of the network proxy, including the
channel number and channel name it uses.
Log buffer: Usage status of the log buffer, including whether it is
enabled, the utmost capacity, the current capacity, the
current item number, channel name, channel number,
discarded item number and covered item number.
Trap buffer: Usage status of the trap buffer, including whether it is
enabled, the utmost capacity, the current capacity, the
current item number, channel name, channel number,
discarded item number and cover item number.
192 ● display info-center 3Com Switch 4200G Family
Command Reference
Field Description
Information timestamp setting Time stamp settings, describing the time stamp types of
log information, trap information and debug
information.
SWITCH OF Device--Unit>1 Device switch status, describing the switch status of log,
trap and debug information.
■ Any view
Description If the information in the current log/trap buffer is less than the specified sizeval,
display the actual log/trap information.
display interface
Purpose Use the display interface command to view the configuration information on the
selected interface.
interface-type interface-number ]
Parameters interface-type Specifies the port (interface) type. This can be either
Aux, Ethernet, GigabitEthernet, NULL, Vlan-interface.
interface-number Specifies the port (interface) number in the format
unit-number/0/port-number.
Valid values for the port number are 1 to 16, 1 to 28,
or 1 to 52, depending on the number of ports you
have on your unit.
You can use the interface_name at this command. This consists of the
interface_type and the interface_number combined as a single parameter. For
example, Ethernet1/0/1.
Example To display configuration information on Ethernet port 1/0/1, enter the following:
■ Any view
Description Along with others, this interface could be a specific port's interface (for example,
Ethernet1/0/1) or a specific VLAN interface (for example, vlan-interface 1).
Field Description
GigabitEthernet1/0/1 current state Indicates the current state of the Ethernet port (up
or down)
IP Sending frames’ format Displays the Ethernet frame format
Hardware address Displays the port hardware address
The Maximum Transmit Unit Indicates the maximum transmit unit
Media type Indicates the type of media
loopback not set Displays the port loopback test state
Port hardware type Displays the port hardware type
1000Mbps-speed mode, full-duplex 1000Mbps-speed mode, full-duplex mode
mode
Link speed type is force link, link duplex Link speed type is force link, link duplex type is force
type is force link link
Flow control is not enabled Port flow control state
The Maximum Frame Length Indicates the maximum length of the Ethernet
frames that can pass through the port
Broadcast MAX ratio Port broadcast storm suppression ratio
Unknown Multicast Packet drop: Disable The unknown multicast packet dropping function is
disabled
Unknown Unicast Packet drop: Disable The unknown multicast packet dropping function is
disabled
Allow jumbo frame to pass Indicates that jumbo frame are allowed to pass
through the port
PVID Indicates the port default VLAN ID.
Mdi type Indicates the cable type
Port link-type Indicates the port link type
3Com Switch 4200G Family display interface ● 195
Command Reference
Field Description
Tagged VLAN ID Indicates the VLANs with packets tagged
Untagged VLAN ID Indicates the VLANs with packets untagged
Last 300 minutes input rate: Displays the input/output rate and the number of
0 packets/sec, 0 bytes/sec packets that were passed on this port in the last
300 seconds
Last 300 minutes output rate:
0 packets/sec, 0 bytes/sec
Input(total): 0 packets, 0 bytes The statistics information of input/output packets
and errors on this port. A “-” indicates that the
- broadcasts, - multicasts
item isn't supported by the switch.
Input(normal): 0 packets, 0 bytes
0 broadcasts, 0 multicasts
Input: 0 input errors, 0 runts, 0 giants,
0 throttles, 0 CRC
0 frame, - overruns, - aborts, -
ignored, - parity errors
Output(total): 0 packets, 0 bytes
- broadcasts, - multicasts, - pauses
Output(normal): 0 packets, 0 bytes
0 broadcasts, 0 multicasts, 0 pauses
Output: 0 output errors, - underruns, -
buffer failures
- aborts, 0 deferred, 0 collisions, 0
late collisions
- lost carrier, - no carrier
■ If you specify neither port type nor port number, the command displays
information about all ports.
■ If you specify only port type, the command displays information about all ports of
this type.
■ If you specify both port type and port number, the command displays information
about the specified port.
196 ● display interface VLAN-interface 3Com Switch 4200G Family
Command Reference
Example To display information about the management VLAN interface (assume that VLAN 1 is
the management VLAN) type the following:
■ Any view
Description The information displayed about the management VLAN interface includes:
■ Physical and link status
■ Format of the sent frames
■ MAC hardware address
■ IP address and subnet mask
■ Description string
■ Maximum Transmit Unit (MTU)
display ip host
Purpose Use the display ip host command to display all host names and their
corresponding IP addresses.
Parameters None.
Example To display all host names and their corresponding IP addresses, type the following:
Field Description
Host Host name
Age Valid duration of the host address
Flags Flag
Address(es) Host IP address
■ Any view
198 ● display ip interface vlan-interface 3Com Switch 4200G Family
Command Reference
■ Any view
200 ● display ip routing-table 3Com Switch 4200G Family
Command Reference
display ip routing-table
Purpose Use the display ip routing-table command to display the summary information
about the routing table.
Parameters None
Field Description
Destination/Mask Destination IP address/Mask length
Protocol Routing protocol that discovers the route
Pre Routing preference
Cost Route cost
Nexthop Next hop IP address of the route
Interface Output interface, through which packets destined for the destination
network segment are to be transmitted
Each line in the table represents one route. The displayed information includes
destination address/mask length, protocol, preference, cost, next hop and output
interface.
■ Any view
Description This command displays the summary information about a routing table, with the
items of a routing entry contained in one line. The information displayed includes
destination IP address/mask length, protocol, preference, cost, next hop and
outbound interface.
The display ip routing-table command only displays the routes currently in use, that is,
the optimal routes
3Com Switch 4200G Family display ip routing-table acl ● 201
Command Reference
Purpose Use the display ip routing-table acl command to display the routes permitted
by the specified basic ACL.
Parameters acl-number Specifies the number of the basic access control list
(ACL). Valid values are 2000 to 2999.
verbose Displays the detailed information about the active and
inactive routes filtered by the specified ACL. If you do
not specify this keyword, the summary information
about the active routes filtered by the specified ACL is
displayed.
Example Display the summary information about the active routes permitted by ACL 2000.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] acl number 2000
[S4200G-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255
[S4200G-acl-basic-2000] rule deny source any
[S4200G-acl-basic-2000] display ip routing-table acl 2000
Routes matched by access-list 2000:
Summary count: 2
Destination/Mask Protocol Pre Cost Nexthop Interface
10.1.1.0/24 DIRECT 0 0 10.1.1.2 Vlan-interface1
10.1.1.2/32 DIRECT 0 0 127.0.0.1 InLoopBack0
Field Description
Destination/Mask Destination IP address/Mask length
Protocol Routing protocol that discovers the route
Pre Routing preference
Cost Route cost
Nexthop Next hop IP address of the route
Interface Output interface, through which packets destined for the destination
network segment are to be transmitted
Display the detailed information about the active and inactive routes permitted by
ACL 2000.
Summary count: 2
202 ● display ip routing-table acl 3Com Switch 4200G Family
Command Reference
Field Description
Destination Destination address
Mask Mask
Protocol Routing protocol that discovers the route
Preference Routing preference
Nexthop Next hop IP address
Interface Outbound interface, through which the data packets destined for the
destination network segment are to be transmitted
Vlinkindex Virtual link index
State Descriptions on the route state are as follows:
ActiveU — Valid unicast route. "U" stands for unicast.
Blackhole — Blackhole route is the same as reject route except that a
router drops a packet traveling along a blackhole route without
sending ICMP unreachable messages to the source of the packets.
Delete — The route is deleted.
Gateway — The route is not a direct route.
Hidden — The route is a hidden route. For routes that are temporarily
unavailable for some reasons (such as the policy configured or the
interface is down), you can hide them for later use.
Holddown — The route is held down. Holddown is a kind of route
advertisement policy used in some D-V (distance vector) routing
protocols (such as RIP) to avoid the propagation of some incorrect
routes and improve the transmission speed of route-unreachable
information. For details, refer to corresponding routing protocols.
Int — The route is discovered by the internal gateway protocol (IGP).
NoAdvise — The route is not advertised when the router advertises
routes based on policies.
NotInstall — The route are not loaded to the core routing table but
can be advertised. Normally, the routes with the highest preference in
the routing table are loaded to the core routing table and are
advertised.
Reject — The packets travel along the route will be dropped. Besides,
the router sends ICMP unreachable messages to the source of the
dropped packets. The Reject routes are usually used for network
testing.
Retain — The route is not deleted when the routes read from the core
routing table are deleted. You can enable static routes to remain in
the core routing table by configure them to be in retain state.
Static — The route is not lost when you perform the save operation
and then restart the router. Routes marked as Static are configured
manually.
Unicast — The route is a unicast route.
3Com Switch 4200G Family display ip routing-table acl ● 203
Command Reference
Field Description
Age The time period during which the route is allowed in the routing
table, in the form of hh:mm:ss.
Cost Cost of the route
■ Any view.
Description This command is used to display the routes that passed the filtering rules in the
specified ACL.
The command only displays routes that passed basic ACL filtering rules.
204 ● display ip routing-table ip-address 3Com Switch 4200G Family
Command Reference
Example Display the summary information of the corresponding routes with destination
addresses matched within the natural mask range.
Field Description
Destination/Mask Destination IP address/Mask length
Protocol Routing protocol that discovers the route
Pre Routing preference
Cost Route cost
Nexthop Next hop IP address of the route
Interface Output interface, through which packets destined for the destination
network segment are to be transmitted
Display the detailed information of the routes with destination addresses matched
within the natural mask range.
3Com Switch 4200G Family display ip routing-table ip-address ● 205
Command Reference
Field Description
Destination Destination address
Mask Mask
Protocol Routing protocol that discovers the route
Preference Routing preference
Nexthop Next hop IP address
Interface Outbound interface, through which the data packets destined for the
destination network segment are to be transmitted
Vlinkindex Virtual link index
206 ● display ip routing-table ip-address 3Com Switch 4200G Family
Command Reference
Field Description
State Descriptions on the route state are as follows:
ActiveU — Valid unicast route. "U" stands for unicast.
Blackhole — Blackhole route is the same as reject route except that a
router drops a packet traveling along a blackhole route without
sending ICMP unreachable messages to the source of the packets.
Delete — The route is deleted.
Gateway — The route is not a direct route.
Hidden — The route is a hidden route. For routes that are temporarily
unavailable for some reasons (such as the policy configured or the
interface is down), you can hide them for later use.
Holddown — The route is held down. Holddown is a kind of route
advertisement policy used in some D-V (distance vector) routing
protocols (such as RIP) to avoid the propagation of some incorrect
routes and improve the transmission speed of route-unreachable
information. For details, refer to corresponding routing protocols.
Int — The route is discovered by the internal gateway protocol (IGP).
NoAdvise — The route is not advertised when the router advertises
routes based on policies.
NotInstall — The route are not loaded to the core routing table but
can be advertised. Normally, the routes with the highest preference in
the routing table are loaded to the core routing table and are
advertised.
Reject — The packets travel along the route will be dropped. Besides,
the router sends ICMP unreachable messages to the source of the
dropped packets. The Reject routes are usually used for network
testing.
Retain — The route is not deleted when the routes read from the core
routing table are deleted. You can enable static routes to remain in
the core routing table by configure them to be in retain state.
Static — The route is not lost when you perform the save operation
and then restart the router. Routes marked as Static are configured
manually.
Unicast — The route is a unicast route.
Age The time period during which the route is allowed in the routing
table, in the form of hh:mm:ss.
Cost Cost of the route
■ Any view
Description The output information of this command differs with the arguments/keywords
specified as follows:
For the destination address ip-address, if there are some routes matched within the
natural mask range, all subnet routes will be displayed. Otherwise, only the active
routes which match ip-address longest will be displayed.
Only the routes that match exactly the specified destination address and mask are
displayed.
All routes with destination addresses matched within the natural mask range will be
displayed.
[ verbose ]
ip-address2 and mask2 Specifies the IP address masks. These two arguments
can be in dotted decimal notation or two integers
ranging from 0 to 32.
verbose Displays the detailed information about the active and
inactive routes. If you do not specify this keyword, only
the summary information about the active routes is
displayed.
Example Display the information about the routes with their destinations within the range of
1.1.1.0 to 2.2.2.0.
Field Description
Destination/Mask Destination IP address/Mask length
Protocol Routing protocol that discovers the route
Pre Routing preference
Cost Route cost
Nexthop Next hop IP address of the route
3Com Switch 4200G Family display ip routing-table ip-address1 ip-address2 ● 209
Command Reference
Field Description
Interface Output interface, through which packets destined for the destination
network segment are to be transmitted
■ Any view
210 ● display ip routing-table ip-prefix 3Com Switch 4200G Family
Command Reference
Example Display the summary information about the active routes matching the IP prefix list
named abc2 (assuming that the IP prefix list permits the routes with their prefix being
10.1.1.0 and the mask length in the range of 24 to 32).
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ip ip-prefix abc2 permit 10.1.1.0 24 less-equal 32
[S4200G] display ip routing-table ip-prefix abc2
Routes matched by ip-prefix abc2:
Summary count: 2
Destination/Mask Protocol Pre Cost Nexthop Interface
10.1.1.0/24 DIRECT 0 0 10.1.1.2
Vlan-interface1
10.1.1.2/32 DIRECT 0 0 127.0.0.1
InLoopBack0
Field Description
Destination/Mask Destination IP address/Mask length
Protocol Routing protocol that discovers the route
Pre Routing preference
Cost Route cost
Nexthop Next hop IP address of the route
Interface Output interface, through which packets destined for the destination
network segment are to be transmitted
Display the detailed information about the active and inactive routes matching the IP
prefix list named abc2.
Summary count: 2
Field Description
Destination Destination address
Mask Mask
Protocol Routing protocol that discovers the route
Preference Routing preference
Nexthop Next hop IP address
Interface Outbound interface, through which the data packets destined for the
destination network segment are to be transmitted
Vlinkindex Virtual link index
212 ● display ip routing-table ip-prefix 3Com Switch 4200G Family
Command Reference
Field Description
State Descriptions on the route state are as follows:
ActiveU — Valid unicast route. "U" stands for unicast.
Blackhole — Blackhole route is the same as reject route except that a
router drops a packet traveling along a blackhole route without
sending ICMP unreachable messages to the source of the packets.
Delete — The route is deleted.
Gateway — The route is not a direct route.
Hidden — The route is a hidden route. For routes that are temporarily
unavailable for some reasons (such as the policy configured or the
interface is down), you can hide them for later use.
Holddown — The route is held down. Holddown is a kind of route
advertisement policy used in some D-V (distance vector) routing
protocols (such as RIP) to avoid the propagation of some incorrect
routes and improve the transmission speed of route-unreachable
information. For details, refer to corresponding routing protocols.
Int — The route is discovered by the internal gateway protocol (IGP).
NoAdvise — The route is not advertised when the router advertises
routes based on policies.
NotInstall — The route are not loaded to the core routing table but
can be advertised. Normally, the routes with the highest preference in
the routing table are loaded to the core routing table and are
advertised.
Reject — The packets travel along the route will be dropped. Besides,
the router sends ICMP unreachable messages to the source of the
dropped packets. The Reject routes are usually used for network
testing.
Retain — The route is not deleted when the routes read from the core
routing table are deleted. You can enable static routes to remain in
the core routing table by configure them to be in retain state.
Static — The route is not lost when you perform the save operation
and then restart the router. Routes marked as Static are configured
manually.
Unicast — The route is a unicast route.
Age The time period during which the route is allowed in the routing
table, in the form of hh:mm:ss.
Cost Cost of the route
■ Any view
Description You can use this command to trace routing policies and display the routes matching a
specified IP prefix list.
If the specified IP prefix list does not exist, the detailed information about all the active
and inactive routes is displayed when you execute this command with the verbose
keyword specified, and only the summary information about all the active routes is
displayed if you execute this command with the verbose keyword not specified.
Without the verbose parameter, this command displays the summary of the active
routes that passed filtering rules.
3Com Switch 4200G Family display ip routing-table protocol ● 213
Command Reference
Purpose Use the display ip routing-table protocol command to display the information
about specific routes.
Example To display a summary of all direct connection routes, enter the following:
Field Description
Destination/Mask Destination IP address/Mask length
Protocol Routing protocol that discovers the route
Pre Routing preference
Cost Route cost
Nexthop Next hop IP address of the route
Interface Output interface, through which packets destined for the destination
network segment are to be transmitted
■ Any view
3Com Switch 4200G Family display ip routing-table radix ● 215
Command Reference
Purpose Use the display ip routing-table radix command to view the route information
in a hierarchical (tree) structure.
Parameters None
+--8+--{127.0.0.0
+-32+--{127.0.0.1
Table 42 Output description of the display ip routing-table radix command
Field Description
INET Address family
Inodes Number of nodes
Routes Number of routes
■ Any view
216 ● display ip routing-table statistics 3Com Switch 4200G Family
Command Reference
Purpose Use the display ip routing-table statistics command to display the statistics
of a routing table.
Parameters None
Field Description
Proto Routing protocol: O_ASE indicates OSPF_ASE routes, O_NSSA
indicates OSPF NSSA routes, and AGGRE indicates the aggregated
routes.
route Total number of routes .
active Number of active routes that are in currently in use.
added Number of the routes that are added to the routing table after the
switch starts or the routing table is cleared last time.
deleted Number of the routes with deleted flags (this type of routes will be
freed after a period of time).
Total Total of different types of routes.
■ Any view
Purpose Use the display ip routing-table verbose command to display the detailed
information about a routing table.
Parameters None
Destinations: 2 Routes: 2
Holddown: 0 Delete: 0 Hidden: 0
The statistics of the routing table are displayed first, and then the detailed
descriptions of each route. Other generated information is described in Table 44.
Descriptor Meaning
Holddown The number of the routes that are held down.
Delete The number of deleted routes.
Hidden The number of hidden routes.
■ Any view
Description This command displays the detailed information about the routing table, in the order
of route state, statistics of the routing table, and the information about each route.
You can use this command to display all the routes, including the inactive and invalid
routes
218 ● display ip socket 3Com Switch 4200G Family
Command Reference
display ip socket
Purpose Use the display ip socket command to display the information about the sockets
in the current system.
Example To display the information about the socket of TCP type, enter the following:
Field Description
SOCK_STREAM The socket type
Task The ID of a task
socketid The ID of a socket
Proto The protocol number used by the socket
sndbuf The sending buffer size of the socket
rcvbuf The receiving buffer size of the socket
sb_cc The current data size in the sending buffer. The value makes sense
only for the socket of TCP type, because only TCP is able to cache
data
rb_cc The current data size in the receiving buffer
3Com Switch 4200G Family display ip socket ● 219
Command Reference
Field Description
socket option The option of the socket
socket state The state of the socket
■ Any view
220 ● display ip statistics 3Com Switch 4200G Family
Command Reference
display ip statistics
Purpose Use the display ip statistics command to view the statistics information about
IP packets.
Parameters None
<S4200G>display ip statistics
Input: sum 7120 local 112
bad protocol 0 bad format 0
bad checksum 0 bad options 0
Output: forwarding 0 local 27
dropped 0 no route 2
compress fails 0
Fragment:input 0 output 0
dropped 0
fragmented 0 couldn't fragment 0
Reassembling:sum 0 timeouts 0
Table 46 Output Description of the display ip statistics command
Field Description
Input: sum Sum of input packets
local Number of received packets whose destination is
the local device
bad protocol Number of packets with wrong protocol number
bad format Number of packets in bad format
bad checksum Number of packets with wrong checksum
bad options Number of packets that has wrong options
Output: forwarding Number of forwarded packets
local Number of packets that are sent by the local device
dropped Number of dropped packets during transmission
no route Number of packets that cannot be routed
compress fails Number of packets that cannot be compressed
Fragment: input Number of input fragments
output Number of output fragments
dropped Number of dropped fragments
fragmented Number of packets that are fragmented
couldn't fragment Number of packets that cannot be fragmented
Reassembling: sum Number of packets that are reassembled
timeouts Number of packets that time out
3Com Switch 4200G Family display ip statistics ● 221
Command Reference
■ Any view
Purpose Use the display isolate port command to display the information about the
Ethernet ports added to an isolation group.
Parameters None
Example Display the information about the Ethernet ports added to the isolation group.
■ Any view
3Com Switch 4200G Family display lacp system-id ● 223
Command Reference
Purpose Use the display lacp system-id command to view actor system ID, including
system priority and system MAC address.
Parameters None
■ Any view
Purpose Use the display link-aggregation interface command to display the link
aggregation details about a specified port or port range.
Parameters interface-type Specifies the port type. You can specify multiple
sequential ports with the to parameter, instead of
specifying only one port.
interface-name Specifies the port name
to Specifies a port range.
Field Description
Selected AggID ID of the aggregation group to which
the specified port belongs
Local: Port priority, operation key and status
flag of the local end
Port-Priority: 32768, Oper key: 1, Flag: 0x00
Remote: Device ID, MAC address, port number,
port priority, operation key and status
System ID: 0x0, 0000-0000-0000
flag of the remote end
Port Number: 0, Port-Priority: 0, Oper-key: 0,
Flag: 0x00
■ Any view
3Com Switch 4200G Family display link-aggregation interface ● 225
Command Reference
Description Use the display link-aggregation interface command to display the link
aggregation details about a specified port or port range, including:
■ Link aggregation group ID, port priority, operation key and protocol status flag of
the port at the local end,
■ Device ID, port number, port priority, operation key and protocol status flag at the
remote end, and,
■ LACP protocol packet statistics
For a manual aggregation group, value 0 is displayed for all the above items of the
remote end (which does not indicate the real information of the remote end), since
information about the remote end cannot be obtained for a manual aggregation
group.
Parameters None
Example To display summary information of all aggregation information, enter the following:
Field Description
Actor ID Device ID and MAC address of the local end
AL ID Aggregation group ID
AL Type Aggregation group type: D (dynamic), S (static), or M
(manual)
Partner ID Device ID and MAC address of the remote end
Select Ports Number of the selected ports
Unselect Ports Number of the unselected ports
Share Type Load sharing type: Shar (load-sharing), or NonS
(non-load-sharing)
Master Port Number of the master port
■ Any view
3Com Switch 4200G Family display link-aggregation verbose ● 227
Command Reference
Purpose Use the display link-aggregation verbose command to display the details about
a specified aggregation group.
Example To display detailed information about aggregation group 1, enter the following:
Remote:
Actor Partner Priority Key SystemID Flag
------------------------------------------------------------------------------
GigabitEthernet1/0/2 0 32768 0 0x8000,0000-0000-0000 {DEF}
GigabitEthernet1/0/5 0 32768 0 0x8000,0000-0000-0000 {DEF}
■ Any view
Description Use the display link-aggregation verbose command to display the details
about a specified aggregation group, including:
■ Aggregation group ID, aggregation group type, load sharing type, aggregation
group description,
■ Local end details: device ID, member port, port status, port priority, operation key
and protocol status flag, and
■ Remote end details: local end port, and corresponding port index, port priority,
operation key, device ID and protocol status flag of the remote end.
For a manual aggregation group, value 0 is displayed for all the above items of the
remote end (which does not indicate the real information of the remote end), since
228 ● display link-aggregation verbose 3Com Switch 4200G Family
Command Reference
information about the remote end cannot be obtained for a manual aggregation
group.
3Com Switch 4200G Family display local-server statistics ● 229
Command Reference
Purpose Use the display local-server statistics command to view the statistics of all
local RADIUS authentication server.
Parameters None
Example To display the statistics about local RADIUS authentication server, enter the following:
■ Any view
display local-user
Purpose Use the display local-user command to view information about all the local
users or the specified one(s).
Parameters domain isp-name Specifies that all the local users in the specified ISP
domain are displayed.isp-name specifies the ISP
domain name with a character string up to
24 characters in length. The specified ISP domain must
exist.
idle-cut Displays the local users who are inhibited from
enabling the idle-cut function, or the local users who
are allowed to enable the idle-cut function.
■ enable displays local users that are allowed.
■ disable displays local users that are prohibited.
vlan vlan-id Displays the local users belonging to the specified
VLAN. vlan-id is an integer ranging from 1 to 4094.
service-type Displays the local users of a specified type. One of the
following user types can be specified:
■ ftp
■ lan-access (Ethernet accessing users, 802.1x
application for example)
■ ssh
■ telnet
■ terminal (users who log into the switch through the
Console port)
state Displays the local users in the specified state.
■ active means that the system allows the user
requesting network service
■ block means the system does not allow the user
requesting network service.
user-name user-name Specifies the connections to display using the
user-name. The user-name is a character string up
to 32 characters in length. The string cannot contain
the following characters:
■ /
■ :
■ *
3Com Switch 4200G Family display local-user ● 231
Command Reference
■ ?
■ <
■ >
The @ character can only be used once in one
username. The pure username (the characters before
the @, namely the user ID) cannot exceed 55
characters and the domain name (the characters
behind the @) cannot be longer than 24 characters.
Field Description
State State of the local user
ServiceType Mask Service type mark
Idle-Cut State of the idle-cut function
Access-Limit Limit on the number of access users
Current AccessNum Number of current access users
Bind location Whether or not bound to a port
Vlan ID VLAN of the user
IP address IP address of the user
MAC address MAC address of the user
■ Any view
Description This command displays the relevant information about a specified or all the local
users. The output can help you with the fault diagnosis and troubleshooting related
to local user.
display logbuffer
Purpose Use the display logbuffer command to display the status of the log buffer and
the records in the log buffer.
Example Display the status of the log buffer and the records in the log buffer.
screen display
■ Any view
234 ● display logbuffer summary 3Com Switch 4200G Family
Command Reference
Purpose Use the display logbuffer summary command to display the summary of the
log buffer.
Parameters Level severity Specifies an information severity level. Valid values are
1 to 8.
■ Any view
3Com Switch 4200G Family display-loopback-detection ● 235
Command Reference
display-loopback-detection
Parameters None
Fields Explanation
Port GigabitEthernet1/0/1 Loopback detection function for
loopback-detection is running. GigabitEthernet1/0/1 is enabled.
System Loopback-detection is running. System loopback detection function is enabled.
Detection interval time is 30 seconds. Detection time interval is set to be 30 seconds.
There is no port existing loopback link. Currently no port is detected with loopback.
■ Any view
Description If loopback detection is enabled, the time interval for loopback detection and the
loopback ports will also be displayed.
236 ● display mac-address 3Com Switch 4200G Family
Command Reference
display mac-address
Purpose Use the display mac-address command to display MAC address table information.
Value Description
mac-address [ vlan vlan-id ] Displays information about a specified MAC
address entry.
{ static | dynamic | blackhole } [ interface Displays information about dynamic, static, or
interface-type interface-number ] [ blackhole MAC address entries.
vlan vlan-id ] [ count ]
interface interface-type Displays information about the MAC address
interface-number [ vlan vlan-id ] [ count entries concerning a specified port.
]
vlan vlan-id [ count ] Displays information about the MAC address
entries concerning a specified VLAN.
count Displays the total number of the MAC address
entries of the switch.
statistics Displays the statistics on the MAC address
entries.
Example Display the MAC address table information about the MAC address of
00e0-fc01-0101.
Field Description
MAC ADDR MAC address
VLAN ID ID of the VLAN to which the network device identified by the MAC
address belongs
STATE The state of the MAC address. The value of this field can be "Static",
"Learned", and so on.
PORT INDEX Port index (including port type and port number)
AGING TIME(s) Aging time
■ Any view
Description Use the display mac-address command to display information about MAC address
entries in a MAC address table, including: MAC address, VLAN and port
corresponding to the MAC address, the type (static or dynamic) of a MAC address
entry, aging time and so on.
Purpose Use the display mac-address aging-time command to display the aging time of
the dynamic entry in the MAC address table.
Parameters None
Example Display the aging time of the dynamic MAC address entries.
The output information indicates that the aging time of the dynamic MAC address
entries is 300 second.
■ Any view
Purpose Use the display mac-address multicast static command to display the
multicast MAC address entries manually configured on the switch, with each entry
containing the following information: multicast MAC address, VLAN ID, MAC address
state, port number(s), and aging time of each port.
Parameters mac-address vlan vlan-id Multicast MAC address entry in a specified VLAN.
Example Display all the multicast MAC address entries manually configured in VLAN 1.
■ Any view
Description ■ Executing this command with neither mac-address vlan vlan-id nor vlan
vlan-id will display all the multicast MAC address entries added on the switch.
■ Executing this command with vlan vlan-id but without mac-address will
display all the multicast MAC address entries manually added in the specified
VLAN.
■ Executing this command with both mac-address and vlan vlan-id will display
the multicast MAC address entry manually added in the specified VLAN with the
specified multicast MAC address.
240 ● display mac-address security 3Com Switch 4200G Family
Command Reference
Purpose Use the display mac-address security command to display the information
about Security MAC address.
■ Any view
Description By checking the output of this command, you can verify the current configuration.
3Com Switch 4200G Family display mac-authentication ● 241
Command Reference
display mac-authentication
Parameters interface-list Specifies the list of Ethernet ports. You can specify
multiple Ethernet ports by providing this argument in
the form of interface-list = { interface-type
interface-number [ to interface-type interface-number
] } where <1–10 means that you can provide up to 10
port indexes/port index lists for this argument.
Example To display the global information about centralized MAC address authentication,
enter the following:
Field Description
mac address authentication is Centralized MAC address authentication is enabled.
Enabled
authentication mode Centralized MAC address authentication mode. The default
is the MAC address mode.
the Fixed username User name used in the fixed mode, which defaults to mac.
the Fixed password Password used in the fixed mode, which is not configured by
default.
offline detect period Setting of the offline detect timer, which sets the time
interval to check whether a user goes offline and defaults to
300 seconds.
quiet period Setting of the quiet timer, which sets the quiet period. A
switch goes through a quiet period if a user fails to pass the
MAC address authentication. The default value is 1 minute.
server response timeout value Setting of the server timeout timer, which sets the timeout
time for the connection between a switch and the RADIUS
server. By default, it is 100 seconds.
max allowed user number The maximum number of users supported by the switch. It is
1,024 by default.
current user number amounts to The current number of users
current domain The current domain. It is not configured by default.
Silent Mac User info The information about the silent user. When the user fails to
pass MAC address authentication because of inputting error
user name and password, the switch sets the user to be in
quiet state. During quiet period, the switch does not
authenticate this user.
GigabitEthernet1/0/1 is link-up The link connected to GigabitEthernet1/0/1 port is up.
MAC address authentication is MAC address authentication is enabled for
Enabled GigabitEthernet1/0/1 port.
Authenticate success: 0, failed: 0 Statistics of the MAC address authentications performed on
the port, including the numbers of successful and failed
authentication operations.
Current online user number The number of the users current access the network through
the port
Authenticate state The state of the users accessing the network through the
port, which can be:
■ CONNECTING: Connecting
■ SUCCESS: Authentication passed
■ FAILURE: Fail to pass authentication
■ LOGOFF: Offline
MAC ADDR Peer MAC address
Authenticate state State of the current MAC address authentication
AuthIndex Index of the current MAC address with regard to the
authentication port
■ Any view
3Com Switch 4200G Family display memory ● 243
Command Reference
display memory
Purpose Use the display memory command to display the memory usage of a specified
switch.
<S4200G>display memory
Unit 1
System Available Memory(bytes): 37238784
System Used Memory(bytes): 8201352
Used Rate: 22%
Field Description
System Available Memory(bytes) Available memory size of the system, in unit of bytes.
System Used Memory(bytes) Used memory size of the system, in unit of bytes.
Used Rate Percentage of the used memory.
■ Any view
244 ● display mirroring-group 3Com Switch 4200G Family
Command Reference
display mirroring-group
Purpose Use the display mirroring-group command to display the parameter settings
of a port mirroring group.
■ Any view
■ Group number
■ Group type: local
■ Group status
■ Information of the monitored port
■ Information of the monitored MAC address
■ Information of the monitored VLAN
■ Information of the monitoring port
■ Group number
■ Group type: remote-destination
3Com Switch 4200G Family display mirroring-group ● 245
Command Reference
■ Group status
■ Information of the destination port
■ Remote-probe vlan information
■ Group number
■ Group type: remote-source
■ Group status
■ Information of the source port
■ Information of the monitored MAC address
■ Information of the monitored VLAN
■ Information of the reflector port
■ Remote-probe vlan information
246 ● display ndp 3Com Switch 4200G Family
Command Reference
display ndp
Purpose Use the display ndp command to display global NDP configuration information,
including the interval to send NDP packets, the holdtime of NDP information, and the
information about the neighbors of all the ports.
Parameters interface port-list Specifies a list of ports. The list can contain consecutive
or separated ports, or the combination of the both.
You need to provide the port-list argument in the form
of { interface-type interface-number | interface-name }
[ to { interface-type interface-number | interface-name
} ] } &<1-10>, where interface-type specifies the port
type, and interface-number specifies the port number
(in the form of slot number/port number).
■ Any view
3Com Switch 4200G Family display ntdp ● 249
Command Reference
display ntdp
Purpose Use the display ntdp command to display the global NTDP information. The
information includes the range (in hop count) within which topology information is
collected, the interval to collect topology information (the NTDP timer), the delay time
for a device to forward topology-collection requests, the delay time for a
topology-collection request to be forwarded through a port, and the time cost during
the last topology collection.
Parameters None
<S4200G>display ntdp
NTDP is running.
Hops : 3
Timer : 1 min (disable)
Hop Delay : 200 ms
Port Delay: 20 ms
Last collection total time: 3473ms
Field Description
NTDP is running. The global NTDP is enabled on the local device.
Hops Hops for topology collection.
Timer Interval of periodic topology collection.
Hop Delay Delay that the device forwards topology collection request.
Port Delay Delay that the port forwards topology collection request.
Last collection total time Time taken by last collection.
■ Any view
250 ● display ntdp device-list 3Com Switch 4200G Family
Command Reference
Purpose Use the display ntdp device-list command to display the device information
collected through NTDP.
Field Description
MAC MAC address of the device
HOP Hops to the collecting device
PLATFORM Platform information about device
IP IP address and mask length of the management VLAN interface on
the device
■ Any view
3Com Switch 4200G Family display ntdp single-device mac-address ● 251
Command Reference
Example Display the information about the switch whose MAC address is 00e0-fc00-5111 in
detail.
Hostname : aaa_1.42-com2
MAC : 00e0-fc00-5111
Hop : 1
Platform : Switch 4200G
IP : 16.168.1.2/24
Version :
3Com Versatile Routing Platform Software
VRP (R) Software, Version V3.01.00s168c03
Copyright (c) Reserved.
4200G 24-Port 4200G
■ Cluster view
3Com Switch 4200G Family display ntp-service sessions ● 253
Command Reference
Purpose Use the display ntp-service sessions command to display the status of all the
sessions maintained by NTP (Network Time Protocol) service provided by the local
equipment.
Default By default, the status of all the sessions maintained by NTP service provided by the
local equipment will be displayed.
Example Display the status of all the sessions maintained by NTP service.
Field Description
source IP address of the synchronization source (device to be synchronized)
reference Reference clock ID of the synchronization source
stra Stratum of the clock of the synchronization source
reach Indicates whether or not the synchronization source is reachable.
poll Polling interval in seconds, that is, the maximum interval between two
successive messages
now The time elapsed since the latest NTP packet is sent
offset Clock offset
delay Network delay
disper The maximum offset of the local clock with regard to the reference clock
■ Any view
Description When you configure this command without the verbose parameter, the Switch will
only display brief information about all the sessions it maintains.
254 ● display ntp-service sessions 3Com Switch 4200G Family
Command Reference
With the verbose parameter configured, the Switch will display detailed information
about all the sessions it maintains.
3Com Switch 4200G Family display ntp-service status ● 255
Command Reference
Purpose Use the command display ntp-service status to display the NTP service status.
Parameters None
■ Any view.
Output Meaning
clock status:unsynchronized Local clock status: do not synchronize to any remote NTP
server.
clock stratum: 16 Indicates the NTP stratum of local clock
reference clock ID Address of the remote server or the ID of the reference
clock after the local system is synchronized to a remote NTP
server or a reference clock
nominal frequency Nominal frequency of the local system hardware clock.
actual frequency Actual frequency of the local system hardware clock.
clock precision Precision of local system clock
clock offset Offsets of the local clock to the NTP server clock.
root delay Roundtrip delay between the local system and the server
that serves as the primary reference clock
root dispersion The maximum dispersion of the local clock with regard to
the primary reference clock
peer dispersion The maximum dispersion of the remote NTP server
reference time Reference timestamp.
256 ● display ntp-service trace 3Com Switch 4200G Family
Command Reference
Purpose Use the display ntp-service trace command to display the brief information of
each NTP time server along the time synchronization chain from the local device to
the reference clock source.
Parameters None
■ Any view
3Com Switch 4200G Family display packet-filter ● 257
Command Reference
display packet-filter
Purpose Use the display packet-filter command to view the application information of
packet filtering, including the ACL name, rule names, and application status.
Parameters interface-type
interface-num } Port of the switch.
unit-id Unit ID, used to specify to display the information of a
specific unit.
■ Any view
258 ● display port 3Com Switch 4200G Family
Command Reference
display port
Purpose Use the display port command to display all current ports with their type indicated.
Example To display the currently configured hybrid ports, enter the following:
The example above indicates that the current configuration has two hybrid ports,
Ethernet1/0/1 and Ethernet1/0/2.
■ Any view
3Com Switch 4200G Family display port-security ● 259
Command Reference
display port-security
Purpose Use the display port-security command to display the information about
port security configuration (including global configuration and all or specific port
configuration).
Parameters interface interface-list Specifies an Ethernet port list, which can contain
multiple Ethernet ports. The interface-list
argument is in the format of { interface-type
interface-number [ to interface-type
interface-number ] } & < 1-10 >, where
interface-type represents a port type,
interface-number represents a port number, and
& < 1-10 > means you can specify up to 10 ports or
port ranges.
GigabitEthernet1/0/1 is link-up
Port mode is Userlogin
NeedtoKnow mode is disabled
Intrusion mode is disableportTemporarily
max mac-address num is not configured
Stored mac-address num is 0
260 ● display port-security 3Com Switch 4200G Family
Command Reference
Field Description
Equipment port security is enabled The port security function is enabled on the switch.
addressLearn trap is Enabled Enable the sending of address-learning trap information.
Intrusion trap is Enabled Enable the sending of intrusion-detection trap information.
Dot1x logon trap is Enabled Enable the sending of 802.1x user logon (authentication
success) trap information.
Dot1x logoff trap is Enabled Enable the sending of 802.1x user logoff trap information.
Dot1x logfailure trap is Enabled Enable the sending of 802.1x user authentication failure trap
information.
RALM logon trap is Enabled Enable the sending of RALM logon trap information.
RALM logoff trap is Enabled Enable the sending of RALM logoff trap information.
RALM logfailure trap is Enabled Enable the sending of RALM logfailure trap information.
Vlan id assigned is NULL The delivered VLAN ID is Null.
Disableport Timeout: 20 s The temporary port-disabling time is 20 seconds.
OUI value The OUI value
GigabitEthernet1/0/1 is link-up The link state of port GigabitEthernet 1/0/1 is link-up.
Port mode is Userlogin The security mode of the port is Userlogin.
NeedtoKnow mode is disabled The NTK mode is disabled.
Intrusion mode is The intrusion detection mode is disableportTemporarily.
disableportTemporarily
Max mac-address num is not The maximum number of MAC addresses allowed to access
configured the port is not configured here.
Stored mac-address num is 0 The number of current users is zero.
■ Any view
Description Use the display port-security command to display the information about
port security configuration (including global configuration and all or specific port
configuration).
By checking the output of this command, you can verify the current configuration.
CAUTION:
■ This command will display global and all ports' security configuration information
if the interface-list argument is not specified.
■ This command will display global and particular port's security configuration
information if the interface-list argument is specified.
3Com Switch 4200G Family display port vlan-vpn ● 261
Command Reference
Purpose Use the display port vlan-vpn command to display the information about the
VLAN VPN configuration of the current system, including current TPID value,
VLAN-VPN ports, and VLAN-VPN uplink ports.
Parameters None
■ Any view
262 ● display protocol-priority 3Com Switch 4200G Family
Command Reference
display protocol-priority
Parameters None
■ Any view
3Com Switch 4200G Family display qos cos-drop-precedence-map ● 263
Command Reference
Parameters None
■ Any view
264 ● display qos cos-dscp-map 3Com Switch 4200G Family
Command Reference
Purpose Use the display qos cos-dscp-map command to display the "COS->DSCP"
mapping relationship.
Parameters None
■ Any view
3Com Switch 4200G Family display qos cos-local-precedence-map ● 265
Command Reference
Parameters None
■ Any view
266 ● display qos dscp-cos-map 3Com Switch 4200G Family
Command Reference
Purpose Use the display qos dscp-cos-map command to display the "DSCP->802.1
priority" mapping relationship.
Parameters None
Example To display the "DSCP->801.1p priority" mapping relationship, enter the following:
■ Any view
3Com Switch 4200G Family display qos dscp-drop-precedence-map ● 267
Command Reference
Parameters None
■ Any view
268 ● display qos dscp-dscp-map 3Com Switch 4200G Family
Command Reference
Purpose Use the display qos dscp-cos-map command to display the "DSCP->DSCP"
mapping relationship.
Parameters None
■ Any view
3Com Switch 4200G Family display qos dscp-local-precedence-map ● 269
Command Reference
Parameters None
■ Any view
270 ● display qos-interface all 3Com Switch 4200G Family
Command Reference
Purpose Use the display qos-interface all command to display all the QoS settings
of the port.
Parameters interface-name |
interface-type
interface-num Specifies the port of the switch. Specify this parameter
and the switch will display the parameter
configurations of the specified port.
unit-id Specifies the unit ID. Specify this parameter and the
switch will display the parameter configurations of the
specified unit. If the unit ID parameter is specified, the
QoS parameter settings of all the ports on the specified
switch will be displayed.
Example To display all the QoS settings on Gigabitethernt1/0/1, enter the following:
■ Any view
Description The switch displays the following information according to its configurations:
Parameters interface-type
interface-num Specifies the port of the switch. Input this parameter
and the switch will display the parameter
configurations of the specified port.
unit-id Specifies the unit ID. Input this parameter and the
switch will display the parameter configurations of the
specified unit.
■ Any view
Description This command displays the name and priority-trust mode of the port.
Purpose Use the display qos-interface traffic-limit command to view the traffic limit
settings.
Parameters interface-name |
interface-type
interface-num Specifies the port of the switch. Input this parameter
and the switch will display the parameter
configurations of the specified port.
unit-id Specifies the unit ID. Input this parameter and the
switch will display the parameter configurations of the
specified unit.
■ Any view
■ The name of the port and the name of the traffic policing action
■ The application direction of the function on the port
■ Referenced ACL
■ Committed average rate
■ Settings for related policing actions
■ The running state of traffic policing statistics
Parameters interface-type
interface-num Specifies the port of the switch. Input this parameter
and the switch will display the parameter
configurations of the specified port.
unit-id Specifies the unit ID. Input this parameter and the
switch will display the parameter configurations of the
specified unit.
Example To display the parameter configurations of traffic limit on the port, enter the
following:
■ Any view
Purpose Use the display qos-interface traffic-statistic command to view the traffic
statistics.
Parameters interface-name |
interface-type
interface-num Specifies the port of the switch. Input this parameter
and the switch will display the parameter
configurations of the specified port.
unit-id Specifies the unit ID. Input this parameter and the
switch will display the parameter configurations of the
specified unit.
■ Any view
display qos-profile
Purpose Use the display qos-profile command to view the configurations of the QoS
profile.
Example To display the configurations of all the QoS profiles, enter the following:
■ Any view
■ The name of the QoS profile and the number of configured actions
■ The definition of each action
3Com Switch 4200G Family display queue-scheduler ● 277
Command Reference
display queue-scheduler
Purpose Use the display queue-scheduler command to view queue scheduling mode and
corresponding parameters.
Parameters None
Example To display the queue-scheduling mode and the related parameters, enter the
following:
■ Any view
■ Queue ID
■ The scheduling group of the queue
■ The weight of the queue
display radius
Purpose Use the display radius command to view the configuration information about all
RADIUS schemes or a specified scheme.
Example To display the configuration information about all RADIUS schemes, enter the
following:
------------------------------------------------------------------
Total 1 RADIUS scheme(s). 1 listed
Table 63 Description on the fields of the display radius command
Field Description
SchemeName Name of the RADIUS scheme
Index Index number of the RADIUS scheme
Type Type of the RADIUS servers
Primary Auth IP/ Port IP address/access port number of the primary authentication
server
Primary Acct IP/ Port IP address/access port number of the primary accounting server
Second Auth IP/ Port IP address/access port number of the secondary authentication
server
Second Acct IP/ Port IP address/access port number of the secondary accounting
server
3Com Switch 4200G Family display radius ● 279
Command Reference
Field Description
Auth Server Encryption Key Shared key of the authentication servers
Acct Server Encryption Key Shared key of the accounting servers
Accounting method Accounting method
Accounting-On packet enable, The system sends up to 15 Accounting-on packets at intervals
send times = 15 , interval = 3s of 3 seconds after restarting.
TimeOutValue (seconds) RADIUS server response timeout time
RetryTimes Maximum number of transmission attempts
RealtimeACCT(in minute) Real-time accounting interval in minutes
Permitted send realtime PKT Maximum allowed number of continuous no-response
failed counts real-time accounting requests
Retry sending times of Maximum number of transmission attempts of the buffered
nonresponse acct-stop-PKT stop-accounting requests
Quiet-interval(min) Wait time for the primary servers to restore the active state
Username format User name format
Data flow unit Unit of measure for data in data flows
Packet unit Unit of measure for packets
Primary Auth State Status of the primary authentication server
Second Auth State Status of the secondary authentication server
Primary Acc State Status of the primary accounting server
Second Acc State Status of the secondary accounting server
■ Any view
Purpose Use the display radius statistics command to view the statistics information
about RADIUS packet.
Parameters None
Example To display the statistics about RADIUS packets, enter the following:
Running statistic:
RADIUS received messages statistic:
Normal auth request , Num=0 , Err=0 , Succ=0
EAP auth request , Num=0 , Err=0 , Succ=0
Account request , Num=0 , Err=0 , Succ=0
Account off request , Num=0 , Err=0 , Succ=0
PKT auth timeout , Num=0 , Err=0 , Succ=0
PKT acct_timeout , Num=0 , Err=0 , Succ=0
Realtime Account timer , Num=0 , Err=0 , Succ=0
PKT response , Num=0 , Err=0 , Succ=0
EAP reauth_request , Num=0 , Err=0 , Succ=0
PORTAL access , Num=0 , Err=0 , Succ=0
Update ack , Num=0 , Err=0 , Succ=0
PORTAL access ack , Num=0 , Err=0 , Succ=0
Session ctrl pkt , Num=0 , Err=0 , Succ=0
Set policy result , Num=0 , Err=0 , Succ=0
RADIUS sent messages statistic:
Auth accept , Num=0
Auth reject , Num=0
EAP auth replying , Num=0
Account success , Num=0
Account failure , Num=0
Cut req , Num=0
Set policy result , Num=0
RecError_MSG_sum:0 SndMSG_Fail_sum :0
Timer_Err :0 Alloc_Mem_Err :0
State Mismatch :0 Other_Error :0
3Com Switch 4200G Family display radius statistics ● 281
Command Reference
No-response-acct-stop packet =0
Discarded No-response-acct-stop packet for buffer overflow =0
0
■ Any view
Purpose Use the display rmon alarm command to display the configuration of a specified
alarm entry or all the alarm entries.
Field Description
Samples type Indicates the type of a sample. This field can be delta, which
indicates the sample is an increment, or absolute, which
indicates the sample is an absolute value.
When startup enables Indicates the condition to trigger the alarm.
■ Any view
Purpose Use the display rmon event command to display the configuration of a specified
event entry or all the event entries.
Field Description
Event table 1 Event entry with index 1
VALID The state of the entry is valid
cause log-trap when triggered Logging and trapping triggered by events
Description Event description
last triggered at 0days 00h:02m:27s Time when the last event is triggered
■ Any view
Description The displayed information includes: event entry index, event entry owner, event
description, the action triggered by the event (log or alarm messages), and the time
(in seconds) when the latest event is triggered (in terms of the time elapsed since the
system is started/initialized).
Purpose Use the display rmon eventlog command to display the log of a specified event
entry or all the event entries.
■ Any view
Description The displayed information includes: the indexes and status of the event entries in the
event table, the time (in seconds) when an event log is generated (in terms of the
time elapsed since the system is started or initialized), and the event description.
3Com Switch 4200G Family display rmon history ● 285
Command Reference
Purpose Use the display rmon history command to display the RMON history information
about a specified port. The information about the latest sample, including utilization,
the number of errors, the total number of packets and so on, is also displayed.
■ Any view
Purpose Use the display rmon prialarm command to display the configuration of a
specified extended alarm entry or all the extended alarm entries.
Example Display the configuration of all the extended RMON alarm entries.
■ Any view
Purpose Use the display rmon statistics command to display the RMON statistics of a
specified port.
■ Any view
Description The displayed information include the number of the following items: collisions,
packets with CRC errors, undersize or oversize packets, broadcast packets, multicast
packets, received bytes, and received packets.
Purpose Use the display rsa local-key-pair public command to display the public
key of the server host key pair. If no key pair is generated, the system prompts “%RSA
keys not found”.
Parameters None
Example Display the public key of the server host key pair:
■ Any view
Purpose Use the display rsa peer-public-key command to display the client public
key of the specified RSA key pair. If no key name is specified, the command displays
all public keys of the client
Parameters brief Displays brief information about all public keys on the
client.
keyname Name of the client public key, consisting of a string 1
to 64 characters long.
■ Any view
290 ● display saved-configuration 3Com Switch 4200G Family
Command Reference
display saved-configuration
Purpose Use the display saved-configuration command to display the content of the
main configuration file in the flash memory of a switch.
Example Display the content of the main configuration file in the Flash.
#
interface Ethernet1/0/14
#
interface Ethernet1/0/15
#
interface Ethernet1/0/16
#
interface Ethernet1/0/17
#
interface Ethernet1/0/18
#
interface Ethernet1/0/19
#
interface Ethernet1/0/20
#
interface Ethernet1/0/21
#
interface Ethernet1/0/22
#
interface Ethernet1/0/23
#
interface Ethernet1/0/24
#
interface GigabitEthernet1/1/1
#
interface GigabitEthernet1/2/1
#
interface NULL0
#
management-vlan 2
#
user-interface aux 0 7
user-interface vty 0 4
#
return
The configurations above are listed in the following order: global, port configuration,
and user interface configurations.
■ Any view
Description If an Ethernet switch does not work normally after it is powered on, you can use the
display saved-configuration command to view the startup configurations
of the switch.
292 ● display schedule reboot 3Com Switch 4200G Family
Command Reference
Purpose Use the display schedule reboot command to display information about
scheduled reboot.
Parameters None
■ Any view
display snmp-agent
Purpose Use the display snmp-agent command to view engine ID of the local or remote
SNMP entity.
■ Any view
Description The SNMP engine is a unique identifier of an SNMP entity in the SNMP domain. It
performs the function of sending, receiving and authenticating SNMP messages,
extracting PDUs, packet encapsulations, and communication with SNMP applications.
294 ● display snmp-agent community 3Com Switch 4200G Family
Command Reference
Purpose Use the display snmp-agent community command to view the information about
the currently configured community names for SNMPv1 or SNMPv2c.
community name:private
group name:private
storage-type: nonVolatile
■ Any view
3Com Switch 4200G Family display snmp-agent group ● 295
Command Reference
Purpose Use the display snmp-agent group command to view group name, security model,
state of various views and storage models.
Field Description
groupname SNMP Group name of the user
Security model Security model of that group, including authorization and encryption,
authorization and no encryption, no authorization and no encryption.
readview Read-only MIB view name corresponding to that group
writeview Writable MIB view corresponding to that group
notifyview The name of the notify MIB view corresponding to that group
storage-type Storage type, including volatile, nonVolatile, permanent, readOnly and
other.
■ Any view
296 ● display snmp-agent mib-view 3Com Switch 4200G Family
Command Reference
Purpose The display snmp-agent mib-view command is used to view the MIB view
configuration information of the current Ethernet switch.
Example Display the information about the currently configured MIB view.
View name:ViewDefault
MIB Subtree:snmpUsmMIB
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpVacmMIB
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
View name:ViewDefault
MIB Subtree:snmpModules.18
Subtree mask:
Storage-type: nonVolatile
View Type:excluded
View status:active
3Com Switch 4200G Family display snmp-agent mib-view ● 297
Command Reference
Field Description
View name View name
MIB Subtree MIB Subtree
Storage-type Storage type
ViewType: included/excluded Permit or forbid access to an MIB object
View status Indicate the line state in the table
■ Any view
Description The display snmp-agent mib-view command is used to view the MIB view
configuration information of the Switch.
If the SNMP Agent is disabled, "SNMP Agent disabled" will be displayed after you
execute the above display commands.
298 ● display snmp-agent statistics 3Com Switch 4200G Family
Command Reference
Purpose Use the display snmp-agent statistics command to view the statistics
information about SNMP packets.
Parameters None
Field Description
0 Messages delivered to the SNMP entity Total number of the input SNMP packets
0 Messages which were for an Number of packets with version information error
unsupported version
0 Messages which used a SNMP Number of packets with community name error
community name not known
0 Messages which represented an illegal Number of packets with authority error
operation for the community supplied corresponding to the community name
0 ASN.1 or BER errors in the process of Number of SNMP packets with encoding error
decoding
0 Messages passed from the SNMP Total number of the output SNMP packets
entity
0 SNMP PDUs which had a badValue Number of SNMP packets with Bad_values error
error
3Com Switch 4200G Family display snmp-agent statistics ● 299
Command Reference
Field Description
0 SNMP PDUs which had a general error Number of SNMP packets with General_errors
0 SNMP PDUs which had a noSuchName Number of the packets requesting nonexistent MIB
error objects
0 SNMP PDUs which had a tooBig error Number SNMP packet with too_big error
(Maximum packet size 1500)
0 MIB objects retrieved successfully Number of variables requested by NMS
0 MIB objects altered successfully The number of variables set by NMS
0 Get-request PDUs accepted and Number of the received packets requested by get
processed
0 Get-next request PDUs accepted and Number of the received packets requested by
processed get-next
0 GetBulkRequest-PDU accepted and Number of PDUs requested by GetBulk.
processed
0 GetResponse-PDU accepted and Number of PDUs requested by GetResponse.
processed
0 Set-request PDUs accepted and Number of the received packets requested by set
processed
3 Trap PDUs accepted and processed Number of the sent Trap packets
0 Alternate Response Class PDUs droped Number of dropped PDUs.
silently
0 Forwarded Confirmed Class PDUs Number of dropped forwarded PDUs.
droped silently
■ Any view
Purpose Use the display snmp-agent sys-info command to view the system information
of SNMP configuration.
■ Any view
Description The information includes the character string sysContact (system contact), the
character string describing the system location, the version information about the
running SNMP in the system.
3Com Switch 4200G Family display snmp-agent trap-list ● 301
Command Reference
Purpose Use the display snmp-agent trap-list command to display trap list
information.
Parameters None
■ Any view
Purpose Use the display snmp-agent usm-user command to view SNMP user
information.
Field Description
User name SNMP user name
Group name The group name which the SNMP user name belongs to
Engine ID The character string identifying the SNMP device
Storage type Storage type, including volatile, nonVolatile, permanent, readOnly and
other.
userStatus SNMP user status
■ Any view
3Com Switch 4200G Family display ssh server ● 303
Command Reference
Purpose Use the display ssh server command to display the status or session
information about the SSH server
■ Any view
Purpose Use the display ssh server-info command to display the association
between the server public keys configured on the client and the servers.
Parameters None
Example Display the association between the server public keys and the servers.
■ Any view
3Com Switch 4200G Family display ssh user-information ● 305
Command Reference
■ Any view
display startup
Purpose Use the display startup command to display the startup configuration of a
switch, including the name of the current startup configuration file, the names of the
main startup configuration file, and backup startup configuration file to be used
when the switch starts the next time, and so on.
■ Any view
display stop-accounting-buffer
Parameters radius-scheme
radius-scheme-name Displays the buffered stop-accounting requests of the
specified RADIUS scheme. radius-scheme-name is
a character up to 32 characters in length.
session-id session-id Displays the buffered stop-accounting requests of the
specified session ID. session-id is a character string
up to 50 characters in length.
time-range start-time
stop-time Displays the buffered stop-accounting requests in the
specified time range.
■ start-time specifies the beginning time of the
request time range.
■ stop-time specifies the end time of the saving
time range.
The time is expressed in the format
hh:mm:ss-yyyy/mm/dd or hh:mm:ss-yyyy/mm/dd.
user-name user-name Displays the buffered stop-accounting requests for the
specified username. user-name specifies the
username, a character string up to 32 characters in
length. This string cannot contain the following
characters:
■ /
■ *
■ <
■ >
The @ character can only be used once in one
username. The pure username (the part before @,
namely the user ID) cannot exceed 24 characters.
Example To Display the buffered stop-accounting requests from 0:0:0 08/31/2002 to 23:59:59
08/31/2002, enter the following:
308 ● display stop-accounting-buffer 3Com Switch 4200G Family
Command Reference
■ Any views
Description You can choose to display the buffered stop-accounting packets of a specified
RADIUS scheme, session ID, or user name. You can also specify a time range to display
those which are sent within the specified time range. The displayed packet
information helps you to diagnose and resolve problems relevant to RADIUS.
When the switch sends out a stop-accounting packet but gets no response from the
RADIUS server, it first buffers the packet and then retransmits it until the maximum
number of retransmission attempts (set by the retry stop-accounting
command) is reached.
display stp
Purpose Use the display stp command to display the state and statistical information
about one or all spanning trees.
Example To display the state and statistical information about a spanning tree, enter the
following:
Field Description
MSTID The ID of a spanning tree instance in the MST region
Port Port number corresponding to the spanning tree instance
Role Port role
STP State STP state of the port, which can be forwarding or discarding.
Protection Protection type of the port
■ Any view
Description The state and statistical information about MSTP can be used to analyze and maintain
the topology of a network. It also can be used to make MSTP operating properly.
■ If neither spanning tree instance nor port list is specified, the command displays
spanning tree information about all spanning tree instances on all ports in order of
port number.
■ If only a spanning tree instance is specified, the command displays information
about the specified spanning tree instance on all ports in order of port number.
■ If only a port list is specified, the command displays information about all spanning
tree instances on these ports in order of port number.
■ If both a spanning tree instance and a port list are specified, the command displays
spanning tree information about the specified spanning tree instance and the
specified ports in order of spanning tree instance ID.
■ Global CIST parameters: Protocol operation mode, switch priority in the CIST
instance, MAC address, Hello time, Max Age, Forward delay, Max hop count, the
common root bridge of the CIST, the external path cost for the switch to reach the
CIST common root bridge, the region root, the internal path cost for the switch to
reach the region root, CIST root port of the switch, and the status of the BPDU
protection function (enabled or disabled).
■ CIST port parameters: Port protocol, port role, port priority, path cost, the
designated bridge, the designated port, edge port/non-edge port, connected/not
connected to a point-to-point link, the maximum transmission speed, the type of
the root protection feature, VLAN mappings, Hello time, Max age, Forward delay,
Message-age time, and Remaining-hops.
■ Global MSTI parameters: MSTI ID, bridge priority of the instance, region root,
internal path cost, MSTI root port, and Master bridge.
■ MSTI port parameters: Port status, role, priority, path cost, the designated bridge,
the designated port, and Remaining Hops.
The statistics includes the number of the TCN BPDUs, the configuration BPDUs, the
RST BPDUs, and the MST BPDUs transmitted/received by the port.
Purpose Use the display stp region-configuration command to display the MST
region configuration.
Parameters None
Example To display the configurations of the MST regions, enter the following:
Field Description
Format selector Selector specified by MSTP
Region name Name of the MST region
Revision level Revision level of the MST region
Instance Vlans Mapped Spanning tree instance-to-VLAN mappings in the MST region
■ Any view
Purpose Use the display tcp statistics command to view the statistics information about
TCP packets.
Parameters None
Sent packets:
Total: 665
urgent packets: 0
control packets: 5 (including 1 RST)
window probe packets: 0, window update packets: 2
data packets: 618 (8770 bytes) data packets retransmitted: 0 (0 bytes)
ACK-only packets: 40 (28 delayed)
Field Description
Received packets Indicates that the following is the statistics for the received packets.
Total Total number of received packets
packets in sequence Number of packets reached in sequence
window probe packets Number of window probe packets
checksum error Number of checksum error packets
offset error Number of length error packets
short error Number of too short packets
duplicate packets Number of completely duplicate packets
3Com Switch 4200G Family display tcp statistics ● 313
Command Reference
Field Description
partially duplicate Number of partly duplicate packets
packets
out-of-order packets Number of out-of-order packets
packets of data after Number of after-window packets
window
packets received after Number of packets reached after the connection is closed
close
ACK packets Number of ACK packets
duplicate ACK packets Number of duplicate ACK packets
Sent packets Indicates that the following is the statistics for the sent packets.
Total Total number of sent packets
urgent packets Number of urgent data packets
control packets Number of control packets
window probe packets Number of window probe packets
window update packets Number of window update packets
data packets Number of data packets
ACK-only packets Number of ACK packets
Retransmitted timeout Timeout times of the retransmission timer
connections dropped in Number of connections dropped due to out-of-limit retransmission
retransmitted timeout times
Keepalive timeout Timeout times of the keepalive timer
keepalive probe Number of sent keepalive probe packets
keepalive timeout, so Number of connections torn down due to keepalive probe failure
connections
disconnected
Initiated connections Number of initiated connections
accepted connections Number of accepted connections
established connections Number of established connections
Closed connections Number of closed connections
■ Any view
Description The statistics are mainly divided into two parts: those for received packets, and those
for sent packets. Each part contains information about different types of packets,
such as duplicate packets and checksum error packets in received packets. At the end
of the display output are the statistics relevant to the connections, such as the
accepted connections, the number of the retransmitted packets, and the number of
keepalive probe packets. Most of the above statistics are offered in packets; several
ones are offered in bytes.
Purpose Use the display tcp status command to view the TCP connection state.
Parameters None
Example To display the state of all TCP connections, enter the following:
Field Description
Local Add:port Local IP address: local port
Foreign Add:port Remote IP address; remote port
State State of the TCP link
■ Any view
3Com Switch 4200G Family display this ● 315
Command Reference
display this
Purpose Use the display this command to display the current configuration performed in
the current view of the system.
Example Display the running configuration parameters in the current view of the system with
each line number.
■ Any view
Description After performing a group of configurations in a view, you can use the display
this command to verify the configuration results by checking the currently valid
parameters.
■ This command does not display the currently valid configuration parameters which
have the same values with the corresponding default working parameters.
■ This command does not display the parameters whose corresponding functions do
not take effect even though these parameters have been configured.
■ Executing this command in different interface views display the configurations on
the corresponding interfaces.
■ Executing this command in different protocol views display the configurations in
the corresponding protocol views.
■ Executing this command in different protocol sub-views display the configurations
in the corresponding protocol sub-views.
316 ● display time-range 3Com Switch 4200G Family
Command Reference
display time-range
Purpose Use the display time-range command to view the configuration and status of the
current time range. You will see the active or inactive state outputs respectively.
Field Description
Current time is 14:36:36 Apr/3/2003 The current time of the system.
Thursday
Time-range : hhy ( Inactive ) from 08:30 Time range hhy. "Inactive" indicates that this time
2/5/2005 to 18:00 2-19-2005 range is currently in the inactive state (while "Active"
indicates that the time range is in the active state),
and the time range is from 8:30 February 5, 2005 to
18:00 February 19 2005.
Field Description
Current time is 14:36:36 Apr/3/2003 The current time of the system
Thursday
Time-range : tm1 ( Inactive ) from 08:30 Time range tm1. "Inactive" indicates that this time
2/5/2005 to 18:00 2/19/2005 range is currently in the inactive state (while "Active"
indicates that the time range is in the active state),
and the time range is from 8:30 February 5, 2005 to
18:00 February 19 2005
3Com Switch 4200G Family display time-range ● 317
Command Reference
■ Any view
display trapbuffer
Purpose Use the display trapbuffer command to display the status of the trap buffer
and the records in the trap buffer.
Example Display the status of the trap buffer and the records in the trap buffer.
■ Any view
Description Executing the command with the size buffersize parameters will display the latest trap
records, with the number of the records being the specified size at most.
3Com Switch 4200G Family display udp-helper server ● 319
Command Reference
Purpose Use the display udp-helper server command to view the information of
destination Helper server corresponding to the VLAN interface.
Example To display the information of destination Helper server corresponding to the VLAN
interface 1, enter the following:
■ Any view
320 ● display user-interface 3Com Switch 4200G Family
Command Reference
display user-interface
Parameters type number Specifies the type and number of the user interface
you want to display details on, for example VTY 3.
number Specifies the index number of the user interface you
want to display details on.
summary Displays the summary of a user interface.
Field Description
+ Indicates that the user interface is in use
F Indicates that the current user interface is in use and working in asynchronous
mode
Idx Displays the absolute index number of the user interface
Type Displays the user interface type and relative index of the user interface
Tx/Rx Displays the transmission speed of the user interface
Modem Indicates whether or not a modem is used
Privi Indicates the command level that can be accessed from this user interface
Auth Indicates the user interface authentication method
Int Indicates the physical location of the user interface
3Com Switch 4200G Family display user-interface ● 321
Command Reference
Field Description
0: U User interface type
1 character mode users One type of user interface
1 total UIs in use The total number of user interfaces in use
UI’s name User interface name
■ Any view
Description Use the display user-interface command to display the information about a
specified user interface or all user interfaces, including user interface type,
absolute/relative user interface number, transmission speed, available command level,
authentication mode, and physical position.
You can choose to access this information by user interface type and type number, or
by user interface index number. The information displayed is the same whichever
access method you use.
This command without the summary parameter displays user interface type,
absolute/relative index, transmission speed, priority, authentication methods, and
physical location. This command with the summary parameter displays one user
interface in use with user interface name and other user interface information.
322 ● display users 3Com Switch 4200G Family
Command Reference
display users
Purpose Use the display users command to display the information about user interfaces. If
you do not specify the all keyword, only the information about the current user
interface is displayed.
Example To display information on the current user interface, enter the following
Field Description
F Indicates that the user interface is in use and is working in asynchronous mode
UI The numbers in the left sub-column are the absolute user interface indexes, and
those in the right sub-column are the relative user interface indexes.
Delay Indicates the interval from the latest input until now, in seconds.
Type Indicates the user interface type.
IPaddress Displays the IP address form which the user logs in.
Username Display the login name of the user who is using this interface
Userlevel Display the level of the user using this user interface
■ Any view
3Com Switch 4200G Family display users ● 323
Command Reference
display users
Purpose Use the display users command to display the status and configuration
information about user terminal interfaces. Use the display users all command to
view the information on all user terminal interfaces.
Example To display the status and configuration information about user terminal interfaces.
<S4200G>
[S4200G] display users
UI Delay Type Ipaddress Username Userlevel
F 0 AUX 0 00:00:00 3
■ Any view
324 ● display version 3Com Switch 4200G Family
Command Reference
display version
Purpose Use the display version command to view the software version, issue date and the
basic hardware configuration information.
Parameters None
■ Any view
3Com Switch 4200G Family display vlan ● 325
Command Reference
display vlan
Purpose Use the display vlan command to display the ports operating in the
manual/automatic mode in the current voice VLAN.
Example Display the ports included in the current voice VLAN, assuming that the current voice
VLAN is VLAN 6.
The output indicates that Ethernet1/0/5 and Ethernet1/0/6 ports are in the current
voice VLAN.
■ Any view
display vlan
Purpose Use the display vlan command to view related information about specified
VLANs or all VLANs.
Field Description
VLAN ID VLAN ID
VLAN Type VLAN type (dynamic or static)
Route interface Whether the routing function is enable for this VLAN
Description Description string
Name VLAN name
Tagged Ports The ports that tag packets
Untagged Ports The ports that do not tag packets
■ Any view
3Com Switch 4200G Family display vlan ● 327
Command Reference
■ VLAN ID
■ VLAN type (dynamic or static)
■ Whether the routing function is enabled (If yes, the primary IP address and mask
are displayed.)
■ VLAN description
■ Member ports
If no value or keyword is specified, this command displays the list of all the existing
VLANs. If the dynamic or static keyword is specified, this command displays the list of
the VLANs that are created dynamically or statically.
Purpose Use the display voice vlan oui command to display the currently supported
OUI addresses and the related information.
Parameters None
Examples Display the OUI addresses and the related information of the voice VLAN.
■ Any view
Purpose Use the display voice vlan status command to display voice VLAN-related
information, including voice VLAN operation mode, port mode (manual mode or
automatic mode), and so on.
Parameters None
CAUTION: The "Current voice vlan enable port mode" field lists the ports with the
voice VLAN function enabled. Note that a port listed in this field may not currently
operate in a voice VLAN.
■ Any view
domain
Purpose Use the domain command to create an ISP domain and enter its view, or enter the
view of an existing ISP domain, or configure the default ISP domain.
Default By default, a domain named system has been created in the system. The attributes of
system are all default values. There is one and only one default ISP domain.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain aabbcc.net
New Domain added.
[S4200G-isp-aabbcc.net]
■ System view
3Com Switch 4200G Family domain ● 331
Command Reference
Description After you execute the domain command, the system creates a new ISP domain if the
specified ISP domain does not exist. Once an ISP domain is created, it is in the active
state. You can manually configure the default domain only when it already exists.
ISP domain is a group of users belonging to the same ISP. Generally, for a username in
the userid@isp-name format, taking gw20010608@3Com163.net as an example, the
isp-name (that is, 3Com163.net) following the @ is the ISP domain name. When
3Com 4200G Series Ethernet Switches control user access, as for an ISP user whose
username is in userid@isp-name format, the system will take userid part as
username for identification and take isp-name part as domain name.
For a Switch, each supplicant belongs to an ISP domain. The system supports up to 16
ISP domains. If a user has not reported its ISP domain name, the system will put it into
the default domain.
When this command is used, if the specified ISP domain does not exist, the system
will create a new ISP domain. All the ISP domains are in the active state when they
are created.
dot1x
Purpose Use the dot1x command to enable 802.1x on the specified port or globally, (that is
on the current device).
Use the undo dot1x command to disable the 802.1x on the specified port or
globally.
Parameters interface interface-list Ethernet port list. You can specify multiple Ethernet
ports by providing this argument in the form:
interface-list = { interface-name
[ to interface- name] & < 1-10 >.
The interface-name argument is the port index of an
Ethernet port and can be specified in this form:
interface-name = { interface-type
interface-num }
interface-type specifies the type of a port
interface-num identifies the port number. Note
that the interface name after the keyword to must
have an interface-num that is greater than or equal to
that of the interface-name before to.
&<1-10> means that up to 10 port indexes/port index
lists can be provided,
Default By default, 802.1x is disabled on all the ports and globally on the device.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] dot1x interface GigabitEthernet 1/0/1
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] dot1x
■ System view
3Com Switch 4200G Family dot1x ● 333
Command Reference
Description When being executed in system view, the dot1x command enables 802.1x globally if
you do not provide the interface-list argument. And if you specify the interface-list
argument, the command enables 802.1x for the specified Ethernet ports. When
being executed in Ethernet port view, this command enables 802.1x for the current
Ethernet port only. In this case, the interface-list argument is not needed.
802.1x-related configurations take effect on a port only after 802.1x is enabled both
globally and on the port.
Configurations of 8021.x and the maximum number of MAX addresses that can be
learnt are mutually exclusive. This means that when 802.1x is enabled for a port, it
cannot also have the maximum number of MAX addresses to be learned configured
at the same time. And if you configure the maximum number of MAX addresses that
can be learnt for a port, 802.1x is unavailable to it.
dot1x authentication-method
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] dot1x authentication-method pap
■ System view
dot1x dhcp-launch
Parameters None
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] dot1x dhcp-launch
■ System view
dot1x guest-vlan
Purpose Use the dot1x guest-vlan command to enable the Guest VLAN function for
specified ports.
Use the undo dot1x guest-vlan command to disable the Guest VLAN function
for specified ports.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] dot1x port-method portbased
To enable the Guest VLAN function for all ports, enter the following:
■ System view
■ Ethernet Port view
3Com Switch 4200G Family dot1x guest-vlan ● 337
Command Reference
Description When being executed in system view, these two commands apply to all ports if you
do not provide the interface-list argument. If you provide this argument, these two
commands apply to the specified ports.
When being executed in Ethernet port view, these two commands apply to the
current port and the interface-list argument is not needed.
CAUTION:
The Guest VLAN function is available only when the switch operates in the port-based
authentication mode.
Supplicant systems that are not authenticated, fail to pass the authentication, or are
offline belong to Guest VLANs.
Before configuring the Guest VLAN function, make sure the VLAN to be specified as
the Guest VLAN already exists.
dot1x max-user
Purpose Use the dot1x max-user command to set the maximum number of systems an
Ethernet port can accommodate.
Use the undo dot1x max-user command to restore the default value.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] dot1x max-user 32 interface GigabitEthernet 1/0/1
■ System view
■ Ethernet Port view
Description When being executed in system view, these two commands apply to all Ethernet
ports of the switch if you do not provide the interface-list argument. And if you
3Com Switch 4200G Family dot1x max-user ● 339
Command Reference
specify the interface-list argument, these commands apply to the specified Ethernet
ports.
When being executed in Ethernet port view, these two commands apply to the
current Ethernet port only. In this case, the interface-list argument is not needed.
dot1x port-control
Purpose Use the dot1x port-control command to specify the access control method for
specified Ethernet ports.
Use the undo dot1x port-control command to revert to the default access control
method.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] dot1x port-control unauthorized-force interface
GigabitEthernet 1/0/1
■ System view
■ Ethernet Port view
Description When being executed in system view, these two commands apply to all Ethernet
ports of the switch if you do not provide the interface-list argument. And if
you specify the interface-list argument, these commands apply to the
specified Ethernet ports.
When being executed in Ethernet port view, these two commands apply to the
current Ethernet port only. In this case, the interface-list argument is not
needed.
dot1x port-method
Purpose Use the dot1x port-method command to specify the access control method for
specified Ethernet ports.
Use the undo dot1x port-method command to restore the default access control
base.
Default The default access control method is MAC address-based. That is, the macbased
keyword is specified by default.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] dot1x port-method portbased interface Ethernet 1/0/1
Description Note:
■ If you specify to authenticate supplicant systems by MAC addresses (that is, the
macbased keyword is specified), all supplicant systems connected to the specified
Ethernet ports are authenticated separately. And if an online user logs off, others
are not affected.
■ If you specify to authenticate supplicant systems by port numbers (that is, the
portbased keyword is specified), all supplicant systems connected to a specified
Ethernet port are able to access the network without being authenticated if a
supplicant system among them passes the authentication. And when the
supplicant system logs off, the network is inaccessible to all other supplicant
systems either.
■ When being executed in system view, these two commands apply to all Ethernet
ports of the switch if you do not provide the interface-list argument. And if you
specify the interface-list argument, these commands apply to the specified
Ethernet ports.
■ When being executed in Ethernet port view, these two commands apply to the
current Ethernet port only. In this case, the interface-list argument is not needed.
dot1x quiet-period
Purpose Use the dot1x quiet-period command to enable the quiet-period timer.
Parameters None
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] dot1x quiet-period
■ System view
Description When a supplicant system fails to pass the authentication, the authenticator system
(such as a S4200G Ethernet switch) will stay quiet for a period (determined by the
quiet-period timer) before it performs another authentication. During the quiet
period, the authenticator system performs no 802.1x authentication.
dot1x retry
Purpose Use the dot1x retry command to specify the maximum number of times a switch
can transmit the authentication request frame to supplicant systems.
Example To specify the maximum number of times that the switch will re-send authentication
request packets to be 9, enter the following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] dot1x retry 9
■ System view
Description After the Switch has transmitted an authentication request frame to the user for the
first time, if no user response is received during the specified time-range, the Switch
will re-transmit authentication request to the user. This command is used to specify
how many times the Switch can re-transmit the authentication request frame to the
supplicant. When the time is 1, the Switch is configured to transmit the
authentication request frame only once. 2 indicates that the Switch is configured to
transmit authentication request frame once again when no response is received for
the first time and so on. This command has an effect on all the ports after
configuration.
dot1x retry-version-max
Purpose Use the dot1x retry-version-max command to set the maximum number of
retries for a switch to send version request packets to an online supplicant system.
Example To configure the maximum number of times that the switch will re-send version
request packets to be 6, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] dot1x retry-version-max 6
■ System view
Description Having sent a version request packet to the supplicant system, the switch will re-send
the packet if within a preset period (as determined by the client version timer) it still
has not received any response from the supplicant system. When the number set by
this command has reached and there is still no response from the supplicant system,
the switch will continue its following authentication without sending further version
requests. This command applies to all ports.
dot1x timer
Purpose Use the dot1x timer command to set the 802.1x timers.
Use the undo dot1x timer command to restore the default values.
Parameters handshake-period Handshake period timer, triggered when the user has
successfully passed the authentication. It sets the time
interval for the switch to re-send handshake request
packets to check whether the user is still online. If after
N times (as specified by the dot1x retry command) of
retries, the switch still has not received any response
packet from the supplicant system, it will assume that
the user is offline.
handshake-period-value Specifies the value of the handshake timer, in seconds.
This value can range from 1 to 1024 with a default
value of 15.
quiet-period Specifies the quiet timer. If an 802.1x user has not
passed the authentication, the Authenticator will keep
quiet for a while (which is specified by quiet-period
timer) before launching the authentication again.
During the quiet period, the Authenticator does not do
anything related to 802.1x authentication.
quiet-period-value Specifies how long the quiet period is. Valid values are
10 to 120 seconds. If not specified, the default is 60
seconds.
server-timeout Specifies the timeout timer of an Authentication
Server. If an Authentication Server has not responded
before the specified period expires, the Authenticator
will re-send the authentication request.
server-timeout-value Specifies how long the duration of a timeout timer of
an Authentication Server is. Valid values are 100 to
300 seconds. If not specified, the default is 100
seconds.
supp-timeout Specifies the authentication timeout timer of a
Supplicant. After the Authenticator sends
Request/Challenge request packet which requests the
MD5 encrypted text, the supp-timeout timer of the
Authenticator begins to run. If the Supplicant does not
respond back successfully within the time range set by
348 ● dot1x timer 3Com Switch 4200G Family
Command Reference
Example To set the Authentication Server timeout timer to 150s, enter the following:
<SW4200G> system-view
System View: return to User View with Ctrl+Z.
[SW4200G]dot1x timer server-timeout 150.
■ System view
Description During an 802.1x authentication process, multiple timers are triggered to ensure that
the supplicant systems, the authenticator systems, and the Authenticator servers
interact with each other in an arranged way. To make authentications being
processed in a desired way, you can use the dot1x timer command to set values for
these timers as needed. This may be necessary in certain situations or for some tough
network environments. Normally, the defaults are recommended. (Note that some
timers cannot be adjusted.)
dot1x version-check
Purpose Use the dot1x version-check command to enable 802.1x client version
checking for specified Ethernet ports.
Use the undo dot1x version-check command to disable 802.1x client version
checking for specified Ethernet ports.
Parameters interface-list Specifies the Ethernet port list. You can specify
multiple ports by providing this argument in the form:
interface-list = { interface-name
[ to interface-name] & < 1-10 >.
The interface-name is the port index of a port and
can be specified in this form:
interface-name = { interface-type
interface-num }
■ interface-type specifies the type of a port
■ interface-num identifies the port number.
Note that the interface name after the keyword to
must have an interface-num that is greater than or
equal to that of the interface-name before to.
■ &<1-10>means that up to 10 port indexes/port
index lists can be provided.
Default By default, 802.1x client version checking is disabled on all Ethernet ports.
Example To configure GigabitEthernet1/0/1 port to check the version of the 802.1x client upon
receiving authentication packets, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] dot1x version-check
■ System view
■ Ethernet Port view
350 ● dot1x version-check 3Com Switch 4200G Family
Command Reference
Description In system view, execution of the dot1x version-check command enables the client
version checking function for specified ports if the interface-list argument is specified,
otherwise it enables the function globally. In Ethernet port view, only the current port
can have their client version checking function enabled by executing this command
and the interface-list argument is not needed.
3Com Switch 4200G Family duplex ● 351
Command Reference
duplex
Purpose Use the duplex command to set the port duplex attribute.
Use the undo duplex command to restore the default duplex mode (auto).
undo duplex
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1]duplex auto
Purpose Use the enable snmp trap updown command to enable the port to send LINK
UP and LINK DOWN Trap information.
Use the undo enable snmp trap command to disable the port to send LINK UP
and LINK DOWN Trap information.
Parameters None
Example Enable port GigabitEthernet1/0/1 to send LINK UP and LINK DOWN Trap information.
The community name public is used.
<S4200G> system-view
[S4200G] snmp-agent trap enable
[S4200G] snmp-agent target-host trap address udp-domain 10.1.1.1 params
securityname public
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] enable snmp trap updown
■ System view
Description The enable snmp trap and snmp-agent target-host commands are used
at the same time. You can use the snmp-agent target-host command to
specify the hosts receiving Trap information. To send Trap information, you must
configure at least one snmp-agent target-host command.
Purpose Use the end-station polling ip-address command to configure the IP address
requiring periodic testing.
Use the undo end-station polling ip-address command to delete the IP address
requiring periodic testing.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]end-station polling ip-address 202.38.160.244
■ System view
Description The switch can ping an IP address every one minute to test if it is reachable. Three
PING packets can be sent at most for every IP address in every testing with a time
interval of five seconds. If the switch cannot ping successfully the IP address after the
three PING packets, it assumes that the IP address is unreachable.
execute
Purpose Use the execute command to execute the specified batch file.
Example To execute the batch file “test.bat” in the directory of “flash:/”, enter the following:
<S4200G>sys
System View: return to User View with Ctrl+Z.
[S4200G]execute test.bat
■ System view
Description The batch command executes the command lines in the batch file one by one. There
should be no invisible character in the batch file. If invisible characters are found, the
batch command will quit the current execution. The forms and contents of the
commands are not restricted in the batch file.
3Com Switch 4200G Family exit ● 355
Command Reference
exit
Purpose Use the exit command to terminate the connection to the remote SFTP server and
return to system view.
This command has the same function as the bye and quit commands.
Syntax exit
Parameters None
sftp-client> exit
[S4200G]
file prompt
Purpose Use the file prompt command to modify the prompt mode of file operations on the
Switch.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] file prompt quiet
■ System view
Description If the prompt mode is set as quiet, so no prompts are shown for file operations,
some non-recoverable operations may lead to system damage.
3Com Switch 4200G Family flow-control ● 357
Command Reference
flow-control
Purpose Use the flow-control command to enable port flow control, to avoid packet loss in
the event of network congestion.
Use the undo flow-control command to disable flow control on the port.
Syntax flow-control
undo flow-control
Parameters None
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1]flow-control
format
■ User view
Description CAUTION:
■ Formatting a storage device causes all the files on the storage device to get lost.
The operation is irretrievable.
■ The format operation on the Flash leads to the loss of the configuration files.
3Com Switch 4200G Family free user-interface ● 359
Command Reference
free user-interface
Purpose Use the free user-interface command to reset a specified user interface to its
default settings. The user interface will be disconnected after the reset.
Use free user-interface type to reset the interface with the specified type and
type number to its default settings.
Use free user-interface number to reset the interface with the specified index
number to its default settings.
After you execute this command, user interface 1 will be disconnected. The user in it
must log in again to connect to the switch.
■ User view
Description Note that the current user interface can not be cleared.
360 ● free web-users 3Com Switch 4200G Family
Command Reference
free web-users
Purpose Use the free web-users command to disconnect a specified Web user or all Web
users by force.
■ User view
3Com Switch 4200G Family ftp ● 361
Command Reference
ftp
Purpose Use the ftp command to establish a control connection with an FTP server and enter
FTP client view.
Parameters ipaddress Host name or the IP address of an FTP server. The host
name can be a string comprising 1 to 20 characters.
port-number Port number of the FTP server, ranging from 0 to
65535. The default is 21.
■ User view
362 ● ftp cluster 3Com Switch 4200G Family
Command Reference
ftp cluster
Purpose Use the ftp cluster command to establish a control connection with a cluster FTP
server. This command also leads you to FTP client view.
Parameters None
■ User view
3Com Switch 4200G Family ftp server ● 363
Command Reference
ftp server
Purpose Use the ftp server command to configure an FTP server on the management device
for the member devices in the cluster.
Use the undo ftp server command to remove the FTP server configured for the
member devices in the cluster.
<aaa_0.S4200G>system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G]cluster
[aaa_0.S4200G-cluster] ftp-server 1.0.0.9
■ System view
Description You need to configure the IP address of an FTP server first for the member
devices in a cluster to access the FTP server through the management device.
364 ● ftp server enable 3Com Switch 4200G Family
Command Reference
Purpose Use the ftp server enable command to enable FTP server and allow FTP users to
log in.
Use the undo ftp server command to disable FTP server and inhibit FTP users
from logging in.
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ftp server enable
% Start FTP server
■ System view
3Com Switch 4200G Family ftp timeout ● 365
Command Reference
ftp timeout
Purpose Use the ftp timeout command to configure connection timeout interval.
Use the undo ftp timeout command to restore the default connection timeout
interval.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ftp timeout 36
■ System view
Description An FTP server considers an FTP connection to be invalid and terminates the FTP
connection if no data exchange occurs between it and the FTP client for a specific
period of time known as connection idle time.
366 ● garp timer 3Com Switch 4200G Family
Command Reference
garp timer
Purpose Use the garp timer command to set the GARP Hold, Join or Leaver timer value on
the current port.
Use the undo garp timer command to restore the default value of the GARP
Hold, Join or Leaver timer on the current port.
Parameters hold GARP Hold timer. When a GARP entity receives a piece
of registration information, it does not send out the
Join message immediately. Instead, it starts the Hold
timer, and sends out a Join message after the timer
times out, so that all the registration information
received before the timer times out can be put into the
same frame that will be sent to save the bandwidth
resources.
join To transmit the Join messages reliably to other entities,
a GARP entity sends each Join message two times. The
Join timer is used to define the interval between the
two sending operations of each Join message.
leave GARP Leave timer. When a GARP entity expects to
unregister a piece of attribute information, it sends out
a Leave message. Any GARP entity receives this
message starts its Leave timer, and unregister the
attribute information after the timer times out if it
does not receives a Join message again before the
timeout.
timer-value Value of the specified GARP timer (Hold, Join or Leave)
in centiseconds, with a step size of five.
If no values are specified, the default values are 10, 20,
and 60 for Hold, Join and Leave timers respectively.
Example Set the timeout time of the GARP Join timer on the port GigabitEthernet1/0/1 to 20
centiseconds.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] garp timer join 20
Description The ranges of the timers vary depending on the values of other timers. You can set a
timer to a value out of the current range by set the associated timer to another value.
Purpose Use the garp timer leaveall command to set the GARP LeaveAll timer to a
specified value.
Use the undo garp timer leaveall command to restore the default value of
the GARP LeaveAll timer.
Example Set the value of the GARP LeaveAll timer to 100 centiseconds.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] garp timer leaveall 100
■ System view
Description Once a GARP entity starts up, it starts the LeaveAll timer, and sends out a LeaveALL
message after the timer times out, so that other GARP entities can re-register all the
attribute information on this entity. After that, the entity restarts the LeaveAll timer to
begin a new cycle.
get
Purpose Use the get command to download a remote file and save the file to the local device.
Parameters localfile Name assigned to the file to be saved at the local end.
remotefile Name of the source file on the remote SFTP server.
Description If no local file name is specified, the switch will save the remote file locally with the
same file name as that on the remote FTP server
370 ● get 3Com Switch 4200G Family
Command Reference
get
Purpose Use the get command to download a remote file and save it as a local file.
Description If you do not specify the localfile argument, the downloaded file is saved using its
original name.
3Com Switch 4200G Family gratuitous-arp learning enable ● 371
Command Reference
Parameters None
Example To enable the gratuitous ARP packet learning function on the switch named
S4200GA, enter the following:
<S4200GA> system-view
System View: return to User View with Ctrl+Z.
[S4200GA] gratuitous-arp-learning enable
■ System view
Description When the gratuitous ARP packet learning function is enabled on a switch and the
switch receives a gratuitous ARP packet, the switch updates the corresponding ARP
entry (if available in the cache of the switch) using the hardware address of the sender
carried in the gratuitous ARP packet. A switch operates like this whenever it receives a
gratuitous ARP packet.
372 ● gvrp 3Com Switch 4200G Family
Command Reference
gvrp
Purpose Use the gvrp command to enable GVRP globally (in system view) or on a port (in
Ethernet port view).
Use the undo gvrp command to disable GVRP globally (in system view) or on a port
(in Ethernet port view).
Syntax gvrp
undo gvrp
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] gvrp
■ System view
■ Ethernet Port view
Description Note:
■ Before enabling GVRP on a port, you must first enable GVRP globally.
■ If GVRP is disabled globally, it is also disabled on ports and you are not allowed to
enable it on any port.
■ You can enable/disable GVRP only on Trunk port.
■ After enabling GVRP on the Trunk port, you are not allowed to change the port to
a different type.
gvrp registration
Purpose Use the gvrp registration command to configure the GVRP registration type on
a port.
Use the undo gvrp registration command to restore the default GVRP
registration type on a port.
Example Configure the GVRP registration type on the port Ethernet1/0/1 to fixed.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface Ethernet1/0/1
[S4200G-Ethernet1/0/1] gvrp registration fixed
habp enable
Purpose Use the habp enable command to enable HABP for a switch.
Use the undo habp enable command to disable HABP for a switch.
Parameters None
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] habp enable
■ System view
Description If an 802.1x-enabled switch does not have HABP enabled, it cannot manage the
switches attached to it.
3Com Switch 4200G Family habp server vlan ● 375
Command Reference
Purpose Use the habp server vlan command to configure a switch to operate as an
HABP server and HABP packets to be broadcast in specified VLAN.
Use the undo habp server vlan command to revert to the default HABP mode.
Example To specify the switch to operate as an HABP server and the HABP packets to be
broadcast in VLAN 2, enter the following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] habp server vlan 2
■ System view
Description To specify a switch to operate as an HABP server, you need to enable HABP (using the
habp enable command) for the switch first. Even if HABP is not enabled, the client
can still configure the switch to work as an HABP client, although this has no effect.
376 ● habp timer 3Com Switch 4200G Family
Command Reference
habp timer
Purpose Use the habp timer command to set the interval for a switch to send HABP request
packets.
Use the undo habp timer command to revert to the default interval.
Example To configure the switch to send HABP request packets once in every 50 seconds
(assuming that the switch operates as an HABP server), enter the following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] habp timer 50
■ System view
Description Use these two commands on switches operating as HABP servers only.
3Com Switch 4200G Family header ● 377
Command Reference
header
Purpose Use the header command to set the banners that are displayed when a user logs
into a switch. The login banner is displayed on the terminal when the connection is
established. And the session banner is displayed on the terminal if a user successfully
logs in.
Use the undo header command to disable displaying a specific banner or all
banners.
Parameters login Sets the login banner. The banner set by this keyword
is valid only when users are authenticated before they
log into the switch and appears while the switch
prompts for user name and password.
shell Sets the session banner, which appears after a session
is established. If you specify to authenticate login
users, the banner appears after a user passes the
authentication.
Also sets the login banner for users that log in through
modems. If you specify to authenticate login users, the
banner appears after a user passes the authentication.
(The session does not appear in this case.)
text Banner to be displayed. If no keyword is specified, this
argument is the login banner. You can provide this
argument in two ways. One is to enter the banner in
the same line as the command (A command line can
accept up to 256 characters.) The other is to enter the
banner in multiple lines (you can start a new line by
pressing <Enter>,) where you can enter a banner that
can contain more than 256 characters. Note that the
CLI expects a character the same as the first character
of the banner as the end of the banner. After finishing
entering the banner, you can press <Enter> to exit the
interaction.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] header shell %SHELL: Hello! Welcome%(Make sure the beginning
and end characters of the banner are the same.)
When you log in again, the session banner appears on the terminal as the following:
378 ● header 3Com Switch 4200G Family
Command Reference
[S4200G] quit
<S4200G> quit
Please press ENTER
SHELL: Hello! Welcome(The beginning and end characters of the banner
are not displayed.)
<Quidway>
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] header shell %SHELL: (Following appears when you press
<Enter>:)
Input banner text, and quit with the character '%'.
Continue entering the banner and end the banner with the character identical with
the beginning character of the banner.
When you log in again, the session banner appears on the terminal as the following:
[S4200G] quit
<S4200G> quit
Please press ENTER
%SHELL: (Note that the beginning character of the banner appears.)
Hello! Welcome
<S4200G>purpose_body
■ System view
Description Note:
If you specify any one of the three keywords without providing the text argument,
the specified keyword will be regarded as the login banner.
help
Purpose Use the help command to get the help information about the specified or all SFTP
client commands.
Description If the command argument is not specified, the help information about all commands
is displayed.
380 ● history-command max-size 3Com Switch 4200G Family
Command Reference
history-command max-size
Purpose Use the history-command max-size command to set the size of the history
command buffer.
Parameters value Size of the history command buffer. Valid values for
this argument range from 0 to 256.
If no value is specified, the default to 10. That is, the
history command buffer can store 10 commands by
default.
Example Set the size of the history command buffer to 20 to enable it to store up to 20
commands.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] user-interface aux0
[S4200G-ui-aux0] history-command max-size 20
holdtime
Use the undo holdtime command to restore the default holdtime value.
undo holdtime
<aaa_0.S4200G>system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G]cluster
[aaa_0.S4200G-cluster] holdtime 30
■ Cluster view
Description If a switch does not receive any information of a peer device during the holdtime, it
sets the state of the peer device to "down". When the communication between the
two resumes, the corresponding member device is re-added to the cluster
(automatically). If the downtime does not exceed the holdtime, the member device
stays in the normal state and needs not to be added again.
Execute these two commands on management devices only. The member devices in a
cluster acquire the holdtime setting from the management device.
382 ● idle-cut 3Com Switch 4200G Family
Command Reference
idle-cut
Purpose Use the idle-cut command to set the user idle-cut function in current ISP domain.
Example To allow users in ISP domain aabbcc.net to enable the idle-cut attribute in user
template (that is, allow the user to use the idle-cut function), with the maximum idle
time of 50 minutes and the minimum data flow of 500 bytes, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain aabbcc.net
New Domain added.
[S4200G-isp-aabbcc.net] idle-cut enable 50 500
Description The user template is a set of default user attributes. If a user requesting for the
network service does not have some required attributes, the corresponding attributes
in the template will be endeavored to him as default ones. The user template of the
Switch you are using may only provide user idle-cut settings. After a user is
authenticated, if the idle-cut is configured to enable or disable by neither the user nor
the RADIUS server, the user will adopt the idle-cut state in the template.
Because a user template only works in one ISP domain, it is necessary to configure
user template attributes for users from different ISP domain respectively.
idle-timeout
Purpose Use the idle-timeout command to configure the amount of time you want to allow
a user interface to remain idle before it is disconnected.
Use the undo idle-timeout command to revert to the default timeout time.
undo idle-timeout
Example To configure the timeout value to 1 minute on the AUX user interface, enter the
following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]user-interface aux 0
[S4200G-ui-aux0]idle-timeout 1 0
You can use the idle-timeout 0 command to disable the timeout function.
384 ● igmp host-join vlan 3Com Switch 4200G Family
Command Reference
Purpose Use the igmp host-join vlan command to configure a routing port to join to a
multicast group.
Use the undo igmp host-join vlan command to remove the configuration.
Default By default, a switch port does not belong to any multicast group.
Example Configure GigabitEthernet 1/0/1 port to join to the multicast group 225.0.0.1.
<S4200G> system-view
[S4200G] interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1] port access vlan 10
[S4200G-GigabitEthernet1/0/1] igmp host-join 225.0.0.1 vlan 10
Description Use this command to configure a routing port to join or remove from a multicast
group.
igmp-snooping
Purpose Use the igmp-snooping command to enable or disable the IGMP Snooping.
<4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] igmp-snooping enable
■ System view
■ VLAN view
386 ● igmp-snooping fast-leave 3Com Switch 4200G Family
Command Reference
igmp-snooping fast-leave
Purpose Use the igmp-snooping fast-leave command to enable IGMP fast leave
processing.
Parameters None
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1] igmp-snooping fast-leave
Description Normally, when receiving an IGMP Leave message, IGMP Snooping does not
immediately remove the port from the multicast group, but sends a group-specific
query message. If no response is received in a given period, it then removes the port
from the multicast group.
If this command is executed, when receiving an IGMP Leave message, IGMP Snooping
removes the port from the multicast group immediately. When the port has only one
user, enabling IGMP fast leave processing can save bandwidth.
Note: If the client(s) under the port are IGMP V2–enabled, this feature operates
normally (that is, it functions only when the port has only one user). Otherwise, when
the port has multiple users, the leave of one user may disrupt the multicast to every
other user under the port in the same multicast group.
3Com Switch 4200G Family igmp-snooping group-limit ● 387
Command Reference
igmp-snooping group-limit
Purpose Use the igmp-snooping group-limit command to set the maximum number
of multicast groups the port can join.
Default By default, there is no limit on the number of multicast groups the port can join.
Example Allow the GigabitEthernet1/0/1 port to join at most 200 multicast groups.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1] igmp-snooping group-limit 200
igmp-snooping group-policy
Example Configure ACL 2000 to allow users under port Ethernet 1/0/1 to access the multicast
streams in groups 225.0.0.0 to 225.255.255.255.
Configure ACL 2001 to allow users under GigabitEthernet 1/0/2 port to access the
multicast streams in any groups except groups 225.0.0.0 to 225.0.0.255.
■ System view
■ Ethernet Port view
Description You can configure some multicast filter ACLs globally or on the switch ports
connected to user ends so as to use the IGMP Snooping filter function to limit the
multicast programs that the users can access. With this function, you can treat
different VoD users in different ways by allowing them to access the multicast streams
in different multicast groups.
An ACL rule defines a multicast address or a multicast address range (for example
224.0.0.1 to 239.255.255.255) and is used to:
■ Allow the port(s) to join only the multicast group(s) defined in the rule by a permit
statement.
■ Inhibit the port(s) from joining the multicast group(s) defined in the rule by a deny
statement.
■ One port can belong to multiple VLANs. But for each VLAN on the port, you can
configure only one ACL.
■ If no ACL rule is configured or the port does not belong to the specified VLAN, the
filter ACL you configured does not take effect on the port.
■ Since most devices broadcast unknown multicast packets, this function is often
used together with the unknown multicast packet drop function to prevent
multicast streams from being broadcasted to a filtered port as unknown multicast.
390 ● igmp-snooping host-aging-time 3Com Switch 4200G Family
Command Reference
igmp-snooping host-aging-time
Purpose Use the igmp-snooping host-aging-time command to set the aging time of
multicast member ports.
Parameters seconds Aging time of multicast member ports. Valid values are
200 to 1000 (in seconds).
Default By default, the aging time of multicast member ports is 260 seconds.
Example Set the aging time of multicast member ports to 300 seconds.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] igmp-snooping host-aging-time 300
■ System view
Description The aging time of multicast member ports determines the refresh frequency of
multicast group members. In an environment where multicast group members
change frequently, you should set a relatively short aging time, and vice versa.
igmp-snooping max-response-time
Example Set the maximum response time to an IGMP Snooping query message to 15 seconds.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] igmp-snooping max-response-time 15
■ System view
Description The maximum response time you configured determines how long the switch can
wait for a response to an IGMP Snooping query message.
igmp-snooping router-aging-time
Parameters seconds Aging time of the router port. Valid values are 1 to
1000 (in seconds).
Default By default, the aging time of the router port is 260 seconds.
Example Set the aging time of the router port to 500 seconds.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] igmp-snooping router-aging-time 500
■ System view
Description The router port here refers to the port connecting the Layer 2 switch to the router.
The Layer 2 switch receives IGMP general query messages from the router through
this port. The aging time of the router port should be a value about 2.5 times of the
general query interval.
Purpose Use the info-center channel name command to name the channel of the specified
number.
<S4200G> system-view
[S4200G] info-center channel 0 name execconsole
■ System view
Default By default, the switch does not output log information to the console.
<S4200G> system-view
[S4200G] info-center console channel 0
■ System view
Description This command works only when the information center is enabled for the system.
info-center enable
Purpose Use the info-center enable command to enable the information center.
Use the undo info-center enable command to disable the information center.
Parameters None
<S4200G> system-view
[S4200G] info-center enable
■ System view
Description The switch can output system log information to the log host, the console, and
other destinations only when the information center is enabled.
info-center logbuffer
Purpose Use the info-center logbuffer command to enable information output to the
log buffer through the specified channel (you can also set the size of the log buffer in
this command).
Default By default, the switch outputs information to the log buffer, which holds 512 records
by default.
Example Configure the switch to output information to the log buffer with the size of 50.
<S4200G> system-view
[S4200G] info-center logbuffer size 50
■ System view
Description This command takes effect only after system logging is enabled.
Purpose Use the info-center monitor channel command to enable information output to
terminals through a specified channel.
<S4200G> system-view
[S4200G] info-center monitor channel 0
■ System view
Description This command works only when the information center is enabled for the system
Purpose Use the info-center snmp channel command to enable information output to the
SNMP through a specified channel.
Use undo info-center snmp channel command to restore the default SNMP
channel, that is, channel 5.
<S4200G> system-view
[S4200G] info-center snmp channel 6
■ System view
info-center source
Purpose Use the info-center source command to add a record (that is, an information
source) to an information channel.
Use the undo info-center source command to delete an information source from
an information channel.
Note: If you only specify the level for one or two of the three types of information,
the level(s) of the unspecified type(s) return to the default. For example, if you only
define the level of the log information, then the levels of the trap and debugging
information return to the defaults.
You may specify any of the following severity levels:
emergencies
Level 1 information, which cannot be used by the
system.
alerts
Level 2 information, to be reacted immediately.
critical
Level 3 information, critical information.
errors
Level 4 information, error information.
warnings
level 5 information, warning information.
notifications
400 ● info-center source 3Com Switch 4200G Family
Command Reference
Example Configure to output the log information of the VLAN module on the snmp channel,
and only output the log information above the "emergencies" severity.
<S4200G> system-view
[S4200G] info-center source vlan channel snmpagent log level
emergencies
■ System view
Description This command can be used for filtering of log, trap, or debug information. For
example, it can control log output from the IP module to any direction. You can
configure IP module log information above the "warning" severity to be output to
the log host, and those above the "informational" severity output to the log buffer.
You can also configure IP module trap information to be output to a specific trap
host.
402 ● info-center source 3Com Switch 4200G Family
Command Reference
In addition, you can use this command to specify the filtering channel for each output
direction. Information is sent to the proper direction after being filtered through the
specified channel. Therefore, in this command, you can set the channel to be used for
an output direction and the filter of the channel for information filtering and
redirection.
Each information channel is configured with a default record, whose module name is
"all" and module number is 0xffff0000. In the record, the default settings for log,
trap and debug information may differ with channels. If no record is configured for a
channel, this default record is adopted.
3Com Switch 4200G Family info-center synchronous ● 403
Command Reference
info-center synchronous
Parameters None
<S4200G> system-view
[S4200G]info-center synchronous
Current IC terminal output sync is on
■ System view
While enabled, the synchronous information output function allows the system to
display command line prompts and users’ input so far after each system output,
helping users continue with their input.
Note:
■ Use the info-center synchronous command to prevent users’ input from
being interrupted by system output and to realize synchronous information
output.
■ It is recommended that you disable this function during debugging, as the
info-center synchronous command produces unnecessary output by
displaying command line prompts after each piece of debugging information.
404 ● info-center timestamp 3Com Switch 4200G Family
Command Reference
info-center timestamp
Purpose Use the info-center timestamp command to set the format of time stamp
included in the log/trap/debug information or specify not to include time stamp in the
information.
Use the undo info-center timestamp command to restore the default time stamp
format.
Default By default, the date time stamp is adopted for all types of information.
<S4200G> system-view
[S4200G] info-center timestamp debugging boot
■ System view
3Com Switch 4200G Family info-center trapbuffer ● 405
Command Reference
info-center trapbuffer
Purpose Use the info-center trapbuffer command to enable information output to the
trap buffer.
Example Enable the switch to send information to the trap buffer, whose size is set to 30.
<S4200G> system-view
[S4200G] info-center trapbuffer size 30
■ System view
Description This command takes effect only after system logging is enabled.
instance
Purpose Use the instance command to map specified VLANs to a specified spanning tree
instance.
Use the undo instance command to remove the mappings from specified VLANs
to a specified spanning tree instance.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp region-configuration
[S4200G-mst-region] instance 1 vlan 2
Description VLAN-to-spanning tree instance mappings are recorded in the VLAN mapping table of
an MSTP switch. So these two commands are actually used to manipulate the VLAN
mapping table. You can add/remove a VLAN to/from the VLAN mapping table of a
specific spanning tree instance by using these two commands.
Note that a VLAN cannot be mapped to multiple spanning tree instances at the same
time. A VLAN-to-spanning tree instance mapping is automatically removed if you map
the VLAN to another spanning tree instance.
3Com Switch 4200G Family instance ● 407
Command Reference
interface
Purpose Use the command interface command to enter Ethernet port view. To configure
parameters for a port, you must enter the port view first.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface GigabitEthernet1/0/1
■ System view
3Com Switch 4200G Family interface VLAN-interface ● 409
Command Reference
interface VLAN-interface
Example Create VLAN 10 and configure it to be the management VLAN. Enter VLAN 10
interface view.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan 10
[S4200G-vlan10] quit
[S4200G] management-vlan 10
[S4200G] interface vlan-interface 10
[S4200G-Vlan-interface10]
■ System view
Description Before creating a management VLAN interface, make sure the VLAN identified by the
vlan-id argument is created and is configured to be the management VLAN.
Note:
ip address
Purpose Use the ip address command to assign an IP address (and mask) to a management
VLAN interface.
Example Assign an IP address (and the mask) to the management VLAN interface. (Assume
that VLAN 1 is the management VLAN.)
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface vlan-interface 1
[S4200G-Vlan-interface1] ip address 1.1.1.1 255.0.0.0
Description Usually, only one IP address is required for each interface. If you want to connect the
interface to several subnets, you can configure an IP addresses for each subnet.
Before you can cancel the primary IP address of an interface, you must cancel any
secondary IP addresses.
The subnet address of an IP address can be identified by subnet mask. For instance,
the IP address of an interface is 202.38.10.102, and the mask is 255.255.0.0. You can
confirm that the subnet address is 202.38.0.0 by performing the logic operation
“AND” on the IP address and mask.
Note: The VLAN interface cannot be configured with the secondary IP address if its IP
address is set to be allocated by BOOTP or DHCP.
ip address bootp-alloc
Purpose Use the ip address bootp-alloc command to configure VLAN interface to obtain IP
address using BOOTP.
Parameters None
Default By default, the VLAN interface does not use BOOTP to obtain an IP address.
Example Configure the management VLAN interface to obtain an IP address through BOOTP.
(Assume that VLAN 1 is the management VLAN.):
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface vlan-interface 1
[S4200G-Vlan-interface1] ip address bootp-alloc
ip address dhcp-alloc
Parameters None
Default By default, the VLAN interface does not use DHCP to obtain an IP address.
Example Configure the management VLAN interface to obtain an IP address through DHCP.
(Assume that VLAN 1 is the management VLAN.)
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface vlan-interface 1
[S4200G-Vlan-interface1] ip address dhcp-alloc
ip host
Purpose Use the ip host command to configure a host name and the corresponding IP
address for a switch.
Use the undo ip host command to remove the host name and the corresponding IP
address of a switch.
Example Configure the host name and the corresponding IP address of a switch to be
Lanswitch2 and 10.110.0.2
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ip host Lanswitch2 10.110.0.2
■ System view
ip http acl
Purpose Use the ip http acl command to apply an ACL to filter Web users.
Use the undo ip http acl command to disable the switch from filtering Web users
using the ACL.
Parameters acl-number Specifies a basic ACL. Valid values are a number from
2000 to 2999.
Example Apply ACL 2000 to filter Web users (assuming that ACL 2,000 already exists.)
<S4200G> system-view
[S4200G] ip http acl 2000
■ System view
■ User Interface view
3Com Switch 4200G Family ip-pool ● 415
Command Reference
ip-pool
Purpose Use the ip-pool command to configure a private IP address range for cluster
members on the switch to be set as the management device.
Use the undo ip-pool command to cancel the IP address configurations of the
cluster.
undo ip-pool
Parameters administrator-ip-
address IP address of the management device of a cluster.
ip-mask Mask of the cluster IP address pool.
ip-mask-length Mask length of the cluster IP address pool.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]cluster
[S4200G-cluster] ip-pool 10.200.0.1 20
■ Cluster view
Description Before setting up a cluster, the user should configure a private IP address pool for
cluster member devices. When a candidate device is added, the management device
will dynamically assign a private IP address, which can be used for communication
inside the cluster. In this way, the user can use the management device to manage
and maintain the member devices.
ip route-static
Default By default, the system can obtain the routes to the subnets directly connected to a
router.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ip route-static 0.0.0.0 0.0.0.0 129.102.0.2
■ System view
Description If you do not specify the preference when configuring a static route, the value
specified by the ip route-static default-preference command (which defaults to 60) is
adopted. Note that routes with the same destinations, the same next hops, but
different preferences are different routes. Among these routes, the one with least
preference (which means the highest preference) is chosen to be the current route. A
route configured using the ip route-static command is a reachable route if neither of
the reject and blackhole keywords is specified.
■ The next hop address of a static route cannot be the VLAN interface address of the
local switch.
■ A static route with both its destination IP address and mask both being 0.0.0.0 is
the default route. When no matched entry is found in the routing table, a received
packet is forwarded according to the default route.
ip route-static
Purpose Use the ip route-static command to configure a static route, whose validity
depends on detecting results as follows: valid when the detecting result is reachable
or invalid when the detecting result is unreachable.
Use the undo ip route-static command to remove the configured static route.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ip route-static 0.0.0.0 0.0.0.0 129.102.0.2
3Com Switch 4200G Family ip route-static ● 419
Command Reference
■ System view
420 ● jumboframe enable 3Com Switch 4200G Family
Command Reference
jumboframe enable
Purpose Use this command to allow jumbo frames to pass through the Ethernet port.
Description Use the jumboframe enable command to allow jumbo frames to pass through the
current Ethernet port. The maximum frame size supported is 9216 bytes.
Use the undo jumboframe enable command to inhibit jumbo frames from passing
through the current Ethernet port.
3Com Switch 4200G Family key ● 421
Command Reference
key
Purpose Use the key command to specify a shared key for the RADIUS
authentication/authorization packets or accounting packets.
Use the undo key command to restore the corresponding default shared key.
Parameters accounting Specifies the shared key for the RADIUS accounting
packets.
authentication Specifies a shared the encryption key for RADIUS
authentication/authorization packet.
string Specifies the key with a character string not exceeding
16 characters.
If not specified, the default key is “3Com”.
Example To set the shared key for the RADIUS accounting packets in RADIUS scheme radius1
to ok.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] key authentication hello
To set the shared key for the RADIUS accounting packets in RADIUS scheme radius1
to ok.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] key accounting ok
Description The RADIUS client and server adopt MD5 algorithm to encrypt the RADIUS packets
exchanged with each other. The two parties verify the validity of the exchanged
packets by using the shared keys that have been set on them, and can accept and
respond to the packets sent from each other only if both of them have the same
shared keys. If the authentication/authorization server and the accounting server are
422 ● key 3Com Switch 4200G Family
Command Reference
two separate devices and the two servers have different shared keys, you must set the
shared keys for authentication/authorization packets and accounting packets
respectively on the switch.
lacp enable
Purpose Use the lacp enable command to enable the LACP protocol on the current port.
Use the undo lacp enable command to disable the LACP protocol on the current
port.
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] lacp enable
Description The Switch will select the lowest port number as the master port for the link
aggregation. This applies to all types of link aggregation. If the aggregation spans a
stack of units and the same ports are used, the unit number will be the tie-breaker.
For example, 1/0/1 and 2/0/1 are in an aggregation. Port 1/0/1 will be the master port.
424 ● lacp port-priority 3Com Switch 4200G Family
Command Reference
lacp port-priority
Purpose Use the lacp port priority command to configure port priority value.
Use the undo lacp port-priority command to restore the default port priority
value.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] lacp port-priority 64
lacp system-priority
Purpose Use the lacp system-priority command to configure system priority value.
Use the undo lacp system-priority command to restore the default system priority
value.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] lacp system-priority 64
■ System view
language-mode
Purpose Use the language-mode command to toggle between the language modes (that is,
language environments) of the command line interface (CLI) to meet your
requirement.
■ User view
3Com Switch 4200G Family lcd ● 427
Command Reference
lcd
Purpose Use the lcd command to display the local work directory on the FTP client.
Syntax lcd
Parameters None
[ftp] lcd
% Local directory now flash:/temp
level
Purpose Use the level command to set the priority level of the user.
Use the undo level command to restore the default priority level of the user.
undo level
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] local-user user1
New local user added.
[S4200G-luser-user1] level 3
Description The priority level of the user corresponds to the command level of the user. Refer to
the description of the command-privilege level command in the command
line interface module.
lIf the configured authentication method requires a user name and a password, the
command level that a user can access after login is determined by the priority level of
the user. For SSH users, when they use RSA shared keys for authentication, the
commands they can access are determined by the levels sets on the user interfaces.
Purpose Use the link-aggregation group description command to set a description for
an aggregation group.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] link-aggregation group 22 description abc
■ System view
Description If you have saved the current configuration with the save command, after system
reboot, the manual and static aggregation groups and their descriptions still exist, but
the dynamic aggregation groups and their descriptions disappear.
Purpose Use the link-aggregation group mode command to create a manual or static
aggregation group.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] link-aggregation group 22 mode manual
■ System view
Description The Switch will select the lowest port number as the master port for the link
aggregation. This applies to all types of link aggregation. If the aggregation spans a
stack of units and the same ports are used, the unit number will be the tie-breaker.
For example, 1/0/1 and 2/0/1 are in an aggregation. Port 1/0/1 will be the master port.
A manual or static aggregation group can have up to eight ports. You can use the
link-aggregation group agg-id mode command to change an existing dynamic
aggregation group into a manual or static one. If the port number in a group exceeds
eight, this operation fails and the system prompts you about the configuration failure.
local-server
Purpose Use the local-server command to configure the parameters of local RADIUS server.
Parameters nas-ip ip-address Specifies the IP address of the local RADIUS server.
ip-address is expressed in the format of dotted
decimal.
key password Specifies the shared key of the local RADIUS server.
password is a character string up to 16 characters in
length.
Default By default, a local RADIUS authentication server has already been created with the
NAS-IP and key set to 127.0.0.1 and 3Com respectively.
Example To create a local RADIUS authentication server with an IP address of 10.110.1.2 and a
shared key of aabbcc, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] local-server nas-ip 10.110.1.2 key aabbcc
■ System view
Description Note:
■ The switch not only supports the traditional RADIUS client service to accomplish
user AAA management through foreign authentication/authorization server and
accounting server, but also provides a simple local RADIUS server function for
authentication and authorization. This function is called local RADIUS
authentication server function.
■ When you use the local RADIUS authentication server function, the UDP port
number for the authentication/authorization service must be 1645, the UDP port
number for the accounting service is 1646.
■ The packet encryption key set by the local-server command with the key
password parameter must be identical with the authentication/authorization
packet encryption key set by the key command in RADIUS scheme view.
■ The switch supports at most 16 local RADIUS authentication servers (including the
default local RADIUS authentication server).
432 ● local-server 3Com Switch 4200G Family
Command Reference
local-user
Purpose Use the local-user command to add a local user and enter local user view.
Use the undo local-user command to delete the specified local users.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] local-user user1
New local user added.
[S4200G-luser-user1]
434 ● local-user 3Com Switch 4200G Family
Command Reference
■ System view
Parameters auto Adopts the forcible cipher mode so that the passwords
of all the access users must be displayed in cipher text.
cipher-force Adopts the automatic mode so that the passwords of
access users are displayed in the modes set with the
password command.
Default By default, the password display mode of all access users is auto.
Example To display all access user passwords in cipher text forcibly, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] local-user password-display-mode cipher-force
■ System view
Description When the cipher-force mode is adopted, all passwords will be displayed in cipher text
even through some users have specified to display their passwords in plain text by
using the password command with the simple keyword.
lock
Purpose Use the lock command to lock the current user interface and prevent unauthorized
users from accessing it.
Syntax lock
Parameters None
<S4200G>lock
Password: xxxx
Again: xxxx
■ User view
Description An authorized user must enter a valid password to access the interface.
3Com Switch 4200G Family logging-host ● 437
Command Reference
logging-host
Purpose Use the logging-host command to configure a public logging host on the
management device for member devices.
Use the undo logging-host command to cancel the logging host configuration.
undo logging-host
Example Configure the IP address of the logging host on the management device.
<aaa_0.S4200G>system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G]cluster
[aaa_0.S4200G-cluster] logging-host 10.10.10.9
■ Cluster view
Description Only after you assign an IP address for the logging host of the cluster, member
devices can send log information to the logging host through the management
device.
438 ● loopback-detection control enable 3Com Switch 4200G Family
Command Reference
Parameters None
Default By default, the loopback detection and control function is disabled for both the Trunk
and Hybrid ports.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] loopback-detection enable
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] loopback-detection enable
[S4200G-GigabitEthernet1/0/1] loopback-detection control enable
Description Note:
■ When the loopback port control function is enabled on the trunk or hybrid port
and loopback is found on the port, the system disables the port, sends a Trap
message to the client and removes the corresponding MAC forwarding entry.
■ When the loopback port control function is disabled, the system sends a Trap
message to the client if a loopback port is found. The port still operates normally.
CAUTION:
This command is invalid for the access port, since the loopback port control function
is always enabled on the access port.
3Com Switch 4200G Family loopback-detection enable ● 439
Command Reference
loopback-detection enable
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] loopback-detection enable
[S4200G] interface ethernet1/0/1
[S4200G-Ethernet1/0/1] loopback-detection enable
■ System view
■ Ethernet Port view
Description CAUTION:
■ Loopback detection for a port is enabled only when the loopback-detection
enable command is enabled under both system view and port view.
■ When the undo loopback-detection enable command is used under
system view, the loopback detection function will be disabled for all ports.
Note:
■ For Access port: If system detects loopback for a port, it will shut down that port,
send a Trap message to the terminal, and delete the corresponding MAC address
forwarding entry.
■ For Trunk ports and Hybrid ports: If system detects loopback for a port, it will send
a Trap message to the terminal. If the loopback detection and control function for
that port is enabled at the same time, the system will then shut down the given
port, send a Trap message to the terminal, and delete the corresponding MAC
address forwarding entry.
440 ● loopback-detection enable 3Com Switch 4200G Family
Command Reference
loopback-detection interval-time
Parameters Time Time interval for detecting the external loopback for a
port, in seconds. Valid values are 5 to 300.
If not specified, the default is 30 seconds.
Example Set the time interval for regular external loopback detection to 10 seconds.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] loopback-detection interval-time 10
■ System view
Parameters None
Default By default, system runs loopback detection only on the default VLAN for the trunk
and hybrid ports.
Example Configure the system to run loopback detection on all VLANs for the
GigabitEthernet1/0/1 trunk port.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] loopback-detection per-vlan enable
Description CAUTION:
ls
Purpose Use the ls command to display the files in the specified directory.
Syntax ls [ remote-path ]
sftp-client> ls flash:/
-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 vrpcfg.cfg
-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2
-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1
drwxrwxrwx 1 noone nogroup 0 Sep 28 08:18 new2
-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:30 pub2
Description If the remote-path argument is not specified, the files in the current directory are
displayed.
ls
Purpose Use the ls command to display the information about a specified remote file.
[ftp] ls
200 PORT command okay
7 File Listing Follows in ASCII mode
4.app
5.app
6.app
6.app.bak
abc.BTM
TEST
21.bin
226 Transfer finished successfully.
FTP: 1235 byte(s) received in 1.595 second(s) 774.00byte(s)/sec.
Description If you do not specify the remotefile argument, the names of all the files in the current
directory are displayed.
The ls command only displays file names, while the dir command displays file
information in more detail, including file size, creation date and so on.
3Com Switch 4200G Family mac-address ● 445
Command Reference
mac-address
Purpose Use the mac-address command to add/modify the MAC address table entry.
Use the undo mac-address command to delete MAC address table entry
In Port view:
Value Description
{ static | dynamic | blackhole } interface Remove the static, dynamic, or blackhole MAC
interface-type address entries concerning a specified port.
interface-number
{ static | dynamic | blackhole } vlan Remove the static, dynamic, or blackhole MAC
vlan-id address entries concerning a specified VLAN.
{ static | dynamic | blackhole } Remove a specified static, dynamic, or blackhole
mac-address [ interface MAC address entry.
interface-type
interface-number ] vlan vlan-id
interface interface-type Remove all the MAC address entries concerning a
interface-number specified port.
vlan vlan-id Remove all the MAC address entries concerning a
specified VLAN.
446 ● mac-address 3Com Switch 4200G Family
Command Reference
Value Description
mac-address [ interface Remove a specified MAC address entry.
interface-type
interface-number ] vlan vlan-id
Example Configure a static MAC address entry with the following settings:
■ System view
■ Port view
Description If the MAC address you input in the mac-address command already exists in the MAC
address table, the system will modify the attributes of the corresponding MAC
address entry according to your settings in the command.
When being executed in port view, these two commands only apply to the current
port. In this case, the interface keyword is unnecessary.
mac-address max-mac-count
Purpose Use the mac-address max-mac-count command to configure the maximum number
of MAC addresses an Ethernet port can learn.
Default By default, the number of MAC addresses an Ethernet port can learn is unlimited.
Example Set the maximum number of MAC addresses GgiabitEthernet1/0/3 port can learn to
600.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/3
[S4200G-GigabitEthernet1/0/3] mac-address max-mac-count 600
The port stops learning MAC addresses when the specified limit is reached.
448 ● mac-address max-mac-count 0 3Com Switch 4200G Family
Command Reference
mac-address max-mac-count 0
Purpose Use the mac-address max-mac-count0 command to disable a switch from learning
MAC address in a VLAN.
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan 3
[S4200G-vlan3] mac-address max-mac-count 0
■ VLAN view
3Com Switch 4200G Family mac-address multicast interface vlan ● 449
Command Reference
Purpose Use the mac-address multicast command to add a multicast MAC address
entry.
Example Add a multicast MAC address entry, with multicast address 0100-5e0a-0805, forward
port GigabitEthernet 1/0/1, and VLAN 1 to which the entry belongs.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] mac-address multicast 0100-5e0a-0805 interface GigabitEthernet
1/0/1 vlan 1
■ System view
Description A multicast address entry contains the following information: multicast MAC address,
Forward port, and VLAN ID.
Purpose Use the mac-address multicast vlan command to add a multicast MAC
address entry.
Example Add a multicast MAC address entry on the GigabitEthernet1/0/1 port, with multicast
address 0100-1000-1000 and VLAN 1 to which the entry belongs.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1]mac-address multicast 0100-1000-1000 vlan
1
Description A multicast MAC address entry contains a multicast MAC address, a VLAN ID, and
other information.
mac-address security
Purpose Use the mac-address security command to add Security MAC address
manually.
<S4200G> system-view
Configure the maximum number of MAC addresses allowed to access the port to
100.
Description You can add Security MAC address only when the port-security is enabled globally
and the port-security port-mode autolearn command is configured on
the port.
452 ● mac-address timer 3Com Switch 4200G Family
Command Reference
mac-address timer
Purpose Use the mac-address timer command to set the aging time for dynamic MAC
address entries.
Use the undo mac-address timer command to revert to the default aging time.
Parameters aging age-time Specifies the aging time (measured in seconds) for
dynamic MAC address entries. Valid values for
age-time are 10 to 630.
If not specified, the default aging time is 300 seconds.
no-aging Specifies not to age dynamic MAC address entries.
Example Set the aging time of MAC address entries to 500 seconds.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] mac-address timer aging 500
■ System view
Description Setting the aging time on the switch to be too long or too short will cause the switch
to broadcast data packets without MAC addresses, this will affect the operational
performance of the switch.
If the aging time is set too long, the switch will store out-of-date MAC address tables.
This will consume MAC address table resources and the switch will not be able to
update MAC address table according to the network change.
If aging time is set too short, the switch may delete valid MAC address table entries.
3Com Switch 4200G Family mac-authentication ● 453
Command Reference
mac-authentication
Parameters interface-list Specifies the list of Ethernet ports. You can specify
multiple Ethernet ports by providing this argument in
the form of interface-list = { interface-type
interface-number [ to interface-type interface-number
] } where <1–10> means that you can provide up to 10
port indexes/port index lists for this argument.
Default By default, centralized MAC address authentication is disabled both globally and on
any port.
Example To enable centralized MAC address authentication for GigabitEthernet 1/0/1 port,
enter the following:
<S4200G> system-view
[S4200G] mac-authentication interface GigabitEthernet 1/0/1
[S4200G] mac-authentication
■ System view
■ Ethernet Port view
When being executed in Ethernet port view, the command enables centralized MAC
address authentication on the current port only. In this case, the interface-list is
unnecessary.
454 ● mac-authentication 3Com Switch 4200G Family
Command Reference
Note:
■ Centralized MAC address authentication configuration takes effect on a port only
after you enable centralized MAC address authentication globally.
■ The configuration of the maximum number of learned MAC addresses (refer to
the mac-address max-mac-count command) is unavailable for the ports with
centralized MAC address authentication enabled. Similarly, the centralized MAC
address authentication is unavailable for the ports with the maximum number of
learned MAC addresses configured.
3Com Switch 4200G Family mac-authentication authmode ● 455
Command Reference
mac-authentication authmode
Example To specify to perform MAC address authentication in the fixed mode, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] mac-authentication authmode usernamefixed
■ System view
456 ● mac-authentication authpassword 3Com Switch 4200G Family
Command Reference
mac-authentication authpassword
Default By default, no password is configured for the fixed mode of MAC address
authentication.
<S4200G> system-view
[S4200G] mac-authentication authpassword mac
■ System view
3Com Switch 4200G Family mac-authentication authusername ● 457
Command Reference
mac-authentication authusername
Default By default, the user name used in MAC address authentication (in the fixed mode) is
mac.
Example To set the user name to vipuser for MAC addresses authentication (in the fixed mode),
enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] mac-authentication authusername vipuser
■ System view
458 ● mac-authentication domain 3Com Switch 4200G Family
Command Reference
mac-authentication domain
Purpose Use the mac-authentication domain command to configure an ISP domain for
centralized MAC address authentication users.
Default By default, the domain for centralized MAC address authentication users is not
configured.
Example To configure the domain for centralized MAC address authentication to be Cams,
enter the following:
<S4200G> system-view
[S4200G] mac-authentication domain Cams
■ System view
3Com Switch 4200G Family mac-authentication timer ● 459
Command Reference
mac-authentication timer
Purpose Use the mac-authentication timer command to configure the timers used in
centralized MAC address authentication.
Parameters offline-detect
offline-detect-value Sets the offline-detect timer (in seconds). This timer
sets the interval for a switch to test whether or not a
user goes offline. Valid values for the
offline-detect-value argument are 1 to 65,535. If not
specified, the default is 300.
quiet quiet-value Sets the quiet timer. If a user fails to pass the
authentication performed by a switch, the switch stops
authenticating users for a period specified by the
quiet-value before it authenticates users again. Valid
values for the quiet-value argument are 1 to 65,535 (in
minutes). If not specified, the default is 1.
server-timeout
server-timeout-value Sets the server-timeout timer. If the connection
between a switch and a RADIUS server times out when
the switch authenticates a user on one of its ports, the
switch turns down the user. Valid values for the
server-timeout-value argument are 1 to 65,535 (in
seconds). If not specified, the default is 100.
Example To set the server timeout timer to 150 seconds, enter the following:
<S4200G> system-view
[S4200G] mac-authentication timer server-timeout 150
■ System view
management-vlan
Purpose Use the management-vlan command to specify the management VLAN on the
switch.
undo management-vlan
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] management-vlan 2
■ System view
Description Follow these items when you configure the management VLAN:
■ The management VLAN specified for devices in the same cluster must be the same
VLAN.
■ The management VLAN must be specified before the cluster is set up. You cannot
change the management VLAN of an existing VLAN. If necessary, you can delete
the cluster, re-specify the management VLAN and then re-create the cluster.
3Com Switch 4200G Family management-vlan synchronization enable ● 461
Command Reference
Parameters None
■ Cluster view
mdi
undo mdi
Default By default, the network cable type is recognized automatically (the mdi auto
command).
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[SW4200G]interface GigabitEthernet 1/0/1
[SW4200G-GigabitEthernet1/0/1]mdi auto
Description Note: The mdi and undo mdi commands cannot be configured on the combo
ports.
3Com Switch 4200G Family messenger ● 463
Command Reference
messenger
Purpose Use the messenger time command to enable or disable the messenger alert and
configure the related parameters.
Use the undo messenger time command to restore messenger alert to default
settings.
Example To enable the switch to send prompt messages at intervals of 5 minutes to the users
in the ISP domain system after the remaining online time is less than 30 minutes.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain system
[S4200G-isp-system] messenger time enable 30 5
Description This function allows the clients to inform the online users about their remaining
online time through a message dialog.
You can use messenger time enable command to set a remaining online time
limit and the interval to send prompt messages. After that, the switch regularly sends
prompt messages at the set interval to the clients of the users whose remaining online
time is less than the set limit, and the clients inform the users of their remaining
online time in the form of message dialog.
464 ● mirroring group 3Com Switch 4200G Family
Command Reference
mirroring group
Purpose Use the mirroring-group command to configure the port mirroring group.
Use the undo mirroring-group command to delete the port mirroring group.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] mirroring-group 1 local
■ System view
3Com Switch 4200G Family mirroring-group mirroring-port ● 465
Command Reference
mirroring-group mirroring-port
Example Configure GigabitEthernet1/0/1 as the source port and monitor all packets received
via this port.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] mirroring-group 1 mirroring-port Gigabitethernet1/0/1 inbound
■ System view
466 ● mirroring-group reflector-port 3Com Switch 4200G Family
Command Reference
mirroring-group reflector-port
Example Configure GigabitEthernet1/0/1 as a reflector port and monitor all packets received and
sent via this port.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] mirroring-group 1 reflector-port Ethernet1/0/1
■ System view
3Com Switch 4200G Family mirroring-group remote-probe vlan ● 467
Command Reference
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] mirroring-group 1 remote-probe vlan 100
■ System view
468 ● mirroring-port 3Com Switch 4200G Family
Command Reference
mirroring-port
undo mirroring-port
Example Configure GigabitEthernet1/0/1 as the source port and mirror all packets received and
sent and via this port.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] mirroring-port both
Description The Switch supports one monitor port and one mirroring port. If several Switches
form a Fabric, only one monitor port and one mirroring port can be configured in the
Fabric. You need to configure the monitor port before configuring the monitored
port.
mkdir
Purpose Use the mkdir command to create a directory on the remote SFTP server.
mkdir
Purpose Use the mkdir command to create a directory in a specified directory of a specified
storage device.
Example Create a directory in the current directory, with the name being dd.
<S4200G> mkdir dd
% Created dir flash:/dd
■ User view
Description When using the mkdir command to create a directory, the names of the directories
and files in the same directory must be unique.
3Com Switch 4200G Family mkdir ● 471
Command Reference
mkdir
Purpose Use the mkdir command to create a directory on the remote SFTP server.
Description The mkdir command is only available to the FTP clients that are assigned the
permission to create directories on FTP servers.
472 ● monitor-port 3Com Switch 4200G Family
Command Reference
monitor-port
Purpose Use the monitor-port command to configure the destination monitor port.
Syntax monitor-port
undo monitor-port
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] monitor-port
Description You can configure only one destination port on the switch; all mirrored packets will
be sent to the destination port.
The Switch supports one monitor port and one mirroring port. If several Switches
form a Fabric, only one monitor port and one mirroring port can be configured in the
Fabric. You need to configure monitor port before configuring monitored port.
more
Purpose Use the more command to display the content of a specified file.
Parameters file-url The path name or file name of a file in the Flash,
comprised of a string from 1 to 142 characters long.
■ User view
move
Purpose Use the move command to move a file to a specified directory. You can also assign a
new name for the file.
Parameters fileurl-source Path name or file name of the source file in the
Flash, a string comprising 1 to 142 characters.
fileurl-dest Path name or file name of the target file in the Flash,
a string comprising 1 to 142 characters.
Example Move the file named sample.txt from flash:/test/ to flash:/, with the name not
changed.
■ User view
Description When the destination filename is the same as that of an existing file, the system will
ask whether to overwrite the existing file.
3Com Switch 4200G Family name ● 475
Command Reference
name
Purpose Use the name command to set a name for the assigned VLAN.
Use the undo name command to restore to the default VLAN name.
undo name
Default By default, the VLAN ID (like VLAN 0001) is used as the name of the assigned VLAN.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan 2
[S4200G-vlan2] name abc
■ VLAN view
476 ● name 3Com Switch 4200G Family
Command Reference
name
Purpose Use the name command to set a name for the assigned VLAN.
Use the undo name command to delete the name of the assigned VLAN.
undo name
Default By default, a VLAn uses its VLAN ID (like VLAN 0001) as its name.
Example To set the name of VLAN 100 to test, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan 100
[S4200G-vlan100] name test
■ VLAN view
Description This command is used for the dynamic VLAN assignment function. For details about
this function, refer to the vlan-assignment-mode command.
nas-ip
Purpose Use the nas-ip command to set the source IP address used by the switch to send
RADIUS packets.
Use the undo nas-ip command to remove the source IP address setting.
undo nas-ip
Default By default, the IP address of the outbound interface is used as the source IP address of
the packet.
Example To set the source IP address used by the switch to send the RADIUS packets to
10.1.1.1, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] nas-ip 10.1.1.1
Description You can specify the source IP address used to send RADIUS packets to prevent the
unreachability of the packets returned from the server due to physical interface
trouble. It is recommended to use the loopback interface address as the source IP
address.
ndp enable
Purpose Use the ndp enable command in system view to enable NDP globally on the
switch. When being executed in Ethernet port view, this command enables NDP for
an Ethernet port.
Use the undo ndp enable command in system view to disable NDP globally on the
switch. When being executed in Ethernet port view, this command disables NDP for
an Ethernet port.
Parameters port-list Specifies a list of ports. The list can contain consecutive
or separated ports, or the combination of the both.
You need to provide the port-list argument in the form
of { interface-type interface-number | interface-name }
[ to { interface-type interface-number | interface-name
} ] } &<1-10>, where interface-type specifies the port
type, and interface-number specifies the port number
(in the form of slot number/port number). Using “to”
specifies a range of ports.
Default By default, NDP is enabled both globally on the switch and on an Ethernet port.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] ndp enable
■ System view
■ Ethernet Port view
3Com Switch 4200G Family ndp timer aging ● 479
Command Reference
Purpose Use the ndp timer aging command to set how long a device will hold the NDP
packets received from the local device. After the aging timer expires, the device will
discard the received NDP neighbor node information.
Use the undo timer aging command to restore the default NDP information
aging time (180 seconds).
Example Configure the holdtime of the NDP information sent by the local switch to be 60
seconds.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] ndp timer aging 60
■ System view
Description A user can specify how long an adjacent device will hold the NDP information sent by
the local device. An adjacent device holds the NDP information of the local switch
according to the holdtime carried in the NDP packets received from the local switch
and removes the NDP information when the aging timer expires.
Normally, NDP information holdtime is longer than the interval to send NDP packets.
Otherwise, the neighbor information table of an NDP port becomes unstable.
480 ● ndp timer hello 3Com Switch 4200G Family
Command Reference
Purpose Use the ndp timer hello command to define how often to transmit the NDP
packets.
Use the undo ndp timer hello command to restore the default NDP packet
interval (60 seconds).
Parameters timer-in-seconds Interval (in seconds) to send NDP packets ranging from
5 to 254. If not specified, NDP packets are transmitted
every 60 seconds, by default.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] ndp timer hello 80
■ System view
Description NDP information in a neighbor information table is updated regularly. This enables
neighbor information table to contain the actual network topology information. You
can use these two commands to adjust the updating frequency of NDP information.
3Com Switch 4200G Family nm-interface vlan-interface ● 481
Command Reference
nm-interface vlan-interface
<123> system-view
System View: return to User View with Ctrl+Z
[123] cluster
[123-cluster] nm-interface Vlan-interface 2
■ Cluster view
Description Note:
■ In an NAT-enabled cluster network, the NAT server is configured on the
management VLAN interface of the management device by default. The NAT
server can perform address translation between an internal IP address and a public
IP address. NMS devices outside the cluster network can use SNMP, FTP, and HTTP
to manage the devices inside the cluster through NAT.
■ If the VLAN where the port connected with the NMS device resides is not a
management VLAN, since no NAT server is configured on this interface by default,
IP addresses cannot be translated. In this case, the network administrator of the
external network is unable to access the management device, so he cannot
manage internal devices of the cluster.
■ By specifying an NMS interface on the management device, you can enable the
NAT server configuration on the NMS interface instead of the management VLAN
interface. In this case, the network administrator can access the management
device through the NMS interface to manage internal devices of this cluster.
482 ● ntdp enable 3Com Switch 4200G Family
Command Reference
ntdp enable
Purpose Use the ntdp enable command in system view to enable NTDP globally. When
being executed in Ethernet port view, this command enables NTDP for an Ethernet
port.
Use the undo ntdp enable command in system view to disable NTDP globally.
When being executed in Ethernet port view, this command disables NTDP for an
Ethernet port.
Parameters None
Default By default, NTDP is enabled globally on the switch and the ports supporting NDP. For
a port that does not support NDP, NTDP cannot operate even if NTDP is enabled on it.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntdp enable
■ System view
■ Ethernet Port view
3Com Switch 4200G Family ntdp explore ● 483
Command Reference
ntdp explore
Purpose Use the ntdp explore command to start topology information collection manually.
Parameters None
■ User view
Description Normally, NTDP collects network topology information periodically. You can also start
topology information collection manually whenever needed by executing this
command. When you execute this command, NTDP collects the NDP information of
every device and the information about the connections between the local switch and
all of its neighbor switches in the specified network scope. The information is useful
for the management device or network management system to acquire the network
topology and to manage and monitor the devices.
484 ● ntdp hop 3Com Switch 4200G Family
Command Reference
ntdp hop
Purpose Use the ntdp hop command to set a range (in terms of hop count) for topology
information collection.
Use the undo ntdp hop command to restore the default range for topology
information collection.
<aaa_0.S4200G> system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G] ntdp hop 5
■ System view
Description With the ntdp hop command, you can specify to collect the topology information of
the devices within a specified range to avoid infinitive collection. The limit is
performed by controlling the permitted hops from collection origination. For example,
if you set the hop number limit to 2, only the switches less than 2 hops away from the
switch starting the topology collection are collected.
ntdp timer
Purpose Use the ntdp timer command to configure the interval to collect topology
information.
Use the undo ntdp timer command to restore the default topology collection
interval.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntdp timer 30
■ System view
Description A switch collects topology information once in each period set by the ntdp timer
command.
486 ● ntdp timer hop-delay 3Com Switch 4200G Family
Command Reference
Purpose Use the ntdp timer hop-delay command to set the delay time for a switch to
forward topology-collection request packets.
Use the undo ntdp timer hop-delay command to restore the default delay
value.
Example Set the delay time for the switch to forward topology-collection request packets
through the first port to 300 ms.
<aaa_0.S4200G> system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G] ntdp timer hop-delay 300
■ System view
Description To avoid network congestion caused by large amount of topology response packets
received in short periods, a switch delays for specific period before it forwards a
received topology-collection request packet through its first ports. You can use the
ntdp timer hop-delay command to set the delay time.
These two commands are intended for switches that collect topology information.
They actually set the hop-delay value for topology-collection request packets sent by
these switches. The hop-delay value determines the delay time for a switch receiving
topology-collection request packets to forward them through its first port.
3Com Switch 4200G Family ntdp timer port-delay ● 487
Command Reference
Purpose Use the ntdp timer port-delay command to set the delay time for a switch to
forward a received topology-collection request packet through its successive ports.
Use the undo ntdp timer port-delay command to restore the default delay
time.
Example Set the delay time for the switch to forward topology-collection request packets
through the successive ports to 40 ms.
<aaa_0.S4200G> system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G] ntdp timer port-delay 40
■ System view
Description Use the ntdp timer port-delay command to set the delay time for a switch to
forward a received topology-collection request packet through its successive ports. A
switch forwards received topology request packets to all its ports in turn. After
forwarding a received topology-collection request packet through one port, the
switch delays for specific period before it forwards the packet through the next port.
These two commands are intended for switches that collect topology information.
They actually set the port-delay value for topology-collection request packets sent by
these switches. The port-delay value determines the delay time for a switch receiving
topology-collection request packets to forward them through the next port.
488 ● ntp-service access 3Com Switch 4200G Family
Command Reference
ntp-service access
Purpose Use the ntp-service access command to set the authority to access the local
equipment.
Use the undo ntp-service access command to cancel the access authority
settings.
Parameters peer Allows time request and query on the local NTP server.
The local clock can also be synchronized to the remote
server.
server Allows time request and query on the local NTP server.
The local clock cannot be synchronized to the remote
server.
synchronization Allows only time request on the local NTP server.
query Allows only query on the local NTP server.
acl-number Basic access control list (ACL) number, in the range of
2000 to 2999.
Default By default, the access permission to the local NTP server is peer.
Example Configure the access permission of the peer defined in ACL 2076 to be peer.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntp-service access peer 2076
Configure the access permission of the peer defined in ACL 2028 to be server.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntp-service access server 2028
■ System view
Description Configuring access control permission to the NTP server only provides a least security
measure. Performing authentication is a more reliable way to improve security.
A received access is matched in this order: peer, server, synchronization, and query.
3Com Switch 4200G Family ntp-service access ● 489
Command Reference
490 ● ntp-service authentication enable 3Com Switch 4200G Family
Command Reference
Purpose Use the ntp-service authentication enable command to enable the NTP-service
authentication function.
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntp-service authentication enable
■ System view
3Com Switch 4200G Family ntp-service authentication-keyid ● 491
Command Reference
ntp-service authentication-keyid
For the encryption algorithm, only message digest 5 (MD5) is currently supported.
Example Configure an MD5 authentication key, with the key ID being 10 and the key being
BetterKey.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntp-service authentication-keyid 10 authentication-mode md5
BetterKey
■ System view
492 ● ntp-service broadcast-client 3Com Switch 4200G Family
Command Reference
ntp-service broadcast-client
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface vlan-interface1
[S4200G-Vlan-Interface1] ntp-service broadcast-client
Description Designate an interface on the local Switch to receive NTP broadcast messages and
operate in broadcast client mode. The local Switch listens to the broadcast from the
server. When it receives the first broadcast packet, it starts a brief client/server mode
to switch messages with a remote server for estimating the network delay. Thereafter,
the local Switch enters broadcast client mode and continues listening to the
broadcast and synchronizes the local clock according to the arrived broadcast
message.
3Com Switch 4200G Family ntp-service broadcast-server ● 493
Command Reference
ntp-service broadcast-server
Example Configure to send NTP broadcast packets through VLAN interface 1, using the key
numbered 4 for encryption and setting the NTP version number to 3.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface vlan-interface1
[S4200G-Vlan-Interface1] ntp-service broadcast-server
authentication-key 4 version 3
Description Designate an interface on the local equipment to broadcast NTP packets. The local
equipment runs in broadcast-server mode and regularly broadcasts packets to its
clients.
494 ● ntp-service in-interface disable 3Com Switch 4200G Family
Command Reference
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface vlan-interface1
[S4200G-Vlan-Interface1] ntp-service in-interface disable
Purpose Use the ntp-service max-dynamic-sessions command to set how many sessions
can be created locally.
Parameters number The maximum of the NTP sessions that can be created
locally. Valid values are 0 to 100.
If not specified, the default is 100.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntp-service max-dynamic-sessions 50
■ System view
496 ● ntp-service multicast-client 3Com Switch 4200G Family
Command Reference
ntp-service multicast-client
Example Configure to receive NTP multicast packets through VLAN interface 1, with the
corresponding multicast group address being 224.0.1.1.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface vlan-interface 1
[S4200G-Vlan-Interface1] ntp-service multicast-client 224.0.1.1
Description Designate an interface on the local Switch to receive NTP multicast messages and
operate in multicast client mode. The local Switch listens to the multicast from the
server. When it receives the first multicast packet, it starts a brief client/server mode to
switch messages with a remote server for estimating the network delay. Thereafter,
the local Switch enters multicast client mode and continues listening to the multicast
and synchronizes the local clock according to the arrived multicast message.
3Com Switch 4200G Family ntp-service multicast-server ● 497
Command Reference
ntp-service multicast-server
Default By default, an Ethernet switch does not operate in multicast server mode.
Example Configure to send NTP multicast packets through VLAN interface 1, with the
multicast group address being 224.0.1.1, the key numbered 4 used for encryption,
and the NTP version number set to 3.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface vlan-interface 1
[S4200G-Vlan-Interface1]ntp-service multicast-server 224.0.1.1
authentication-keyid 4 version 3
Description Designate an interface on the local equipment to transmit NTP multicast packet. The
local equipment operates in multicast-server mode and multicasts packets regularly to
its clients.
498 ● ntp-service reliable authentication-keyid 3Com Switch 4200G Family
Command Reference
Example Enable NTP authentication, with MD5 algorithm adopted, key ID being 37, the key of
BetterKey and being a trusted key.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntp-service authentication enable
[S4200G] ntp-service authentication-keyid 37 authentication-mode md5
BetterKey
[S4200G] ntp-service reliable authentication-keyid 37
■ System view
Description If authentication is enabled, a client can only be synchronized to a server that can
provide a trusted key.
3Com Switch 4200G Family ntp-service source-interface ● 499
Command Reference
ntp-service source-interface
Example Specify the source IP addresses of all the NTP packets sent to be the IP address of
VLAN interface 1.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntp-service source-interface Vlan-Interface 1
■ System view
Description The source address specifies where the packets are transmitted from.
You can use this command to designate an interface to transmit all the NTP packets
and take the source address of these packets from its IP address. If you do not want
any other interface to receive the acknowledgement packets, use this command to
specify one interface to send all the NTP packets.
500 ● ntp-service unicast-peer 3Com Switch 4200G Family
Command Reference
ntp-service unicast-peer
Use the undo ntp-service unicast-peer command to cancel NTP peer mode.
Example Configure the switch to obtain time information from the peer with the IP of
128.108.22.44. The local peer can also provide time information to the remote peer.
Set the NTP version number to 3. The source IP addresses of NTP packets sent are that
of VLAN interface 1.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
3Com Switch 4200G Family ntp-service unicast-peer ● 501
Command Reference
■ System view
Description This command sets the remote server at ip-address as a peer of the local
equipment, which operates in symmetric active mode. ip-address specifies a host
address other than an IP address of broadcast, multicast, or reference clock. By
operating in this mode, a local device can synchronize and be synchronized by a
remote server.
Note:
If you specify a remote server to be the peer of the local Ethernet switch by providing
the remote-ip argument in the ntp-service unicast-peer command, the local switch
operates in the active peer mode. In this case, the local switch and the remote server
can be synchronized to each other.
502 ● ntp-service unicast-server 3Com Switch 4200G Family
Command Reference
ntp-service unicast-server
Use the undo ntp-service unicast-server command to disable NTP server mode.
Default By default, an Ethernet switch does not operate in NTP server mode.
Example Configure the local device to be synchronized to the NTP server using the IP address
of 128.108.22.44, with the version number set to 3.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ntp-service unicast-server 128.108.22.44 version 3
3Com Switch 4200G Family ntp-service unicast-server ● 503
Command Reference
■ System view
Description An Ethernet can operate as a client and be synchronized to the remote NTP server
identified by the remote-ip argument. Note that an NTP server will not be
synchronized to the local switch.
504 ● open 3Com Switch 4200G Family
Command Reference
open
Purpose Use the open command to establish a control connection with an FTP server.
Establish a control connection with the FTP server whose IP address is 1.1.1.1.
[ftp]open 1.1.1.1
Trying ...
Press CTRL+K to abort
Connected.
220-
220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user
User(none):abc
331 Give me your password, please
Password:
230 Logged in successfully
packet-filter
Purpose Use the packet-filter command to define the packet filter function in the QoS
profile.
Use the undo packet-filter command to disable the definition of the packet
filter function in the QoS profile.
Example To add the packet filter function in the QoS profile named h3c to filter the received
packets matching with ACL 4000 rules, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] qos-profile h3c
[S4200G-qos-profile-h3c] packet-filter inbound link-group 4000
packet-filter
Purpose Use the packet-filter command to apply ACL rules on the port to filter packets.
Use the undo packet-filter command to remove the ACL rules applied on the
port.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] packet-filter inbound ip-group 2000
parity
Purpose Use the parity command to set the check mode of the user interface.
Use the undo parity command to revert to the default check mode.
undo parity
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] user-interface aux0
[S4200G-ui-aux0] parity mark
Description The parity and undo parity commands can only be used in AUX User
Interface view.
508 ● passive 3Com Switch 4200G Family
Command Reference
passive
Purpose Use the passive command to set the data transmission mode to be passive mode.
Use the undo passive command to set the data transmission mode to be active
mode.
Syntax passive
undo passive
Parameters None
password
Purpose Use the password command to configure or change the system login password
for a user.
Syntax password
Parameters None.
Example Configure the system login password for the user test to 9876543210.
S4200G<S4200G> system-view
System View: return to User View with Ctrl+Z.
S4200G[S4200G] local-user test
New local user added.
[S4200G-luser-test] password
Password:**********
confirm:**********
Change the system login password for the user test to 0123456789.
[S4200G-luser-test]password
Password:**********
Confirm :**********
Updating the password file ,please wait ...
password
Purpose Use the password command to set a password for the local users.
Use the undo password command to cancel the specified password display mode.
undo password
Example To set the password of user1 to 20030422 and to specify that the password be
displayed in plain text, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] local-user user1
New local user added.
[S4200G-luser-user1] password simple 20030422
22
peer-public-key end
Purpose Use the peer-public-key end command to return to system view from public key
view.
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] rsa peer-public-key S4200G003
[S4200G-rsa-public-key] peer-public-key end
[S4200G]
ping
Purpose Use the ping command to check the IP network connection and the reachability of
the host.
<S4200G>ping 202.38.160.244
ping 202.38.160.244 : 56 data bytes
Reply from 202.38.160.244 : bytes=56 sequence=1 ttl=255 time = 1ms
Reply from 202.38.160.244 : bytes=56 sequence=2 ttl=255 time = 2ms
Reply from 202.38.160.244 : bytes=56 sequence=3 ttl=255 time = 1ms
Reply from 202.38.160.244 : bytes=56 sequence=4 ttl=255 time = 3ms
Reply from 202.38.160.244 : bytes=56 sequence=5 ttl=255 time = 2ms
--202.38.160.244 ping statistics--
5 packets transmitted
5 packets received
514 ● ping 3Com Switch 4200G Family
Command Reference
0% packet loss
round-trip min/avg/max = 1/2/3 ms
■ Any view
Description The executing procedure of the ping command is as follows: First, the source host
sends an ICMP ECHO-REQUEST packet to the destination host. If the connection
to the destination network is normal, the destination host receives this packet and
responds with an ICMP ECHO-REPLY packet.
You can use the ping command to check the network connectivity and the quality
of a network line. This command can output the following information:
You can set a relatively long timeout time waiting for response packet if the
network transmission is slow.
port
Purpose Using the port command, you can add one port or one group of ports to a VLAN.
Using the undo port command, you can cancel one port or one group of ports from
a VLAN.
CAUTION: The port command is only applicable to access ports. To add trunk ports
and hybrid ports to a VLAN, use the port trunk permit vlan and port
hybrid vlan commands in Ethernet port view.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan 2
[S4200G-vlan2] port GigabitEthernet1/0/1 to GigabitEthernet1/0/4
■ VLAN view
516 ● port access vlan 3Com Switch 4200G Family
Command Reference
Purpose Use the port access vlan command to assign the access port to a specified VLAN.
Use the undo port access vlan command to remove the access port from the
specified VLAN.
Parameters vlan_id Specifies a VLAN ID. Valid values are 1 to 4094. (You
must specify the ID of an existing VLAN.)
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]vlan 3
[S4200G-vlan3]quit
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1]port access vlan 3
Purpose Use the port hybrid pvid vlan command to configure the default VLAN ID of the
hybrid port.
Use the undo port hybrid pvid command to restore the default VLAN ID of the
hybrid port.
Default To guarantee the proper packet transmission, the default VLAN ID of the local hybrid
port should be identical with that of the hybrid port on the peer switch.
Example Set the default VLAN ID for the GigabitEthernet1/0/1 hybrid port as 100.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1]port hybrid pvid vlan 100
Purpose Use the port hybrid vlan command to add the port to the specified VLAN(s). The
port needs to have been made a hybrid port before you can do this. See the related
command below.
Use the undo port hybrid vlan command to remove the port from the specified
VLAN(s).
Example Add the GigabitEthernet1/0/1 hybrid port to VLAN 2, VLAN 5 and VLAN 50 through
VLAN 100, with tags assigned to their packets.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1]port hybrid vlan 2 4 50 to 100 tagged
Description A hybrid port can belong to multiple VLANs. A port can only be added to a VLAN if
the VLAN has already been created. When you use the command several times, all
VLANs specified in the commands will be allowed to pass the port.
port isolate
Purpose Use the port isolate command to add an Ethernet port to the isolation group.
Use the undo port isolate command to remove an Ethernet port from an isolation
group.
Parameters None
Default By default, a port is not in an isolation group, namely Layer 2 forwarding is achievable
between this port and other ports.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] port isolate
Purpose Use the port link-aggregation group agg_id command to add an Ethernet port
to a manual or static aggregation group.
Use the undo port link-aggregation group command to delete an Ethernet port
from a manual or static aggregation group
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] port link-aggregation group 22
port link-type
Purpose Use the port link-type command to configure the link type of the Ethernet port.
Use the undo port link-type command to restore the default link type, that is,
access.
Example To configure the Ethernet port Ethernet1/0/1 as a trunk port, enter the following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-Ethernet1/0/1]port link-type trunk
Description You can configure the three types of ports on the same device. However, note that
you cannot directly switch a port between trunk and hybrid and you must set the port
as access before the switching. For example, to change a trunk port to hybrid, you
must first set it as access and then hybrid.
522 ● port-security enable 3Com Switch 4200G Family
Command Reference
port-security enable
Parameters None
<S4200G> system-view
■ System view
Description CAUTION: To avoid confliction, the following limitation on the 802.1x and the MAC
address authentication will be taken after port security is enabled:
■ The access control mode (set by the dot1x port-control command) automatically
changes to auto.
■ The dot1x port-method command can be successfully executed only when no user
is online.
■ The dot1x, dot1x port-method, dot1x port-control and mac-authentication
commands cannot be used.
3Com Switch 4200G Family port-security intrusion-mode ● 523
Command Reference
port-security intrusion-mode
Purpose Use the port-security intrusion-mode command to set the action mode of
the Intrusion Protection feature.
<S4200G> system-view
Set the action mode of the Intrusion Protection feature on GigabitEthernet1/0/1 port
to disableport.
By way of checking the source MAC addresses of the data frames received on a port,
the Intrusion Protection feature discovers illegal packets and takes appropriate action
(temporarily/permanently disabling the port, or filtering out the packets with these
source MAC addresses) to guarantees the security on the port.
■ Packets with unknown source MAC addresses received when MAC address
learning is disabled on the port
■ Packets with unknown source MAC addresses received when the number of MAC
addresses on the port has reached the set maximum number of MAC addresses
allowed to access the port.
■ Packets received from users who fail the authentication.
The action mode of the Intrusion Protection feature can be set to disableport,
disableport-temporarily or blockmac. For the
disableport-temporarily mode, you can set the time during which the system
temporarily disables a port by using the port-security timer disableport
command.
port-security max-mac-count
Default By default, there is no limit on the number of MAC addresses allowed to access the
port.
<S4200G> system-view
Set the maximum number of MAC addresses allowed to access the port to 100.
Description Use the port-security max-mac-count command to set the maximum number of MAC
addresses allowed to access the port. The number is the sum of the following:
CAUTION: The maximum number of MAC addresses set by this command does not
include the number of the static MAC address entries set manually.
526 ● port-security max-mac-count 3Com Switch 4200G Family
Command Reference
port-security ntk-mode
Purpose Use the port-security ntk-mode command to set the packet transmission
mode of the Need to Know (NTK) feature.
Default By default, no packet transmission mode of the NTK feature is set on the port.
<S4200G> system-view
Set the packet transmission mode of the NTK feature to ntkonly on the current port.
Description By way of checking the destination MAC addresses of the data frames to be sent
from a port, this feature ensures that only successfully authenticated devices can
528 ● port-security ntk-mode 3Com Switch 4200G Family
Command Reference
obtain data frames from the port so as to prevent illegal devices from filching
network data.
The packet transmission mode of the NTK feature can be set to ntkonly,
ntk-withbroadcasts or ntk-withmulticasts.
port-security OUI
Purpose Use the port-security OUI command to set an OUI value for authentication.
Use the undo port-security OUI command to cancel an OUI value setting.
Parameters OUI-value OUI value. You can input a complete MAC address (in
hexadecimal) for this argument and the system will
calculate the OUI value from your input.
index-value OUI index. Valid values are 1 to 16.
You need only to input a complete hexadecimal MAC address in this command, and
the system will automatically convert the address to binary format and then take the
higher 24 bits of the resulting binary data as the OUI value.
<S4200G> system-view
Set an OUI value by specifying the MAC address 00ef-ec00-0000, and set the OUI
index to five.
■ System view
Description CAUTION: The OUI value set by this command takes effect only when the security
mode of the port is set to userlogin-withoui (by the port-security port-mode
command).
port-security port-mode
Purpose Use the port-security port-mode command to set the security mode of the
port.
Parameters mode Security mode of the port. See Table 88for the values
of this argument.
<S4200G> system-view
Purpose Use the port-security timer disableport command to set the time during
which the system temporarily disables a port.
Example Set the time during which the system temporarily disables a port to 50 seconds.
<S4200G> system-view
[S4200G] port-security timer disableport 50
■ System view
Description The time set by the port-security timer disableport command takes effect when the
disableport-temporarily mode is set by the port-security intrusion-mode command.
534 ● port-security trap 3Com Switch 4200G Family
Command Reference
port-security trap
Purpose Use the port-security trap command to enable the sending of the specified
type(s) of trap messages.
Use the undo port-security trap command to disable the sending of the
specified type(s) of trap messages.
Default By default, the system disables the sending of any types of trap messages.
<S4200G> system-view
■ System view
Description This command is designed based on the Device Tracking feature. The Device Tracking
feature enables the switch to send trap messages in case special data packets
(generated by special actions such as illegal intrusion, and abnormal user
logon/logoff) pass through a port for the convenience of network administrator to
monitor these special actions.
536 ● port trunk pvid vlan 3Com Switch 4200G Family
Command Reference
Purpose Use the port trunk pvid vlan command to configure the default VLAN ID for a
trunk port.
Use the undo port trunk pvid command to restore the default VLAN ID for a trunk
port.
Default The default VLAN ID of local trunk port should be consistent with that of the trunk
port on the peer switch, otherwise packets cannot be properly transmitted.
Example To configure the trunk port Ethernet1/0/1 to the default VLAN of 100, enter the
following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[SW4200G]interface GigabitEthernet 1/0/1
[SW4200G-GigabitEthernet1/0/1]port trunk pvid vlan 100
Purpose Use the port trunk permit vlan command to add a trunk port to one VLAN, a
selection of VLANs, or all VLANs.
Use the undo port trunk permit vlan command to remove the hybrid port from
one VLAN, a selection of VLANs or all VLANs.
Example Add the GigabitEthernet1/0/1 trunk port to VLAN 2, VLAN 5 and VLAN 50 through
VLAN 100.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface GigabitEthernet 1/0/1
[SW4200G-GigabitEthernet1/0/1]port trunk permit vlan 2 4 50 to 100
Please wait...
Done.
Description A trunk port can belong to multiple VLANs. If the port trunk permit vlan
command is used many times, then the VLAN enabled to pass on trunk port is the set
of these vlan_id_list.
primary accounting
Purpose Use the primary accounting command to set the IP address and port number for
the primary accounting server.
Use the undo primary accounting command to restore the default IP address and
port number of the primary RADIUS accounting server.
Default By default, the IP address of the primary accounting server is 0.0.0.0 and the UDP
port number of the primary accounting service is 1813.
The IP address and UDP port number of the primary accounting server used by the
default RADIUS scheme system are 127.0.0.1 and 1646.
Example To set the IP address and UDP port number of the primary accounting server of the
RADIUS scheme radius1 to 10.110.1.2 and 1813, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] primary accounting 10.110.1.2 1813
Description After creating a RADIUS scheme, you are supposed to set IP addresses and UDP port
numbers for the RADIUS servers, including primary/second
authentication/authorization servers and accounting servers. In real networking
environments, the above parameters shall be set according to the specific
requirements. However, you must set at least one authentication/authorization server
and an accounting server. Besides, ensure that the RADIUS service port settings on the
Switch is consistent with the port settings on the RADIUS server.
3Com Switch 4200G Family primary accounting ● 539
Command Reference
primary authentication
Purpose Use the primary authentication command to configure the IP address and port
number for the primary RADIUS authentication/authorization server.
Use the undo primary authentication command to restore the default IP address
and port number of the primary RADIUS authentication/authorization server.
Example To set the IP address and UDP port number of the primary
authentication/authorization server used by the RADIUS scheme radius1 to
10.110.1.1 and 1812, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] primary authentication 10.110.1.1 1812
Description Note:
■ After creating a new RADIUS scheme, you should configure the IP address and
UDP port number of each RADIUS server you want to use in this scheme. These
RADIUS servers fall into two types: authentication/authorization, and accounting.
And for each kind of server, you can configure two servers in a RADIUS scheme:
primary and secondary servers. A RADIUS scheme has the following attributes: IP
addresses of the primary and secondary servers, shared keys, and types of the
RADIUS servers.
■ In an actual network environment, you can configure the above parameters as
required. But you should configure at least one authentication/authorization server
and one accounting server, and at the same time, you should keep the RADIUS
service port settings on the switch consistent with those on the RADIUS servers.
3Com Switch 4200G Family primary authentication ● 541
Command Reference
priority
Purpose Use the priority command to set the priority of Ethernet port.
undo priority
Parameters priority-level Specifies the priority level of the port. Valid values are
0 to 7.
Example To set the priority of the GigabitEthernet1/0/1 port to 7, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] priority 7
Description This command is used to set the priority of Ethernet ports. After the command is
configured, the switch replaces the 802.1p priority carried in the packet with the
priority of the port receiving the packet. Then the switch places the packet in the
corresponding port output queue according to the new priority of the packet.
3Com Switch 4200G Family priority trust ● 543
Command Reference
priority trust
Purpose Use the priority trust command to configure the precedence mapping mode on
the port of the switch.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] priority-trust dscp remap
protocol inbound
Purpose Use the protocol inbound command to configure the protocols supported in the
current user interface.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] user-interface vty 0 4
[S4200G-ui-vty0-4] protocol inbound ssh
Description After you use this command with SSH enabled, your configuration cannot take effect
till next login if no RSA key pair is configured.
CAUTION:
■ When SSH protocol is specified, to ensure a successful login, you must configure
the AAA authentication using the authentication-mode scheme command.
■ The protocol inbound ssh configuration fails if you configured
authentication-mode password and authentication-mode none.
When you configured SSH protocol successfully for the user interface, then you
cannot configure authentication-mode password and authentication-mode none
any more.
546 ● protocol inbound 3Com Switch 4200G Family
Command Reference
protocol inbound
Purpose Use the protocol inbound command to specify the protocols supported by the
user interface.
Default Both Telnet protocol and SSH protocol are supported by default.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] user-interface vty0
[S4200G-ui-vty0] protocol inbound ssh
Description Use the protocol inbound command in VTY User Interface view only.
protocol-priority protocol-type
Purpose Use the protocol-priority command to set the global traffic priority that
applies to a given protocol.
Parameters protocol-type
protocol-type Specifies the type of the protocol. Only TELNET, SNMP,
and ICMP are supported currently.
ip-precedence
ip-precedence Specifies the value of IP precedence. Valid values are 0
to 7.
dscp dscp-value Specifies the value of DSCP precedence. Valid values
are 0 to 63.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] protocol-priority protocol-type snmp ip-precedence 3
■ System view
548 ● public-key-code begin 3Com Switch 4200G Family
Command Reference
public-key-code begin
Purpose Use the public-key-code begin command to enter public key edit view and
input the client public key.
Parameters None
Example Enter public key edit view and input client public keys.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] rsa peer-public-key S4200G003
[S4200G-rsa-public-key] public-key-code begin
[S4200G-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[S4200G-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[S4200G-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[S4200G-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[S4200G-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[S4200G-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[S4200G-key-code] public-key-code end
[S4200G-rsa-public-key]
Description You can key in a blank space between characters (since the system can remove the
blank space automatically), or press <Enter> to continue your input at the next line.
But the public key, which is generated randomly by the SSH 2.0-supported client
software, should be composed of hexadecimal characters.
public-key-code begin
Purpose Use the public-key-code begin command to enter public key edit view and set
server public keys.
Parameters None
Example Enter public key edit view and set server public keys.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] rsa peer-public-key S4200G003
[S4200G-rsa-public-key] public-key-code begin
[S4200G-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463
[S4200G-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913
[S4200G-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4
[S4200G-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC
[S4200G-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16
[S4200G-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125
[S4200G-key-code] public-key-code end
[S4200G-rsa-public-key]
Description You can key in a blank space between characters (since the system can remove the
blank space automatically), or press <Enter> to continue your input at the next line.
But the public key, which are generated randomly after you use the rsa
local-key-pair create command on the server, should be composed of
hexadecimal characters.
public-key-code end
Purpose Use the public-key-code end command to return from public key edit view to
public key view and save the public keys you set.
Parameters None
Example Exit from public key edit view and save the public keys.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G]rsa peer-public-key zhangshan
[S4200G-rsa-public-key]public-key-code begin
[S4200G-rsa-key-code] public-key-code end
[S4200G-rsa-public-key]
Description After you use this command to terminate the public key editing, public key validity
will be checked before the keys are saved. If there are illegal characters in the keys,
the prompt will be given and the keys will be discarded. Your configuration this time
fails. If the keys are valid, they will be saved in the public key list of the client.
public-key-code end
Purpose Use the public-key-code end command to return from public key edit view to
public key view and save the public keys you set.
Parameters None
Example Exit from public key edit view and save the public keys.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] rsa peer-public-key S4200G003
[S4200G-rsa-public-key] public-key-code begin
[S4200G-rsa-key-code] public-key-code end
[S4200G-rsa-public-key]
Description After you use this command to terminate the public key editing, public key validity
will be checked before the keys are saved. If there are illegal characters in the keys,
the prompt will be given and the keys will be discarded. Your configuration this time
fails. If the keys are valid, they will be saved in the public key list of the client.
put
Purpose Use the put command to upload a local file to the remote SFTP server.
Example Upload local file temp.c to the remote SFTP server and save it with the name temp1.c.
Description If no name is specified for the file to be saved on the remote SFTP server, the name of
the source file is used.
3Com Switch 4200G Family put ● 553
Command Reference
put
Purpose Use the put command to upload a local file to the remote FTP server.
Example Upload local file temp.c to the remote STP server and save it with the name temp1.c.
Description If no name is specified for the file to be saved on the remote FTP server, the name of
the source file is used.
554 ● pwd 3Com Switch 4200G Family
Command Reference
pwd
Purpose Use the pwd command to display the current directory on the SFTP server.
Syntax pwd
Parameters None
sftp-client> pwd
flash:/
pwd
Purpose Use the pwd command to display the current path. If the current path is not
configured, an error occurs when you execute this command.
Syntax pwd
Parameters None
<S4200G> pwd
unit1>flash:
■ User view
556 ● pwd 3Com Switch 4200G Family
Command Reference
pwd
Purpose Use the pwd command to display the current directory on the remote FTP Server.
Syntax pwd
Parameters None
qos cos-drop-precedence-map
Parameters cos0-map-drop-prec Specifies the mapped value from COS 0 to the drop
precedence. Valid values are 0 to 1.
cos0-map-drop-prec Specifies the mapped value from COS 1 to the drop
precedence. Valid values are 0 to 1.
cos0-map-drop-prec Specifies the mapped value from COS 2 to the drop
precedence. Valid values are 0 to 1.
cos0-map-drop-prec Specifies the mapped value from COS 3 to the drop
precedence. Valid values are 0 to 1.
cos0-map-drop-prec Specifies the mapped value from COS 4 to the drop
precedence. Valid values are 0 to 1.
cos0-map-drop-prec Specifies the mapped value from COS 5 to the drop
precedence. Valid values are 0 to 1.
cos0-map-drop-prec Specifies the mapped value from COS 6 to the drop
precedence. Valid values are 0 to 1.
cos0-map-drop-prec Specifies the mapped value from COS 7 to the drop
precedence. Valid values are 0 to 1.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] qos cos-drop-precedence-map 1 1 1 1 1 0 0 0
■ System view
Description The switch will assign a set of service parameters to one packet according to a certain
rule when it receives the packet. Service parameters include CoS value, local
precedence and drop precedence. Service parameters are assigned according to the
802.1p priority of the packet. COS value is the 802.1p priority of the packet, and local
precedence and drop precedence are obtained through the "COS
->Local-precedence" mapping relationship and the "COS ->Drop-precedence"
mapping relationship respectively. You can use this command to modify the
"COS->Drop-precedence" mapping relationship as required.
3Com Switch 4200G Family qos cos-dscp-map ● 559
Command Reference
qos cos-dscp-map
Purpose Use the qos cos-dscp-map command to configure the "COS->DSCP" mapping
relationship.
Parameters cos0-map-dscp Sets the mapped value from COS 0 to DSCP. Valid
values are 0 to 63.
cos0-map-dscp Sets the mapped value from COS 1 to DSCP. Valid
values are 0 to 63.
cos0-map-dscp Sets the mapped value from COS 2 to DSCP. Valid
values are 0 to 63.
cos0-map-dscp Sets the mapped value from COS 3 to DSCP. Valid
values are 0 to 63.
cos0-map-dscp Sets the mapped value from COS 4 to DSCP. Valid
values are 0 to 63.
cos0-map-dscp Sets the mapped value from COS 5 to DSCP. Valid
values are 0 to 63.
cos0-map-dscp Sets the mapped value from COS 6 to DSCP. Valid
values are 0 to 63.
cos0-map-dscp Sets the mapped value from COS 7 to DSCP. Valid
values are 0 to 63.
Default By default, the system provides the default "COS->DSCP" mapping relationship.
Table 91 The default "COS->DSCP" mapping relationship
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] qos cos-dscp-map 0 1 2 3 4 5 6 7
■ System view
3Com Switch 4200G Family qos cos-local-precedence-map ● 561
Command Reference
qos cos-local-precedence-map
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] qos cos-local-precedence-map 0 1 2 3 4 5 6 7
■ System view
3Com Switch 4200G Family qos dscp-cos-map ● 563
Command Reference
qos dscp-cos-map
Purpose Use the qos dscp-cos-map command to configure the "COS->802.1p priority"
mapping relationship.
Parameters dscp-list Specifies the list of DSCP values. It can include only
one DSCP value or many DSCP values. DSCP values are
separated by space. dscp-list is connected with
cos-value by the ":" after it to indicate the mapping
relationship between them. Valid values for the
dscp-list are 0 to 63.
cos-value Specifies the 802.1p priority corresponding to the
DSCP list. Valid values for the cos-value are 0 to 7.
Default By default, the system provides the default "DSCP->802.1p priority" mapping
relationship.
Table 95 The default "COS->801.1p precedence" mapping relationship
Example Modify the "DSCP->802.1p priority" mapping relationship according to the following
table.
Table 96 The "DSCP->802.1p priority" mapping relationship
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] qos dscp-cos-map 0 1 2 3 4 5 6 7 : 1
■ System view
3Com Switch 4200G Family qos dscp-drop-precedence-map ● 565
Command Reference
qos dscp-drop-precedence-map
Parameters dscp-list Specifies the list of DSCP values. It can include only
one DSCP value or many DSCP values. DSCP values are
separated by space. dscp-list is connected with
cos-value by the ":" after it to indicate the mapping
relationship between them. Valid values for the
dscp-list are 0 to 63.
drop-precedence Specifies the drop precedence corresponding to the
DSCP list. Valid values for the drop-precedence are 0 to
1.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] qos dscp-drop-precedence-map 0 1 2 3 4 5 6 7 : 1
■ System view
3Com Switch 4200G Family qos dscp-dscp-map ● 567
Command Reference
qos dscp-dscp-map
Purpose Use the qos dscp-dscp-map command to configure the "DSCP->DSCP" mapping
relationship.
Parameters dscp-list Specifies the list of DSCP values. It can include only
one DSCP value or many DSCP values. DSCP values are
separated by space. dscp-list is connected with
dscp-value by the ":" after it to indicate the mapping
relationship between them. Valid values for the
dscp-list are 0 to 63.
dscp-value Specifies the DSCP precedence corresponding to the
DSCP list. Valid values for the dscp-value are 0 to 63.
Default By default, the system provides the default "DSCP->DSCP" mapping relationship.
Table 99 The "DSCP->DSCP" mapping relationship and its default value
Example Modify the "DSCP->DSCP" mapping relationship according to the following table.
Table 100 The "DSCP->DSCP" mapping relationship
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] qos dscp-dscp-map 0 1 2 3 4 5 6 7 : 1
■ System view
3Com Switch 4200G Family qos dscp-local-precedence-map ● 569
Command Reference
qos dscp-local-precedence-map
Parameters dscp-list Specifies the list of DSCP values. It can include only
one DSCP value or many DSCP values. DSCP values are
separated by space. dscp-list is connected with
local-precedence by the ":" after it to indicate the
mapping relationship between them. Valid values for
the dscp-list are 0 to 63.
local-precedence Specifies the local precedence corresponding to the
DSCP list. Valid values for the local-precedence are 0 to
7.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] qos dscp-local-precedence-map 0 1 2 3 4 5 6 7 : 1
■ System view
3Com Switch 4200G Family qos-profile ● 571
Command Reference
qos-profile
Purpose Use the qos-profile command to create a QoS profile and enter the corresponding
view.
If this profile has existed, use the qos-profile command to enter view of this
profile.
Use the undo qos-profile command to delete a specific QoS profile or all QoS
profiles.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] qos-profile h3c
[S4200G-qos-profile-h3c]
■ System view
Description The switch does not allow your deletion of QoS profiles applied to ports.
572 ● qos-profile port-based 3Com Switch 4200G Family
Command Reference
qos-profile port-based
Parameters None
Example To configure the port-based application mode of QoS profiles on ports, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] qos-profile port-based
Description After the QoS profile function is configured, the switch will apply the QoS profiles
corresponding to you to your access port when you pass the authentication. The
processing procedures of the switches of different application modes are as follows
respectively:
■ User-based mode: If the source information (source MAC, source IP, or source
MAC + source IP) is defined in the traffic rule adopted by the QoS profile, the QoS
profile cannot be applied dynamically successfully. If the source information is not
defined, the switch will create a new traffic rule by adding the source MAC and
source IP information of the user into the former rule, and then apply all the traffic
actions in the QoS profile to the user access port.
■ Port-based mode: The switch will apply all the actions in the QoS profile to the
user access port directly. When the mode is used, all the users with the same
access port must use the same QoS profile.
3Com Switch 4200G Family queue-scheduler ● 573
Command Reference
queue-scheduler
Purpose Use the queue-scheduler command to set the queue-scheduling algorithm and
parameters.
Default By default, all the output queues on the ports of the switch adopt SP
queue-scheduling algorith.
Example To:
■ System view
Description One port of the switch supports 8 output queues. Different queues can adopt
different queue-scheduling algorithms in the switch. You can respectively set the
574 ● queue-scheduler 3Com Switch 4200G Family
Command Reference
1. Each scheduling group is scheduled according to its strict priority, and the
scheduling group with the highest queue priority is scheduled firstly.
2. The scheduling group with the second highest priority is scheduled after the
scheduling group with the highest priority is scheduled.
Note: The 8 output queues are divided into groups in the following principle:
■ The queues in each group must be consecutive. For example, queue3, queue4,
and queue5 are consecutive queues.
■ Each can be allocated to the same queue-scheduling group, while queue3,
queue4, and queue7 cannot be allocated to the same queue-scheduling group.
quit
Purpose Use the quit command to terminate the connection to the remote SSH server.
Syntax quit
Parameters None
<S4200G> quit
■ User view
576 ● quit 3Com Switch 4200G Family
Command Reference
quit
Purpose Use the quit command to terminate the connection to the remote SFTP server and
exit to system view.
Syntax quit
Parameters None
sftp-client> quit
[S4200G]
Description This command has the same function as the bye and exit commands.
3Com Switch 4200G Family quit ● 577
Command Reference
quit
Purpose Use the quit command to terminate FTP control connection and FTP data connection
and quit to user view. This command has the same effect as that of the bye
command.
Syntax quit
Parameters None.
Example Terminate the FTP control connection and FTP data connection and quit to user view.
[ftp] quit
<S4200G>
quit
Purpose Use the quit command to return from current view to lower level view, or exit the
system if current view is user view.
Syntax quit
Parameters None.
<S4200G> system-view
[S4200G] quit
<S4200G>
■ Any view
Description The following lists the three levels of views available (from lower level to higher level):
■ User view
■ System view
■ VLAN view, Ethernet port view, and so on
radius nas-ip
Purpose Use the radius nas-ip command to set the source IP address used by the switch to
send RADIUS packets.
Use the undo radius nas-ip command to restore the default setting.
Default By default, no source IP address is specified, and the IP address of the outbound
interface is used as the source IP address of the packet.
Example To set the source IP address used by the switch to send the RADIUS packets to
129.10.10.1, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius nas-ip 129.10.10.1
■ System view
Description Note:
■ By specifying the source address of the RADIUS packet, you can avoid unreachable
packets as returned from the server upon interface failure. The source address is
normally recommended to be a loopback interface address.
■ This command specifies only one source address; therefore, the newly configured
source address may overwrite the original one.
radius-scheme
Purpose Use the radius-scheme command to specify the RADIUS scheme to be used by the
current ISP domain.
Example To specify the scheme 3Com as the RADIUS scheme to be used by current ISP domain
3Com163.net, enter the following.
Description The RADIUS scheme specified in the radius-scheme command must exist. This
command is equivalent to the scheme radius-scheme command.
radius scheme
Purpose Use the radius scheme command to create a RADIUS scheme and enter its view.
Use the undo radius scheme command to delete the specified RADIUS scheme.
Example To create a RADIUS scheme named radius1 and enter its view, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1]
■ System view
Description Note:
■ A default RADIUS scheme named system has been created in the system. The
attributes of system are all default values.
■ RADIUS protocol configuration is performed on a per-RADIUS-scheme basis. Every
RADIUS scheme shall at least have the specified IP address and UDP port number
of the RADIUS authentication/authorization/accounting server and some necessary
parameters exchanged with the RADIUS client end (Switch). It is necessary to
create the RADIUS scheme and enter its view before performing other RADIUS
protocol configurations.
■ A RADIUS scheme can be used by multiple ISP domains simultaneously. You can
configure up to 16 RADIUS schemes, including the default RADIUS scheme named
as System.
■ Although undo radius scheme can remove a specified RADIUS scheme, the
default one cannot be removed. Note that a scheme currently in use by the online
user cannot be removed.
582 ● radius scheme 3Com Switch 4200G Family
Command Reference
radius trap
Purpose Use the radius trap command to enable the switch to send trap messages when
its RADIUS authentication or accounting server turns down.
Use the undo radius trap command to disable the switch from sending trap
messages when its RADIUS authentication or accounting server turns down.
Example To enable the switch to send trap messages when its RADIUS authentication server
turns down, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G]radius trap authentication-server-down
■ System view
A device considers its RADIUS server as being down if it has tried the configured
maximum times to send packets to the RADIUS server but does not receive any
response.
584 ● reboot 3Com Switch 4200G Family
Command Reference
reboot
Example Directly restart the switch without saving the current configuration.
<S4200G> reboot
This will reboot device. Continue? [Y/N] y
Start to check configuration with next startup configuration file,
please wait......
This command will reboot the device. Current configuration may be lost
in next
startup if you continue. Continue? [Y/N] y
<S4200G>
%Apr 2 00:06:01:148 2000 S4200G DEV/5/DEV_LOG:- 1 -
Switch is rebooted.
Starting......
Description The system will check whether there is any configuration change before it restarts,
and will ask whether you want to proceed or not if there is any change, to prevent
you from losing your original configuration due to forgetting after the restart.
■ User view
3Com Switch 4200G Family reboot member ● 585
Command Reference
reboot member
Purpose Use the reboot member command to reboot a specified member device on the
management device.
<aaa_0.S4200G>system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G]cluster
[aaa_0.S4200G-cluster] reboot member 2
■ Cluster view
Description Communication between the management and member devices may be interrupted
due to some configuration errors. Through the remote control function of member
devices, you can control them remotely on the management device. For example, you
can reboot a member device that operates improperly and specify to delete the
booting configuration file when the member device reboots, and thus restore normal
communication between the management and member devices.
The eraseflash keyword specifies to delete the booting configuration file when the
member device reboots.
586 ● region-name 3Com Switch 4200G Family
Command Reference
region-name
Purpose Use the region-name command to set an MST region name to a switch.
Use the undo region-name command to restore the default MST region name.
undo region-name
Parameters name Specifies the MST region name for a switch with a
string that is 1 to 32 characters in length.
Default The default MST region name of a switch is its MAC address.
Example To set the MST region name of the switch to hello, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp region-configuration
[S4200G-mst-region] region-name hello
Description The MST region name, along with MST region VLAN mapping table and MSTP
revision level, determines the MST region to which a switch belongs.
remote-probe vlan
Purpose Use the remote-probe vlan enable command to enable the remote-probe port
mirror port feature on the VLAN of the switch.
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan 5
[S4200G-vlan5] remote-probe vlan enable
■ VLAN view
Description After setting a VLAN as remote-probe VLAN, you cannot add any more access port to
the VLAN.
588 ● remotehelp 3Com Switch 4200G Family
Command Reference
remotehelp
Purpose Use the remotehelp command to display help information about the FTP protocol
command.
<SW4200G>ftp 1.1.1.1
Trying ...
Press CTRL+K to abort
Connected.
220 FTP service ready.
User(none):hello
331 Password required for hello.
Password:
230 User logged in
[ftp]remotehelp user
214 Syntax: USER <sp> <username>
[ftp]
Description This command works only when the FTP server provides the help information about
FTP protocol commands.
CAUTION:
■ This command is always valid when a S4200G series switch operates as the FTP
server.
■ Common FTP software does not support this command.
remove
Purpose Use the remove command to delete the specified file from the server.
Description This command has the same function as the delete command.
590 ● rename 3Com Switch 4200G Family
Command Reference
rename
Purpose Use the rename command to change the name of the specified file on the SFTP
server.
Example Change the name of file temp1 on the SFTP server to temp2.
rename
Purpose Use the rename command to rename a file or a directory. If the target file name or
directory name is the same with any existing file name or directory name, you will fail
to rename a file.
Parameters fileurl-source Path name or file name of a file in the Flash, comprised
of a string from 1 to 142 characters long.
fileurl-dest Path name or a file name, comprised of a string from 1
to 142 characters long.
■ User view
592 ● rename 3Com Switch 4200G Family
Command Reference
rename
Description If when renaming a file the destination file name conflicts with the name of an
existing file or directory, you will fail to rename the file.
3Com Switch 4200G Family reset arp ● 593
Command Reference
reset arp
Purpose Use the reset arp command to remove information that is no longer required from
the ARP mapping table.
■ User view
Purpose Use the reset counters interface command to clear the statistics of the port,
preparing for a new statistics collection.
■ User view
Description ■ If you specify neither port type nor port number, the command clears statistics of
all ports.
■ If specify only port type, the command clears statistics of all ports of this type.
■ If specify both port type and port number, the command clears statistics of the
specified port
3Com Switch 4200G Family reset dot1x statistics ● 595
Command Reference
Purpose Use the reset dot1x statistics command to clear the statistics of 802.1x.
Parameters interface-list Specifies the Ethernet port list. You can specify
multiple ports by providing this argument in the form:
interface-list = { interface-name
[ to interface-name] & < 1-10 >.
The interface-name is the port index of a port and
can be specified in this form:
interface-name = { interface-type
interface-num }
■ interface-type specifies the type of a port
■ interface-num identifies the port number.
Note that the interface name after the keyword to
must have an interface-num that is greater than or
equal to that of the interface-name before to.
■ &<1-10>means that up to 10 port indexes/port
index lists can be provided.
■ User view
Description Execution of the reset dot1x statistics command clears statistics globally and on all
ports if the interface-list argument is not provided, otherwise only resets statistics on
ports specified by the interface-list argument.
Purpose Use the reset garp statistics command to clear the GARP statistics (such as
the information about the packets received/sent/discarded by GVRP/GMRP) on
specified (or all) ports.
Use the reset garp statistics command without parameters to clear the
GARP statistics on specified (or all) ports.
■ User view
Purpose Use the reset igmp-snooping statistics command to clear the IGMP
Snooping statistics.
Parameters None
■ User view
reset ip statistics
Purpose Use the reset ip statistics command to clear the IP statistics information.
Parameters None
<S4200G>reset ip statistics
■ User view
reset logbuffer
Purpose Use the reset logbuffer command to clear information in the log buffer.
<S4200G>reset logbuffer
■ User view
600 ● reset ndp statistics 3Com Switch 4200G Family
Command Reference
Purpose Use the reset ndp statistics command to reset the NDP counters to clear the
NDP statistics.
Parameters interface port-list Specifies a list of ports connected with the specified
port. A list may contain consecutive or separated ports,
or the combination of consecutive and separated
ports. The argument is expressed as
{interface-type interface-number |
interface-name } [ to { interface-type
interface-number | interface-name } ] }
&<1-10>, where interface-type specifies the
port type, and interface-number specifies the
port number, expressed as slot number/port number.
■ User view
3Com Switch 4200G Family reset radius statistics ● 601
Command Reference
Purpose Use the reset radius statistics command to clear the statistics information
about the RADIUS protocol.
Parameters None
■ User view
reset recycle-bin
Purpose Use the reset recycle-bin command to completely delete file(s) in the recycle
bin in the Flash.
Parameters file-url Path name or file name of a file in the Flash, a string
comprising 1 to 142 characters. This argument
supports the wildcard "*".
/force Gives no prompt for the delete operation.
■ User view
Description The files that are deleted using the delete command are still stored in the recycle
bin. To delete them completely, use the reset recycle-bin command.
3Com Switch 4200G Family reset saved-configuration ● 603
Command Reference
reset saved-configuration
Purpose Use the reset saved-configuration command to delete the configuration file
that is of the specified attribute from the Flash, including the main and backup
configuration files to be used when the switch starts the next startup.
Example Delete the main configuration file to be used for next startup.
■ User view
■ The configuration files in the Flash are not compatible with the system software.
(This may occur after you upgrade the software of the switch.)
■ The network where the switch operates changes. In this case, the existing
configuration files may conflict with the new network. You need to delete the
existing configuration files and configure the switch again.
CAUTION:
■ Use the reset saved-configuration command with caution. You are
recommended to use this command under the guidance of technical support
personnel.
■ Upon powered on, a switch initiates using the default parameters if the Flash
contains no configuration file.
reset stop-accounting-buffer
Parameters radius-scheme
radius-scheme-name Specifies the buffered stop-accounting requests to
delete based on the specified RADIUS scheme.
radius-scheme-name is the name of a RADIUS
scheme. This name is a character string up to 32
characters in length.
session-id session-id Specifies the buffered stop-accounting requests to
delete based on the specified session ID. session-id
is a character string up to 50 characters in length.
time-range start-time
stop-time Specifies the buffered stop-accounting requests to
delete based on the time of the stop-accounting
request. Where, start-time is the start time of the
request period, the stop-time is the end time of the
request period, and both are in the format
hh:mm:ss-mm/dd/yyyy or hh:mm:ss-yyyy/mm/dd.
user-name user-name
user-name user-name Specifies the buffered stop-accounting request packets
to delete based on the specified user name.
user-name is a character string up to 80 characters
in length. The string cannot include the following
characters:
■ /
■ :
■ *
■ ?
■ <
■ >
The @ character can only be used once in one
username. The pure username (the characters before
the @, namely the user ID) cannot exceed 55
characters and the domain name (the characters
behind the @) cannot be longer than 24 characters.
606 ● reset stop-accounting-buffer 3Com Switch 4200G Family
Command Reference
Example To delete the stop-accounting request packets buffered in the system for the user
user0001@aabbcc.net, enter the following:
■ User view
Example By default, after transmitting the stopping accounting requests, if there is no response
from the RADIUS server, the Switch will save the packet in the buffer and retransmit it
several times, which is set through the retry realtime-accounting command.
You can select to delete the packets transmitted to a specified RADIUS server, or
according to the session-id or username, or delete the packets transmitted during the
specified time-range.
reset stp
Purpose Use the reset stp command to clear the STP statistics of specified Ethernet ports.
Parameters interface-list Specifies the Ethernet port list. You can specify
multiple ports by providing this argument in the form:
interface-list = { interface-name
[ to interface-name] & < 1-10 >.
The interface-name is the port index of a port and
can be specified in this form:
interface-name = { interface-type
interface-num }
■ interface-type specifies the type of a port
■ interface-num identifies the port number.
Note that the interface name after the keyword to
must have an interface-num that is greater than or
equal to that of the interface-name before to.
■ &<1-10>means that up to 10 port indexes/port
index lists can be provided.
■ User view
Description The spanning tree statistics include the numbers of the TCN BPDUs, configuration
BPDUs, RST BPDUs, and MST BPDUs sent/received through one or more specified
ports or all ports (note that STP BPDUs and TCN BPDUs are counted only for CISTs.)
This command clears the spanning tree-related statistics on specified ports if you
specify the interface-list argument. If you do not specify the interface-list argument,
this command clears the spanning tree-related statistics on all ports.
Purpose Use the reset tcp statistics command to clear the TCP statistics information.
Parameters None
■ User view
reset traffic-limit
Purpose Use the reset traffic-limit command to clear the statistics of the traffic
policing matching with the specified ACL rules.
Example To clear the statistics of the traffic policing matching with ACL 2000, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] reset traffic-limit inbound ip-group 2000
reset traffic-statistic
Purpose Use the reset traffic-statistic command to clear the traffic statistics of the
packets matching with the specified ACL rules.
Example To clear the traffic statistics of the packets matching with ACL 2000 rules, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] reset traffic-statistic inbound ip-group
2000
reset trapbuffer
Purpose Use the reset trapbuffer command to clear information in the trap buffer.
<S4200G>reset trapbuffer
■ User view
612 ● retry 3Com Switch 4200G Family
Command Reference
retry
Purpose Use the retry command to set the maximum number of transmission attempts of
RADIUS requests.
Use the undo retry command to restore the default maximum number of
transmission attempts.
Parameters retry-times Retry times during a detect operation. Valid values are
1 to 20.
If not specified, the default number of retries is 3.
Example To set the maximum transmission times of RADIUS requests in the RADIUS scheme
radius1 to five, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] retry 5
Description Note:
■ The communication in RADIUS is unreliable because this protocol adopts UDP
packets to carry data. Therefore, it is necessary for the switch to retransmit a
RADIUS request if it gets no response from the RADIUS server after the response
timeout timer expires. If the maximum number of transmission attempts is reached
but the switch still receives no response, the switch considers that the request fails.
■ Appropriately set this maximum number of transmission attempts according to the
network situation can improve the reacting speed of the system.
retry realtime-accounting
Purpose Use the retry realtime-accounting command to set the maximum allowed
number of continuous no-response real-time accounting requests.
Example To allow the switch to continuously send at most 10 real-time accounting requests if it
gets no response for the RADIUS scheme radius1, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] retry realtime-accounting 10
Description Note:
■ Generally, the RADIUS server uses the connection timeout timer to determine
whether a user is online or not. If the RADIUS server receives no real-time
accounting packet for a specified period of time, it will consider that the line or the
switch is in trouble and stop the accounting of the user. To make the switch
cooperate with this feature on the RADIUS server, it is necessary to cut down the
user connection on the switch as soon as possible after the RADIUS server
terminates the charging and connection of the user in the case of unforeseen
trouble. For this purpose, you can limit the number of continuous real-time
no-response accounting requests, and the switch will cut down the user
connection if it sends out the maximum number of real-time accounting requests
but does not receive any response.
■ Suppose that the response timeout time of the RADIUS server is T (three seconds
for example), the real-time accounting interval is t (12 minutes for example), and
the maximum number of continuous no-response real-time accounting requests is
retry-times (five for example). In this case, the switch sends an accounting request
614 ● retry realtime-accounting 3Com Switch 4200G Family
Command Reference
every 12 minutes; if the switch does not receive a response within 3 seconds after
it sends out an accounting request, it re-sends the request; If the switch
continuously sends five accounting requests but does not receive any response, it
considers this real-time accounting a failure. Generally, T x retry-times should be
less than t.
timer realtime-accounting
3Com Switch 4200G Family retry stop-accounting ● 615
Command Reference
retry stop-accounting
Purpose Use the retry stop-accounting command to set the maximum number of
transmission attempts of the stop-accounting requests buffered due to no response.
Use the undo retry stop-accounting command to restore the default maximum
number of transmission attempts of the buffered stop-accounting requests.
Example To indicate that, when stopping accounting request for the server “3Com” in the
RADIUS server group, the Switch will retransmit the packets for up to 1000 times,
enter the following:
To specify that the switch can transmit a buffered stop-accounting request at most
1000 times in RADIUS scheme radius1, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] retry stop-accounting 1000
Description Stop-accounting requests are critical to billing and will eventually affect the charges of
the users; they are important for both the users and the ISP. Therefore, the switch
should do its best to transmit them to the RADIUS accounting server. If the RADIUS
server does not respond to such a request, the switch should first buffer the request
on itself, and then retransmit the request to the RADIUS accounting server until it gets
a response, or the maximum number of transmission attempts is reached (in this case,
it discards the request).
return
Purpose Use the return command to return to user view from any other view.
Syntax return
Parameters None
Example To return to user view from any other view (the example below shows the command
entered from the system view), enter the following.
<S4200G> system-view
[S4200G] return
<S4200G>
revision-level
Purpose Use the revision-level command to set the MSTP revision level for a switch.
Use the undo revision-level command to restore the default revision level.
undo revision-level
Parameters level MSTP revision level for the switch. Valid values are 0 to
65535.
Example To set the MSTP revision level of the MST region to 5, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp region-configuration
[S4200G-mst-region] revision-level 5
Description MSTP revision level, along with MST region name and VLAN mapping table,
determines the MST region to which a switch belongs.
rmdir
Purpose Use the rmdir command to delete the specified directory from the remote SFTP
server.
rmdir
■ User view
Description Because only empty directories can be deleted, you need to delete the files in a
directory before deleting it.
620 ● rmdir 3Com Switch 4200G Family
Command Reference
rmdir
Purpose Use the rmdir command to delete the specified directory from the remote FTP
server.
Example Remove the directory flash:/temp1 on the FTP server. (Assume that the
directory is empty.)
Description You can only use this command to remove directories that are empty.
3Com Switch 4200G Family rmon alarm ● 621
Command Reference
rmon alarm
Purpose Use the rmon alarm command to add an entry to the alarm table.
Use the undo rmon alarm command to delete an entry from this table.
■ System view
Description You can use the rmon alarm command to define an alarm entry so that a specific
alarm event can be triggered under specific circumstances. The act (such as logging
and sending trap messages to NMS) taken after an alarm event occurs is determined
by the corresponding alarm entry.
With an alarm entry is defined in an alarm group, a network device performs the
following operations accordingly:
■ Sample the defined alarm variables (alarm-variable) once in each specified period,
which is specified by the sampling-time argument.
■ Comparing the sampled value with the set threshold and performing the
corresponding operations, as described in “Error! Reference source not found”.
Table 105 Sample value and the corresponding operation
Comparison Operation
The sample value is larger than or equal to the set Triggering the event identified by the
upper threshold (threshold-value1) event-entry1 argument
The sample value is smaller than the set lower threshold Triggering the event identified by the
(threshold-value2) event-entry2 argument
Note:
■ Before adding an alarm entry, you need to use the rmon event command to define
the events to be referenced by the alarm entry.
■ Make sure the node to be monitored exists before executing the rmon alarm
command.
3Com Switch 4200G Family rmon event ● 623
Command Reference
rmon event
Purpose Use the rmon event command to add an entry to the event table.
Use the undo rmon event command to delete an entry from this table.
Example Add the event entry numbered 10 to the event table and configure it to be a log
event.
<S4200G> system-view
[S4200G] rmon event 10 log
■ System view
Description When adding an event entry to an event table, you need to specify the event index.
You need also to specify the corresponding actions, including logging the event,
sending trap messages to the NMS, or both, for the network device to perform
corresponding operation when an alarm referencing the event is triggered.
624 ● rmon history 3Com Switch 4200G Family
Command Reference
rmon history
Purpose Use the rmon history command to add an entry to the history control table.
Use the undo rmon history command to delete an entry from history control table.
Example Create the history entry numbered 1 for Ethernet1/0/1 port, with the table size being
10, the sampling interval being 5 seconds, and the owner being user1.
<S4200G> system-view
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1]rmon history 1 buckets 10 interval 5 owner
user1
Description You can use the rmon history command to sample a specific port. You can also
set the sampling interval and the number of the samples that can be saved. After you
execute this command, the RMON system samples the port periodically and stores the
samples for later retrieval. The sampled information includes utilization, the number
of errors, and total number of packets.
You can use the display rmon history command to display the statistics of the
history control table.
3Com Switch 4200G Family rmon prialarm ● 625
Command Reference
rmon prialarm
Purpose Use the rmon prialarm command to add an entry to the extended RMON alarm
table.
Use the undo rmon prialarm command to delete an entry from the extended RMON
alarm table.
Remove the extended alarm entry numbered 2 from the extended alarm table.
■ System view
Description With an extended alarm entry defined in an extended alarm group, the network
devices perform the following operations accordingly:
■ Sampling the alarm variables referenced in the defined extended alarm expressions
(prialarm-formula) once in each period specified by the sampling-timer argument.
■ Performing operations on sampled values according to the defined extended
alarm expressions (prialarm-formula)
■ Comparing the operation result with the set thresholds and perform
corresponding operations, as described in the following Table.
Table 106 Operation result and corresponding operation
Comparison Operation
The operation result is larger than or equal to the set Triggering the event identified by the
upper threshold (threshold-value1) event-entry1 argument
The operation result is smaller than or equal to the set Triggering the event identified by the
lower threshold (threshold-value2) event-entry2 argument
3Com Switch 4200G Family rmon prialarm ● 627
Command Reference
Note:
■ Before adding an extended alarm entry, you need to use the rmon event
command to define the events to be referenced by the entry.
■ Make sure the node to be monitored exists before executing the rmon event
command.
■ You can define up to 50 extended alarm entries.
628 ● rmon statistics 3Com Switch 4200G Family
Command Reference
rmon statistics
Purpose Use the rmon statistics command to add an entry to the statistic table.
Use the undo rmon statistics command to delete an entry from statistic table.
Example Add the statistics entry numbered 20 to take statistics of GigabitEthernet1/0/1 port.
<S4200G> system-view
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1] rmon statistics 20
Description The RMON statistics management function is used to take statistics of the usage of
the monitored ports and errors occurred to them. The statistics include the number of
the following items: collisions, packet with CRC errors, undersize (or oversize)
packets, broadcast and multicast packets, received packets and bytes.
You can use the display rmon statistics command to display the statistics entries.
Note:
For each port, only one rmon alarm table entry can be created, that is to say, if one
RMON alarm table entry was already created for a given port, creation of another
entry with a different index number for the same port will not succeed.
3Com Switch 4200G Family rsa local-key-pair create ● 629
Command Reference
Purpose Use the rsa local-key-pair create command to generate RSA key pairs,
whose names are in the format of switch name plus _host, for example,
S4200G_host.
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] rsa local-key-pair create
The key name will be: S4200G_Host
The range of public key size is (512 ~ 2048).
NOTES: If the key modulus is greater than 512,
It will take a few minutes.
Input the bits in the modulus[default = 512]:
Generating keys...
...............++++++++++++
...............++++++++++++
.................................++++++++
.......................++++++++
....
■ System view
Description After you use the command, the system prompts you to define the key length.
CAUTION:
■ If you use this command to generate an RSA key provided an old one exits, the
system will prompt you to replace the previous one or not.
For a successful SSH login, you must generate the local RSA key pairs first. You just
need to execute the command once, with no further action required even after the
system is rebooted.
Purpose Use the rsa local-key-pair destroy command to destroy all existing RSA key
pairs at the server end.
Parameters None
Example Destroy all existing RSA key pairs at the server end.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] rsa local-key-pair destroy
% The name for the keys which will be destroyed is S4200G_Host .
% Confirm to destroy these keys? [Y/N]:y
............
■ System view
rsa peer-public-key
Purpose Use the rsa peer-public-key command to enter public key view.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] rsa peer-public-key S4200G002
[S4200G-rsa-public-key]
■ System view
Description You can use this command along with the public-key-code begin command
to configure on the server client public keys, which are generated randomly by the
SSH 2.0-supported client software.
rsa peer-public-key
Purpose Use the rsa peer-public-key command to enter public key view.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] rsa peer-public-key S4200G002
[S4200G-rsa-public-key]
■ System view
Description You can use this command along with the public-key-code begin command
to configure on the client the server public keys, which are generated randomly after
you use the rsa local-key-pair create command.
Use the undo rule command to delete an ACL rule or the attribute information of
an ACL rule.
If the protocol type is TCP or UDP, you can also define the following information:
Table 108 TCP/UDP-specific rule information
If the protocol type is ICMP, you can also define the following information:
Table 109 ICMP-Specific Rule Information
If the protocol type is ICMP, you can also directly input the ICMP message name after
the icmp-type argument. The following table describes some common ICMP
messages.
Table 110 ICMP messages
Example Define a rule to permit packets from hosts in the network segment of 129.9.0.0 to
hosts in the network of 202.38.160.0 and with the port number of 80 to pass.
3Com Switch 4200G Family rule (Advanced ACL) ● 637
Command Reference
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] acl number 3101
[S4200G-acl-adv-3101] rule permit tcp source 129.9.0.0 0.0.255.255
destination 202.38.160.0 0.0.0.255 destination-port eq 80
Description Before you can delete a rule, you must specify the rule ID. If you do not know the rule
ID, you can view it by using the display acl command.
In the case that you specify the rule ID when defining a rule:
■ If the rule corresponding to the specified rule ID already exists, you will edit the
rule, and the modified part in the rule will replace the original content, while other
parts remain unchanged.
■ If the rule corresponding to the specified rule ID does not exists, you will create
and define a new rule.
■ The content of a modified or created rule must not be identical with the content
of any existing rule; otherwise the rule modification or creation will fail, and the
system will prompt that the rule already exists.
If you do not specify a rule ID, you will create and define a new rule, and the system
will assign an ID for the rule automatically.
638 ● rule (Basic ACL) 3Com Switch 4200G Family
Command Reference
Use the undo rule command to delete an ACL rule or the attribute information of
an ACL rule.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] acl number 2000
[S4200G-acl-basic-2000] rule deny source 1.1.1.1 0
Description Use the undo rule command to delete an ACL rule or the attribute information of
an ACL rule.
Before you can delete a rule, you must specify the rule ID. If you do not know the rule
ID, you can view it by using the display acl command.
In the case that you specify the rule ID when defining a rule:
■ If the rule corresponding to the specified rule ID already exists, you will edit the
rule, and the modified part in the rule will replace the original content, while other
parts remain unchanged.
■ If the rule corresponding to the specified rule ID does not exists, you will create
and define a new rule.
■ The content of a modified or created rule must not be identical with the content
of any existing rule; otherwise the rule modification or creation will fail, and the
system will prompt that the rule already exists.
If you do not specify a rule ID, you will create and define a new rule, and the system
will assign an ID for the rule automatically.
640 ● rule comment 3Com Switch 4200G Family
Command Reference
rule comment
Purpose Use the rule comment command to define the comment string for an ACL rule.
Use the undo rule comment command to delete the comment string for an ACL
rule.
Parameters comment text Specifies the comment string for an ACL rule, which
must a string of up to 127 characters.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] acl number 3000
[S4200G-acl-adv-3000] rule 0 comment test
Description Before defining the comment string for an ACL rule, make sure that this ACL rule
exists.
3Com Switch 4200G Family rule (Layer 2 ACL) ● 641
Command Reference
rule-id The Rule ID, which must the ID of an existing ACL rule.
<S4200G> system-view
[S4200G] acl number 4000
[S4200G-acl-ethernetframe-4000] rule deny cos 3
Description Before you can delete a rule, you must specify the rule ID. If you do not know the rule
ID, you can view it by using the display acl command.
In the case that you specify the rule ID when defining a rule:
■ If the rule corresponding to the specified rule ID already exists, you will edit the
rule, and the modified part in the rule will replace the original content, while other
parts remain unchanged.
■ If the rule corresponding to the specified rule ID does not exists, you will create
and define a new rule.
■ The content of a modified or created rule must not be identical with the content
of any existing rule; otherwise the rule modification or creation will fail, and the
system will prompt that the rule already exists.
If you do not specify a rule ID, you will create and define a new rule, and the system
will assign an ID for the rule automatically.
3Com Switch 4200G Family save ● 643
Command Reference
save
Purpose Use the save command to save the current configuration to a configuration file in
the flash memory.
Parameters cfgfile Path name or file name of the configuration file in the
flash memory to which the current configurations will
be saved. Valid values are a character string from 5 to
56 characters long.
safely Safe mode. Saving the current configuration in this
mode is relatively slow, but the configuration file still
remains in the flash without being lost even if the
switch restarts or powers down during the saving.
backup Assigns the backup attribute to the configuration file.
main Assigns the main attribute to the configuration file.
<S4200G>save main
The configuration will be written to the device.
Are you sure?[Y/N]y
Please input the file name(*.cfg)(To leave the existing filename
unchanged press the enter key):123.cfg
■ Any view
Description Executing the save command with neither backup nor main assigns the main
attribute to the file to which the current configurations are saved.
■ If the safely keyword is not used, the system saves the current configurations in
fast mode. This mode is fast, but the configuration file may be lost if the switch
restarts or powers down.
■ If the safely keyword is used, the system saves the current configurations in safe
mode. This mode is relatively slow, but the configuration file still remains in the
flash memory without being lost even if the switch restarts or powers down during
the saving.
The fast mode is recommended under the circumstances with stable power system,
while the safe mode is recommended under the circumstances with bad power
system or in the case of remote maintenance.
■ If the cfgfile argument is not specified, the system saves the current configuration
to the configuration file used in this startup, or saves the current configuration
with the default configuration file name if the default configuration is used in this
startup.
■ To make a switch to adopt the current configuration when it starts the next time,
save the current configuration using the save command before restarting the
switch.
3Com Switch 4200G Family schedule reboot at ● 645
Command Reference
schedule reboot at
Purpose Use the schedule reboot at command to schedule a reboot on the current
switch and set the reboot date and time.
Use the undo schedule reboot command to cancel the scheduled reboot.
Example Suppose the current time is 05:06, schedule a reboot so that the switch reboots at
22:00 on the current day.
■ User view
Description After you execute the schedule reboot at command with a future date specified, the
switch will reboot at the specified time with at most one minute delay.
After you execute the schedule reboot at command without specifying a date, the
switch will:
lReboot at the specified time on the current day if the specified time is later than the
current time.
lReboot at the specified time on the next day if the specified time is earlier than the
current time.
After you execute the command, the system will prompt you to confirm. Enter "Y" or
"y" for your setting to take effect, and your setting will overwrite the old one (if
available).
646 ● schedule reboot at 3Com Switch 4200G Family
Command Reference
If you adjust the system time by the clock command after executing the schedule
reboot at command, the schedule reboot at command will be invalid and the
scheduled reboot will not happen.
Purpose Use the schedule reboot delay command to schedule a reboot on the switch,
and set the reboot waiting delay.
Use the undo schedule reboot command to cancel the scheduled reboot.
Example Suppose the current time is 05:02, schedule a reboot so that the switch reboots after
70 minutes.
■ User view
Description After you execute the schedule reboot at command with a future date specified, the
switch will reboot at the specified time with at most one minute delay.
You can set the reboot waiting delay in two formats: hhh:mm and mmm. The former
is hours:minutes, the latter is the absolute minutes, and both must be less than or
equal to 30×24×60 (that is, 30 days).
After you execute the command, the system will prompt you to confirm. Enter "Y" or
"y" for your setting to take effect. Your setting will overwrite the old one (if
available).
If you adjust the system time by the clock command after executing the schedule
reboot delay command, the schedule reboot delay command will be invalid and the
scheduled reboot will not happen.
Related command: reboot, schedule reboot at, undo schedule reboot, and display
schedule reboot.
648 ● scheme 3Com Switch 4200G Family
Command Reference
scheme
Purpose Use the scheme command to configure the AAA scheme to used by the current ISP
domain.
Use the undo scheme command to restore the default AAA scheme used by the ISP
domain.
Parameters radius-scheme-name Specifies the name of the RADIUS scheme. This name
is a character string from 1 to 32 characters long.
local Specifies to use local authentication.
none Specifies not to perform authentication.
Default By default, the ISP domain uses the local AAA scheme.
Example To specify the RADIUS scheme radius1 as the primary AAA scheme referenced by the
ISP domain aabbcc.net and specify the local scheme as the secondary authentication
scheme, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain aabbcc.net
New Domain added.
[S4200G-isp-aabbcc.net] scheme radius-scheme raduis1 local
Description When the scheme command is used to specify the RADIUS scheme to be referenced
by current ISP domain, the specified RADIUS scheme must has already been
configured.
If you execute the scheme local command, the local scheme is adopted as the primary
scheme. In this case, only local authentication is performed, no RADIUS
authentication is performed. If you execute the scheme none command, no
authentication is performed.
screen-length
Purpose Use the screen-length command to set the number of lines the terminal screen
can contain.
Use the undo screen-length command to revert to the default number of lines.
undo screen-length
Set the number of lines the terminal screen can contain to 20.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] user-interface aux0
[S4200G-ui-aux0] screen-length 20
Description You can use the screen-length 0 command to disable the function to display
information in pages.
3Com Switch 4200G Family secondary accounting ● 651
Command Reference
secondary accounting
Purpose Use the secondary accounting command to set the IP address and port number of
the secondary RADIUS accounting server.
Use the undo secondary accounting command to restore the default IP address and
port number of the secondary RADIUS accounting server.
Default By default, the IP addresses of secondary accounting server is at 0.0.0.0 and the port
number is 1813.
Example To set the IP address and UDP port number of the secondary accounting server of the
RADIUS scheme radius1 to 10.110.1.1 and 1813, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] secondary accounting 10.110.1.1 1813
secondary authentication
Purpose Use the secondary authentication command to set the IP address and port
number of the secondary RADIUS authentication/authorization server.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] secondary authentication 10.110.1.2 1812
security-policy-server
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme S4200G
[S4200G-radius-S4200G] security-policy-server 192.168.0.1
[S4200G-radius-S4200G] display current-configuration
…
radius scheme S4200G
primary authentication 1.1.11.29 1812
secondary authentication 127.0.0.1 1645
Description For each RADIUS scheme, a maximum of eight security policy servers with different IP
addresses can be configured. While users are surfing the Internet, the switch will only
respond to the session control packets sent from the authentication server and the
security policy server.
654 ● self-service-url 3Com Switch 4200G Family
Command Reference
self-service-url
Purpose Use the self-service-url command to either enable or disable the self-service
server location function.
Use the undo self-service-url command to restore the default state of this
function.
undo self-service-url
Parameters url-string Specifies the URL address of the page used to modify
the user password on the self-service server.
url-string is a string that is 1 to 64 characters
long. The string cannot contain the ? character. If the ?
is contained in the URL address, replace it with a |
when inputting the URL address in the command line.
Example Using the default ISP domain system, set the URL of the web page used to modify
user password on the self-service server to
http://10.153.89.94/selfservice/modPasswd1x.jsp|userName, by entering the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain system
[S4200G-isp-system] self-service-url enable
http://10.153.89.94/selfservice/modPasswd1x.jsp|userName
Description Note: 3Com's CAMS Server is a service management system used to manage
networks and secure networks and user information. Cooperating with other
network devices (such as switches) in a network, the CAMS Server accomplishes the
AAA (authentication, authorization and accounting) services and rights management.
After this command is executed on the switch, users can locate the self-service server
through the following operation: choose [change user password] on the 802.1x
3Com Switch 4200G Family self-service-url ● 655
Command Reference
client, the client opens the default browser (for example, IE or NetScape) and locates
the specified URL page used to change user password on the self-service server. Then,
the user can change the password.
A user can choose the [change user password] option on the client only after passing
the authentication. If the user fails the authentication, this option is in grey and is
unavailable.
656 ● send 3Com Switch 4200G Family
Command Reference
send
Purpose Use the send command to send messages to a specified user interface or all user
interfaces.
Example To send a message to all the user interfaces, enter the following:
<S4200G>send all
■ User view
3Com Switch 4200G Family server-type ● 657
Command Reference
server-type
Purpose Use the server-type command to configure the RADIUS server type supported by
the Switch.
Use the undo server-type to restore the RADIUS server type to the default value.
undo server-type
Default By default, the switch supports the standard type of RADIUS server. The type of
RADIUS server in the default RADIUS scheme "system" is 3Com.
Example To set the RADIUS server type in RADIUS scheme radius1 to 3Com, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] server-type 3Com
Description The Switch 4200G supports standard RADIUS protocol and the extended RADIUS
service platform independently developed by 3Com.
service-type
Purpose Use the command service-type to authorize a user access to the specified services.
Use the command undo service-type to inhibit the user for accessing the specified
services.
Default By default, the user is inhibited from accessing any type of service.
Example To authorize user1 to access the Telnet service, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] local-user user1
New local user added.
[S4200G-luser-user1] service-type telnet
■ 0 - Visit level. Users at this level have access to network diagnosis tools (such as
ping and tracert), and the Telnet commands. A user at this level cannot save the
configuration file.
■ 1 - Monitoring level. Users at this level can perform system maintenance, service
fault diagnosis, and so on. A user at this level cannot save the configuration file.
■ 2 - System level. Users at this level can perform service configuration operations,
including routing, and can enter commands that affect each network layer.
Configuration level commands are used to provide direct network service to the
user.
■ 3 - Management level. Users at this level can perform basic system operations, and
can use file system commands, FTP commands, TFTP commands, XModem
downloading commands, user management commands and level setting
commands.
660 ● service-type 3Com Switch 4200G Family
Command Reference
service-type
Purpose Use the service-type command to specify the login type and the corresponding
available command level.
Example Configure commands of level 0 are available to the users logging in using the user
name of “zbr”.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] local-user zbr
[S4200G-luser-zbr] service-type telnet level 0
To verify the above configuration, you can quit the system, log in again using the user
name of “zbr”, and then list the available commands, as listed in the following.
[S4200G] quit
<S4200G> ?
User view commands:
cluster Run cluster command
language-mode Specify the language environment
ping Ping function
quit Exit from current command view
super Privilege specified user priority level
telnet Establish one TELNET connection
tracert Trace route function
undo Negate a command or set its default
3Com Switch 4200G Family service-type ● 661
Command Reference
Description Commands fall into four command levels: access, monitor, system, and
administration, which are described as follows:
■ Access level: Commands of this level are used to diagnose network and change
the language mode of user interface, such as the ping, tracert, and
language-mode command. The Telnet command is also of this level.
Commands of this level cannot be saved in configuration files.
■ Monitor level: Commands of this level are used to maintain the system, to debug
service problems, and so on. The display and debugging command are of
monitor level. Commands of this level cannot be saved in configuration files.
■ System level: Commands of this level are used to configure services. Commands
concerning routing and network layers are of system level. You can utilize network
services by using these commands.
■ Administration level: Commands of this level are for the operation of the entire
system and the system supporting modules. Services are supported by these
commands. Commands concerning file system, file transfer protocol (FTP), trivial
file transfer protocol (TFTP), downloading using XModem, user management, and
level setting are of administration level.
662 ● service-type multicast 3Com Switch 4200G Family
Command Reference
service-type multicast
Purpose Use the service-type multicast command to set the current VLAN as a
multicast VLAN.
Parameters None
<S4200G> system-view
[S4200G] vlan 2
[S4200G-vlan2] service-type multicast
■ VLAN view
Description By configuring a multicast VLAN, adding corresponding switch ports to the multicast
VLAN and enabling IGMP Snooping, you can make users in different VLANs share the
same multicast VLAN. This saves bandwidth since multicast stream is transmitted only
within the multicast VLAN, and also guarantees the security because the multicast
VLAN is completely isolated from the user VLANs.
3Com Switch 4200G Family set authentication password ● 663
Command Reference
Purpose Use the set authentication password command to set the local password.
Use the undo set authentication password command to remove the local
password.
Default By default, a password is required for users connecting over Modem or Telnet. If a
password has not been set, the following prompt is displayed: Login password has
not been set!
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]user-interface vty 0
[S4200G-ui-vty0]set authentication password simple 3com
Description The password in plain text is required when performing authentication, regardless of
whether the configuration is plain text or cipher text.
664 ● sftp 3Com Switch 4200G Family
Command Reference
sftp
Purpose Use the sftp command to establish a connection to the SFTP server and enter SFTP
client view.
Example Establish a connection to the SFTP server with IP address 10.1.1.2 and use the default
encryption algorithms.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] sftp 10.1.1.2
3Com Switch 4200G Family sftp ● 665
Command Reference
■ System view
666 ● sftp server enable 3Com Switch 4200G Family
Command Reference
Purpose Use the sftp server enable command to enable the secure FTP (SFTP) server.
Use the undo sftp server enable command to disable the SFTP server.
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] sftp server enable
■ System view
3Com Switch 4200G Family sftp time-out ● 667
Command Reference
sftp time-out
Purpose Use the sftp time-out command to set the timeout time for the SFTP user
connection.
Use the undo sftp time-out command to restore the default timeout time.
Example Set the timeout time for the SFTP user connection to 500 minutes.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] sftp timeout 500
■ System view
Description After you set the timeout time for the SFTP user connection, the system will
automatically release the connection when the time is up.
668 ● shell 3Com Switch 4200G Family
Command Reference
shell
Purpose Use the shell command to make terminal services available for the user interface.
Use the undo shell command to make terminal services unavailable to the user
interface.
Syntax shell
undo shell
Parameters None
Example Log into user interface 0 and make terminal services unavailable in VTY 0 through
VTY 4.
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]user-interface vty 0 4
[S4200G-ui-vty0-4]undo shell
Description When using the undo shell command, note the following points.
■ For reasons of security, the undo shell command can only be used on user
interfaces other than the AUX user interface. The AUX port (also the Console) is
exclusively used for configuring the switch.
■ You cannot use this command on the current user interface.
■ This command prompts for confirmation when being executed in any valid user
interface.
3Com Switch 4200G Family shutdown ● 669
Command Reference
shutdown
Syntax shutdown
undo shutdown
Parameters None
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1]undo shutdown
shutdown
Syntax shutdown
undo shutdown
Parameters None
Default By default, a management VLAN interface is down if all the Ethernet ports in the
management VLAN are down, and the management VLAN interface is up if one or
more Ethernet ports in the management VLAN are up.
Example Bring up the management VLAN interface. (Assume that VLAN 1 is the management
VLAN.)
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface vlan-interface 1
[S4200G-Vlan-interface1] undo shutdown
Description This command can be used to start the interface after the related parameters and
protocols of VLAN interface are set. Or when the VLAN interface fails, the interface
can be shut down first and then restarted, in this way, the interface may be restored
to normal status. Shutting down or starting VLAN interface will not take any effect on
any Ethernet port of this VLAN.
3Com Switch 4200G Family smarton ● 671
Command Reference
smarton
Purpose Use the smarton command to enable the SmartOn function for an Ethernet port
with supplicant systems attached.
Syntax smarton
undo smarton
Parameters None
<S4200G> system-view
To enable 802.1x authentication and the SmartOn function, enter the following:
[S4200G-GigabitEthernet1/0/2] dot1x
802.1X is enabled on port GigabitEthernet1/0/2
Description Caution: When executing the smarton command, make sure 802.1x authentication
is enabled on the port.
672 ● smarton password 3Com Switch 4200G Family
Command Reference
smarton password
Purpose Use the smarton password command to set the password to be used by the
SmartOn function.
Use the undo smarton password command to revert to the default password.
<S4200G> system-view
To set the password to be used by the SmartOn function to Test, enter the following:
■ System view
3Com Switch 4200G Family smarton switchid ● 673
Command Reference
smarton switchid
Purpose Use the smarton switchid command to set the switch ID.
Use the undo smarton switchid command to revert to the default switch ID.
Example To enter system view and set the switch ID to Switch, enter the following:
<S4200G> system-view
[S4200G] smarton switchid Switch
■ System view
674 ● smarton timer 3Com Switch 4200G Family
Command Reference
smarton timer
Purpose Use the smarton timer command to set the supplicant timeout timer for
SmartOn-enabled supplicant systems.
Use the undo smarton timer command to revert to the default supplicant timeout
timer setting.
Example To enter system view and set the supplicant timeout timer to 50 seconds, enter the
following:
<S4200G> system-view
[S4200G] smarton timer supp-timeout 50
■ System view
3Com Switch 4200G Family snmp-agent ● 675
Command Reference
snmp-agent
Syntax snmp-agent
undo snmp-agent
Parameters None
■ System view
snmp-agent community
Purpose Use the snmp-agent community command to set a community name and to enable
users to access the switch through SNMP. You can also optionally use this command
to apply an ACL to filter network management users.
Example Set the community name to "3Com", enable users to access the switch in the name
of the community (with read-only permission), and apply ACL 2,000 to filter network
management users (assuming that ACL 2000 already exists.).
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] snmp-agent community read 3Com acl 2000
■ System view
3Com Switch 4200G Family snmp-agent community ● 677
Command Reference
snmp-agent community
Purpose Use the snmp-agent community command to set the community access name and
enable access to SNMP.
Parameters read Indicates that MIB object can only be read. Only the
read-only community can query device information.
write Indicates that MIB object can be read and written. The
read-write community can configure the device.
community-name The community name, a character string of 1 to 32
characters.
view-name The MIB view name, a character string of 1 to 32
characters.
acl acl-list The basic access control list (ACL) number specified by
the community, ranging from 2,000 to 2,999.
Example Configure community name as comaccess and permit read-only access by this
community name.
<S4200G> system-view
[S4200G] snmp-agent community read comaccess
■ System view
678 ● snmp-agent group 3Com Switch 4200G Family
Command Reference
snmp-agent group
Purpose Use the snmp-agent group command to configure a SNMP group. You can also
optionally use this command to apply an ACL to filter network management users.
Use the undo snmp-agent group command to delete a specified SNMP group.
Example Create a SNMP group named "3Com" and apply ACL 2001 to filter network
management users (assuming that ACL 2001 already exists).
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] snmp-agent group v1 3Com acl 2001
3Com Switch 4200G Family snmp-agent group ● 679
Command Reference
■ System view
Description 3Com recommends that you do not use the notify-view parameter when
configuring an SNMP group, for the following reasons:
snmp-agent group
Purpose Use the snmp-agent group command to configure a new SNMP group, that is, to
map SNMP user to SNMP view.
Use the undo snmp-agent group command to cancel a specified SNMP group.
<S4200G> system-view
3Com Switch 4200G Family snmp-agent group ● 681
Command Reference
System view
Description 3Com recommends that you do not use the notify-view parameter when
configuring an SNMP group, for the following reasons:
snmp-agent local-engineid
Purpose Use the snmp-agent local-engineid command to set the engine ID of the local
SNMP entity.
Use the undo snmp-agent local-engineid command to restore the default setting
of engine ID.
<S4200G> system-view
[S4200G] snmp-agent local-engineid 123456789A
■ System view
Description By default, the device engine ID is "Enterprise Number + device information". Device
information is determined according to different products. It can be IP address, MAC
address or user-defined hexadecimal numeral string.
snmp-agent log
Purpose Use the snmp-agent log command to enable the logging function for network
management.
Use the undo snmp-agent log command to disable the logging function.
Example Enable the logging function for both the get and the set operations.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] snmp-agent log all
■ System view
Description You can use the display logbuffer command to display logging information for the get
and the set operations sent from network management station (NMS).
■ In a network that contains no fabric, you can use the display logbuffer
command to view the logs of the get and set operations performed by the
network administrator.
■ As for a fabric, you can execute the display logbuffer command on the
master device to view the logs of the set operations performed by the network
administrator, and execute the display logbuffer command on the devices
to which the get operations are performed to view the logs of corresponding get
operations.
684 ● snmp-agent mib-view 3Com Switch 4200G Family
Command Reference
snmp-agent mib-view
Purpose Use the snmp-agent mib-view command to create or update the view information,
limiting the MIB objects to be accessed by the NMS.
Use the undo snmp-agent mib-view command to cancel the current setting.
<S4200G> system-view
[S4200G] snmp-agent mib-view included mib2 1.3.6.1
■ System view
Purpose Use the snmp-agent packet max-size command to set the maximum size of SNMP
packet that the Agent can send/receive.
Use the undo snmp-agent packet max-size command to restore the default size of
SNMP packet.
Example Set the maximum size of SNMP packet that the Agent can send/receive to 1,042
bytes.
<S4200G> system-view
[S4200G] snmp-agent packet max-size 1042
■ System view
Description The sizes of the SNMP packets received/sent by the Agent are different in different
network environments.
686 ● snmp-agent sys-info 3Com Switch 4200G Family
Command Reference
snmp-agent sys-info
Purpose Use the snmp-agent sys-info command to configure system information such as
geographical location of the device, contact information for system maintenance and
version information of running SNMP.
Use the undo snmp-agent sys-info location command to restore the default
value.
Example Set contact information for system maintenance as Dial System Operator # 1234.
<S4200G> system-view
[S4200G] snmp-agent sys-info contact Dial System Operator # 1234
■ System view
snmp-agent target-host
Use the undo snmp-agent target-host command to cancel the host currently
configured to receive SNMP notification.
Example Enable sending SNMP Trap packets to 10.1.1.1 with community name public.
<S4200G> system-view
[S4200G] snmp-agent trap enable standard
[S4200G] snmp-agent target-host trap address udp-domain 10.1.1.1 params
securityname public
688 ● snmp-agent target-host 3Com Switch 4200G Family
Command Reference
Description The snmp-agent target-host command and the snmp-agent trap enable or enable
snmp trap updown command must be used at the same time on the device to send
Trap packets.
■ Use the snmp-agent trap enable or enable snmp trap updown command to set
Trap packets allowed to send (all Trap packets can be sent by default).
■ Use the snmp-agent target-host command to set the address of the destination
host receiving SNMP Trap packets.
■ System view
Purpose Use the snmp-agent trap enable command to enable the device to send Trap
packets.
Use the undo snmp-agent trap enable command to disable Trap package sending.
Example Enable to send the Trap packet of SNMP authentication failure to 10.1.1.1. The
community name is public.
<S4200G> system-view
[S4200G] snmp-agent trap enable authentication
[S4200G] snmp-agent target-host trap address udp-domain 10.1.1.1 params
securityname public
■ System view
690 ● snmp-agent trap enable 3Com Switch 4200G Family
Command Reference
Purpose Use the snmp-agent trap life command to set aging time for Trap packets.
Use the undo snmp-agent trap life command to restore the default aging time for
Trap packets.
Parameters seconds Specifies the timeouts (in seconds). Valid values are 1
to 2,592,000.
If not specified, the default timeout interval is 120
seconds.
<S4200G>system-view
<S4200G> system-view
[S4200G] snmp-agent trap life 60
■ System view
Description The Trap packets exceeding the aging time are discarded.
Purpose Use the snmp-agent trap queue-size command to configure the information
queue length of a Trap packet sent to the destination host.
Use the undo snmp-agent trap queue-size command to restore the default value.
<S4200G> system-view
[S4200G] snmp-agent trap queue-size 200
■ System view
Purpose Use the snmp-agent trap source command to configure the source address for
sending Trap messages.
Use the undo snmp-agent trap source command to cancel the source address for
sending Trap messages.
Example Configure the IP address of the VLAN interface 1 as the source address for
transmitting the Trap packets.
<S4200G> system-view
[S4200G] snmp-agent trap source Vlan-interface 1
■ System view
Description The SNMP Trap message sent from a server has a source IP address no matter which
interface the Trap message is sent from.
You can configure this command to trace a specific event using the source address of
a Trap packet
Note: Before setting the IP address of an interface address as the source address of
the sent Trap packet, you must configure an IP address for the interface.
694 ● snmp-agent usm-user 3Com Switch 4200G Family
Command Reference
snmp-agent usm-user
Purpose Use the snmp-agent usm-user command to add a new community name or, if you
use the V3 parameter, a new user to an SNMP group.
Use the undo snmp-agent usm-user command to delete a user from an SNMP
group.
Example To add a user named “JohnQ” to the SNMP group “3Com”, then configure the use
of MD5, and set the authentication password to “pass”, enter the following:
<SW4200G>system-view
System View: return to User View with Ctrl+Z.
[SW4200G]snmp-agent usm-user v3 JohnQ 3Com authentication-mode md5 pass
[SW4200G]
■ System view
Description Note:
■ SNMP engineID (for authentication) is required when configuring remote users.
This command will not be effective if engineID is not configured.
■ For V1 and V2C, this command will add a new community name. For V3, it will
add a new user for an SNMP group. See Related Commands below.
snmp-agent usm-user
Purpose Use the snmp-agent usm-user command to add a new user to an SNMP group. You
can also optionally use this command to apply an ACL to filter network management
users.
Use the undo snmp-agent usm-user command to remove the user from the
corresponding SNMP group. The operation also frees the user from the corresponding
ACL-related configuration.
Example Add the user named "3Com" to the SNMP group named "3Comgroup", specifying
to authenticate the user, specifying the authentication protocol to be
HMAC-MD5-96, the authentication password to be "S4200G", and applying ACL
2002 to filter network management users (assuming that ACL 2002 already exists).
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] snmp-agent usm-user v3 3Com 3Comgroup authentication-mode md5
S4200G acl 2002
■ System view
698 ● snmp-agent usm-user 3Com Switch 4200G Family
Command Reference
snmp-agent usm-user
Purpose Use the snmp-agent usm-user command to add a new user to an SNMP group.
Use the undo snmp-agent usm-user command to remove the user from the related
SNMP group.
Example Add a user John to SNMP group Johngroup. Configure to authenticate using
HMAC-MD5-96 algorithm, require authentication and set authentication password as
hello.
<S4200G> system-view
[S4200G] snmp-agent group v3 Johngroup
[S4200G] snmp-agent usm-user v3 John Johngroup authentication-mode md5
hello
■ System view
Description The snmp-agent usm-user command is used to delete the stopping accounting
requests from the Switch buffer.
While using SNMPV3, SNMP engineID (for authentication) is required when you
configure a remote user for an agent. If you change engineID after configuring a user,
the user corresponding to the original engineID is not effective.
For V1 and V2C, this command will add a new community name. For V3, it will add a
new user for an SNMP group.
snmp-agent usm-user
Purpose Use the snmp-agent usm-user command to add a new community name or, if you
use the V3 parameter, a new user to an SNMP group.
Use the undo snmp-agent usm-user command to delete a user from an SNMP
group.
Example To add a user named “JohnQ” to the SNMP group “3Com”, then configure the use
of MD5, and set the authentication password to “pass”, enter the following:
<SW4200G>system-view
System View: return to User View with Ctrl+Z.
[SW4200G]snmp-agent usm-user v3 JohnQ 3Com authentication-mode md5 pass
[SW4200G]
■ System view
Description Note:
■ SNMP engineID (for authentication) is required when configuring remote users.
This command will not be effective if engineID is not configured.
■ For V1 and V2C, this command will add a new community name. For V3, it will
add a new user for an SNMP group. See Related Commands below.
snmp-host
Purpose Use the snmp-host command to configure an SNMP host for the member devices
inside a cluster on the management device.
Use the undo snmp-host command to cancel the SNMP host configuration.
undo snmp-host
Parameters ip-address IP address of the SNMP host configured for the cluster.
Example Configure an SNMP host for the cluster on the management device.
<aaa_0.S4200G>system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G]cluster
[aaa_0.S4200G-cluster] snmp-host 1.0.0.9
■ Cluster view
Description Only after you configure the IP address of the network management site for the
cluster, cluster members can send the trap information to the site through the
management device.
speed
Purpose Use the speed command to set the transmission speed of the user interface.
Use the undo speed command to revert to the default transmission speed.
undo speed
Example To configure the transmission speed on the AUX (Console) port as 9600 b/s, enter the
following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]user-interface aux 0
[S4200G-ui-aux0]speed 9600
Description Note: The speed and undo speed commands can only be performed in AUX User
Interface view
704 ● speed 3Com Switch 4200G Family
Command Reference
speed
Use the undo speed command to restore the default port rate.
undo speed
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface GigabitEthernet 1/0/1
[S4200G-Ethernet1/0/1]speed 10
Description Note: The speed and undo speed commands cannot be configured on a combo
port.
Purpose Use the ssh client assign rsa-key command to specify on the client the
public key for the server to be connected to guarantee the client can be connected to
a reliable server.
Use the undo ssh client assign rsa-key command to remove the
association between the public keys and servers.
Example Specify on the client the public key of the server (with IP address 192.168.0.1) as abc.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ssh client 192.168.0.1 assign rsa-key abc
■ System view
706 ● ssh client first-time enable 3Com Switch 4200G Family
Command Reference
Purpose Use the ssh client first-time enable command to configure the client to
run the initial authentication.
Use the undo ssh client first-time command to remove the configuration.
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ssh client first-time enable
■ System view
Description In the initial authentication, if the SSH client does not have the public key for the
server which it accesses for the first time, the client continues to access the server and
save locally the public key of the server. Then at the next access, the client can
authenticate the server with the public key saved locally.
When the initial authentication function is not available, the client does not access
the server if it does not have the public key of the server locally. In this case, you need
first to save the public key of the target server to the client in other ways.
3Com Switch 4200G Family ssh server authentication-retries ● 707
Command Reference
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ssh server authentication-retries 4
■ System view
Description Note: If you have used the ssh user authentication-type command to configure the
authentication type to password-publickey, you must set the authentication retry
times to a number greater than or equal to 2, for one is counted when a client sends
a public key to the server.
Purpose Use the ssh server timeout command to set authentication timeout time for
SSH connections.
Use the undo ssh server timeout command to restore the default timeout
time. The default value takes effect at next login.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ssh server timeout 80
■ System view
Purpose Use the ssh user assign rsa-key command to allocate public keys to SSH
users.
Use the undo ssh user assign rsa-key command to remove the association
between the public keys and SSH users. The configuration takes effect at the next
login.
Example Set the client public key for the zhangsan user to key1.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ssh user zhangsan assign rsa-key key1
[S4200G]
■ System view
Description If the user already has a public key, the new public key overrides the old one.
Purpose Use the ssh user authentication-type command to define on the server the
available authentication type for an SSH user.
■ SSHv1 client users can access the switch as long as they pass one of the two
authentications.
■ SSHv2 client users can access the switch only when they pass both the
authentications.
all Specifies the authentication type as either password or
RSA public key. That is, the user can pass the
authentication if either the password or RSA public key
is correct.
Default By default, no authentication type is specified for new users, so they cannot access
the switch.
New users must specify authentication type. Otherwise, they cannot access the
switch. The new authentication type configured takes effect at the next login.
Example Set the authentication type for the zhangsan user as password.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ssh user zhangsan authentication-type password
■ System view
Description This command defines available authentication type on the server. The actual
authentication type, however, is determined by the client.
Purpose Use the ssh user service-type command to specify service type for a user.
Use the undo ssh user service-type command to restore the default service
type for the SSH user in the system.
Parameters username Local user name or the user name defined on the
remote RADIUS server, consisting of a string from 1 to
80 characters long.
stelnet Sets the service type to Telnet.
If no service type is specified, Telnet is used as the
default.
sftp Sets the service type to SFTP.
all Includes Telnet and SFTP two services types.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] ssh user zhangsan service-type sftp
■ System view
ssh2
Purpose Use the ssh2 command to enable the connection between SSH client and server,
define key exchange algorithm preference, encryption algorithm preference and
HMAC algorithm preference on the server and client.
Example Log into the SSH 2.0 server with IP address 10.214.50.51 and make these settings:
■ System view
3Com Switch 4200G Family startup bootrom-access enable ● 715
Command Reference
Use the undo startup bootrom-access enable to disable the user from
entering the main Boot Menu with customized password.
Parameters None
Default By default, the user is disabled from entering the main Boot Menu with customized
password.
Example Specify to prompt for the customized password before entering the BOOT menu.
■ User view
Related Command You can use the display startup command to check the executing results of the
above commands.
716 ● startup saved-configuration 3Com Switch 4200G Family
Command Reference
startup saved-configuration
CAUTION: To make a switch to start without loading the configuration file, do not
execute the save command after executing the undo startup
saved-configuration command.
Example Configure the file named vrpcfg.cfg to be the main configuration file for the switch to
start the next time.
■ User view
state
Purpose Use the state command to configure the state of the current ISP domain/current
user.
In ISP Domain view or Local User view, use the state command to configure the
state of the current ISP domain/current user.
In RADIUS view, use the state command to set the status of a RADIUS server.
In RADIUS view:
Default In ISP Domain view or Local User view, an ISP domain and the local user are in the
active state upon creation.
718 ● state 3Com Switch 4200G Family
Command Reference
In RADIUS view, all the RADIUS servers in a user-defined RADIUS scheme are in the
active state; and the RADIUS servers in the default RADIUS scheme "system" are in
the block state.
Example In ISP Domain view or Local User view to set the ISP domain aabbcc.net to the block
state, so that all its offline users cannot access the network, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] domain aabbcc.net
New Domain added.
[S4200G-isp-aabbcc.net] state block
In ISP Domain view or Local User view to set user1 to the block state.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] local-user user1
[S4200G-user-user1] state block
In RADIUS view to set the timeout time of the response timeout timer for the RADIUS
scheme radius1 to 5 seconds, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] timer 5
■ After an ISP domain is set to the block state, except the online users, the users
under this domain are not allowed to access the network.
■ After the local user is set to the block state, the user is not allowed to access the
network.
■ If the switch gets no response from the RADIUS server after sending out a RADIUS
request (authentication/authorization request or accounting request) and waiting
for a time, it should retransmit the packet to ensure that the user can obtain the
RADIUS service. This wait time is called response timeout time of RADIUS server;
and the timer in the switch system that is used to control this time is called the
response timeout timer of RADIUS server. You can use the timer command to set
the timeout time of this timer.
■ Appropriately setting the timeout time of this timer according to the network
situation can improve the performance of the system.
3Com Switch 4200G Family state ● 719
Command Reference
■ The timer command has the same effect with the timer response-timeout
command.
■ domain
■ radius scheme
■ retry
720 ● state 3Com Switch 4200G Family
Command Reference
state
Purpose Use the state command to configure the state of RADIUS server.
Default By default, as for the newly created RADIUS scheme, the primary and secondary
accounting/authentication servers are in the state of block; as for the "system"
RADIUS scheme created by the system, the primary accounting/authentication servers
are in the state of active, and the secondary accounting/authentication servers are in
the state of block.
Example To set the second authentication server of RADIUS scheme, “3Com”, to be active,
enter the following:
<SW4200G>system-view
System View: return to User View with Ctrl+Z.
[SW4200G]radius scheme 3Com
[SW4200G-radius-3Com]state secondary authentication active
Description For the primary and second servers (no matter an authentication/authorization or an
accounting server), if the primary server is disconnected to NAS for some fault, NAS
will automatically turn to exchange packets with the second server. However, after
the primary one recovers, NAS will not resume the communication with it at once,
instead, it continues communicating with the second one. When the second one fails
to communicate, NAS will turn to the primary one again. This command is used to set
3Com Switch 4200G Family state ● 721
Command Reference
the primary server to be active manually, in order that NAS can communicate with it
right after the troubleshooting.
When the primary and second servers are all active or block, NAS will send the
packets to the primary server only.
stop-accounting-buffer enable
Purpose Use the stop-accounting-buffer enable command to enable the switch to buffer
the stop-accounting requests that bring no response.
Parameters None
Default By default, the switch is enabled to buffer the stop-accounting requests that bring no
response.
Example To enable the switch to buffer the stop-accounting requests that bring no response
from the servers in RADIUS scheme radius1, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] stop-accounting-buffer enable
Description Stop-accounting requests are critical to billing and will eventually affect the charges;
they are important for both the users and the ISP. Therefore, the switch should do its
best to transmit them to the RADIUS server. If the RADIUS accounting server does not
respond to such a request, the switch should first buffer the request on itself, and
then retransmit the request to the RADIUS accounting server until it gets a response,
or the maximum number of transmission attempts is reached (in this case, it discards
the request).
stopbits
Purpose Use the stopbits command to set the stop bits of the user interface.
Use the undo stopbits command to revert to the default stop bits.
undo stopbits
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]user-interface aux 0
[S4200G-ui-aux0]stopbits 2
Description This command can only be performed in AUX User Interface view.
724 ● stp 3Com Switch 4200G Family
Command Reference
stp
Purpose Use the stp command to enable or disable MSTP globally or for a port.
Use the undo stp command to restore the default MSTP status globally or for a
port.
undo stp
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp enable
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet 1/0/1
[S4200G-GigabitEthernet1/0/1] stp disable
■ System view
■ Ethernet Port view
Description With MSTP enable, a switch determines whether to operate in STP mode, RSTP mode,
or MSTP mode according to your configuration. A switch becomes a transparent
bridge if you disable MSTP.
With MSTP enabled, a switch dynamically maintains the status of spanning trees by
processing BPDUs of the corresponding VLANs. After MSTP is disabled, the switch
stops doing so.
stp bpdu-protection
Purpose Use the stp bpdu-protection command to enable the BPDU protection
function.
Use the undo stp bpdu-protection command to restore the default operation
mode of the BPDU protection function,
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp bpdu-protection
■ System view
Description Normally, access ports of access layer devices have terminals (such as PCs) or file
servers directly connected to them. These ports are usually configured to be edge
ports to achieve rapid transition. When they receive BPDUs, however, they are set as
non-edge ports automatically, which causes MSTP to recalculate the spanning trees,
resulting in network topology jitters.
In normal cases, edge ports are free of BPDUs. But malicious users may attack the
switches by sending forged BPDUs to the edge ports to create network jitters. You
can prevent this type of attack by utilizing the BPDU protection function. With this
function enabled on a switch, once an edge port receives a BPDU, the system
automatically shut it down and notifies the network administrator of the situation.
Only the administrator can restore edge ports that are shut down.
CAUTION:
As 1000 Mbps ports of a 3Com Switch 4200G Family switch cannot be shut down,
the BPDU protection function is not applicable to these ports even you enable the
BPDU protection function and specify these ports to be MSTP edge ports.
726 ● stp bridge-diameter 3Com Switch 4200G Family
Command Reference
stp bridge-diameter
Purpose Use the stp bridge-diameter command to set the network diameter of a
switched network, which is represented in terms of the maximum number of switches
between any two terminals in a switched network.
Use the undo stp bridge-diameter command to restore the default network
diameter.
Parameters bridgenum Sets the network diameter for the switched network.
Valid values are 2 to 7.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp bridge-diameter 5
■ System view
Description An MSTP-enabled switch adjusts its Hello time, Forward delay, and Max age settings
accordingly after you configure the network diameter on the switch. With the
network diameter set to 7 (the default), the three time settings are set to their
defaults as well.
The stp bridge-diameter command applies to CISTs only; it is invalid for MSTIs.
stp config-digest-snooping
Parameters None
Example To enable the digest snooping feature for GigabitEthernet1/0/1 port, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] stp config-digest-snooping
[S4200G-GigabitEthernet1/0/1] quit
[S4200G]stp config-digest-snooping
Description According to IEEE 802.1s, two connected switches can interwork with each other
through MSTIs in an MST region only when the two switches have the same MST
region-related configuration. With MSTP employed, interconnected switches
determine whether or not they are in the same MST region by checking the
configuration IDs of the BPDUs between them. (A configuration ID contains
information such as region ID and configuration digest.)
As some partners' switches adopt proprietary spanning tree protocols, they cannot
interwork with other switches in an MST region even if they are configured with the
same MST region-related settings as other switches in the MST region.
This kind of problems can be overcome by implementing the digest snooping feature.
If a switch port is connected to a partner's switch that has the same MST
region-related settings but adopts a proprietary spanning tree protocol, you can
enable digest snooping on the port. Then the switch regards the peer switch
connected to the port as in the same region and records the configuration digests
carried in the BPDUs received from the switch, which will be put in the BPDUs to be
728 ● stp config-digest-snooping 3Com Switch 4200G Family
Command Reference
send to the peer switch.. In this way, the switch can interwork with the partners'
switches in an MST region.
Note:
■ The digest snooping feature is needed only when your S5100-EI series switch is
connected to partner's proprietary protocol-adopted switches.
■ To enable the digest snooping feature successfully, you must first enable it on all
the switch ports that connect to partner's proprietary protocol-adopted switches
and then enable it globally.
■ To enable the digest snooping feature, the interconnected switches must be
configured with exactly the same MST settings.
■ The digest snooping feature must be enabled on all the switch ports that connect
to partners' proprietary protocol-adopted switches in the same MST region..
■ To change MST region-related configuration, be sure to disable the digest
snooping feature first to prevent possible broadcast storms.
3Com Switch 4200G Family stp cost ● 729
Command Reference
stp cost
Purpose Use the stp cost command to set the path cost of a port in a spanning tree
instance.
Default By default, a switch automatically calculates the path costs of a port in different
spanning tree instances based on a specified standard.
Example To set the path cost of GigabitEthernet1/0/3 port in spanning tree instance 2 to 200.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/3
[S4200G-GigabitEthernet1/0/3] stp instance 2 cost 200
Description The path cost of a port affects the role of the port. By configuring the same ports to
have different path costs in different MSTIs, you can enable flows of different VLANs
to travel along different physical links, implementing VLAN-based load balancing.
Path cost changes for ports of an MSTP-enabled switch can cause MSTP to
redetermine the roles of the ports and to perform state transitions.
stp edged-port
Purpose Use the stp edged-port command to configure the current Ethernet port as
either an edge port or a non-edge port.
Use the undo stp edged-port command to restore the current Ethernet port to
its default state.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] stp edged-port disable
Description An edge port is a port that is directly connected to a user terminal instead of another
switch or a network segment. Rapid transition is applied to edge ports because, on
these ports, no loops can be incurred by network topology changes. You can enable a
port to transit to the forwarding state rapidly by setting it to an edge port. And you
are recommended to configure the Ethernet ports directly connected to user
terminals as edge ports to enable them to transit to the forwarding state rapidly.
Normally, configuration BPDUs cannot reach an edge port because the port is not
connected to another switch. But when the BPDU protection function is disabled on
an edge port, configuration BPDUs sent deliberately by a malicious user may reach the
port. If an edge port receives a BPDU, it turns to a non-edge port.
CAUTION:
Among loop prevention function, root protection function and edge port setting,
only one can be valid on the same port.
3Com Switch 4200G Family stp edged-port ● 731
Command Reference
stp interface
Purpose Use the stp interface command in system view to enable or disable MSTP for
specified ports.
Parameters interface-list Specifies the Ethernet port list. You can specify
multiple ports by providing this argument in the form:
interface-list = { interface-name
[ to interface-name] & < 1-10 >.
The interface-name is the port index of a port and
can be specified in this form:
interface-name = { interface-type
interface-num }
■ interface-type specifies the type of a port
■ interface-num identifies the port number.
Note that the interface name after the keyword to
must have an interface-num that is greater than or
equal to that of the interface-name before to.
■ &<1-10>means that up to 10 port indexes/port
index lists can be provided.
enable Enables MSTP on the specified ports.
disable Disables MSTP on the specified ports.
Default By default, MSTP is enabled on ports of a switch if MSTP is globally enabled; and
MSTP is disabled on ports of a switch if MSTP is disabled globally.
An MSTP-disabled port does not participate in any calculation of spanning trees and is
always in forwarding state.
Example To Enable MSTP on GigabitEthernet1/0/1 port in system view, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp interface GigabitEthernet 1/0/1 enable
■ System view
3Com Switch 4200G Family stp interface ● 733
Command Reference
Description CAUTION:
Parameters interface-list Specifies the Ethernet port list. You can specify
multiple ports by providing this argument in the form:
interface-list = { interface-name
[ to interface-name] & < 1-10 >.
The interface-name is the port index of a port and
can be specified in this form:
interface-name = { interface-type
interface-num }
■ interface-type specifies the type of a port
■ interface-num identifies the port number.
Note that the interface name after the keyword to
must have an interface-num that is greater than or
equal to that of the interface-name before to.
■ &<1-10>means that up to 10 port indexes/port
index lists can be provided.
Example To enable the digest snooping feature on GigabitEthernet1/0/1 port in system view,
enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp interface GigabitEthernet 1/0/1 config-digest-snooping
■ System view
Description According to IEEE 802.1s, two interconnected MSTP switches can interwork with
each other through MSTIs in an MST region only when the two switches have the
same MST region-related configuration. Interconnected MSTP switches determine
3Com Switch 4200G Family stp interface config-digest-snooping ● 735
Command Reference
whether or not they are in the same MST region by checking the configuration IDs of
the BPDUs between them. (A configuration ID contains information such as region ID
and configuration digest.)
As some partners' switches adopt proprietary spanning tree protocols, they cannot
interwork with other switches in an MST region even if they are configured with the
same MST region-related settings as other switches in the MST region.
This problem can be overcome by implementing the digest snooping feature. If a port
on an S5100-EI series switch is connected to a partner's switch that has the same
MST region-related settings as its own but adopts a proprietary spanning tree
protocol, you can enable digest snooping on the port. Then the S5100-EI switch
regards the partner's switch as in the same region; it records the configuration digests
carried in the BPDUs received from the partner's switch, and put them in the BPDUs
to be send to the partner's switch. In this way, the S5100-EI switches can interwork
with the partners' switches in the same MST region.
Note:
■ The digest snooping feature is needed only when your S5100-EI series switch is
connected to partner's proprietary protocol-adopted switches.
■ To enable the digest snooping feature successfully, you must first enable it on all
the ports of your S5100-EI series switch that are connected to partner's proprietary
protocol-adopted switches and then enable it globally.
■ To enable the digest snooping feature, the interconnected switches must be
configured with exactly the same MST region-related configuration.
■ The digest snooping feature must be enabled on all the ports of your S5100-EI
series switch that are connected to partners' proprietary protocol-adopted
switches in the same MST region.
■ To change MST region-related configuration, be sure to disable the digest
snooping feature first to prevent possible broadcast storms.
736 ● stp interface cost 3Com Switch 4200G Family
Command Reference
Purpose Use the stp interface cost command to set the path cost of specified ports in
a specified spanning tree instance.
Use the undo stp interface cost command to restore the default path costs.
Parameters interface-list Specifies the Ethernet port list. You can specify
multiple ports by providing this argument in the form:
interface-list = { interface-name
[ to interface-name] & < 1-10 >.
The interface-name is the port index of a port and
can be specified in this form:
interface-name = { interface-type
interface-num }
■ interface-type specifies the type of a port
■ interface-num identifies the port number.
Note that the interface name after the keyword to
must have an interface-num that is greater than or
equal to that of the interface-name before to.
■ &<1-10>means that up to 10 port indexes/port
index lists can be provided.
instance-id Specifies the spanning tree instance ID. Valid values are
0 to 16. A value of 0 specifies the CIST.
cost Specifies the path cost for the ports. Valid values are
1 to 200,000,000.
Default By default, a switch calculates the path costs of ports in each spanning tree instance
automatically according to the specified standard.
Example To set the path cost of GigabitEthernet1/0/3 port in spanning tree instance 2 to 400 in
system view, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp instance 2 interface GigabitEthernet 1/0/3 cost 400
3Com Switch 4200G Family stp interface cost ● 737
Command Reference
■ System view
Description The path cost of a port affects the role of the port. By configuring the same ports to
have different path costs in different MSTIs, you can enable flows of different VLANs
to travel along different physical links, implementing VLAN-based load balancing.
Path cost changes for ports of an MSTP-enabled switch can cause MSTP to recalculate
the roles of the ports and to perform state transitions.
Purpose Use the stp interface edged-port command to configure the specified
Ethernet ports to be either edge ports or non-edge ports.
Use the undo stp interface edged-port command to restore the specified
Ethernet ports to their default states.
Parameters interface-list Specifies the Ethernet port list. You can specify
multiple ports by providing this argument in the form:
interface-list = { interface-name
[ to interface-name] & < 1-10 >.
The interface-name is the port index of a port and
can be specified in this form:
interface-name = { interface-type
interface-num }
■ interface-type specifies the type of a port
■ interface-num identifies the port number.
Note that the interface name after the keyword to
must have an interface-num that is greater than or
equal to that of the interface-name before to.
■ &<1-10>means that up to 10 port indexes/port
index lists can be provided.
enable Configures the specified Ethernet ports to be edge
ports.
disable Configures the specified Ethernet ports to be
non-edge ports.
Example To configure GigabitEthernet1/0/3 port as an edge port in system view, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp interface GigabitEthernet 1/0/3 edged-port enable
■ System view
Description An edge port is a port that is directly connected to a user terminal instead of another
switch or a network segment. Rapid transition is applied to edge ports because, on
these ports, no loops can be incurred by network topology changes. You can enable a
port to transit to the forwarding state rapidly by setting it to an edge port. And you
are recommended to configure the Ethernet ports directly connected to user
terminals as edge ports to enable them to transit to the forwarding state rapidly.
Normally, configuration BPDUs cannot reach an edge port because the port is not
connected to another switch. But when the BPDU protection function is disabled on
an edge port, configuration BPDUs sent deliberately by a malicious user may reach the
port. If an edge port receives a BPDU, it turns to a non-edge port.
CAUTION:
Only one function among loop prevention, root protection, and edge port can be
valid at a time.
Purpose Use the stp interface loop-protection command to enable the loop
prevention function.
Parameters interface-list Specifies the Ethernet port list. You can specify
multiple ports by providing this argument in the form:
interface-list = { interface-name
[ to interface-name] & < 1-10 >.
The interface-name is the port index of a port and
can be specified in this form:
interface-name = { interface-type
interface-num }
■ interface-type specifies the type of a port
■ interface-num identifies the port number.
Note that the interface name after the keyword to
must have an interface-num that is greater than or
equal to that of the interface-name before to.
■ &<1-10>means that up to 10 port indexes/port
index lists can be provided.
Example To enable the loop prevention function on GigabitEthernet1/0/1 port, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp interface GigabitEthernet 1/0/1 loop-protection
■ System view
3Com Switch 4200G Family stp interface loop protection ● 741
Command Reference
Description CAUTION:
Only one function among loop prevention, root protection, and edge port can be
valid at a given time.
Purpose Use the stp interface mcheck command to perform the mCheck operation for
specified ports.
Parameters interface-list Specifies the Ethernet port list. You can specify
multiple ports by providing this argument in the form:
interface-list = { interface-name
[ to interface-name] & < 1-10 >.
The interface-name is the port index of a port and
can be specified in this form:
interface-name = { interface-type
interface-num }
■ interface-type specifies the type of a port
■ interface-num identifies the port number.
Note that the interface name after the keyword to
must have an interface-num that is greater than or
equal to that of the interface-name before to.
■ &<1-10>means that up to 10 port indexes/port
index lists can be provided.
Example To perform the mCheck operation on GigabitEthernet1/0/3 port, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp interface GigabitEthernet 1/0/3 mcheck
■ System view
Purpose Use the stp interface no-agreement-check command to enable the rapid
transition feature on a specified port.
Example To enable the rapid transition feature for GigabitEthernet1/0/1 port, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G]stp interface GigabitEthernet1/0/1 no-agreement-check
■ System view
Description Some partners' switches adopt proprietary spanning tree protocols that are similar to
RSTP in the way to implement rapid transition on designated ports. When a switch of
this kind operates as the upstream switch of the 4200G series switch running MSTP,
the upstream designated port fails to change their states rapidly.
The rapid transition feature is developed to avoid this case. When the 4200G series
switch running MSTP is connected in the upstream direction to a partner's switch
running proprietary spanning tree protocol, you can enable the rapid transition
feature on the ports of the 4200G series switch operating as the downstream switch.
Among these ports, those operating as the root ports will then send agreement
packets to their upstream ports after they receive proposal packets from the upstream
designated ports, instead of waiting for agreement packets from the upstream
switch. This enables designated ports of the upstream switch to change their states
rapidly.
Note: Enable the rapid transition feature on root ports or alternate ports only.
Purpose Use the stp interface point-to-point command to specify whether the
specified Ethernet ports are point-to-point links.
Parameters interface-list Specifies the Ethernet port list. You can specify
multiple ports by providing this argument in the form:
interface-list = { interface-name
[ to interface-name] & < 1-10 >.
The interface-name is the port index of a port and
can be specified in this form:
interface-name = { interface-type
interface-num }
■ interface-type specifies the type of a port
■ interface-num identifies the port number.
Note that the interface name after the keyword to
must have an interface-num that is greater than or
equal to that of the interface-name before to.
■ &<1-10>means that up to 10 port indexes/port
index lists can be provided.
force-true Specifies that the links connected to the specified
Ethernet ports are point-to-point links.
force-false Specifies that the links connected to the specified
Ethernet ports are not point-to-point links.
auto Specifies to automatically determine whether or not
the links connected to the specified Ethernet ports are
point-to-point links.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp interface GigabitEthernet 1/0/3 point-to-point force-true
■ System view
Description The rapid transition feature is not applicable to ports on non-point-to-point links.
You are recommended to let MSTP automatically determine the link types.
These two commands only apply to CIST and MSTIs. If you configure the link to which
a port is connected to be a point-to-point link (or a non-point-to-point link), the
configuration applies to all spanning tree instances (that is, the port is configured to
connect to a point-to-point link (or a non-point-to-point link) in all spanning tree
instances). If the actual physical link is not a point-to-point link and you configure the
link to which the port is connected to be a point-to-point link, loops may temporarily
occur.
Purpose Use the stp interface port priority command to set the port priority of
specified ports in a spanning tree instance.
Use the undo stp interface port priority command to restore the
default port priority of the specified ports in the spanning tree instance.
Parameters interface-list Specifies the Ethernet port list. You can specify
multiple ports by providing this argument in the form:
interface-list = { interface-name
[ to interface-name] & < 1-10 >.
The interface-name is the port index of a port and
can be specified in this form:
interface-name = { interface-type
interface-num }
■ interface-type specifies the type of a port
■ interface-num identifies the port number.
Note that the interface name after the keyword to
must have an interface-num that is greater than or
equal to that of the interface-name before to.
■ &<1-10>means that up to 10 port indexes/port
index lists can be provided.
instance-id Specifies the spanning tree instance ID. Valid values are
0 to 16. A value of 0 specifies the CIST.
priority Specifies the priority for the ports. Valid values are 0 to
240 but must be a multiple of 16 (such as 0, 16 or 32).
If not specified, the default port priority is 128.
Example To set the port priority of GigabitEthernet1/0/3 port (with regard to spanning tree
instance 2) to 16, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp interface GigabitEthernet 1/0/3 instance 2 port priority
16
3Com Switch 4200G Family stp interface port priority ● 747
Command Reference
■ System view
Description If you specify the instance-id argument to be 0, the configured priorities apply to
the CIST. The role a port plays in a spanning tree instance can be affected by its
priority. A port on an MSTP-enabled switch can have different port priorities and play
different roles in different MSTIs. This enables packets of different VLANs to be
forwarded along different physical paths, implementing VLAN-based load balancing.
Changes of port priorities can cause MSTP to redetermine the roles of ports, resulting
in state transition of ports.
Purpose Use the stp interface root-protection command to enable the root
protection function for specified ports.
Parameters interface-list Specifies the Ethernet port list. You can specify
multiple ports by providing this argument in the form:
interface-list = { interface-name
[ to interface-name] & < 1-10 >.
The interface-name is the port index of a port and
can be specified in this form:
interface-name = { interface-type
interface-num }
■ interface-type specifies the type of a port
■ interface-num identifies the port number.
Note that the interface name after the keyword to
must have an interface-num that is greater than or
equal to that of the interface-name before to.
■ &<1-10>means that up to 10 port indexes/port
index lists can be provided.
Example To enable the root protection function on GigabitEthernet1/0/1 port, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp interface GigabitEthernet 1/0/1 root-protection
■ System view
3Com Switch 4200G Family stp interface root-protection ● 749
Command Reference
Description Configuration errors and malicious attacks may cause legal root bridges to receive
BPDUs of higher priorities, and give up their roles as root bridges, which means
network topology jitters. In this case, flows that should travel along high-speed links
may be led to low-speed links, and network congestions may occur.
You can avoid this problem by utilizing the root protection function. Ports with this
function enabled can retain their roles in all spanning tree instances. When such a
port receives BPDUs of higher priorities, its state is set to discarding and it stops
forwarding any packets as if the connected link were down. Only when it receives no
BPDUs of higher priorities in a specified period, does it resumes its normal state.
CAUTION:
Only one function among loop prevention, root protection, and edge port can be
valid at a time.
Purpose Use the stp interface transmit-limit command to set the maximum
number of BPDUs that each specified port can send within a Hello time interval.
Parameters interface-list Specifies the Ethernet port list. You can specify
multiple ports by providing this argument in the form:
interface-list = { interface-name
[ to interface-name] & < 1-10 >.
The interface-name is the port index of a port and
can be specified in this form:
interface-name = { interface-type
interface-num }
■ interface-type specifies the type of a port
■ interface-num identifies the port number.
Note that the interface name after the keyword to
must have an interface-num that is greater than or
equal to that of the interface-name before to.
■ &<1-10>means that up to 10 port indexes/port
index lists can be provided.
packetnum Specifies the maximum number of BPDUs that the
ports can send within a Hello time interval, also known
as maximum transmission speed. Valid values are 1 to
255. If not specified, the default is 3.
Example To set the maximum transmitting speed of GigabitEthernet1/0/3 port to 5, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp interface GigabitEthernet 1/0/3 transmit-limit 5
■ System view
3Com Switch 4200G Family stp interface transmit-limit ● 751
Command Reference
Description A larger packetnum value means a greater number of packets can be transmitted in
each Hello time interval and more switch resources will be consumed. Configure the
packetnum argument to a proper value to limit the number of BPDUs sent in each
Hello time interval, preventing MSTP from occupying too much network resources
when network topology jitters occur.
stp loop-protection
Purpose Use the stp loop-protection command to enable the loop prevention function
for the current port.
Use the undo stp loop-protection command to restore the default operation
state of the loop prevention function.
Parameters None
Example To enable the loop prevention function on GigabitEthernet1/0/1 port, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] stp loop-protection
stp max-hops
Purpose Use the stp max-hops command to set the maximum hop count of the MST region
to which the switch belongs.
Parameters hops Specifies the maximum hop count. Valid values are 1
to 40. If not specified, the default is 20.
Example To set the maximum hops of the current MST region to 35, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp max-hops 35
■ System view
Description The maximum hop count configured on the region root for an MST region is used to
limit the size of the MST region.
A BPDU contains a hop counter field. In a MST region, after a BPDU leaves the root
bridge, its hop counter decreases by 1 whenever it is forwarded by a switch; once its
hop counter reaches 0, it is dropped. Such a mechanism disables the switches that are
beyond the maximum hop count from participating in spanning tree calculation, and
thus limits the size of an MST region.
With such a mechanism, once a switch becomes the root bridge of a CIST or MSTI,
the maximum hop count configured on it determines the network diameter of the
spanning tree and limits the size of the spanning tree. The switches that are not the
root bridge in an MST region adopts the maximum hop count configured on the root
bridge.
754 ● stp mcheck 3Com Switch 4200G Family
Command Reference
stp mcheck
Purpose Use the stp mcheck command to perform the mCheck operation for the current
port.
Parameters None
Example To perform the mCheck operation on GigabitEthernet1/0/1 port, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] stp mcheck
Description A port on an MSTP-enabled switch automatically toggles to the STP/RSTP mode when
an STP-/RSTP-enabled switch is connected to it. But when the STP-/RSTP-enabled
switch is disconnected from the port, the port cannot automatically toggle back to
the MSTP mode and still remains in the STP/RSTP mode.
In this case, you can force the port to toggle to the MSTP mode by performing the
mCheck operation on the port.
stp mode
Purpose Use the stp mode command to set the MSTP operation mode of the switch.
Use the undo stp mode command to restore the default MSTP operation mode.
Example To configure the switch to operate in STP mode, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp mode stp
■ System view
Description To make a switch compatible with STP/RSTP, MSTP provides another two operation
modes besides the MSTP mode: STP and RSTP. When a switch operates in STP mode,
the packets sent by the ports of the switch are STP BPDUs. When a switch operates in
RSTP mode, the packets sent by the ports of the switch are RSTP BPDUs. And when a
switch operates in MSTP mode, the packets sent by the ports of the switch are MSTP
BPDUs. When a switch detects that STP-/RSTP-enabled switches are connected to its
ports, the corresponding ports change to operate in STP/RSTP mode automatically.
stp no-agreement-check
Purpose Use the stp no-agreement-check command to enable the rapid transition
feature on the current port.
Parameters None
Example To enable the rapid transition feature on GigabitEthernet1/0/1 port, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1]stp no-agreement-check
Description Some partners' switches adopt proprietary spanning tree protocols that are similar to
RSTP in the way to implement rapid transition on designated ports. When a switch of
this kind operates as the upstream switch of an S5100-EI series switch running MSTP,
the upstream designated port fails to change their states rapidly.
The rapid transition feature is developed to resolve this problem. When an S5100-EI
series switch running MSTP is connected in the upstream direction to a partner's
switch running proprietary spanning tree protocol, you can enable the rapid transition
feature on the ports of the S5100-EI series switch operating as the downstream
switch. Among these ports, those operating as the root ports will then send
agreement packets to their upstream ports after they receive proposal packets from
the upstream designated ports, instead of waiting for agreement packets from the
upstream switch. This enables designated ports of the upstream switch to change
their states rapidly.
Note: Enable the rapid transition feature on root ports or alternate ports only.
stp pathcost-standard
Purpose Use the stp pathcost-standard command to set the standard used for
calculating the default path costs of ports.
Default By default, the switch uses the legacy standard to calculate the default path costs of
ports
Example To configure the switch to use the IEEE 802.1D-1998 standard to calculate the default
path costs of its ports, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp pathcost-standard dot1d-1998
To configure the switch to use the IEEE 802.1t standard to calculate the default path
costs of its ports, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp pathcost-standard dot1t
■ System view
758 ● stp pathcost-standard 3Com Switch 4200G Family
Command Reference
Description The following table lists transmission speeds and their corresponding path costs.
Normally, the path cost of a port in full-duplex mode is slightly less than that of the
port in half-duplex mode.
When calculating the path cost of an aggregate link, the 802.1D-1998 standard does
not take the number of the aggregated links into account, whereas the 802.1T
standard does so by using the following equation:
Where, the link transmission speed is the sum of the speeds of the unblocked ports
for the aggregate link measured in 100 kbps units.
3Com Switch 4200G Family stp point-to-point ● 759
Command Reference
stp point-to-point
Purpose Use the stp point-to-point command to specify whether the port must
connect to point-to-point link.
Use the undo stp point-to-point command to restore the default setting.
Default If no keyword is specified in the stp point-to-point command, the auto keyword is
used by default, and so MSTP automatically determines the type of the link connected
to the current port.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/3
[S4200G-GigabitEthernet1/0/3] stp point-to-point force-true
Description The rapid transition feature is not applicable to ports that are connected to
non-point-to-point links.
These two commands only apply to CISTs and MSTIs. If you configure the link to
which a port is connected is a point-to-point link (or a non-point-to-point link), the
configuration applies to all spanning tree instances (that is, the port is configured to
760 ● stp point-to-point 3Com Switch 4200G Family
Command Reference
Purpose Use the stp port priority command to set the priority of the current port in a
specified spanning tree instance.
Use the undo stp port priority command to restore the default priority.
Parameters instance-id Specifies the spanning tree instance ID. Valid values are
0 to 16. A value of 0 specifies the CIST.
port priority priority
Specifies the priority for the port. Valid values are 0 to
240 but must be a multiple of 16 (such as 0, 16, and
32). If not specified, the default port priority is 128.
Example To set the port priority of GigabitEthernet1/0/3 port in spanning tree instance 2 to 16,
enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/3
[S4200G-GigabitEthernet1/0/3] stp instance 2 port priority 16
Description If you specify the instance-id argument to be 0 or do not specify the argument, these
two commands apply to the port priorities on the CIST. The role a port plays in a
spanning tree instance is determined by the port priority in the instance. A port on a
MSTP-enabled switch can have different port priorities and play different roles in
different MSTIs. This enables packets of different VLANs to be forwarded along
different physical paths, so as to achieve load balancing by VLANs. Changing port
priorities result in port roles being re-determined and may cause state transitions.
stp priority
Purpose Use the stp priority command to set the priority of a switch in a spanning tree
instance.
Use the undo stp priority command to restore the default priority of a switch.
Parameters instance-id Specifies the spanning tree instance ID. Valid values are
0 to 16. A value of 0 specifies the CIST.
priority Specifies t he priority for the switch. Valid values are 0
to 61,440 but must be a multiple of 4,096 (such as 0,
4096, and 8192). The total number of switch priorities
is 16.
Example To set the priority of the switch in spanning tree instance 1 to 4,096, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp instance 1 priority 4096
■ System view
Description The priorities of switches are used for spanning tree generation. Switch priorities are
spanning tree-specific. That is, you can set different priorities for the same switch in
different spanning tree instances.
If you do not specify the instance-id argument, the configuration applies to the
CIST.
3Com Switch 4200G Family stp region-configuration ● 763
Command Reference
stp region-configuration
Purpose Use the stp region-configuration command to enter MST region view.
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp region-configuration
[S4200G-mst-region]
■ System view
Description MST region-related settings include: region name, revision level, and VLAN mapping
table. The three MST region-related settings default to:
And you can modify the three settings after entering MST region view by using the
stp region-configuration command.
764 ● stp root primary 3Com Switch 4200G Family
Command Reference
Purpose Use the stp root primary command to configure the current switch to be the
root bridge of a specified spanning tree instance.
Parameters instance-id Specifies the spanning tree instance ID. Valid values are
0 to 16. A value of 0 specifies the CIST.
bridgenum Specifies the network diameter of the specified
spanning tree. Valid values are 2 to 7.
If not specified, the default is 7.
centi-seconds Specifies the hello time of the specified spanning tree
in centiseconds. Valid values are 100 to 1,000.
If not specified, the default is 200.
If you do not specify the instance-id argument, the configuration applies to the
CIST.
Example To configure the current switch as the root bridge of spanning tree instance 1, setting
the network diameter of the switched network to 4, and the Hello time to 500
centiseconds, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp instance 1 root primary bridge-diameter 4 hello-time 500
■ System view
Description You can specify the current switch as the root bridge of a spanning tree instance
regardless of the priority of the switch. You can also specify the network diameter of
the switched network by using the stp root primary command. The switch will
then figure out the following three time parameters: Hello time, Forward delay, and
Max age. As the Hello time figured out by the network diameter is not always the
optimal one, you can set it manually through the hello-time keyword. Normally, you
are recommended to set the network diameter and leave the Forward delay and Max
age parameters being automatically determined by the network diameter you set.
3Com Switch 4200G Family stp root primary ● 765
Command Reference
CAUTION:
■ You can configure only one root bridge for a spanning tree instance and can
configure one or more secondary root bridges for a spanning tree instance.
Configuring multiple root bridges for a spanning tree instance causes
unpredictable results.
■ Once a switch is configured to be the root bridge or a secondary root bridge, its
priority cannot be modified.
766 ● stp root-protection 3Com Switch 4200G Family
Command Reference
stp root-protection
Purpose Use the stp root-protection command to enable the root protection function
for the current port.
Use the undo stp root-protection command to restore the default operation
state of the root protection function.
Parameters None
Example To enable the root protection function on GigabitEthernet1/0/1 port, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] stp root-protection
Description Configuration errors and malicious attacks may cause legal root bridges to receive
BPDUs of higher priorities, and give up their roles as root bridges, which means
network topology jitters. In this case, flows that should travel along high-speed links
may be led to low-speed links, and network congestions may occur.
You can avoid this problem by utilizing the root protection function. Ports with this
function enabled can retain their roles in all spanning tree instances. When such a
port receives BPDUs of higher priorities, its state is set to discarding and it stops
forwarding any packets as if the connected link were down. Only when it receives no
BPDUs of higher priorities in a specified period, does it resumes its normal state.
Purpose Use the stp root secondary command to configure the current switch as a
secondary root bridge of a specified spanning tree instance.
Parameters instance-id Specifies the spanning tree instance ID. Valid values are
0 to 16. A value of 0 specifies the CIST.
bridgenum Specifies the network diameter of the specified
spanning tree. Valid values are 2 to 7. If not specified,
the default is 7.
centi-seconds Specifies the hello time of the specified spanning tree
in centiseconds. Valid values are 100 to 1,000. If not
specified, the default is 200.
If you do not specify the instance-id argument, the configuration applies to the
CIST.
Example To configure the current switch to be a secondary root bridge of spanning tree
instance 4, setting the network diameter of the switched network to 5 and the Hello
time to 300 centiseconds, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp instance 4 root secondary bridge-diameter 5 hello-time 300
■ System view
Description You can configure one or more secondary root bridges for a spanning tree instance. If
the switch operating as the root bridge fails or is turned off, the secondary root
bridge with the smallest MAC address becomes the root bridge.
You can also specify the network diameter and the Hello time of the switch while
specifying a switch to be a secondary root bridge. The switch will then figures out the
other two correlated settings (that is, the Forward delay and Max age). You can
configure only one root bridge for a spanning tree instance and can configure one or
more secondary root bridges for a spanning tree instance.
768 ● stp root secondary 3Com Switch 4200G Family
Command Reference
Once a switch is configured to be the root bridge or a secondary root bridge, its
priority cannot be modified.
3Com Switch 4200G Family stp tc-protection ● 769
Command Reference
stp tc-protection
Purpose Use the stp tc-protection command to enable or disable the TC-BPDU attack
prevention function for the switch.
Parameters None
Example To enable the TC-BPDU attack prevention function for the switch, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp tc-protection enable
■ System view
Description A switch removes MAC address entries and ARP entries upon receiving TC-BPDUs. If a
malicious user sends large amounts of TC-BPDUs to a switch in a short period, the
switch may be busy removing MAC address entries and ARP entries, which may
decrease the performance of the switch and introduce potential stability risks.
With the TC-BPDU attack prevention function enabled, a switch performs removing
operation only once in a specified period (10 seconds by default) after it receives a
TC-BPDU. The switch also checks to see if other TC-BPDUs arrive and performs
another removing operation in the next period if a TC-BPDU is received. Such a
mechanism prevents a switch from being busy removing address entries and ARP
entries.
770 ● stp timer-factor 3Com Switch 4200G Family
Command Reference
stp timer-factor
Purpose Use the stp timer-factor command to set the timeout time of a switch in terms
of the multiple of the Hello time.
For example, with the number argument set to 3, the timeout time is three times of
the Hello time.
Parameters number Specifies the timeout time factor. Valid values are 1 to
10. If not specified, the default is 3.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp timer-factor 7
■ System view
Description A switch sends protocol packets to its neighboring devices in the specified Hello time
interval to test the connectivity of links. Normally, if a switch does not receive any
protocol packets from its upstream switch in a period three times of the Hello time, it
assumes that the upstream switch is down and recalculates the spanning trees.
Spanning tree recalculation may also occur in a very stable network where certain
upstream switches are busy. In this case, you can increase the timeout time to four or
more times of the Hello time. For stable networks, a timeout time of five to seven
times of the Hello time is recommended.
3Com Switch 4200G Family stp timer forward-delay ● 771
Command Reference
Purpose Use the stp timer forward-delay command to set the Forward delay for a
switch.
Use the undo stp timer forward-delay command to restore the default.
Example To set the Forward delay to 2,000 centiseconds, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp timer forward-delay 2000
■ System view
Description To prevent temporary loops while ports change their states, each port undergoes an
intermediate period when it changes from the discarding state to the forwarding
state to allow for synchronizing with the remote switches. This intermediate period is
determined by the Forward delay configured on the root bridge.
The Forward delay setting configured for a root bridge applies to all switches
operating in the spanning tree instance, including the root bridge.
As for the configuration of the three time-related parameters (that is, the Hello time,
Forward delay, and Max age parameters), you can refer to the following expressions
to prevent networks from jittering frequently.
It is recommended that you specify the network diameter and the Hello time
parameter by using the stp root primary or stp root secondary command
in a network with MSTP employed, after which the three optimized time-related
parameters are automatically determined.
772 ● stp timer forward-delay 3Com Switch 4200G Family
Command Reference
Purpose Use the stp timer hello command to set the Hello time for a switch.
Use the undo stp timer hello command to restore the default Hello time.
Parameters centi-seconds Integer for the Hello time in centiseconds. Valid values
are 100 to 1,000. If not specified, the default is 200.
Example To set the Hello time to 400 centiseconds, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp timer hello 400
■ System view
Description A root bridge regularly sends out configuration BPDUs to maintain the existing
spanning trees. The Hello time is used to set the sending interval. When a switch
becomes a root bridge, it regularly sends BPDUs at the interval specified by the hello
time you have configured on it. While, the other none-root-bridge switches listen to
the BPDUs; if they do not receive a BPDU in a specific period, spanning trees will be
regenerated.
As for the configuration of the three time-related parameters (that is, the Hello time,
Forward delay, and Max age parameters), the following formulas must be met to
prevent network jitter.
It is recommended that you specify the network diameter and the Hello time by using
the stp root primary or stp root secondary command. MSTP will then
automatically calculate the optimal values of the three parameters.
Purpose Use the stp timer max-age command to set the maximum age of a switch.
Use the undo stp timer max-age command to restore the default.
Example To set the maximum age to 1,000 centiseconds, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp timer max-age 1000
■ System view
Description MSTP is capable of detecting link problems and automatically setting redundant links
to forwarding state. In a CIST, the Max age is the criterion for switches to judge
whether or not a received BPDU is timed out. And spanning trees will be regenerated
if a BPDU received by a port is timed out.
The Max age argument is meaningless to MSTIs. All switches in a CIST uses the Max
age configured for the root bridge of the CIST to judge whether a BPDU is timed out.
The settings of the three MSTP time parameters must satisfy the following expressions
to prevent frequent network jitters:
It is recommended that you specify the network diameter and the Hello time by using
the stp root primary or stp root secondary command. MSTP will then
automatically calculate the optimal values of the three parameters.
stp transmit-limit
Purpose Use the stp transmit-limit command to set the maximum number of
configuration BPDUs the current port can transmit within a Hello time.
Parameters packetnum Specifies the maximum number of BPDUs that the port
can transmit within a Hello time interval. Valid values
are 1 to 255. If not specified, the default is 3.
Example To set the maximum number of configuration BPDUs that can be transmitted by the
GigabitEthernet1/0/1 port in each Hello time to 5, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] stp transmit-limit 5
Description A larger number configured by the stp transmit-limit command allows more
configuration BPDUs can be transmitted in each Hello time, which may occupy more
switch resources. So configure it to a proper value to avoid MSTP from occupying too
many network resources.
super
Purpose Use the super command to switch the current user level to the one identified by the
level argument.
<S4200G> super 3
Password:
■ User view
Description If a password is previously set by using the super password [ level level ] {
simple | cipher } password command, you need to provide the password, as well,
to switch to the higher user level. You will remain in the original user level if you fail to
provide the correct password.
Note:
■ Users logging into a switch also fall into four levels, each of which corresponding
to one of the command levels. Users at a specific level can only use the commands
at the same level and the commands at the lower levels.
■ You can specify an AUX user to provide a password when he switches from a
lower user level to a higher user level and specify the password by using the
super password [ level level ] { simple | cipher } password
command. With a password configured, an AUX user remains in the original user
level if the password provided is incorrect when the AUX user attempts to switch
to a higher user level. If the password is not configured, an AUX user can switch to
a higher user level directly.
■ A password is necessary for a VTY user to switch to a higher user level. You can
use the super password [ level level ] { simple | cipher } password
command to set the password. With the password not configured, a VTY user fails
to switch to a higher user level and is prompted the message reading “Password is
not set”.
■ An AUX user or a VTY user can switch to a lower user level directly regardless of
the password.
super password
Purpose Use the super password command to set the password for users to switch to a
higher user level.
Parameters level User level. Valid values for this argument are 1 to 3. If
not specified, the is 3. If you execute this command
with the level argument not provided, this
command sets the password to switch to level 3.
simple Specifies to provide the password in plain text.
cipher Specifies to provide the password in encrypted text.
password Password to be set. If you specify the simple keyword,
provide this argument in plain text. If you specify the
cipher keyword, you can provide this argument in
either encrypted text or plain text. In this case, a
password containing no more than 16 characters (such
as 123) is regarded to be in plain text and is converted
to the corresponding 24-character encrypted form (
such as !TP<\*EMUHL,408`W7TH!Q!!) automatically.
You can also provide a 24-character encrypted
password directly if you are aware of the actual
password.
No matter what form of the password (plain text or encrypted text) is in, the
password entered for verification must be in plain text.
Example Set the password to switch from the current user level to user level 3 to “zbr”.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] super password level 3 simple zbr
■ System view
Description To prevent unauthorized accesses, you can use this command to require users to
provide the password when they switch to a higher user level. For security purpose,
the password a user enters when switching to a higher user level is not displayed. A
user will remain at the original user level if the user has tried three times to enter the
correct password but fails to do this.
3Com Switch 4200G Family super password ● 779
Command Reference
780 ● sysname 3Com Switch 4200G Family
Command Reference
sysname
Purpose Use the sysname command to set a domain name for the switch.
Use the undo sysname command to restore the default domain name.
undo sysname
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]sysname ABC
[ABC]
■ System view
Description The CLI prompt reflects the domain name of a switch. For example, if the domain
name of a switch is "S4200G", then the prompt of user view is <S4200G>.
3Com Switch 4200G Family sysname ● 781
Command Reference
sysname
Purpose Use the sysname command to set the system name of the Switch.
Use the undo sysname command to restore the default value of the system name.
undo sysname
■ System view
Description Changing the system name of the Switch will affect the prompt of the command line
interface. For example, the system name of the Switch is 4200G, and the prompt in
user view is <S4200G>.
782 ● system-view 3Com Switch 4200G Family
Command Reference
system-view
Purpose Enter system-view to enter the system view from the user view.
Syntax system-view
Parameters None
Example To enter system view from user view, enter the following:
<S4200G> system-view
[S4200G]
■ User view
Purpose Use the tcp timer fin-timeout command to configure the TCP finwait timer.
Use the undo tcp timer fin-timeout command to restore the default value of the
TCP finwait timer.
Parameters time-value Specifies the TCP finwait timer value in seconds. Valid
values are 76 to 3600.
If not specified, the default is 675 seconds.
Example To configure the TCP finwait timer value as 800 seconds, enter the following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]tcp timer fin-timeout 800
■ System view
Description When the TCP connection state changes from FIN_WATI_1 to FIN_WAIT_2, the
finwait timer is enabled. If the switch does not receive FIN packet before finwait timer
timeouts, the TCP connection is terminated.
Purpose Use the tcp timer syn-timeout command to configure the TCP synwait timer.
Use the undo tcp timer syn-timeout command to restore the default value of the
timer.
Example To configure the TCP synwait timer value as 80 seconds, enter the following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]tcp timer syn-timeout 80
■ System view
Description When a SYN packet is sent, TCP starts the synwait timer. If no response packet is
received before the synwait timer times out, the TCP connection is terminated.
tcp window
Purpose Use the tcp window command to configure the size of the transmission and receiving
buffers of the connection-oriented socket.
Use the undo tcp window command to restore the default size of the buffer.
Example To configure the size of the transmission and receiving buffers as 3 KB, enter the
following:
<S4200G>system-view
System View: return to User View with Ctrl+Z.
[S4200G]tcp window 3
■ System view
telnet
Purpose Use the telnet command to log in to another Ethernet switch from the current
switch via Telnet for remote management.
Parameters hostname Specifies the host name of the remote Switch. You can
use the ip host command to assign a host name to a
switch.
ip-address Specifies the IP address or the host name of the remote
Switch.
If you enter the host name, the Switch must be set to
static resolution.
service-port Designates the TCP port number of the port that
provides Telnet service on the switch. Valid values are 0
to 65535.
If not specified, the default Telnet port number of 23 is
used.
Example Telnet to the switch with the host name of S4200G2 and IP address of 129.102.0.1
from the current switch (with the host name of S4200G1).
■ User view
Description Use the telnet command to Telnet to another switch from the current switch to
manage the former remotely. You can terminate a Telnet connection by pressing
<Ctrl+K> or <Ctrl+]>.
terminal debugging
Purpose Use the terminal debugging command to configure to display the debugging
information on the terminal.
Use the undo terminal debugging command to configure not to display the
debugging information on the terminal.
Parameters None
■ User view
terminal debugging
Purpose Use the terminal debugging command to configure to display the debugging
information on the terminal.
Use the undo terminal debugging command to configure not to display the
debugging information on the terminal.
Parameters None
■ User view
terminal logging
Purpose Use the terminal logging command to enable log terminal display.
Use the undo terminal logging command to disable log terminal display.
Parameters None
Default By default, log terminal display is enabled for console users and disabled for terminal
users.
■ User view
790 ● terminal monitor 3Com Switch 4200G Family
Command Reference
terminal monitor
Purpose Use the terminal monitor command to enable the debug/log/trap terminal display
function.
Parameters None
Default By default, this function is enabled for the console user but disabled for terminal
users.
■ User view
Description This command works only on the current terminal. Only after the command has been
executed in user view, can the debug/log/trap information be output on the current
terminal. Disabling the function has the same effect as executing the following three
commands: undo terminal debugging, undo terminal logging and undo terminal
trapping. That is, no debug/log/trap information will be displayed on the current
terminal. If the function is enabled, you can run the terminal debugging/undo
terminal debugging, terminal logging/undo terminal logging or terminal
trapping/undo terminal trapping command to enable or disable debug/log/trap
terminal output respectively.
3Com Switch 4200G Family terminal trapping ● 791
Command Reference
terminal trapping
Purpose Use the terminal trapping command to enable terminal trap information display.
Use the undo terminal trapping command to disable trap terminal display.
Parameters None
■ User view
792 ● tftp 3Com Switch 4200G Family
Command Reference
tftp
Purpose Use the tftp command to set the TFTP data transfer mode.
<S4200G> system-view
[S4200G] tftp ascii
TFTP transfer mode changed to ASCII.
■ System view
3Com Switch 4200G Family tftp cluster get ● 793
Command Reference
Purpose Use the tftp cluster get command to download a specified file from a cluster
TFTP server.
Example Download the file named LANSwitch.app from the cluster TFTP server and save it as
vs.app.
■ User view
Purpose Use the tftp put command to upload a specified file to a specified directory of a
cluster TFTP server.
Example Upload the local file named vrpcfg.txt to the cluster TFTP server and save it as
Temp.txt.
■ User view
tftp get
Purpose Use the tftp get command to download a file from a TFTP server to this switch.
Example Download the file named abc.txt from the TFTP server whose IP address is 1.1.1.1 and
save it as efg.txt.
■ User view
tftp put
Purpose Use the tftp put command to upload a file from the switch to the specified directory
on the TFTP server.
Parameters tftp-server IP address or host name of the TFTP server. The name
of the TFTP server should be a string from 1 to 20
characters long.
source-file Name of the file to be uploaded to the TFTP server.
dest-file Specifies the file name of the destination file that will
be saved on the TFTP server.
Example Upload the file named vrpcfg.txt to the TFTP server whose IP address is 1.1.1.1 and
save it as temp.txt.
■ User view
tftp-server
Purpose Use the tftp-server command to configure a TFTP server for cluster members on
the management device.
Use the undo tftp-server command to cancel the TFTP server configuration.
undo tftp-server
Only after you assign an IP address for TFTP server of the cluster, member devices can
access it through the management device.
<aaa_0.S4200G>system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G]cluster
[aaa_0.S4200G-cluster] tftp-server 1.0.0.9
■ Cluster view
Description You need to configure the IP address of a TFTP server first for the member devices in a
cluster to access the TFTP server through the management device.
tftp-server acl
Purpose Use the tftp-server acl command to specify the ACL (Access Control List)
adopted for the connection between a TFTP client and a TFTP server.
Use the undo tftp-server acl command to cancel all ACLs adopted.
Parameters acl-number The Basic ACL number. Valid values are 2000 to 2999.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] tftp-server acl 2000
The ACL number is not existent or contains no rule. Continue? [Y/N] y
[S4200G]
■ System view
3Com Switch 4200G Family time-range ● 799
Command Reference
time-range
Use the undo time-range all command to delete all time ranges.
If the two parameters above are not configured, it means there is no restriction to
time-range.
800 ● time-range 3Com Switch 4200G Family
Command Reference
Example Define a time range that is effective from 12:00 January 1, 2000 to 12:00 January 1,
2001.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] time-range test from 12:00 1/1/2000 to 12:00 1/1/2001
■ System view
Description The time range defined by means of the time-range command can include absolute
time sections and periodic time sections. The start-time and end-time
days-of-the-week jointly define a periodic time section, while start-time start-date and
end-time end-date jointly define an absolute time section.
If only a periodic time section is defined in a time range, the time range is active only
within the defined periodic time section.
If only an absolute time section is defined in a time, the time range is active only
within the defined absolute time section.
If both a periodic time section and an absolute time section are defined in a time
range, the time range is active only when the periodic time range and the absolute
time range are both matched. Assume that a time range defines an absolute time
section from 00:00 January 1, 2004 to 23:59 December 31, 2004, and a periodic time
section from 12:00 to 14:00 every Wednesday. This time range is active only from
12:00 to 14:00 every Wednesday in 2004.
If you include any argument with the undo time-range command, the system will
delete only the content defined by the argument from the time range.
3Com Switch 4200G Family timer ● 801
Command Reference
timer
Purpose Use the timer command to set the interval to send handshake packets.
Use the undo timer command to restore the default interval value.
undo timer
<aaa_0.S4200G>system-view
System View: return to User View with Ctrl+Z.
[aaa_0.S4200G]cluster
[aaa_0.S4200G-cluster] timer 3
■ Cluster view
Description Inside a cluster, the connections between member devices and the management
device are kept through transmitting handshake packets. Handshake packets in a
cluster enable the management device to acquire the information about member
states link states.
Execute these two commands on management devices only. All the member devices
in a cluster acquire the handshake interval setting from the management device.
802 ● timer 3Com Switch 4200G Family
Command Reference
timer
Purpose Use the timer command to set the response timeout time of RADIUS server (that is,
the timeout time of the response timeout timer of RADIUS server).
Use the undo timer command to restore the default response timeout timer of
RADIUS server.
undo timer
Parameters seconds Sets the response timeout time (in seconds) of RADIUS
server. Valid values are 1 to 10 seconds.
If not specified, the default is 3 seconds.
Example To set the timeout time of the response timeout timer for the RADIUS scheme radius1
to 5 seconds, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] timer 5
Description Note:
■ If the switch gets no response from the RADIUS server after sending out a RADIUS
request (authentication/authorization request or accounting request) and waiting
for a time, it should retransmit the packet to ensure that the user can obtain the
RADIUS service. This wait time is called response timeout time of RADIUS server;
and the timer in the switch system that is used to control this time is called the
response timeout timer of RADIUS server. You can use the timer command to set
the timeout time of this timer.
■ Appropriately setting the timeout time of this timer according to the network
situation can improve the performance of the system.
■ The timer command has the same effect with the timer
response-timeout command.
timer quiet
Purpose Use the timer quiet command to set the wait time for the primary server to
restore the active state.
Use the undo timer quiet command to restore the default wait time.
Parameters minutes Specifies the wait time (in minutes) the primary server
waits before restoring the active state. Valid values are
1 to 255 minutes.
If not specified, the default is 5 minutes.
Example To set the wait time for the primary server to restore the active state to 10 minutes,
enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] timer quiet 10
timer realtime-accounting
Purpose Use the timer realtime-accounting command to set the real-time accounting
interval.
Example To set the real-time accounting interval of the RADIUS scheme radius1 to 51 minutes.
enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] timer realtime-accounting 51
Description Note:
■ To charge the users in real time, you should set the interval of real-time
accounting. After the setting, the switch sends the accounting information of
online users to the RADIUS server at regular intervals.
■ The setting of the real-time accounting interval depends to some degree on the
performance of the switch and the RADIUS server. The higher the performance of
the switch and the RADIUS server is, the shorter the interval can be. You are
recommended to set the interval as long as possible when the number of users is
relatively great (f1000). Table 113 lists the numbers of users and the
corresponding recommended intervals.
Table 113 Numbers of users and corresponding recommended intervals
timer response-timeout
Purpose Use the timer response-timeout command to set the response timeout time of
RADIUS servers.
Use the undo timer command to restore the default response timeout timer of
RADIUS servers.
Parameters seconds Sets the response timeout time (in seconds) of RADIUS
servers. Valid values are 1 to 10 seconds.
If not specified, the default timeout time is 3 seconds.
Example To set the response timeout time in the RADIUS scheme radius1 to five seconds, enter
the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
New Radius scheme
[S4200G-radius-radius1] timer response-timeout 5
Description Note:
■ If the switch gets no response from the RADIUS server after sending out a RADIUS
request (authentication/authorization request or accounting request) and waiting
for a time, it should retransmit the packet to ensure that the user can obtain the
RADIUS service. This wait time is called response timeout time of RADIUS servers;
and the timer in the switch system that is used to control this time is called the
response timeout timer of RADIUS servers. You can use the timer
response-timeout command to set the timeout time of this timer.
■ Appropriately setting the timeout time of this timer according to the network
situation can improve the performance of the system.
■ This command has the same effect with the timer command.
topology accept
Purpose Use the topology accept command to confirm the current topology information
of the cluster and save that as a standard topology.
Use the undo topology accept command to delete the current topology
information of the cluster.
Parameters mac-address Specifies a bridge MAC address of the device while the
device authenticates the topology authenticated by
the topology, in the format of H-H-H.
member-number Specifies the member number from which the
topology displays or the member numbers at the
starting point and ending point of a specified path.
save-to Configures to save a standard topology to the FTP
server or the flash while saving the standard topology.
This file is named topology.top universally.
<123> system-view
System View: return to User View with Ctrl+Z
[123] cluster
[123.abc-cluster] topology accept all
■ Cluster view
The topology.top file is used to save standard topology information on the FTP server
or the local flash. The saved information includes information of the white list and
blacklist. The blacklist is a list of devices that are not allowed to join the cluster. The
white list is a list of devices that can join the cluster.
808 ● topology restore-from 3Com Switch 4200G Family
Command Reference
topology restore-from
Purpose Use the topology restore-from command to obtain and restore the standard
topology information from the local flash.
Parameters None
<123> system-view
System View: return to User View with Ctrl+Z
[123] cluster
[123.abc-cluster] topology restore-from local-flash
■ Cluster view
topology save-to
Purpose Use the topology save-to command to save the standard topology information
into the local flash.
Parameters None
Example Save the standard topology information into the local flash.
<123> system-view
System View: return to User View with Ctrl+Z
[123] cluster
[123.abc-cluster] topology save-to local-flash
■ Cluster view
Description The topology includes white list and blacklist. The file is named topology.top
universally.
tracemac
Purpose Use the tracemac command to locate a device by MAC address or IP address.
<123> system-view
System View: return to User View with Ctrl+Z
[123] tracemac by-mac 000f-3232-0005 vlan 1
Tracing MAC address 000f-3232-0005 in vlan 1
1 000f-3232-0001abc01 ethernet1/0/2
2 000f-3232-0002abc02 ethernet1/0/7
3 000f-3232-0003abc03 ethernet1/0/4
4 000f-3232-0005abc05 Local
■ Any view
3Com Switch 4200G Family tracert ● 811
Command Reference
tracert
Purpose Use the tracert command to trace the gateways the test packets passes through
during its journey from the source to the destination.
■ first-TTL is 1,
■ max-TTL is 30,
■ port is 33434,
■ nqueries is 3
■ timeout is 5000 ms.
Example Test the gateways passed by the packets to the destination host at 18.26.0.115.
812 ● tracert 3Com Switch 4200G Family
Command Reference
<S4200G>tracert 18.26.0.115
tracert to allspice.lcs.mit.edu (18.26.0.115), 30 hops max
1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms
2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms
3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms
4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms
5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms
6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms
7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms
8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms
9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms
10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms
11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms
12 * * *
13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms
14 * * *
15 * * *
16 * * *
17 * * *
18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms
■ Any view
Description The tracert command is primarily used to check the network connectivity. It can
also help you locate the trouble spot of the network.
If you find that the network is in trouble by using the ping command, you can use
the tracert command to find where the trouble is in the network.
The executing procedure of the tracert command is as follows. First, the source
sends a packet with the TTL of 1, and the first hop device returns an ICMP error
message indicating that it cannot forward this packet because of TTL timeout.
Then, the source re-sends a packet with the TTL of 2, and the second hop device
also returns an ICMP TTL timeout message. This procedure continues until a
packet gets to the destination or the maximum TTL is reached. During the
procedure, the system records the source address of each ICMP TTL timeout
message in order to offer the path that the packets pass through to the destination.
The tracert command can output the IP addresses of all the gateways the
packets pass through to the destination. You will see the string "***" if a gateway
times out.
3Com Switch 4200G Family traffic-limit ● 813
Command Reference
traffic-limit
Purpose Use the traffic-limit command to use ACL rules in traffic identifying and traffic
policing for the packet matching with the ACL rules and to set traffic policing
parameters.
Example To perform traffic policing for packets matching with ACL 4000 rules. Limit the rate
within 128 kbps and drop the packets exceeding the traffic limit, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] traffic-limit inbound link-group 4000 128
Description The command is used in traffic policing for packets matching with the specified ACL
rules. It is applicable only to ACL rules with permit action.
traffic shape
Purpose Use the traffic-shape command to enable traffic shaping and send the packets
out at an even rate.
Example To perform traffic shaping on the current port. Set the max rate to 650kbps and the
burst size to 12kbytes, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] traffic-shape 650 12
■ Traffic shaping for all the traffic of a port. The function can be implemented when
queue queue-id in the traffic-shape command is not specified.
■ Traffic shaping for the specified output queues. The function can be implemented
when queue queue-id in the traffic-shape command is specified.
Table 116 The granularity of traffic shaping
traffic-statistic
Purpose Use the traffic-statistic command to use ACL rules in traffic identifying and
perform traffic statistics on the packets matching with the ACL rules.
Example To perform traffic statistics on packets matching with ACL 2000 rules, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface gigabitEthernet1/0/1
[S4200G-GigabitEthernet1/0/1] traffic-statistic inbound ip-group 2000
■ System view
Description Use the display qos-interface traffic-statistic command to display the times of
hardware matching in packet forwarding.
udp-helper enable
Purpose Use the udp-helper enable command to enable the UDP Helper function.
Use the undo udp-helper enable command to disable the UDP Helper function.
Parameters None
<SW4200G>system-view
System View: return to User View with Ctrl+Z.
[SW4200G]udp-helper enable
■ System view
818 ● udp-helper port 3Com Switch 4200G Family
Command Reference
udp-helper port
Purpose Use the udp-helper port command to configure the UDP port with relay function.
Use the undo udp-helper port command to remove the UDP configuration.
Parameters port Specifies the ID of the UDP port with relay function to
be enabled. Valid values are 1 to 65535.
dns Domain name service, corresponding to UDP port 53.
netbios-ds NetBios datagram service, corresponding to UDP port
138.
netbios-ns NetBios name service, corresponding to UDP port 137.
tacacs TAC access control system, corresponding to UDP port
49.
tftp Trivial file transfer protocol, corresponding to UDP port
69.
time Time service, corresponding to UDP port 37.
Example To configure the UDP port with relay function as the UDP port corresponding to DNS,
enter the following:
<SW4200G>system-view
System View: return to User View with Ctrl+Z.
[SW4200G]udp-helper port dns
■ System view
3Com Switch 4200G Family udp-helper server ● 819
Command Reference
udp-helper server
Purpose Use the udp-helper server command to configure the relay destination server for
UDP broadcast packets.
Use the undo udp-helper server command to delete the relay destination server.
Example To configure the relay destination server with IP address 192.1.1.2, enter the
following:
<SW4200G>system-view
System View: return to User View with Ctrl+Z.
[SW4200G]interface vlan-interface 1
[SW4200G-Vlan-interface1]udp-helper server 192.1.1.2
undelete
Parameters file-url Path name or the file name of a file in the Flash,
comprised of a string from1 to 142 characters long.
■ User view
Description The file name to be recovered cannot be the same as an existing directory name. If
the destination file name is the same as an existing file name, a prompt will be
displayed asking whether to overwrite the existing file.
3Com Switch 4200G Family user ● 821
Command Reference
user
Example Log into the FTP server using the user account with the user name being
tom and the password being 111.
Description After logging into an FTP server, you can switch to another user by using the user
command.
822 ● user-interface 3Com Switch 4200G Family
Command Reference
user-interface
Purpose Using user-interface command to enter one or more user interface views to
perform configuration.
Parameters type Specifies the user interface type, which can be aux or
vty.
first-number Specifies the user interface index, which identifies the
first user interface to be configured.
last-number Specifies the user interface index, which identifies the
last user interface to be configured.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] user-interface vty 0
[S4200G-ui-vty0]
■ System view
3Com Switch 4200G Family user-name-format ● 823
Command Reference
user-name-format
Purpose Use the user-name-format command to set the format of the user names to be sent
to RADIUS server.
Default By default, except for the default RADIUS scheme "system", the user names sent to
RADIUS servers in any RADIUS scheme carry ISP domain names.
Example To specify that the user names sent to a RADIUS server in RADIUS scheme radius1
does not carry ISP domain names, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] radius scheme radius1
Description Note:
■ Generally, an access user is named in the userid@isp-name format. Where,
isp-name behind the @ character represents the ISP domain name, by which the
device determines which ISP domain it should ascribe the user to. However, some
old RADIUS servers cannot accept the user names that carry ISP domain names. In
this case, it is necessary to remove the domain names carried in the user names
before sending the user names to the RADIUS server. For this reason, the
user-name-format command is designed for you to specify whether or not ISP
domain names are carried in the user names sent to the RADIUS server.
■ For a RADIUS scheme, if you have specified that no ISP domain names are carried
in the user names, you should not use this RADIUS scheme in more than one ISP
domain. Otherwise, such errors may occur: the RADIUS server regards two
different users having the same name but belonging to different ISP domains as
the same user (because the user names sent to it are the same).
Purpose Use the user privilege level level command to configure the command
level that a user can access from the specified user interface.
Use the undo user privilege level command to restore the default
command level.
Parameters level Specifies the level of command that a user can access.
Valid values are 0 to 3.
Default By default, a user can access all commands at Level 3 after logging in through the
AUX user interface, and all commands at Level 0 after logging in through a VTY user
interface.
Example Configure that commands of level 0 are available to the users logging into VTY 0.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] user-interface vty0
[S4200G-ui-vty0] user privilege level 0
You can verify the above configuration by Telneting to VTY 0 and displaying the
available commands, as listed in the following.
<S4200G> ?
User view commands:
cluster Run cluster command
language-mode Specify the language environment
ping Ping function
quit Exit from current command view
super Privilege specified user priority level
telnet Establish one TELNET connection
tracert Trace route function
Description The user can use all the available commands at this command level.
3Com Switch 4200G Family verbose ● 825
Command Reference
verbose
Purpose Use the verbose command to enable the verbose function, which displays execution
and response information of other related commands.
Syntax verbose
undo verbose
Parameters None
virtual-cable-test
Purpose Use the virtual-cable-test command to enable the system to test the cable
connected to a specific port and to display the results.
Syntax virtual-cable-test
Parameters None
Default By default, the test of the connection cable of the Ethernet port is closed, that is, the
system does not test the cable connected to the Ethernet port.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet1/0/1
[S4200G-GigabitEthernet0/1] virtual-cable-test
Cable status: abnormal(open), 7 metres
Pair Impedance mismatch: yes
Pair skew: 4294967294 ns
Pair swap: swap
Pair polarity: normal
Insertion loss: 7 db
Return loss: 7 db
Near-end crosstalk: 7 db
Note:
■ If the cable is in normal state, the displayed length value is the total length of the
cable.
■ If the cable is in any other state, the displayed length value is the length from the
port to the faulty point.
The speed and undo speed commands cannot be configured on a combo port.
828 ● vlan 3Com Switch 4200G Family
Command Reference
vlan
CAUTION: The undo vlan all command cannot be used to remove the VLANs
kept by protocols, voice VLANs, the default VLANs (VLAN 1), management VLANs,
and the remote probe VLANs.
If the VLAN to be removed is the management VLAN, but not the default
management VLAN, VLAN 1 becomes the management VLAN after the VLAN is
removed.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan 1
[S4200G-vlan1]
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] undo vlan 2 to 9
This may delete all static VLAN except the VLAN kept by protocol, the
voice VLAN, the default VLAN, the management VLAN and the remote probe
VLAN.
[S4200G] display vlan
The following VLANs exist:
1(default), 5
3Com Switch 4200G Family vlan ● 829
Command Reference
■ System view
Description If the VLAN identified by the vlan-id argument does not exist, this command creates
the VLAN and then enters VLAN view.
830 ● vlan-assignment-mode 3Com Switch 4200G Family
Command Reference
vlan-assignment-mode
Purpose Use the vlan-assignment-mode command to set the VLAN assignment mode on
the switch.
Default By default, the VLAN assignment mode is integer. That is, the switch supports the
integer type of VLAN IDs assigned by RADIUS authentication server.
Example To set the VLAN assignment mode to string, enter the following:
Description Through dynamic VLAN assignment, the Ethernet switch dynamically adds the ports
of the successfully authenticated users to different VLANs depending on the attribute
values assigned by RADIUS server, so as to control the network resources the users
can access.
In actual application, to cooperate with Guest VLAN, port control is usually set to the
port-based mode. If it is set to the MAC address–based mode, each port can have
only one user end connected.
Currently, the switch supports the following two data types of VLAN ID assigned by
RADIUS authentication server:
■ Integer: If the RADIUS server assigns integer type of VLAN IDs, you can set the
VLAN assignment mode to integer on the switch (this is also the default mode on
the switch). Then, upon receiving an integer ID assigned by the RADIUS
authentication server, the switch adds the port to the VLAN whose VLAN ID is
equal to the assigned integer ID. If no such a VLAN exists, the switch first creates a
VLAN with the assigned ID, and then adds the port to the newly created VLAN.
■ String: If the RADIUS server assigns string type of VLAN IDs, you can set the VLAN
assignment mode to string on the switch. Then, upon receiving a string ID
assigned by the RADIUS authentication server, the switch compares the ID with
existing VLAN names on the switch. If it finds a match, it adds the port to the
corresponding VLAN. Otherwise, the VLAN assignment fails and the user cannot
pass the authentication.
3Com Switch 4200G Family vlan-assignment-mode ● 831
Command Reference
Note: In string mode, if the VLAN ID assigned by the RADIUS server is a character
string containing only digits (for example, 1024), the switch first regards it as an
integer VLAN ID: the switch transforms the string to an integer value and judges if the
value is in the valid VLAN ID range; if it is, the switch adds the authenticated port to
the VLAN with the value as the VLAN ID (VLAN 1024, for example).
vlan-mapping modulo
Purpose Use the vlan-mapping modulo command to map VLANs to specific spanning tree
instances.
Default By default, all VLANs in a network are mapped to the CIST (spanning tree instance 0).
Example To map VLANs to spanning tree instances using the modulo of 16, enter the
following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] stp region-configuration
[S4200G-mst-region] vlan-mapping modulo 16
Description MSTP uses VLAN mapping tables to describe VLAN-to-spanning tree instance
mappings. You can use this command to establish VLAN mapping tables and to map
VLANs to specific spanning tree instances.
Note that a VLAN cannot be mapped to multiple spanning tree instances at a time. A
VLAN-to-spanning tree instance mapping becomes invalid when you map the VLAN
to another spanning tree instance.
You can map large amounts of VLANs to specific spanning tree instances quickly by
using the vlan-mapping modulo modulo command. The ID of the spanning tree
instance to which a VLAN is mapped can be figured out by using the following
expression:
(VLAN ID-1) % modulo + 1
where (VLAN ID-1) % modulo yields the module of (VLAN ID-1) with regards to
modulo. For example, if you set the modulo argument to 16, VLAN 1 is mapped to
spanning tree instance 1, VLAN 2 is mapped to spanning tree instance 2, …, VLAN 16
is mapped to spanning tree instance 16, VLAN 17 is mapped to spanning tree
instance 1, and so on.
3Com Switch 4200G Family vlan-mapping modulo ● 833
Command Reference
vlan-vpn enable
Purpose Use the vlan-vpn enable command to enable the VLAN-VPN function for a port.
Use the undo vlan-vpn command to disable the VLAN-VPN function for a port.
undo vlan-vpn
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface Ethernet 1/0/1
[S4200G-Ethernet1/0/1] vlan-vpn enable
Description With the VLAN VPN function enabled, a received packet is tagged with the default
VLAN tag of the receiving port no matter whether or not the packet already carries a
VLAN tag. If the packet already carries a VLAN tag, the packet becomes a dual-tagged
packet. Otherwise, the packet becomes a packet carrying the default VLAN tag of the
port.
CAUTION: The VLAN-VPN function is unavailable if the port has any of the protocols
among GVRP, GMRP, STP, IRF, NTDP and 802.1x enabled.
CAUTION: If this port is a remote mirror reflection port, the VLAN-VPN function
cannot be enabled on the port.
3Com Switch 4200G Family vlan-vpn tpid ● 835
Command Reference
vlan-vpn tpid
Purpose Use the vlan-vpn tpid command to set a TPID value for a port. The setting takes
effect only when the VLAN-VPN or VLAN-VPN uplink function is enabled.
Use the undo vlan-vpn tpid command to restore the default TPID value.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface GigabitEthernet 1/0/2
[S4200G-GigabitEthernet 1/0/2] vlan-vpn tpid 12
Description Do not set the TPID value to a value that conflicts with the known protocol type
values (such as 0x0806, which is that of ARP packets). Otherwise, the packet may be
discarded.
vlan-vpn tunnel
Purpose Use the vlan-vpn tunnel command to enable the BPDU tunnel function.
Use the undo vlan-vpn tunnel command to disable the BPDU tunnel function.
Parameters None
Example To enable the BPDU tunnel function for the switch, enter the following:
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan-vpn tunnel
Note:
■ You must enable STP on a device before enabling the BPDU tunnel function on it.
■ The BPDU tunnel function is only available to access ports.
■ To implement the BPDU tunnel function, the links between operator networks
must be trunk links.
■ As the VLAN VPN function is unavailable to the ports with 802.1x, GVRP, GMRP,
STP, or NTDP employed, the BPDU tunnel function is unavailable to these ports.
■ System view
Description The BPDU tunnel function enables BPDUs to be transparently transmitted between
geographically dispersed user networks through specified VLAN VPNs in operator’s
networks, allowing spanning trees to be generated across these user networks and
keep independent of those of the operator’s networks.
3Com Switch 4200G Family vlan-vpn uplink enable ● 837
Command Reference
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G]interface Ethernet 1/0/2
[S4200G-Ethernet1/0/2] vlan-vpn uplink enable
VLAN-VPN uplink status: enabled
Description When sending a VLAN-VPN packet, a VLAN-VPN uplink port replaces the TPID value in
the outer VLAN tag of the packet with the customized TPID value. You can use the
vlan-vpn tpid command to set the TPID value used by the VLAN-VPN uplink port.
CAUTION: The vlan-vpn uplink enable command and the vlan-vpn enable
command are mutually exclusive. That is, if you execute the vlan-vpn
enable command on a port, you will fail to execute the vlan-vpn uplink
enable command on the same port. Similarly, if you execute the vlan-vpn
uplink enable command on a port, you will fail to execute the vlan-vpn
enable command on the same port.
838 ● voice vlan 3Com Switch 4200G Family
Command Reference
voice vlan
Purpose Use the voice vlan command to enable the voice VLAN function globally.
Use the undo voice vlan enable command to disable the voice VLAN function
globally.
Parameters vlan-id ID of the VLAN for which the voice VLAN function is to
be enabled. Valid values for this argument are from
2 to 4,094.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] vlan 2
[S4200G-vlan2] quit
[S4200G] voice vlan 2 enable
With the voice VLAN function enabled for VLAN 2, the following message appears if
you enable the voice VLAN function for another VLAN, for example, VLAN 4.
■ System view
Description Use the voice vlan command to enable the voice VLAN function globally.
Use the undo voice vlan enable command to disable the voice VLAN function
globally.
CAUTION:
■ Before enabling the voice VLAN function, make sure the VLAN for which the voice
VLAN function is to be enabled exists. Otherwise, you will fail to perform the
operation.
■ To remove a VLAN with the voice VLAN function enabled, you need to disable the
voice VLAN function first.
■ Only one VLAN can have the voice VLAN function enabled at a time.
Purpose Use the voice vlan aging command to set the aging time for a voice VLAN.
Use the undo voice vlan aging command to restore the default aging time for
a voice VLAN.
Parameters minutes Aging time (in minutes) to be set for a voice VLAN.
Valid values for this argument are from 5 to 43,200.
If not specified, the default is 1,440.
Example Set the aging time of the voice VLAN to 100 minutes.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] voice vlan aging 100
■ System view
Purpose Use the voice vlan enable command to enable the voice VLAN function for a
port.
Use the undo voice vlan enable command to disable the voice VLAN function
for a port.
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface ethernet1/0/2
[S4200G-Ethernet1/0/2] voice vlan enable
Description The voice VLAN function takes effect on a port only when it is enabled in both system
view and port view. Note that the operation to enable the voice VLAN function for a
port is independent of that to enable the function globally.
Purpose Use the voice vlan mac-address command to set a MAC address used for a
voice VLAN to identify voice devices.
Use the undo voice vlan mac-address command to remove a MAC address
used to identify voice devices.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] voice vlan mac-address 00aa-bb00-0000 mask ffff-ff00-0000
description ABC
■ System view
Description A switch can use up to 16 MAC addresses to identify voice devices, including the four
default MAC addresses (as listed in Table 2-2). When the number of MAC addresses
reaches 16, you will fail to add new MAC addresses.s
Table 119 Default OUI address
Purpose Use the voice vlan mode auto command to configure an Ethernet port to
operate in the automatic voice VLAN mode.
Use the undo voice vlan mode auto command to configure an Ethernet port
to operate in the manual voice VLAN mode.
Parameters None
Default By default, an Ethernet port operates in the automatic voice VLAN mode.
Example Configure Ethernet 1/0/2 port to operate in the manual voice VLAN mode.
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] interface ethernet 1/0/2
[S4200G-Ethernet1/0/2] undo voice vlan mode auto
Description Use the voice vlan mode auto command to configure an Ethernet port to
operate in the automatic voice VLAN mode.
Use the undo voice vlan mode auto command to configure an Ethernet port
to operate in the manual voice VLAN mode.
These two commands are valid only before you enable the voice VLAN function
globally.
Purpose Use the voice vlan security enable command to enable the voice VLAN
security mode.
Use the undo voice vlan security enable command to disable the voice
VLAN security mode.
Parameters None
<S4200G> system-view
System View: return to User View with Ctrl+Z.
[S4200G] undo voice vlan security enable
■ System view
Description In the voice VLAN security mode, the ports in a voice VLAN and with voice devices
attached to can only forward voice data. Data packets with their MAC addresses not
among the OUI addresses that can be identified by the system will be dropped. This
mode has no effects on other VLANs.
These two commands are valid only before you enable the voice VLAN function
globally.
802.1x
display debugging habp 157
display dot1x 171
display habp 182
display habp table 183
display habp traffic 184
dot1x 332
dot1x authentication-method 334
dot1x dhcp-launch 335
dot1x guest-vlan 336
dot1x max-user 338
dot1x port-control 340
dot1x port-method 342
dot1x quiet-period 344
dot1x retry 345
dot1x retry-version-max 346
dot1x timer 347
dot1x version-check 349
habp enable 374
habp server vlan 375
habp timer 376
reset dot1x statistics 595
smarton 671
smarton password 672
smarton switchid 673
smarton timer 674
A
key 421
level 428
local-server 431
messenger 463
name 476
nas-ip 477
primary accounting 538
primary authentication 540
radius nas-ip 579
radius trap 583
radius-scheme 580
reset radius statistics 601
reset stop-accounting-buffer 605
retry realtime-accounting 613
retry stop-accounting 615
scheme 648
secondary accounting 651
secondary authentication 652
self-service-url 654
server-type 657
state 717, 720
stop-accounting-buffer enable 722
timer 802
timer quiet 803
timer realtime-accounting 804
timer response-timeout 806
user-name-format 823
vlan-assignment-mode 830
ACL
acl 22
description 114
display acl 126
display packet-filter 257
display time-range 316
packet-filter 506
rule (Advanced ACL) 634
rule (Basic ACL) 638
rule (Layer 2 ACL) 641
rule comment 640
time-range 799
ARP
arp check enable 31
arp static 32
arp timer aging 34
debugging arp packet 96
display arp 128
display arp count 130
display arp timer aging 131
gratuitous-arp learning enable 371
reset arp 593
Auto-detect
ip route-static 418
retry 612
3Com Switch 4200G Family ● 847
Command Reference
Centralized MAC
display mac-authentication 241
mac-authentication 453
mac-authentication authmode 455
mac-authentication authpassword 456
mac-authentication authusername 457
mac-authentication domain 458
mac-authentication timer 459
CLI
command-privilege level 86
display history-command 185
super 776
super password 778
Cluster
add-member 25
administrator-address 27
auto-build 43
black-list add-mac 46
black-list delete-mac 47
build 55
cluster 70
cluster enable 71
cluster switch-to 83
cluster switch-to-sysname 84
cluster-local-user 72
cluster-mac 73
cluster-mac syn-interval 74
cluster-snmp-agent community 75
cluster-snmp-agent group v3 77
cluster-snmp-agent mib-view included 79
cluster-snmp-agent usm-user v3 81
delete-member 109
display cluster 139
display cluster base-topology 141
display cluster black-list 142
display cluster candidates 143
display cluster current-topology 145
display cluster members 147
display ntdp single-device mac-address 251
ftp cluster 362
holdtime 381
ip-pool 415
logging-host 437
management-vlan 460
management-vlan synchronization enable 461
nm-interface vlan-interface 481
reboot member 585
snmp-host 702
tftp cluster get 793
tftp cluster put 794
timer 801
topology accept 807
topology restore-from 808
848 ● 3Com Switch 4200G Family
Command Reference
DHCP
accounting domain 16
address-check 26
debugging dhcp-relay 98
dhcp relay information enable 115
dhcp relay information strategy 116
dhcp-security static 117
dhcp-server 118
dhcp-server ip 119
display dhcp-security 160
display dhcp-server 161
display dhcp-server intervace vlan-interface 163
display dhcp-snooping 164, 165
display dhcp-snooping trust 166, 167
DLDP
debugging DLDP 100
E
EAD
security-policy-server 653
Ethernet Switch
acl 21
authentication-mode 40
auto-execute command 44
databits 93
display user-interface 320
display users 322
free user-interface 359
free web-users 360
header 377
history-command max-size 380
idle-timeout 383
ip http acl 414
jumboframe enable 420
lock 436
parity 507
protocol inbound 546
screen-length 650
send 656
service-type 660
set authentication password 663
3Com Switch 4200G Family ● 849
Command Reference
shell 668
snmp-agent community 676
snmp-agent group 678
snmp-agent usm-user 696
speed 703
stopbits 723
sysname 780
telnet 786
user privilege level 824
user-interface 822
F
FTP
ascii 35
binary 45
bye 57
cd 60
cdup 62
close 69
delete 107
dir 122
disconnect 125
display ftp-server 176
display ftp-user 177
ftp 361
ftp server 363
ftp server enable 364
ftp timeout 365
get 370
lcd 427
ls 444
mkdir 471
open 504
passive 508
put 553
850 ● 3Com Switch 4200G Family
Command Reference
pwd 556
quit 577
remotehelp 588
rename 592
rmdir 620
user 821
verbose 825
G
IGMP
display igmp-snooping configuration 188
display igmp-snooping group 189
display igmp-snooping statistics 190
display mac-address multicast static 239
gmp-snooping fast-leave 386
gmp-snooping max-response-time 391
igmp host-join vlan 384
igmp-snooping 385
igmp-snooping group-limit 387
igmp-snooping group-policy 388
igmp-snooping host-aging-time 390
igmp-snooping router-aging-time 392
mac-address multicast interface vlan 449
mac-address multicast vlan 450
service-type multicast 662
Information Center
display channel 137
display info-center 191
display logbuffer 232
display logbuffer summary 234
display trapbuffer 318
info-center channel name 393
info-center console channel 394
info-center enable 395
info-center logbuffer 396
info-center monitor channel 397
info-center snmp channel 398
info-center source 399
info-center synchronous 403
info-center timestamp 404
info-center trapbuffer 405
reset logbuffer 599
reset trapbuffer 611
terminal debugging 787
terminal logging 789
3Com Switch 4200G Family ● 851
Command Reference
Link Aggregation
display link-aggregation interface 224
display link-aggregation summary 226
display link-aggregation verbose 227
lacp enable 423
lacp port-priority 424
lacp system-priority 425
link-aggregation group agg-id description 429
link-aggregation group agg-id mode 430
port link-aggregation group 520
Loopback Detection
display-loopback-detection 235
M
Management VLAN
debugging dhcp client 97
description 113
display bootp client 134
display dhcp client 159
display interface VLAN-interface 196
display ip host 197
display ip interface vlan-interface 198
display ip routing-table 200
display ip routing-table acl 201
display ip routing-table ip address 204
display ip routing-table ip address1 ip address2 208
display ip routing-table ip-prefix 210
display ip routing-table statistics 216
display ip routing-table verbose 217
interface VLAN-interface 409
ip address 410
ip address bootp-alloc 411
ip address dhcp-alloc 412
ip host 413
shutdown 670
Mirroring
display mirroring-group 244
mirroring group 464
mirroring-group mirroring-port 465
mirroring-group reflector-port 466
mirroring-group remote-probe vlan 467
mirroring-port 468
monitor-port 472
remote-probe vlan 587
852 ● 3Com Switch 4200G Family
Command Reference
MSTP
active region-configuration 24
check region-configuration 63
display stp 309
display stp region-configuration 311
instance 406
region-name 586
reset stp 607
revision-level 617
stp 724
stp bpdu-protection 725
stp bridge-diameter 726
stp config-digest-snooping 727
stp cost 729
stp edged-port 730
stp interface 732
stp interface config-digest-snooping 734
stp interface cost 736
stp interface edged-port 738
stp interface loop protection 740
stp interface mcheck 742
stp interface no-agreement-check 743
stp interface point-to-point 744
stp interface port priority 746
stp interface root-protection 748
stp interface transmit-limit 750
stp loop-protection 752
stp max-hops 753
stp mcheck 754
stp mode 755
stp no-agreement-check 756
stp pathcost-standard 757
stp point-to-point 759
stp port priority 761
stp priority 762
stp region-configuration 763
stp root primary 764
stp root secondary 767
stp root-protection 766
stp tc-protection 769
stp timer forward-delay 771
stp timer hello 773
stp timer max-age 774
stp timer-factor 770
stp transmit-limit 775
vlan-mapping modulo 832
vlan-vpn tunnel 836
Multicast Protocol
display igmp-snooping configuration 188
display igmp-snooping group 189
display igmp-snooping statistics 190
igmp-snooping 385
igmp-snooping group-limit 387
igmp-snooping group-policy 388
igmp-snooping router-aging-time 392
reset igmp-snooping statistics 597
service-type multicast 662
3Com Switch 4200G Family ● 853
Command Reference
NDP
display ndp 246
ndp enable 478
ndp timer aging 479
ndp timer hello 480
reset ndp statistics 600
Network Protocol
arp check enable 31
reset ip statistics 598
NTDP
display ntdp 249
display ntdp device-list 250
ntdp enable 482
ntdp explore 483
ntdp hop 484
ntdp timer 485
ntdp timer hop-delay 486
ntdp timer port-delay 487
NTP
debugging ntp-service 101
display ntp-service sessions 253
display ntp-service status 255
display ntp-service trace 256
ntp-service access 488
ntp-service authentication enable 490
ntp-service authentication-keyid 491
ntp-service broadcast-client 492
ntp-service broadcast-server 493
ntp-service in-interface disable 494
ntp-service max-dynamic sessions 495
ntp-service multicast-client 496
ntp-service multicast-server 497
ntp-service source-interface 499
ntp-service unicast-peer 500
ntp-service unicast-server 502
P
Password Control
password 509
Port
am user-bind 28
broadcast-suppression 54
copy configuration 88
description 111
display am user-bind 127
display brief interface 135
display interface 193
display isolate port 222
display lacp system-id 223
854 ● 3Com Switch 4200G Family
Command Reference
QoS
apply qos-profile 29
apply qos-profile interface 30
display protocol-priority 262
display qos cos-drop-precedence-map 263
display qos cos-dscp-map 264
display qos cos-local-precedence-map 265
display qos dscp-cos-map 266
display qos dscp-drop-precedence-map 267
display qos dscp-dscp-map 268
display qos dscp-local-precedence-map 269
display qos-interface all 270
display qos-interface priority-trust 272
display qos-interface traffic-limit 273
display qos-interface traffic-shape 274
display qos-interface traffic-statistic 275
display qos-profile 276
display queue-scheduler 277
packet-filter 505
priority 542
priority trust 543
protocol-priority protocol-type 547
qos cos-drop-precedence-map 557
qos cos-dscp-map 559
qos cos-local-precedence-map 561
qos dscp-cos-map 563
3Com Switch 4200G Family ● 855
Command Reference
RMON
display rmon alarm 282
display rmon event 283
display rmon eventlog 284
display rmon prialarm 286
display rmon statistics 287
rmon alarm 621
rmon event 623
rmon history 624
rmon prialarm 625
rmon statistics 628
Routing Protocol
delete static-routes all 110
display ip routing-table protocol 213
display ip routing-table radix 215
ip route-static 416, 418
S
SNMP
debugging snmp-agent 103
display snmp-agent community 294
display snmp-agent group 295
display snmp-agent mib-view 296
display snmp-agent statistics 298
display snmp-agent sys-info 300
display snmp-agent trap-list 301
display snmp-agent usm-user 302
enable snmp trap updown 352
snmp-agent 675
snmp-agent community 677
snmp-agent group 680
snmp-agent local-engineid 682
snmp-agent log 683
snmp-agent mib-view 684
snmp-agent packet max-size 685
snmp-agent sys-info 686
snmp-agent target-host 687
snmp-agent trap enable 689
snmp-agent trap life 691
snmp-agent trap queue-size 692
snmp-agent trap source 693
snmp-agent usm-user 698
856 ● 3Com Switch 4200G Family
Command Reference
SSH
bye 56
cd 58
cdup 61
dir 124
display rsa local-key-pair public 288
display rsa peer-public-key 289
display ssh server 303
display ssh server-info 304
display ssh user-information 305
exit 355
get 369
help 379
ls 443, 444
mkdir 469, 471
peer-public-key end 511
protocol inbound 545
public-key-code begin 548, 549
public-key-code end 550, 551
put 552
pwd 554
quit 575, 576
remove 589
rename 590
rmdir 618
rsa local-key-pair create 629
rsa local-key-pair destroy 631
rsa peer-public-key 632, 633
sftp 664
sftp server enable 666
sftp time-out 667
ssh client assign rsa-key 705
ssh client first-time enable 706
ssh server authentication-retries 707
ssh server timeout 708
ssh user assign rsa-key 709
ssh user authentication-type 710
ssh user service-type 712
ssh2 713
Static Route
delete static-routes all 110
ip route-static 416
System Access
free user-interface 359
return 616
service-type 658
System Maintenance
boot boot-loader 50
boot bootrom 52
clock datetime 65
clock summer-time 66
clock timezone 68
debugging 95
display boot-loader 133
3Com Switch 4200G Family ● 857
Command Reference
System Management
debugging 94, 95
debugging ntp-service 101
display cpu 292
display rmon history 285
display rmon prialarm 286
display snmp-agent 293
end-station polling ip-address 353
execute 354
mac-address max-mac-count 448
snmp-agent usm-user 700
T
TFTP
tftp get 795
tftp put 796
tftp-server 797
U
UDP Helper
debugging udp-helper 104
display udp-helper server 319
udp-helper enable 817
udp-helper port 818
udp-helper server 819
V
VLAN
description 112
858 ● 3Com Switch 4200G Family
Command Reference
VLAN-VPN
display port vlan-vpn 261
vlan-vpn enable 834
vlan-vpn tpid 835
vlan-vpn uplink enable 837
Voice VLAN
display vlan 325
display voice vlan oui 328
display voice vlan status 329
voice vlan 838
voice vlan aging 839
voice vlan enable 840
voice vlan mac-address 841
voice vlan mode 842
voice vlan security enable 843
3COM SWITCH 4200G FAMILY
QUICK REFERENCE GUIDE
Overview
This Command Reference applies to the following Switch 4200G models:
Switch 4200G 12-Port (3CR17660-91) Switch 4200G 48-Port FX (3CR17662-91)
Switch 4200G 24-Port (3CR17661-91) Switch 4200G 1-Port 10Gigabit Module (XFP) (3C17666)
■ When initially accessing the command line interface, press Enter when prompted. The User View menu for the unit
displays. This is indicated by the chevron brackets around the name of the unit at the prompt, for example,
<sw4200G>.
■ When in the System View menu, square brackets appear around the name of the unit at the prompt, for example,
[sw4200G].
■ You must be in the System View menu to access the configurable CLI commands.
■ Some commands can be entered directly at any prompt from anywhere in the interface.
■ If you enter part of a command followed by a ? (with no space between), the CLI will show you all the commands
that begin in that way.
■ The term ‘view’ may be used interchangeably with the term ‘menu’.
■ The undo command is placed before the command you wish to undo, for example, undo setauthentication password.
■ <CTRL-A> places the cursor back to the start of the command line.
■ Enter the first few characters of a command and press TAB to enter the full command without having to input the
entire command (where there is only one command that starts with the entered characters).
■ Use the Up Arrow key at the prompt to repeat the previous command string.
■ Use the Delete key to delete the character after the cursor; the Backspace key deletes the character before the cursor.
■ When entering physical port numbers, Enter the port number as x/0/z, where x is the unit number and z is the
physical port number.
At the prompt, enter the name of the command followed by a space and ?. For example:
<sw4200G>boot ?
<sw4200G>boot boot-loader ?
Press <CTRL-Z>.
Obtaining Help
Further Information
For further information about how to use the command line interface, refer to the Command Reference Guide and
the Configuration Guide, which are both available as PDF documents on the CD that accompanied the unit.
Commands
access-limit
Use the access-limit command to set the maximum number of access users that can be contained in
current ISP domain.
ISP Domain view
accounting
Use the accounting command to configure an accounting scheme for the current ISP domain.
ISP Domain view
accounting domain
Use the accounting domain command to enable the DHCP accounting function.
DHCP Address Pool view
accounting-on enable
Use the accounting-on enable command to enable user re-authentication upon device restart function.
RADIUS Scheme view
accounting optional
acl
Use the acl command to reference ACL and implement the ACL control to the TELNET users.
User Interface view
acl
Use the acl command to define an ACL identified by a number, and enter the corresponding ACL View.
System view
active region-configuration
Use the active region-configuration command to activate the settings of an MST (multiple spanning
tree) region.
MST Region view
add-member
Use the address-check command to enable or disable DHCP relay security on a VLAN interface, so as to
start or stop the validity check on user addresses under the VLAN interface.
VLAN Interface view
administrator-address
Use the administrator-address command to store the MAC address of the management device on a
member device.
Cluster view
am user-bind
Use the am user-bind command to bind the MAC and IP addresses of a legal user to a specified port.
System view
Ethernet Port view
apply qos-profile
Use the apply qos-profile command to manually apply the QoS profile to the current port.
Ethernet Port view
apply qos-profile interface
Use the apply qos-profile interface command to manually apply a QoS profile to one or more
consecutive ports.
System view
arp check enable
Use the arp check enable command to enable the ARP entry checking function, that is, to disable a switch
from creating multicast MAC address ARP entries for MAC addresses learned.
System view
arp static
Use the arp static command to configure the static ARP mapping entries in the ARP mapping table.
System view
arp timer aging
Use the arp timer aging command to configure the aging time for dynamic ARP mapping entries.
System view
ascii
Use the ascii command to configure data transmission mode as ASCII mode.
FTP Client view
attribute
Use the attribute command to configure attributes of a user whose service type is lan-access.
Local User view
authentication
Use the authentication command to configure an authentication scheme for the current ISP domain.
ISP Domain view
authentication-mode
Use the authorization none command to allow users in the current ISP domain to use network services
without being authorized.
ISP Domain view
4 3Com Switch 4200G Family
Command Reference
auto-build
Use the auto-execute command command to set the command that is executed automatically after a user
logs in.
User Interface view
binary
Use the binary command to specify that files be transferred in binary mode. That is, data is transferred in
binary streams.
FTP Client view
black-list add-mac
Use the black-list add-mac command to add a device into the blacklist.
Cluster view
black-list delete-mac
Use the black-list delete-mac command to delete a device from the blacklist.
Cluster view
boot attribute-switch
Use the boot attribute-switch command to switch between the main and backup attribute for all the files
or a specified type of files. This changes a file with the main attribute to one with the backup attribute, or
vice versa.
User view
boot boot-loader
Use the boot boot-loader command to configure an app file to be of the main attribute. The app file
specified by this command becomes the main startup file when the device starts the next time.
User view
boot boot-loader
Use the boot boot-loader command to specify the host software that will be adopted when the current
switch or a specified switch in the fabric reboots next time.
User view
boot boot-loader backup-attribute
Use the boot boot-loader backup-attribute command to configure an app file to be of the backup
attribute.
User view
boot bootrom
Use the boot web-package command to configure a Web file to be of the main or backup attribute.
User view
broadcast-suppression
Use the broadcast-suppression command to define the broadcast traffic ratio allowed on one port or each
of the ports.
System view
build
Use the build command to configure a cluster with the current switch as the management device. Argument
name specifies the name of the cluster.
Cluster view
bye
Use the bye command to terminate the connection to the remote SFTP server and return to system view.
SFTP Client view
bye
Use the bye command to terminate the control connection and data connection with the remote FTP server
and quit to user view.
FTP Client view
cd
Use the cd command to change the current path on the remote SFTP server.
SFTP Client view
3Com Switch 4200G Family 5
Command Reference
cd
Use the cd command to change the work path on the remote FTP server.
FTP Client view
cdup
Use the check region-configuration command to display the configurations of the MST regions that are
not activated.
MST Region view
clock datetime
Use the clock datetime command to set the current system time and date.
User view
clock summer-time
Use the clock summer-time command to set the name, time range, and offset of the daylight saving time.
User view
clock timezone
Use the clock timezone command to set local time zone information.
User view
close
Use the close command to terminate an FTP connection without quitting FTP client view.
FTP Client view
cluster
Use the cluster enable command to enable the cluster function on a switch.
System view
cluster-local-user
Use the cluster-local-user command to configure a Web username and password for all cluster
members.
Cluster view
cluster-mac
Use the cluster-mac command to configure a multicast MAC address for cluster management. Run this
command only on the management device only.
Cluster view
cluster-mac syn-interval
Use the cluster-mac syn-interval command to set the interval for the management device to send
multicast packets. This command can be executed on the management device only.
Cluster view
cluster-snmp-agent community
Use the cluster-snmp-agent community command to configure a SNMP community for a cluster to enable
SNMP access.
Cluster view
cluster-snmp-agent group v3
Use the cluster-snmp-agent group command to configure a SNMP group for a cluster to map SNMP
users to the SNMP view.
Cluster view
cluster-snmp-agent mib-view included
Use the cluster-snmp-agent mib-view command to create or update the information about the MIB view
configured for a cluster.
Cluster view
6 3Com Switch 4200G Family
Command Reference
cluster-snmp-agent usm-user v3
Use the cluster-snmp-agent usm-user v3 command to add an account to the SNMPV3 group configured
for a cluster.
Cluster view
cluster switch-to
Use the cluster switch-to command to switch between the management device and member devices
for configuration and management.
User view
cluster switch-to sysname
Use the cluster switch-to sysname command to switch between the master device and a member
device.
User view
command-privilege level
Use the command-privilege level command to set the level of the specified command in a specified view.
System view
copy
Use the copy configuration command to copy the configuration of a specific port to other ports, to ensure
consistent configuration.
System view
cut connection
Use the cut connection command to cut the connection a user or a category of users by force.
System view
data-flow-format
Use the data-flow-format command to set the units of measure for the data flow sent to the RADIUS
Server.
RADIUS Scheme view
databits
Use the databits command to set the databits for the user interface.
User Interface view
debugging
Use the debugging dhcp client command to enable debugging for the DHCP client/BOOTP client.
User view
debugging dhcp-relay
Use the debugging dldp command to enable specific debugging for DLDP on all ports with DLDP enabled.
User view
debugging ntp-service
Use the debugging ntp-service command to debug different NTP (network time protocol) services.
User view
debugging radius
Use the debugging radius command to enable the debugging for RADIUS protocol.
User view
debugging snmp-agent
debugging udp-helper
Use the delete command to delete the specified file from the server.
SFTP Client view
delete
Use the delete-member command to remove a member device from the cluster.
Cluster view
delete static-routes all
Use the delete static-routes all command to delete all the static routes.
System view
description
Use the description command to assign a description string for the VLAN.
Use the undo description command to restore the default description string.
VLAN view
description
Use the description command to assign a description string to a VLAN or a VLAN interface.
VLAN view
VLAN Interface view
description
Use the description command to define the description information of an ACL to describe the specific
purpose of the ACL.
Basic ACL view
Advanced ACL view
Layer 2 ACL view
dhcp relay information enable
Use the dhcp relay information enable command to enable option 82 supporting on a DHCP relay,
through which you can enable the DHCP relay to insert option 82 into DHCP request packets sent to a
DHCP server.
System view
dhcp relay information strategy
Use the dhcp relay information strategy command to instruct a DHCP relay to perform specified
operations to DHCP request packets that carry option 82.
System view
dhcp-security static
Use the dhcp-security static command to configure a static user address entry.
System view
dhcp-server
Use the dhcp-server command to map the current VLAN interface to a DHCP server group.
VLAN Interface view
dhcp-server ip
Use the dhcp-server ip command to configure the DHCP server IP address(es) in a specified DHCP
server group.
System view
dir
Use the dir command to display the information about the specified files or directories on a switch.
User view
8 3Com Switch 4200G Family
Command Reference
dir
Use the dir command to display the files in the specified directory.
SFTP Client view
disconnect
Use the disconnect command to terminate a FTP connection without quitting FTP client view.
FTP Client view
display acl
Use the display acl command to view the detailed configuration information of an ACL, including each
rule and its number as well as the number and size in bytes of the data packets that match the statement.
Any view
display am user-bind
Use the display am command to view whether address management is enabled and to display IP address
pool configuration.
Any view
display arp
Use the display arp command to display the ARP mapping table entries by entry type, or by a specified
IP address.
Any view
display arp count
Use the display arp count command to display the number of the specified type of ARP mapping entries.
Any view
display arp timer aging
Use the display arp timer aging command to view the current setting of the dynamic ARP aging timer.
Any view
display boot-loader
Use the display boot-loader command to display the information about the app startup files of a switch,
including the current app startup file name, the main and backup app startup files to be used when the switch
starts the next time.
Any view
display boot-loader
Use the display boot-loader command to display the host software (.bin file) that will be adopted when
the switch reboots.
Any view
display bootp client
Use the display bootp client command to display BOOTP client-related information, including the MAC
address of the BOOTP client and the IP address obtained.
Any view
display brief interface
Use the display brief interface command to display the configuration information about one specific
or all ports in brief, including the port type, connection state, connection rate, duplex attribute, link type and
default VLAN ID.
Any view
display channel
Use the display channel command to display the details about the information channel.
Any view
display clock
Use the display clock command to display the current date and time of the system, so that you can adjust
them if they are wrong.
Any view
display cluster
Use the display cluster command to display the state and basic configuration information of the cluster
that contains the current switch.
Any view
display cluster base-topology
Use the display cluster topology command to display the standard topology view of the cluster.
Any view
3Com Switch 4200G Family 9
Command Reference
Use the display cluster black-list command to display the current blacklist of the cluster.
Any view
display cluster candidates
Use the display cluster candidates command to display candidate devices of a cluster.
Any view
display cluster current-topology
Use the display cluster current topology command to display the current topology view or the topology
path between two points.
Any view
display cluster members
Use the display cluster members command to display the information about cluster members.
Any view
display connection
Use the display connection command to view the information for a specified connection type.
Any view
display cpu
Use the display cpu command to display CPU usage of a specified switch.
Any view
display current-configuration
Use the display current-configuration command to display the current configuration of a switch.
Any view
display debugging
Use the display debugging command to display the enabled debugging on a specified device.
Any view
display debugging habp
Use the display debugging habp command to display the state of HABP debugging.
Any view
display device
Use the display device command to display the information, such as the module type and operating
status, about each board (main board and sub-board) of a specified switch.
Any view
display dhcp client
Use the display dhcp client command to display the DHCP client-related information.
Any view
display dhcp-security
Use the display dhcp-security command to display one or all user address entries, or a specified type
of user address entries in the valid user address table of a DHCP server group.
Any view
display dhcp-server
Use the display dhcp-server command to display information about a specified DHCP server group.
Any view
display dhcp-server interface vlan-interface
Use the display dhcp-server interface vlan-interface command to display information about the
DHCP server group to which a VLAN interface is mapped.
Any view
display dhcp-snooping
Use the display dhcp-snooping command to display the user IP-MAC address mapping entries recorded
by the DHCP snooping function.
Any view
display dhcp-snooping
Use the display dhcp-snooping command to display the correspondence between user IP addresses and
MAC addresses recorded by the DHCP snooping function.
Any view
display dhcp-snooping trust
Use the display dhcp-snooping trust command to display the (enabled/disabled) state of the DHCP
snooping function and the trusted ports.
Any view
10 3Com Switch 4200G Family
Command Reference
Use the display dhcp-snooping trust command to display the DHCP-Snooping state and information
on trusted ports.
Any view
display diagnostic-information
Use the display diagnostic-information command to display the system diagnostic information, or save
the system diagnostic information to a file (with a suffix of "diag") in the flash memory.
Any view
display domain
Use the display domain command to view the configuration information of a specified ISP domain or
display the summary information of all ISP domains.
Any view
display dot1x
Use the display dot1x command to view the relevant information of 802.1x.
Any view
display fib
Use the display fib command to view the summary of the forwarding information base.
Any view
display ftp-server
Use the display ftp-server command to display the FTP server-related settings of a switch when it
operates as an FTP server.
You can use this command to verify FTP server-related configurations.
Any view
display ftp-user
Use the display ftp-user command to display the settings of the current FTP user, including the user
name, host IP address, port number, connection idle time, and authorized directory.
Any view
display garp statistics
Use the display garp statistics command to display the GARP statistics on specified (or all) ports.
Any view
display garp timer
Use the display garp timer command to display the values of the GARP timers on specified or all ports.
Any view
display gvrp statistics
Use the display gvrp statistics command to display the GVRP statistics about specified (or all) Trunk
ports.
Any view
display gvrp status
Use the display gvrp status command to display the enable/disable status of global GVRP.
Any view
display habp
Use the display habp command to display HABP configuration and status information.
Any view
display habp table
Use the display habp table command to display the MAC address table maintained by HABP.
Any view
display habp traffic
Use the display habp traffic command to display statistics on HABP packets.
Any view
display history-command
Use the display icmp statistics command to view the statistics information about ICMP packets.
Any view
display igmp-snooping configuration
Use the display igmp-snooping configuration command to display the configuration information about
IGMP Snooping.
Any view
3Com Switch 4200G Family 11
Command Reference
Use the display igmp-snooping group command to display information about the IP and MAC multicast
groups under one VLAN (with vlan vlan-id) or all VLANs (without vlan vlan-id).
Any view
display igmp-snooping statistics
Use the display igmp-snooping statistics command to display the message statistics about IGMP
Snooping.
Any view
display info-center
Use the display info-center command to display system log settings and memory buffer record statistics.
Any view
display interface
Use the display interface command to view the configuration information on the selected interface.
Any view
display interface VLAN-interface
Use the display interface vlan-interface command to display the information about the management
VLAN interface, including the physical and link status, the format of the sent frames, the MAC address, IP
address (and subnet mask), description string and MTU (maximum transmit unit) of the management VLAN.
Any view
display ip host
Use the display ip host command to display all host names and their corresponding IP addresses.
Any view
display ip interface vlan-interface
Use the display ip interface vlan-interface command to view information on the specified interface.
Any view
display ip routing-table
Use the display ip routing-table command to display the summary information about the routing table.
Any view
display ip routing-table acl
Use the display ip routing-table acl command to display the routes permitted by the specified basic
ACL.
Any view.
display ip routing-table ip-address
Use the display ip routing-table ip-address command to display the information about the routes
leading to the destination.
Any view
display ip routing-table ip-address1 ip-address2
Use the display ip routing-table ip-address1 ip-address2 command to display the information
about the routes with their destinations within the specified destination IP address range.
Any view
display ip routing-table ip-prefix
Use the display ip routing-table ip-prefix command to display the information about the routes
matching a specified IP prefix list.
Any view
display ip routing-table protocol
Use the display ip routing-table protocol command to display the information about specific routes.
Any view
display ip routing-table radix
Use the display ip routing-table radix command to view the route information in a hierarchical (tree)
structure.
Any view
display ip routing-table statistics
Use the display ip routing-table statistics command to display the statistics of a routing table.
Any view
display ip routing-table verbose
Use the display ip routing-table verbose command to display the detailed information about a routing
table.
Any view
12 3Com Switch 4200G Family
Command Reference
display ip socket
Use the display ip socket command to display the information about the sockets in the current system.
Any view
display ip statistics
Use the display ip statistics command to view the statistics information about IP packets.
Any view
display isolate port
Use the display isolate port command to display the information about the Ethernet ports added to an
isolation group.
Any view
display lacp system-id
Use the display lacp system-id command to view actor system ID, including system priority and system
MAC address.
Any view
display link-aggregation interface
Use the display link-aggregation interface command to display the link aggregation details about a
specified port or port range.
Any view
Use the display link-aggregation interface command to display the link aggregation details about a
specified port or port range, including:
display link-aggregation summary
Use the display link-aggregation summary command to display summary information of all aggregation
groups, including device ID of the local end, aggregation group ID, aggregation group type, device ID of the
remote end, number of the selected ports, number of the unselected ports, load sharing type and master
port number.
Any view
display link-aggregation verbose
Use the display link-aggregation verbose command to display the details about a specified
aggregation group.
Any view
display local-server statistics
Use the display local-server statistics command to view the statistics of all local RADIUS
authentication server.
Any view
display local-user
Use the display local-user command to view information about all the local users or the specified
one(s).
Any view
display logbuffer
Use the display logbuffer command to display the status of the log buffer and the records in the log
buffer.
Any view
display logbuffer summary
Use the display logbuffer summary command to display the summary of the log buffer.
Any view
display-loopback-detection
Use the display loopback-detection command to display the loopback detection status on the port.
Any view
display mac-address
Use the display mac-address command to display MAC address table information.
Any view
display mac-address aging-time
Use the display mac-address aging-time command to display the aging time of the dynamic entry in the
MAC address table.
Any view
display mac-address multicast static
Use the display mac-address multicast static command to display the multicast MAC address entries
manually configured on the switch, with each entry containing the following information: multicast MAC
address, VLAN ID, MAC address state, port number(s), and aging time of each port.
Any view
3Com Switch 4200G Family 13
Command Reference
Use the display mac-address security command to display the information about Security MAC address.
Any view
display mac-authentication
Use the display mac-authentication command to display global information about centralized MAC
address authentication
Any view
display memory
Use the display memory command to display the memory usage of a specified switch.
Any view
display mirroring-group
Use the display mirroring-group command to display the parameter settings of a port mirroring group.
Any view
display ndp
Use the display ndp command to display global NDP configuration information, including the interval to
send NDP packets, the holdtime of NDP information, and the information about the neighbors of all the
ports.
Any view
display ntdp
Use the display ntdp command to display the global NTDP information. The information includes the
range (in hop count) within which topology information is collected, the interval to collect topology
information (the NTDP timer), the delay time for a device to forward topology-collection requests, the delay
time for a topology-collection request to be forwarded through a port, and the time cost during the last
topology collection.
Any view
display ntdp device-list
Use the display ntdp device-list command to display the device information collected through NTDP.
Any view
display ntdp single-device mac-address
Use the display ntdp single-device mac-address h-h-h command to display the information about a
specific device in detail.
Cluster view
display ntp-service sessions
Use the display ntp-service sessions command to display the status of all the sessions maintained by
NTP (Network Time Protocol) service provided by the local equipment.
Any view
display ntp-service status
Use the command display ntp-service status to display the NTP service status.
Any view.
display ntp-service trace
Use the display ntp-service trace command to display the brief information of each NTP time server
along the time synchronization chain from the local device to the reference clock source.
Any view
display packet-filter
Use the display packet-filter command to view the application information of packet filtering, including
the ACL name, rule names, and application status.
Any view
display port
Use the display port command to display all current ports with their type indicated.
Any view
display port-security
Use the display port-security command to display the information about port security configuration
(including global configuration and all or specific port configuration).
Any view
display port vlan-vpn
Use the display port vlan-vpn command to display the information about the VLAN VPN configuration
of the current system, including current TPID value, VLAN-VPN ports, and VLAN-VPN uplink ports.
Any view
14 3Com Switch 4200G Family
Command Reference
display protocol-priority
Use the display protocol-priority command to display the priority of protocol packets.
Any view
display qos cos-drop-precedence-map
Use the display qos cos-dscp-map command to display the "COS->DSCP" mapping relationship.
Any view
display qos cos-local-precedence-map
Use the display qos cos-local-precedence-map command to view the COS–>Local-precedence map.
Any view
display qos dscp-cos-map
Use the display qos dscp-cos-map command to display the "DSCP->802.1 priority" mapping relationship.
Any view
display qos dscp-drop-precedence-map
Use the display qos dscp-cos-map command to display the "DSCP->DSCP" mapping relationship.
Any view
display qos dscp-local-precedence-map
Use the display qos-interface all command to display all the QoS settings of the port.
Any view
display qos-interface priority-trust
Use the display qos-interface priority-trust command to display the precedence mapping mode of
the switch.
Any view
display qos-interface traffic-limit
Use the display qos-interface traffic-limit command to view the traffic limit settings.
Any view
display qos-interface traffic-shape
Use the display qos-interface traffic-shape command to view the parameter configurations of traffic
shaping on the port.
Any view
display qos-interface traffic-statistic
Use the display qos-interface traffic-statistic command to view the traffic statistics.
Any view
display qos-profile
Use the display qos-profile command to view the configurations of the QoS profile.
Any view
display queue-scheduler
Use the display queue-scheduler command to view queue scheduling mode and corresponding
parameters.
Any view
display radius
Use the display radius command to view the configuration information about all RADIUS schemes or a
specified scheme.
Any view
display radius statistics
Use the display radius statistics command to view the statistics information about RADIUS packet.
Any view
3Com Switch 4200G Family 15
Command Reference
Use the display rmon alarm command to display the configuration of a specified alarm entry or all the
alarm entries.
Any view
display rmon event
Use the display rmon event command to display the configuration of a specified event entry or all the
event entries.
Any view
display rmon eventlog
Use the display rmon eventlog command to display the log of a specified event entry or all the event
entries.
Any view
display rmon history
Use the display rmon history command to display the RMON history information about a specified port.
The information about the latest sample, including utilization, the number of errors, the total number of
packets and so on, is also displayed.
Any view
display rmon prialarm
Use the display rmon prialarm command to display the configuration of a specified extended alarm entry
or all the extended alarm entries.
Any view
display rmon statistics
Use the display rmon statistics command to display the RMON statistics of a specified port.
Any view
display rsa local-key-pair public
Use the display rsa local-key-pair public command to display the public key of the server host key
pair. If no key pair is generated, the system prompts “%RSA keys not found”.
Any view
display rsa peer-public-key
Use the display rsa peer-public-key command to display the client public key of the specified RSA key
pair. If no key name is specified, the command displays all public keys of the client
Any view
display saved-configuration
Use the display saved-configuration command to display the content of the main configuration file in
the flash memory of a switch.
Any view
display schedule reboot
Use the display schedule reboot command to display information about scheduled reboot.
Any view
display snmp-agent
Use the display snmp-agent command to view engine ID of the local or remote SNMP entity.
Any view
display snmp-agent community
Use the display snmp-agent community command to view the information about the currently configured
community names for SNMPv1 or SNMPv2c.
Any view
display snmp-agent group
Use the display snmp-agent group command to view group name, security model, state of various views
and storage models.
Any view
display snmp-agent mib-view
The display snmp-agent mib-view command is used to view the MIB view configuration information of
the current Ethernet switch.
Any view
display snmp-agent statistics
Use the display snmp-agent statistics command to view the statistics information about SNMP
packets.
Any view
16 3Com Switch 4200G Family
Command Reference
Use the display snmp-agent sys-info command to view the system information of SNMP configuration.
Any view
display snmp-agent trap-list
Use the display snmp-agent trap-list command to display trap list information.
Any view
display snmp-agent usm-user
Use the display snmp-agent usm-user command to view SNMP user information.
Any view
display ssh server
Use the display ssh server command to display the status or session information about the SSH server
Any view
display ssh server-info
Use the display ssh server-info command to display the association between the server public keys
configured on the client and the servers.
Any view
display ssh user-information
Use the display ssh user-information command to display information about the current SSH users,
including user name, authentication mode, key name and authorized service types. If the username is
specified, the command displays information about the specified user.
Any view
display startup
Use the display startup command to display the startup configuration of a switch, including the name of
the current startup configuration file, the names of the main startup configuration file, and backup startup
configuration file to be used when the switch starts the next time, and so on.
Any view
display stop-accounting-buffer
Use the display stop-accounting-buffer command to view the no-response stop-accounting request
packets buffered in the device.
Any views
display stp
Use the display stp command to display the state and statistical information about one or all spanning
trees.
Any view
display stp region-configuration
Use the display stp region-configuration command to display the MST region configuration.
Any view
display tcp statistics
Use the display tcp statistics command to view the statistics information about TCP packets.
Any view
display tcp status
Use the display tcp status command to view the TCP connection state.
Any view
display this
Use the display this command to display the current configuration performed in the current view of the
system.
Any view
display time-range
Use the display time-range command to view the configuration and status of the current time range. You
will see the active or inactive state outputs respectively.
Any view
display trapbuffer
Use the display trapbuffer command to display the status of the trap buffer and the records in the trap
buffer.
Any view
display udp-helper server
Use the display udp-helper server command to view the information of destination Helper server
corresponding to the VLAN interface.
Any view
3Com Switch 4200G Family 17
Command Reference
display user-interface
Use the display users command to display the information about user interfaces. If you do not specify the
all keyword, only the information about the current user interface is displayed.
Any view
display users
Use the display users command to display the status and configuration information about user terminal
interfaces. Use the display users all command to view the information on all user terminal interfaces.
Any view
display version
Use the display version command to view the software version, issue date and the basic hardware
configuration information.
Any view
display vlan
Use the display vlan command to display the ports operating in the manual/automatic mode in the current
voice VLAN.
Any view
display vlan
Use the display vlan command to view related information about specified VLANs or all VLANs.
Any view
display voice vlan oui
Use the display voice vlan oui command to display the currently supported OUI addresses and the
related information.
Any view
display voice vlan status
Use the display voice vlan status command to display voice VLAN-related information, including voice
VLAN operation mode, port mode (manual mode or automatic mode), and so on.
Any view
domain
Use the domain command to create an ISP domain and enter its view, or enter the view of an existing ISP
domain, or configure the default ISP domain.
System view
dot1x
Use the dot1x command to enable 802.1x on the specified port or globally, (that is on the current device).
System view
Ethernet Port view
dot1x authentication-method
Use the dot1x dhcp-launch command to specify an 802.1x-enabled switch to launch the process to
authenticate a supplicant system when the supplicant system applies for a dynamic IP address through
DHCP.
System view
dot1x guest-vlan
Use the dot1x guest-vlan command to enable the Guest VLAN function for specified ports.
System view
Ethernet Port view
dot1x max-user
Use the dot1x max-user command to set the maximum number of systems an Ethernet port can
accommodate.
System view
Ethernet Port view
dot1x port-control
Use the dot1x port-control command to specify the access control method for specified Ethernet ports.
System view
Ethernet Port view
18 3Com Switch 4200G Family
Command Reference
dot1x port-method
Use the dot1x port-method command to specify the access control method for specified Ethernet ports.
Ethernet Port view
dot1x quiet-period
Use the dot1x retry command to specify the maximum number of times a switch can transmit the
authentication request frame to supplicant systems.
System view
dot1x retry-version-max
Use the dot1x retry-version-max command to set the maximum number of retries for a switch to send
version request packets to an online supplicant system.
System view
dot1x timer
Use the dot1x version-check command to enable 802.1x client version checking for specified Ethernet
ports.
System view
Ethernet Port view
duplex
Use the enable snmp trap updown command to enable the port to send LINK UP and LINK DOWN Trap
information.
System view
end-station polling ip-address
Use the end-station polling ip-address command to configure the IP address requiring periodic testing.
System view
execute
Use the exit command to terminate the connection to the remote SFTP server and return to system view.
This command has the same function as the bye and quit commands.
SFTP Client view
file prompt
Use the file prompt command to modify the prompt mode of file operations on the Switch.
System view
flow-control
Use the flow-control command to enable port flow control, to avoid packet loss in the event of network
congestion.
Ethernet Port view
format
Use the free user-interface command to reset a specified user interface to its default settings. The user
interface will be disconnected after the reset.
User view
free web-users
Use the free web-users command to disconnect a specified Web user or all Web users by force.
User view
ftp
Use the ftp command to establish a control connection with an FTP server and enter FTP client view.
User view
3Com Switch 4200G Family 19
Command Reference
ftp cluster
Use the ftp cluster command to establish a control connection with a cluster FTP server. This command
also leads you to FTP client view.
User view
ftp server
Use the ftp server command to configure an FTP server on the management device for the member
devices in the cluster.
Use the undo ftp server command to remove the FTP server configured for the member devices in the
cluster.
System view
ftp server enable
Use the ftp server enable command to enable FTP server and allow FTP users to log in.
System view
ftp timeout
Use the garp timer command to set the GARP Hold, Join or Leaver timer value on the current port.
Ethernet Port view
garp timer leaveall
Use the garp timer leaveall command to set the GARP LeaveAll timer to a specified value.
System view
get
Use the get command to download a remote file and save the file to the local device.
SFTP Client view
get
Use the get command to download a remote file and save it as a local file.
FTP Client view
gratuitous-arp learning enable
Use the gratuitous-arp-learning enable command to enable the gratuitous ARP packet learning
function.
System view
gvrp
Use the gvrp command to enable GVRP globally (in system view) or on a port (in Ethernet port view).
System view
Ethernet Port view
gvrp registration
Use the gvrp registration command to configure the GVRP registration type on a port.
Ethernet Port view
habp enable
Use the habp server vlan command to configure a switch to operate as an HABP server and HABP
packets to be broadcast in specified VLAN.
System view
habp timer
Use the habp timer command to set the interval for a switch to send HABP request packets.
System view
header
Use the header command to set the banners that are displayed when a user logs into a switch. The login
banner is displayed on the terminal when the connection is established. And the session banner is displayed
on the terminal if a user successfully logs in.
System view
help
Use the help command to get the help information about the specified or all SFTP client commands.
SFTP Client view
20 3Com Switch 4200G Family
Command Reference
history-command max-size
Use the history-command max-size command to set the size of the history command buffer.
User Interface view
holdtime
Use the idle-cut command to set the user idle-cut function in current ISP domain.
ISP Domain view
idle-timeout
Use the idle-timeout command to configure the amount of time you want to allow a user interface to
remain idle before it is disconnected.
User Interface view
igmp host-join vlan
Use the igmp host-join vlan command to configure a routing port to join to a multicast group.
Ethernet Port view
igmp-snooping
Use the igmp-snooping fast-leave command to enable IGMP fast leave processing.
Ethernet Port view
igmp-snooping group-limit
Use the igmp-snooping group-limit command to set the maximum number of multicast groups the port
can join.
Ethernet Port view
igmp-snooping group-policy
Use the igmp-snooping group-policy command to configure an IGMP Snooping filter ACL.
System view
Ethernet Port view
igmp-snooping host-aging-time
Use the igmp-snooping host-aging-time command to set the aging time of multicast member ports.
System view
igmp-snooping max-response-time
Use the igmp-snooping max-response-time command to configure the maximum query response time.
System view
igmp-snooping router-aging-time
Use the igmp-snooping router-aging-time command to configure the aging time of the router port.
System view
info-center channel name
Use the info-center channel name command to name the channel of the specified number.
System view
info-center console channel
Use the info-center console channel command to enable information output to the console through a
specified channel.
System view
info-center enable
Use the info-center logbuffer command to enable information output to the log buffer through the
specified channel (you can also set the size of the log buffer in this command).
System view
info-center monitor channel
Use the info-center monitor channel command to enable information output to terminals through a
specified channel.
System view
3Com Switch 4200G Family 21
Command Reference
Use the info-center snmp channel command to enable information output to the SNMP through a
specified channel.
System view
info-center source
Use the info-center source command to add a record (that is, an information source) to an information
channel.
System view
info-center synchronous
Use the info-center timestamp command to set the format of time stamp included in the log/trap/debug
information or specify not to include time stamp in the information.
System view
info-center trapbuffer
Use the info-center trapbuffer command to enable information output to the trap buffer.
System view
instance
Use the instance command to map specified VLANs to a specified spanning tree instance.
MST Region view
interface
Use the command interface command to enter Ethernet port view. To configure parameters for a port, you
must enter the port view first.
System view
interface VLAN-interface
Use the interface vlan-interface command to create a management VLAN interface and enter
management VLAN interface view.
System view
ip address
Use the ip address command to assign an IP address (and mask) to a management VLAN interface.
VLAN Interface view
ip address bootp-alloc
Use the ip address bootp-alloc command to configure VLAN interface to obtain IP address using
BOOTP.
VLAN Interface view
ip address dhcp-alloc
Use the ip address dhcp-alloc command to configure VLAN interface to obtain an IP address using
DHCP.
VLAN Interface view
ip host
Use the ip host command to configure a host name and the corresponding IP address for a switch.
System view
ip http acl
Use the ip http acl command to apply an ACL to filter Web users.
System view
User Interface view
ip-pool
Use the ip-pool command to configure a private IP address range for cluster members on the switch to
be set as the management device.
Cluster view
ip route-static
ip route-static
Use the ip route-static command to configure a static route, whose validity depends on detecting results
as follows: valid when the detecting result is reachable or invalid when the detecting result is unreachable.
System view
jumboframe enable
Use this command to allow jumbo frames to pass through the Ethernet port.
Ethernet port view
key
Use the key command to specify a shared key for the RADIUS authentication/authorization packets or
accounting packets.
RADIUS Scheme view
lacp enable
Use the lacp enable command to enable the LACP protocol on the current port.
Ethernet Port view
lacp port-priority
Use the lacp port priority command to configure port priority value.
Ethernet Port view
lacp system-priority
Use the language-mode command to toggle between the language modes (that is, language environments)
of the command line interface (CLI) to meet your requirement.
User view
lcd
Use the lcd command to display the local work directory on the FTP client.
FTP Client view
level
Use the level command to set the priority level of the user.
Local User view
link-aggregation group description
Use the link-aggregation group description command to set a description for an aggregation group.
System view
link-aggregation group mode
Use the link-aggregation group mode command to create a manual or static aggregation group.
System view
local-server
Use the local-server command to configure the parameters of local RADIUS server.
System view
local-user
Use the local-user command to add a local user and enter local user view.
System view
local-user password-display mode
Use the local-user password-display-mode command to set the password display mode of all users.
System view
lock
Use the lock command to lock the current user interface and prevent unauthorized users from accessing it.
User view
logging-host
Use the logging-host command to configure a public logging host on the management device for member
devices.
Cluster view
loopback-detection control enable
Use the loopback-detection control enable command to enable loopback detection and control function
for Trunk ports and Hybrid ports.
Ethernet Port view
3Com Switch 4200G Family 23
Command Reference
loopback-detection enable
Use the loopback-detection enable command to enable the loopback detection function globally or for
a specific port.
System view
Ethernet Port view
loopback-detection interval-time
Use the loopback-detection interval-time command to set the time interval for detecting the external
loopback for a port.
System view
loopback-detection per-vlan enable
Use the loopback-detection per-vlan enable command to configure the system to run loopback
detection on all VLANs for the Trunk and Hybrid ports.
Ethernet Port view
ls
Use the ls command to display the information about a specified remote file.
FTP Client view
mac-address
Use the mac-address command to add/modify the MAC address table entry.
System view
Port view
mac-address max-mac-count
Use the mac-address max-mac-count command to configure the maximum number of MAC addresses an
Ethernet port can learn.
Ethernet Port view
mac-address max-mac-count 0
Use the mac-address max-mac-count0 command to disable a switch from learning MAC address in a
VLAN.
VLAN view
mac-address multicast interface vlan
Use the mac-address multicast command to add a multicast MAC address entry.
System view
mac-address multicast vlan
Use the mac-address multicast vlan command to add a multicast MAC address entry.
Ethernet Port view
mac-address security
Use the mac-address security command to add Security MAC address manually.
Ethernet Port view
System view
mac-address timer
Use the mac-address timer command to set the aging time for dynamic MAC address entries.
System view
mac-authentication
Use the mac-authentication command to enable centralized MAC address authentication globally (current
device) or on specified ports.
System view
Ethernet Port view
mac-authentication authmode
Use the mac-authentication authmode command to set MAC address authentication mode.
System view
mac-authentication authpassword
Use the mac-authentication authpassword command to set a password for MAC address authentication
when the fixed mode is adopted.
System view
mac-authentication authusername
Use the mac-authentication authusername command to set a user name when a switch authenticates
users in fixed mode.
System view
24 3Com Switch 4200G Family
Command Reference
mac-authentication domain
Use the mac-authentication domain command to configure an ISP domain for centralized MAC address
authentication users.
System view
mac-authentication timer
Use the mac-authentication timer command to configure the timers used in centralized MAC address
authentication.
System view
management-vlan
Use the management-vlan command to specify the management VLAN on the switch.
System view
management-vlan synchronization enable
Use the management-vlan synchronization enable command to enable the management VLANs of the
member devices of a cluster to be synchronized.
Cluster view
mdi
Use the messenger time command to enable or disable the messenger alert and configure the related
parameters.
ISP Domain view
mirroring group
Use the mirroring-group remote-probe vlan command to specify the remote-probe VLAN for a given
mirroring group.
System view
mirroring-port
Use the mkdir command to create a directory on the remote SFTP server.
SFTP Client view
mkdir
Use the mkdir command to create a directory in a specified directory of a specified storage device.
User view
mkdir
Use the mkdir command to create a directory on the remote SFTP server.
FTP Client view
monitor-port
Use the move command to move a file to a specified directory. You can also assign a new name for the file.
User view
name
Use the name command to set a name for the assigned VLAN.
VLAN view
3Com Switch 4200G Family 25
Command Reference
name
Use the name command to set a name for the assigned VLAN.
VLAN view
nas-ip
Use the nas-ip command to set the source IP address used by the switch to send RADIUS packets.
RADIUS Scheme view
ndp enable
Use the ndp enable command in system view to enable NDP globally on the switch. When being executed
in Ethernet port view, this command enables NDP for an Ethernet port.
System view
Ethernet Port view
ndp timer aging
Use the ndp timer aging command to set how long a device will hold the NDP packets received from the
local device. After the aging timer expires, the device will discard the received NDP neighbor node
information.
System view
ndp timer hello
Use the ndp timer hello command to define how often to transmit the NDP packets.
System view
nm-interface vlan-interface
Use the nm-interface vlan-interface command to configure an NMS interface of the management
device.
Cluster view
ntdp enable
Use the ntdp enable command in system view to enable NTDP globally. When being executed in Ethernet
port view, this command enables NTDP for an Ethernet port.
System view
Ethernet Port view
ntdp explore
Use the ntdp explore command to start topology information collection manually.
User view
ntdp hop
Use the ntdp hop command to set a range (in terms of hop count) for topology information collection.
System view
ntdp timer
Use the ntdp timer command to configure the interval to collect topology information.
System view
ntdp timer hop-delay
Use the ntdp timer hop-delay command to set the delay time for a switch to forward topology-collection
request packets.
System view
ntdp timer port-delay
Use the ntdp timer port-delay command to set the delay time for a switch to forward a received
topology-collection request packet through its successive ports.
System view
Use the ntdp timer port-delay command to set the delay time for a switch to forward a received
topology-collection request packet through its successive ports. A switch forwards received topology
request packets to all its ports in turn. After forwarding a received topology-collection request packet through
one port, the switch delays for specific period before it forwards the packet through the next port.
ntp-service access
Use the ntp-service access command to set the authority to access the local equipment.
System view
ntp-service authentication enable
Use the ntp-service authentication enable command to enable the NTP-service authentication
function.
System view
ntp-service authentication-keyid
ntp-service broadcast-client
Use the ntp-service broadcast-client command to configure an Ethernet switch to operate in NTP
broadcast client mode.
VLAN Interface view
ntp-service broadcast-server
Use the ntp-service broadcast-server command to configure NTP broadcast server mode.
VLAN Interface view
ntp-service in-interface disable
Use the ntp-service in-interface disable command to disable an interface to receive NTP message.
VLAN Interface view
ntp-service max-dynamic sessions
Use the ntp-service max-dynamic-sessions command to set how many sessions can be created locally.
System view
ntp-service multicast-client
Use the ntp-service multicast-client command to configure an Ethernet switch to operate in NTP
multicast client mode.
VLAN Interface view
ntp-service multicast-server
Use the ntp-service multicast-server command to configure an Ethernet switch to operate in NTP
multicast server mode.
VLAN Interface view
ntp-service reliable authentication-keyid
Use the ntp-service source-interface command to designate an interface to transmit NTP message.
System view
ntp-service unicast-peer
Use the ntp-service unicast-server command to configure an Ethernet switch to operate in NTP server
mode.
System view
open
Use the open command to establish a control connection with an FTP server.
FTP Client view
packet-filter
Use the packet-filter command to define the packet filter function in the QoS profile.
QoS Profile view
packet-filter
Use the packet-filter command to apply ACL rules on the port to filter packets.
Ethernet Port view
parity
Use the parity command to set the check mode of the user interface.
User Interface view
passive
Use the passive command to set the data transmission mode to be passive mode.
FTP Client view
password
Use the password command to configure or change the system login password for a user.
Local User view
password
Use the password command to set a password for the local users.
Local User View
peer-public-key end
Use the peer-public-key end command to return to system view from public key view.
Public Key view
3Com Switch 4200G Family 27
Command Reference
ping
Use the ping command to check the IP network connection and the reachability of the host.
Any view
port
Using the port command, you can add one port or one group of ports to a VLAN.
VLAN view
port access vlan
Use the port access vlan command to assign the access port to a specified VLAN.
Ethernet Port view
port hybrid pvid vlan
Use the port hybrid pvid vlan command to configure the default VLAN ID of the hybrid port.
Ethernet Port view
port hybrid vlan
Use the port hybrid vlan command to add the port to the specified VLAN(s). The port needs to have been
made a hybrid port before you can do this. See the related command below.
Ethernet Port view
port isolate
Use the port isolate command to add an Ethernet port to the isolation group.
Ethernet Port view
port link-aggregation group
Use the port link-aggregation group agg_id command to add an Ethernet port to a manual or static
aggregation group.
Ethernet Port view
port link-type
Use the port link-type command to configure the link type of the Ethernet port.
Ethernet Port view
port-security enable
Use the port-security intrusion-mode command to set the action mode of the Intrusion Protection
feature.
Ethernet Port view
port-security max-mac-count
Use the port-security max-mac-count command to set the maximum number of MAC addresses allowed
to access the port.
Ethernet Port view
port-security ntk-mode
Use the port-security ntk-mode command to set the packet transmission mode of the Need to Know
(NTK) feature.
Ethernet Port view
port-security OUI
Use the port-security OUI command to set an OUI value for authentication.
System view
port-security port-mode
Use the port-security port-mode command to set the security mode of the port.
Ethernet Port view
port-security timer disableport
Use the port-security timer disableport command to set the time during which the system temporarily
disables a port.
System view
port-security trap
Use the port-security trap command to enable the sending of the specified type(s) of trap messages.
System view
port trunk pvid vlan
Use the port trunk pvid vlan command to configure the default VLAN ID for a trunk port.
Ethernet Port view
28 3Com Switch 4200G Family
Command Reference
Use the port trunk permit vlan command to add a trunk port to one VLAN, a selection of VLANs, or all
VLANs.
Ethernet Port view
primary accounting
Use the primary accounting command to set the IP address and port number for the primary accounting
server.
RADIUS Scheme view
primary authentication
Use the primary authentication command to configure the IP address and port number for the primary
RADIUS authentication/authorization server.
RADIUS Server Group view
priority
Use the priority trust command to configure the precedence mapping mode on the port of the switch.
Ethernet Port view
protocol inbound
Use the protocol inbound command to configure the protocols supported in the current user interface.
VTY User Interface view
protocol inbound
Use the protocol inbound command to specify the protocols supported by the user interface.
User Interface view
protocol-priority protocol-type
Use the protocol-priority command to set the global traffic priority that applies to a given protocol.
System view
public-key-code begin
Use the public-key-code begin command to enter public key edit view and input the client public key.
Public Key view
public-key-code begin
Use the public-key-code begin command to enter public key edit view and set server public keys.
Public Key view
public-key-code end
Use the public-key-code end command to return from public key edit view to public key view and save the
public keys you set.
Public Key Edit view
public-key-code end
Use the public-key-code end command to return from public key edit view to public key view and save the
public keys you set.
Public Key Edit view
put
Use the put command to upload a local file to the remote SFTP server.
SFTP Client view
put
Use the put command to upload a local file to the remote FTP server.
FTP Client view
pwd
Use the pwd command to display the current directory on the SFTP server.
SFTP Client view
pwd
Use the pwd command to display the current path. If the current path is not configured, an error occurs when
you execute this command.
User view
pwd
Use the pwd command to display the current directory on the remote FTP Server.
FTP Client view
3Com Switch 4200G Family 29
Command Reference
qos cos-drop-precedence-map
Use the qos cos-dscp-map command to configure the "COS->DSCP" mapping relationship.
System view
qos cos-local-precedence-map
Use the qos dscp-cos-map command to configure the "COS->802.1p priority" mapping relationship.
System view
qos dscp-drop-precedence-map
Use the qos dscp-dscp-map command to configure the "DSCP->DSCP" mapping relationship.
System view
qos dscp-local-precedence-map
Use the qos-profile command to create a QoS profile and enter the corresponding view.
System view
qos-profile port-based
Use the qos-profile port-based command to configure the port-based application mode of QoS profiles
on ports.
Ethernet Port view
queue-scheduler
Use the queue-scheduler command to set the queue-scheduling algorithm and parameters.
System view
quit
Use the quit command to terminate the connection to the remote SSH server.
User view
quit
Use the quit command to terminate the connection to the remote SFTP server and exit to system view.
SFTP Client view
quit
Use the quit command to terminate FTP control connection and FTP data connection and quit to user view.
This command has the same effect as that of the bye command.
FTP Client view
quit
Use the quit command to return from current view to lower level view, or exit the system if current view is
user view.
Any view
radius nas-ip
Use the radius nas-ip command to set the source IP address used by the switch to send RADIUS packets.
System view
radius-scheme
Use the radius-scheme command to specify the RADIUS scheme to be used by the current ISP domain.
ISP Domain view
radius scheme
Use the radius scheme command to create a RADIUS scheme and enter its view.
System view
30 3Com Switch 4200G Family
Command Reference
radius trap
Use the radius trap command to enable the switch to send trap messages when its RADIUS
authentication or accounting server turns down.
System view
reboot
Use the reboot member command to reboot a specified member device on the management device.
Cluster view
region-name
Use the remote-probe vlan enable command to enable the remote-probe port mirror port feature on the
VLAN of the switch.
VLAN view
remotehelp
Use the remotehelp command to display help information about the FTP protocol command.
FTP Client view
remove
Use the remove command to delete the specified file from the server.
SFTP Client view
rename
Use the rename command to change the name of the specified file on the SFTP server.
SFTP Client view
rename
Use the rename command to rename a file or a directory. If the target file name or directory name is the
same with any existing file name or directory name, you will fail to rename a file.
User view
rename
Use the reset arp command to remove information that is no longer required from the ARP mapping table.
User view
reset counters interface
Use the reset counters interface command to clear the statistics of the port, preparing for a new
statistics collection.
User view
reset dot1x statistics
Use the reset dot1x statistics command to clear the statistics of 802.1x.
User view
reset garp statistics
Use the reset garp statistics command to clear the GARP statistics (such as the information about the
packets received/sent/discarded by GVRP/GMRP) on specified (or all) ports.
User view
reset igmp-snooping statistics
Use the reset igmp-snooping statistics command to clear the IGMP Snooping statistics.
User view
reset ip statistics
Use the reset logbuffer command to clear information in the log buffer.
User view
reset ndp statistics
Use the reset ndp statistics command to reset the NDP counters to clear the NDP statistics.
User view
3Com Switch 4200G Family 31
Command Reference
Use the reset radius statistics command to clear the statistics information about the RADIUS protocol.
User view
reset recycle-bin
Use the reset recycle-bin command to completely delete file(s) in the recycle bin in the Flash.
User view
reset saved-configuration
Use the reset saved-configuration command to delete the configuration file that is of the specified
attribute from the Flash, including the main and backup configuration files to be used when the switch starts
the next startup.
User view
reset stop-accounting-buffer
Use the reset stop-accounting-buffer command to delete the buffered no-response stop-accounting
request packets.
User view
reset stp
Use the reset stp command to clear the STP statistics of specified Ethernet ports.
User view
reset tcp statistics
Use the reset tcp statistics command to clear the TCP statistics information.
User view
reset traffic-limit
Use the reset traffic-limit command to clear the statistics of the traffic policing matching with the
specified ACL rules.
Ethernet Port view
reset traffic-statistic
Use the reset traffic-statistic command to clear the traffic statistics of the packets matching with the
specified ACL rules.
Ethernet Port view
reset trapbuffer
Use the reset trapbuffer command to clear information in the trap buffer.
User view
retry
Use the retry command to set the maximum number of transmission attempts of RADIUS requests.
Detecting Group view
retry realtime-accounting
Use the retry realtime-accounting command to set the maximum allowed number of continuous
no-response real-time accounting requests.
RADIUS Scheme view
retry stop-accounting
Use the retry stop-accounting command to set the maximum number of transmission attempts of the
stop-accounting requests buffered due to no response.
RADIUS Scheme view
return
Use the return command to return to user view from any other view.
System view or higher level views
revision-level
Use the revision-level command to set the MSTP revision level for a switch.
MST Region view
rmdir
Use the rmdir command to delete the specified directory from the remote SFTP server.
SFTP Client view
rmdir
rmdir
Use the rmdir command to delete the specified directory from the remote FTP server.
FTP Client view
You can only use this command to remove directories that are empty.
rmon alarm
Use the rmon alarm command to add an entry to the alarm table.
System view
rmon event
Use the rmon event command to add an entry to the event table.
System view
rmon history
Use the rmon history command to add an entry to the history control table.
Ethernet Port view
rmon prialarm
Use the rmon prialarm command to add an entry to the extended RMON alarm table.
System view
rmon statistics
Use the rmon statistics command to add an entry to the statistic table.
Ethernet Port view
rsa local-key-pair create
Use the rsa local-key-pair create command to generate RSA key pairs, whose names are in the format
of switch name plus _host, for example, S4200G_host.
System view
rsa local-key-pair destroy
Use the rsa local-key-pair destroy command to destroy all existing RSA key pairs at the server end.
System view
rsa peer-public-key
Use the rule comment command to define the comment string for an ACL rule.
Advanced ACL view / Layer 2 ACL view
rule (Layer 2 ACL)
Use the save command to save the current configuration to a configuration file in the flash memory.
Any view
schedule reboot at
Use the schedule reboot at command to schedule a reboot on the current switch and set the reboot date
and time.
User view
schedule reboot delay
Use the schedule reboot delay command to schedule a reboot on the switch, and set the reboot waiting
delay.
User view
scheme
Use the scheme command to configure the AAA scheme to used by the current ISP domain.
ISP Domain view
3Com Switch 4200G Family 33
Command Reference
screen-length
Use the screen-length command to set the number of lines the terminal screen can contain.
User Interface view
secondary accounting
Use the secondary accounting command to set the IP address and port number of the secondary RADIUS
accounting server.
RADIUS Scheme view
secondary authentication
Use the secondary authentication command to set the IP address and port number of the secondary
RADIUS authentication/authorization server.
RADIUS Scheme view
security-policy-server
Use the security-policy-server command to set the IP address of a security policy server.
RADIUS Scheme view
self-service-url
Use the self-service-url command to either enable or disable the self-service server location function.
ISP Domain view
send
Use the send command to send messages to a specified user interface or all user interfaces.
User view
server-type
Use the server-type command to configure the RADIUS server type supported by the Switch.
RADIUS Scheme view
service-type
Use the command service-type to authorize a user access to the specified services.
Local User view
service-type
Use the service-type command to specify the login type and the corresponding available command level.
Local User view
service-type multicast
Use the service-type multicast command to set the current VLAN as a multicast VLAN.
VLAN view
set authentication password
Use the set authentication password command to set the local password.
User Interface view
sftp
Use the sftp command to establish a connection to the SFTP server and enter SFTP client view.
System view
sftp server enable
Use the sftp server enable command to enable the secure FTP (SFTP) server.
System view
sftp time-out
Use the sftp time-out command to set the timeout time for the SFTP user connection.
System view
shell
Use the shell command to make terminal services available for the user interface.
User Interface view
shutdown
Use the smarton command to enable the SmartOn function for an Ethernet port with supplicant systems
attached.
Ethernet Port view
34 3Com Switch 4200G Family
Command Reference
smarton password
Use the smarton password command to set the password to be used by the SmartOn function.
System view
smarton switchid
Use the smarton timer command to set the supplicant timeout timer for SmartOn-enabled supplicant
systems.
System view
snmp-agent
Use the snmp-agent community command to set a community name and to enable users to access the
switch through SNMP. You can also optionally use this command to apply an ACL to filter network
management users.
System view
snmp-agent community
Use the snmp-agent community command to set the community access name and enable access to SNMP.
System view
snmp-agent group
Use the snmp-agent group command to configure a SNMP group. You can also optionally use this
command to apply an ACL to filter network management users.
System view
snmp-agent group
Use the snmp-agent group command to configure a new SNMP group, that is, to map SNMP user to SNMP
view.
snmp-agent local-engineid
Use the snmp-agent local-engineid command to set the engine ID of the local SNMP entity.
System view
snmp-agent log
Use the snmp-agent log command to enable the logging function for network management.
System view
snmp-agent mib-view
Use the snmp-agent mib-view command to create or update the view information, limiting the MIB objects
to be accessed by the NMS.
System view
snmp-agent packet max-size
Use the snmp-agent packet max-size command to set the maximum size of SNMP packet that the Agent
can send/receive.
System view
snmp-agent sys-info
Use the snmp-agent sys-info command to configure system information such as geographical location of
the device, contact information for system maintenance and version information of running SNMP.
System view
snmp-agent target-host
Use the snmp-agent target-host command to command to configure destination of SNMP Trap packets.
System view
snmp-agent trap enable
Use the snmp-agent trap enable command to enable the device to send Trap packets.
System view
snmp-agent trap life
Use the snmp-agent trap life command to set aging time for Trap packets.
System view
snmp-agent trap queue-size
Use the snmp-agent trap queue-size command to configure the information queue length of a Trap packet
sent to the destination host.
System view
3Com Switch 4200G Family 35
Command Reference
Use the snmp-agent trap source command to configure the source address for sending Trap messages.
System view
snmp-agent usm-user
Use the snmp-agent usm-user command to add a new community name or, if you use the V3 parameter,
a new user to an SNMP group.
System view
snmp-agent usm-user
Use the snmp-agent usm-user command to add a new user to an SNMP group. You can also optionally
use this command to apply an ACL to filter network management users.
System view
snmp-agent usm-user
Use the snmp-agent usm-user command to add a new user to an SNMP group.
System view
snmp-agent usm-user
Use the snmp-agent usm-user command to add a new community name or, if you use the V3 parameter,
a new user to an SNMP group.
System view
snmp-host
Use the snmp-host command to configure an SNMP host for the member devices inside a cluster on the
management device.
Cluster view
speed
Use the speed command to set the transmission speed of the user interface.
User Interface view
speed
Use the ssh client assign rsa-key command to specify on the client the public key for the server to be
connected to guarantee the client can be connected to a reliable server.
System view
ssh client first-time enable
Use the ssh client first-time enable command to configure the client to run the initial authentication.
System view
ssh server authentication-retries
Use the ssh server authentication-retries command to set authentication retry number for SSH
connections.
System view
ssh server timeout
Use the ssh server timeout command to set authentication timeout time for SSH connections.
System view
ssh user assign rsa-key
Use the ssh user assign rsa-key command to allocate public keys to SSH users.
System view
ssh user authentication-type
Use the ssh user authentication-type command to define on the server the available authentication type
for an SSH user.
System view
ssh user service-type
Use the ssh user service-type command to specify service type for a user.
System view
ssh2
Use the ssh2 command to enable the connection between SSH client and server, define key exchange
algorithm preference, encryption algorithm preference and HMAC algorithm preference on the server and
client.
System view
36 3Com Switch 4200G Family
Command Reference
Use the startup bootrom-access enable command to specify a switch to prompt for the customized
password before entering the BOOT menu.
User view
startup saved-configuration
Use the startup saved-configuration command to specify the main or backup configuration file for a
switch to start the next time.
User view
state
Use the state command to configure the state of the current ISP domain/current user.
ISP Domain view
Local User view
RADIUS view
state
Use the stop-accounting-buffer enable command to enable the switch to buffer the stop-accounting
requests that bring no response.
RADIUS Scheme view
stopbits
Use the stopbits command to set the stop bits of the user interface.
User Interface view
stp
Use the stp command to enable or disable MSTP globally or for a port.
System view
Ethernet Port view
stp bpdu-protection
Use the stp bpdu-protection command to enable the BPDU protection function.
System view
stp bridge-diameter
Use the stp bridge-diameter command to set the network diameter of a switched network, which is
represented in terms of the maximum number of switches between any two terminals in a switched network.
System view
stp config-digest-snooping
Use the stp config-digest-snooping command to enable the digest snooping feature.
Ethernet Port view
stp cost
Use the stp cost command to set the path cost of a port in a spanning tree instance.
Ethernet Port view
stp edged-port
Use the stp edged-port command to configure the current Ethernet port as either an edge port or a
non-edge port.
Ethernet Port view
stp interface
Use the stp interface command in system view to enable or disable MSTP for specified ports.
System view
stp interface config-digest-snooping
Use the stp interface config-digest-snooping command to enable the digest snooping feature.
System view
stp interface cost
Use the stp interface cost command to set the path cost of specified ports in a specified spanning tree
instance.
System view
stp interface edged-port
Use the stp interface edged-port command to configure the specified Ethernet ports to be either edge
ports or non-edge ports.
System view
3Com Switch 4200G Family 37
Command Reference
Use the stp interface loop-protection command to enable the loop prevention function.
System view
stp interface mcheck
Use the stp interface mcheck command to perform the mCheck operation for specified ports.
System view
stp interface no-agreement-check
Use the stp interface no-agreement-check command to enable the rapid transition feature on a specified
port.
System view
stp interface point-to-point
Use the stp interface point-to-point command to specify whether the specified Ethernet ports are
point-to-point links.
System view
stp interface port priority
Use the stp interface port priority command to set the port priority of specified ports in a spanning
tree instance.
System view
stp interface root-protection
Use the stp interface root-protection command to enable the root protection function for specified
ports.
System view
stp interface transmit-limit
Use the stp interface transmit-limit command to set the maximum number of BPDUs that each
specified port can send within a Hello time interval.
System view
stp loop-protection
Use the stp loop-protection command to enable the loop prevention function for the current port.
Ethernet Port view
stp max-hops
Use the stp max-hops command to set the maximum hop count of the MST region to which the switch
belongs.
System view
stp mcheck
Use the stp mcheck command to perform the mCheck operation for the current port.
Ethernet Port view
System view
stp mode
Use the stp mode command to set the MSTP operation mode of the switch.
System view
stp no-agreement-check
Use the stp no-agreement-check command to enable the rapid transition feature on the current port.
Ethernet Port view
stp pathcost-standard
Use the stp pathcost-standard command to set the standard used for calculating the default path costs
of ports.
System view
stp point-to-point
Use the stp point-to-point command to specify whether the port must connect to point-to-point link.
Ethernet Port view
stp port priority
Use the stp port priority command to set the priority of the current port in a specified spanning tree
instance.
Ethernet Port view
stp priority
Use the stp priority command to set the priority of a switch in a spanning tree instance.
System view
38 3Com Switch 4200G Family
Command Reference
stp region-configuration
Use the stp root primary command to configure the current switch to be the root bridge of a specified
spanning tree instance.
System view
stp root-protection
Use the stp root-protection command to enable the root protection function for the current port.
Ethernet Port view
stp root secondary
Use the stp root secondary command to configure the current switch as a secondary root bridge of a
specified spanning tree instance.
System view
stp tc-protection
Use the stp tc-protection command to enable or disable the TC-BPDU attack prevention function for
the switch.
System view
stp timer-factor
Use the stp timer-factor command to set the timeout time of a switch in terms of the multiple of the Hello
time.
System view
stp timer forward-delay
Use the stp timer forward-delay command to set the Forward delay for a switch.
System view
stp timer hello
Use the stp timer hello command to set the Hello time for a switch.
System view
stp timer max-age
Use the stp timer max-age command to set the maximum age of a switch.
System view
stp transmit-limit
Use the stp transmit-limit command to set the maximum number of configuration BPDUs the current
port can transmit within a Hello time.
Ethernet Port view
super
Use the super command to switch the current user level to the one identified by the level argument.
User view
super password
Use the super password command to set the password for users to switch to a higher user level.
System view
sysname
Use the sysname command to set a domain name for the switch.
System view
sysname
Use the sysname command to set the system name of the Switch.
System view
system-view
Enter system-view to enter the system view from the user view.
User view
tcp timer fin-timeout
Use the tcp timer fin-timeout command to configure the TCP finwait timer.
System view
tcp timer syn-timeout
Use the tcp timer syn-timeout command to configure the TCP synwait timer.
System view
3Com Switch 4200G Family 39
Command Reference
tcp window
Use the tcp window command to configure the size of the transmission and receiving buffers of the
connection-oriented socket.
System view
telnet
Use the telnet command to log in to another Ethernet switch from the current switch via Telnet for remote
management.
User view
terminal debugging
Use the terminal debugging command to configure to display the debugging information on the terminal.
User view
terminal debugging
Use the terminal debugging command to configure to display the debugging information on the terminal.
User view
terminal logging
Use the terminal monitor command to enable the debug/log/trap terminal display function.
User view
terminal trapping
Use the terminal trapping command to enable terminal trap information display.
User view
tftp
Use the tftp command to set the TFTP data transfer mode.
System view
tftp cluster get
Use the tftp cluster get command to download a specified file from a cluster TFTP server.
User view
tftp cluster put
Use the tftp put command to upload a specified file to a specified directory of a cluster TFTP server.
User view
tftp get
Use the tftp get command to download a file from a TFTP server to this switch.
User view
tftp put
Use the tftp put command to upload a file from the switch to the specified directory on the TFTP server.
User view
tftp-server
Use the tftp-server command to configure a TFTP server for cluster members on the management
device.
Cluster view
tftp-server acl
Use the tftp-server acl command to specify the ACL (Access Control List) adopted for the connection
between a TFTP client and a TFTP server.
System view
time-range
Use the timer command to set the interval to send handshake packets.
Cluster view
timer
Use the timer command to set the response timeout time of RADIUS server (that is, the timeout time of the
response timeout timer of RADIUS server).
RADIUS Scheme view
timer quiet
Use the timer quiet command to set the wait time for the primary server to restore the active state.
RADIUS Scheme view
40 3Com Switch 4200G Family
Command Reference
timer realtime-accounting
Use the timer realtime-accounting command to set the real-time accounting interval.
RADIUS Scheme view
timer response-timeout
Use the timer response-timeout command to set the response timeout time of RADIUS servers.
RADIUS Scheme view
topology accept
Use the topology accept command to confirm the current topology information of the cluster and save that
as a standard topology.
Cluster view
topology restore-from
Use the topology restore-from command to obtain and restore the standard topology information from
the local flash.
Cluster view
topology save-to
Use the topology save-to command to save the standard topology information into the local flash.
Cluster view
tracemac
Use the tracert command to trace the gateways the test packets passes through during its journey from
the source to the destination.
Any view
The tracert command is primarily used to check the network connectivity. It can also help you locate the
trouble spot of the network.
traffic-limit
Use the traffic-limit command to use ACL rules in traffic identifying and traffic policing for the packet
matching with the ACL rules and to set traffic policing parameters.
Ethernet Port view
traffic shape
Use the traffic-shape command to enable traffic shaping and send the packets out at an even rate.
Ethernet Port view
traffic-statistic
Use the traffic-statistic command to use ACL rules in traffic identifying and perform traffic statistics on
the packets matching with the ACL rules.
System view
udp-helper enable
Use the udp-helper enable command to enable the UDP Helper function.
System view
udp-helper port
Use the udp-helper port command to configure the UDP port with relay function.
System view
udp-helper server
Use the udp-helper server command to configure the relay destination server for UDP broadcast packets.
VLAN Interface view
undelete
Using user-interface command to enter one or more user interface views to perform configuration.
System view
user-name-format
Use the user-name-format command to set the format of the user names to be sent to RADIUS server.
RADIUS Scheme view
3Com Switch 4200G Family 41
Command Reference
Use the user privilege level level command to configure the command level that a user can access
from the specified user interface.
User Interface view
verbose
Use the verbose command to enable the verbose function, which displays execution and response
information of other related commands.
FTP Client view
virtual-cable-test
Use the virtual-cable-test command to enable the system to test the cable connected to a specific port
and to display the results.
Ethernet Port view
vlan
Use the vlan-assignment-mode command to set the VLAN assignment mode on the switch.
ISP Domain view
vlan-mapping modulo
Use the vlan-mapping modulo command to map VLANs to specific spanning tree instances.
MST Region view
vlan-vpn enable
Use the vlan-vpn enable command to enable the VLAN-VPN function for a port.
Ethernet Port view
vlan-vpn tpid
Use the vlan-vpn tpid command to set a TPID value for a port. The setting takes effect only when the
VLAN-VPN or VLAN-VPN uplink function is enabled.
Ethernet Port view
vlan-vpn tunnel
Use the vlan-vpn tunnel command to enable the BPDU tunnel function.
System view
vlan-vpn uplink enable
Use the vlan-vpn uplink enable command to configure a port to be a VLAN-VPN uplink port.
Ethernet Port view
voice vlan
Use the voice vlan command to enable the voice VLAN function globally.
System view
voice vlan aging
Use the voice vlan aging command to set the aging time for a voice VLAN.
System view
voice vlan enable
Use the voice vlan enable command to enable the voice VLAN function for a port.
Ethernet Port view
voice vlan mac-address
Use the voice vlan mac-address command to set a MAC address used for a voice VLAN to identify voice
devices.
System view
voice vlan mode
Use the voice vlan mode auto command to configure an Ethernet port to operate in the automatic voice
VLAN mode.
Ethernet Port view
voice vlan security enable
Use the voice vlan security enable command to enable the voice VLAN security mode.
System view