DMS-3130 Multi-Gigabit L3 Stackable Managed Switch Instruction Manual

: June 1, 2024
: DMS

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch

DMS-3130-Multi-Gigabit-L3-Stackable-Managed-Switch-
image

Product Information

Specifications

Product Name: DMS-3130 Multi-Gigabit L3 Stackable Managed Switch
Version: 1.01
Release Date: 11/23/2023
Management Interface: Command Line Interface (CLI)

Product Usage Instructions

Audience

This product is intended for network administrators and IT networking professionals responsible for managing the switch using the Command Line Interface (CLI). Prior experience with Ethernet and modern networking principles is recommended.

Command Descriptions

The command descriptions in this manual are based on software release 1.01.006 and cover a subset of commands supported by the DMS-3130 Series switch.

Other Documentation

Additional information on configuring and troubleshooting the switch can be found in documents available on the CD, bundled with the switch, or on the D-Link website.

Command Modes

The CLI offers multiple command modes, and the commands available depend on the current mode and user privilege level.
Entering a question mark (?) at the system prompt displays all available commands in a specific mode.

FAQs

Q: Who is the intended audience for this manual?
- A: The manual is designed for network administrators and IT networking professionals responsible for managing the DMS-3130 Series switch using the CLI.
Q: Where can I find additional documentation for configuring and troubleshooting the switch?
- A: Additional documents can be accessed from the CD, bundled with the switch, or from the D-Link website.

Version 1.01 | 11/23//2023
Layer 3 Stackable Managed Switch

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide

Introduction

This manual’s command descriptions are based on the software release 1.01.006. The commands listed here are the subset of commands that are supported by the DMS-3130 Series switch.
Audience
This reference manual is intended for network administrators and other IT networking professionals responsible for managing the switch by using the Command Line Interface (CLI). The CLI is the primary management interface to the DMS-3130 Series switch, which will be generally referred to simply as the “Switch” within this manual. This manual is written in a way that assumes that you already have experience with and knowledge of Ethernet and modern networking principles for Local Area Networks.
Other Documentation
The documents below are a further source of information on configuring and troubleshooting the Switch. All the documents are available either from the CD, bundled with this switch, or from the D-Link website. Other documents related to this switch are:
· DMS-3130 Series Hardware Installation Guide · DMS-3130 Series Web UI Reference Guide
Conventions

Convention

Description

Boldface Font

Commands, command options and keywords are printed in boldface. Keywords, in the command line, are to be entered exactly as they are displayed.

UPPERCASE ITALICS Font Parameters or values that must be specified are printed in UPPERCASE ITALICS. Parameters in the command line are to be replaced with the actual values that are desired to be used with the command.

Square Brackets [ ]

Square brackets enclose an optional value or set of optional arguments.

Braces { }

Braces enclose alternative keywords separated by vertical bars. Generally, one of the keywords in the separated list can be chosen.

Vertical Bar |

Optional values or arguments are enclosed in square brackets and separated by vertical bars. Generally, one or more of the vales or arguments in the separated list can be chosen.

Blue Courier Font

This convention is used to represent an example of a screen console display including example entries of CLI command input with the corresponding output.

Notes, Notices, and Cautions
Below are examples of the three types of indicators used in this manual. When administering your switch using the information in this document, you should pay special attention to these indicators. Each example below provides an explanatory remark regarding each type of indicator.

NOTE: A note indicates important information that helps you make better use of your device.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
NOTICE: A notice indicates either potential damage to hardware or loss of data and tells you how to avoid the problem.
CAUTION: A caution indicates a potential for property damage, personal injury, or death.
Command Descriptions
The information pertaining to each command in this reference guide is presented using a number of template fields. The fields are:
· Description – This is a short and concise statement describing the functionality of the command. · Syntax – The precise form to use when entering and issuing the command. · Parameters – A table where each row describes the optional or required parameters, and their use, that
can be issued with the command. · Default – If the command sets a configuration value or administrative state of the Switch then any default
settings (i.e. without issuing the command) of the configuration is shown here. · Command Mode – The mode in which the command can be iss · ued. These modes are described in the section titled “Command Modes” below. · Command Default Level – The user privilege level in which the command can be issued. · Usage Guideline – If necessary, a detailed description of the command and its various utilization scenarios
is given here. · Example(s) – Each command is accompanied by a practical example of the command being issued in a
suitable scenario.
Command Modes
There are several command modes available in the command-line interface (CLI). The set of commands available to the user depends on both the mode the user is currently in and their privilege level. For each case, the user can see all the commands that are available in a particular command mode by entering a question mark (?) at the system prompt.
The command-line interface has five pre-defined privilege levels: · Basic User – Privilege Level 1. This user account level has the lowest priority of the user accounts. The purpose of this type of user account level is for basic system checking. · Advanced User – Privilege Level 3. This user account level is allowed to configure the terminal control setting. This user account can only show limited information that is not related to security. · Power User – Privilege 8. This user account level can execute fewer commands than operator, including configuration commands other than the operator level and administrator level commands. · Operator – Privilege Level 12. This user account level is used to grant system configuration rights for users who need to change or monitor system configuration, except for security related information such as user accounts and SNMP account settings, etc. · Administrator – Privilege Level 15. This administrator user account level can monitor all system information and change any of the system configuration settings expressed in this configuration guide.
The command-line interface has a number of command modes. There are three basic command modes: · User EXEC Mode · Privileged EXEC Mode · Global Configuration Mode
All other sub-configuration modes can be accessed via the Global Configuration Mode.
2

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
When a user logs in to the Switch, the privilege level of the user determines the command mode the user will enter after initially logging in. The user will either log into User EXEC Mode or the Privileged EXEC Mode.
· Users with a basic user level will log into the Switch in the User EXEC Mode. · Users with advanced user, power-user, operator or administrator level accounts will log into the Switch in
the Privileged EXEC Mode.

Therefore, the User EXEC Mode can operate at a basic user level and the Privileged EXEC Mode can operate at the advanced user, power-user, operator, or administrator levels. The user can only enter the Global Configuration Mode from the Privileged EXEC Mode. The Global Configuration Mode can be accessed by users who have operator or administrator level user accounts.

As for sub-configuration modes, a subset of those can only be accessed by users who have the highest secure administrator level privileges.

The following table briefly lists the available command modes. Only the basic command modes and some of the sub-configuration modes are enumerated. The basic command modes and basic sub-configuration modes are further described in the following chapters. Descriptions for the rest of the sub-configuration modes are not provided in this section. For more information on the additional sub-configuration modes, the user should refer to the chapters relating to these functions.

The available command modes and privilege levels are described below:

Command Mode/ Privilege Level

Purpose

User EXEC Mode / Basic User level Privileged EXEC Mode / Advanced User level Privileged EXEC Mode / Power User level Privileged EXEC Mode / Operator level
Privileged EXEC Mode / Administrator level Global Configuration Mode / Operator level
Global Configuration Mode / Administrator level
Interface Configuration Mode / Administrator level VLAN Interface Configuration Mode

This level has the lowest priority of the user accounts. It is provided only to check basic system settings.
This level is allowed to configure the terminal control setting. This user account can only show limited information that is not related to security.
This level can execute less commands than operator, including the `config’ commands other than the operator level and administrator level commands.
For changing local and global terminal settings, monitoring, and performing certain system administration tasks. Except for security related information, this level can perform system administration tasks.
This level is identical to privileged EXEC mode at the operator level, except that a user at the administrator level can monitor and clear security related settings.
For applying global settings, except for security related settings, on the entire switch. In addition to applying global settings on the entire switch, the user can access other sub-configuration modes from global configuration mode.
For applying global settings on the entire switch. In addition to applying global settings on the entire switch, the user can access other sub- configuration modes from global configuration mode.
For applying interface related settings.
For applying VLAN interface related settings.

User EXEC Mode at Basic User Level
This command mode is mainly designed for checking basic system settings. This command mode can be entered by logging in as a basic user.
3

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Privileged EXEC Mode at Advanced User Level
This command mode is mainly designed for checking basic system settings, allowing users to change the local terminal session settings and carrying out basic network connectivity verification. One limitation of this command mode is that it cannot be used to display information related to security. This command mode can be entered by logging in as an advanced user.
Privileged EXEC Mode at Power User Level
Users logged into the Switch in privileged EXEC mode at this level can execute fewer commands than operators, including the `config’ commands other than the operator level and administrator level commands. The method to enter the privileged EXEC mode at the power user level is to log into the Switch with a user account that has a privilege level of 8.
Privileged EXEC Mode at Operator Level
Users logged into the Switch in privileged EXEC mode at this level can change both local and global terminal settings, monitor, and perform system administration tasks (except for security related information). The method to enter privileged EXEC mode at operator level is to log into the Switch with a user account that has a privilege level of 12.
Privileged EXEC Mode at Administrator Level
This command mode has a privilege level of 15. Users logged in with this command mode can monitor all system information and change any system configuration settings mentioned in this Configuration Guide. The method to enter privileged EXEC mode at administrator level is to log into the Switch with a user account that has a privilege level of 15.
Global Configuration Mode
The primary purpose of the global configuration mode is to apply global settings to the entire switch. The global configuration mode can be accessed through advanced user, power user, operator or administrator level user accounts. However, security related settings are not accessible through advanced user, power user or operator user accounts. In addition to applying global settings to the entire switch, the user can also access other subconfiguration modes. In order to access the global configuration mode, the user must be logged in with the corresponding account level and use the configure terminal command in the privileged EXEC mode.
In the following example, the user is logged in as an Administrator in the Privileged EXEC Mode and uses the configure terminal command to access the Global Configuration Mode: Switch# configure terminal Switch(config)#
The exit command is used to exit the global configuration mode and return to the privileged EXEC mode. Switch(config)# exit Switch#
The procedures to enter the different sub-configuration modes can be found in the related chapters in this Configuration Guide. The command modes are used to configure the individual functions.
Interface Configuration Mode
Interface configuration mode is used to configure the parameters for an interface or a range of interfaces. An interface can be a physical port, VLAN, or other virtual interface. Thus, interface configuration mode is distinguished further according to the type of interface. The command prompt for each type of interface is slightly different.
4

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
VLAN Interface Configuration Mode
VLAN interface configuration mode is one of the available interface modes and is used to configure the parameters of a VLAN interface.

To access VLAN interface configuration mode, use the following command in global configuration mode: Switch(config)# interface vlan 1 Switch(config-if)#
Creating a User Account
By default, there is no user account created on this switch. For security reasons, it is highly recommended to create user accounts to manage and control access to this switch’s interface. This section will assist a user with creating a user account by means of the Command Line Interface.

Observe the following example.
Switch# enable Switch# configure terminal Switch(config)# username e admin password password_specified Switch(config)# username admin privilege 15 Switch(config)# line console Switch(config-line)# login local Switch(config- line)#

In the above example we had to navigate and access the username command.
· Starting in the User EXEC Mode, we enter the enable command to access the Privileged EXEC Mode. · After accessing the Privileged EXEC Mode, we entered the configure terminal command to access the
Global Configuration Mode. The username command can be used in the Global Configuration Mode. · The username admin password password_specified command creates a user account with the
username of admin and a password that has been entered. · The username admin privilege 15 command assigns a privilege level value of 15 to the user account
admin. · The line console command allows user to access the console interface’s Line Configuration Mode. · The login local command tells the Switch that users need to enter locally configured login credentials to
access the console interface.

–

NOTE: Usernames and Passwords are case sensitive. Usernames can be up to 32

characters in length. Passwords must contain 8-30 characters and include at least one

uppercase and lowercase letter, one number, and one symbol, such as @!&*. It must not

be identical to the username and must not contain adjacent identical characters or digits or

the default IP address of the Switch.

Save the running configuration to the start-up configuration. This means to save the changes made so that when the Switch is rebooted, the configuration will not be lost. The following example shows how to save the running configuration to the start-up configuration. Switch# copy running-config startup-config
Destination filename startup-config? [y/n]: y
Saving all configurations to NV-RAM………. Done.
Switch#

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
After the Switch has rebooted, or after the users log out and back in, the newly created username and password must be entered to access the CLI interface again, as shown below.

Interface Notation
When configuring the physical ports available on this switch, a specific interface notation is used. The following will explain the layout, terminology and use of this notation.
In the following example, we’ll enter the Global Configuration Mode and then enter the Interface Configuration Mode, using the notation 1/0/1. After entering the Interface Configuration Mode for port 1, we’ll change the speed to 1 Gbps, using the speed 1000 command. Switch# configure terminal Switch(config)# interface ethernet 1/0/1 Switch(config-if)# speed 1000 Switch (config-if)#
In the above example the notation 1/0/1 was used. The terminology for each parameter is as follows: · Interface Unit’s ID / Open Slot’s ID / Port’s ID
The Interface Unit’s ID is the ID of the stacking unit without the physical stack. If stacking is disabled or this unit is a stand-alone unit, then this parameter is irrelevant. The Open Slot’s ID is the ID of the module plugged into the open module slot of the Switch. The DMS-3130 Series switch doesn’t support any open modules slots, thus this parameter will always be zero for this switch series. Lastly, the Port’s ID is the physical port number of the port being configured. In summary, the above example will configure the stacked switch with the ID of 1, with the open slot ID of 0, and the physical port number 1.

Error Messages

When users issue a command that the Switch does not recognize, error messages will be generated to assist users with basic information about the mistake that was made. A list of possible error messages are found in the table below.

Error Message Ambiguous command
Incomplete command Invalid input detected at ^marker

Meaning Not enough keywords were entered for the Switch to recognize the command.
The command was not entered with all the required keyword. The command was entered incorrectly.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide The following example shows how an ambiguous command error message is generated. Switch# show v Ambiguous command Switch#
The following example shows how an incomplete command error message is generated. Switch# show Incomplete command Switch#
The following example shows how an invalid input error message is generated. Switch# show verb
^ Invalid input detected at ^marker Switch#

Editing Features

The command line interface of this switch supports the following keyboard keystroke editing features.

Keystroke Delete
Backspace
Left Arrow Right Arrow CTRL+R
Return Space ESC

Description
Deletes the character under the cursor and shifts the remainder of the line to the left.
Deletes the character to the left of the cursor and shifts the remainder of the line to the left.
Moves the cursor to the left.
Moves the cursor to the right.
Toggles the insert text function on and off. When on, text can be inserted in the line and the remainder of the text will be shifted to the right. When off, text can be inserted in the line and old text will automatically be replaced with the new text.
Scrolls down to display the next line or used to issue a command.
Scrolls down to display the next page.
Escapes from the displaying page.

Display Result Output Modifiers
The results displayed by show command can be filtered by the following parameters: · begin FILTER-STRING – This parameter is used to start the display with the first line that matches the filter string. · include FILTER- STRING – This parameter is used to display all the lines that match the filter string. · exclude FILTER-STRING – This parameter is used to exclude the lines that match the filter string from the display.
The usage of the output modifier are show XXX | begin STRING, or show XXX | include STRING, or show XXX | exclude STRING
7

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide The modifier interprets the filtering string using the Linux shell regular expression.

The example below shows how to use the begin FILTER-STRING parameter in a show command. Switch#show running-config | begin # DEVICE # DEVICE configure terminal end

AAA

configure terminal # AAA START no aaa new-model # AAA END end
Switch#

The example below shows how to use the include FILTER-STRING parameter in a show command. Switch#show running-config | include # DEVICE # DEVICE
Switch#

The example below shows how to use the exclude FILTER-STRING parameter in a show command. Switch#show running-config | exclude # DEVICE Building configuration…

Current configuration : 30689 bytes

——————————————————————————-

DMS-3130-30TS Gigabit Ethernet Switch

Configuration

Firmware: Build 1.01.006

——————————————————————————-

STACK end

AAA

configure terminal # AAA START
no aaa new-model CTRL+C ESC q Quit SPACE n Next Page ENTER Next Entry a All
For Linux shell regular expression, *’ represents wildcard, “*” represents the character’. The following example displays lines which include `S’
8

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide Switch#show ip route | include S S >0.0.0.0/0 [1/1] via 10.90.90.101, vlan1 The following example displays lines which include S’ and any character followingS’. represents wildcard. Switch#show ip route | include S Code: C – Connected, S – Static , R – RIP
O – OSPF Derived, IA – OSPF Inter Area E1 – OSPF External Type 1, E2 – OSPF External Type 2 N1 – OSPF NSSA External Type 1, N2 – OSPF NSSA External Type 2

– candidate default, > – Selected route Gateway of last resort is 10.90.90.101 to network 0.0.0.0 S* >0.0.0.0/0 [1/1] via 10.90.90.101, vlan1 C

10.0.0.0/8 is directly connected, vlan1 Total Entries: 2 Switch#
9

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide

Basic CLI Commands

2-1 help
This command is used to display a brief description of the help system. Use the help command in any command mode.
help
Parameters
None.
Default
None.
Command Mode
User/Privileged EXEC Mode. Any Configuration Mode.
Command Default Level
Level: 1.
Usage Guideline
The help command provides a brief description for the help system, which includes the following functions: · To list all commands available for a particular command mode, enter a question mark (?) at the system prompt. · To obtain a list of commands that begin with a particular character string, enter the abbreviated command entry immediately followed by a question mark (?). This form of help is called word help, because it lists only the keywords or arguments that begin with the abbreviation entered. · To list the keywords and arguments associated with a command, enter a question mark (?) in place of a keyword or argument on the command line. This form of help is called the command syntax help, because it lists the keywords or arguments that apply based on the command, keywords, and arguments already entered.
Example
This example shows how the help command is used to display a brief description of the help system.
10

Switch#help

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide

The switch CLI provides advanced help feature. 1. Help is available when you are ready to enter a command
argument (e.g. ‘show ?’) and want to know each possible available options. 2. Help is provided when an abbreviated argument is entered and you want to know what arguments match the input(e.g. ‘show ve?’.). If nothing matches, the help list will be empty and you must backup until entering a ‘?’ shows the available options. 3. For completing a partial command name could enter the abbreviated command name immediately followed by a key.

Note: Since the character ‘?’ is used for help purpose, to enter the character ‘?’ in a string argument, press ctrl+v immediately followed by the character ‘?’.

Switch#

The following example shows how to use the word help to display all the Privileged EXEC Mode commands that
begin with the letters “re”. The letters entered before the question mark (?) are reprinted on the next command line to allow the user to continue entering the command.

Switch#re? reboot

rename

renew

reset

Switch#re

The following example shows how to use the command syntax help to display the next argument of a partially complete stack command. The characters entered before the question mark (?) are reprinted on the next command line to allow the user to continue entering the command.

Switch#stack ?

<1-9>

Specifies current box ID

bandwidth Stacking port bandwidth

preempt Preempt the master role play

Switch#stack

2-2 enable
This command is used to change the privilege level of the active CLI login session.
enable [PRIVILEGE-LEVEL]

Parameters
PRIVILEGE-LEVEL

(Optional) Specifies the privilege level. The range is from 1 to 15. If not specified, privilege level 15 will be used.

Default
None.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Command Mode
User/Privileged EXEC Mode.
Command Default Level
Level: 1.
Usage Guideline
If the privileged level requires a password, enter it in the field provided. Only three attempts are allowed. Failure to access this level returns the user to the current level.
Example
This example shows how to change the privilege level of the active CLI login session to privilege level 12. Switch# show privilege
Current privilege level is 2
Switch# enable 15 password:**** Switch# show privilege
Current privilege level is 15
Switch#

2-3 disable
This command is used to change the privilege level of the active CLI login session to a lower privilege level.
disable [PRIVILEGE-LEVEL]

Parameters
PRIVILEGE-LEVEL

(Optional) Specifies the privilege level. The range is from 1 to 15. If not specified, privilege level 1 will be used.

Default
None.
Command Mode
User/Privileged EXEC Mode.
Command Default Level
Level: 1.
Usage Guideline
This command is used to change the privilege level of the active CLI login session to a lower privilege level.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Example
This example shows how to change the privilege level of the active CLI login session to privilege level 1. Switch# show privilege Current privilege level is 15 Switch# disable 1 Switch> show privilege Current privilege level is 1 Switch>
2-4 configure terminal
This command is used to enter the Global Configuration Mode. configure terminal
Parameters
None.
Default
None
Command Mode
Privileged EXEC Mode.
Command Default Level
Level: 12.
Usage Guideline
This command is used to enter the Global Configuration Mode.
Example
This example shows how to enter the Global Configuration Mode. Switch# configure terminal Switch(config)#
2-5 login (EXEC)
This command is used to configure a login username. login
Parameters
None. 13

Default
None.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide

Command Mode
User/Privileged EXEC Mode.

Command Default Level
Level: 1.

Usage Guideline
Use this command to change the login account. Three attempts are allowed to log into the Switch’s interface. When using Telnet, if all attempts fail, access will return to the command prompt. If no information is entered within 60 seconds, the session will return to the state when logged out.

Example
This example shows how to login with username “user1”. Switch# login
Username: user1 Password: xxxxxxxx
Switch#

2-6 login (Line)
This command is used to set the line login method. Use the no form of this command to disable the login.
login [local] no login

Parameters
local

(Optional) Specifies that the line login method will be local.

Default
By default, there is no login method configured for the console line. By default, there is a login method (by password) configured for the Telnet line. By default, there is a login method (by password) configured for the SSH line.
Command Mode
Line Configuration Mode.
Command Default Level
Level: 15.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Usage Guideline
For Console and Telnet access, when AAA is enabled, the line uses rules configured by the AAA module. When AAA is disabled, the line uses the following authentication rules:
· When login is disabled, the user can enter the line at Level 1. · When configuring the line login method with login parameter only without other option, after inputting the
same password as the password command, the user will enter the line at level

If the password wasn’t previously configured, an error message will be displayed and the session will be closed. · When configuring the line login method with login parameter and also with local option, the username and password option is selected, enter the username and password configured by the username command. For SSH access, there are three authentication types: · SSH public key · Host-based authentication · Password authentication The SSH public key and host-based authentication types are independent from the login command in the line mode. If the authentication type is password, the following rules apply: · When AAA is enabled, the AAA module is used. · When AAA is disabled, the following rules are used:
o When login is disabled, the username and password are ignored. Enter the details at Level 1. o When the username and password option is selected, enter the username and password
configured by the username command. o When the password option is selected, the username is ignored but a password is required using
the password command to enter the line at level 1.
Example
This example shows how to enter the Line Configuration Mode and to create a password for the line user. This password only takes effect once the corresponding line is set to login. Switch# configure terminal Switch(config)# line console Switch(config-line)# password login-password Switch(config-line)#
This example shows how to configure the line console login method as “login”. Switch# configure terminal Switch(config)# line console Switch(config-line)# login Switch(config-line)#
This example shows how to enter the login command. The device will check the validity of the user from the password create command. If correct, the user will have access at the particular level. Switch#login
Password:*****
Switch#
This example shows how to create a username “useraccount” with a specified password and use Privilege 12. Switch# configure terminal Switch(config)# username useraccount privilege 12 password 0 password-specified Switch(config)#
15

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide

–

NOTE: The password must contain 8-30 characters and include at least one uppercase

and lowercase letter, one number, and one symbol, such as @!&*. It must not be identical

to the username and must not contain adjacent identical characters or digits or the default

IP address.

This example shows how to configure the login method as login local.
Switch# configure terminal Switch(config)# line console Switch(config-line)# login local Switch(config-line)#

2-7 logout
This command is used to close an active terminal session by logging off the Switch. logout
Parameters
None.
Default
None.
Command Mode
User/Privileged EXEC Mode.
Command Default Level
Level:1.
Usage Guideline
Use this command to close an active terminal session by logging out of the device.
Example
This example shows how to log out. Switch# disable Switch# logout

2-8 end
This command is used to end the current configuration mode and return to the highest mode in the CLI mode hierarchy, which is either the User EXEC Mode or the Privileged EXEC Mode.
end
Parameters
None.
16

Default
None.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide

Command Mode
User/Privileged EXEC Mode. Any Configuration Mode.

Command Default Level
Level: 1.

Usage Guideline
Executing this command will return access to the highest mode in the CLI hierarchy.

Example
This example shows how to end the Interface Configuration Mode and go back to the Privileged EXEC Mode.
Switch# configure terminal Switch(config)# interface ethernet 1/1 Switch (config-if)#end Switch#

2-9 exit
This command is used to end the configuration mode and go back to the last mode. If the current mode is the User EXEC Mode or the Privileged EXEC Mode, executing the exit command logs you out of the current session.
exit
Parameters
None.
Default
None.
Command Mode
User/Privileged EXEC Mode. Any Configuration Mode.
Command Default Level
Level: 1.
Usage Guideline
Use this command to exit the current configuration mode and go back to the last mode. When the user is in the User EXEC Mode or the Privileged EXEC Mode, this command will log out the session.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Example
This example shows how to exit from the Interface Configuration Mode and return to the Global Configuration Mode. Switch# configure terminal Switch(config) interface ethernet 1/0/1 Switch(config-if)#exit Switch(config)#
2-10 show history
This command is used to list the commands entered in the current EXEC Mode session. show history
Parameters
None.
Default
None.
Command Mode
User/Privileged EXEC Mode. Any Configuration Mode.
Command Default Level
Level: 1.
Usage Guideline
Commands entered are recorded by the system. A recorded command can be recalled in sequence by pressing CTRL+P or the Up Arrow key. The history buffer size is fixed at 20 commands. The function key instructions below display how to navigate the commands in the history buffer.
· CTRL+P or the Up Arrow key – Recalls commands in the history buffer, beginning with the most recent command. Repeat the key sequence to recall successively older commands.
· CTRL+N or the Down Arrow key – Returns to more recent commands in the history buffer after recalling commands with Ctrl-P or the Up Arrow key. Repeat the key sequence to recall successively more recent commands.
Example
This example shows how to display the command buffer history. Switch# show history
help history
Switch#
18

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
2-11 password-recovery
This command is used to recover the password related settings. Use the password recovery command in the reset configuration mode.
password-recovery
Parameters
None.
Default
None.
Command Mode
Reset Configuration Mode.
Command Default Level
Level: 15.
Usage Guideline
Under certain circumstances, the administrator may need to update a user’s account because the password of the account was forgotten. To do this, the administrator has to enter the Reset Configuration Mode. For assistance on how to enter the reset configuration mode, please contact the technical support personnel. After entering the reset configuration mode, use the password- recovery command and follow the confirmation prompt message to recover the password related settings. Password recovery basically does the following three things:
· Updates an existing user account by entering the username of an existing user and its new password, or adds a new user account with privilege level 15. The new user account cannot be created if the maximum number of user accounts is exceeded.
· Updates the enabled password for the administrator-privileged level. · Disables the AAA function to let the system do local authentication. The updated setting will be saved in the running configuration file. Before the reload is executed, the Switch will prompt the administrator to approve saving the running configuration as the startup configuration.
Example
This example shows how to use the password recovery feature. Switch(reset- config)# password-recovery
This command will guide you to do the password recovery procedure. Do you want to update the user account? (y/n) [n]y Please input user account: user1 Please input user password: Do you want to update the enable password for privilege level 15? (y/n) [n]y Please input privilege level 15 enable password: Do you want to disable AAA function to let the system do the local authentication? (y/n) [n] y
Switch(reset-config)#
19

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
2-12 show environment
This command is used to display fan, temperature, power availability and status information.
show environment [fan | power | temperature]

Parameters
fan power temperature

(Optional) Specifies to display the detailed fan status. (Optional) Specifies to display the detailed power status. (Optional) Specifies to display the detailed temperature status.

Default
None.
Command Mode
User/Privileged EXEC Mode. Any Configuration Mode.
Command Default Level
Level: 1.
Usage Guideline
If a specific type is not specified, all types of environment information will be displayed.
Example
This example shows how to display fan, temperature, power availability, and status information.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide Switch#show environment

Detail Temperature Status:

Unit

Temperature Descr/ID

Current/Threshold Range

—-

——————————- ———————–

Central Temperature/1

48C/0~76C

Central Temperature/2

54C/0~76C

Status code: * temperature is out of threshold range

Detail Fan Status:

—————————————————————-

Unit 2:

Fan 1 (OK)

Fan 2 (OK)

Detail Power Status:

Unit

Power Module

—– —————–

Power 1

Power 2

Switch#

Power Status —————in-operation empty

Display Parameters
Power Module
Power status

Power 1: This represents the AC power. Power 2: This represents the RPS.
in-operation: The power rectifier is in normal operation. empty: The power rectifier is not installed.

2-13 show unit
This command is used to display information about system units.
show unit [UNIT-ID]

Parameters
UNIT-ID

(Optional) Specify the unit to display.

Default
None.
Command Mode
User/Privileged EXEC Mode. Any Configuration Mode.
Command Default Level
Level: 1.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Usage Guideline
This command displays information about the system modules. If no parameter is specified, information of all units will be displayed.

Example

This example shows how to display the information about units on a system.

Switch#show unit

Unit Model Descr

Model Name

—- ———————————————————- —————————-

162.5GE PoE AT , 85GE PoE BT + 210GBASE-T + 425G SFP28 DMS-3130-30PS

Unit —-
2

Serial-Number ———————-
TMCAM18000002

Status ————
OK

Up Time ——————
0DT1H4M47S

Unit —-
2 2

Memory ——–
DRAM FLASH

Total ———2023532 K 92160 K

Used ———791428 K 58151 K

Free ———1232104 K 34009 K

Switch#

2-14 show cpu utilization
This command is used to display the CPU utilization information.
show cpu utilization [history {15_minute [slot INDEX] | 1_day [slot INDEX]}]

Parameters

history 15_minute 1_day slot INDEX

(Optional) Specifies to display the historical CPU utilization information.
(Optional) Specifies to display the 15-minute based statistics count.
(Optional) Specifies to display the daily based statistics count. (Optional) Specifies the slot number to be displayed. For 15-minute based statistics count, the range is from 1 to 5. For 1-day based statistics count, the range is from 1 to 2. If no slot is specified, information of all slots will be displayed.

Default
None.
Command Mode
User/Privileged EXEC Mode. Any Configuration Mode.
Command Default Level
Level: 1.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Usage Guideline
This command displays the system’s CPU utilization information in 5 second, 1 minute, and 5 minute intervals.
There are two kinds of statistics offered for the historical utilization statistics: 15-minute based and 1-day based. For 15-minute based statistics, slot 1 represents the time from 15 minutes ago until now, slot 2 represents the time from 30 minutes ago until 15 minutes ago, and so on. For 1-day based statistics, slot 1 represents the time from 24 hours ago until now and slot 2 represents the time from 48 hours ago until 24 hours ago.

Example
This example shows how to display the CPU utilization information. Switch#show cpu utilization

CPU Utilization

Five seconds – 21 %

One minute – 22 %

Five minutes – 22 %

Switch#

2-15 show version
This command is used to display the version information of the Switch. show version
Parameters
None.
Default
None.
Command Mode
User/Privileged EXEC Mode. Any Configuration Mode.
Command Default Level
Level: 1.
Usage Guideline
Use this command to display the version information of the Switch.
Example
This example shows how to display the version information of the Switch.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide Switch#show version

Device MAC Address: 00:AD:24:A2:D6:00 System MAC Address: 00:AD:24:A2:D6:00

Unit ID ——2

Module Name —————–DMS-3130-30PS

Versions ——————–H/W:A1 Bootloader:1.00.003 Runtime: 1.01.006

Switch#

2-16 snmp-server enable traps environment
This command is used to enable the power, temperature and fan trap states. Use the no form of this command to disable the state.
snmp-server enable traps environment [fan] [power] [temperature] no snmp- server enable traps environment [fan | power | temperature]

Parameters
fan power
temperature

(Optional) Specifies to enable the Switch’s fan trap state for warning fan events (fan failed or fan recover).
(Optional) Specifies to enable the Switch’s power trap state for warning power events (power failure or power recovery). This trap can only be sent through 10G ports.
(Optional) Specifies to enable the Switch’s temperature trap state for warning temperature events (temperature exceeds the thresholds or temperature recover).

Default
By default, all environment device traps are disabled.
Command Mode
Global Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
Use this command to enable or disable the environment trap states for fan, power and temperature events. If no optional parameter is specified, all of the environment traps are enabled or disabled.
Example
This example shows how to enable the environment trap status.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Switch# configure terminal Switch(config)# snmp-server enable traps environment Switch(config)#

2-17 environment temperature threshold
This command is used to configure the environment temperature thresholds. Use the no form of this command to revert to the default settings.
environment temperature threshold unit UNIT-ID thermal THREMAL-ID [high VALUE] [low VALUE] no environment temperature threshold unit UNIT-ID thermal THREMAL- ID [high] [low]

Parameters
unit UNIT-ID thermal THERMAL-ID high
low

Specifies the unit ID.
Specifies the thermal sensor’s ID.
(Optional) Specifies the high threshold of the temperature in Celsius. The range is from -100 to 200.
(Optional) Specifies the low threshold of the temperature in Celsius. The range is from -100 to 200. The low threshold must be smaller than the high threshold.

Default
By default, the normal range is the same as the operation range.
Command Mode
Global Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
This command is used to configure the environment temperature threshold which corresponds to the normal range of the temperature defined for the sensor. The low threshold must be smaller than the high threshold. The configured range must fall within the operational range which corresponds to the minimum and maximum allowed temperatures defined for the sensor. When the configured threshold is crossed, a notification will be sent.
Example
This example shows how to configure the environment temperature thresholds for thermal sensor ID 1 on unit 1. Switch# configure terminal Switch(config)# environment temperature threshold unit 1 thermal 1 high 100 low 20 Switch(config)#

2-18 show privilege
This command is used to display the current privilege level.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide show privilege
Parameters
None.
Default
None.
Command Mode
User/Privileged EXEC Mode. Any Configuration Mode.
Command Default Level
Level: 1.
Usage Guideline
Use this command to display the current privilege level.
Example
This example shows how to display the current privilege level. Switch#show privilege
Current privilege level is 15
Switch#

2-19 show memory utilization
This command is used to display the memory utilization information.
show memory utilization [history {15_minute [slot INDEX] | 1_day [slot INDEX]}]

Parameters
history 15_minute 1_day slot INDEX

(Optional) Specifies to display the historical memory utilization information.
(Optional) Specifies to display the 15-minute based statistics count.
(Optional) Specifies to display the daily based statistics count.
(Optional) Specifies the slot number to be displayed. For 15-minute based statistics count, the range is from 1 to 5. For 1-day based statistics count, the range is from 1 to 2. If no slot is specified, information of all slots will be displayed.

Default
None.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Command Mode
User/Privileged EXEC Mode.

Command Default Level
Level: 1.

Usage Guideline
This command displays the system’s memory utilization information.
There are two kinds of statistics offered for the historical utilization statistics: 15-minute based and 1-day based. For 15-minute based statistics, slot 1 represents the time from 15 minutes ago until now, slot 2 represents the time from 30 minutes ago until 15 minutes ago and so on. For 1-day based statistics, slot 1 represents the time from 24 hours ago until now and slot 2 represents the time from 48 hours ago until 24 hours ago.

Example
This example shows how to display the information about memory utilization. Switch#show memory utilization

Unit —-
1 1

Memory ——–
DRAM FLASH

Total ———1006928 K 92160 K

Used ———676848 K 52885 K

Free ———330080 K 39275 K

Switch#

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide

802.1X Commands

3-1 clear dot1x counters
This command is used to clear 802.1X counters (diagnostics, statistics, and session statistics).
clear dot1x counters {all | interface INTERFACE-ID [, | -]}

Parameters
all interface INTERFACE-ID
, –

Specifies to clear 802.1X counters (diagnostics, statistics and session statistics) on all interfaces.
Specifies to clear 802.1X counters (diagnostics, statistics and session statistics) on the specified interface. Valid interfaces are physical ports (including type, stack member, and port number).
(Optional) Specifies a series of interfaces or separates a range of interfaces from a previous range. No space is allowed before or after the comma.
(Optional) Specifies a range of interfaces. No space is allowed before or after the hyphen.

Default
None.
Command Mode
Privileged EXEC Mode.
Command Default Level
Level: 12.
Usage Guideline
This command is used to clear 802.1X counters (diagnostics, statistics and session statistics).
Example
This example shows how to clear 802.1X counters (diagnostics, statistics and session statistics) on ethernet 1/0/1. Switch# clear dot1x counters interface ethernet 1/0/1 Switch#

3-2 dot1x control-direction
This command is used to configure the direction of the traffic on a controlled port as unidirectional (in) or bidirectional (both). Use the no form of this command to revert to the default setting.
dot1x control-direction {both | in} no dot1x control-direction

Parameters
both

Specifies to enable bidirectional control for the port.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide

Specifies to enable in direction control for the port.

Default
By default, the bidirectional mode is used.
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
This command is only available for physical port interface configuration. If the port control is set to forceauthorized, then the port is not controlled in both directions. If the port control is set to auto, then the access to the port for the controlled direction needs to be authenticated. If the port control is set to force-unauthorized, then the access to the port for the controlled direction is blocked. Suppose that port control is set to auto. If the control direction is set to both, then the port can receive and transmit EAPOL packets only. All user traffic is blocked before authentication. If the control direction is set to in, then in addition to receiving and transmitting EAPOL packets, the port can transmit user traffic but not receive user traffic before authentication.
Example
This example shows how to configure the controlled direction of the traffic through Ethernet 1/0/1 as unidirectional. Switch# configure terminal Switch(config)# interface ethernet 1/0/1 Switch(config-if)# dot1x control- direction in Switch(config-if)#

3-3 dot1x default
This command is used to revert the IEEE 802.1X parameters on a specific port to their default settings. dot1x default
Parameters
None.
Default
IEEE 802.1X authentication is disabled. Control direction is bidirectional mode. Port control is auto. Forward PDU on port is disabled. Maximum request is 2 times. Server timer is 30 seconds. Supplicant timer is 30 seconds. Transmit interval is 30 seconds.
29

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
This command is used to reset all the IEEE 802.1X parameters on a specific port to their default settings. This command is only available for physical port interfaces.
Example
This example shows how to reset the 802.1X parameters on port 1/0/1. Switch# configure terminal Switch(config)# interface ethernet 1/0/1 Switch(config-if)# dot1x default Switch(config-if)#

3-4 dot1x port-control
This command is used to control the authorization state of a port. Use the no form of this command to revert to the default setting.
dot1x port-control {auto | force-authorized | force-unauthorized} no dot1x port-control

Parameters
auto force-authorized force-unauthorized

Specifies to enable IEEE 802.1X authentication for the port. Specifies the port to the force authorized state. Specifies the port to the force unauthorized state.

Default
By default, this option is set as auto.
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
This command takes effect only when IEEE 802.1X PAE authenticator is globally enabled by the dot1x systemauth-control command and is enabled for a specific port by using the dot1x PAE authenticator. This command is only available for physical port interface configuration. If the port control is set to force- authorized, then the port is not controlled in both directions. If the port control is set to auto, then the access to the port for the controlled direction needs to be authenticated. If the port control is set to force- unauthorized, then the access to the port for the controlled direction is blocked.
30

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Example
This example shows how to deny all access on ethernet 1/0/1. Switch# configure terminal Switch(config)# interface ethernet 1/0/1 Switch(config-if)# dot1x port-control force-unauthorized Switch(config-if)#
3-5 dot1x forward-pdu
This command is used to enable the forwarding of the dot1x PDU. Use the no form of this command to disable the forwarding of the dot1x PDU.
dot1x forward-pdu no dot1x forward-pdu
Parameters
None.
Default
By default, this option is disabled.
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
This command is only available for physical port interface configuration. This command only takes effect when the dot1x authentication function is disabled on the receipt port. The received PDU will be forwarded in either the tagged or untagged form based on the VLAN setting.
Example
This example shows how to configure the forwarding of the dot1x PDU. Switch# configure terminal Switch(config)# interface ethernet 1/0/1 Switch(config-if)# dot1x forward-pdu Switch(config-if)#
3-6 dot1x initialize
This command is used to initialize the authenticator state machine on a specific port or associated with a specific MAC address.
31

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide dot1x initialize {interface INTERFACE-ID [, | -] | mac-address MAC-ADDRESS}

Parameters
interface INTERFACE-ID
,
–
mac-address MACADDRESS

Specifies the port on which the authenticator state machine will be initialized. Valid interfaces are physical ports.
(Optional) Specifies a series of interfaces or separates a range of interfaces from a previous range. No space is allowed before or after the comma.
(Optional) Specifies a range of interfaces. No space is allowed before or after the hyphen.
Specifies the MAC address to be initialized.

Default
None.
Command Mode
Privileged EXEC Mode.
Command Default Level
Level: 12.
Usage Guideline
In the multi-host mode, specify an interface ID to initialize a specific port. In the multi-auth mode, specify a MAC address to initialize a specific MAC address.
Example
This example shows how to initialize the authenticator state machine on ethernet 1/0/1. Switch# dot1x initialize interface ethernet 1/0/1 Switch#

3-7 dot1x max-req
This command is used to configure the maximum number of times that the backend authentication state machine will retransmit an Extensible Authentication Protocol (EAP) request frame to the supplicant before restarting the authentication process. Use the no form of this command to revert to the default setting.
dot1x max-req TIMES no dot1x max-req

Parameters
TIMES

Specifies the number of times that the Switch retransmits an EAP frame to the supplicant before restarting the authentication process. The range is 1 to 10.

Default
By default, this value is 2.
32

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
The command is only available for physical port interface configuration. If no response to an authentication request from the supplicant within the timeout period (specified by the dot1x timeout tx-period SECONDS command), the Switch will retransmit the request. This command is used to specify the number of retransmissions.
Example
This example shows how to configure the maximum number of retries on ethernet 1/0/1 to be 3. Switch# configure terminal Switch(config)# interface ethernet 1/0/1 Switch(config-if)# dot1x max-req 3 Switch(config-if)#
3-8 dot1x pae authenticator
This command is used to configure a specific port as an IEEE 802.1X port access entity (PAE) authenticator. Use the no form of this command to disable the port as an IEEE 802.1X authenticator.
dot1x pae authenticator no dot1x pae authenticator
Parameters
None.
Default
By default, this option is disabled.
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
This command is only available for physical port interface configuration. Globally enable IEEE 802.1X authentication on the Switch by using the dot1x system-auth-control command. When IEEE 802.1X authentication is enabled, the system will authenticate the 802.1X user based on the method list configured by the aaa authentication dot1x default command.
Example
This example shows how to configure ethernet 1/0/1 as an IEEE 802.1X PAE authenticator.
33

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide Switch# configure terminal Switch(config)# interface ethernet 1/0/1 Switch(config-if)# dot1x pae authenticator Switch(config-if)#
This example shows how to disable IEEE 802.1X authentication on ethernet 1/0/1. Switch# configure terminal Switch(config)# interface ethernet 1/0/1 Switch(config-if)# no dot1x pae authenticator Switch(config-if)#

3-9 dot1x re-authenticate
This command is used to re-authenticate a specific port or a specific MAC address.
dot1x re-authenticate {interface INTERFACE-ID [, | -] | mac-address MAC- ADDRESS}

Parameters
interface INTERFACE-ID ,
–
mac-address MACADDRESS

Specifies the port to re-authenticate. Valid interfaces are physical ports.
(Optional) Specifies a series of interfaces or separates a range of interfaces from a previous range. No space is allowed before or after the comma.
(Optional) Specifies a range of interfaces. No space is allowed before or after the hyphen.
Specifies the MAC address to re-authenticate.

Default
None.
Command Mode
Privileged EXEC Mode.
Command Default Level
Level: 12.
Usage Guideline
This command is used to re-authenticate a specific port or a specific MAC address. In the multi-host mode, specify an interface ID to re-authenticate a specific port. In the multi-auth mode, specify a MAC address to re- authenticate a specific MAC address.
Example
This example shows how to re-authenticate ethernet 1/0/1. Switch# dot1x re- authenticate interface ethernet 1/0/1 Switch#

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
3-10 dot1x system-auth-control
This command is used to globally enable IEEE 802.1X authentication on the Switch. Use the no form of this command to disable IEEE 802.1X authentication.
dot1x system-auth-control no dot1x system-auth-control
Parameters
None.
Default
By default, this option is disabled.
Command Mode
Global Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
The 802.1X authentication function restricts unauthorized hosts from accessing the network. Use the dot1x system-auth-control command to globally enable the 802.1X authentication control. When 802.1X authentication is enabled, the system will authenticate the 802.1X user based on the method list configured by the aaa authentication dot1x default command.
Example
This example shows how to enable IEEE 802.1X authentication globally on a switch. Switch# configure terminal Switch(config)# dot1x system-auth-control Switch(config)#

3-11 dot1x timeout
This command is used to configure IEEE 802.1X timers. Use the no form of this command to revert to the default settings.
dot1x timeout {server-timeout SECONDS | supp-timeout SECONDS | tx-period SECONDS} no dot1x timeout {server-timeout | supp-timeout | tx-period}

Parameters

server-timeout SECONDS supp-timeout SECONDS

Specifies the number of seconds that the Switch will wait for the request from the authentication server before timing out the server. On timeout, the authenticator will send an EAP-Request packet to the client. The range is 1 to 65535.
Specifies the number of seconds that the Switch will wait for the response from the supplicant before timing out supplicant messages other than the EAP request ID. The range is 1 to 65535

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide

tx-period SECONDS

Specifies the number of seconds that the Switch will wait for a response to an EAP-Request/Identity frame from the supplicant before retransmitting the request. The range is 1 to 65535

Default
The server-timeout is 30 seconds. The supp-timeout is 30 seconds. The tx- period is 30 seconds.
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
This command is only available for physical port interface configuration.
Example
This example shows how to configure the server timeout value, supplicant timeout value, and the TX period on Ethernet port 1/0/1 to be 15, 15, and 10 seconds, respectively. Switch# configure terminal Switch(config)# interface ethernet 1/0/1 Switch(config-if)# dot1x timeout server-timeout 15 Switch (config-if)# dot1x timeout supp-timeout 15 Switch(config-if)# dot1x timeout tx-period 10 Switch(config-if)#

3-12 show dot1x
This command is used to display the IEEE 802.1X global configuration or interface configuration.
show dot1x [interface INTERFACE-ID [, | -]]

Parameters
interface INTERFACE-ID , –

(Optional) Specifies to display the dot1x configuration on the specified interface or range of interfaces. If not specified, the global configuration will be displayed.
(Optional) Specifies a series of interfaces or separates a range of interfaces from a previous range. No space is allowed before or after the comma.
(Optional) Specifies a range of interfaces. No space is allowed before or after the hyphen.

Default
None.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Command Mode
User/Privileged EXEC Mode. Any Configuration Mode.

Command Default Level
Level: 1.

Usage Guideline
This command can be used to display the global configuration or interface configuration. If the configuration command is entered without parameters, the global configuration will be displayed. Otherwise, the configuration on the specified interface will be displayed.

Example
This example shows how to display the dot1X global configuration. Switch#show dot1x

802.1X Trap State

: Enabled : Enabled

Switch#

This example shows how to display the dot1X configuration on ethernet 1/0/1. Switch#show dot1x interface ethernet 1/0/1

Interface

: eth1/0/1

PAE

: Authenticator

Control Direction : Both

Port Control

: Auto

Tx Period

: 30 sec

Supp Timeout

: 30 sec

Server Timeout : 30 sec

Max-req

: 2

times

Forward PDU

: Enabled

Switch#

3-13 show dot1x diagnostics
This command is used to display IEEE 802.1X diagnostics.
show dot1x diagnostics [interface INTERFACE-ID [, | -]]

Parameters
interface INTERFACE-ID
,

(Optional) Specifies to display the dot1x diagnostics on the specified interface or range of interfaces. If not specified, information about all interfaces will be displayed.
(Optional) Specifies a series of interfaces or separates a range of interfaces from a previous range. No space is allowed before or after the comma.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide

–

(Optional) Specifies a range of interfaces. No space is allowed before or after the

hyphen.

Default
None.

Command Mode
User/Privileged EXEC Mode. Any Configuration Mode.

Command Default Level
Level: 1.

Usage Guideline
This command can be used to display 802.1X diagnostics. If no optional parameter is specified, information of all interfaces will be displayed.

Example
This example shows how to display the dot1X diagnostics on Ethernet port 1/0/1. Switch# show dot1x diagnostics interface ethernet 1/0/1

eth1/0/1 dot1x diagnostic information are following:

EntersConnecting

: 20

EAP-LogoffsWhileConnecting

: 0

EntersAuthenticating

: 0

SuccessesWhileAuthenticating

: 0

TimeoutsWhileAuthenticating

: 0

FailsWhileAuthenticating

: 0

ReauthsWhileAuthenticating

: 0

EAP-StartsWhileAuthenticating

: 0

EAP-LogoffsWhileAuthenticating

: 0

ReauthsWhileAuthenticated

: 0

EAP-StartsWhileAuthenticated

: 0

EAP-LogoffsWhileAuthenticated

: 0

BackendResponses

: 0

BackendAccessChallenges

: 0

BackendOtherRequestsToSupplicant

: 0

BackendNonNakResponsesFromSupplicant : 0

BackendAuthSuccesses

: 0

BackendAuthFails

: 0

Switch#

3-14 show dot1x statistics
This command is used to display IEEE 802.1X statistics.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide show dot1x statistics [interface INTERFACE-ID [, | -]]

Parameters
interface INTERFACE-ID
, –

Default
None.

Command Mode
User/Privileged EXEC Mode. Any Configuration Mode.

Command Default Level
Level: 1.

Usage Guideline
This command can be used to display 802.1X statistics. If no optional parameter is specified, information of all interfaces will be displayed.

Example
This example shows how to display dot1X statistics on Ethernet port 1/0/1. Switch# show dot1x statistics interface ethernet 1/0/1

eth1/0/1 dot1x statistics information:

EAPOL Frames RX

: 1

EAPOL Frames TX

: 4

EAPOL-Start Frames RX

: 0

EAPOL-Req/Id Frames TX

: 6

EAPOL-Logoff Frames RX

: 0

EAPOL-Req Frames TX

: 0

EAPOL-Resp/Id Frames RX

: 0

EAPOL-Resp Frames RX

: 0

Invalid EAPOL Frames RX

: 0

EAP-Length Error Frames RX

: 0

Last EAPOL Frame Version

: 0

Last EAPOL Frame Source

: 00-10-28-00-19-78

Switch#

3-15 show dot1x session-statistics
This command is used to display IEEE 802.1X session statistics.
39

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide show dot1x session-statistics [interface INTERFACE-ID [, | -]]

Parameters
interface INTERFACE-ID
, –

Default
None.

Command Mode
User/Privileged EXEC Mode. Any Configuration Mode.

Command Default Level
Level: 1.

Usage Guideline
This command can be used to display 802.1X session statistics. If no optional parameter is specified, information of all interfaces will be displayed.

Example
This example shows how to display dot1X session statistics on Ethernet port 1/0/1. Switch# show dot1x session-statistics interface ethernet 1/0/1

eth6/0/1 session statistic counters are following:

SessionOctetsRX

: 0

SessionOctetsTX

: 0

SessionFramesRX

: 0

SessionFramesTX

: 0

SessionId

SessionAuthenticationMethod

: Remote Authentication Server

SessionTime

: 0

SessionTerminateCause

:SupplicantLogoff

SessionUserName

Switch#

3-16 snmp-server enable traps dot1x
This command is used to enable the sending of SNMP notifications for 802.1X authentication. Use the no form of this command to disable the sending of SNMP notifications.
snmp-server enable traps dot1x no snmp-server enable traps dot1x
40

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Parameters
None.
Default
By default, this feature is disabled.
Command Mode
Global Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
None.
Example
This example shows how to enable the sending of traps for 802.1X authentication. Switch# configure terminal Switch(config)# snmp-server enable traps dot1x Switch(config)#
41

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide

Access Control List (ACL) Commands

4-1 access-list resequence
This command is used to re-sequence the starting sequence number and the increment number of the access list entries in an access list. Use the no form of this command to revert to the default setting.
access-list resequence {NAME|NUMBER} STARTING-SEQUENCE-NUMBER INCREMENT no access-list resequence

Parameters
NAME
NUMBER STARTING-SEQUENCENUMBER
INCREMENT

Specifies the name of the access list to be configured. It can be a maximum of 32 characters.
Specifies the number of the access list to be configured.
Specifies that the access list entries will be re-sequenced using this initial value. The default value is 10. The range of possible sequence numbers is 1 through 65535.
Specifies the number that the sequence numbers step. The default value is 10. For example, if the increment (step) value is 5 and the beginning sequence number is 20, the subsequent sequence numbers are 25, 30, 35, 40, and so on. The range of valid values is from 1 to 32.

Default
The default start sequence number is 10. The default increment is 10.
Command Mode
Global Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
This feature allows the user to re-sequence the entries of a specified access list with an initial sequence number determined by the STARTING-SEQUENCE- NUMBER parameter and continuing in the increments determined by the INCREMENT parameter. If the highest sequence number exceeds the maximum possible sequence number, then there will be no re-sequencing. If a rule entry is created without specifying the sequence number, the sequence number will be automatically assigned. If it is the first entry, a start sequence number is assigned. Subsequent rule entries are assigned a sequence number that is an increment value greater than the largest sequence number in that access list and the entry is placed at the end of the list. After the start sequence number or increment change, the sequence number of all previous rules (include the rules that assigned sequence by user) will change according to the new sequence setting.
Example
This example shows how to re-sequence the sequence number of an IP access- list, named R&D.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide Switch# configure terminal Switch(config)# show access-list ip R&D
Extended IP access list R&D(ID: 3552) 10 permit tcp any 10.20.0.0 0.0.255.255 20 permit tcp any host 10.100.1.2 30 permit icmp any any
Switch(config)#ip access-list extended R&D Switch(config-ip-ext-acl)# 5 permit tcp any 10.30.0.0 0.0.255.255 Switch(config-ip-ext-acl)# exit Switch(config)# show access-list ip R&D
Extended IP access list R&D(ID: 3552) 5 permit tcp any 10.30.0.0 0.0.255.255 10 permit tcp any 10.20.0.0 0.0.255.255 20 permit tcp any host 10.100.1.2 30 permit icmp any any
Switch(config)# access-list resequence R&D 1 2 Switch(config)# show access- list ip R&D
Extended IP access list R&D(ID: 3552) 1 permit tcp any 10.30.0.0 0.0.255.255 3 permit tcp any 10.20.0.0 0.0.255.255 5 permit tcp any host 10.100.1.2 7 permit icmp any any
Switch(config)#

4-2 acl-hardware-counter
This command is used to enable the ACL hardware counter of the specified access map for the VLAN filter function. Use the no form of this command to disable the ACL hardware counter function.
acl-hardware-counter vlan-filter ACCESS-MAP-NAME no acl-hardware-counter vlan- filter ACCESS-MAP-NAME

Parameters
vlan-filter ACCESS-MAPNAME

Specifies the name of the access map to be configured.

Default
By default, this option is disabled.
Command Mode
Global Configuration Mode.
Command Default Level
Level: 12.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Usage Guideline
The command with parameter vlan-filter will enable the ACL hardware counter for all VLAN(s) that have applied the specified VLAN access-map. The number of packets permitted by each access map are counted.
Example
This example shows how to enable the ACL hardware counter. Switch# configure terminal Switch(config)# acl-hardware-counter vlan-filter vlan-map Switch(config)#

4-3 action
This command is used to configure the forward, drop, or redirect action of the sub-map in the VLAN access-map sub-map configuration mode. Use the no form of this command to revert to the default setting.
action {forward | drop | redirect INTERFACE-ID} no action

Parameters
forward drop redirect INTERFACE-ID

Specifies to forward the packet when matched.
Specifies to drop the packet when matched.
Specifies the interface ID for the redirection action. Only physical ports are allowed to be specified.

Default
By default, the action is forward.
Command Mode
VLAN Access-map Sub-map Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
One sub-map has only one action. The action configured later overwrites the previous action. A VLAN access map can contain multiple sub-maps. The packet that matches a sub-map (a packet permitted by the associated accesslist) will take the action specified for the sub-map. No further checking against the next sub-maps is done. If the packet does not match a sub-map, then the next sub-map will be checked.
Example
This example shows how to configure the action in the sub-map.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Switch# show vlan access-map VLAN access-map vlan-map 20
match mac address: ext_mac(ID: 6856) action: forward Switch# configure terminal Switch(config)# vlan access-map vlan-map 20 Switch(config-access- map)# action redirect ethernet 1/0/5 Switch(config-access-map)# end Switch# show vlan access-map VLAN access-map vlan-map 20 match mac address: ext_mac(ID: 6856) action: redirect eth1/0/5 Switch#

4-4 clear acl-hardware-counter
This command is used to clear the ACL hardware counter.
clear acl-hardware-counter vlan-filter [ACCESS-MAP-NAME]

Parameters
vlan-filter ACCESS-MAPNAME

Specifies the name of the access map to be cleared.

Default
None.
Command Mode
Privileged EXEC Mode.
Command Default Level
Level: 12.
Usage Guideline
If no access-list name or number is specified with the parameter vlan-filter, all VLAN filter hardware counters will be cleared.
Example
This example shows how to clear the ACL hardware counter. Switch#clear acl- hardware-counter vlan-filter vlan-map Switch#

4-5 expert access-group
This command is used to apply a specific expert ACL to an interface. Use the no form of this command to cancel the application.
45

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide expert access-group {NAME | NUMBER} [in | out] no expert access-group [NAME | NUMBER] [in | out]

Parameters
NAME
NUMBER in
out

Specifies the name of the expert access-list to be configured. The name can be up to 32 characters.
Specifies the number of the expert access list to be configured.
(Optional) Specifies to filter the incoming packets of the interface. If the direction is not specified, in is used.
(Optional) Specifies to filter the outgoing packets to transmit to the interface.

Default
None.
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
If expert access group is already configured on the interface, the command applied later will overwrite the previous setting. Only one access-list of the same type can be applied to the same interface; but access-lists of different types can be applied to the same interface.
Example
This example shows how to apply an expert ACL to an interface. The purpose is to apply the ACL exp_acl on the ethernet 1/0/2 to filter the incoming packets. Switch# configure terminal Switch(config)# interface ethernet 1/0/2 Switch (config-if)# expert access-group exp_acl in
PROMPT: The remaining applicable EXPERT access entries are 768, remaining range entries are 32.
Switch(config-if)# end Switch# show access-group interface ethernet 1/0/2 eth1/0/2:
Inbound expert access-list : exp_acl(ID: 9999) Switch#

4-6 expert access-list
This command is used to create or modify an extended expert ACL. This command will enter into the extended expert access-list configuration mode Use the no form of this command to remove an extended expert access-list.
expert access-list extended NAME [NUMBER] no expert access-list extended {NAME | NUMBER}
46

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Parameters

NAME NUMBER

Specifies the name of the extended expert access list to be configured. The name can be up to 32 characters.
Specifies the ID number of expert access list. For extended expert access lists, the value is from 8000 to 9999.

Default
None.
Command Mode
Global Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
The name must be unique among all access lists. The characters used in the name are case sensitive. If the access list number is not specified, the biggest unused number in the range of the expert access list numbers will be assigned automatically.
Example
This example shows how to create an extended expert ACL. Switch#configure terminal Switch(config)#expert access-list extended exp_acl Switch(config-exp- nacl)#

4-7 ip access-group
This command is used to specify the IP access list to be applied to an interface. Use the no form of this command to remove an IP access list.
ip access-group {NAME | NUMBER} [in | out] no ip access-group [NAME | NUMBER] [in | out]

Parameters
NAME
NUMBER in
out

Specifies the name of the IP access list to be applied. The maximum length is 32 characters.
Specifies the number of IP access list to be applied.
(Optional) Specifies that the IP access list will be applied to check packets in the ingress direction. If the direction is not specified, in is used.
(Optional) Specifies that the IP access list will be applied to check packets in the egress direction.

Default
None.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
If an IP access group is already configured on the interface, the command applied later will overwrite the previous setting. Only one access list of the same type can be applied to the same interface; but access lists of different types can be applied to the same interface. The association of an access group with an interface will consume the filtering entry resource in the Switch controller. If the resources are insufficient to commit the command, then an error message will be displayed. There is a limitation on the number of port operator resources. If applying the command exhausts the available port selectors, then an error message will be displayed.
Example
This example shows how to specify the IP access list “Strict-Control” as an IP access group for ethernet 1/0/2. Switch#configure terminal Switch(config)#interface ethernet 1/0/2 Switch(config-if)#ip access-group Strict-Control
PROMPT: The remaining applicable IP access entries are 767, remaining range entries are 32. Switch(config-if)#

4-8 ip access-list
This command is used to create or modify an IP access list. This command will enter into the IP access list configuration mode. Use the no form of this command to remove an IP access list.
ip access-list [extended] NAME [NUMBER] no ip access-list [extended] {NAME | NUMBER}

Parameters
extended
NAME NUMBER

(Optional) Specifies that the IP access list is the extended IP access list, and more fields can be chosen for the filter. If the parameter is not specified, the IP access list is the standard IP access list.
Specifies the name of the IP access list to be configured. The maximum length is 32 characters. The first character must be a letter.
Specifies the ID number of the IP access list. For standard IP access lists, this value is from 1 to 1999. For extended IP access lists, this value is from 2000 to 3999.

Default
None.
Command Mode
Global Configuration Mode.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Command Default Level
Level: 12.
Usage Guideline
The name must be unique among all access lists. The characters used in the name are case sensitive. If the access list number is not specified, the biggest unused number in the range of IP access list numbers will be assigned automatically.
Example
This example shows how to configure an extended IP access list, named “Strict- Control” and an IP access-list, named “pim-srcfilter”. Switch# configure terminal Switch(config)# ip access-list extended Strict-Control Switch(config- ip-ext-acl)# permit tcp any 10.20.0.0 0.0.255.255 Switch(config-ip-ext-acl)# exit Switch(config)# ip access-list pim-srcfilter Switch(config-ip-acl)# permit host 172.16.65.193 any Switch(config-ip-acl)#

4-9 ipv6 access-group
This command is used to specify the IPv6 access list to be applied to an interface. Use the no form of this command to remove an IPv6 access list.
ipv6 access-group {NAME | NUMBER} [in | out] no ipv6 access-group [NAME | NUMBER] [in | out]

Parameters
NAME NUMBER in
out

Specifies the name of the IPv6 access list to be applied.
Specifies the number of the IPv6 access list to be applied.
(Optional) Specifies that the IPv6 access list will be applied to check in the ingress direction. If the direction is not specified, in is used.
(Optional) Specifies that the IPv6 access list will be applied to check in the egress direction.

Default
None.
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
Only one access list of the same type can be applied to the same interface, but access lists of different types can be applied to the same interface. The association of an access group with an interface will consume the filtering
49

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide entry resource in the switch controller. If the resource is insufficient to commit the command, then an error message will be displayed. There is a limitation on the number of port operator resources. If applying the command exhausts the available port selectors, then an error message will be displayed.
Example
This example shows how to specify the IPv6 access list “ip6-control” as an IP access group for ethernet 1/0/3. Switch#configure terminal Switch(config)#interface ethernet 1/0/3 Switch(config-if)#ipv6 access-group ip6-control in
PROMPT: The remaining applicable IPv6 access entries are 383, remaining range entries are 32. Switch(config-if)#

4-10 ipv6 access-list
This command is used to create or modify an IPv6 access list. This command will enter into IPv6 access-list configuration mode. Use the no form of this command to remove an IPv6 access list.
ipv6 access-list [extended] NAME [NUMBER] no ipv6 access-list [extended] {NAME | NUMBER}

Parameters
extended
NAME NUMBER

(Optional) Specifies that the IPv6 access list is the extended IPv6 access list, and more fields can be chosen for the filter. If the parameter is not specified, the IPv6 access list is the standard IPv6 access list.
Specifies the name of the IPv6 access list to be configured. The maximum length is 32 characters.
Specifies the ID number of the IPv6 access list. For standard IPv6 access lists, this value is from 11000 to 12999. For extended IPv6 access lists, this value is from 13000 to 14999.

Default
None.
Command Mode
Global Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
The name must be unique among all access lists. The characters used in the name are case sensitive. If the access list number is not specified, the biggest unused number in the range of the IPv6 access list numbers will be assigned automatically.
Example
This example shows how to configure an IPv6 extended access list, named ip6-control.
50

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide Switch# configure terminal Switch(config)# ipv6 access-list extended ip6-control Switch(config-ipv6-ext-acl)# permit tcp any 2002:f03::1/16 Switch(config-ipv6 -ext-acl)#
This example shows how to configure an IPv6 standard access list, named ip6 -std-control. Switch# configure terminal Switch(config)# ipv6 access-list ip6 -std-control Switch(config-ipv6-acl)# permit any fe80::101:1/54 Switch(config- ipv6-acl)#

4-11 mac access-group
This command is used to specify a MAC access list to be applied to an interface. Use the no form of this command to remove the access group control from the interface.
mac access-group {NAME | NUMBER} [in | out] no mac access-group [NAME | NUMBER] [in | out]

Parameters
NAME NUMBER in
out

Specifies the name of the MAC access list to be applied.
Specifies the number of the MAC access list to be applied.
(Optional) Specifies that the MAC access list will be applied to check in the ingress direction. If direction is not specified, in is used.
(Optional) Specifies that the MAC access list will be applied to check in the egress direction.

Default
None.
Command Mode
Interface Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
If MAC access group is already configured on the interface, the command applied later will overwrite the previous setting. MAC access-groups will only check non-IP packets. Only one access list of the same type can be applied to the same interface, but access lists of different types can be applied to the same interface. The association of an access group with an interface will consume the filtering entry resource in the switch controller. If the resource is insufficient to commit the command, then an error message will be displayed.
Example
This example shows how to apply the MAC access list daily-profile to ethernet 1/0/4.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide Switch#configure terminal Switch(config)#interface ethernet 1/0/4 Switch (config-if)#mac access-group daily-profile in
PROMPT: The remaining applicable MAC access entries are 1536, remaining range entries are 32. Switch(config-if)#

4-12 mac access-list
This command is used to create or modify an MAC access list and this command will enter the MAC access list configuration mode. Use the no form of this command to delete a MAC access list.
mac access-list extended NAME [NUMBER] no mac access-list extended {NAME | NUMBER}

Parameters
NAME NUMBER

Specifies the name of the MAC access list to be configured. The maximum length is 32 characters.
Specifies the ID number of the MAC access list. For extended MAC access lists, this value is from 6000 to 7999.

Default
None.
Command Mode
Global Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
Use this command to enter the MAC Access-list Configuration mode, and use the permit or deny command to specify the entries. The name must be unique among all access lists. The characters of the name are case sensitive. If the access list number is not specified, the biggest unused number in the range of the MAC access list numbers will be assigned automatically.
Example
This example shows how to enter the MAC access list configuration mode for a MAC access list named “daily profile”. Switch# configure terminal Switch(config)# mac access-list extended daily-profile Switch(config-mac-ext- acl)#

4-13 match ip address
This command is used to associate an IP access list for the configured sub- map. Use the no form of this command to remove the matched entry.
52

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide match ip address {ACL-NAME | ACL-NUMBER } no match ip address

Parameters
ACL-NAME ACL-NUMBER

Specifies the name of the ACL access list to be configured. The name can be up to 32 characters.
Specifies the number of the IP ACL access list to be configured.

Default
None.
Command Mode
VLAN Access-map Sub-map Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
Use this command to associate an IP access list with the configured sub-map. One sub-map can only be associated with one access list (IP access list, IPv6 access list, or MAC access list). The IP sub-map only checks IP packets. Newer commands will overwrite the previous settings.
Example
This example shows how to configure the match content in the sub-map. Switch# configure terminal Switch(config)# vlan access-map vlan-map 20 Switch(config- access-map)# match ip address sp1 Switch(config-access-map)# end Switch# show vlan access-map
VLAN access-map vlan-map 20 match ip address: sp1(ID: 1999) action: forward
Switch#

4-14 match ipv6 address
This command is used to associate IPv6 access lists for the configured sub- maps. Use the no form of this command to remove the matched entry.
match ipv6 address {ACL-NAME | ACL-NUMBER } no match ipv6 address

Parameters
ACL-NAME

Specifies the name of the IPv6 ACL access list to be configured. The name can be up to 32 characters.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide

ACL-NUMBER

Specifies the number of the IPv6 ACL access list to be configured.

Default
None.
Command Mode
VLAN Access-map Sub-map Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
Use this command to associate an IPv6 access list with the configured sub-map. One sub-map can only be associated with one access list (IP access list, IPv6 access list, or MAC access list). The IPv6 sub-map only checks IPv6 packets. Newer commands will overwrite the previous settings.
Example
This example shows how to set the match content in the sub-map. Switch# configure terminal Switch(config)# vlan access-map vlan-map 20 Switch(config- access-map)# match ipv6 address sp1 Switch(config-access-map)# end Switch# show vlan access-map
VLAN access-map vlan-map 20 match ipv6 address: sp1(ID: 12999) action: forward
Switch#

4-15 match mac address
This command is used to associate MAC access lists for the configured sub- maps. Use the no form of this command to remove the matched entry.
match mac address {ACL-NAME | ACL-NUMBER } no match mac address

Parameters
ACL-NAME ACL-NUMBER

Specifies the name of the ACL MAC access list to be configured. The name can be up to 32 characters.
Specifies the number of the ACL MAC access list to be configured.

Default
None.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Command Mode
VLAN Access-map Sub-map Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
Use this command to associate a MAC access list with the configured sub-map. One sub-map can only be associated with one access list (IP access list, IPv6 access list, or MAC access list). The MAC sub-map only checks non-IP packets. Newer commands will overwrite the previous settings.
Example
This example shows how to set the match content in the sub-map. Switch# configure terminal Switch(config)# vlan access-map vlan-map 30 Switch(config- access-map)# match mac address ext_mac Switch(config-access-map)# end Switch# show vlan access-map
VLAN access-map vlan-map 20 match ip address: sp1(ID: 3999) action: forward
VLAN access-map vlan-map 30 match mac address: ext_mac(ID: 7999) action: forward
Switch#
4-16 permit | deny (expert access-list)
This command is used to add a permit or deny entry. Use the no form of this command to remove an entry. Extended Expert ACL:
[SEQUENCE-NUMBER] {permit | deny} PROTOCOL {SRC-IP-ADDR SRC-IP-WILDCARD | host SRC-IPADDR | any} {SRC-MAC-ADDR SRC-MAC-WILDCARD | host SRC-MAC-ADDR | any} {DST-IP-ADDR DSTIP-WILDCARD | host DST-IP-ADDR | any} {DST-MAC-ADDR DST-MAC- WILDCARD | host DST-MAC-ADDR | any} [cos OUTER-COS [MASK] [inner INNER-COS [MASK]]] [{vlan OUTER-VLAN [MASK] } [inner INNERVLAN [MASK]]] [fragments] [[precedence PRECEDENCE [MASK]] [tos TOS [MASK]] | dscp DSCP [MASK]] [time- range PROFILE-NAME] [SEQUENCE-NUMBER] {permit | deny} tcp {SRC-IP-ADDR SRC-IP- WILDCARD | host SRC-IP-ADDR | any} {SRC-MAC-ADDR SRC-MAC-WILDCARD | host SRC- MAC-ADDR | any} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT | mask PORT MASK] {DST-IP-ADDR DST-IP-WILDCARD | host DST-IP-ADDR | any} {DST-MAC- ADDR DST-MAC-WILDCARD | host DST-MAC-ADDR | any} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT | mask PORT MASK] [TCP-FLAG] [cos OUTER-COS [MASK] [inner INNER-COS [MASK]]] [{vlan OUTER-VLAN [MASK]} [inner INNER-VLAN [MASK]]] [[precedence PRECEDENCE [MASK]] [tos TOS [MASK]] | dscp DSCP [MASK]] [time- range PROFILE-NAME] [SEQUENCE-NUMBER] {permit | deny} udp {SRC-IP-ADDR SRC-IP- WILDCARD | host SRC-IP-ADDR | any} {SRC-MAC-ADDR SRC-MAC-WILDCARD | host SRC- MAC-ADDR | any} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT | mask PORT MASK] {DST-IP-ADDR DST-IP-WILDCARD | host DST-IP-ADDR | any} {DST-MAC- ADDR DST-MAC-WILDCARD | host DST-MAC-ADDR | any} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT | mask PORT MASK] [cos OUTER-COS [MASK] [inner INNER- COS [MASK]]] [{vlan OUTER-VLAN [MASK]} [inner INNER-VLAN [MASK]]] [[precedence PRECEDENCE [MASK]] [tos TOS [MASK]] | dscp DSCP [MASK]] [time-range PROFILE- NAME] 55

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
[SEQUENCE-NUMBER] {permit | deny} icmp {SRC-IP-ADDR SRC-IP-WILDCARD | host SRC-IP-ADDR | any} {SRC-MAC-ADDR SRC-MAC-WILDCARD | host SRC-MAC-ADDR | any} {DST-IP-ADDR DST-IPWILDCARD | host DST-IP-ADDR | any} {DST-MAC-ADDR DST-MAC- WILDCARD | host DST-MAC-ADDR | any} [ICMP-TYPE [ICMP-CODE] | ICMP-MESSAGE] [cos OUTER-COS [MASK] [inner INNER-COS [MASK]]] [{vlan OUTER-VLAN [MASK]} [inner INNER-VLAN [MASK]]] [[precedence PRECEDENCE [MASK]] [tos TOS [MASK]] | dscp DSCP [MASK]] [time-range PROFILE-NAME] no SEQUENCE-NUMBER

Parameters
SEQUENCE-NUMBER
PROTOCOL
cos OUTER-COS MASK
inner INNER-COS MASK
vlan OUTER-VLAN MASK
inner INNER-VLAN MASK
any
host SRC-MAC-ADDR SRC-MAC-ADDR SRCMAC-WILDCARD
host DST-MAC-ADDR DST-MAC-ADDR DSTMAC-WILDCARD
host SRC-IP-ADDR SRC-IP-ADDR SRC-IPWILDCARD
host DST-IP-ADDR DST-IP-ADDR DST-IPWILDCARD
precedence PRECEDENCE

Specifies the sequence number. The range is from 1 to 65535. The lower the number is, the higher the priority of the permit/deny rule.
(Optional) Specifies the IP protocol ID or one of the following protocol names. Available protocol names are eigrp, esp, gre, igmp, ospf, pim, vrrp, pcp and ipinip. If the protocol ID is specified, the MASK (0x0-0xff) parameter is optional. The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.
(Optional) Specifies the outer priority value. This value must be between 0 and 7.
(Optional) Specifies the outer priority mask (0x0-0x7). The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.
(Optional) Specifies the inner priority value. This value must be between 0 and 7.
(Optional) Specifies the inner priority mask (0x0-0x7). The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.
(Optional) Specifies the outer VLAN ID.
(Optional) Specifies the outer VLAN ID mask (0x0-0xfff). The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.
(Optional) Specifies the inner VLAN ID.
(Optional) Specifies the inner VLAN ID mask (0x0-0xfff). The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.
Specifies to use any source MAC address, any destination MAC address, any source IP address, or any destination IP address.
Specifies a specific source host MAC address.
Specifies a group of source MAC addresses by using a wildcard bitmap. The bit corresponding to the bit value 1 will be ignored. The bit corresponding to bit value 0 will be checked.
Specifies a specific destination host MAC address.
Specifies a group of destination MAC addresses by using a wildcard bitmap. The bit corresponding to the bit value 1 will be ignored. The bit corresponding to the bit value 0 will be checked.
Specifies a specific source host IP address.
Specifies a group of source IP addresses by using a wildcard bitmap. The bit corresponding to the bit value 1 will be ignored. The bit corresponding to the bit value 0 will be checked.
Specifies a specific destination host IP address.
Specifies a group of destination IP addresses by using a wildcard bitmap. The bit corresponding to the bit value 1 will be ignored. The bit corresponding to the bit value 0 will be checked.
(Optional) Specifies that packets can be filtered by precedence level, as specified by a number from 0 to 7.
56

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide

MASK
tos TOS MASK dscp DSCP
MASK lt PORT gt PORT eq PORT neq PORT range MIN-PORT MAXPORT mask PORT MASK
TCP-FLAG
fragments time-range PROFILENAME ICMP-TYPE ICMP-CODE ICMP-MESSAGE

(Optional) Specifies the precedence mask (0x0-0x7). The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.
(Optional) Specifies that packets can be filtered by type of service level, as specified by a number from 0 to 15.
(Optional) Specifies the ToS mask (0x0-0xf). The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.
(Optional) Specifies the matching DSCP code in the IP header. The range is from 0 to 63, or select the following DSCP name: af11 – 001010, af12 -001100, af13 – 001110, af21 – 010010, af22 – 010100, af23 – 010110, af31 – 011010, af32 – 011100, af33 – 011110, af41 – 100010, af42 – 100100, af43 – 100110, cs1 001000, cs2 – 010000, cs3 – 011000, cs4 – 100000, cs5 – 101000, cs6 – 110000, cs7 – 111000, default – 000000, ef 101110.
(Optional) Specifies the DSCP mask (0x0-0x3f). The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.
(Optional) Specifies to match if less than the specified port number.
(Optional) Specifies to match if greater than the specified port number.
(Optional) Specifies to match if equal to the specified port number.
(Optional) Specifies to match if not equal to the specified port number.
(Optional) Specifies to match if falling within the specified range of ports.
(Optional) Specifies to match ports defined by the mask. The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.
(Optional) Specifies the TCP flag fields and the specified TCP header bits called ack (acknowledge), fin (finish), psh (push), rst (reset), syn (synchronize), or urg (urgent).
(Optional) Specifies the packet fragment’s filtering.
(Optional) Specifies the name of time period profile associated with the access list delineating its activation period.
(Optional) Specifies the ICMP message type. The valid number for the message type is from 0 to 255.
(Optional) Specifies the ICMP message code. The valid number for the message code is from 0 to 255.
(Optional) Specifies the ICMP message. The following pre-defined parameters are available for selection: beyond-scope, destination-unreachable, echo- reply, echo-request, header, hop-limit, mld-query, mld-reduction, mld-report, nd-na, ndns, next-header, no-admin, no-route, packet-too-big, parameter- option, parameter-problem, port-unreachable, reassembly-timeout, redirect, renumcommand, renum-result, renum-seq-number, router-advertisement, routerrenumbering, router-solicitation, time-exceeded, unreachable.

Default
None.
Command Mode
Extended Expert Access-list Configuration Mode.
Command Default Level
Level: 12.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Usage Guideline
If a rule entry is created without a sequence number, a sequence number will be automatically assigned. If it is the first entry, the sequence number 10 is assigned. A subsequent rule entry will be assigned a sequence number that is 10 greater than the largest sequence number in that access list and is placed at the end of the list.
The user can use the access-list resequence command to change the start sequence number and the increment number of entries for the specified access list. After the command is applied, new entries without any specified sequence number will be assigned a number based on the new sequence setting of the specified access list. When you manually assign the sequence number, it is better to have a reserved interval for future lower sequence number entries. Otherwise, it will be more difficult to insert an entry with a lower sequence number.
The sequence number must be unique in the domain of an access list. If you enter a sequence number that is already present, an error message will be shown.
Even if the fragment parameter of the tcp, udp and icmp parameters of the permit | deny (expert access-list) command is removed, the user can still use the PROTOCOL option of the permit | deny (expert access-list) command to configure the fragment parameter.
Example
This example shows how to use the extended expert ACL. The purpose is to deny all the TCP packets with the source IP address 192.168.4.12 and the source MAC address 00:13:00:49:82:72.
Switch# configure terminal Switch(config)# expert access-list extended exp_acl Switch(config-exp-nacl)# deny tcp host 192.168.4.12 host 0013.0049.8272 any any Switch(config-exp-nacl)#
4-17 permit | deny (ip access-list)
This command is used to add a permit or a deny entry. Use the no form of the command to remove an entry.
Extended Access List:
[SEQUENCE-NUMBER] {permit | deny} tcp {any | host SRC-IP-ADDR | SRC-IP-ADDR SRC-IP-WILDCARD} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT | mask PORT MASK] {any | host DST-IP-ADDR | DST-IP-ADDR DST-IP-WILDCARD} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT | mask PORT MASK] [TCP-FLAG] [[precedence PRECEDENCE [MASK]] [tos TOS [MASK]] | dscp DSCP [MASK]] [timerange PROFILE-NAME] [SEQUENCE-NUMBER] {permit | deny} udp {any | host SRC-IP-ADDR | SRC-IP-ADDR SRC-IPWILDCARD} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT | mask PORT MASK] {any | host DSTIP-ADDR | DST-IP-ADDR DST- IP-WILDCARD} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT | mask PORT MASK] [[precedence PRECEDENCE [MASK]] [tos TOS [MASK]] | dscp DSCP [MASK]] [timerange PROFILE-NAME] [SEQUENCE-NUMBER] {permit | deny} icmp {any | host SRC-IP-ADDR | SRC-IP-ADDR SRC-IPWILDCARD} {any | host DST-IP-ADDR | DST-IP- ADDR DST-IP-WILDCARD} [ICMP-TYPE [ICMP-CODE] | ICMP-MESSAGE] [[precedence PRECEDENCE [MASK]] [tos TOS [MASK]] | dscp DSCP [MASK]] [timerange PROFILE- NAME] [SEQUENCE-NUMBER] {permit | deny} {gre | esp | eigrp | igmp | ipinip | ospf | pcp | pim | vrrp | protocolid PROTOCOL-ID [MASK]} {any | host SRC-IP- ADDR | SRC-IP-ADDR SRC-IP-WILDCARD} {any | host DST-IP-ADDR | DST-IP-ADDR DST- IP-WILDCARD} [fragments] [[precedence PRECEDENCE [MASK]] [tos TOS [MASK]] | dscp DSCP [MASK]] [time-range PROFILE-NAME] [SEQUENCE-NUMBER] {permit | deny} {any | host SRC-IP-ADDR | SRC-IP-ADDR SRC-IP-WILDCARD} [any | host DST-IP-ADDR | DST-IP-ADDR DST-IP-WILDCARD] [fragments] [[precedence PRECEDENCE [MASK]] [tos TOS [MASK]] | dscp DSCP [MASK]] [time-range PROFILE-NAME] Standard IP Access List:
[SEQUENCE-NUMBER] {permit | deny} {any | host SRC-IP-ADDR | SRC-IP-ADDR SRC- IP-WILDCARD} [any | host DST-IP-ADDR | DST-IP-ADDR DST-IP-WILDCARD] [time- range PROFILE-NAME] no SEQUENCE-NUMBER
58

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
Parameters

SEQUENCE-NUMBER
any host SRC-IP-ADDR SRC-IP-ADDR SRC-IPWILDCARD
host DST-IP-ADDR DST-IP-ADDR DST-IPWILDCARD
precedence PRECEDENCE MASK
dscp DSCP
MASK
tos TOS
MASK
lt PORT gt PORT eq PORT neq PORT range MIN-PORT MAXPORT mask PORT MASK
TCP-FLAG
fragments time-range PROFILENAME tcp, udp, igmp, ipinip, gre, esp, eigrp, ospf, pcp, pim, vrrp PROTOCOL-ID MASK

Specifies the sequence number. The range is from 1 to 65535. The lower the number is, the higher the priority of the permit/deny rule.
Specifies any source IP address or any destination IP address.
Specifies a specific source host IP address.
Specifies a group of source IP addresses by using a wildcard bitmap. The bit corresponding to the bit value 1 will be ignored. The bit corresponding to the bit value 0 will be checked.
Specifies a specific destination host IP address.
Specifies a group of destination IP addresses by using a wildcard bitmap. The bit corresponding to the bit value 1 will be ignored. The bit corresponding to the bit value 0 will be checked.
(Optional) Specifies that packets can be filtered by precedence level, as specified by a number from 0 to 7.
(Optional) Specifies the precedence mask (0x0-0x7). The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.
(Optional) Specifies the matching DSCP code in the IP header. The range is from 0 to 63, or select the following DSCP name: af11 – 001010, af12 -001100, af13 – 001110, af21 – 010010, af22 – 010100, af23 – 010110, af31 – 011010, af32 – 011100, af33 – 011110, af41 – 100010, af42 – 100100, af43 – 100110, cs1 001000, cs2 – 010000, cs3 – 011000, cs4 – 100000, cs5 – 101000, cs6 – 110000, cs7 – 111000, default – 000000, ef 101110.
(Optional) Specifies the DSCP mask (0x0-0x3f). The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.
(Optional) Specifies that packets can be filtered by type of service level, as specified by a number from 0 to 15.
(Optional) Specifies the ToS mask (0x0-0xf). The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.
(Optional) Specifies to match if less than the specified port number.
(Optional) Specifies to match if greater than the specified port number.
(Optional) Specifies to match if equal to the specified port number.
(Optional) Specifies to match if not equal to the specified port number.
(Optional) Specifies to match if falling within the specified range of ports.
(Optional) Specifies to match ports defined by the mask. The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.
(Optional) Specifies the TCP flag fields and the specified TCP header bits called ack (acknowledge), fin (finish), psh (push), rst (reset), syn (synchronize), or urg (urgent).
(Optional) Specifies the packet fragment’s filtering (Optional) Specifies the name of the time period profile associated with the access list delineating its activation period.
Specifies Layer 4 protocols.
(Optional) Specifies the protocol ID. The valid value is from 0 to 255.
(Optional) Specifies the protocol ID mask (0x0-0xff). The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide

ICMP-TYPE ICMP-CODE ICMP-MESSAGE

(Optional) Specifies the ICMP message type. The valid number for the message type is from 0 to 255.
(Optional) Specifies the ICMP message code. The valid number for the message code is from 0 to 255.
(Optional) Specifies the ICMP message. The pre-defined parameters are available for selection: administratively-prohibited,alternate- address,conversionerror,host-prohibited,net-prohibited,echo,echo-reply ,pointer-indicates-error,hostisolated,host-precedence-violation,host-redirect ,host-tos-redirect,host-tosunreachable,host-unknown,host-unreachable, information-reply,informationrequest,mask-reply,mask-request,mobile-redirect ,net-redirect,net-tosredirect,net-tos-unreachable, net-unreachable,net-unknown ,bad-length,optionmissing,packet-fragment,parameter-problem,port- unreachable,precedencecutoff, protocol-unreachable,reassembly-timeout ,redirect-message,routeradvertisement,router-solicitation,source-quench ,source-route-failed, timeexceeded,timestamp-reply,timestamp- request,traceroute,ttl-expired,unreachable.

Default
None.
Command Mode
IP Access-list Configuration Mode.
Command Default Level
Level: 12.
Usage Guideline
If a rule entry is created without a sequence number, a sequence number will be automatically assigned. If it is the first entry, the sequence number 10 is assigned. A subsequent rule entry will be assigned a sequence number that is 10 greater than the largest sequence number in that access list and is placed at the end of the list. The user can use the access-list resequence command to change the start sequence number and the increment number of entries for the specified access list. After the command is applied, new entries without any specified sequence number will be assigned a number based on the new sequence setting of the specified access list. When you manually assign the sequence number, it is better to have a reserved interval for future lower sequence number entries. Otherwise, it will be more difficult to insert an entry with a lower sequence number. The sequence number must be unique in the domain of an access list. If you enter a sequence number that is already present, an error message will be shown. To create a matching rule for an IP standard access list, only the source IP address or destination IP address fields can be specified.
Example
This example shows how to create four entries for an IP extended access list, named Strict-Control. These entries are: permit TCP packets destined for network 10.20.0.0, permit TCP packets destined for host 10.100.1.2, permit all TCP packets go to TCP destination port 80 and permit all ICMP packets. Switch# configure terminal Switch(config)# ip access-list extended Strict-Control Switch(config-ip-ext-acl)# permit tcp any 10.20.0.0 0.0.255.255 Switch(config- ip-ext-acl)# permit tcp any host 10.100.1.2 Switch(config-ip-ext-acl)# permit tcp any any eq 80 Switch(config-ip-ext-acl)# permit icmp any any Switch (config-ip-ext-acl)#

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide
This example shows how to create two entries for an IP standard access list, named “std-acl”. These entries are: permit IP packets destined for network 10.20.0.0, permit IP packets destined for host 10.100.1.2.
Switch# configure terminal Switch(config)# ip access-list std-acl Switch (config-ip-acl)# permit any 10.20.0.0 0.0.255.255 Switch(config-ip- acl)# permit any host 10.100.1.2 Switch(config-ip- acl)#

4-18 permit | deny (ipv6 access-list)
This command is used to add a permit entry or deny entry to the IPv6 access list. Use the no form of this command to remove an entry from the IPv6 access list.
Extended IPv6 Access List:
[SEQUENCE-NUMBER] {permit | deny} tcp {any | host SRC-IPV6-ADDR | SRC- IPV6-ADDR/PREFIXLENGTH} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT | mask PORT MASK] {any | host DSTIPV6-ADDR | DST-IPV6-ADDR/PREFIX-LENGTH} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT | mask PORT MASK] [TCP-FLAG] [dscp VALUE [MASK] | traffic-class VALUE [MASK]] [flow-label FLOWLABEL [MASK]] [time-range PROFILE-NAME] [SEQUENCE-NUMBER] {permit | deny} udp {any | host SRC-IPV6-ADDR | SRC-IPV6-ADDR/PREFIXLENGTH} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT | mask PORT MASK] {any | host DSTIPV6-ADDR | DST-IPV6-ADDR /PREFIX-LENGTH} [{eq | lt | gt | neq} PORT | range MIN-PORT MAX-PORT | mask PORT MASK] [dscp VALUE [MASK] | traffic-class VALUE [MASK]] [flow-label FLOW- LABEL [MASK]] [time-range PROFILE-NAME] [SEQUENCE-NUMBER] {permit | deny} icmp {any | host SRC-IPV6-ADDR | SRC-IPV6-ADDR/PREFIXLENGTH} {any | host DST- IPV6-ADDR | DST-IPV6-ADDR/PREFIX-LENGTH} [ICMP-TYPE [ICMP-CODE] | ICMP- MESSAGE] [dscp VALUE [MASK] | traffic-class VALUE [MASK]] [flow-label FLOW- LABEL [MASK]] [time-range PROFILE-NAME] [SEQUENCE-NUMBER] {permit | deny} {esp | pcp | sctp | protocol-id PROTOCOL-ID [MASK]} {any | host SRC-IPV6-ADDR | SRC-IPV6-ADDR/PREFIX-LENGTH} {any | host DST-IPV6-ADDR | DST-IPV6ADDR/PREFIX- LENGTH} [fragments] [dscp VALUE [MASK] | traffic-class VALUE [MASK]] [flow- label FLOW-LABEL [MASK]] [time-range PROFILE-NAME] [SEQUENCE-NUMBER] {permit | deny} {any | host SRC-IPV6-ADDR | SRC-IPV6-ADDR/PREFIX-LENGTH} [any | host DST-IPV6-ADDR | DST-IPV6-ADDR/PREFIX-LENGTH] [fragments] [dscp VALUE [MASK] | traffic-class VALUE [MASK]] [flow-label FLOW-LABEL [MASK]] [time-range PROFILE-NAME] Standard IPv6 Access List:
[SEQUENCE-NUMBER] {permit | deny} {any | host SRC-IPV6-ADDR | SRC-IPV6-ADDR /PREFIX-LENGTH} [any | host DST-IPV6-ADDR | DST-IPV6-ADDR/PREFIX-LENGTH] [time-range PROFILE-NAME] no SEQUENCE-NUMBER

Parameters
SEQUENCE-NUMBER
any host SRC-IPV6-ADDR SRC-IPV6-ADDR/PREFIXLENGTH host DST-IPV6-ADDR

Specifies the sequence number. The range is from 1 to 65535. The lower the number is, the higher the priority of the permit/deny rule. Specifies any source IPv6 address or any destination IPv6 address. Specifies a specific source host IPv6 address. Specifies a source IPv6 network.
Specifies a specific destination host IPv6 address.

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch CLI Reference Guide

DST-IPV6-ADDR/PREFIXLENGTH tcp, udp, icmp, esp, pcp, sctp dscp VALUE
MASK traffic-class VALUE MASK lt PORT gt PORT eq PORT neq PORT range MIN-PORT MAXPORT mask PORT MASK
PROTOCOL-ID MASK
ICMP-TYPE ICMP-CODE ICMP-MESSAGE
TCP-FLAG
flow-label FLOW-LABEL MASK
fragments time-range PROFILENAME

Specifies a destination IPv6 network.
Specifies the Layer 4 protocol type.
(Optional) Specifies the matching traffic class value in IPv6 header. The range is from 0 to 63, or select the following DSCP name: af11 – 001010, af12 -001100, af13 – 001110, af21 – 010010, af22 – 010100, af23 – 010110, af31 – 011010, af32 – 011100, af33 – 011110, af41 – 100010, af42 – 100100, af43 – 100110, cs1 001000, cs2 – 010000, cs3 – 011000, cs4 – 100000, cs5 – 101000, cs6 – 110000, cs7 – 111000, default – 000000, ef 101110.
(Optional) Specifies the DSCP mask (0x0-0x3f). The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.
(Optional) Specifies the matching traffic class value in the IPv6 header. The range is from 0 to 255.
(Optional) Specifies the traffic class mask (0x0-0xff). If not specified, 0xff is used.
(Optional) Specifies to match if less than the specified port number.
(Optional) Specifies to match if greater than the specified port number.
(Optional) Specifies to match if equal to the specified port number.
(Optional) Specifies to match if not equal to the specified port number.
(Optional) Specifies to match if falling within the specified range of ports.
(Optional) Specifies to match ports defined by the mask. The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.
(Optional) Specifies the protocol ID. The valid value is from 0 to 255.
(Optional) Specifies the protocol ID mask (0x0-0xff). The bit corresponding to the bit value 0 will be ignored. The bit corresponding to the bit value 1 will be checked.
(Optional) Specifies the ICMP message type. The valid number of the message type is from 0 to 255.
(Optional) Specifies the ICMP message code. The valid number of the code type is from 0 to 255.
(Optional) Specifies the ICMP message. The following pre-defined parameters are available for selection: beyond-scope, destination-unreachable, echo- reply, echo-request, erroneous_header, hop-limit, multicast-listener-query, multicastlistener-done, multicast-listener-report, nd-na, nd-ns, next-header, no-admin, noroute, packet-too-big, parameter-option,

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch Instruction Manual

DMS-3130 Multi-Gigabit L3 Stackable Managed Switch

Product Information

Product Usage Instructions

FAQs

Introduction

AAA

——————————————————————————-

——————————————————————————-

STACK end

AAA

Basic CLI Commands

802.1X Commands

Access Control List (ACL) Commands

References

Read User Manual Online (PDF format)

Download This Manual (PDF format)

Related Manuals