ip8800/s2500ソフトウェアマニュアルコンフィグレーション ...13 mac...

IP8800/S2500 Ver.4.21
IPX Novell,Inc.
RSARSA SecurID RSA Security Inc.
sFlow InMon Corp.

MagicPacket Advanced Micro Devices,Inc.

Ver.4.21 25
2 • speed
• aaa authentication enable aaa authentication enable end-by-reject
8 • system receive alarm parameters
• system logging format-add
24 QoS • limit-queue-length

44 LLDP • lldp management-address
47
• IP8800/S2530-16P4XIP8800/S2530E
• switch provision
• system fan mode system receive alarm parameters system temperature-warning-level system temperature-warning-level average
• schedule-power-control system-sleep schedule-power-control time-range schedule-power-control wakeup-option system fan-control
Ver.4.12 23
VLAN • switchport mode
DHCP snooping • ip dhcp snooping information no-check ip dhcp snooping information option format remote-id ip dhcp snooping information option-insert ip dhcp snooping vlan information option format-type circuit-id
OS-L2A • white-list data
PS • 16P4X
SMLSplit Multi LinkOS-L2A • 16P4XIP8800/S2530E

•
• flow detection mode
• deny(mac access-list extended) permit(mac access-list extended)
• system mac access group

•

OS-L2A white-list logging format-add white-list packet mode
white-list data
Ver.4.9 21
IP8800/S2530-08TC1
save
system fan mode system temperature-warning-level system temperature-warning-level average
schedule-power-control port-led schedule-power-control system-sleep schedule-power-control time-range schedule-power-control wakeup-option system fan-control system port-led
link-relay source
VLAN switchport mode
IEEE802.1X dot1x ignore-eapol-start
OS-L2A white-list address permit
white-list enable
SMLSplit Multi LinkOS-L2A IP8800/S2530-08TC1

MAC mac-address-table learning
IEEE802.1X dot1x supplicant-detection
OS-L2A white-list monitor destination interface
Web

IP8800/S2530-08P/08PD24/08PD

schedule-power-control port-led schedule-power-control system-sleep schedule-power-control time-range schedule-power-control wakeup-option system port-led
duplexgigabitethernet power inline power inline allocation power inline priority-control disableglobal speedgigabitethernet

IGMP snooping ip igmp snooping mrouter discovery ip igmp snooping mrouter discovery extension ip igmp snooping mrouter logging
flow detection mode
monitor session source

Ver.4.5 17
system receive control
flow detection mode
IEEE802.1X dot1x port-control dot1x supplicant-detection
Web web-authentication redirect ignore-https
http-server initial-timeout

OS-L2A white-list address trust white-list logging filter
white-list trust-mode
logging tcp connect delay logging tcp notify open logging tcp notify resume logging tcp reconnect delay logging tcp trailer
logging host

Ver.4.3 15
IP8800/S2530-48P2X
OS-L2A switch
RADIUS aaa authentication login console
system receive alarm logging system receive alarm parameters
power inline priority-control disable(config-sw)
power inline power inline allocation power inline priority-control disable(global)
SNMP snmp-server host system-msg
snmp-server traps system_msg_trap_level

IP8800/S2530-48P2X
SNMP snmp-server host
DHCP host network
OS-L2A
Ver.4.1
QoS
2 authentication ip access-group

NTP ntp authenticate ntp authentication-key ntp broadcast ntp broadcast client (interface) ntp broadcastdelay ntp master ntp peer ntp trusted-key sntp client

system receive rate-limit
QoS limit-queue-length

Ver.4.0

IGMP snooping ip igmp snooping mrouter
MLD snooping ipv6 mld snooping mrouter
IPv4ARPICMP ip route

Ver.3.5 8
MAC mac-authentication timeout quiet-period
DHCP snooping ip source binding
switchport backup interface
SNMP snmp-server host
IP8800/S2530-24TDIP8800/S2530-48TDIP8800/S2530-24S4XD

denyip access-list extended denyipv6 access-list denymac access-list extended permitip access-list extended permitipv6 access-list permitmac access-list extended
QoS
2 authentication logout linkdown
Web
web-authentication jump-url
Ver.3.4 7
VLAN switchport mac auto-vlan
switchport mac
Web web-authentication prefilter
sFlow
RADIUS ipv6 access-class
radius-server host server
axrp-ring-port mode
IPv4ARPICMP arp
ip mtu
Web web-authentication radius-server host

VLAN
mtu system mtu
VLAN switchport dot1q ethertype switchport vlan mapping switchport vlan mapping enable vlan-dot1q-ethertype
switchport mode

IP8800/S2530-24T4XIP8800/S2530-48T2X

system fan mode system temperature-warning-level system temperature-warning-level average
schedule-power-control wakeup-option system fan-control
duplexgigabitethernet speedgigabitethernet
flow detection mode flow detection out mode
denyipv6 access-list ipv6 access-list ipv6 access-list resequence ipv6 traffic-filter permitipv6 access-list
denyip access-list extended denyip access-list standard denymac access-list extended ip access-group ip access-list extended ip access-list resequence ip access-list standard mac access-group mac access-list extended mac access-list resequence permitip access-list extended permitip access-list standard permitmac access-list extended remark
QoS ipv6 qos-flow-group ipv6 qos-flow-list ipv6 qos-flow-list resequence qosipv6 qos-flow-list
ip qos-flow-group ip qos-flow-list ip qos-flow-list resequence mac qos-flow-group mac qos-flow-list mac qos-flow-list resequence qosip qos-flow-list qosmac qos-flow-list remark
MAC mac-authentication access-group
SMLSplit Multi LinkOS-L2A system sml peer-link

Ver.3.1 3
RADIUS aaa authentication login end-by-reject
system temperature-warning-level average
schedule-power-control wakeup-option
IGMP snooping ip igmp snooping fast-leave
Web aaa authentication web-authentication end-by-reject

snmp-server host

system fan mode system temperature-warning-level
power-control port cool-standby schedule-power-control port cool-standby schedule-power-control wakeup-option

interface tengigabitethernet
MAC mac-address-table static
spanning-tree pathcost method spanning-tree single pathcost method spanning-tree vlan pathcost method
IGMP snooping ip igmp snooping mrouter
MLD snooping ipv6 mld snooping mrouter
QoS qos-queue-list <Min rate>

SMLSplit Multi LinkOS-L2A system sml peer-link
monitor session

OS-L2B

IP8800/S2530-48T IP8800/S2530E-48T 48T 48T
IP8800/S2530-48P2X 48P2X 48P2X10G
IP8800/S2530-24TD 24TD 24T
IP8800/S2530-48TD 48TD 48T

https://jpn.nec.com/ip88n/

II

AC Alternating Current ACK ACKnowledge ADSL Asymmetric Digital Subscriber Line ALG Application Level Gateway ANSI American National Standards Institute ARP Address Resolution Protocol AS Autonomous System AUX Auxiliary BGP Border Gateway Protocol BGP4 Border Gateway Protocol - version 4 BGP4+ Multiprotocol Extensions for Border Gateway Protocol - version 4 bit/s bits per second *bps BPDU Bridge Protocol Data Unit BRI Basic Rate Interface CC Continuity Check
III

CDP Cisco Discovery Protocol CFM Connectivity Fault Management CIDR Classless Inter-Domain Routing CIR Committed Information Rate CIST Common and Internal Spanning Tree CLNP ConnectionLess Network Protocol CLNS ConnectionLess Network System CONS Connection Oriented Network System CRC Cyclic Redundancy Check CSMA/CD Carrier Sense Multiple Access with Collision Detection CSNP Complete Sequence Numbers PDU CST Common Spanning Tree DA Destination Address DC Direct Current DCE Data Circuit terminating Equipment DHCP Dynamic Host Configuration Protocol DIN Deutsche Industrie Normen DIS Draft International Standard/Designated Intermediate System DNS Domain Name System DR Designated Router DSAP Destination Service Access Point DSCP Differentiated Services Code Point DTE Data Terminal Equipment DVMRP Distance Vector Multicast Routing Protocol E-Mail Electronic Mail EAP Extensible Authentication Protocol EAPOL EAP Over LAN EFM Ethernet in the First Mile ES End System FAN Fan Unit FCS Frame Check Sequence FDB Filtering DataBase FQDN Fully Qualified Domain Name FTTH Fiber To The Home GBIC GigaBit Interface Converter GSRP Gigabit Switch Redundancy Protocol HMAC Keyed-Hashing for Message Authentication IANA Internet Assigned Numbers Authority ICMP Internet Control Message Protocol ICMPv6 Internet Control Message Protocol version 6 ID Identifier IEC International Electrotechnical Commission IEEE Institute of Electrical and Electronics Engineers, Inc. IETF the Internet Engineering Task Force IGMP Internet Group Management Protocol IP Internet Protocol IPCP IP Control Protocol IPv4 Internet Protocol version 4 IPv6 Internet Protocol version 6 IPV6CP IP Version 6 Control Protocol IPX Internetwork Packet Exchange ISO International Organization for Standardization ISP Internet Service Provider IST Internal Spanning Tree L2LD Layer 2 Loop Detection LAN Local Area Network LCP Link Control Protocol LED Light Emitting Diode LLC Logical Link Control LLDP Link Layer Discovery Protocol LLQ+3WFQ Low Latency Queueing + 3 Weighted Fair Queueing LSP Label Switched Path LSP Link State PDU LSR Label Switched Router MA Maintenance Association MAC Media Access Control MC Memory Card MD5 Message Digest 5 MDI Medium Dependent Interface MDI-X Medium Dependent Interface crossover MEP Maintenance association End Point MIB Management Information Base MIP Maintenance domain Intermediate Point MLD Multicast Listener Discovery
IV

MRU Maximum Receive Unit MSTI Multiple Spanning Tree Instance MSTP Multiple Spanning Tree Protocol MTU Maximum Transfer Unit NAK Not AcKnowledge NAS Network Access Server NAT Network Address Translation NCP Network Control Protocol NDP Neighbor Discovery Protocol NET Network Entity Title NLA ID Next-Level Aggregation Identifier NPDU Network Protocol Data Unit NSAP Network Service Access Point NSSA Not So Stubby Area NTP Network Time Protocol OADP Octpower Auto Discovery Protocol OAM Operations,Administration,and Maintenance OSPF Open Shortest Path First OUI Organizationally Unique Identifier packet/s packets per second *pps PAD PADding PAE Port Access Entity PC Personal Computer PCI Protocol Control Information PDU Protocol Data Unit PICS Protocol Implementation Conformance Statement PID Protocol IDentifier PIM Protocol Independent Multicast PIM-DM Protocol Independent Multicast-Dense Mode PIM-SM Protocol Independent Multicast-Sparse Mode PIM-SSM Protocol Independent Multicast-Source Specific Multicast PoE Power over Ethernet PRI Primary Rate Interface PS Power Supply PSNP Partial Sequence Numbers PDU QoS Quality of Service RA Router Advertisement RADIUS Remote Authentication Dial In User Service RDI Remote Defect Indication REJ REJect RFC Request For Comments RIP Routing Information Protocol RIPng Routing Information Protocol next generation RMON Remote Network Monitoring MIB RPF Reverse Path Forwarding RQ ReQuest RSTP Rapid Spanning Tree Protocol SA Source Address SD Secure Digital SDH Synchronous Digital Hierarchy SDU Service Data Unit SEL NSAP SELector SFD Start Frame Delimiter SFP Small Form factor Pluggable SFP+ Enhanced Small Form factor Pluggable SML Split Multi Link SMTP Simple Mail Transfer Protocol SNAP Sub-Network Access Protocol SNMP Simple Network Management Protocol SNP Sequence Numbers PDU SNPA Subnetwork Point of Attachment SPF Shortest Path First SSAP Source Service Access Point STP Spanning Tree Protocol TA Terminal Adapter TACACS+ Terminal Access Controller Access Control System Plus TCP/IP Transmission Control Protocol/Internet Protocol TLA ID Top-Level Aggregation Identifier TLV Type, Length, and Value TOS Type Of Service TPID Tag Protocol Identifier TTL Time To Live UDLD Uni-Directional Link Detection UDP User Datagram Protocol
V

ULR Uplink Redundant UPC Usage Parameter Control UPC-RED Usage Parameter Control - Random Early Detection VAA VLAN Access Agent VLAN Virtual LAN VRRP Virtual Router Redundancy Protocol WAN Wide Area Network WDM Wavelength Division Multiplexing WFQ Weighted Fair Queueing WRED Weighted Random Early Detection WS Work Station WWW World-Wide Web XFP 10 gigabit small Form factor Pluggable
kB( ) 1kB( )1MB( )1GB( )1TB( ) 1024
1024 1024 1024
VI

2 9
ftp-server 10 line console 11 line vty 12 speed 14 transport input 15
3 17
end 18 exit 19 save(write) 20 show 21 top 22
4 OS-L2A 23
system mac-addressOS-L2A 29
5 RADIUS 31
aaa authentication enable 32 aaa authentication enable end-by-reject 34 aaa authentication login 35
i

aaa authentication login console 37 aaa authentication login end-by-reject 38 aaa group server radius 39 banner 41 ip access-group 43 ipv6 access-class 45 radius-server attribute station-id capitalize 47 radius-server dead-interval 48 radius-server host 50 radius-server key 53 radius-server retransmit 55 radius-server timeout 56 server 57
6 NTP 59
ntp broadcast clientglobal 68
ntp broadcast clientinterface 69 ntp broadcastdelay 70 ntp interval 71 ntp master 72 ntp peer 73 ntp server 75 ntp trusted-key 77 sntp client 78
7 DNS 81
ip domain lookup 82 ip domain name 83 ip domain reverse-lookup 84 ip host 85 ip name-server 86 ipv6 host 87
8 89
ii

system logging format-add 93 system memory-soft-error 94 system receive alarm logging 95 system receive alarm parameters 96 system receive control 98 system receive rate-limit 99 system recovery 100 system temperature-warning-level 101 system temperature-warning-level average 102
9 105
10 109
3
interface tengigabitethernet10G 142 link debounce 143
iii

link up-debounce 144 link-relay source 145 mdix auto 146 mtu 147
power inline48P2X08P16P4X 149
power inline allocation48P2X08P16P4X 151
power inline delay48P2X08P16P4X 153
power inline priority-control disableconfig-sw48P2X 155
power inline priority-control disableglobal48P2X08P16P4X 156 shutdown 157
speedgigabitethernet 158
12 165
4 2
13MAC 179
14VLAN 185
iv

state 192 switchport access 193 switchport dot1q ethertype 194 switchport isolation 195 switchport mac 197 switchport mac auto-vlan 200 switchport mode 201 switchport protocol 204 switchport trunk 206 switchport vlan mapping 208 switchport vlan mapping enable 210 vlan 211 vlan-dot1q-ethertype 214 vlan-protocol 215
15 217
v

16Ring Protocol 273
vi

ip igmp snoopingglobal 302
ip igmp snoopinginterface 303 ip igmp snooping fast-leave 304 ip igmp snooping mrouter 305 ip igmp snooping mrouter discovery 307 ip igmp snooping mrouter discovery extension 308 ip igmp snooping mrouter logging 309 ip igmp snooping querier 310 ip igmp snooping query-interval 311
18MLD snooping 313
ipv6 mld snoopingglobal 314
ipv6 mld snoopinginterface 315 ipv6 mld snooping source 316 ipv6 mld snooping mrouter 317 ipv6 mld snooping querier 318
5 IP
19IPv4ARPICMP 319
arp 320 ip address 322 ip mtu 324 ip route 326
20IPv6NDPICMPv6 329
ipv6 address 330 ipv6 default-gateway 332 ipv6 enable 334 ipv6 nd accept-ra 335 ipv6 neighbor 336
21DHCP 339
vii

host 343 ip dhcp excluded-address 345 ip dhcp pool 346 lease 347 max-lease 349 network 351 service dhcp 353
6 QoS
22 355
23 361
362
denyipv6 access-list 381
denymac access-list extended 387 ip access-group 391 ip access-list extended 393 ip access-list resequence 395 ip access-list standard 397 ipv6 access-list 399 ipv6 access-list resequence 401 ipv6 traffic-filter 402 mac access-group 404 mac access-list extended 406 mac access-list resequence 408
permitip access-list extended 409
permitip access-list standard 415
permitipv6 access-list 417
permitmac access-list extended 423 remark 427 system mac access-group 428
24QoS 431
432
ip qos-flow-group 442 ip qos-flow-list 444 ip qos-flow-list resequence 445 ipv6 qos-flow-group 446 ipv6 qos-flow-list 448 ipv6 qos-flow-list resequence 449 limit-queue-length 450 mac qos-flow-group 452 mac qos-flow-list 454 mac qos-flow-list resequence 455
qosip qos-flow-list 456
qosipv6 qos-flow-list 465
qosmac qos-flow-list 473 qos-queue-group 478 qos-queue-list 480 remark 483 traffic-shape rate 484 control-packet user-priority 486
7 2
25 2 487
authentication max-userglobal 496
authentication max-userinterface 498
502 aaa accounting dot1x 504 aaa authentication dot1x 506 dot1x authentication 508 dot1x auto-logout 509 dot1x force-authorized eapol 510 dot1x ignore-eapol-start 511 dot1x logging enable 512
ix

27Web 535
x

28MAC 591
29 625
http-serverOS-L2A 628
31DHCP snooping 631
ip arp inspection limit rate 632 ip arp inspection trust 633 ip arp inspection validate 634 ip arp inspection vlan 636 ip dhcp snooping 638 ip dhcp snooping database url 639 ip dhcp snooping database write-delay 641 ip dhcp snooping information no-check 642 ip dhcp snooping information option allow-untrusted 643 ip dhcp snooping information option format remote-id 644 ip dhcp snooping information option-insert 645 ip dhcp snooping limit rate 646 ip dhcp snooping trust 647 ip dhcp snooping verify mac-address 648 ip dhcp snooping vlan 649 ip dhcp snooping vlan information option format-type circuit-id 650 ip source binding 652 ip verify source 654
32OS-L2A 657
white-list dataOS-L2A 663
white-list enableOS-L2A 666
white-list learningOS-L2A 667
white-list monitor destination interfaceOS-L2A 671
white-list packet modeOS-L2A 672
white-list packet tcpOS-L2A 673
white-list packet trust-modeOS-L2A 675
white-list packet udpOS-L2A 677
white-list trustOS-L2A 679
9
34PS 685
36SMLSplit Multi LinkOS-L2A 695
system sml idOS-L2A 696
system sml domainOS-L2A 698
system sml peer-linkOS-L2A 700
10
38 707
storm-control 708
40CFM 721
domain name 722 ethernet cfm cc alarm-priority 724 ethernet cfm cc alarm-reset-time 726 ethernet cfm cc alarm-start-time 728 ethernet cfm cc enable 730 ethernet cfm cc interval 732 ethernet cfm domain 734
ethernet cfm enableglobal 736
ethernet cfm enableinterface 737 ethernet cfm mep 738 ethernet cfm mip 740 ma name 741 ma vlan-group 743
11
41SNMP 745
hostname 746 rmon alarm 747 rmon collection history 751 rmon event 753 snmp-server community 755 snmp-server contact 757 snmp-server engineID local 758 snmp-server group 760 snmp-server host 763 snmp-server location 768 snmp-server traps 769 snmp-server user 772 snmp-server view 774
xiv

42 777
logging event-kind 778 logging facility 779 logging host 780 logging syslog-dump 782 logging tcp connect delay 783 logging tcp notify open 784 logging tcp notify resume 785 logging tcp reconnect delay 786 logging tcp trailer 787 logging trap 788
43sFlow 791
sflow destination 792 sflow extended-information-type 793 sflow forward egress 795 sflow forward ingress 796 sflow max-header-size 797 sflow max-packet-size 798 sflow packet-information-type 799 sflow polling-interval 800 sflow sample 801 sflow source 803 sflow url-port-add 804 sflow version 805
12
lldp enable 808 lldp hold-count 809 lldp interval-time 810 lldp management-address 811 lldp run 812 lldp version 813
xv

45 815
ip icmp monitor destination interface 816 monitor session source 818 switchport monitor dot1q tag 821
46 823
47.1.5 832
47.1.6 833
47.1.7 833
47.1.8 834
47.1.15 IPv4ARPICMP 842
47.1.16 IPv6NDPICMPv6 844
47.1.17 DHCP 844
47.1.22 IEEE802.1X 850
47.1.23 Web 851
47.1.24 MAC 852
47.1.27 854
47.1.29 855
47.1.31 856
4.
5.
2 (config-line) (config)# line vty (config)# line console
3 (config-group) RADIUS (config)# aaa group server radius
4 (config-if) (config)# interface
5 (config-if-range) (config)# interface range
6 (config-vlan) VLAN (config)# vlan
7 (config-mst) (config)# spanning-tree mst configuration
8 (config-axrp) Ring Protocol (config)# axrp
9 (config-ext-nacl) IPv4 (config)# ip access-list extended
10 (config-std-nacl) IPv4 (config)# ip access-list standard
11 (config-ipv6-acl) IPv6 (config)# ipv6 access-list
12 (config-ext-macl) MAC (config)# mac access-list extended
13 (config-ip-qos) IPv4 QoS (config)# ip qos-flow-list
14 (config-ipv6-qos) IPv6 QoS (config)# ipv6 qos-flow-list
15 (config-mac-qos) MAC QoS (config)# mac qos-flow-list
16 (dhcp-config) DHCP (config)# ip dhcp pool
17 (config-auto-cf) AUTOCONF (config)# auto-config
18 (config-netconf) NETCONF (config)# netconf
19 (config-ether-cfm) MA (config)# ethernet cfm domain
20 (config-sw) (config)# switch
3

..
1234.5607.08ef 0000.00ff.ffff
IPv4
IPv4
.
192.168.0.14 255.255.255.0
IPv4
3ffe:501:811:ff03::87ff:fed0:c7e0
4

<IF#>
<IF#> "NIF No./Port No." "NIF No." 0
<IF#>

gigabitethernet
tengigabitethernet interface range tengigabitethernet <interface id list>
vlan
interface range port-channel <Channel group# list>
,
interface range gigabitethernet 0/1-3 interface range tengigabitethernet 1/ 0/25-26
interface range tengigabitethernet 0/ 25-26
interface range vlan 1-100

switchport trunk allowed vlan add 103
switchport trunk allowed vlan 100,101,103
switchport trunk allowed vlan add 100,200-210
switchport trunk allowed vlan remove 100,200-210
switchport isolation interface add gigabitethernet 0/1-3
switchport isolation interface remove gigabitethernet 0/1-3

gigabitethernet tengigabitethernet
<IF#> gigabitethernet
tengigabitethernet <switch no.><IF#>

1-5 <VLAN ID> <vlan id>
<VLAN ID list> <vlan id list>
<VLAN ID list> <vlan id list> -
, VLAN ID <VLAN ID> <vlan id>
VLAN ID <VLAN ID>
<vlan id>
tengigabitethernet 0/25 0/28
3 48T 48TD
gigabitethernet 0/1 0/52
4 48T2X 48P2X
5 24S4X 24S4XD
1-6 <Channel group#> <channel group>
<Channel group# list>
<Channel group#> <channel
group>
"-" ","
7
2

0x20 1 0 0x30 @ 0x40 P 0x50 ` 0x60 p 0x70
! 0x21 1 0x31 A 0x41 Q 0x51 a 0x61 q 0x71
" 0x22 2 2 0x32 B 0x42 R 0x52 b 0x62 r 0x72
# 0x23 3 0x33 C 0x43 S 0x53 c 0x63 s 0x73
$ 0x24 4 0x34 D 0x44 T 0x54 d 0x64 t 0x74
% 0x25 5 0x35 E 0x45 U 0x55 e 0x65 u 0x75
& 0x26 6 0x36 F 0x46 V 0x56 f 0x66 v 0x76
' 0x27 7 0x37 G 0x47 W 0x57 g 0x67 w 0x77
( 0x28 8 0x38 H 0x48 X 0x58 h 0x68 x 0x78
) 0x29 9 0x39 I 0x49 Y 0x59 i 0x69 y 0x79
* 0x2A : 0x3A J 0x4A Z 0x5A j 0x6A z 0x7A
+ 0x2B ; 0x3B K 0x4B [ 0x5B k 0x6B { 0x7B
, 0x2C < 0x3C L 0x4C 0x5C l 0x6C | 0x7C
- 0x2D = 0x3D M 0x4D ] 0x5D m 0x6D } 0x7D
. 0x2E > 0x3E N 0x4E ^ 0x5E n 0x6E ~ 0x7E
/ 0x2F ? 0x3F 1 O 0x4F _ 0x5F o 0x6F --- ---
8

ftp-server

2.
0 3 0 15 1 16

Vol.1 10.1.7
IP ip access-groupipv6
access-class transport input
2.
1.

Unsaved changes would be lost when the machine goes to sleep! Do you exit "configure" without save ? (y/n):

"y" "n" end save

The machine is just going to sleep! Do you exit ? (y/n):

"n" end "(config)# $set power-control schedule disable"

18
exit
exit

Unsaved changes would be lost when the machine goes to sleep! Do you exit "configure" without save ? (y/n):

"y" "n" exit save

The machine is just going to sleep! Do you exit ? (y/n):

"n" exit "(config)# $set power-control schedule disable"

19
save(write)
save(write)

update mc-configuration

20
show
show

banner <Command> [<Parameter>]

<Command> [<Parameter>]

21
top
top

switch provision

(config)
1.

(config)
2530-24t

switch

monitor session source
mac-address-table static

1.

MAC 2 26AE

authentication enable end-by-reject

group radius
RADIUS
enable

RADIUS RADIUS aaa group server radius

"tacacs+" "tacacs+" "taca"

1. "group radius" "group <Group name>" RADIUS
RADIUS

aaa authentication enable
2. group radius RADIUS group <group name>RADIUS
RADIUS

RADIUS aaa authentication enable

(config)

group radius
RADIUS
local

RADIUS RADIUS aaa group server radius

"tacacs+" "tacacs+" "taca"

1. "group radius" "group <Group name>" RADIUS
RADIUS

35
aaa authentication login
2. group radius RADIUS group <Group name>RADIUS
RADIUS

(config)
2. aaa authentication login local
RADIUS RADIUS
RS-232C
aaa authentication login

(config)

RADIUS

(config)
2. RADIUS 4
39

plain-text "<text message>"
encode

1.
a 0x07
b 0x08
t 0x09
? 0x3f ? ???
' 0x27 ' '''
ooo ASCII 8 (3 ) ooo000 3773
xhh ASCII 16 (2 ) hh00 ff 2
41
banner
1.

42
ip access-groupipv6 access-class 128

(config-line)
1.

2. ftp ftp-server
3. ip access-group IPv4

ip access-groupipv6 access-class 128

(config-line)
1.

2. ftp ftp-server
3. ipv6 access-class IPv6

RADIUS
Called-Station-Id Calling-Station-Id
(config)
3. MAC RADIUS User-NameUser-Password MAC
mac-authentication id-format
RADIUS RADIUS

RADIUS radius-server host

radius-server host {<ipv4 address> | <ipv6 address>} [auth-port <port>] [acct-port <port>] [timeout <seconds>] [retransmit <retries>] [key <string>]

(config)
RADIUS
RADIUS
2.

2. IPv4 127.*.*.*
3. key radius-server key
RADIUS
RADIUS RADIUS
RADIUS
RADIUS RADIUS
radius-server dead-interval
5. RADIUS RADIUS RADIUS IP
RADIUS

RADIUS
web-authentication radius-server host key

web-authentication radius-server host retransmit

web-authentication radius-server host timeout

(config-group)
2. IPv4 127.*.*.*
3.
radius-server host key radius-server
key
radius-server RADIUS RADIUS
RADIUS RADIUS
RADIUS RADIUS
RADIUS radius-server dead-interval

6-1
×
SNTP
set clock

1.
<Minutes offset>
UTC
1.

NTP

(config)

10
2. ntp authenticate key NTP
key ntp trusted-key
NTP
1

SNTP
3. IP VLAN NTP

NTP
10

2. IP VLAN NTP

1.

NTP

3. <stratum> 15
16 NTP
4. 6-1

ntp peer <ip address> [version <number>] [key <key id>] [prefer]

(config)
1.
10
IP
NTP
key ntp trusted-key
NTP
1

ntp server <ip address>SNTP
ntp server <ip address> [version <number>] [key <key id>] [prefer]NTP

(config)
1.
10

3. NTP ntp server ntp peer

IP
NTP
key ntp trusted-key
NTP
1
8. sntp client NTP SNTP 3
NTP

(config)
10

SNTP
NTP
ntp interval ntp broadcast client(global) ntp server sntp client
ntp authenticate ntp authentication-key ntp broadcast ntp broadcast client(global) ntp broadcast client(interface) ntp broadcastdelay ntp master ntp peer ntp server ntp trusted-key
78

3. ip host ipv6 host IPv6
ping ipv6 ip host

85
DNS
(config)

1. DNS IP ip name-serverDNS IP
DNS
2. IPv6 AAAA IPv4 AAAA

3. ipv6 host ip host IPv6
ping ipv6 ip host

87
1.

24T 24TD 08TC1

Please execute the reload command after save, because this command becomes effective after reboot.

92

(config)

CPU
E3 KERNEL 01f10002 No longer receiving many packets for CPU.
CPU

system receive alarm parameters <upper limit> <lower limit> <upper period> <lower period>

(config)
1 600 / S2530 1 800 / S2530E
<lower limit>
<upper period>

540 / S2530720 / S2530E 360 / S2530480 / S2530E
96

600pps IP8800/S2530E
<upper limit> 601 IP8800/S2530

97

100
25 4524T 25 6008P08TC1 25 50

24T

2.
25 4524T 25 6008P08TC1 25 50
period <days>
24T

1. SFP SFP+/SFP 10G

1. SFP SFP+/SFP 10G

1.

1. "disable"( ) ST1 ST2ACC( LED)
2. PWR LED PSIN1/PSIN208TC1
3. PoE Status(TEMPPWRPORT)08P LED

114

schedule-power-control time-range <entry number> { | | | } action { enable | disable }

weekly start-time {sun | mon | tue | wed | thu | fri | sat} <HHMM> end-time {sun | mon | tue | wed | thu | fri | sat} <HHMM>

infinity

(config)
{ date | weekly | everyday | infinity }
schedule-power-control time-range
2.
date, weekly, everyday08P08TC116P4X date, weekly, everyday, infinity
date
2000 00
<YYMMDD> <HHMM> 2000 1
1 0 0 2038 1 17 23 59
end-time <YYMMDD> <HHMM>
2000 00
<YYMMDD> <HHMM> 2000 1
1 0 0 2038 1 17 23 59
118

2.
(sunmontuewedthufrisat) 1 <HHMM>
end-time {sun | mon | tue | wed | thu | fri | sat} <HHMM>

2.
(sunmontuewedthufrisat) 1 <HHMM>
everyday
start-time <HHMM>
2. schedule-power-control system-sleep

Unsaved changes would be lost when the machine goes to sleep!
Do you exit "configure" without save ? (y/n):
"n" save

(config)
48T48T2X48P2X
10-1
10-2 24T
48T 48T2X 48P2X 48TD
10-3 48T 48T2X48P2X
24T4X 24S4X 24S4XD
0/23 0/24 0/25 0/26
WOL

0/47 0/48 0/49 0/50

3.

24T 24TD 08TC1

1.

1. "disable"( ) ST1 ST2 ACC( LED)
127
3. PoE Status(TEMPPWRPORT)08P LED
4. schedule-power-control port-led

128

(config)

(config)
(config)
power inline allocation48P2X08P16P4X
power inline delay48P2X08P16P4X
power inline priority-control disableconfig-sw48P2X
power inline priority-control disableglobal48P2X08P16P4X
shutdown

24T 24TD
48T 48TD
16P4X 0/1 0/16 halffullauto
0/17 0/20 duplex(tengigabitethernet)

1. speed duplex auto auto

2. 1000BASE-X speed 1000
duplex full speed auto auto 1000
duplex full
3. UTP MDI-X
4. 100BASE-FX duplex full 24S4X08TC1 5. half 10BASE-T/100BASE-TX

2. 1000BASE-X1000BASE-TSFP-Tspeed 1000
duplex full

flowcontrol send {desired | on | off} flowcontrol receive {desired | on | off}

(config-if)
receive {desired | on | off}
139
flowcontrol

tengigabitethernet 10G
on off
flowcontrol on
24S4X08TC1 3. 10GBASE-R
10G
config-if
interface gigabitethernet <IF#>

'geth'+' '
0/1 geth0/1
2.
interface tengigabitethernet <IF#>

'tengeth'+' '
0/25 tengeth0/25
2.

200

200

MDI no mdix auto MDIX
MDI-X

3. 100BASE-FX 24S4X08TC1 4. 10GBASE-R 10G

146
mtu
mtu

MTU MTU Ethernet V2

Vol.1 17.1.3 MAC LLC


2 system mtu
2. vlan MTU MTU

3. VLAN Tag 2 IP 22
1500 IP Tag 2 mtu 1504

1500
Untagged M1 1+18
Untagged M2 2+18
1500
Untagged M1 1+14
Untagged M2 2+14
1500
148

1.
switch provision PoE

3.
5. never activate power inline

150
Class

limit

PoE PoE

PoE

inline no power inline delay

48P2X
(config-sw)
(global)

switch
155

(config)
(config-sw)

1. SNMP SNMP SetRequest ifAdminStatus Set

speed { 10 | 100 | 1000 | auto | auto {10 | 100 | 1000 | 10 100 | 10 100 1000} }

{ 10 | 100 | 1000 | auto | auto {10 | 100 | 1000 | 10 100 | 10 100 1000} }

24T 24TD 24T4X 24S4X 24S4XD
0/1 0/24 10 100 1000 auto auto 10 auto 100 auto 1000 auto 10 100 auto 10 100 1000
24T 24TD
24T4X 24S4X 24S4XD
0/25 0/28 speed(tengigabitethernet)
48T 48TD 48T2X 48P2X
48T 48TD
158

08P 08PD24 08PD 08TC1
16P4X 0/1 0/16 10 100 1000 auto auto 10 auto 100 auto 1000 auto 10 100 auto 10 100 1000
10BASE-T/ 100BASE-TX/ 1000BASE-T
10 100 auto auto 10 auto 100 auto 1000 auto 10 100 auto 10 100 1000
100BASE-FX24S4X08TC1 100

1. speed duplex auto auto

100 duplex full half
3. 1000BASE-X speed 1000 duplex
full
4. UTP MDI-X
5. 100BASE-FX speed 100 auto 24S4X 08TC1

2. 1000BASE-X1000BASE-TSFP-Tspeed 1000
duplex full
161


1. MTU FCS Ethernet V2


163
2 system mtu
2. VLAN Tag 2 IP 22
1500 IP Tag 2 mtu 1504
system mtu mtu

1500
Untagged M1 1+18
Untagged M2 2+18
1500
Untagged M1 1+14
Untagged M2 2+14
1500
164

passive
LACPDU
1.
LACP
port-channel

4. shutdown
5. port-channel
port-channel
port-channel

(config)

max-active-port
LACP Port Priority
1.
channel-group mode on

2. priority Block
174

128

SNMP SNMP SetRequest ifAdminStatus Set

13 MAC
2
300

vlan <vlan id list>
VLAN VLAN ID VLAN 4
1.
mac-address-table
tengigabitethernet <switch no.>/<IF#> | port-channel <channel group>}
mac-address-table static <mac> vlan <vlan id> interface {gigabitethernet <IF#> |
tengigabitethernet <IF#> | port-channel <channel group>}

(config)

1.
<channel group>}

vlan 1
MAC

MAC

(config)
VLAN ID=1

1. <VLAN ID> VLAN ID VLAN VLAN
VLAN VLAN MAC VLAN vlan VLAN

2. VLAN interface range <VLAN ID list>

3. interface vlan VLAN no vlan VLAN vlan
VLAN no interface vlan VLAN

vlan
186

<MAC>
MAC VLAN MAC VLAN MAC VLAN

2. 2 MAC 2

189
name
name
1.
vlan <VLAN ID list>

VLANxxxxxxxx VLAN ID 4 0

VLAN ID RADIUS VLAN

190
protocol
protocol

VLAN

vlan-protocol
191
state
state
active
1.
SNMP SNMP SetRequest ifAdminStatus Set

vlan <vlan id>
VLAN VLAN VLAN MAC VLAN
VLAN VLAN
VLAN
1.
VLAN VLAN

1. VLAN Untagged VLAN Tagged
VLAN VLAN Tagged

VLAN TPIDTag Protocol IDentifier TPID

vlan-dot1q-ethertype TPID 0x8100

194

switchport isolation interface { <interface id list> | add <interface id list> | remove <interface id list>}

195

2. 1 <interface id list> 26 tengigabitethernet 2
27 add <interface id list>

196

switchport mac vlan <vlan id list> switchport mac native vlan <vlan id> switchport mac dot1q vlan <vlan id list>

switchport mac {vlan <vlan id list> | vlan add <vlan id list> | vlan remove <vlan id list> | native vlan <vlan id> } switchport mac dot1q vlan{ <vlan id list> | add <vlan id list> | remove <vlan id list>}

no switchport mac dot1q vlan
(config-if)

VLAN VLAN
1.
VLAN Tagged
VLAN Tagged VLAN VLAN
Tagged
VLAN VLAN MAC VLAN switchport mac vlan
VLAN

MAC VLAN VLAN
1.

MAC VLAN VLAN
1.

Tagged VLAN VLAN
VLAN VLAN MAC VLAN switchport mac vlan VLAN

Tagged VLAN VLAN
1.

switchport mode mac MAC VLAN

1. MAC 2 VLAN VLAN

VLAN switchport mac vlan switchport mac vlan add
VLAN no switchport mac switchport mac vlan remove
2. switchport mac dot1q vlan VLAN VLAN
VLAN VLAN

switchport mac auto-vlan
switchport mac auto-vlan
no switchport mac auto-vlan VLAN switchport mac vlan
VLAN

VLAN

2
access
VLAN Tagged Untagged
VLAN
Tagged
Tagged switchport mac dot1q vlan
Tagged
accesstrunkprotocol-vlanmac-vlandot1q-tunnel08P08TC116P4X accesstrunkprotocol-vlanmac-vlandot1q-tunnel stack
201

VLAN VLAN

VLAN VLAN
switchport access VLAN VLAN

8.
14-1
48T 48T2X 48P2X 48TD

switchport protocol vlan <vlan id list> switchport protocol native vlan <vlan id>

switchport protocol {vlan <vlan id list> | vlan add <vlan id list> | vlan remove <vlan id list> | native vlan <vlan id>}

(config-if)

1.
1.

1.

VLAN
2. VLAN VLAN

switchport trunk allowed vlan <vlan id list> switchport trunk native vlan <vlan id>

switchport trunk native vlan <vlan id> switchport trunk allowed vlan { <vlan id list> | add <vlan id list> | remove <vlan id list>}

no switchport trunk allowed vlan no switchport trunk native vlan
(config-if)
VLANUntagged VLAN VLAN
VLAN MAC VLAN VLAN VLAN
VLAN
VLAN
VLAN
VLAN allowed vlan Untagged
1.

1.

206
1.

vlan

(config-if)
1.
1.
2. Tag
3. VLAN Tag Tag
VLAN TagVLAN ID VLAN VLAN ID

4. Tag switchport vlan mapping VLAN Tag
Tag VLAN Tag VLAN ID
switchport vlan mapping
(config-if)
2. Tag
3. Tag switchport vlan mapping VLAN Tag
Tag VLAN Tag VLAN ID
switchport vlan mapping

vlan <VLAN ID> vlan <VLAN ID list> vlan <VLAN ID> protocol-based vlan <VLAN ID list> protocol-based vlan <VLAN ID> mac-based vlan <VLAN ID list> mac-based

(config)
1.
VLAN ID=1
VLAN config-vlan
1.
VLANVLAN ID=1
protocol-based
VLAN MAC VLAN VLAN
VLAN
VLAN VLAN VLAN
VLAN

1. VLANVLAN ID=1 VLAN

2. <VLAN ID list> VLAN

VLAN
4. VLAN VLAN

1 <VLAN ID>

3 protocol-based × VLAN
4 mac-based × VLAN
5. vlan VLAN interface vlan VLAN
vlan VLAN no interface vlan
interface vlan VLAN no vlan

6. no vlan VLAN VLAN MAC VLAN

TPID 0x8100 switchport dot1q ethertype
TPID

vlan-protocol <Protocol name> [ethertype <HEX enum>] [llc <HEX enum>] [snap-ethertype <HEX enum>]

1.
protocol

1. EtherType 16 05ff 0000
2. <HEX enum> EtherType 16

ethertypellcsnap-ethertype
4. 16 EtherType
5. vlan-protocol xxx ethertype <HEX> llc<HEX>
ethertype<HEX>

-, VLAN ID
1.

VLAN ID name revision MST

MST revision
MST ID vlans VLAN ID MST

ID vlans VLAN ID MST

PortFast

1 65535
1 200000000
3.

1. spanning-tree vlan cost spanning-tree single cost spanning-tree mst
cost

spanning-tree mode rapid-pvst mst
spanning-tree vlan mode rapid-pvst
Point-to-Point spanning-tree single mode
rapid-stp Point-to-Point

shared

STP

rapid-pvst PVST+ mst

1.

(config-if)
MST ID MST ID
-, MST ID
1.

spanning-tree mst max-hops <Hop number> spanning-tree mst <MSTI ID list> max-hops <Hop number>

no spanning-tree mst max-hops no spanning-tree mst <MSTI ID list> max-hops
(config)
MST ID MST ID
-, MST ID
1.

(config-if)
MST ID MST ID
-, MST ID
1.
128

(config)
MST ID MST ID
-, MST ID
1.

1.

PVST+

spanning-tree cost spanning-tree vlan cost spanning-tree single cost
spanning-tree pathcost method

10Mbit/s100
100Mbit/s19
1Gbit/s4
10Mbit/s2000000
100Mbit/s200000
1Gbit/s20000

1.

spanning-tree cost 65536
long

spanning-tree mst port-priority
128

PortFast
2.
PortFast
(config)
bpduguard
MAC

1. VLAN 1 PVST+ VLAN 1 PVST+
VLAN 1 PVST+

short
long

spanning-tree single mode rapid-stp802.1w

1.

spanning-tree single pathcost method
spanning-tree single pathcost method short
10Mbit/s100
100Mbit/s19
1Gbit/s4
10Mbit/s2000000
100Mbit/s200000
1Gbit/s20000

(config)
1.

128

spanning-tree single mode rapid-stp802.1w
spanning-tree single mode stp802.1D
BPDU 3
1.

VLAN VLAN

(config)
1.

(config-if)
1.

<cost>
spanning-tree pathcost method spanning-tree vlan < VLAN ID list > pathcost
method short
spanning-tree pathcost method spanning-tree vlan < VLAN ID list > pathcost
method long

(config)
1.

<Seconds>

spanning-tree mode spanning-tree vlan < VLAN ID list > mode pvst
802.1D
spanning-tree mode spanning-tree vlan < VLAN ID list > mode
rapid-pvst802.1w

(config)
1.

(config)
1.

<Seconds>

(config)
1.

PVST+

spanning-tree vlan cost
spanning-tree vlan pathcost method
spanning-tree vlan pathcost method short
10Mbit/s100
100Mbit/s19
1Gbit/s4
10Mbit/s2000000
100Mbit/s200000
1Gbit/s20000

(config)
1.

1.
267

(config-if)
1.

<priority>
128

(config)
1.

<Priority>

(config)
1.

<Counts>
spanning-tree mode spanning-tree vlan <VLAN ID list > mode
rapid-pvst802.1wspanning-tree mode
spanning-tree vlan <VLAN ID list > mode pvst802.1D1
BPDU 3
1.

ID 51
ID
ID

274

(config)
2.
ID ID

vlan
275

axrp vlan-mapping <mapping id> {vlan <vlan id list> | vlan add <vlan id list> | vlan remove <vlan id list>}

config

1.

VLAN VLAN VLAN ”axrp
vlan-mapping”VLAN
VLAN
1.

VLAN VLAN VLAN ”axrp
vlan-mapping”VLAN
VLAN
2. VLAN VLAN VLAN
3. VLAN VLAN VLAN
4. Ring Protocol PVST+ VLAN VLAN ID
Ring Protocol VLAN VLAN ID VLAN
ID ID VLAN
5. Ring Protocol VLAN ID MST
VLAN VLAN

vlan
277
axrp-primary-port
axrp-primary-port

config-if

shutdown

mode
axrp-ring-port
279
axrp-ring-port
axrp-ring-port

shared
1.
2.

axrp-primary-port

mode
axrp-primary-port
281
control-vlan
control-vlan

1.
VLAN ID=1
2. VLAN VLAN
3. VLAN VLAN VLAN
4. Ring Protocol

shutdown
7. forwarding-delay-time

vlan
283
disable
disable
Ring Protocol
shutdown

1.

2. VLAN ID VLAN VLAN ID VLAN ID

health-check interval

288
health-check holdtime

289
mode
mode

rift-ring
ID1 2
1.
290
mode

shutdown

multi-fault-detection holdtime

293

<ring id>
294

VLAN ID=1
3. VLAN VLAN VLAN
4. VLAN VLAN

296
name
name

infinity

298
vlan-group
vlan-group
Ring Protocol VLAN VLAN VLAN ID

VLAN

1.
vlan-mapping <mapping id list>
VLAN VLAN ID VLAN ID
-, VLAN ID

shared/
axrp-primary-port
ip igmp snooping mrouter discovery extension
ip igmp snooping mrouter logging
ip igmp snooping querier
ip igmp snooping query-interval

VLAN IGMP Leave IGMPv3 Report

(config-if)
IGMP Leave
IGMPv3 Report3

1. IGMP Leave IGMPv3 Report

304
<switch no.>/<IF#> | port-channel <channel group>}
ip igmp snooping mrouter interface {gigabitethernet <IF#> | tengigabitethernet <IF#> |
port-channel <channel group>}
no ip igmp snooping mrouter interface {gigabitethernet <switch no.>/<IF#> | tengigabitethernet
<switch no.>/<IF#> | port-channel <channel group>}
no ip igmp snooping mrouter interface {gigabitethernet <IF#> | tengigabitethernet <IF#> |
port-channel <channel group>}
group>}

2. IGMP snooping

VLAN
VLAN

ip igmp snooping mrouter discovery igmp ip igmp snooping mrouter discovery pim

(config-if)

1. ip igmp snooping mrouter discovery igmp VLAN ip igmp snooping

VLAN ip igmp snooping

VLAN

(config)
VLAN no ip igmp snooping mrouter logging

E3 SNOOP 02e31100 Found <Type> router <IPv4 address> on VLAN <VLAN ID> <IF#>.

E3 SNOOP 02e31200 Lost <Type> router <IPv4 address> on VLAN <VLAN ID> <IF#>.

(config)
(config-if)

(config-if)
VLAN IGMP Query

(config-if)
1.

no ipv6 mld snooping mrouter interface {gigabitethernet <IF#> | tengigabitethernet <IF#> | port-channel <channel group>}
(config-if)

2. MLD snooping

(config-if)
1. ipv6 mld snooping MLD Query
IPv6 MLD
19 IPv4ARPICMP
ARP

<mac address>
1.

(config-if)

IP MTU
MTU mtu
IP MTU show ip interfaceshow ipv6 interface show
ip-dual interface

RA MTU MTU MTU IP MTU

RA MTU Byte IP MTU

1. IP MTU MTU IP MTU
IP MTU 1500 ip mtu
MTU mtu
2. Web DHCP IP MTU

324
3. IPv6 IPv6 MTU 1280
IPv6 MTU 1280

(config)

(config-if)
<ipv6 prefix>
64
0::/64

IPv6
interface vlan <vlan id>

2. Vol.1 3.2.5 IP (1) IP
(2) VLAN
VLAN IPv6

NDP
ipv6 neighbor <ipv6 address> interface vlan <vlan id> <mac address>

(config)
fe80::/64
interface vlan <vlan id>
<mac address>
1.

336

1.

host
hardware-address

ABC
21-1 IP
<ip address>
1.
21-1 IP IP
<masklen>
21-1 IP ABC
2.
8 32
21-1 IP ABC
2.
255.0.0.0 255.255.255.255
343
host

network

address
6.

(config)

(config)

lease {<Time day> [<Time hour> [<Time min> [<Time sec>]]] | infinite}

1 <Time day> /<Time hour>/<Time min>/<Time sec>
10 10( ) 365( )
<Time day>

IP show ip dhcp binding
IP network DHCP

4.

max-lease {<Time day> [<Time hour> [<Time min> [<Time sec>]]] | infinite}

<Time day> /<Time hour>/<Time min>/<Time sec> 10
10 365
<Time day>
IP network DHCP

IP

DHCP
ABC
21-2 IP
<ip address>
1.
<masklen>
21-2 IP ABC
2.
8 32
21-2 IP ABC
2.
255.0.0.0 255.255.255.255
351
network

IP

3. network host
network/host network

address

(config)
1.

22

monitor session filter

layer2-2

×
Vol.2 3.1.1 QoS

layer2-1 × × ×
layer2-2 × × ×
layer2-3 × ×
layer2-5 ×
layer2-1-mirror × × ×

layer2-1 × ×
layer2-2 × ×
layer2-3 ×
layer2-5 ×
357

(config)
layer-2-1-out × ×
layer-2-2-out × ×
layer-2-3-out
359

IPv6
chargen Character generator (19)
echo Echo (7)
finger Finger (79)
gopher Gopher (70)
http HyperText Transfer Protocol (80)
https HTTP over TLS/SSL (443)
ident Ident Protocol (113)
irc Internet Relay Chat (194)
klogin Kerberos login (543)
kshell Kerberos shell (544)
login Remote login (513)
lpd Printer service (515)
pop3s POP3 over TLS/SSL (995)
raw Printer PDL Data Stream (9100)
shell Remote commands (514)
smtps SMTP over TLS/SSL (465)
ssh Secure Shell Remote Login Protocol (22)
sunrpc Sun Remote Procedure Call (111)
tacacs+ Terminal Access Controller Access Control System Plus (49)
tacacs-ds TACACS-Database Service (65)
telnet Telnet (23)
time Time (37)
whois Nicname (43)
discard Discard (9)
echo Echo (7)
mobile-ip Mobile IP registration (434)
nameserver Host Name Server (42)
ntp Network Time Protocol (123)
radius Remote Authentication Dial In User Service (1812)
radius-acct RADIUS Accounting (1813)
snmp Simple Network Management Protocol (161)
snmptrap SNMP Traps (162)
syslog System Logger (514)
tftp Trivial File Transfer Protocol (69)
time Time server protocol (37)
who Who service (513)

Precedence
echo Echo (7)
TOS TOS

ICMP
gsrp GSRP
host-precedence-unreachable Host unreachable for precedence 3 14
host-redirect Host redirect 5 1
host-tos-redirect Host redirect for TOS 5 3
host-tos-unreachable Host unreachable for TOS 3 12
host-unknown Host unknown 3 7
host-unreachable Host unreachable 3 1
information-reply Information replies 16
Ethernet
mobile-redirect Mobile host redirect 32
net-redirect Network redirect 5 0
net-tos-redirect Network redirect for TOS 5 2
net-tos-unreachable Network unreachable for TOS 3 11
net-unreachable Network unreachable 3 0
network-unknown Network unknown 3 6
no-room-for-option Parameter required but no room 12 2
option-missing Parameter required but not present 12 1
packet-too-big Fragmentation needed and DF set 3 4
parameter-problem All parameter problems 12
port-unreachable Port unreachable 3 3
precedence-unreachable Precedence cutoff 3 15
protocol-unreachable Protocol unreachable 3 2
reassembly-timeout Reassembly timeout 11 1
redirect All redirects 5
router-advertisement Router discovery advertisements 9
router-solicitation Router discovery solicitations 10
source-quench Source quenches 4
source-route-failed Source route failed 3 5
time-exceeded All time exceeded 11
timestamp-reply Timestamp replies 14
timestamp-request Timestamp requests 13
traceroute Traceroute 30

destination-unreachable Destination address is unreachable 1 3
echo-reply Echo reply 129
echo-request Echo request (ping) 128
header Parameter header problems 4 0
hop-limit Hop limit exceeded in transit 3 0
mld-query Multicast Listener Discovery Query 130
mld-reduction Multicast Listener Discovery Reduction 132
mld-report Multicast Listener Discovery Report 131

mac access-list extended
system mac access-group
2
136
135
no-admin Administration prohibited destination 1 1
no-route No route to destination 1 0
packet-too-big Packet too big 2
parameter-option Parameter option problems 4 2
renum-command Router renumbering command 138 0
renum-result Router renumbering result 138 1
renum-seq-number Router renumbering sequence number reset
138 255
134
router-solicitation Neighbor discovery router solicitations 133
unreachable All unreachable 1

authentication ip access-group

IPv4IPv6MAC 512

1024
Vol.1 3.2

370

interface gigabitethernet 1/0/1 ip access-group AAAAA in
ip access-list extended AAAAA 10 permit tcp any any 20 deny udp any any
1 1 1 3
AAAAA
1/0/1 1/0/2 inbound
1 2 2 3
AAAAA
interface gigabitethernet 1/0/1 ip access-group AAAAA in ip access-group AAAAA out
1 2 2 3
AAAAA
BBBBB
interface gigabitethernet 1/0/2 ip access-group BBBBB in
ip access-list extended BBBBB 10 permit udp any any 20 deny tcp any any
2 2 2 6
AAAAA
BBBBB
interface gigabitethernet 1/0/1 ip access-group AAAAA in ip access-group BBBBB out
2 2 2 6
371

BBBBB
2 1 2 6
AAAAA
ip access-list extended AAAAA 10 permit tcp any any
1 0 1 2

TCPUDP ICMP
[<seq>] deny {ip | <protocol>} {<source ipv4> <source ipv4 wildcard> | host <source ipv4> | any} {<destination ipv4> <destination ipv4 wildcard> | host <destination ipv4> | any} [{[tos <tos>] [precedence <precedence>] | dscp <dscp>}] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]
TCP
[<seq>] deny tcp {<source ipv4> <source ipv4 wildcard> | host <source ipv4> | any}[{eq <source port> | range <source port start> <source port end>}] {<destination ipv4> <destination ipv4 wildcard> | host <destination ipv4> | any} [{eq <destination port> | range <destination port start> <destination port end>} ] [ack] [fin] [psh] [rst] [syn] [urg] [{[tos <tos>] [precedence <precedence>] | dscp <dscp>}] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]
UDP
[<seq>] deny udp {<source ipv4> <source ipv4 wildcard> | host <source ipv4> | any}[{eq <source port> | range <source port start> <source port end>}] {<destination ipv4> <destination ipv4 wildcard> | host <destination ipv4> | any} [{eq <destination port> | range <destination port start> <destination port end>}] [{[tos <tos>] [precedence <precedence>] | dscp <dscp>}] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]
ICMP
[<seq>] deny icmp {<source ipv4> <source ipv4 wildcard> | host <source ipv4> | any} {<destination ipv4> <destination ipv4 wildcard> | host <destination ipv4> | any} [{<icmp type> [<icmp code>] | <icmp message>}] [{[tos <tos>] [precedence <precedence>] | dscp <dscp>}] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]

2.
IPv4
{<source ipv4> <source ipv4 wildcard> | host <source ipv4> | any}
IPv4
1.
2.
<source ipv4> <source ipv4 wildcard>host <source ipv4> any
<source ipv4> <source ipv4 wildcard>
<source ipv4> IPv4
<source ipv4 wildcard> IPv4
IPv4
{eq <source port> | range <source port start> <source port end>}

1.

2.
23-3 TCP 23-4 UDP
IPv4
range <source port start> <source port end>

{<destination ipv4> <destination ipv4 wildcard> | host <destination ipv4> | any}
IPv4
1.
2.
<destination ipv4> <destination ipv4 wildcard>host <destination ipv4> any

374
<destination ipv4 wildcard> IPv4
IPv4
{eq <destination port> | range <destination port start> <destination port end>}

1.

2.
23-3 TCP 23-4 UDP
IPv4
range <destination port start> <destination port end>

tos <tos>
TOS 3 6 4 TOS
TOS 3 6 4
1.

2.
TOS 23-6 TOS
precedence <precedence>
TOS 3
1.

2.
Precedence 23-7 Precedence
dscp <dscp>
TOS 6
1.

2.
DSCP 23-8 DSCP
ack
TCP
TCP
TCP
TCP
TCP
TCP
<icmp code>
ICMP
<icmp message>
ICMP

377

<class mask>

nnn.nnn.nnn.nnn
4. <protocol> ah 5110

2.
{<ipv4> [<ipv4 wildcard>] | host <ipv4> | any}
IPv4
1.
<ipv4> [<ipv4 wildcard>]
<ipv4> IPv4
IPv4 <ipv4>

2. nnn.nnn.nnn.nnn 0.0.0.0 host nnn.nnn.nnn.nnn

TCPUDP ICMP
[<seq>] deny {ipv6 | <protocol>} {<source ipv6>/<length> | host <source ipv6> | any} {<destination ipv6>/<length> | host <destination ipv6> | any} [{traffic-class <traffic class> | dscp <dscp>}] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]
TCP
[<seq>] deny tcp {<source ipv6>/<length> | host <source ipv6> | any} [{eq <source port> | range <source port start> <source port end>}] {<destination ipv6>/<length> | host <destination ipv6> | any} [{eq <destination port> | range <destination port start> <destination port end>}] [ack] [fin] [psh] [rst] [syn] [urg] [{traffic-class <traffic class> | dscp <dscp>}] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]
UDP
[<seq>] deny udp {<source ipv6>/<length> | host <source ipv6> | any} [{eq <source port> | range <source port start> <source port end>}] {<destination ipv6>/<length> | host <destination ipv6> | any} [{eq <destination port> | range <destination port start> <destination port end>}] [{traffic-class <traffic class> | dscp <dscp>}] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]
ICMP
[<seq>] deny icmp {<source ipv6>/<length> | host <source ipv6> | any} {<destination ipv6>/ <length> | host <destination ipv6> | any} [{<icmp type> [<icmp code>] | <icmp message>}] [{traffic-class <traffic class> | dscp <dscp>}] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]

2.
IPv6
2.
1 4245 4952 5961 25510
23-2 IPv6
{<source ipv6>/<length> | host <source ipv6> | any}
IPv6
1.
<source ipv6>/<length>
<length> IPv6 bit


1.

2.
23-3 TCP 23-5 UDP
IPv6

{<destination ipv6>/<length> | host <destination ipv6> | any}
IPv6
1.
<destination ipv6>/<length>
382


1.

2.
23-3 TCP 23-5 UDP
IPv6

traffic-class <traffic class>
dscp <dscp>
TOS 6
1.

2.
DSCP 23-8 DSCP
ack
TCP
TCP
TCP
TCP
TCP
TCP
<icmp code>
ICMP
<icmp message>
ICMP

<class mask>

arp-sender-ip
[<seq>] deny {<source mac> <source mac mask> | host <source mac> | any} {<destination mac> <destination mac mask> | host <destination mac> | any | bpdu | cdp | lacp | lldp | oadp | pvst-plus-bpdu } [<ethernet type>] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]
arp-sender-ip
[<seq] deny any any arp arp-sender-ip <source ipv4> <source ipv4 wildcard>

2.
{<source mac> <source mac mask> | host <source mac> | any}
MAC
1.
2.
<source mac> <source mac mask>host <source mac> any
<source mac> <source mac mask>
<source mac> MAC
<source mac mask> MAC
MAC
MAC nnnn.nnnn.nnnn0000.0000.0000 ffff.ffff.ffff16
{<destination mac> <destination mac mask> | host <destination mac> | any | bpdu | cdp | lacp | lldp
387
1.
2.
<destination mac> <destination mac mask>host <destination mac>anybpducdplacp
lldpoadp pvst-plus-bpdu
<destination mac> <destination mac mask>
<destination mac> MAC
<destination mac mask> MAC
MAC
<ethernet type>

<class mask>
arp-sender-ip <source ipv4> <source ipv4 wildcard>
ARP IP

2.
<source ipv4> IPv4
IPv4

nnnn.nnnn.nnnn 0000.0000.0000 host nnnn.nnnn.nnnn
389
3. flow detection mode layer2-5 " arp arp-sender-ip
<source ipv4> <source ipv4 wildcard>"


(config-if)
1.

{in | out}

4. flow detection out mode
5. IPv4
VLAN VLAN ID

Tag

Tag

IPv4
IPv4 IPv4 IPv4 VLAN ID
TOS TCP ICMP ICMP

VLAN 127

(config)

393
ip access-list resequence <access list name> [<starting sequence> [<increment sequence>]]
(config)
1.

<starting sequence>
<increment sequence>

IPv4
VLAN 127

(config)

397
IPv6 IPv6
IPv6 IPv6 VLAN ID
TCP ICMP ICMP

VLAN 127

(config)

(config)

<starting sequence>

IPv6

(config-if)

{in | out}

5. IPv6 VLAN
VLAN ID

Tag

Tag

MAC

(config-if)

{in | out}

5. MAC VLAN
VLAN ID

Tag

Tag

MAC MAC
MAC MAC VLAN ID

VLAN 127

(config)
1.

mac access-list resequence <access list name> [<starting sequence> [<increment sequence>]]
(config)

<starting sequence>

TCPUDP ICMP
[<seq>] permit {ip | <protocol> } {<source ipv4> <source ipv4 wildcard> | host <source ipv4> | any} {<destination ipv4> <destination ipv4 wildcard> | host <destination ipv4> | any} [{[tos <tos>] [precedence <precedence>] | dscp <dscp>}] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]
TCP
[<seq>] permit tcp {<source ipv4> <source ipv4 wildcard> | host <source ipv4> | any}[{eq <source port> | range <source port start> <source port end>}] {<destination ipv4> <destination ipv4 wildcard> | host <destination ipv4> | any} [{eq <destination port> | range <destination port start> <destination port end>}] [ack] [fin] [psh] [rst] [syn] [urg] [{[tos <tos>] [precedence <precedence>] | dscp <dscp>}] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]
UDP
[<seq>] permit udp {<source ipv4> <source ipv4 wildcard> | host <source ipv4> | any}[{eq <source port> | range <source port start> <source port end>}] {<destination ipv4> <destination ipv4 wildcard> | host <destination ipv4> | any} [{eq <destination port> | range <destination port start> <destination port end>}] [{[tos <tos>] [precedence <precedence>] | dscp <dscp>}] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]
ICMP
[<seq>] permit icmp {<source ipv4> <source ipv4 wildcard> | host <source ipv4> | any} {<destination ipv4> <destination ipv4 wildcard> | host <destination ipv4> | any} [{<icmp type> [<icmp code>] | <icmp message>}] [{[tos <tos>] [precedence <precedence>] | dscp <dscp>}] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]

2.
IPv4
{<source ipv4> <source ipv4 wildcard> | host <source ipv4> | any}
IPv4
1.
2.
<source ipv4> <source ipv4 wildcard>host <source ipv4> any
<source ipv4> <source ipv4 wildcard>
<source ipv4> IPv4
IPv4

1.

2.
23-3 TCP 23-4 UDP
IPv4

{<destination ipv4> <destination ipv4 wildcard> | host <destination ipv4> | any}
IPv4
1.
2.
<destination ipv4> <destination ipv4 wildcard>host <destination ipv4> any

410
<destination ipv4 wildcard> IPv4
IPv4

1.

2.
23-3 TCP 23-4 UDP
IPv4

tos <tos>
TOS 3 6 4 TOS
TOS 3 6 4
1.

2.
TOS 23-6 TOS
precedence <precedence>
TOS 3
1.

2.
Precedence 23-7 Precedence
dscp <dscp>
TOS 6
1.

2.
DSCP 23-8 DSCP
ack
TCP
TCP
TCP
TCP
TCP
TCP
<icmp code>
ICMP
<icmp message>
ICMP

413

<class mask>

nnn.nnn.nnn.nnn
4. <protocol> ah 5110

2.
{<ipv4> [<ipv4 wildcard>] | host <ipv4> | any}
IPv4
1.
<ipv4> [<ipv4 wildcard>]
<ipv4> IPv4
IPv4 <ipv4>

2. nnn.nnn.nnn.nnn 0.0.0.0 host nnn.nnn.nnn.nnn

TCPUDP ICMP
[<seq>] permit {ipv6 | <protocol>} {<source ipv6>/<length> | host <source ipv6> | any} {<destination ipv6>/<length> | host <destination ipv6> | any} [{traffic-class <traffic class> | dscp <dscp>}] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]
TCP
[<seq>] permit tcp {<source ipv6>/<length> | host <source ipv6> | any} [{eq <source port> | range <source port start> <source port end>}] {<destination ipv6>/<length> | host <destination ipv6> | any} [{eq <destination port> | range <destination port start> <destination port end>}] [ack] [fin] [psh] [rst] [syn] [urg] [{traffic-class <traffic class> | dscp <dscp>}] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]
UDP
[<seq>] permit udp {<source ipv6>/<length> | host <source ipv6> | any} [{eq <source port> | range <source port start> <source port end>}] {<destination ipv6>/<length> | host <destination ipv6> | any} [{eq <destination port> | range <destination port start> <destination port end>}] [{traffic-class <traffic class> | dscp <dscp>}] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]
ICMP
[<seq>] permit icmp {<source ipv6>/<length> | host <source ipv6> | any} {<destination ipv6>/ <length> | host <destination ipv6> | any} [{<icmp type> [<icmp code>] | <icmp message>}] [{traffic-class <traffic class> | dscp <dscp>}] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]

2.
IPv6
2.
1 4245 4952 5961 25510
23-2 IPv6
{<source ipv6>/<length> | host <source ipv6> | any}
IPv6
1.
<source ipv6>/<length>
<length> IPv6 bit

IPv6
<source ipv6>nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn:nnnn

1.

2.
23-3 TCP 23-5 UDP
IPv6

{<destination ipv6>/<length> | host <destination ipv6> | any}
IPv6
1.
<destination ipv6>/<length>
418


1.

2.
23-3 TCP 23-5 UDP
IPv6

traffic-class <traffic class>
dscp <dscp>
TOS 6
1.

2.
DSCP 23-8 DSCP
ack
TCP
TCP
TCP
TCP
TCP
TCP
<icmp code>
ICMP
<icmp message>
ICMP

<class mask>

arp-sender-ip
[<seq>] permit {<source mac> <source mac mask> | host <source mac> | any} {<destination mac> <destination mac mask> | host <destination mac> | any | bpdu | cdp | lacp | lldp | oadp | pvst-plus-bpdu } [<ethernet type>] [vlan <vlan id>] [user-priority <priority>] [class <class> [mask <class mask>]]
arp-sender-ip
[<seq] permit any any arp arp-sender-ip <source ipv4> <source ipv4 wildcard>

2.
{<source mac> <source mac mask> | host <source mac> | any}
MAC
1.
2.
<source mac> <source mac mask>host <source mac> any
<source mac> <source mac mask>
<source mac> MAC
<source mac mask> MAC
MAC
MAC nnnn.nnnn.nnnn0000.0000.0000 ffff.ffff.ffff16
{<destination mac> <destination mac mask> | host <destination mac> | any | bpdu | cdp | lacp | lldp
423
1.
2.
<destination mac> <destination mac mask>host <destination mac>anybpducdplacp
lldpoadp pvst-plus-bpdu
<destination mac> <destination mac mask>
<destination mac> MAC
<destination mac mask> MAC
MAC
<ethernet type>

<class mask>
arp-sender-ip <source ipv4> <source ipv4 wildcard>
ARP IP

2.
<source ipv4> IPv4
IPv4

nnnn.nnnn.nnnn 0000.0000.0000 host nnnn.nnnn.nnnn
425
3. flow detection mode layer2-5 " arp arp-sender-ip


IPv6 MAC

<remark>

(config)

428

chargen Character generator (19)
echo Echo (7)
finger Finger (79)
gopher Gopher (70)
http HyperText Transfer Protocol (80)
https HTTP over TLS/SSL (443)
ident Ident Protocol (113)
irc Internet Relay Chat (194)
klogin Kerberos login (543)
kshell Kerberos shell (544)
login Remote login (513)
lpd Printer service (515)
pop3s POP3 over TLS/SSL (995)
raw Printer PDL Data Stream (9100)
shell Remote commands (514)
smtps SMTP over TLS/SSL (465)
ssh Secure Shell Remote Login Protocol (22)
sunrpc Sun Remote Procedure Call (111)

tacacs+ Terminal Access Controller Access Control System Plus (49)
telnet Telnet (23)
time Time (37)
whois Nicname (43)
discard Discard (9)
echo Echo (7)

TOS
Precedence
echo Echo (7)
TOS TOS
DSCP

ICMP
Ethernet
host-precedence-unreachable Host unreachable for precedence 3 14
host-redirect Host redirect 5 1
host-tos-redirect Host redirect for TOS 5 3
437

host-tos-unreachable Host unreachable for TOS 3 12
host-unknown Host unknown 3 7
host-unreachable Host unreachable 3 1
information-reply Information replies 16
information-request Information requests 15
mask-reply Mask replies 18
mask-request Mask requests 17
mobile-redirect Mobile host redirect 32
net-redirect Network redirect 5 0
net-tos-redirect Network redirect for TOS 5 2
net-tos-unreachable Network unreachable for TOS 3 11
net-unreachable Network unreachable 3 0
network-unknown Network unknown 3 6
no-room-for-option Parameter required but no room 12 2
option-missing Parameter required but not present 12 1
packet-too-big Fragmentation needed and DF set 3 4
precedence-unreachable Precedence cutoff 3 15
protocol-unreachable Protocol unreachable 3 2
redirect All redirects 5
router-advertisement Router discovery advertisements 9
router-solicitation Router discovery solicitations 10
source-quench Source quenches 4
source-route-failed Source route failed 3 5
timestamp-reply Timestamp replies 14
timestamp-request Timestamp requests 13
traceroute Traceroute 30

destination-unreachable Destination address is unreachable 1 3
echo-reply Echo reply 129
echo-request Echo request (ping) 128
header Parameter header problems 4 0

1 1G1M1k 100000000010000001000
2 1000k 100k 100011001200…10000000
3 1000k 64k 64128192…960
hop-limit Hop limit exceeded in transit 3 0
mld-query Multicast Listener Discovery Query 130
mld-reduction Multicast Listener Discovery Reduction 132
mld-report Multicast Listener Discovery Report 131
nd-na Neighbor discovery neighbor advertisements
136
135
no-admin Administration prohibited destination 1 1
no-route No route to destination 1 0
packet-too-big Packet too big 2
parameter-option Parameter option problems 4 2
renum-command Router renumbering command 138 0
renum-result Router renumbering result 138 1
renum-seq-number Router renumbering sequence number reset
138 255
134
router-solicitation Neighbor discovery router solicitations 133
unreachable All unreachable 1
1
Gbit/s 1G 10G 1Gbit/s
Mbit/s 1M 10000M 1Mbit/s
64 960 64kbit/s 3

QoS
interface gigabitethernet/tengigabitethernet/vlan ip qos-flow-group interface gigabitethernet/tengigabitethernet/vlan ipv6 qos-flow-group interface gigabitethernet/tengigabitethernet/vlan mac qos-flow-group
QoS
QoS QoS
QoS QoS

QoS
QoS
IPv4IPv6MAC QoS 512

1024
QoS Vol.1 3.2

interface gigabitethernet 1/0/1 ip qos-flow-group AAAAA in
ip qos-flow-list AAAAA 10 qos tcp any any action cos 5 20 qos udp any any action cos 4
1 1 1 2
QoS AAAAA
1/0/1 1/0/2 inbound
ip qos-flow-list AAAAA 10 qos tcp any any action cos 5 20 qos udp any any action cos 4
1 2 2 2
QoS AAAAA
1/0/1 inbound
QoS BBBBB
1/0/2 inbound
interface gigabitethernet 1/0/1 ip

ip8800/s2500ソフトウェアマニュアル コンフィグレーション ...13 mac...

Documents

ip8800/s2500ソフトウェアマニュアルコンフィグレーション ...13 mac...