IP Infusion Confidential

ZebOS® Intelligent Network Software

Version 7.5

NSM Command ReferenceMarch 2007

ii IP Infusion Confidential

© 2001-2007 IP Infusion Inc. All Rights Reserved.

This documentation is subject to change without notice. The software described in this document and this documentation are furnished under a license agreement or nondisclosure agreement. The software and documentation may be used or copied only in accordance with the terms of the applicable agreement. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's internal use without the written permission of IP Infusion Inc.

IP Infusion Inc. 125 S. Market Street, 9th FloorSan Jose, CA 95113

(408) 794-1500 - main(408) 278-0521 - fax

For support, questions, or comments via E-mail, contact:support@ipinfusion.com

Trademarks:

ZebOS is a registered trademark, and IP Infusion and the ipinfusion logo are trademarks of IP Infusion Inc.All other trademarks are trademarks of their respective companies.

©2001-2007 IP Infusion Inc. Confidential iii

Table of Contents

CHAPTER 1 ZebOS Command Line Interface Environment . . . . . . . . . . . . . 1About This Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1Command Line Interface Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1

Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1Command Line Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1Syntax Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2

Command Reference Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4Typographic Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4

Format used for Command Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6Command Negation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6Variable Parameter expansion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7

Other Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7Show Command Tokens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8Common Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10QoS Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11

CHAPTER 2 Commands Common to Multiple Protocols . . . . . . . . . . . . . . . 13access-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13access-list extended . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14access-list standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15access-list zebos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17clear ip prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18configure terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18copy running-config startup-config. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24ip prefix-list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24ip remote-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25ip unnumbered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26ipv6 access-class. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28ipv6 access-list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28ipv6 access-list zebos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29

Table of Contents

iv ©2001-2007 IP Infusion Inc. Confidential

ipv6 prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30ipv6 unnumbered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31line vty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33log record-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34log stdout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34log syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35log trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36match as-path. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37match community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37match interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38match ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39match ip address prefix-list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39match ip next-hop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40match ip next-hop prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41match ipv6 address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41match ipv6 address prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42match ipv6 next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43match metric. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43match origin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44match route-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45match tag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46route-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46service advanced-vty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47service password-encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48service terminal-length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48set aggregator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49set as-path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49set atomic-aggregate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50set comm-list delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51set community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51set dampening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52set extcommunity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53set ip next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54set ipv6 next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54set level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55set metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55set metric-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56set origin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57set originator-id. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57set tag. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58set vpnv4 next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58set weight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59show access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60show cli. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60

Table of Contents

©2001-2007 IP Infusion Inc. Confidential v

show history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61show ip prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62show list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62show memory all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63show memory free . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65show memory lib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66show memory summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68show route-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69show running-config. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69show startup-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72terminal length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73terminal monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73who . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73write file and write memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74write terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74

CHAPTER 3 NSM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77admin-group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77arp A.B.C.D MAC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77bandwidth. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78clear ip route kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78clear ipv6 neighbors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79debug nsm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79debug nsm events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79debug nsm kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80debug nsm packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80fib retain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80if-arbiter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82ip forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83ip proxy-arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84ipv6 forwarding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84ipv6 nd managed-config-flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84ipv6 nd other-config-flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85ipv6 nd prefix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85ipv6 nd ra-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86ipv6 nd ra-lifetime. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87ipv6 nd reachable-time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87ipv6 nd suppress-ra . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88ipv6 neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88ipv6 route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89ipv6 address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89maximum-paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90mtu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90

Table of Contents

vi ©2001-2007 IP Infusion Inc. Confidential

multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90no debug nsm events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91no debug nsm kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91no debug nsm packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91show debugging nsm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92show interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92show ip access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93show ip forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94show ip interface brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94show ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95show ip route database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96show ip route summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97show ipv6 forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98show ipv6 interface brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98show ipv6 neighbors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99show ipv6 route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99show ipv6 route summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100show nsm client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101show router-id. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102undebug nsm all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102undebug nsm events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102undebug nsm kernel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102undebug nsm packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103

CHAPTER 4 NSM VPN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105ip route vrf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105ip vrf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105ip vrf forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106show ip route vrf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106show ip vrf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107

CHAPTER 5 NSM MPLS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109MPLS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109

label-switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109mpls admin-groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109mpls disable-all-interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110mpls egress-ttl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110mpls enable-all-interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110mpls ftn-entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111mpls ilm-entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112mpls ingress-ttl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112mpls l2-circuit (Configure Mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113mpls-l2-circuit (Interface Mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113mpls l2-circuit-ftn-entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114mpls l2-circuit-ilm-entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114mpls local-packet-handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115

Table of Contents

©2001-2007 IP Infusion Inc. Confidential vii

mpls log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115mpls lsp-model pipe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116mpls lsp-tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116mpls map-route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117mpls max-label-value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117mpls min-label-value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118mpls propagate-ttl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118mpls vrf-entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119show mpls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119show mpls admin-groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120show mpls cross-connect-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120show mpls forwarding-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121show mpls ftn-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122show mpls ilm-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122show mpls in-segment-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123show mpls l2-circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123show mpls l2-circuit-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124show mpls log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124show mpls mapped-routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125show mpls out-segment-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125show mpls vc-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125show mpls vrf-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126

MPLS OAM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126ping mpls ipv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126ping mpls l2-circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127ping mpls l3vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127ping mpls ldp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128ping mpls rsvp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129ping mpls vpls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130trace mpls ipv4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130trace mpls l2-circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131trace mpls l3vpn. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132trace mpls ldp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132trace mpls rsvp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133trace mpls vpls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134

CHAPTER 6 NSM GMPLS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 135gmpls capability-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135gmpls encoding-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135gmpls link-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136gmpls min-lsp-bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137gmpls protection-type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137gmpls risk-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138gmpls sdh-indication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139

CHAPTER 7 GMP Multicast Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 141IGMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141

Table of Contents

viii ©2001-2007 IP Infusion Inc. Confidential

clear ip igmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141clear ip igmp groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141clear ip igmp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142debug igmp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142ip igmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143ip igmp access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143ip igmp immediate-leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144ip igmp last-member-query-count. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145ip igmp last-member-query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145ip igmp limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146ip igmp mroute-proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147ip igmp proxy-service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147ip igmp querier-timeout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148ip igmp query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148ip igmp query-max-response-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149ip igmp robustness-variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150ip igmp snooping fast-leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151ip igmp snooping mrouter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151ip igmp snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152ip igmp snooping report-suppression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152ip igmp ssm-map enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153ip igmp ssm-map static. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153ip igmp static-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154ip igmp version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155show ip igmp groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156show ip igmp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157show ip igmp snooping mrouter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158show ip igmp snooping statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158

MLD Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159clear ipv6 mld . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159clear ipv6 mld groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159clear ipv6 mld interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160debug mld. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160ipv6 mld . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161ipv6 mld access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161ipv6 mld immediate-leave. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162ipv6 mld last-member-query-count. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163ipv6 mld last-member-query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163ipv6 mld limit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164ipv6 mld mroute-proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165ipv6 mld proxy-service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165ipv6 mld querier-timeout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166ipv6 mld query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166ipv6 mld query-max-response-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167ipv6 mld robustness-variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167ipv6 mld snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168

Table of Contents

©2001-2007 IP Infusion Inc. Confidential ix

ipv6 mld snooping fast-leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169ipv6 mld snooping mrouter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169ipv6 mld snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170ipv6 mld snooping report-suppression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170ipv6 mld ssm-map enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171ipv6 mld ssm-map static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171ipv6 mld static-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172ipv6 mld version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173show ipv6 mld groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174show ipv6 mld interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174show ipv6 mld snooping mrouter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175show ipv6 mld snooping statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176

CHAPTER 8 NSM Multicast Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 177clear ip mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177clear ip mroute statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177clear ipv6 mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178clear ipv6 mroute statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178debug nsm mcast. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178ip mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179ip multicast route-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180ip multicast ttl-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180ip multicast-routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181ipv6 mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181ipv6 multicast route-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182ipv6 multicast-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183show ip mroute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183show ip mroute count. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184show ip mroute summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185show ip mvif . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186show ip rpf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186show ipv6 mif . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187show ipv6 mroute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187show ipv6 mroute count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188show ipv6 mroute summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189show ipv6 rpf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190

CHAPTER 9 NSM Traffic Engineering (TE) Commands . . . . . . . . . . . . . . 191reservable-bandwidth. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191

CHAPTER 10 NSM DiffServ Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 193mpls class-to-exp-bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193mpls support-diffserv-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193show mpls diffserv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193show mpls diffserv class-to-exp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195show mpls diffserv configurable-dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195show mpls diffserv supported-dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196

Table of Contents

x ©2001-2007 IP Infusion Inc. Confidential

CHAPTER 11 NSM DiffServ-TE Commands . . . . . . . . . . . . . . . . . . . . . . . . .197bandwidth-constraint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197bc-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197mpls class-type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197mpls te-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198show mpls dste. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198show mpls dste class-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199show mpls dste te-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199

CHAPTER 12 NSM Layer-2 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .201Common Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201

flowcontrol off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201flowcontrol on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201mirror interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202show flowcontrol interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202show mirror. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203show mirror interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203show storm-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204show storm-control broadcast interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204storm-control level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205

Bridge Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205bridge acquire. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205bridge address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206bridge ageing-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206bridge-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207bridge protocol ieee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207bridge protocol ieee vlan-bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208bridge protocol mstp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208bridge protocol rstp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208bridge protocol rstp vlan-bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209clear mac address-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209clear mac address-table bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210clear mac address-table dynamic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211clear mac address-table dynamic bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211mac-address-table static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212show bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212show interface switchport bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214

VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215show vlan all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215show vlan all bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215show vlan brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216show vlan classifier group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216show vlan classifier interface group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217show vlan classifier rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217show vlan dynamic bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218

Table of Contents

©2001-2007 IP Infusion Inc. Confidential xi

show vlan static bridge. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218switchport access vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219switchport hybrid allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219switchport hybrid vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .220switchport mode access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221switchport mode hybrid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221switchport mode trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222switchport trunk allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223switchport trunk native vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224vlan bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224vlan classifier ipv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225vlan classifier mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225vlan classifier proto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226vlan database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226vlan mtu bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227vlan state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227

Private-VLAN Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228private-vlan association bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228private-vlan bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228switchport mode private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229switchport private-vlan host-association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229switchport private-vlan mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .230show vlan private-vlan bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .230

GMRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231clear gmrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231debug gmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231set gmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232set gmrp bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232set gmrp extended-filtering bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233set gmrp fwdall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233set gmrp registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234set gmrp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234set gmrp vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235set port gmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236set port gmrp vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236show gmrp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237show gmrp configuration bridge. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237show gmrp machine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238show gmrp machine bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238show gmrp statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239show gmrp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239

GVRP Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240clear gvrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240debug gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240set gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241set gvrp applicant. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241

Table of Contents

xii ©2001-2007 IP Infusion Inc. Confidential

set gvrp bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242set gvrp dynamic-vlan-creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242set gvrp dynamic-vlan-creation bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242set gvrp registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243set gvrp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243set port gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244show gvrp configuration bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244show gvrp machine bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245show gvrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245show gvrp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246

MMRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246clear mmrp statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246clear mmrp statistics vlanid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247set mmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247set mmrp bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248set mmrp disable bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248set mmrp disable bridge vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249set mmrp enable bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249set mmrp enable bridge vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250set mmrp extended-filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250set mmrp extended-filtering disable bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251set mmrp extended-filtering enable bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251set mmrp fwdall disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252set mmrp fwdall enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252set mmrp timer join. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253set mmrp timer leaveall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253set mmrp pointtopoint enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254set mmrp registration fixed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254set mmrp registration forbidden . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254set mmrp registration normal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255set port mmrp disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255set port mmrp disable vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256set port mmrp enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257set port mmrp enable vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257show mmrp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258show mmrp configuration bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258show mmrp machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259show mmrp machine bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259show mmrp statistics vlanid bridge. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259show mmrp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260

MVRP Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261clear mvrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261clear mvrp statistics all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261clear mvrp statistics bridge. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262set mvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262set mvrp applicant state active . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262

Table of Contents

©2001-2007 IP Infusion Inc. Confidential xiii

set mvrp applicant state normal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263set mvrp disable bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263set mvrp dynamic-vlan-creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264set mvrp dynamic-vlan-creation disable bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264set mvrp dynamic-vlan-creation enable bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .265set mvrp enable bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .265set mvrp timer join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266set mvrp timer leave. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266set mvrp timer leaveall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267set mvrp pointtopoint enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267set mvrp registration fixed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267set mvrp registration forbidden . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268set mvrp registration normal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268set port mvrp disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269set port mvrp enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269show mvrp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270show mvrp configuration all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .271show mvrp interface statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .271show mvrp machine bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272show mvrp statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272show mvrp timer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273

Provider Bridging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273bridge protocol provider-mstp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273bridge protocol provider-rstp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .274cvlan registration table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .274cvlan svlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .275l2-protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .275switchport allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276switchport customer-edge access vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276switchport customer-edge hybrid allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277switchport customer-edge hybrid vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277switchport customer-edge vlan registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278switchport customer-network vlan translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278switchport mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279switchport mode customer-edge access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279switchport mode customer-edge hybrid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .280switchport mode customer-edge trunk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .281switchport provider-edge vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .281switchport provider-network vlan translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282switchport trunk customer-edge allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282vlan type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .283vlan type access-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .283vlan type bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284

MEF UNI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284ce-vlan preserve-cos <1-4094> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284ethernet uni . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285

Table of Contents

xiv ©2001-2007 IP Infusion Inc. Confidential

ethernet uni id NAME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2852protocol-tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285

CHAPTER 13 NSM LACP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .287channel-group mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287no channel-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287show etherchannel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288show static-channel-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288static-channel-group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289

CHAPTER 14 NSM VPLS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291mpls vpls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291mpls-vpls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291show mpls vpls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291show mpls vpls detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292show mpls vpls mesh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293show mpls vpls spoke . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293vpls-description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294vpls-mtu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294vpls-peer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295vpls-vc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295

CHAPTER 15 Tunneling Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297interface tunnel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297tunnel checksum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297tunnel destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298tunnel mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298tunnel mode ipv6ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299tunnel path-mtu-discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300tunnel source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300tunnel tos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301tunnel ttl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301

CHAPTER 16 Remote Monitoring Commands . . . . . . . . . . . . . . . . . . . . . . .303rmon alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303rmon collection history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303rmon collection stats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304rmon event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305show rmon alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305show rmon event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306show rmon history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306show rmon statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306

CHAPTER 17 Interpeak Security Commands . . . . . . . . . . . . . . . . . . . . . . . .307Clear Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307

clear crypto isakmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307clear crypto sa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307clear crypto sa entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308clear crypto sa map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308

Table of Contents

©2001-2007 IP Infusion Inc. Confidential xv

clear crypto sa peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .308Crypto Map Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309

crypto ipsec security-association lifetime. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309crypto ipsec transform-set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309crypto map ipsec-manual | ipsec-isakmp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310crypto map local-address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311match address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .312set peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .313set security-association lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .313set session-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .314set transform-set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315

ISAKMP Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .316crypto isakmp enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .316crypto isakmp keepalive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .316crypto isakmp key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .316crypto isakmp policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .317

ISAKMP Policy Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .317authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .318encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .318group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319hash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319

Interface Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .320crypto map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .320

Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321show crypto ipsec sa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321show crypto ipsec transform-set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321show crypto isakmp policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321show crypto isakmp sa. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322show crypto map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322

CHAPTER 18 QoS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323class. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .323class-map. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .323ip-access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324mac-access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325match access-group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325match ip-dscp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326match ip-precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326match layer4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326match mpls exp-bit topmost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .327match vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .327match vlan-range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328mls qos. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328mls qos aggregate-police. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329

Table of Contents

xvi ©2001-2007 IP Infusion Inc. Confidential

mls qos dscp-cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329mls qos dscp-mutation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330mls qos map dscp-cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330mls qos map dscp-mutation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331mls qos min-reserve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331police . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332police-aggregate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332policy-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333service-policy input. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334set cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334set ip-dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335set ip-precedence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335set mpls exp-bit topmost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335show class-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336show mls qos aggregator-policer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336show mls qos interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337show mls qos maps dscp-cos. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337show mls qos maps dscp-mutation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338show policy-map. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338show qos-access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339wrr-queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339wrr-queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340wrr-queue dscp-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340wrr-queue min-reserve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341wrr-queue queue-limit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341wrr-queue random-detect max-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342wrr-queue threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342

CHAPTER 19 NSM Firewall Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .345access-list ipv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345access-list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345firewall group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346firewall group in|out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347show firewall rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347

CHAPTER 20 NSM Broadcom Stacking Commands. . . . . . . . . . . . . . . . . . .349show stacking db . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349show stacking dump db . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349show stacking local . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350show stacking master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350show stacking numCPU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351stacking masterdev . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351

Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Index - 1

©2001-2007 IP Infusion Inc. Confidential 1

CHAPTER 1 ZebOS Command Line Interface Environment

About This Command ReferenceNetwork administrators and application developers who install and configure ZebOS® IP routing software should use this Command Reference.

This Reference contains the following information:

• An overview of the ZebOS Command Line Interface.

• The complete command reference for ZebOS Network Services Module (NSM).

ZebOS provides Telnet services so that users can log into any of the routing module layers and control the module by using the Command Line Interface (CLI).

Command Line Interface PrimerThe ZebOS® Command Line Interface (CLI) is a text based facility conforming to industry standards. Many of the commands may be used in scripts to automate configuration tasks. Each command CLI is usually associated with a specific function or a common function performing a specific task. Multiple users can telnet and issue commands using the Exec mode and the Privileged Exec mode. For ZebOS versions earlier than 7.4, only one user is allowed to use the Configure mode at a time. For ZebOS versions 7.4 and later, multiple users are allowed to simultaneously use the Configure mode.

The IMI Shell gives users and administrators the ability to issue commands to several daemons from a single telnet session.

Definitions

Command Line HelpThe ZebOS CLI contains a text-based help facility. Access this help by typing in the full or partial command string then typing a question mark “?”. The ZebOS CLI displays the command keywords or parameters along with a short description.

For example, at the CLI command prompt, type

ZebOS> show ? (the CLI does not display the question mark).The CLI displays this keyword list with short descriptions for each keyword:

ZebOS# show debugging Debugging functions (see also 'undebug') history Display the session command history ip IP information

token A non-character, non-numeric symbol: {}, {}, (), <>, |, ?, >, ., =

parameter An UPPERCASE term for which the user substitutes input.

keyword A lowercase term that the user types exactly as shown.

ZebOS Command Line Interface Environment

2 ©2001-2007 IP Infusion Inc. Confidential

memory Memory statistics route-map route-map information running-config running configuration startup-config Contents of startup configuration version Displays ZebOS version

If the ? is typed in the middle of a keyword, ZebOS displays help for that keyword only.

ZebOS> show de? (the CLI does not display the question mark). debugging Debugging functions (see also 'undebug')

If the ? is typed in the middle of a keyword but the incomplete keyword matches several other keywords, ZebOS displays help for all matching keywords.

ZebOS> show i? (the CLI does not display the question mark). interface Interface status and configuration ip IP information isis ISIS information

Syntax Help

Command CompletionThe ZebOS CLI can complete the spelling of a command or a parameter. Begin typing the command or parameter and then press TAB. For example, at the CLI command prompt type sh:

ZebOS> sh

Press TAB. The CLI shows:

ZebOS> show

If the command or parameter partial spelling is ambiguous, the ZebOS CLI displays the choices that match the abbreviation. Type show i and press TAB. The CLI shows:

ZebOS> show iinterface ip isisZebOS> show i

The CLI displays the interface and ip keywords. Type n to select interface and press TAB. The CLI shows:

ZebOS> show inZebOS> show interface

Type ? and the CLI displays the list of parameters for the show interface command.

ZebOS> show interface IFNAME Interface name | Output modifiers > Output redirection <cr>

The CLI displays the only parameter associated with this command, the IFNAME parameter. For more information on the output modifiers and output redirection, see the Special Tokens for Show Commands section.

Command AbbreviationsThe ZebOS CLI accepts abbreviations for commands. For example,

sh in eth0

is an abbreviation for the show interface command.

ZebOS Command Line Interface Environment

©2001-2007 IP Infusion Inc. Confidential 3

Command Line ErrorsAny unknown spelling variation causes the command line parser to display in response to the ?, the error Unrecognized command. The parser re-displays the command as last entered. When the user presses the enter key after typing an invalid command, the parser displays:

ZebOS(config)#router ospf here ^% Invalid input detected at '^' marker.

where the ^ points to the first character in error in the command.

If a command is incomplete it displays this message:

ZebOS> show% Incomplete command.

Some commands are too long for the display line and can wrap in mid-parameter or mid-keyword:

area 10.10.0.18 virtual-link 10.10.0.19 authentication-key 57393

ZebOS Command Line Interface Environment

4 ©2001-2007 IP Infusion Inc. Confidential

Command Reference Primer

Typographic ConventionsThe following table lists typographic conventions for command syntax descriptions.

Convention Name Description Example

Monospaced font

Command Represents command strings entered on a command line and sample source code.

show ip ospf

Proportional font

Description Gives specific details about a parameter. advertise Advertises this range

UPPERCASE Variable parameter Indicates user input. Values to be entered according to the descriptions that follow. Each uppercased token expands into one or more other tokens.

area AREAID range ADDRESS

lowercase Keyword parameter Indicates keywords. Values to be entered exactly as shown in the command description.

show ip ospf

| Vertical bar Delimits choices; One to be selected from the list. Not to be entered as part of the command.

A.B.C.D|<0-4294967295>

() Parentheses Encloses optional parameters. None or only one to be chosen. Not to be entered as part of the command.

(A.B.C.D|<0-4294967295>)

{ } Braces Encloses optional parameters. None, one or more than one to be chosen. Not to be entered as part of the command.

{priority <0-255>|poll-interval <1-65535>}

[] Square brackets Encloses optional parameters. Choose one. Not to be entered as part of the command.

[parm2|parm2|parm3]

? Question mark Used with the square brackets to limit the immediately following token to one occurrence. Not to be entered as part of the command.

[parm1|parm2|?parm3] expands toparm1 parm3 parm1 parm2(with parm3 occurring once)

< > Angle brackets Enclose a numeric range, endpoints inclusive. Not to be entered as part of the command.

<0-65535>

= Equal sign Separates the variable from explanatory text. Not to be entered as part of the command.

PROCESSID = <0-65535>

. Dot (period) Allows the repetition of the element that immediately follows it multiple times. Not to be entered as part of the command.

.AA:NN can be expanded to: 1:01 1:02 1:03.

A.B.C.D IP address An IPv4-style address. 10.0.11.123

X:X::X:X IP address An IPv6-style address. 3ffe:506::1, where the:: represents all 0s for those address components not explicitly given.

LINE End-of-line input token

Indicates user input of any string, including spaces. No other parameters may be entered after input for this token.

string of words

ZebOS Command Line Interface Environment

©2001-2007 IP Infusion Inc. Confidential 5

WORD Single token Indicates user input of any contiguous string (excluding spaces).

singlewordnospaces

IFNAME Single token Indicates the name of an interface. eth0

Convention Name Description Example

ZebOS Command Line Interface Environment

6 ©2001-2007 IP Infusion Inc. Confidential

Format used for Command Description

command nameDescription of the command. What the command does and when should it be used.

Command Syntaxsample command name mandatory-parameters (OPTIONAL-PARAMETERS)

DefaultThe status of the command before it is executed. Is it enabled or disabled by default.

Command ModeName of the command mode in which this command is to be used. Such as, Exec, Privilege Exec, Configure mode and so on.

UsageThis section is optional. It describes the usage of a specific command and the interactions between parameters. It also includes appropriate sample outputs for show commands.

ExampleUsed if needed to show the complexities of the command syntax.

Related CommandsThis section is optional and lists those commands that are of immediate importance.

Equivalent CommandsThis section is optional and lists commands that accomplish the same function.

Validation CommandsThis section is optional and lists commands that can be used to validate the effects of other commands.

Command NegationSome commands can be negated by using a no keyword.

In the following area virtual-link command, the no keyword is optional, This means that the entire syntax can be negated. Depending on the command or the parameters, command negation can mean the disabling of one entire feature for the router or the disabling of that feature for a specific ID, interface or address.

(no) area AREAADDRESSID virtual-link ROUTERID (AUTHENTICATE|MSGD|INTERVAL)

In the following example, negation is for the base command only. The negated form does not take any parameter.

default-metric <1-16777214>

no default-metric

ZebOS Command Line Interface Environment

©2001-2007 IP Infusion Inc. Confidential 7

Variable Parameter expansionFor the area virtual-link command,

(no) area AREAADDRESSID virtual-link ROUTERID (AUTHENTICATE|MSGD|INTERVAL)

the AREAADDRESSID parameter is replaced by either an IP address or a number in the given range:

AREAADDRESSID=A.B.C.D|<0-4294967295>

and ROUTERID by an IP address. The minimum command then is:

area 10.10.0.11 virtual-link 10.10.0.12

The parameters in the string (AUTHENTICATE|MSGD|INTERVAL) are optional, and only one may be chosen. Each one can be replaced by more keywords and parameters. One of these parameters, MD5, is replaced by the following string:

MD5= [message-digest-key <1-255> md5 MD5_KEY]

with MD5_KEY replaced by a 1-16 character string.

Other Conventions

This warning symbol indicates that you must be cautious as you might risk losing data or damaging your hardware.

!

ZebOS Command Line Interface Environment

8 ©2001-2007 IP Infusion Inc. Confidential

Show Command Tokens Two tokens modify the output of the show commands. Use the ? after typing the command to display:

ZebOS# show users | Output modifiers > Output redirection

Note: These tokens are available only through the IMI shell; they are unavailable to users who telnet to daemons.

Output ModifiersType the | (vertical bar) to use Output modifiers.

begin Begin with the line that matchesexclude Exclude lines that matchinclude Include lines that matchredirect Redirect output

Begin

The begin parameter displays the output beginning with the first line containing a token matching the input string (everything typed after the begin token).

ZebOS# show run | begin eth1

...skippinginterface eth1 ipv6 address fe80::204:75ff:fee6:5393/64!interface eth2 ipv6 address fe80::20d:56ff:fe96:725a/64!line con 0 loginline vty 0 4 login!end

Exclude

The exclude parameter excludes all lines of output that contain the input string. In the following output all lines containing the word “include” are excluded:

ZebOS# show interface eth1 | exclude inputInterface eth1 Scope: both Hardware is Ethernet, address is 0004.75e6.5393 index 3 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST> VRF Binding: Not bound Label switching is disabled No Virtual Circuit configured Administrative Group(s): None DSTE Bandwidth Constraint Mode is MAM inet6 fe80::204:75ff:fee6:5393/64

ZebOS Command Line Interface Environment

©2001-2007 IP Infusion Inc. Confidential 9

output packets 4438, bytes 394940, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0

Include

The include parameter includes only those lines of output that contain the input string. In the output below, all lines containing the word “input” are included:

ZebOS# show interface eth1 | include input input packets 80434552, bytes 2147483647, dropped 0, multicast packets 0 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 1, missed 0

Redirect

The redirect parameter puts the lines of output into the indicated file.

ZebOS# show history | redirect /var/frame.txt

Output RedirectionThe output redirection token > allows the user to specify a target file for the lines of output.

ZebOS# show history > /var/frame.txt

ZebOS Command Line Interface Environment

10 ©2001-2007 IP Infusion Inc. Confidential

Common Command ModesThe commands available for each protocol are separated into several modes (nodes) arranged in a hierarchy; The Exec mode is the lowest. Each mode has its own special commands; in some modes, commands from a lower level are available.

Note: Multiple users can telnet and issue commands using the Exec mode and the Privileged Exec mode. For ZebOS versions earlier than 7.4, only one user is allowed to use the Configure mode at a time. For ZebOS versions 7.4 and later, multiple users are allowed to simultaneously use the Configure mode.

Exec Mode Also called the View mode, is the base mode from where users can perform basic commands like show, exit, quit, help, list, and enable. All ZebOS daemons have this mode.

Privileged Exec Mode Also called the Enable mode, allows users to run debug, write (for saving and viewing the configuration) and show commands.

Configure Mode Also called Configure Terminal mode, this mode serves as a gateway into the Interface, Router, Line, Route Map, Key Chain and Address Family modes.

Interface Mode Is used to configure protocol-specific settings for a particular interface. Any attribute configured in this mode overrides an attribute configured in the Router mode.

Line Mode Makes the access-class commands available.

This diagram displays the common command mode tree.

Startup Routerin EXEC mode(View mode)

PrivilegedEXEC mode

(Enable mode)

Configure mode

Interfacemode

enable(password)

configure terminal

interface IFNAME

Line mode

line vty [FIRST] (LAST)

Command Mode

Command used to enter the next Command Mode

ZebOS Command Line Interface Environment

©2001-2007 IP Infusion Inc. Confidential 11

QoS Command ModesClass Map Use this mode to create class maps. A class map names and isolates specific traffic from other traffic, and defines criteria to match against a specific traffic flow to further classify it.

Policy Map Use this mode to create policy maps. A policy map specifies on which traffic class to act.

Class Use this mode to define a traffic classification.

The following diagram shows the complete QoS module command mode tree. For information about Exec, Privileged Exec, Configure and Interface modes, refer to the NSM daemon command modes mentioned earlier in this chapter.

Startup Routerin Exec mode

Command Mode

Command used to enter next command modeenable

(password)

PrivilegedExec mode

configureterminal

Configuremode

Class-Mapmode

class-map NAME

Policy-Mapmode

policy-map NAME

class NAME

Classmode

ZebOS Command Line Interface Environment

12 ©2001-2007 IP Infusion Inc. Confidential

©2001-2007 IP Infusion Inc. Confidential 13

CHAPTER 2 Commands Common to Multiple Protocols

access-classUse this command to filter a connection, based on an IP access list, for IPv4 networks.

Note: This command is unavailable to ZebOS Server Routing Suite (SRS) customers and ZebOS Advanced Routing Suite (ARS) customers using the IMISH for CLI management. To control access from the network/ hosts, IMISH administrators must change system files, such as, /etc/host.allow and /etc/hosts.deny.

Command Syntaxaccess-class LIST

LIST = IP access-list

Command ModeLine mode

Usage Use access-class command after configuring the access-list. See ZebOS NSM Commands chapter for details on the access-list command.

ExampleZebOS# configure terminalZebOS(config)# line vty 23 55ZebOS(config-line)# access-class myclass1

Related Commandsaccess-list, ipv6 access-class

access-listUse the access-list command to configure an access list for filtering packets. Use the no parameter to remove a specified access-list.

Command Syntax(no) access-list LISTNAME (DENY|PERMIT|REMARK)

LISTNAME = WORD DENY|PERMIT|REMARK IP ZebOS access-listDENY = deny [A.B.C.D/M (exact-match)]|any Specify route to reject.PERMIT = permit [A.B.C.D/M (exact-match)]|any Specify route to permit

A.B.C.D = An IP address.M = Mask specifying which part of the IP address will be ignored.any = Allows any IP address or prefix to match.exact-match = Specifies exact matching of prefixes

REMARK = remark .LINE

Commands Common to Multiple Protocols

14 ©2001-2007 IP Infusion Inc. Confidential

LINE = Multi-line, access-list entry comment up to 100 characters.

Command ModeConfigure mode

UsageUse access lists to control the transmission of packets on an interface, and restrict contents of routing updates. The switch stops checking the access list after a match occurs.

When using this command from a Telnet session, be sure to telnet to the relevant protocol daemon (for example, isisd); unpredictable results can occur if this command is used in a telnet session with the NSM daemon.

ExamplesZebOS# configure terminal ZebOS(config)# access-list mylist deny 10.10.0.72/24 exact-match ZebOS(config)# access-list mylist permit any

Validation Commandsshow running-config, show ip access-list, show ipv6 access-list

access-list extendedUse the access-list extended command to configure an access list for filtering packets. Use the no parameter to remove a specified access-list.

Command Syntax(no) access-list EXTENDED (deny|permit|REMARK)ip SOURCE DESTINATION

(no) access-list EXTENDED (deny|permit|REMARK)ip any any

EXTENDED = <100-199>|<2000-2699>

<100-199> = IP extended access list<2000-2699> = IP extended access list (expanded range)

deny Specify route to reject.permit Specify route to permit.REMARK = remark .LINE

LINE = Multi-line, access-list entry comment up to 100 characters.SOURCE = [A.B.C.D WILDCARDS]|any|host

A.B.C.D = IP address of the Source.WILDCARD = Wildcard mask to specify which part of A.B.C.D are ignored. It works as a reverse

address mask, e.g., 0.0.0.255 means you permit or deny the route which matches the first 24 bits, A.B.C.D.

DESTINATION = [A.B.C.D WILDCARDS]|any|host

A.B.C.D = IP address of the Destination.WILDCARD = Wildcard mask to specify which part of A.B.C.D is ignored. It works as a reverse address

mask, e.g., 0.0.0.255 means you permit or deny the route which matches the first 24 bits, A.B.C.D.any = Allows any IP address or prefix to match.host = host A.B.C.D A single host address.

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 15

Command ModeConfigure mode

UsageWhen using this command from a Telnet session, be sure to telnet to the relevant protocol daemon (for example, isisd); unpredictable results can occur if this command is used in a telnet session with the NSM daemon.

ExamplesZebOS# configure terminal ZebOS(config)# access-list 134 deny 1.1.1.0 0.0.0.255 ZebOS(config)# access-list 2345 permit host 10.10.2.76

Validation Commandsshow running-config, show ip access-list, show ipv6 access-list

access-list standardUse the access-list standard command to configure an access list for filtering packets. Use the no parameter to remove a specified access-list.

Command Syntax(no) access-list STANDARD (DENY|PERMIT|REMARK)

STANDARD = <1-99>|<1300-1999>

<1-99> = IP standard access list<1300-1999> = IP standard access list (expanded range)

DENY = deny [A.B.C.D (WILDCARD)]|any|host Specify route to reject.PERMIT = permit [A.B.C.D (WILDCARD)]|any|host Specify route to permit.

A.B.C.D = An IP address.WILDCARD = wildcard mask to specify which part of A.B.C.D is ignored. It works as a reverse address

mask, e.g., 0.0.0.255 means you permit or deny the route which matches the first 24 bits, A.B.C.D.any = Allows any IP address or prefix to match.host = host A.B.C.D A single host address.

REMARK = remark .LINE LINE = Multi-line, access-list entry comment up to 100 characters.

Command ModeConfigure mode

UsageWhen using this command from a Telnet session, be sure to telnet to the relevant protocol daemon (for example, isisd); unpredictable results can occur if this command is used in a telnet session with the NSM daemon.

ExamplesZebOS# configure terminal ZebOS(config)# access-list 67 deny 1.1.1.0 0.0.0.255 ZebOS(config)# access-list 1332 permit any

Commands Common to Multiple Protocols

16 ©2001-2007 IP Infusion Inc. Confidential

Validation Commandsshow running-config, show ip access-list, show ipv6 access-list

access-list zebosUse this command to configure an access list for filtering frames that permit or deny IP, ICMP, TCP, UDP packets or ICMP packets with a specific value based on the source or destination. Use the mask to specify a subset of addresses. Use the any parameter to allow all packets, regardless of source or destination. Use the icmp-type parameter to include a specific value. Use the log option to keep a log of the command outputs. Use the no parameter to remove a specified access-list.

Command Syntax [ip|icmp](no) access-list zebos WORD [deny|permit] [ip|icmp|any] [A.B.C.D/M|any] [A.B.C.D|M/any] (log)

zebos Extended access-list.WORD ZebOS access-list name.deny Specify route to reject.permit Specify route to permit.ip IP packet.icmp ICMP packet.any Any packet.A.B.C.D/M|any = Source IP address or local address and mask, or any local address.A.B.C.D/M|any = Destination IP address or local address and mask, or any local address.log Log the results.

Command Syntax [ICMP-TYPE](no) access-list zebos WORD [deny|permit] [icmp] [A.B.C.D/M|any] [A.B.C.D|M/any] icmp-type ICMP-TYPE (log)

zebos Extended access-list.WORD ZebOS access-list name.deny Specify route to reject.permit Specify route to permit.ip IP packet.icmp ICMP packet.any Any packet.A.B.C.D/M|any = Source IP address or local address and mask, or any local address.A.B.C.D/M|any = Destination IP address or local address and mask, or any local address.ICMP-TYPE = ICMP value.log Log the results.

Command Syntax [tcp|udp](no) access-list zebos WORD [deny|permit] [tcp|udp] [A.B.C.D/M|any] [et|lt|gt|ne] <0-65535> [A.B.C.D|M/any] [et|lt|gt|ne] <0-65535> (log)

zebos Extended access-list.WORD ZebOS access-list name.deny Specify route to reject.

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 17

permit Specify route to permit.tcp TCP packet.udp UDP packet.any Any packet.A.B.C.D/M|any = Source IP address or local address and mask, or any local address.et Source port numbers equal to the given valuelt Source port numbers less than the given valuegt Source port numbers greater than the given valuene Source port numbers not equal to the given value.<0-65535> Port number specifiedA.B.C.D/M|any = Destination IP address or local address and mask, or any local address.et Destination port numbers equal to the given valuelt Destination port numbers less than the given valuegt Destination port numbers greater than the given valuene Destination port numbers not equal to the given value<0-65535> Port number specifiedlog Log the results.

Command ModeConfigure mode

UsageUse access lists to control the transmission of packets on an interface, and restrict the content of routing updates. The switch stops checking the access list when a match is encountered.

ExampleZebOS# configure terminalZebOS(config)# access-list zebos TK deny tcp 2.2.2.3/24 eq 14 3.3.3.4/24 lt 12 log

Related Commandsshow running-config, show ip access-list

bannerUse the banner command to display the banner motive of the day on login. Use the no parameter to disable this function.

Note: When using the banner command through IMISH, you must write to memory using the write memory or write file command. If you have not written to memory, the change made by this command (the new banner) is not available when you log into IMISH the next time.

Command Syntax(no) banner motd default

Command ModeConfigure mode

Commands Common to Multiple Protocols

18 ©2001-2007 IP Infusion Inc. Confidential

ExamplesZebOS# configure terminalZebOS(config)# no banner motd

UsageBy default, the following banner is displayed on logging.

Hello, this is ZebOS (version 4.0051502-Main).Copyright 2001, 2002 IP Infusion Inc.

clear ip prefix-listUse this command to reset the hit count to zero in the prefix-list entries.

Command Syntaxclear ip prefix-list (WORD) (A.B.C.D/M)

WORD Specify the name of the prefix-list.A.B.C.D/M IP prefix and length.

Command ModePrivileged Exec mode

ExamplesZebOS# clear ip prefix-list List1

configure terminalUse the configure terminal command to enter the Configure command mode.

Command Syntaxconfigure terminal

Command ModePrivileged Exec mode

ExamplesThe following example shows the use of the configure terminal command to enter the Configure command mode (note the change in the command prompt).

ZebOS# configure terminalZebOS(config)#

copy running-config startup-configUse the copy running-config startup-config to write configurations to the file to be used at startup. This is the same as the write memory command.

Command Syntaxcopy running-config startup-config

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 19

Command ModePrivileged Exec mode

ExamplesZebOS# copy running-config startup-config

descriptionUse this command to provide an interface-specific description.

Command Syntaxdescription .LINE

LINE = Characters describing the specific interface.

Command ModeInterface mode

UsageThis command is used to provide description about a particular interface.

ExamplesThe following example provides information about the connecting router for interface eth1.

Router# configure terminalRouter(config)# interface eth1Router(config-if)# description Connected to Zenith's fas2/0

Validation Commandsshow running-config

disableUse the disable command to exit the Privileged Exec mode, and return to the Exec mode.

Command Syntaxdisable

Command ModePrivileged Exec mode

UsageThis is the only command that allows a user to go back to the Exec mode. Using the exit or quit command from the Privileged Exec mode ends the session, instead of going back

ExamplesZebOS# disableZebOS>

Commands Common to Multiple Protocols

20 ©2001-2007 IP Infusion Inc. Confidential

Related Commandsenable, end, exit

enableUse the enable command to enter the Privileged Exec command mode.

Command Syntaxenable

Command ModeExec mode

UsageTo return to the Exec mode from Privileged Exec mode, use the disable command. Using the exit or quit command from Privileged Exec mode ends the session.

ExamplesThe following example shows the use of the enable command to enter the Privileged Exec mode (note the change in the command prompt).

ZebOS> enableZebOS#

Related Commandsdisable, exit, quit

enable passwordUse the enable password command to modify or create a password to be used when entering the Enable mode.

Note: When using the enable password command through IMISH, you must write to memory using the write memory or write file command. If you have not written to memory, the change made by this command (the new password) is not available when you log into IMISH the next time.

Command Syntaxenable password HIDDEN|PLAIN

HIDDEN = 8 password Specifies a hidden password. PLAIN = password The unencrypted (cleartext) line password

Command ModeConfigure mode

UsageThis command enables the administrator to set a password for entering the enable mode. There are three methods to enable a password.

Note: In the examples below, for each method, the configuration is different: the configuration file output is different, but the password string to be used to enter the enable mode is the same (mypasswd).

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 21

• Plain Password The plain password is a clear text string that appears in the configuration file as configured.

• Encrypted Password Configure an encrypted password using the service encrypted-password command. First, use the enable password command to specify the string that you want to use as a password (mypasswd). Then, use the service encrypted-password command to encrypt the specified string (mypasswd). The advantage of using an encrypted password is that the configuration file does not show mypasswd, it will only show the encrypted string fU7zHzuutY2SA.

• Hidden Password Configure an encrypted password using the HIDDEN parameter (8) with the enable password command. Use this method if you already know the encrypted string corresponding to the plain text string that you want to use as a password. It is not required to use the service password-encryption command for this method. The output in the configuration file will show only the encrypted string, and not the text string.

Related Commandsservice password-encryption

Validation Commandsshow running-config

Configuration Output in the Configuration File

ZebOS# configure terminalZebOS(config)# enable password mypasswdZebOS(config)# end

ZebOS# show runCurrent configuration:hostname ZebOSenable password mypasswd!interface lo

Configuration Output in the Configuration File

ZebOS# configure terminalZebOS(config)# enable password mypasswdZebOS(config)# service password-encryptionZebOS(config)# end

ZebOS# show runCurrent configuration:hostname ZebOSenable password 8 fU7zHzuutY2SAservice password-encryption!interface lo

Configuration Output in the Configuration File

ZebOS# configure terminalZebOS(config)# enable password 8 fU7zHzuutY2SAZebOS(config)# end

ZebOS# show runCurrent configuration:hostname ZebOSenable password 8 fU7zHzuutY2SA!interface lo

Commands Common to Multiple Protocols

22 ©2001-2007 IP Infusion Inc. Confidential

endUse the end command to return to the Privileged Exec command mode from any other advanced command mode.

Command Syntaxend

Command ModeAll command modes

ExamplesThe following example shows the use of the end command to return to the Privileged Exec mode directly from Interface mode.

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# endZebOS#

Related Commandsexit, disable, enable

exec-timeoutUse the exec-timeout command to set the interval the command interpreter waits for user input detected. Use the no parameter to disable the wait interval.

Command Syntax exec-timeout MINUTES (SECONDS)

no exec-timeout

MINUTES = <0-35791> Timeout value in minutesSECONDS = <0-2147483> Timeout value in seconds

Command ModeLine mode

UsageThis command is used set the time the telnet session waits for an idle VTY session, before it timeouts. An exec-timeout 0 0 setting will cause the telnet session to wait indefinitely.

ExamplesIn the following example, the telnet session will timeout after 2 minutes, 30 seconds if there is no response from the user.

Router# configure terminalRouter(config)# line vty 23 66Router(config-line)# exec-timeout 2 30

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 23

Validation Commandsshow running-config

exitUse the exit command to exit the current mode, and return to the previous level. When used in Exec mode, the exit command terminates the session.

Command Syntaxexit

Command ModeAll command modes

Examples The following example shows the use of exit command to exit Interface mode, and return to Configure mode.

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# exitZebOS(config)#

Related Commandsend, enable, disable

helpUse the help command to display a description of the ZebOS help system.

Command Syntaxhelp

Command ModeAll command modes

UsageThis is the sample output from the help command:

ZebOS# helpZebOS VTY provides advanced help feature. When you need help,anytime at the command line please press '?'.

If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.Two styles of help are provided:1. Full help is available when you are ready to enter acommand argument (e.g. 'show ?') and describes each possibleargument.2. Partial help is provided when an abbreviated argument is entered

Commands Common to Multiple Protocols

24 ©2001-2007 IP Infusion Inc. Confidential

and you want to know what arguments match the input (e.g. 'show me?'.)

ExamplesZebOS# configure terminalZebOS(config)# help

hostnameUse the hostname command to set or change the network server name. ZebOS daemons use this name in system prompts and default configuration file names. Use the no parameter to disable this function.

Note: When using the hostname command through IMISH, you must write to memory using the write memory or write file command. If you have not written to memory, the change made by this command (the new hostname) is not available when you log into IMISH the next time.

Command Syntax(no) hostname HOSTNAME

HOSTNAME Specifies the network name of the system.

Command ModeConfigure mode

UsageThis command provides a hostname for login purposes only, and not for the enable mode. A hostname could be added for each remote system with which the local router communicates, and from which it requires authentication. The other router must have a hostname entry for the local router. This entry must have the same password as the local router has for this router. This command is useful for defining host names for special privileges. For example, a hostname all requiring no password could be created allowing the users to connect to general information without password.

Note: Setting a hostname using this command takes precedence over setting a hostname in the kernel. If you set the hostname using the CLI, and then set the hostname in the kernel, the hostname set using the CLI will remain.

ExamplesThe following example sets the hostname to IPI, and shows the change in the prompt:

ZebOS# configure terminalZebOS(config)# hostname IPIIPI(config)#

Validation Commandsshow running-config

ip prefix-listUse this command to create an entry for a prefix list.

Use the no parameter with this command to delete the prefix-list entry.

Command Syntax(no) ip prefix-list sequence number

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 25

(no) ip prefix-list LISTNAME description (.LINE)

(no) ip prefix-list LISTNAME|SEQ

LINE= text description of the prefix list.LISTNAME= Specifies the name of a prefix list.SEQ = seq <1-429496725> (deny|permit) IPPREFIX any|LENGTH

seq <1-429496725> The sequence number of the prefix list.deny Specifies that packets are to be rejected.permit Specifies that packets are to be accepted.

IPPREFIX=A.B.C.D/M The IP address mask and length of the prefix list mask.any Takes all packets of any length. This parameter is the same as using 0.0.0.0/0 le 32 for

IPPREFIX.LENGTH= [LE|GE]

LE= le <0-32> Maximum prefix length to be matched.GE= ge <0-32> Minimum prefix length to be matched.

Command ModeConfigure mode

UsageRouter starts to match prefixes from the top of the prefix list, and stops whenever a match or deny occurs. To promote efficiency, use the seq parameter and place common matches or denials towards the top of the list. The sequence values are generated in the sequence of 5.

The parameters GE and LE specify the range of the prefix length to be matched. When setting these parameters, set the LE value to be less than 32, and the GE value to be less than LE value.

In this configuration, the ip prefix-list command matches all, but denies the IP address range, 76.2.2.0.

router bgp 100network 172.1.1.0network 172.1.2.0neighbor 10.6.5.3 remote-as 300neighbor 10.6.5.3 prefix-list mylist out!! ip prefix-list mylist seq 5 deny 76.2.2.0/24ip prefix -list mylist seq 10 permit 0.0.0.0/0

ExamplesZebOS# configure terminalZebOS(config)# ip prefix-list mylist seq 12345 deny 10.0.0.0/8 le 22 ge 14

Related Commandsmatch ip address, neighbor prefix-list, match route-map

ip remote-addressUse this command to set the remote address on a point-to-point non multi-access link.

Commands Common to Multiple Protocols

26 ©2001-2007 IP Infusion Inc. Confidential

Command Syntaxip remote-address A.B.C.D/M

A.B.C.D/M IP address and prefix length of the link remote address.

Command ModeInterface mode

UsageThis command sets the remote address (far end) of a point-to-point non multi-access link. This command can be used only on unnumbered interfaces. When a new remote-address is configured, the old address gets overwritten.

ExampleZebOS(config)#interface ppp0ZebOS(config-if)#ip unnumbered eth1ZebOS(config-if)#ip remote-address 1.1.1.1/32

Validation Commandsshow running-config, show interface

ip unnumberedUse this command to enable IP processing without an explicit address, on a point-to-point non multi-access link.

Use the no parameter with this command to unconfigure this feature on an interface.

Command Syntax(no) ip unnumbered IFNAME

IFNAME A string that specifies the interface.

Command ModeInterface mode

UsageThis command lets an interface borrow the IP address of a specified interface, to enable IP processing on a serial, point-to-point interface without assigning it an explicit IP address. In this way, the IP unnumbered interface can borrow the IP address of another interface already configured on the router, to conserve network and address space.

ExampleThe following example creates a tunnel between Router 1 (eth1) and Router 2 (eth2), and enables IP processing without an explicit address on an interface.

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 27

On Router 1

ZebOS# configure terminalZebOS (config)# interface loZebOS (config-if)# ip address 127.0.0.1/8ZebOS (config-if)# ip address 33.33.33.33/32 secondaryZebOS (config-if)# exitZebOS (config)# interface eth1ZebOS (config-if)# ip address 10.10.10.145/24ZebOS (config-if)# exitZebOS (config)# interface Tunnel0ZebOS (config-if)# tunnel source 10.70.0.145ZebOS (config-if)# tunnel destination 10.70.0.77ZebOS (config-if)# tunnel ttl 255ZebOS (config-if)# tunnel path-mtu-discoveryZebOS (config-if)# tunnel mode greZebOS (config-if)# ip unnumbered eth1ZebOS (config-if)# exitZebOS (config)# router ospfZebOS (config-router)# network 10.10.10.0/24 area 0

On Router 2

ZebOS# configure terminalZebOS (config)# interface loZebOS (config-if)# ip address 127.0.0.1/8ZebOS (config-if)# ip address 44.44.44.44/32 secondaryZebOS (config-if)# exitZebOS (config)# interface eth2ZebOS (config-if)# ip address 30.10.10.77/24ZebOS (config-if)# exitZebOS (config)# interface Tunnel0ZebOS (config-if)# tunnel source 10.70.0.77ZebOS (config-if)# tunnel destination 10.70.0.145ZebOS (config-if)# tunnel ttl 255ZebOS (config-if)# tunnel path-mtu-discoveryZebOS (config-if)# tunnel mode greZebOS (config-if)# ip unnumbered eth2ZebOS (config-if)# exitZebOS (config)# router ospfZebOS (config-router)# network 30.10.10.0/24 area 0

Related Commandsipv6 unnumbered

Tunnel

10.70.0.0/24eth0

10.70.0.145eth010.70.0.77

Router 1(eth1) .145

Router 2(eth2) .77

Commands Common to Multiple Protocols

28 ©2001-2007 IP Infusion Inc. Confidential

ipv6 access-classUse this command to filter a connection based on an IP access list for IPv6 networks.

Note: This command is unavailable to ZebOS Server Routing Suite (SRS) customers, and to ZebOS ARS customers using the IMISH for CLI management. To control access from the network/ hosts, IMISH administrators are required to change system files, such as /etc/host.allow and /etc/hosts.deny.

Command Syntaxipv6 access-class LIST

DefaultDisabled

Command ModeLine mode

UsageUse this command in conjunction with the IP access list to set permissions for VTY session users for ipv6 address family.

ExampleZebOS# configure terminalZebOS(config)# line vty 12 77ZebOS(config-line)# ipv6 access-class mylist1

Related Commandsaccess-list

ipv6 access-listUse this command to configure an access list for filtering frames.

Use the no parameter to remove a specified access-list.

Command Syntax(no) ipv6 access-list LISTNAME (DENY|PERMIT|REMARK)

LISTNAME = WORD DENY|PERMIT|REMARK IP ZebOS access-listDENY = deny [X:X::X:X/M (exact-match)]|any Specify route to reject.PERMIT = permit [X:X::X:X/M (exact-match)]|any Specify route to permit

A.B.C.D = An IPv6 address.M = Mask Specifying which part of the IPv6 address will be ignored.any = Allows any IPv6 address or prefix to match.exact-match = Specifies exact-matching of prefixes

REMARK = remark .LINE LINE = Multi-line, access-list entry comment up to 100 characters.

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 29

Command ModeConfigure mode

UsageUse access lists to control the transmission of packets on an interface, and restrict contents of routing updates. The switch stops checking the access list after a match occurs.

ExamplesZebOS# configure terminal ZebOS(config)# ipv6 access-list mylist deny 3ffe:506::/32 exact-match ZebOS(config)# ipv6 access-list mylist permit any

Validation Commandsshow running-config, show ipv6 access-list

ipv6 access-list zebosUse this command to configure an access list for filtering frames that permit or deny IP, ICMP, TCP, or UDP packets, or ICMP packets with a specific value based on the source or destination. Use the mask to specify a subset of addresses. Use the any parameter to allow all packets, regardless of source or destination. Use the icmp-type parameter to include a specific value. Use the log option to keep a log of the command outputs. Use the no parameter to remove a specified access-list.

Note: Use this command in IPV6 environments.

Command Syntax [ip|icmp](no)ipv6 access-list zebos WORD [deny|permit] [ip|icmp|any] [X:X::X:X/M|any] [X:X::X:X|M/any] (log)

zebos Extended access-list.WORD ZebOS access-list name.deny Specify route to reject.permit Specify route to permit.ip IP packet.icmp ICMP packet.any Any packet.X:X::X:X/M|any = Source IP address or local address and mask, or any local address.X:X::X:X/M|any = Destination IP address or local address and mask, or any local address.log Log the results.

Command Syntax [icmp TYPE value](no)ipv6 access-list zebos WORD [deny|permit] [icmp] [X:X::X:X/M|any] [X:X::X:X|M/any] icmp-type ICMP-TYPE (log)

zebos Extended access-list.WORD ZebOS access-list name.deny Specify route to reject.permit Specify route to permit.ip IP packet.

Commands Common to Multiple Protocols

30 ©2001-2007 IP Infusion Inc. Confidential

icmp ICMP packet.any Any packet.X:X::X:X/M|any = Source IP address or local address and mask, or any local address.X:X::X:X/M|any = Destination IP address or local address and mask, or any local address.ICMP-TYPE = ICMP value.log Log the results.

Command Syntax (Source and Destination Ports)(no)ipv6 access-list zebos WORD [deny|permit] [tcp|udp] [X:X::X:X/M|any] [et|lt|gt|ne] <0-65535> [X:X::X:X|M/any] [et|lt|gt|ne] <0-65535> (log)

zebos Extended access-list.WORD ZebOS access-list name.deny Specify route to reject.permit Specify route to permit.tcp TCP packet.udp UDP packet.any Any packet.X:X::X:X/M|any = Source IP address or local address and mask, or any local address.et Source port numbers equal to the given valuelt Source port numbers less than the given valuegt Source port numbers greater than the given valuene Source port numbers not equal to the given value.<0-65535> Port number specifiedX:X::X:X/M|any = Destination IP address or local address and mask, or any local address.et Destination port numbers equal to the given valuelt Destination port numbers less than the given valuegt Destination port numbers greater than the given valuene Destination port numbers not equal to the given value<0-65535> Port number specifiedlog Log the results.

Command ModeConfigure mode

UsageUse access lists to control the transmission of packets on an interface, and restrict the content of routing updates. The switch stops checking the access list when a match is encountered.

ExampleZebOS# configure terminalZebOS(config)# ipv6 access-list zebos TK deny tcp 2::2/64 eq 14 3::4/64 lt 12 log

ipv6 prefix-listUse this command to create an entry for an ipv6 prefix-list.

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 31

Command Syntax(no) ipv6 prefix-list sequence number

ipv6 prefix-list description .LINE

(no) ipv6 prefix-list description (.LINE)

(no) ipv6 prefix-list LISTNAME|SEQ

LINE= text description of the prefix list.LISTNAME= Specifies the name of a prefix list.SEQ = seq <1-429496725> (deny|permit) IPPREFIX any|LENGTH

seq <1-429496725> The sequence number of the prefix list.deny Specifies that packets are to be rejected.permit Specifies that packets are to be accepted.

IPPREFIX = X:X::X:X/M The IP address mask and length of the prefix list mask.any Takes all packets of any length. This parameter is the same as using 0.0.0.0/0 le 32 for

IPPREFIX.LENGTH= [LE|GE]

LE= le <0-32> Maximum prefix length to be matched.GE= ge <0-32> Minimum prefix length to be matched.

Command ModeConfigure mode

UsageRouter starts to match prefixes from the top of the prefix list, and stops whenever a match or deny occurs. To promote efficiency, use the seq parameter and place common matches or denials towards the top of the list. The sequence values are generated in the sequence of 5.

The parameters GE and LE specify the range of the prefix length to be matched.

Examplesipv6 prefix-list mylist seq 12345 deny 3ffe:345::/16 le 22 ge 14

ipv6 unnumberedUse this command to enable IPv6 processing without an explicit address, on a point-to-point non multi-access link.

Use the no parameter with this command to unconfigure this feature on an interface.

Command Syntax(no) ipv6 unnumbered IFNAME

IFNAME A string that specifies the interface.

Command ModeInterface mode

Commands Common to Multiple Protocols

32 ©2001-2007 IP Infusion Inc. Confidential

UsageThis command lets an interface borrow the IPv6 address of a specified interface, to enable IPv6 processing on a serial, point-to-point interface without assigning it an explicit IPv6 address. In this way, the IPv6 unnumbered interface can borrow the IPv6 address of another interface already configured on the router, to conserve network and address space.

ExampleThe following example creates a tunnel between Router 1 (eth1) and Router 2 (eth2), and enables IPv6 processing without an explicit address on an interface.

On Router 1

ZebOS# configure terminalZebOS (config)# interface loZebOS (config-if)# ipv6 address ::1/128ZebOS (config-if)# exitZebOS (config)# interface eth1ZebOS (config-if)# ipv6 address fe80::20e:cff:fe6e:56dd/64ZebOS (config-if)# exitZebOS (config)# interface Tunnel0ZebOS (config-if)# tunnel source 10.70.0.145ZebOS (config-if)# tunnel destination 10.70.0.77ZebOS (config-if)# tunnel ttl 255ZebOS (config-if)# tunnel path-mtu-discoveryZebOS (config-if)# tunnel mode greZebOS (config-if)# ipv6 unnumbered eth1ZebOS (config-if)# ipv6 router ospf area 0 tag 1ZebOS (config-if)# exitZebOS (config)# router ipv6 ospf 1ZebOS (config-router)# router-id 10.70.0.145

On Router 2

ZebOS# configure terminalZebOS (config)# interface loZebOS (config-if)# ipv6 address ::1/128ZebOS (config-if)# exitZebOS (config)# interface eth2ZebOS (config-if)# ipv6 address fe80::204:75ff:febf:f07a/64ZebOS (config-if)# exitZebOS (config)# interface Tunnel0ZebOS (config-if)# tunnel source 10.70.0.77ZebOS (config-if)# tunnel destination 10.70.0.145ZebOS (config-if)# tunnel ttl 255ZebOS (config-if)# tunnel path-mtu-discoveryZebOS (config-if)# tunnel mode greZebOS (config-if)# ipv6 unnumbered eth2

Tunnel

10.70.0.0/24eth0

10.70.0.145eth010.70.0.77

Router 1(eth1) .145

Router 2(eth2) .77

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 33

ZebOS (config-if)# ipv6 router ospf area 0 tag 1ZebOS (config-if)# exitZebOS (config)# router ipv6 ospf 1ZebOS (config-router)# router-id 10.70.0.77

Related Commandsip unnumbered

line vtyUse the line vty command to move or change to VTY mode.

Command Syntaxline vty [FIRST] (LAST)

FIRST <0-871> Specify the first line number.LAST <0-871> Specify the last line number.

Command ModeConfigure mode

UsageThis command is used to telnet to the NSM or any protocol daemons. This configuration is necessary for any telnet session. This configuration should be in the daemon's config file before starting the daemon.

Use this command to enter the line mode to configure the access-class, and set the exec-timeout.

ExamplesThe following example shows the use of the line command to enter the Line command mode (note the change in the prompt).

ZebOS# configure terminalZebOS(config)# line vtyZebOS(config-line)#

Validation Commandsshow running-config

log fileUse the log file command to specify log file controls, and where to save the logs in a configuration file.

Use the no parameter to revert logging to the default file.

Command Syntax log file FILENAME

no log file (FILENAME)

FILENAME = Specifies the file name of the log.

Command ModeConfigure mode

Commands Common to Multiple Protocols

34 ©2001-2007 IP Infusion Inc. Confidential

UsageThe log file is written to filename in the default location, usually usr/local/sbin.

ExamplesThis command is used to log the debug messages of a particular protocol daemon to the specified file.

Router# configure terminalRouter(config)# log file /usr/local/sbin/bgpd.log

Validation Commandsshow running-config

log record-priorityUse the log record-priority command to include the priority of the message within the entry in the log file. Use the no parameter to exclude the priority from the entry.

Command Syntax(no) log record-priority

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# log record-priority

Validation Commandsshow running-config

log stdoutUse the log stdout command to begin the logging of information to a standard output device, and set the level to debug. Use the trap parameter and its subparameters to set the logging to a different level.

Use the no parameter to disable logging to the stdout.

Command Syntax log stdout

no log stdout

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# log stdout

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 35

Validation Commandsshow running-config

log syslogUse the log syslog command to begin the logging of information to system log and set the level to debug. Use the trap parameter and its subparameters to set the logging to a different level.

Use the no parameter to disable logging to the system log.

Command Syntax log syslog

no log syslog

Command ModeConfigure mode

UsageThe syslog enables logging and analyzing configuration events and system error messages, centrally. This helps in monitoring interface status, security alerts, and CPU process overloads. It also allows real-time capturing of client debug output sessions.

ExamplesZebOS# configure terminalZebOS(config)# log syslog

Validation Commands

log trapUse the log trap command with the log file to specify system message logging levels.

Use the no parameter to include all levels of logging.

Command Syntax log trap PRIORITY

no log trap

PRIORITY = emergencies|alerts|critical|errors|warnings| notifications|informational|debugging

emergencies = turns on logging of only the most severe messages.alerts = turns on logging of the above plus this level. critical = turns on logging of the above plus this level.errors = turns on logging of the above plus this level.warnings = turns on logging of the above plus this level.notifications = turns on logging of the above plus this level.informational = turns on logging of the above plus this level.debugging = turns on logging of the above plus this level. This level of logging is the most

comprehensive

Commands Common to Multiple Protocols

36 ©2001-2007 IP Infusion Inc. Confidential

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# log trap alertsZebOS(config)# log trap criticalZebOS(config)# log trap informational

Validation Commandsshow running-config

Related Commandslog file

loginUse this command to set a password prompt before entering the configuration mode, and enable password checking.

Command Syntax(no) login

DefaultEnabled

Command ModeLine mode

UsageLogin is enabled by default. The no login command allows users to connect directly to the Privileged Exec mode skipping the password verification prompt. After using the no login command, if the user changes to the login command again, the system uses the password used earlier, unless the user specifies a password in the configure mode (see the following example).

ExampleThe following examples show the use of login and no login command. In this example, a password pass is set (in configure mode) before using the login command.

!ZebOS# configure terminalZebOS(config)# line vtyZebOS(config-line)# no login!!ZebOS# configure terminalZebOS#(config)# password passZebOS#(config)# line vtyZebOS#(config-line)# login!

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 37

match as-pathUse this command to match an autonomous system path access list.

Use the no parameter with this command to remove a path list entry.

Command Syntax match as-path LISTNAME

no match as-path

no match as-path LISTNAME

LISTNAME Specifies as autonomous system path access list name.

Command ModeRoute-map mode

UsageThe match as-path command specifies the autonomous system path to be matched. If there is a match for the specified AS path, and permit is specified, the route is redistributed or controlled, as specified by the set action. If the match criteria are met, and deny is specified, the route is not redistributed or controlled. If the match criteria are not met then the route is neither accepted nor forwarded, irrespective of permit or deny specifications.

The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes, depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.

Note: This command is valid only for BGP.

ExamplesZebOS# configure terminalZebOS(config)# route-map myroute deny 34ZebOS(config-route-map)# match as-path myaccesslist

Related Commandsmatch metric, match ip address, match community, set as-path, set community

match communityUse this command to specify the community to be matched.

Use the no parameter with this command to remove the community list entry.

Command Syntax match community WORD

no match community

no match community WORD

WORD Specifies the Community-list name

Command ModeRoute-map mode

Commands Common to Multiple Protocols

38 ©2001-2007 IP Infusion Inc. Confidential

UsageCommunities are used to group and filter routes. They are designed to provide the ability to apply policies to large numbers of routes by using match and set commands. Community lists are used to identify and filter routes by their common attributes.

Use the match community command to allow matching based on community lists.

The values set by the match community command overrides the global values. The route that does not match at least one match clause is ignored.

Note: This command is valid only for BGP.

ExamplesZebOS# configure terminalZebOS(config)# route-map myroute permit 3ZebOS(config-route-map)# match community mylist

Related Commandsmatch ip address, match as-path, set as-path, set community, match metric

match interfaceUse this command to define the interface match criterion.

Use the no parameter with this command to remove the specified match criterion.

Command Syntax match interface IFNAME

no match interface

IFNAME A string that specifies the interface for matching.

DefaultDisabled

Command ModeRoute-map mode

UsageThe match interface command specifies the next-hop interface name of a route to be matched.

Note: This command is only valid for RIP, OSPF, and IS-IS.

ExampleZebOS# configure terminalZebOS(config)# route-map mymap1 permit 10ZebOS(config-route-map)# match interface eth0

Related Commandsmatch tag, match route-type external

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 39

match ip addressUse this command to specify the match address of route.

Use the no parameter with this command to remove the match ip address entry.

Command Syntax match ip address ACCESSLISTID

no match ip address

no match ip address ACCESSLISTID

ACCESSLISTID = WORD|<1-199>|<1300-2699>WORD The name of IP access-list<1-199> The IP access-list number<1300-2699> The IP access-list number (expanded range)

Command ModeRoute-map mode

UsageThe match ip address command specifies the IP address to be matched. If there is a match for the specified IP address, and permit is specified, the route is redistributed or controlled, as specified by the set action. If the match criteria are met, and deny is specified then the route is not redistributed or controlled. If the match criteria are not met, the route is neither accepted nor forwarded, irrespective of permit or deny specifications.

The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes, depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.

Note: This command is valid for BGP, OSPF, RIP, and IS-IS only.

ExamplesZebOS# configure terminalZebOS(config)# route-map myroute permit 3ZebOS(config-route-map)# match ip address List1

Related Commandsmatch community, match as-path, set as-path, set community, match metric

match ip address prefix-listUse this command to match entries of prefix-lists.

Use the no parameter with this command too disable this function

Command Syntax match ip address prefix-list LISTNAME

no match ip address prefix-list LISTNAME

LISTNAME Specifies the IP prefix list name.

Commands Common to Multiple Protocols

40 ©2001-2007 IP Infusion Inc. Confidential

Command ModeRoute-map mode

UsageThis command specifies the entries of prefix-lists to be matched. If there is a match for the specified prefix-list entries, and permit is specified, the route is redistributed or controlled, as specified by the set action. If the match criteria are met, and deny is specified, the route is not redistributed or controlled. If the match criteria are not met, the route is neither accepted nor forwarded, irrespective of permit or deny specifications.

The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.

This command is valid for BGP, OSPF, and RIP only.

ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)#match ip address prefix-list mylist

match ip next-hopUse this command to specify a next-hop address to be matched in a route-map.

Use the no parameter with this command to disable this function.

Command Syntaxmatch ip next-hop ACCESSLISTID

no match ip next-hop

no match ip next-hop ACCESSLISTID

ACCESSLISTID = WORD|<1-199>|<1300-2699>|PREFIXLIST Specifies the IP access list name.WORD The IP access-list name<1-199> The IP access-list number<1300-2699> The IP access-list number (expanded range)PREFIXLIST prefix-list WORD Match entries of prefix-lists WORD IP prefix-list name

Command ModeRoute-map mode

UsageThe match ip next-hop command specifies the next-hop address to be matched. If there is a match for the specified next-hop address, and permit is specified, the route is redistributed or controlled as specified by the set action. If the match criteria are met, and deny is specified, the route is not redistributed or controlled. If the match criteria are not met, the route is neither accepted nor forwarded, irrespective of permit or deny specifications.

The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.

Note: This command is valid for BGP, OSPF, RIP, and IS-IS only.

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 41

ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# match ip next-hop mylist

Related Commandsmatch community, match as-path, set as-path, set community, match metric

match ip next-hop prefix-listUse this command to specify the next-hop IP address match criterion, using the prefix-list.

Use the no parameter with this command to remove the specified match criterion.

Command Syntax (no) match ip next-hop prefix-list LISTNAME

no match ip next-hop prefix-list

LISTNAME A string specifying the prefix-list name.

DefaultDisabled

Command ModeRoute-map mode

UsageUse the match ip next-hop prefix-list command to match the next-hop IP address of a route.

Note: This command is valid for BGP and RIP only.

ExamplesZebOS# configure terminalZebOS(config)# route-map mymap permit 3ZebOS(config-route-map)# match ip next-hop prefix-list list1

Related Commandsmatch metric, match interface, match ip next-hop

match ipv6 addressUse this command to specify the match address of route.

Use the no parameter with this command to remove the match ip address entry.

Command Syntax match ipv6 address WORD

no match ipv6 address WORD

WORD Specifies the IPv6 access list name.

Commands Common to Multiple Protocols

42 ©2001-2007 IP Infusion Inc. Confidential

Command ModeRoute-map mode

UsageThe match ipv6 address command specifies the IPv6 address to be matched. If there is a match for the specified IPv6 address, and permit is specified, the route is redistributed or controlled as specified by the set action. If the match criteria are met, and deny is specified, the route is not redistributed or controlled. If the match criteria are not met, the route is neither accepted nor forwarded, irrespective of permit or deny specifications.

The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.

Note: This command is valid for BGP, RIPng, and IS-IS only.

ExamplesZebOS# configure terminalZebOS(config)# route-map ipi deny 1ZebOS(config-route-map)# match ipv6 address ipi

match ipv6 address prefix-listUse this command to match entries of prefix-lists.

Use the no parameter with this command to disable this function

Command Syntax match ipv6 address prefix-list LISTNAME

no match ipv6 address prefix-list LISTNAME

LISTNAME Specifies the IPv6 prefix list name.

Command ModeRoute-map mode

UsageThe match ipv6 address prefix-list command specifies the entries of prefix-lists to be matched. If there is a match for the specified prefix-list entries, and permit is specified, the route is redistributed or controlled as specified by the set action. If the match criteria are met, and deny is specified, the route is not redistributed or controlled. If the match criteria are not met, the route is neither accepted nor forwarded, irrespective of permit or deny specifications.

The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes, depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.

This command is valid for BGP, OSPFv3, and RIPng only.

ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)#match ipv6 address prefix-list mylist

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 43

match ipv6 next-hopUse this command to specify a next-hop address to be matched by the route-map.

Use the no parameter with this command to disable this function

Command Syntax match ipv6 next-hop X:X::X:X|WORD

no match ipv6 next-hop X:X::X:X|WORD

X:X::X:X The IPv6 addressWORD The IPv6 access-list name

Command ModeRoute-map mode

UsageThe match ipv6 next-hop command specifies the next-hop address to be matched. If there is a match for the specified next-hop address, and permit is specified, the route is redistributed or controlled as specified by the set action. If the match criteria are met, and deny is specified, the route is not redistributed or controlled. If the match criteria are not met, the route is neither accepted nor forwarded, irrespective of permit or deny specifications.

The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.

Note: This command is valid for BGP and IS-IS only.

ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# match ipv6 next-hop 3ffe::1

match metricUse this command to match a metric of a route.

Use the no parameter with this command to disable this function

Command Syntaxmatch metric METRIC

no match metric METRIC

METRIC <0-4261412864> Specifies the metric value.

Command ModeRoute-map mode

UsageThe match metric command specifies the metric to be matched. If there is a match for the specified metric, and permit is specified, the route is redistributed or controlled as specified by the set action. If the match criteria are met,

Commands Common to Multiple Protocols

44 ©2001-2007 IP Infusion Inc. Confidential

and deny is specified, the route is not redistributed or controlled. If the match criteria are not met, the route is neither accepted nor forwarded, irrespective of permit or deny specifications.

The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.

Note: This command is valid for BGP, OSPF, RIP, and IS-IS only.

ExamplesZebOS# configure terminalZebOS(config)# route-map myroute permit 3ZebOS(config-route-map)# no match metric 888999

Related Commandsmatch community, match as-path, set as-path, set community, match ip next-hop

match originUse this command to match origin code.

Use the no parameter with this command to disable this matching.

Command Syntax(no) match origin (egp|igp|incomplete)

egp learned from EGPigp Local IGPincomplete Unknown heritage

Command ModeRoute-map mode

UsageThe origin attribute defines the origin of the path information. The egp parameter is indicated as an e in the routing table, and it indicates that the origin of the information is learned via Exterior Gateway Protocol. The igp parameter is indicated as an i in the routing table, and it indicates the origin of the path information is interior to the originating AS. The incomplete parameter is indicated as a ? in the routing table, and indicates that the origin of the path information is unknown or learned through other means. If a static route is redistributed into BGP, the origin of the route is incomplete.

The match origin command specifies the origin to be matched. If there is a match for the specified origin, and permit is specified, the route is redistributed or controlled as specified by the set action. If the match criteria are met, and deny is specified, the route is not redistributed or controlled. If the match criteria are not met, the route is neither accepted nor forwarded, irrespective of permit or deny specifications.

The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.

Note: This command is valid for BGP only.

ExampleZebOS# configure terminal

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 45

ZebOS(config)# route-map myroute deny 34ZebOS(config-route-map)# match origin egp

Related Commands

match route-type Use this command to match specified external route type.

Use the no parameter with this command to turn off the matching.

Command Syntax (no) match route-type external (type-1 | type-2)

DefaultDisabled

Command ModeRoute-map mode

UsageUse the match route-type external command to match specific external route types. AS-external LSA is either Type-1 or Type-2. External type-1 matches only Type 1 external routes, and external type-2 matches only Type 2 external routes.

Note: This command is valid for OSPF only.

ExamplesZebOS# configure terminalZebOS(config)# route-map mymap1 permit 10ZebOS(config-route-map)# match route-type external type-1

Related Commandsmatch tag, match route-type external

match tagUse this command to match the specified tag value.

Use the no parameter with this command to turn off the declaration.

Command Syntax (no) match tag <0-4294967295>

DefaultDisabled

Command ModeRoute-map mode

Commands Common to Multiple Protocols

46 ©2001-2007 IP Infusion Inc. Confidential

UsageUse the match tag command to match the specified tag value.

Note: This command is valid for OSPF only.

ExamplesZebOS# configure terminalZebOS(config)# route-map mymap1 permit 10ZebOS(config-route-map)# match tag 100

Related Commandsmatch metric, match route-type external

passwordUse the password command to specify a network password.

Note: This command is unavailable to ZebOS Server Routing Suite (SRS) customers and ZebOS Advanced Routing Suite (ARS) customers using the IMISH for CLI management.

Command Syntaxpassword HIDDEN|PLAIN

HIDDEN = 8 password Specifies a hidden password. PLAIN = password The unencrypted (cleartext) line password password An up to 80-character, alpha-numeric string including spaces. This string cannot begin with a

number.

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# password 8 hiddenpasswordZebOS(config)# password plainpassword

Related Commandsenable

Validation Commandsshow running-config

route-mapUse this command to enter the route-map mode, and to permit or deny match/set operations.

Command Syntax (no) route-map MAPTAG deny|permit SEQ

MAPTAG= Identifies the route.deny Route map denies set operations

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 47

permit Route map permits set operationsSEQ= <1-65535> Specifies the sequence number for insertion or deletion.

Command ModeConfigure mode

UsageRoute-map is used to control and modify routing information. The route-map command allows redistribution of routes. It has a list of match and set commands associated with it. The match commands specify the conditions under which redistribution is allowed, and the set commands specify the particular redistribution actions to be performed if the criteria enforced by match commands are met. Route maps are used for detailed control over route distribution between routing processes.

Route maps also allow policy routing, and might route packets to a different route than the obvious shortest path.

If the permit parameter is specified, and the match criteria are met, the route is redistributed as specified by set actions. If the match criteria are not met, the next route map with the same tag is tested.

If the deny parameter is specified, and the match criteria are met, the route is not redistributed, and any other route maps with the same map tag are not examined.

Specify the sequence parameter to indicate the position a new route map is to have in the list of route maps already configured with the same name.

ExamplesThe following example shows the use of the route-map command to enter the route-map mode (note the change in the prompt), and the use of this mode in match and set commands.

ZebOS# configure terminalZebOS(config)# route-map route1 permit 1 ZebOS(config-route-map)# match as-path 60ZebOS(config-route-map)# set weight 70

service advanced-vtyUse this command to set multiple options to be listed when the Tab key is pressed, after completing a command. Use the no parameter to set no options to be listed when the Tab key is pressed, after completing a command.

Command Syntax(no) service advanced-vty

advanced-vty = Enable advanced mode VTY interface.

Command ModeConfigure mode

UsageThis feature applies to commands with more than one option.

ExamplesZebOS# configure terminalZebOS(config)# service advanced-vty

Commands Common to Multiple Protocols

48 ©2001-2007 IP Infusion Inc. Confidential

service password-encryptionUse this command to specify encryption of passwords. Use the no parameter to disable this feature.

Note: When using the service password-encryption command through IMISH, you must write to memory using the write memory or write file command. If you have not written to memory, the change made by this command (encryption) is not available when you log into IMISH the next time.

Command Syntax(no) service password-encryption

password-encryption = Enable encrypted passwords.

Command ModeConfigure mode

UsageThe service password-encryption command specifies encryption of the passwords. This encryption is simple, and designed to prevent casual observers from reading passwords not for serious hackers. The following output displays the encrypted password.

Router# configure terminalRouter(config)# service password-encryption

Current configuration:!hostname ZebOSpassword 8 aZSABJxOet0gsenable password 8 SLtKyTiWDXTZw!

ExamplesZebOS# configure terminalZebOS(config)# service password-encryption

Validation Commandsenable password

service terminal-lengthUse this command to set the terminal length for VTY sessions. Use the no parameter to disable this feature.

Command Syntax(no) service terminal-length LINES

terminal-length = Establish system-wide terminal length configuration.LINES = <0-512> Number of lines of VTY (0 means no line control).

Command ModeConfigure mode

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 49

UsageThe terminal-length parameter sets the terminal length for VTY sessions. In the following configuration, the terminal length for VTY sessions will be set to 60, making 60 the number of terminal lines for any telnet session.

ZebOS# configure terminalZebOS(config)# service terminal-length 60

ExamplesZebOS# configure terminalZebOS(config)# service advanced-vty

Validation Commandsshow running-config

set aggregator Use this command to set the AS number for the route map and router ID.

Use the no parameter with this command to disable this function

Command Syntax(no) set aggregator as ASNUM IPADDRESS

ASNUM Specifies the AS number of aggregator.IPADDRESS Specifies the IP address of aggregator.

Command ModeRoute-map mode

UsageAn Autonomous System (AS) is a collection of networks under a common administration sharing a common routing strategy. It is subdivided by areas, and is assigned a unique 16-bit number. Use the set aggregator command to assign an AS number for the aggregator.

To use the set aggregator command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.

If the packets do not match any of the defined criteria, they are routed through the normal routing process.

Note: This command is valid for BGP only.

ExamplesZebOS# configure terminalZebOS(config)# route-map myroute permit 3ZebOS(config-route-map)# set aggregator as 43 10.10.0.3

set as-pathUse this command to modify an autonomous system path for a route.

Use the no parameter with this command to disable this function.

Commands Common to Multiple Protocols

50 ©2001-2007 IP Infusion Inc. Confidential

Command Syntax(no) set as-path prepend (.ASN)

prepend Prepends the autonomous system path.ASN ZebOS prepends this number to the AS path.

Command ModeRouter-map mode

UsageUse the set as-path command to specify an autonomous system path. By specifying the length of the AS-Path, the router influences the best path selection by a neighbor. Use the prepend parameter with this command to prepend an AS path string to routes increasing the AS path length.

To use the set as-path command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.

If the packets do not match any of the defined criteria, they are routed through the normal routing process.

Note: This command is valid for BGP only.

ExamplesZebOS# configure terminalZebOS(config)# route-map myroute permit 3ZebOS(config-route-map)# set as-path prepend 8 24

set atomic-aggregateUse this command to set an atomic aggregate attribute.

Use the no parameter with this command to disable this function

Command Syntax set atomic-aggregate

no set atomic-aggregate

Command ModeRoute-map mode

UsageTo use the set atomic aggregate command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.

If the packets do not match any of the defined criteria, they are routed through the normal routing process.

Note: This command is valid for BGP only.

ExamplesZebOS# configure terminal

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 51

ZebOS(config)# route-map rmap1 permit 3 ZebOS(config-route-map)# set atomic-aggregate

Related Commands

set comm-list deleteUse this command to delete the matched communities from the community attribute of an inbound or outbound update when applying route-map.

Use the no parameter with this command to disable this feature.

Command Syntax(no) set comm-list (<1-199>|<100-199>|WORD) delete

<1-99> Standard community-list number.<100-199> Expanded community-list numberWORD Name of the Community-list.

Command ModeRoute-map mode

UsageThis command is valid for BGP only.

ExamplesZebOS# configure terminalZebOS(config)# route-map ipi permit 3ZebOS(config-route-map)# set comm-list 34 delete

set communityUse this command to set the communities attribute.

Use the no parameter with this command to delete the entry.

Command Syntax(no) set community [AA:NN|internet|local-AS|no-advertise|no-export](additive)

set community none

no set community

AA:NN Specifies the community number in this format.AA = The AS number. NN = The number assigned to community.

local-AS Specifies no sending outside the local AS (well-known community).internet Specifies the Internet.no-advertise Specifies no advertisement of this route to eBGP peersno-export Specifies no advertisement of this route to any peernone Removes the community attribute from the prefixes that pass the route-map.additive Adds to the existing community.

Commands Common to Multiple Protocols

52 ©2001-2007 IP Infusion Inc. Confidential

Command ModeRoute-map mode

UsageUse this command to set the community attribute and group destinations in a certain community, as well as, apply routing decisions according to those communities.

To use the set community command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.

If the packets do not match any of the defined criteria, they are routed through the normal routing process.

Note: This command is valid for BGP only.

ExamplesThe following examples show the use of the set community command with different parameters.

ZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set community no-export no-advertise

ZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set community no-advertise

ZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set community 10:01 23:34 12:14 no-export

set dampeningUse this command to enable route-flap dampening and set parameters.

Command Syntax(no) set dampening (REACHTIME (REUSE SUPPRESS MAXSUPPRESS))(UNREACHTIME)

REACHTIME <1-45> Specifies the reachability half-life time in minutes. The time for the penalty to decrease to one-half of its current value. The default is 15 minutes.

REUSE <1-20000> Specifies the reuse-limit value. When the penalty for a suppressed route decays below the reuse value, the routes become unsuppressed. The default reuse limit is 750.

SUPPRESS <1-20000> Specifies the suppress-limit value. When the penalty for a route exceeds the suppress value, the route is suppressed. The default suppress limit is 2000.

MAXSUPPRESS <1-255> Specifies the max-suppress-time. Maximum time that a dampened route is suppressed. The default max-suppress value is 4 times the half-life time (60 minutes).

UNREACHTIME <1-45> Specifies the un-reachability half-life time for penalty, in minutes. The default value is 15 minutes.

Command ModeRoute-map mode

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 53

UsageSet the unreachability half-life time to be equal to, or greater than, reachability half-life time. The suppress-limit value must be greater than or equal to the reuse limit value.

Note: This command is valid for BGP only.

ExampleZebOS# configure terminalZebOS(config)# route-map R1 permit 24ZebOS(config-route-map)# set dampening 20 333 534 30

set extcommunityUse this command to set an extended community attribute.

Use the no parameter with this command to disable this function

Command Syntax(no) set extcommunity rt|soo EXTCOMMNUMBER

no set extcommunity rt|soo

rt Specifies the route target of the extended community.soo Specifies the site-of-origin of the extended community.EXTCOMMNUMBER=ASN:nn_or_IP-address:nn VPN extended communityASN:nn= the AS number.IPADDRESS:nn= the AS number in IP address form.

Command ModeRoute-map mode

UsageTo use the set extcommunity command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.

If the packets do not match any of the defined criteria, they are routed through the normal routing process.

Note: This command is valid for BGP only.

ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set extcommunity rt 06:01

ZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set extcommunity rt 0.0.0.6:01

ZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set extcommunity soo 06:01

Commands Common to Multiple Protocols

54 ©2001-2007 IP Infusion Inc. Confidential

ZebOS# configure terminalZebOS(config-route-map)# route-map rmap1 permit 3ZebOS(config-route-map)# set extcommunity soo 0.0.0.6:01

set ip next-hop Use this command to set the specified next-hop value.

Use the no parameter with this command to turn off the setting.

Command Syntax (no) set ip next-hop A.B.C.D

no set ip next-hop

A.B.C.D Specifies the IP address of the next-hop

DefaultDisabled

Command ModeRoute-map mode

UsageUse this command to set the next-hop IP address to the routes.

Note: This command is valid for BGP, OSPF, and RIP only.

ExamplesZebOS# configure terminalZebOS(config)# route-map mymap permit 3ZebOS(config-route-map)# set ip next-hop 10.10.0.67

Related Commandsset metric

set ipv6 next-hopUse this command to set a next hop-address.

Use the no parameter with this command to delete an entry.

Command Syntax set ipv6 next-hop global|local IPADDRESS

no set ipv6 next-hop (global|local)

no set ipv6 next-hop (global|local)(IPADDRESS)

IPADDRESS= X:X::X:X Specifies the IPv6 address.global Specifies that the address is global.local Specifies that the address is local.

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 55

Command ModeRoute-map mode

UsageUse this command to set the next-hop IPv6 address to the routes.

Note: This command is valid for BGP and OSPFv3 only.

ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set ipv6 next-hop local fe80::203:47ff:fe97:66dc

set levelUse this command to set the IS-IS level to export a route.

Use the no parameter with this command to disable this function.

Command Syntaxset level-1|level-2|level-1-2

no set level

level-1 Export into a level-1 area.level-2 Export into a level-2 sub-domain.level-1-2 Export into level-1 and level-2.

Command ModeRoute-map mode

Note: This command is valid for IS-IS only.

ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set level level-1

set metricUse this command to set a metric value for a route.

Use the no parameter with this command to disable this function.

Command Syntaxset metric METRICVAL

no set metric (0-4261412864)

METRICVAL = <+/-metric>|<0-4261412864> The metric value.

Command ModeRoute-map mode

Commands Common to Multiple Protocols

56 ©2001-2007 IP Infusion Inc. Confidential

UsageThis command sets the metric value for a route, and influences external neighbors about the preferred path into an Autonomous System (AS). The preferred path is the one with a lower metric value. A router compares metrics for paths from neighbors in the same ASs. To compare metrics from neighbors coming from different ASs, use the bgp always-compare-med command.

To use the set metric command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.

If the packets do not match any of the defined criteria, they are routed through the normal routing process.

Note: This command is valid for BGP, OSPF, OSPFv3, RIP, RIPng, and IS-IS.

ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set metric 600

set metric-typeUse this command to set the metric type for the destination routing protocol.

Use the no parameter with this command to return to the default.

Command Syntax (no) set metric-type 1|2|type1|type2

1 = Select to set external type 1 metric.2 = Select to set external type 2 metric.type1 = Select to set external type 1 metric.type2 = Select to set external type 2 metric.

(no) set metric-type internal|external

internal = Select to set internal IS-IS type metric.external = Select to set external IS-IS type metric.

Command ModeRoute-map mode

UsageThe set metric-type 1|2|type1|type2 command sets the type to either Type-1 or Type-2 in the AS-external-LSA when the route-map matches the condition.

Note: The set metric-type 1|2|type1|type2 command is valid for OSPF and OSPFv3 only. The set metric-type internal|external command is valid for IS-IS only.

ExamplesIn this example the metric type of the destination protocol is set to OSPF external Type 1.

ZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set metric-type 1

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 57

Related Commandsredistribute, default-information

set originUse this command to set the BGP origin code.

Use the no parameter with this command to delete an entry.

Command Syntax set origin egp|igp|incomplete

no set origin (egp|igp|incomplete)

egp Specifies a remote EGP system.igp a local IGP system.incomplete Specifies a system of unknown heritage.

Command ModeRoute-map mode

UsageThe origin attribute defines the origin of the path information. The three parameters with this command indicate three different values. IGP is interior to the originating AS. This happens if IGP is redistributed into the BGP. EGP is learned through an Exterior Gateway Protocol. Incomplete is unknown or learned through some other means. This happens when static route is redistributed in BGP and the origin of the route is incomplete.

To use the set origin command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.

If the packets do not match any of the defined criteria, they are routed through the normal routing process.

Note: This command is valid for BGP only.

ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set origin egp

set originator-idUse this command to set the originator ID attribute.

Use the no parameter with this command to disable this function

Command Syntax set originator-id IPADDRESS

no set originator-id (IPADDRESS)

IPADDRESS Specifies the IP address of originator.

Commands Common to Multiple Protocols

58 ©2001-2007 IP Infusion Inc. Confidential

Command ModeRoute-map mode

UsageTo use the set originator-id command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.

If the packets do not match any of the defined criteria, they are routed through the normal routing process.

Note: This command is valid for BGP only.

ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set originator-id 1.1.1.1

set tagUse this command to set a specified tag value.

Use the no parameter with this command to return to the default.

Command Syntax (no) set tag TAGVALUE

TAGVALUE = <0-4294967295> Tag value for destination routing protocol.

Command ModeRoute-map mode

UsageTag in this command is the route tag which is labeled by another routing protocol (BGP or other IGP when redistributing), because AS-external-LSA has a route-tag field in its LSAs. Also, with using route-map, ZebOS can tag the LSAs with the appropriate tag value. Sometimes, the tag matches with using route-map, and sometimes, the value may be used by another application.

Note: This command is valid for OSPF only.

ExamplesIn the following example the tag value of the destination routing protocol is set to 6:

ZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set tag 6

Related Commandsredistribute, default-information

set vpnv4 next-hopUse this command to set a VPNv4 next-hop address.

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 59

Use the no parameter with this command to disable this function

Command Syntax set vpnv4 next-hop IPADDRESS

no set vpnv4 next-hop (IPADDRESS)

IPADDRESS Specifies the IP address of next hop.

Command ModeRoute-map mode

UsageTo use the set vpn4-hext-hop command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.

If the packets do not match any of the defined criteria, they are routed through the normal routing process.

Note: This command is valid for BGP only.

ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set vpnv4 next-hop 6.6.6.6

set weightUse this command to set weights for the routing table.

Use the no parameter with this command to delete an entry.

Command Syntax set weight WEIGHT

no set weight (WEIGHT)

WEIGHT = <0-4294967295> Specifies the weight value.

Command ModeRoute-map mode

UsageThe weight value is used to assist in best path selection. It is assigned locally to a router. When there are several routes with a common destination, the routes with a higher weight value are preferred.

To use the set weight command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.

match as-path 10set weight 400

In the above configuration, all routes that apply to access-list 10 will have the weight set at 400.

Commands Common to Multiple Protocols

60 ©2001-2007 IP Infusion Inc. Confidential

If the packets do not match any of the defined criteria, they are routed through the normal routing process.

Note: This command is valid for BGP only.

ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set weight 60

Related Commandsmatch as-path

show access-listUse this command to display a list of IP access lists.

Command Syntax show access-list

Command ModePrivileged Exec mode

ExamplesZebOS# show access-list

show cliUse this command to display the CLI tree of the current mode.

Command Syntaxshow cli

Command ModeAll command modes

UsageThis is a section of the sample output of the show cli command executed at the Interface mode.

+-ospf +-A.B.C.D +-authentication [no ip ospf (A.B.C.D|) authentication] +-authentication-key [no ip ospf (A.B.C.D|) authentication-key] +-cost [no ip ospf (A.B.C.D|) cost] +-database-filter [no ip ospf (A.B.C.D|) database-filter] +-hello-interval [no ip ospf (A.B.C.D|) hello-interval] +-message-digest-key

ExamplesZebOS# show cli

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 61

show historyUse the show history command to list the commands entered in the current session. The history buffer is cleared automatically upon reboot.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow history

Command ModeExec mode and Privileged Exec mode

Examplesshow history

UsageTwo sample results from the show history command:

IMI-CLI#show history 1 en 2 show ru 3 con t 4 route-map er deny 3 5 exit 6 ex 7 di

Though some modes do not have the show history command, commands entered in those modes are listed from the Privileged mode. All command line entries are listed, even erroneous commands.

ZebOS# show history 1 show ip protocols 2 show ip protocols rip 3 show history 4 enable 5 config terminal 6 show his 7 interface eth0 8 show history 9 router rip 10 end 11 list 12 con t 13 router rip 14 shoe history 15 show history 16 end

Commands Common to Multiple Protocols

62 ©2001-2007 IP Infusion Inc. Confidential

show ip prefix-listUse this command to display the prefix list entries.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Note: This command is valid for RIP and BGP protocols only.

Syntax Descriptionshow ip prefix-list (WORD|DETAIL|SUMMARY)

WORD=A.B.C.D/M (first-match|longer)A.B.C.D IP address for the prefix list.M=<0-32> is the length of the address/Mask.first-match the show command displays the first matching routing table for the given IP address or

prefix.longer causes the show command to lookup longer prefix.

DETAIL =detail(WORD)WORD = name of prefix list.

SUMMARY=summary(WORD)WORD = name of prefix list.

Command ModeExec mode

UsageThe following is a sample output of the show ip prefix-list command showing prefix-list entries.

ZebOS# show ip prefix-listip prefix-list ipi1: 3 entries seq 5 permit 172.1.1.0/16 seq 10 permit 173.1.1.0/16 seq 15 permit 174.1.1.0/16

Examples ZebOS# show ip prefix-list ZebOS# show ip prefix-list 10.10.0.98/8 first-matchZebOS# show ip prefix-list detail home

show listUse this command to display a list of all the commands relevant to the current mode.

Command Syntaxshow list

Command ModeAll command modes.

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 63

UsageThis is a section of the sample output of the show list command executed at the Configure mode.

ZebOS(config)# show list access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D A.B.C.D access-list (<1-99>|<1300-1999>) (deny|permit) any access-list (<1-99>|<1300-1999>) (deny|permit) host A.B.C.D access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D A.B.C.D

ExamplesZebOS# show list

show memory allUse this command to display memory statistics about all protocols and the ZebOS library.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Note: This command is available only if --enable-memmgr configuration option is enabled in the configure script.

Command Syntaxshow memory all

Command ModePrivileged Exec mode

UsageThe following is an output of this command displaying memory statistics about all protocols:

Zebos# show memory allMemory type Alloc cells Alloc bytes=================================== ============= ===============Temporary memory : 17759 1732336Hash : 16 1280Hash index : 16 58368Hash bucket : 61 4880Thread master : 8 8576Thread : 71 7952Link list : 148 11840...Buffer data : 3 3216Prefix : 4 320...Host config password : 7 560VTY master : 8 640VTY : 4 17600VTY history : 16 1280VTY if : 49 14896

Commands Common to Multiple Protocols

64 ©2001-2007 IP Infusion Inc. Confidential

VTY connected : 112 8960...Patricia tree node : 22 1760Message entry : 7 560Message handler : 8 896Host : 8 1408Log information : 16 1280Context : 16 3072----------------------------------- ------------- ---------------NSM Client Handler : 7 229712NSM Client : 7 14672NSM server entry : 7 229712NSM server client : 7 560NSM server : 1 2096NSM Route table : 12 960NSM Route node : 15 1680NSM Master : 1 112NSM RIB : 15 1200...IGMP interface info : 1 176NSM IPv6 Mcast entry : 1 560NSM IPv6 Mcast Client entry : 2 160NSM IPv6 Mcast Stat block entry : 2 8288MLD Top : 1 176MLD interface : 6 1056----------------------------------- ------------- -------------------------------------------------- ------------- ---------------OSPFv3 structure : 1 304OSPFv3 area : 1 176OSPFv3 interface : 1 304OSPFv3 neighbor : 3 912OSPFv3 vertex : 1 80...OSPFv3 prefix map : 1 80OSPFv3 packet : 681 105328OSPFv3 FIFO : 1 80OSPFv3 if params : 2 224OSPFv3 description : 4 320----------------------------------- ------------- ---------------BGP structure : 1 1072BGP VR structure : 1 112BGP global structure : 1 112BGP peer : 1 2096BGP as list master : 1 80Community list handler : 1 80BGP Damp Reuse List Array : 1 2096BGP table : 37 2960----------------------------------- ------------- ---------------PIM-DM Global : 1 176PIM-DM VR : 1 80

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 65

PIM-DM VRF : 1 176

ExamplesZebOS# show memory all

Related Commandsshow memory lib

show memory freeUse this command to display memory statistics about free memory for every protocol.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Note: This command is available only if --enable-memmgr configuration option is enabled in the configure script.

Command Syntaxshow memory free

Command ModePrivileged Exec mode

UsageThe following is an output of this command displaying the total free size and the number of available free blocks:

ZebOS# show memory free

Freed memories for IMI

Block size Total bytes Block count=============== =============== ==============32 80 164 257152 2296128 1421904 8079256 1214784 3996

...

Freed memories for NSM

Block size Total bytes Block count=============== =============== ==============32 80 164 257152 2296128 1421904 8079256 1214784 3996512 1127840 20141024 1055920 9852048 1031232 492...Freed memories for RIPng

Commands Common to Multiple Protocols

66 ©2001-2007 IP Infusion Inc. Confidential

Block size Total bytes Block count=============== =============== ==============32 0 064 257040 2295128 1421904 8079256 1214784 3996512 1127840 20141024 1054848 984...

ExamplesZebOS# show memory free

Related Commandsshow memory lib, show memory all

show memory libUse this command to display library memory statistics.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Note: This command is available only if --enable-memmgr configuration option is enabled in the configure script.

Command Syntaxshow memory lib

Command ModePrivileged Exec mode

UsageThe following is a section of the sample output for the show memory lib command showing the memory usage by library in different protocols.

ZebOS# show memory lib Library MTYPEs for NSMMemory type Alloc cells============================== ============Hash : 1Hash index : 1Hash bucket : 6Thread master : 1Thread : 11Link list : 10Link list node : 18Buffer : 0Buffer bucket : 0Buffer data : 0

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 67

Buffer IOV : 0...Config handle : 0Temporary memory : 2039Access list : 0Access list str : 0Access filter : 0Prefix list : 0Prefix list str : 0Prefix list entry : 0Route map : 0Route map name : 0Route map index : 0...Bit map : 3Bit map block : 3Bit map block array : 3Patricia tree : 5Patricia tree node : 0MPLS VRF table entry : 0------------------------------ ------------ Library MTYPEs for OSPFMemory type Alloc cells============================== ============Hash : 1Hash index : 1Hash bucket : 2Thread master : 1Thread : 25Link list : 40...Temporary memory : 2460Access list : 0Access list str : 0Access filter : 0Prefix list : 0...VTY path : 0Vector : 1340Vector index : 1340...Bit map block : 0Bit map block array : 0Patricia tree : 0Patricia tree node : 0MPLS VRF table entry : 0------------------------------ ------------

ExamplesZebOS# show memory lib

Commands Common to Multiple Protocols

68 ©2001-2007 IP Infusion Inc. Confidential

Related Commandsshow memory all

show memory summaryUse this command to display the summary of memory statistics.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Note: This command is available only if --enable-memmgr configuration option is enabled in the configure script.

Command Syntaxshow memory summary

Command ModePrivileged Exec mode

UsageFollowing is a sample output of the show memory summary command:

ZebOS# show memory summary

Memory summary for IMI

Total preallocated memory size: 10485760 Total preallocated memory overhead: 3141024 Total preallocated memory blocks: 65438

Total on demand allocated memory size: 913824 Total on demand allocated memory overhead: 388368 Total on demand allocated memory count: 8091

Requested ZebOS memory size: 2048768 Allocated ZebOS memory size: 6393904 Allocated ZebOS memory blocks: 55301

Total memory left in the free pool: 8535072 Total blocks left in the free pool: 18228

Memory summary for NSM

Total preallocated memory size: 10485760 Total preallocated memory overhead: 3141024... Total on demand allocated memory overhead: 388368 Total on demand allocated memory count: 8091

Requested ZebOS memory size: 2049160 Allocated ZebOS memory size: 6394464

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 69

Allocated ZebOS memory blocks: 55302

Total memory left in the free pool: 8534512 Total blocks left in the free pool: 18227

Memory summary for RIPng

Total preallocated memory size: 10485760 Total preallocated memory overhead: 3141024 Total preallocated memory blocks: 65438

...

Total memory left in the free pool: 8533360 Total blocks left in the free pool: 18225

ExamplesZebOS# show memory summary

show route-mapUse this command to display user readable route-map information.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow route-map

Command ModePrivileged Exec mode

Usage The following is a sample output of the show route-map command.

ZebOS# show route-map route-map ipi, permit, sequence 1 Match clauses: metric 200 Set clauses: metric 60

ExamplesZebOS> show route-map

show running-configUse the show running-config command to display the current configuration file.

Commands Common to Multiple Protocols

70 ©2001-2007 IP Infusion Inc. Confidential

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow running-config

Command ModePrivileged Exec mode

Examplesshow running-config

UsageThe display for the show running-config command is bracketed by Current configuration and end.

ZebOS# show running-config

Current configuration:!hostname ripdpassword zebralog stdout!debug rip eventsdebug rip packet!interface lo!interface cipcb0!interface sit0!interface eth0!interface eth1 ip rip send version 2 ip rip receive version 2 ip rip authentication string !!!!!interface dummy0!interface ip6tnl0!interface ip6tnl1!!router rip network eth0 network eth1 passive-interface eth0

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 71

redistribute connected!ip prefix-list hoge seq 5 permit anyip prefix-list hoge seq 10 permit 10.0.0.0/8!route-map nexthop permit 1 set ip next-hop 10.10.0.97!line vty exec-timeout 0 0!end

Related Commandswrite terminal

show startup-configUse the show startup-config command to display the startup configuration.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow startup-config

Command ModePrivileged Exec mode

Examplesshow startup-config

UsageThe following is a sample output of the show startup-config command displaying the configuration at startup.

ripd# show startup-config!! ZebOS configuration saved from vty! 2001/04/21 11:38:52!hostname ripdpassword zebralog stdout!debug rip eventsdebug rip packet!interface lo!interface eth0

Commands Common to Multiple Protocols

72 ©2001-2007 IP Infusion Inc. Confidential

ip rip send version 1 2 ip rip receive version 1 2!interface eth1 ip rip send version 1 2 ip rip receive version 1 2!router rip redistribute connected network 10.10.10.0/24 network 10.10.11.0/24!line vty exec-timeout 0 0

show versionUse the show version command to display the version of ZebOS currently running.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow version

Command ModePrivileged Exec mode and Exec mode

UsageThe following is an output from the show version command.

ZebOS# show versionZebOS SRS 6.1 (i686-pc-linux-gnu) 12172003Copyright 2001-2003 IP Infusion Inc.

NET-SNMP SNMP agent software(c) 1989, 1991, 1992 by Carnegie Mellon University;(c) 1996, 1998-6.10 The Regents of the University of California.All Rights Reserved;(c) 6.11, Networks Associates Technology, Inc. All rights reserved;(c) 6.11, Cambridge Broadband Ltd. All rights reserved. RSA Data Security, Inc. MD5 Message-Digest Algorithm(c) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.Libedit Library(c) 1992, 1993 The Regents of the University of California. All rightsreserved.OpenSSL LibraryCopyright (C) 1998-6.12 The OpenSSL Project. All rights reserved.Original SSLeay LicenseCopyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 73

terminal lengthUse the terminal length command to set number of lines displayed on a terminal. Use the no parameter with this command to revert to the default setting.

Command Syntax(no) terminal length LENGTH

LENGTH = <0-512> The number of lines on a terminal. The default length is 25 lines.

Command ModeExec mode and Privileged Exec mode

ExamplesThe following example sets the terminal length to 30 lines.

ZebOS# terminal length 30

terminal monitorUse the terminal monitor command to display debugging output on a terminal.

Command Syntax(no) terminal monitor

Command ModePrivileged Exec mode

ExamplesZebOS# terminal monitor

Related CommandsAll debug commands

whoUse the who command to display all other VTY connections.

Note: This command is unavailable to ZebOS Server Routing Suite (SRS) customers and to ZebOS Advanced Routing Suite (ARS) customers using the IMISH for CLI management.

Note: This command is only available on the Linux platform.

Command Syntaxwho

Command ModeExec mode

Commands Common to Multiple Protocols

74 ©2001-2007 IP Infusion Inc. Confidential

UsageThe following is an output from the who command displaying all other VTY connections. The entry “*” marks the connection with the configuration rights.

Router# who vty[8] connected from 127.0.0.1.*vty[9] connected from 127.0.0.1. vty[10] connected from 10.10.0.74

ExamplesZebOS> who

write file and write memoryUse the write file or write memory command to write configuration data to a file.

Command Syntaxwrite file

write memory

Command ModePrivileged Exec mode

ExamplesZebOS# write file

Related Commandsshow running-config

write terminalUse the write terminal command to display current configurations to the VTY terminal.

Command Syntaxwrite terminal

Command ModePrivileged Exec mode

UsageThe following is an output from the write terminal command displaying current configuration on the terminal.

ripd# write terminal

Current configuration:!hostname ripdpassword zebralog stdout

Commands Common to Multiple Protocols

©2001-2007 IP Infusion Inc. Confidential 75

!debug rip eventsdebug rip packet!interface lo!interface eth0 ip rip send version 1 2 ip rip receive version 1 2!interface eth1 ip rip send version 1 2 ip rip receive version 1 2!!router rip network 10.10.10.0/24 network 10.10.11.0/24 redistribute connected!line vty exec-timeout 0 0!end

ExamplesZebOS# write terminal

Related Commandsshow-running-config

Commands Common to Multiple Protocols

76 ©2001-2007 IP Infusion Inc. Confidential

©2001-2007 IP Infusion Inc. Confidential 77

CHAPTER 3 NSM Commands

admin-group Use this command to create an administrative group to be used for links. Each link can be a member of one or more, or no administrative groups.

Note: This command is unavailable to ZebOS Server Routing Suite (SRS) customers and to ZebOS Advanced Routing Suite (ARS) customers using the IMISH for CLI management.

Command Syntaxadmin-group NAME <0-31>

NAME = Specify the name of the admin group to be added<0-31> = Specify the number of groups per system Note: <0-31> available only from the Configure mode

Command ModeInterface mode

Usage When used in the interface mode, this command adds a link between an interface and a group. The name is the name of the group previously configured. There can be multiple groups per interface. The group is created in the Configure mode, then interfaces are added to the group in the Interface mode.

ExamplesIn the following example, the interface eth0 has been added to the group ipi:

ZebOS# configure terminalZebOS(config) interface eth0ZebOS(config-if)# admin-group ipi

arp A.B.C.D MACUse this command to create a static group ARP entry.

Use the no parameter to remove the static group ARP entry.

Command Syntaxarp A.B.C.D MAC (alias | )

no arp A.B.C.D

A.B.C.D IP addressMAC MAC address

Command ModeConfigure mode

NSM Commands

78 ©2001-2007 IP Infusion Inc. Confidential

ExamplesZebOS# configure terminalZebOS(config)# arp 10.10.10.10 0010.2355.4566 alias

bandwidth Use this command to specify the maximum bandwidth to be used for each interface. The bandwidth value is in bits, and can also accept units.

Use the no parameter to remove the maximum bandwidth.

Command Syntax(no) bandwidth BANDWIDTH

BANDWIDTH

<1-999> k|m for 1 to 999 kilo bits or mega bits.<1-10> g for 1 to 10 giga bits.

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# bandwidth 100m

Related Commandsreservable-bandwidth

Validation Commandsshow running-config, show interface

clear ip route kernelUse this command to clear IPv4 stale kernel routes from NSM RIB and FIB.

Command Syntaxclear ip route kernel

DefaultNone

Command ModePrivileged Exec mode

ExamplesZebOS# clear ip route kernel

NSM Commands

©2001-2007 IP Infusion Inc. Confidential 79

Related Commandsclear ipv6 route kernel, fib retain

clear ipv6 neighborsUse this command to clear all dynamic IPv6 neighbor entries.

Command Syntaxclear ipv6 route kernel

Command ModePrivileged Exec mode

debug nsmUse this command to specify a set of debug options for NSM events, kernel, and packets.

Command Syntax(no) debug nsm

Command ModeExec mode, Privileged Exec mode, and Configure mode

ExamplesZebOS# debug nsm

Related Commandsdebug nsm kernel, debug nsm events, debug nsm packet

Validation Commandsshow debugging nsm

debug nsm eventsUse this command to specify the set of debug options for NSM daemon events.

Command Syntaxdebug nsm events

Command ModePrivileged Exec mode and Configure mode

ExamplesZebOS# debug nsm events

Related Commandsdebug nsm kernel

NSM Commands

80 ©2001-2007 IP Infusion Inc. Confidential

Validation Commandsshow debugging nsm

debug nsm kernelUse this command to specify the debug option-set for the NSM daemon routing manager between the kernel interface.

Command Syntaxdebug nsm kernel

Command ModePrivileged Exec mode and Configure mode

ExamplesZebOS# debug nsm kernel

Validation Commandsshow debugging nsm

debug nsm packetUse this command to specify the debug option-set for the nsm packet.

Command Syntaxdebug nsm packet (recv|send)(detail)

recv = Specifies the debug option-set for receive packet.send = Specifies the debug option-set for send packet.detail = Sets the debug option set to detailed information.

Command ModePrivileged Exec mode and Configure mode

ExamplesZebOS# debug nsm packet ZebOS# debug nsm packet recv detail

Validation Commandsshow debugging nsm

fib retainUse this command to modify the retain time for stale routes in the Forwarding Information Base (FIB) during NSM restart.

Use the no parameter with this command to revert to default; not retaining NSM routes in the FIB when NSM is killed.

Note: NSM still retains the stale routes for 60 seconds when it restarts.

NSM Commands

©2001-2007 IP Infusion Inc. Confidential 81

Command Syntax(no) fib retain (TIME|Forever)

Forever Specifies an infinite retain time for stale routes.TIME = time <1-65535> Specifies the retain time for stale routes. The default retain time is 60

seconds.<1-65535> The retain time in seconds.

DefaultNSM routes are cleared from the FIB when NSM is killed, but when NSM is restarted, stale routes are retained for 60 seconds.

Command ModeConfigure mode

UsageNSM reads the Forwarding Information Base (FIB), and treats previously self-installed routes as stale routes. You can display stale routes by running the show ip route database command. All routes preceded by the symbol p are stale routes. When protocol modules restart, NSM overrides these stale routes with routes reinstalled by protocol modules.

The behavior of NSM routes when NSM is killed is as follows:

• no fib retain (default) Cleans up NSM routes from the FIB, but retains stale routes for 60 seconds when restarted.

• fib retain Does not clear routes from the FIB, and retains stale routes for 60 seconds when restarted.

• fib retain forever Does not clear routes from the FIB and retains stale routes forever.

• fib retain time <1-65535> Does not clear routes from the FIB and retains stale routes for the specified seconds.

Note: You can remove stale routes at any time by using the clear ip route kernel command.

ExamplesZebOS# configure terminalZebOS(config)# fib retain time 180

if-arbiterUse this command to discover new interfaces recently added to the kernel, and add them to the ZebOS database.

Command syntaxif-arbiter interval <1-65535>

no if-arbiter

<1-65535> Specifies the interval (in seconds) after which NSM sends query to kernel.

DefaultBy default, if-arbiter is disabled. When interface-related operations are performed outside of ZebOS (for example, when using OS ifconfig), enable if-arbiter for a transient time to complete synchronization. When synchronization is complete, disable it using the if-arbiter CLI.

NSM Commands

82 ©2001-2007 IP Infusion Inc. Confidential

Command ModeConfigure mode

UsageThis command starts the arbiter to check interface information periodically. ZebOS dynamically finds any new interfaces added to the kernel. If an interface is loaded dynamically into the kernel when ZebOS is already running, this command polls kernel information periodically, and updates.

ExamplesZebOS# configure terminalZebOS(config)# if-arbiter interval 5

Validation Commandsshow running-config

interfaceUse this command to select an interface to configure, and to enter the Interface command mode.

Command Syntaxinterface IFNAME

IFNAME = Specifies the name of the interface

Command ModeConfigure mode

ExamplesThis example shows the use of this command to enter the Interface mode (note the change in the prompt).

Router# configure terminalRouter(config)# interface eth0Router(config-if)#

ip addressUse this command to set the IP address of an interface.

Use the no parameter with this command to remove the IP address from an interface.

Command Syntaxip address IP-ADDRESS (secondary)

no ip address IP-ADDRESSno ip address

IP-ADDRESS A.B.C.D/M Specifies the IP address and prefix length of an interface.secondary Specifies the IP address as secondary.

Command modeInterface mode

NSM Commands

©2001-2007 IP Infusion Inc. Confidential 83

UsageWhen the secondary parameter is not specified with this command, this command overwrites the primary IP address. When the secondary parameter is specified with this command, this command adds a new IP address to the interface.

The secondary address cannot be configured in the absence of a primary IP address.

The primary address cannot be removed when a secondary address is present.

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ip address 10.10.10.50/24ZebOS(config-if)# ip address 10.10.11.50/24 secondary

Validation commandsshow running-config, show interface, show ip interface brief

ip forwardingUse this command to turn on IP forwarding.

Use the no parameter with this command to turn off IP forwarding.

Command Syntax(no) ip forwarding

Command ModeConfigure mode

ExamplesRouter# configure terminalRouter(config)# ip forwarding

ip proxy-arpUse this command to enable the proxy ARP feature on an interface.

Use the no parameter to disable the proxy ARP feature on an interface.

Command Syntaxip proxy-arp

no ip proxy-arp

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ip proxy-arp

NSM Commands

84 ©2001-2007 IP Infusion Inc. Confidential

ip route Use this command to establish the distance for static routes of a subnet mask. Use the no form of this command to disable the distance for static routes of a subnet mask.

Command Syntax(no) ip route DESTPREFIX IPADDRESSMASK GATEWAYIP|INTERFACE (DISTVALUE)

(no) ip route DESTPREFIX/M GATEWAYIP|INTERFACE (DISTVALUE)

DESTPREFIX = A.B.C.D Specifies the IP destination prefix.DESTPREFIX/M = A.B.C.D/M Specifies the IP destination prefix and a mask length <0-32>.IPADDRESSMASK = A.B.C.D Specifies the IP destination prefix mask. GATEWAYIP = A.B.C.D Specifies the IP gateway address.DISTVALUE = <1-255> Specifies the distance value for the route.INTERFACE = Specifies the name of the interface.

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# ip route 192.168.3.0 255.255.255.0 2.2.2.2 128ZebOS(config)# ip route 1.1.1.0/24 eth0 32

Validation Commandsshow ip route, show running-config

ipv6 forwardingUse this command to turn on IPv6 forwarding.

Use the no parameter with this command to turn off IPv6 forwarding.

Command Syntax(no)ipv6 forwarding

Command ModeConfigure mode

ExamplesRouter# configure terminalRouter(config)# ipv6 forwarding

ipv6 nd managed-config-flag

Use this command to set the managed address configuration flag in the Router Advertisement to be used for the IPv6 address auto-configuration.

Use the no parameter with this command to reset the value to default.

NSM Commands

©2001-2007 IP Infusion Inc. Confidential 85

Command Syntax(no) ipv6 nd managed-config-flag

DefaultUnset

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 nd managed-config-flagZebOS(config-if)# no ipv6 nd suppress-ra

Related Commandsipv6 nd suppress-ra, ipv6 nd prefix, ipv6 nd other-config-flag

ipv6 nd other-config-flagUse this command to set the other stateful configuration flag in Router Advertisement to be used for IPv6 address auto-configuration.

Use no parameter with this command to reset the value to default.

Command Syntax(no) ipv6 nd other-config-flag

DefaultUnset

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 nd other-config-flagZebOS(config-if)# no ipv6 nd suppress-ra

Related Commandsipv6 nd suppress-ra, ipv6 nd prefix, ipv6 nd managed-config-flag

ipv6 nd prefixUse this command to specify the IPv6 prefix information that is advertised by the Router Advertisement for IPv6 address auto-configuration.

Use no parameter with this command to reset the IPv6 prefix.

NSM Commands

86 ©2001-2007 IP Infusion Inc. Confidential

Command Syntax(no) ipv6 nd prefix X:X::X:X/M <0-4294967295> <0-4294967295> (off-link|) (no-autoconfig|)

X:X::X:X/M Specify the IPv6 prefix.<0-4294967295> Specify theIPv6 prefix valid lifetime.<0-4294967295> Specify the IPv6 prefix preferred lifetime.off-link Specify the IPv6 prefix off-link flag.no-autoconfig Specify the IPv6 prefix no autoconfiguration flag.

DefaultUnspecified

Command ModeInterface mode

UsageThis command specifies the IPv6 prefix that is advertised by the Router Advertisement message.

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 nd prefix 2001:ffff::/64ZebOS(config-if)# no ipv6 nd suppress-ra

Related Commandsipv6 nd suppress-ra, ipv6 nd prefix

ipv6 nd ra-intervalUse this command to specify the interval between IPv6 Router Advertisements (RA).

Use no parameter with this command to reset the value to default.

Command Syntax(no) ipv6 nd ra-interval <3-1800>

Default600 seconds.

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 nd ra-interval 60ZebOS(config-if)# ipv6 nd prefix 3ffe:ffff:ffff::/64ZebOS(config-if)# no ipv6 nd suppress-ra

NSM Commands

©2001-2007 IP Infusion Inc. Confidential 87

Related Commandsipv6 nd suppress-ra, ipv6 nd prefix

ipv6 nd ra-lifetimeUse this command to specify the lifetime of this router enabling it to act as a default gateway for the network.

Use no parameter with this command to reset the value to default.

Command Syntax(no) ipv6 nd ra-lifetime <0-9000>

Default1800 seconds

Command ModeInterface mode

UsageThis command specifies the lifetime of the current router to be announced in IPv6 Router Advertisement.

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 nd ra-lifetime 9000ZebOS(config-if)# no ipv6 nd suppress-ra

Related Commandsipv6 nd suppress-ra, ipv6 nd prefix

ipv6 nd reachable-timeUse this command to specify the reachable time in the Router Advertisement to be used for detecting unreachability of the IPv6 neighbor.

Use the no parameter with this command to reset the value to default.

Command Syntax(no) ipv6 nd reachable-time <0-3600000>

Default0 milliseconds

Command ModeInterface mode

ExampleZebOS# configure terminal

NSM Commands

88 ©2001-2007 IP Infusion Inc. Confidential

ZebOS(config)# interface eth0ZebOS(config-if)# ipv6 nd reachable-time 1800000ZebOS(config-if)# no ipv6 nd suppress-ra

Related Commandsipv6 nd suppress-ra, ipv6 nd prefix

ipv6 nd suppress-raUse this command to control IPv6 Router Advertisement (RA) transmission for the current interface. Router Advertisement is used for IPv6 stateless auto-configuration.

Use no parameter with this command to enable Router Advertisement transmission.

Command Syntax(no) ipv6 nd suppress-ra

DefaultSuppressed

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# no ipv6 nd suppress-ra

Related Commandsipv6 nd ra-interval, ipv6 nd prefix

ipv6 neighborUse this command to add an IPv6 neighbor entry. Use the no form of this command to an IPv6 neighbor entry.

Command Syntaxipv6 neighbor ADDRESS IF NAME MAC

no ipv6 neighbor ADDRESS IF NAME

ADDRESS = X:X::X:X neighbor’s IPv6 addressIFNAME = interface nameMAC = HHHH.HHHH.HHHH MAC hardware address

Command ModeConfigure mode

NSM Commands

©2001-2007 IP Infusion Inc. Confidential 89

ipv6 route Use this command to establish the distance for static routes of a subnet mask. Use the no form of this command to disable the distance for static routes of a subnet mask.

Command Syntax(no) ipv6 route DESTPREFIX/M GATEWAYIP|INTERFACE DISTVALUE

DESTPREFIX = Specifies the IP destination prefix.DESTPREFIX/M = X:X::X:X/M Specifies the IP destination prefix and a mask length <0-128>.GATEWAYIP = X:X::X:X Specifies the IP gateway address.DISTVALUE = <1-255> Specifies the distance value for the route.INTERFACE = Specifies the name of the interface

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# ipv6 route 3ffe:506::1 128ZebOS(config)# ipv6 route 3ffe:506::1/128 myintname 32

Validation Commandsshow running-config, show ipv6 route

ipv6 addressUse this command to set the IPv6 address of an interface. Use the no form of this command to disable this function.

Command Syntaxipv6 address IPADDRESS

no ipv6 address

IPADDRESS = X:X::X:X/M Specifies the IP destination prefix and a mask length <0-128>.

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 address 3ffe:506::1/128

Validation Commandsshow running-config, show interface, show ipv6 route

NSM Commands

90 ©2001-2007 IP Infusion Inc. Confidential

maximum-pathsUse this command to enable multipath support on ZebOS, and set the maximum number of paths to be installed in the FIB (Forward Information Base).

Use the no parameter with this command to revert to default.

Note: Currently, this command is available on Linux systems only.

Command Syntax(no) maximum-paths <1-10>

no maximum-paths

<1-10> Specify the maximum number of paths to be installed in the FIB.

DefaultBy default, the maximum number of paths is set to 4.

Command ModeConfigure mode

ExampleZebOS# configure terminalZebOS(config)# maximum-paths 5

mtuUse this command to set the Maximum Transmission Unit (MTU) size of an interface.

Command Syntaxmtu SIZE

SIZE <64-17940> Specifies the size of MTU in bytes.

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# mtu 120

multicastUse this command to set the multicast flag to an interface.

Use the no form of this command to disable this function.

Command Syntax(no) multicast

NSM Commands

©2001-2007 IP Infusion Inc. Confidential 91

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# multicast

Validation Commandsshow running-config

no debug nsm eventsUse this command to disable the debugging options for NSM daemon events.

Command Syntaxno debug nsm events

Command ModePrivileged Exec mode and Configure mode

ExamplesZebOS# no debug nsm events

Equivalent Commandsundebug nsm events

no debug nsm kernelUse this command to disable the debugging option for the NSM daemon routing manager between the kernel interface.

Command Syntaxno debug nsm kernel

Command ModePrivileged Exec mode and Configure mode

ExamplesZebOS# no debug nsm kernel

Equivalent Commandsno debug nsm kernel

no debug nsm packetUse this command to disable the debugging option for the nsm packet.

NSM Commands

92 ©2001-2007 IP Infusion Inc. Confidential

Command Syntaxno debug nsm packet (recv|send)(detail)

recv = Disable the debugging option for receive packet.send = Disable the debugging option for send packet.detail = Disable the debugging option for detailed information.

Command ModePrivileged Exec mode and Configure mode

ExamplesZebOS# no debug nsm packet ZebOS# no debug nsm packet recv detail

Validation Commandsshow debugging nsm

Equivalent Commandsno debug nsm packet

show debugging nsmUse this command to display debugging information for the ZebOS routing manager.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow debugging nsm

Command ModeExec mode and Privileged Exec mode

UsageThe following is a sample output of the show debugging nsm command displaying the NSM debugging status.

ZebOS# show debugging nsm NSM debugging status:

NSM event debugging is on

NSM packet debugging is on

NSM kernel debugging is on

ExamplesZebOS# show debugging nsm

show interfaceUse this command to display interface configuration and status.

NSM Commands

©2001-2007 IP Infusion Inc. Confidential 93

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow interface IFNAME

IFNAME Specifies the name of the interface for which status and configuration information is desired.

Command ModeExec mode and Privileged Exec mode

Usage When the QoS feature is enabled for the interface, this is what this command displays:

Router# show interface eth0 Interface eth0 index 2 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST> HWaddr: 00:b0:d0:da:92:5f Administrative Group(s) : ipi bandwidth 100m maximum reservable bandwidth 100m available b/w at priority 0 is 100.000m available b/w at priority 1 is 100.000m available b/w at priority 2 is 100.000m available b/w at priority 3 is 100.000m available b/w at priority 4 is 100.000m available b/w at priority 5 is 100.000m available b/w at priority 6 is 100.000m available b/w at priority 7 is 100.000m inet 10.10.0.34/24 broadcast 10.10.0.255 input packets 973824, bytes 127560568, dropped 0, multicast packets 0 input errors 1, length 0, overrun 0, CRC 0, frame 1, fifo 1, missed 0 output packets 84422, bytes 26945483, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 2483

Examples ZebOS# show interface myifname

show ip access-listUse this command to display a IP access lists.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ip access-list

Command ModePrivileged Exec mode

NSM Commands

94 ©2001-2007 IP Infusion Inc. Confidential

UsageThe following is a sample output of the show ip access-list command showing the IP access-list entries.

ZebOS# show ip access-list Standard IP access list 1 permit 172.168.6.0, wildcard bits 0.0.0.255 permit 192.168.6.0, wildcard bits 0.0.0.255

ExamplesZebOS# show ip access-list

show ip forwardingUse this command to display the IP forwarding status.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ip forwarding

Command ModeExec mode and Privileged Exec mode

UsageThe following is a sample output of the show ip forwarding command displaying the IP forwarding status.

ZebOS# show ip forwardingIP forwarding is on

ExamplesZebOS# show ip forwarding

show ip interface briefUse this command to display brief information about interfaces and the IP addresses assigned to them. To display information about a specific interface, specify the interface name with the command.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ip interface [IFNAME] brief

IFNAME Specify the name of the interface.

Command ModeExec mode and Privileged Exec mode

UsageThe following is a sample output from the show ip interface brief command:

NSM Commands

©2001-2007 IP Infusion Inc. Confidential 95

ZebOS# show ip interface brief

Interface IP-Address Status Protocollo 127.0.0.1 up upgre0 unassigned administratively down downeth0 10.10.0.142 up upeth1 10.10.11.123 up upeth2 unassigned administratively down downeth3 unassigned administratively down downsit0 unassigned administratively down downtun24 unassigned administratively down downtunl0 unassigned administratively down down

ExamplesZebOS# show ip interface eth0 brief

Related Commandsshow ipv6 interface brief

show ip routeUse this command to display the IP routing table for a protocol or from a particular table.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ip route (bgp |connected |kernel |ospf |rip |static |A.B.C.D |A.B.C.D/M)

bgp = Display selected BGP routes.connected = Display selected connected routes.kernel = Display selected kernel routes.ospf = Display selected OSPF routes.rip = Display selected RIP routes.static = Display selected static routes.A.B.C.D = Network in the IP routing table to displayA.B.C.D/M = IP prefix <network>/<length>, e.g., 35.0.0.0/8

Command ModeExec mode and Privileged Exec mode

UsageWhen multiple entries are available for the same prefix, NSM uses an internal route selection mechanism based on protocol administrative distance and metric values to choose the best route. All best routes are entered into the FIB, and can be viewed using the this command. To display all routes (selected and not selected), use the show ip route database command. The following show output displays only the best routes. To illustrate the difference between the show ip route database output and this output, the same configuration has been used in both examples.

Note: For a detailed line-by-line description of an output of this command, refer to the ZebOS Troubleshooting Guide.

ZebOS# show ip routeCodes: K - kernel, C - connected, S - static, R - RIP, B - BGP

NSM Commands

96 ©2001-2007 IP Infusion Inc. Confidential

O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default

O 1.1.1.0/24 [110/20] via 2.2.2.1, eth2, 00:00:10C 2.2.2.0/24 is directly connected, eth2C 3.3.3.0/24 is directly connected, eth1O IA 4.4.4.0/24 [110/21] via 2.2.2.1, eth2, 00:00:10K 10.10.0.0/24 via 10.70.0.1, eth0C 10.70.0.0/24 is directly connected, eth0C 33.33.33.33/32 is directly connected, loC 127.0.0.0/8 is directly connected, loK 169.254.0.0/16 is directly connected, eth0

The following is a show output of this command with the ospf parameter, displaying only the selected OPSF routes learned by NSM:

ZebOS# show ip route ospfO 1.1.1.0/24 [110/20] via 2.2.2.1, eth2, 00:00:44O IA 4.4.4.0/24 [110/21] via 2.2.2.1, eth2, 00:00:44

ExamplesZebOS# show ip route ospf

Related Commandsshow ip route database

show ip route databaseUse this command to display all routing entries known by NSM. When multiple entries are available for the same prefix, NSM uses an internal route selection mechanism based on protocol administrative distance and metric values to choose the best route. All best routes are entered into the FIB, and can be viewed using the show ip route command.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ip route database (bgp|connected|isis|kernel|ospf|rip|static)

bgp Display all the BGP routes learned by NSM.connected Display all the connected routes learned by NSM.isis Display all the IS-IS routes learned by NSM.kernel Display all the kernel routes learned by NSM.ospf Display all the OSPF routes learned by NSM.rip Display all the RIP routes learned by NSM.static Display all the static routes learned by NSM.

Command ModeExec mode and Privileged Exec mode

NSM Commands

©2001-2007 IP Infusion Inc. Confidential 97

UsageThe following is an output of this command displaying all routes learned by NSM.

Note: This output shows selected as well as non selected routes.

To illustrate the difference between the show ip route output and this output, the same configuration has been used in both examples.

Note: For a detailed line-by-line description of an output of this command, refer to the ZebOS Troubleshooting Guide.

ZebOS# show ip route databaseCodes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area > - selected route, * - FIB route, p - stale info

O *> 1.1.1.0/24 [110/20] via 2.2.2.1, eth2, 00:01:26O 2.2.2.0/24 [110/10] is directly connected, eth2, 00:02:16C *> 2.2.2.0/24 is directly connected, eth2C *> 3.3.3.0/24 is directly connected, eth1O IA *> 4.4.4.0/24 [110/21] via 2.2.2.1, eth2, 00:01:26K *> 10.10.0.0/24 via 10.70.0.1, eth0K * 10.70.0.0/24 is directly connected, eth0C *> 10.70.0.0/24 is directly connected, eth0C *> 33.33.33.33/32 is directly connected, loS 100.100.100.0/24 [1/0] via 5.5.5.1 inactiveC *> 127.0.0.0/8 is directly connected, loK *> 169.254.0.0/16 is directly connected, eth0

The following is a show output of this command with the ospf parameter, displaying all OPSF routes learned by NSM:

ZebOS# show ip route database ospfO *> 1.1.1.0/24 [110/20] via 2.2.2.1, eth2, 00:01:26O 2.2.2.0/24 [110/10] is directly connected, eth2, 00:02:16O IA *> 4.4.4.0/24 [110/21] via 2.2.2.1, eth2, 00:01:26

ExamplesZebOS# show ip route database static

Related Commandsshow ip route

show ip route summaryUse this command to display the summary of the current NSM RIB entries.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ip route summary

NSM Commands

98 ©2001-2007 IP Infusion Inc. Confidential

Command ModeExec mode and Privileged Exec mode

ExamplesZebOS# show ip route summaryIP routing table name is Default-IP-Routing-Table(0)IP routing table maximum-paths is 4RouteSource Networkskernel 1connected 5ospf 2Total 8FIB 2

Related Commandsshow ip route, show ip route database

show ipv6 forwardingUse this command to display IPv6 forwarding status.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ipv6 forwarding

Command ModeExec mode and Privileged Exec mode

UsageThe following is a sample output of the show ipv6 forwarding command displaying the IPv6 forwarding status.

ZebOS# show ipv6 forwardingipv6 forwarding is on

ExamplesZebOS# show ipv6 forwarding

show ipv6 interface briefUse this command to display brief information about interfaces and the IPv6 address assigned to them. To display information about a specific interface, specify the interface name with the command.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ipv6 interface [IFNAME] brief

IFNAME Specify the name of the interface.

NSM Commands

©2001-2007 IP Infusion Inc. Confidential 99

Command ModeExec mode and Privileged Exec mode

UsageThe following is a sample output from the show ipv6 interface brief command:

ZebOS# show ipv6 interface brief lo [up/up] ::1gre0 [administratively down/down] unassignedeth0 [up/up] 3ffe:abcd:104::1 3ffe:abcd:103::1 fe80::2e0:29ff:fe6f:cf0eth1 [up/up] fe80::260:97ff:fe20:f257eth2 [administratively down/down] unassignedeth3 [administratively down/down] unassignedsit0 [administratively down/down] unassignedtun24 [administratively down/down] unassignedtunl0 [administratively down/down] unassigned

ExamplesZebOS# show ipv6 interface eth0 brief

Related Commandsshow ip interface brief

show ipv6 neighborsUse this command to display all IPv6 neighbors.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ipv6 neighbors

Command ModeExec mode and Privileged Exec mode

show ipv6 routeUse this command to display the IP routing table for a protocol or from a particular table.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ipv6 route (bgp|connected|kernel|ospf|rip|static|X:X::X:X|X:X::X:X/M)

NSM Commands

100 ©2001-2007 IP Infusion Inc. Confidential

bgp = Border Gateway Protocol (BGP)connected = connectedkernel = kernelospf = Open Shortest Path First (OSPF)rip = Routing Information Protocol (RIP)static = static routesX:X::X:X = Network in the IP routing table to displayX:X::X:X/M = IP prefix <network>/<length>, e.g., 35.0.0.0/8

Command ModeExec mode and Privileged Exec mode

UsageThe following is a sample output of the show ipv6 route command displaying the IPv6 routing table.

ZebOS# show ipv6 routeCodes: K - kernel route, C - connected, S - static, R - RIPng, O - OSPFv3, I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info.C> * ::1/128 is directly connected, loC> * 3ffe:1::/48 is directly connected, eth1C> * 3ffe:2:2::/48 is directly connected, eth2C * fe80::/10 is directly connected, eth1C * fe80::/10 is directly connected, eth2C * fe80::/10 is directly connected, eth3C> * fe80::/10 is directly connected, eth0

ExamplesZebOS# show ipv6 route ospf

show ipv6 route summaryUse this command to display the summary of the current NSM RIB entries.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ipv6 route summary

Command ModeExec mode and Privileged Exec mode

ExamplesZebOS# show ipv6 route summaryIPv6 routing table name is Default-IPv6-Routing-Table(0)IPv6 routing table maximum-paths is 4RouteSource Networksconnected 4ospf 5Total 9

NSM Commands

©2001-2007 IP Infusion Inc. Confidential 101

FIB 5

Related Commandsshow ip route, show ip route database

show nsm clientUse this command to display NSM client information.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow nsm client

Command ModePrivileged Exec mode

UsageThis command displays the details of currently connected NSM clients, such as: the services requested by the protocols, statistics and the connection time. The following is a sample output for this command:

Router# show nsm clientNSM client ID: 1 OSPF, socket 8 Service: Interface Service, Route Service Message received 1, sent 6 Connection time: Thu Sep 26 16:08:23 2002

ExamplesZebOS# show nsm client

show router-idUse this command to display the Router ID of the current system.

Command Syntax show router-id

Command ModePrivileged Exec mode

UsageZebOS> show router-idRouter ID: 10.55.0.2 (automatic)

ExamplesZebOS# show router-id

NSM Commands

102 ©2001-2007 IP Infusion Inc. Confidential

shutdown Use this command to shut down the selected interface. Use the no form of this command to disable this function.

Command Syntax(no) shutdown

Command ModeInterface mode

Examplesthe following example shows the use of the shutdown command to shut down the interface called eth0.

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if) shutdown

undebug nsm allUse this command to disable all NSM debugging.

Command Syntaxundebug nsm all

Command ModePrivileged Exec mode and Configure mode

ExamplesZebOS# undebug nsm all

undebug nsm eventsUse this command to disable the debugging options for NSM daemon events.

Command Syntaxundebug nsm events

Command ModePrivileged Exec mode and Configure mode

ExamplesZebOS# undebug nsm events

undebug nsm kernelUse this command to disable the debugging option for the NSM daemon routing manager between the kernel interface.

NSM Commands

©2001-2007 IP Infusion Inc. Confidential 103

Command Syntaxundebug nsm kernel

Command ModePrivileged Exec mode and Configure mode

ExamplesZebOS# undebug nsm kernel

undebug nsm packetUse this command to disable the debugging option for the nsm packet.

Command Syntaxundebug nsm packet (recv|send)(detail)

recv = Disable the debugging option for receive packet.send = Disable the debugging option for send packet.detail = Disable the debugging option for detailed information.

Command ModePrivileged Exec mode and Configure mode

ExamplesZebOS# debug nsm packet ZebOS# debug nsm packet recv detail

Validation Commandsshow debugging nsm

NSM Commands

104 ©2001-2007 IP Infusion Inc. Confidential

©2001-2007 IP Infusion Inc. Confidential 105

CHAPTER 4 NSM VPN Commands

ip route vrfThis command creates a new static entry for the VRF. To delete static route entry, use the no parameter with this command.

Command Syntax(no) ip route vrf VRF-NAME PREFIX (GATEWAY_ADDRESS) INTERFACE

VRF-NAME = A name used to identify a VRF.PREFIX = Route prefix for destination. A.B.C.D/M format.GATEWAY_ADDRESS = Nexthop address for the destination. A.B.C.D formatINTERFACE = Output interface name for the destination.

Command ModeConfigure mode

Usage The interface should be associated with VRF beforehand.

The output interface always should be specified.

ExamplesZebOS# configure terminalZebOS(config)# ip route vrf VRF_A 10.10.10.0/24 10.10.0.1 eth0

Related Commandsip vrf, ip vrf forwarding,

ip vrfThis command creates a VRF RIB, assigns a VRF-ID, and switches command mode to VRF mode on the ZebOS daemon. To remove a VRF RIB, use the no parameter with command.

Command Syntax(no) ip vrf VRF-NAME

VRF-NAME = a name used to identify a VRF.

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# ip vrf IPIZebOS(config-vrf)#

NSM VPN Commands

106 ©2001-2007 IP Infusion Inc. Confidential

Related Commandsip route vrf, ip vrf forwarding

ip vrf forwardingThis command associates an interface with a VRF. To unbind an interface with a VRF, use the no parameter with this command.

Command Syntax(no) ip vrf forwarding VRF-NAME

VRF-NAME = Name of the VRF created using the ip vrf command in the configure mode (see ip vrf command)

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# ip vrf IPIZebOS(config)# interface eth1ZebOS(config-if)# ip vrf forwarding IPI

Related Commandsip route vrf, ip vrf

show ip route vrfThis command shows a routing table of the VRF.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ip route vrf VRF-NAME

VRF-NAME = A name used to identify a VRF.

Command ModePrivileged Exec mode

Usage ZebOS# show ip route vrf VRF_ACodes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, B - BGP, > - selected route, * - FIB route

S> 10.10.10.0/24 [1/0] via 10.10.0.1, eth1C> * 10.10.0.0/24 is directly connected, eth1

Note: FIB flag might not correct for VRF routing information.

NSM VPN Commands

©2001-2007 IP Infusion Inc. Confidential 107

Related Commandsshow ip vrf

show ip vrfThis command shows the routing information of the VRF.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ip vrf (VRF-NAME)

VRF-NAME = a name used to identify a VRF.

Command ModePrivileged Exec mode

Usage ZebOS# show ip vrf IPIVRF IPI; (id=1); default RD 1:2Interfaces: eth2Export VPN route-target communities RT:100:1Import VPN route-target communities RT:100:1No import route-map

ExamplesZebOS# show ip vrf myvrfname

Related Commandsshow ip route vrf

NSM VPN Commands

108 ©2001-2007 IP Infusion Inc. Confidential

©2001-2007 IP Infusion Inc. Confidential 109

CHAPTER 5 NSM MPLS Commands

MPLS Commands

label-switchingUse this command to enable label switching on an interface.

Command Syntax(no) label-switching (LABELSPACE)

LABELSPACE <0-65535> Specifies the label space value.

Command ModeInterface mode

Usage This command is used to either enable label-switching on an interface, or to modify the label-space to which this interface is bound. If no label-space is provided, this interface is bound to the platform-wide (zero) label-space.

ExamplesThis example shows the enabling of label switching on the eth0 interface.

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# label-switching 654

mpls admin-groupsUse this command to add a new administrative group. Use the no parameter with this command to remove the specified administrative group.

Command Syntax(no) mpls admin-group NAME <0-31>

NAME Specifies the name of the administrative group to be added<0-31> Specifies the value of the administrative group to be added

Command ModeConfigure mode

UsageThis command is used to create a name-to-value binding for an administrative group.

Note: Only 32 administrative groups can be configured at one time.

NSM MPLS Commands

110 ©2001-2007 IP Infusion Inc. Confidential

ExamplesZebOS# configure terminalZebOS(config)# mpls admin-group mygroup 3

mpls disable-all-interfacesUse this command to disable all interfaces for MPLS.

Command Syntaxmpls disable-all-interfaces

Command ModeConfigure mode

Usage This command serves as a complete show-stopper for all signaling on the router. When this command is used, all signaling protocols are made aware of this change, and all MPLS-specific processing ceases.

ExamplesZebOS# configure terminalZebOS(config)# mpls disable-all-interfaces

mpls egress-ttlUse this command to specify a Time to Live (TTL) value for LSPs for which this LSR is the egress. Use the no parameter with this command to unset the custom TTL value.

Command Syntaxno mpls egress-ttl

(no) mpls egress-ttl <0-255>

<0-255> The TTL value to be used.

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# mpls egress-ttl 45

Related Commandsmpls ingress-ttl

mpls enable-all-interfacesUse this command to enable all interfaces for MPLS.

Command Syntaxmpls enable-all-interfaces

NSM MPLS Commands

©2001-2007 IP Infusion Inc. Confidential 111

DefaultAll interfaces are disabled by default.

Command ModeConfigure mode

Usage This command is used to enable all interfaces on a router for label-switching. This would be very helpful on a router that has a very large number of interfaces.

Note: Executing this command does not enable any signaling protocol interaction via all the interfaces. Each protocol needs to be explicitly enabled per interface.

ExamplesZebOS# configure terminalZebOS(config)# mpls enable-all-interfaces

Related Commandsmpls disable-all-interfaces

mpls ftn-entryUse this command to add an FTN entry. Use the no parameter with this command to delete the entry.

Command Syntax(no) mpls ftn-entry tunnel-id <1-100> A.B.C.D/M|A.B.C.D A.B.C.D LABEL NEXTHOP IFNAME (INDEX) (primary|secondary)

1-100 = tunnel IDA.B.C.D/M|A.B.C.D A.B.C.D Forwarding Equivalence Class (FEC) with maskLABEL = <16-1046400> Outgoing labelNEXTHOP = A.B.C.D Next hop IPv4 addressIFNAME Name of the outgoing interfaceINDEX FTN index update. Optional. If issued, the FTN entry is updated. If not issued, a new FTN entry is

created.primary primary LSP. Optional. Default is primary.secondary secondary LSP. Optional. Default is primary.

Command ModeConfigure mode

Usage Use this command to create FTN entries in the FTN table, in the MPLS Forwarder. For all incoming IP packets on an MPLS-enabled router, a best-match lookup is done in the FTN table based on the incoming IP packet's destination address. If a match is found, the packet is labeled, and switched.

ExamplesZebOS# configure terminalZebOS(config)# mpls ftn-entry 2 10.10.0.0/24 16 1.2.3.4 eth1 secondary

NSM MPLS Commands

112 ©2001-2007 IP Infusion Inc. Confidential

mpls ilm-entryUse this command to add an ILM entry. Use the no parameter with this command to delete the entry.

Command Syntax(no) mpls ilm-entry LABEL_IN IFNAME_IN LABEL_OUT IFNAME_OUT NEXTHOP OPERATION (A.B.C.D/M|A.B.C.D A.B.C.D) (INDEX)

LABEL_IN <16-1046400> Incoming labelIFNAME_IN Specifies incoming interface nameLABEL_OUT <16-1046400> Outgoing label (Use 1046401 for egress)IFNAME_OUT Specifies outgoing interface nameNEXTHOP A.B.C.D Next hop IPv4 addressOPERATION = pop|swap|vpnpop Label operation

pop|swap incoming labelvpnpop incoming label and forward VPN packet

A.B.C.D/M|A.B.C.D A.B.C.D Forwarding Equivalence Class (FEC) with mask. OptionalINDEX <1-429496725> ILM index update. Optional. If issued, the ILM entry is updated. If not issued, a

new ILM entry is created.

Command ModeConfigure mode

UsageUse this command to create an ILM entry in the ILM table to which the incoming interface specified is bound. Upon receipt of a labeled packet on an MPLS-enabled router, a lookup is done based on the incoming label in the ILM table. If a match is found, the packet may either be label-switched downstream, or popped and passed over IP.

ExamplesZebOS# configure terminalZebOS(config)# mpls ilm-entry 100 eth0 200 eth1 1.2.3.4 pop 10.10.0.0/24

mpls ingress-ttlUse this command to specify a Time to Live (TTL) value for LSPs for which this LSR is the ingress. Use the no parameter with this command to unset the custom TTL value being used for LSPs for which this LSR is the ingress.

Command Syntax(no) mpls ingress-ttl <0-255>

no mpls ingress-ttl

<0-255> Specifies the TTL value to be used.

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# mpls ingress-ttl

NSM MPLS Commands

©2001-2007 IP Infusion Inc. Confidential 113

mpls l2-circuit (Configure Mode)Use this command in Configure mode to create an instance of an MPLS Layer-2 Virtual Circuit.

Command Syntax(no) mpls l2-circuit NAME <1-1000000> A.B.C.D (GROUPNAME)

(no) mpls l2-circuit NAME <1-1000000>

NAME Specifies a string identifying the MPLS Layer-2 Virtual Circuit.<1-1000000> Specifies a 32-bit identifier to which the specified name is to be mapped.A.B.C.D Specifies the IPv4 address for the MPLS L-2 Virtual Circuit end-pointGROUPNAME Specify a group to which this Layer-2 circuit belongs. Note: Multiple Layer-2 circuits may belong to the same group

Command ModeConfigure mode

UsageThis command is used to create an instance of a Layer-2 MPLS Virtual Circuit. This instance may be bound to any interface on the router.

Note: Only one interface may be bound to a Layer-2 circuit at a time.

ExamplesZebOS# configure terminalZebOS(config)# mpls l2-circuit mycircuit 45678 1.2.3.4

mpls-l2-circuit (Interface Mode)Use this command on the Interface mode to bind an interface to a MPLS Layer-2 Virtual Circuit created on the Configure mode.

Command Syntax(no) mpls-l2-circuit NAME VC-TYPE

NAME Specifies a string identifying the MPLS Layer-2 Virtual Circuit.VC_TYPE = ppp|ethernet|vlan The type of Virtual Circuit. The default is vlan.

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# mpls-l2-circuit mycircuit ethernet

Related Commandsmpls l2-circuit

NSM MPLS Commands

114 ©2001-2007 IP Infusion Inc. Confidential

mpls l2-circuit-ftn-entryUse this command to add a Layer-2 MPLS Virtual Circuit FTN entry.

Note: This command is mainly for developers, and is available only when the --enable-dev-test option is used in the configure script.

Command Syntaxmpls l2-circuit-ftn-entry VC-ID LABEL NEXTHOP IFNAME_IN IFNAME_OUT PUSH_AND_LOOKUP_FOR_VC|PUSH_FOR_VC

VC-ID Virtual circuit identifierLABEL < 16-1046400 > Outgoing labelNEXTHOP Specifies the nexthop IPv4 addressIFNAME_IN Incoming interface nameIFNAME_OUT Outgoing interface namePUSH_AND_LOOKUP_FOR_VC Do second lookup in global FTN table for labelsPUSH_FOR_VC Only one label should be pushed

Command ModeConfigure mode

UsageUse this command to create an MPLS Layer-2 Virtual Circuit FTN entry for an interface.

Note: The interface must be bound to the Virtual Circuit ID specified before this command is executed

ExamplesZebOS# configure terminalZebOS(config)# mpls l2-circuit-ftn-entry rt 345 2.2.2.2 eth0 eth1 PUSH_FOR_VC

mpls l2-circuit-ilm-entryUse this command to add an ILM entry.

Note: This command is mainly for developers, and is available only when the --enable-dev-test option is used in the configure script.

Command Syntaxmpls l2-circuit-ilm-entry VC-ID LABEL IFNAME_IN IFNAME_OUT NEXTHOP

VC-ID Virtual Circuit identifierLABEL Incoming labelIFNAME_IN Incoming interface nameIFNAME_OUT Outgoing interface nameNEXTHOP A.B.C.D Nexthop IPv4 address

Command ModeConfigure mode

NSM MPLS Commands

©2001-2007 IP Infusion Inc. Confidential 115

Usage Use this command to create an ILM entry in the ILM table to which the incoming interface specified is bound. Upon receipt of a labeled packet on an MPLS-enabled router, a lookup is done based on the incoming label in the ILM table. If a match is found, the packet may either be label-switched downstream, or popped and passed over IP.

ExamplesZebOS# configure terminalZebOS(config)# mpls l2-circuit-ilm-entry rt 16 eth0 eth1 1.2.3.4

mpls local-packet-handlingUse this command to enable the labeling of locally generated TCP packets. Use the no parameter with this command to disable labeling of locally generated TCP packets.

Command Syntax(no) mpls local-packet-handling

Command ModeConfigure mode

UsageThis command enables the labeling of locally generated TCP packets only. All other locally generated packets are not looked at by the MPLS Forwarder

ExamplesZebOS# configure terminalZebOS(config)# mpls local-packet-handling

mpls logUse this command to exercise logging control. Use the no parameter with this command to stop logging messages in the MPLS Forwarder.

Command Syntax mpls log all|debug|error|notice|warning

no mpls log debug|error|notice|warning

all Logs all messages in MPLS Forwarderdebug Logs all messages in MPLS Forwardererror Logs all messages in MPLS Forwardernotice Logs all messages in MPLS Forwarderwarning Logs all messages in MPLS Forwarder

Command ModeConfigure mode

NSM MPLS Commands

116 ©2001-2007 IP Infusion Inc. Confidential

UsageThis command has been provided to interact with the Linux kernel. If using the kernel logging utility - klogd - it needs to be enabled to a logging level that allows for the requested log messages to be printed.

ExamplesZebOS# configure terminalZebOS(config)# mpls log error

mpls lsp-model pipeUse this command to configure the MPLS LSP model as Pipe. Use the no parameter with this command to configure the MPLS LSP model as Uniform.

Command Syntax(no) mpls lsp-model pipe

Command ModeConfigure mode

DefaultUniform is the default model configuration.

ExamplesZebOS# configure terminalZebOS(config)# mpls lsp-model pipe

ZebOS# configure terminalZebOS(config)# no mpls lsp-model pipe

mpls lsp-tunnelingUse this command to choose the transit LSP and a locally configured LSP tunnel for carrying the transit LSP.

Command Syntaxmpls lsp-tunneling IFNAME INLABEL OUTLABEL A.B.C.D/M

IFNAME Name of the incoming interface.INLABEL <16-1048575> Label used to identify incoming transit LSP traffic. OUTLABEL <16-1048575> Transit LSP Label distributed by tunnel LSP egress node to its upstream

node. Note: Tunnel egress node should have platform wide label space configured.

A.B.C.D/M Prefix used to identify tunnel LSP.

Command ModeConfigure mode

Command ExampleZebOS# configure terminalZebOS(config)# mpls lsp-tunneling eth0 15 30 1.2.2.4/16

NSM MPLS Commands

©2001-2007 IP Infusion Inc. Confidential 117

mpls map-routeUse this command to map a prefix to a Forwarding Equivalence Class (FEC).

Command Syntax(no) mpls map-route PREFIX MASK1 FEC MASK2

(no) mpls map-route PREFIX/M1 FEC/M2

PREFIX = A.B.C.D Specifies the IPv4 prefix to be mappedFEC = A.B.C.D Specifies the IPv4 FEC for route to be mapped to.MASK1 = A.B.C.D Specifies the mask for IPv4 address to be mappedMASK2 = A.B.C.D Specifies the mask for Forwarding Equivalence Class (FEC)M1 Specifies the mask for IPv4 address to be mappedM2 Specifies the mask for the Forwarding Equivalence Class (FEC)

Command ModeConfigure mode

ExamplesIn the following examples 5.6.7.8/32 is the FEC for an LSP, and 1.2.3.4 is the prefix to be mapped.

ZebOS# configure terminalZebOS(config)# mpls map-route 1.2.3.4/32 5.6.7.8/32!ZebOS# configure terminalZebOS(config)# mpls map-route 1.2.3.4 255.255.255.255 5.6.7.8 255.255.255.255

mpls max-label-valueUse this command to specify a maximum label value. Use the no parameter with this command to use the default maximum label value for all the label pools. Specify the label space to set or unset maximum label value for a specific label space.

Note: The system allows label-space range (maximum and minimum label values) changes for interface-specific label spaces only. The platform-wide label-space range cannot be modified.

Command Syntaxmpls max-label-value <16-1048575> (label-space <0-65535>)

<16-1048575> Maximum size for all label pools.<0-65535> Label space for which maximum value needs to be modified. Optional.

no mpls max-label-value (<16-1048575>) (label-space <0-65535>)

<16-1048575> Maximum size for all label pools. Optional. <0-65535> Label space for which maximum value needs to be modified. Optional.

Command ModeConfigure mode

Usage After setting the maximum label value for a label space, make sure to bind the label space to an interface.

NSM MPLS Commands

118 ©2001-2007 IP Infusion Inc. Confidential

ExamplesZebOS# configure terminalZebOS(config)# mpls max-label-value 5 label-space 4456

mpls min-label-valueUse this command to specify a minimum label value. Use the no parameter with this command to use the default minimum label value for all label pools. Specify the label space to set or unset minimum label value for a specific label space.

Note: The system allows label space range (maximum and minimum label values) changes for interface-specific label spaces only. Platform-wide label-space range cannot be modified.

Command Syntaxmpls min-label-value <16-1048575> (label-space <0-65535>)

<16-1048575> Minimum size for all label pools.<0-65535> Label space for which minimum value needs to be modified. Optional.

no mpls min-label-value (<16-1048575>) (label-space <0-65535>)

<16-1048575> Minimum size for all label pools. Optional. <0-65535> Label space for which minimum value needs to be modified. Optional.

Command ModeConfigure mode

UsageAfter setting the minimum label value for a label space, make sure to bind the label space to an interface.

ExamplesZebOS# configure terminalZebOS(config)# mpls min-label-value 5 label-space 2342

mpls propagate-ttlUse this command to enable TTL propagation. Enabling TTL propagation causes the TTL value in the IP header to be copied onto the TTL field in the shim header, at the LSP ingress. Use the no parameter with this command to disable TTL propagation.

Command Syntax(no) mpls propogate-ttl

Command ModeConfigure mode

DefaultTTL propagation is enabled by default.

ExamplesZebOS# configure terminal

NSM MPLS Commands

©2001-2007 IP Infusion Inc. Confidential 119

ZebOS(config)# mpls propogate-ttl

ZebOS# configure terminalZebOS(config)# no mpls propogate-ttl

mpls vrf-entryUse this command to add a VRF entry.

Note: This command is mainly for developers, and is available only when the --enable-dev-test option is used in the configure script.

Command Syntax(no) mpls vrf-entry VRF-NAME A.B.C.D|A.B.C.D/M LABEL_OUT NEXTHOP IFNAME DLVR_TO_IP|PUSH|PUSH_AND_LOOKUP

no mpls vrf-entry VRF-NAME A.B.C.D|A.B.C.D/M

VRF-NAME Specifies the VRF identifierA.B.C.D = A.B.C.D MASK Forwarding Equivalence Class (FEC)

MASK A.B.C.D Mask for Forwarding Equivalence ClassA.B.C.D/M Forwarding Equivalence Class with maskLABEL_OUT = <16-1046400> Outgoing labelNEXTHOP = A.B.C.D Next hop IPv4 addressIFNAME Name of the outgoing interface DLVR_TO_IP Forward over IP PUSH Only one label should be pushed.PUSH_AND_LOOKUP Do second lookup in global FTN table for label.

Command ModeConfigure mode

UsageUse this command to add a VRF entry to the VRF table with the name (VRF-NAME). To use this command, the VRF table must already exist.

ExamplesZebOS# configure terminalZebOS(config)# mpls vrf-entry myVRF 10.10.0.0/24 100 1.2.3.4 eth1 PUSH

Related Commandsip vrf NAME

show mplsUse this command to display all label data.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

NSM MPLS Commands

120 ©2001-2007 IP Infusion Inc. Confidential

Command Syntaxshow mpls

Command ModeExec mode and Privileged Exec mode

UsageZebOS# show mpls Minimum label configured: 16 Maximum label configured: 1048575 Per label-space information: Label-space 0 is using minimum label: 16 and maximum label: 1048575 Custom ingress TTL configured: none Custom egress TTL configured: none Log message detail: none Admin group detail: none

ExamplesZebOS# show mpls

show mpls admin-groupsUse this command to display all administrative groups configured.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls admin-groups

Command ModeExec mode and Privileged Exec mode

UsageZebOS# show mpls admin-groups Admin group detail: Value of 0 associated with admin group 'a' Value of 1 associated with admin group 'b' Value of 2 associated with admin group 'c' Value of 4 associated with admin group 'd'ipi-ilabs2-nsm#

ExamplesZebOS# show mpls admin-groups

show mpls cross-connect-tableUse this command to display detailed information of all the entries created in the MPLS cross-connect table.

NSM MPLS Commands

©2001-2007 IP Infusion Inc. Confidential 121

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls cross-connect-table

Command ModeExec mode and Privileged Exec mode

UsageThe following is a sample output of the show mpls cross-connect-table

ZebOS# show mpls cross-connect-table Cross connect ix: 3, in intf: -, in label: 0, out-segment ix: 3 Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 3, owner: RSVP, out intf: eth1, out label: 16 Nexthop addr: 10.10.20.80, cross connect ix: 3, op code: Push

Cross connect ix: 6, in intf: -, in label: 0, out-segment ix: 6 Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 6, owner: RSVP, out intf: eth1, out label: 17 Nexthop addr: 10.10.20.80, cross connect ix: 6, op code: Push

ExamplesZebOS# show mpls cross-connect-table

show mpls forwarding-tableUse this command to display all LSPs originating from this router. It also displays codes indicating the selected FTN (FEC to Next-Hop-Label-Forwarding-Entry).

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls forwarding-table

Command ModeExec mode and Privileged Exec mode

UsageThe following output shows the code explanations, FEC, Nexthop, and outgoing interfaces and labels.

ZebOS# show mpls forwarding-table Codes: > - selected FTN, B - BGP FTN, C - CR-LDP FTN, K - CLI FTN, L - LDP FTN, R - RSVP-TE FTN, S - SNMP FTN, U - unknown FTN

Code FEC Nexthop Out-Label Out-IntfR> 10.10.26.63/32 10.10.20.80 16 eth1 R> 192.168.0.63/32 10.10.20.80 17 eth1

NSM MPLS Commands

122 ©2001-2007 IP Infusion Inc. Confidential

ExamplesZebOS# show mpls forwarding table

show mpls ftn-tableUse this command to display information of all the entries created in the MPLS FTN (FEC to Next-Hop-Label-Forwarding-Entry) table.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls ftn-table

Command ModeExec mode and Privileged Exec mode

UsageZebOS# show mpls ftn-table Primary FTN entry with FEC: 10.10.26.63/32, ix 3, row status: Active Owner: RSVP, Action-type: Redirect to Tunnel, Exp-bits: 0x0 Description: t1 Cross connect ix: 3, in intf: -, in label: 0, out-segment ix: 3 Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 3, owner: RSVP, out intf: eth1, out label: 16 Nexthop addr: 10.10.20.80, cross connect ix: 3, op code: Push

Primary FTN entry with FEC: 192.168.0.63/32, ix 4, row status: Active Owner: RSVP, Action-type: Redirect to Tunnel, Exp-bits: 0x0 Description: t2 Cross connect ix: 6, in intf: -, in label: 0, out-segment ix: 6 Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 6, owner: RSVP, out intf: eth1, out label: 17 Nexthop addr: 10.10.20.80, cross connect ix: 6, op code: Push

ExamplesZebOS# show mpls ftn-table

show mpls ilm-tableUse this command to display summarized information of the ILM (Incoming Label Map) table.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls ilm-table

Command ModeExec mode and Privileged Exec mode

NSM MPLS Commands

©2001-2007 IP Infusion Inc. Confidential 123

Usage ZebOS# show mpls ilm-table In-Label Out-Label In-Intf Out-Intf Nexthop FEC16 3 eth1 eth0 10.10.24.63 10.10.26.63/3217 3 eth1 eth0 10.10.24.63 192.168.0.63/32

ExamplesZebOS# show mpls ilm-table

show mpls in-segment-tableUse this command to display detailed information of all entries in the Incoming Label Map (also known as in-segment) table.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls in-segment-table

Command ModeExec mode and Privileged Exec mode

Usage ZebOS# show mpls in-segment-table In-segment entry with in label: 16, in intf: eth1, row status: Active Owner: RSVP, # of pops: 1, fec: 10.10.26.63/32 Cross connect ix: 1, in intf: eth1, in label: 16, out-segment ix: 1 Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 1, owner: RSVP, out intf: eth0, out label: 3 Nexthop addr: 10.10.24.63, cross connect ix: 1, op code: Swap

In-segment entry with in label: 17, in intf: eth1, row status: Active Owner: RSVP, # of pops: 1, fec: 192.168.0.63/32 Cross connect ix: 1, in intf: eth1, in label: 17, out-segment ix: 1 Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 1, owner: RSVP, out intf: eth0, out label: 3 Nexthop addr: 10.10.24.63, cross connect ix: 1, op code: Swap

ExamplesZebOS# show mpls in-segment-table

show mpls l2-circuitUse this command to display MPLS Layer-2 Virtual Circuit data.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls l2-circuit

NSM MPLS Commands

124 ©2001-2007 IP Infusion Inc. Confidential

Command ModeExec mode and Privileged Exec mode

Usage The following is a sample output of the show mpls l2-circuit command displaying Virtual Circuit data.

ZebOS# show mpls l2-circuit ipiMPLS Layer-2 Virtual Circuit: ipi, id: 1000 Endpoint: 192.168.0.80 Control Word: 0 MPLS Layer-2 Virtual Circuit Group: none Bound to interface: eth2 Virtual Circuit Type: Ethernet

ExamplesZebOS# show mpls l2-circuit

show mpls l2-circuit-groupUse this command to display MPLS Layer-2 Virtual Circuit group data.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls l2-circuit-group

Command ModeExec mode and Privileged Exec mode

ExamplesZebOS# show mpls l2-circuit-group

show mpls logUse this command to display logging information configured for MPLS.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls log

Command ModeExec mode and Privileged Exec mode

ExamplesZebOS# show mpls log

NSM MPLS Commands

©2001-2007 IP Infusion Inc. Confidential 125

show mpls mapped-routesUse this command to display all configured mapped MPLS routes.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls mapped-routes

Command ModeExec mode and Privileged Exec mode

ExamplesZebOS# show mpls mapped-routes

show mpls out-segment-tableUse this command to display detailed information of all entries in the out-segment (also known as NHLFE) table.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls out-segment-table

Command ModeExec mode and Privileged Exec mode

ExamplesZebOS# show mpls out-segment-table

show mpls vc-tableUse this command to display summarized information of all Virtual Circuit FTN (FEC to Next-Hop-Label-Forwarding-Entry) entries.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Note: This command is available only if --enable-mpls-vc configuration option is enabled in the configure script.

Command Syntaxshow mpls vc-table

Command ModeExec mode and Privileged Exec mode

ExamplesZebOS# show mpls vc-table

NSM MPLS Commands

126 ©2001-2007 IP Infusion Inc. Confidential

show mpls vrf-tableUse this command to display detailed information of all the configured VRF entries. Specify the name of the VRF to display information about a specific VRF entry.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Note: This command is available only if --enable-vrf configuration option is enabled in the configure script.

Command Syntaxshow mpls vrf-table

Command ModeExec mode and Privileged Exec mode

ExamplesZebOS# show mpls vrf-table

MPLS OAM CommandsMPLS Operation, Administration, and Maintenance (OAM) provides an external ability to detect data plan failures that cannot be detected by the protocols. MPLS OAM provides ping and trace-route facilities for the data plane with which end-to-end connectivity can be tested.

ping mpls ipv4Use this command to initiate sending MPLS echo request packets in the specified static LSP of the MPLS cloud.

Command Syntaxping mpls ipv4 A.B.C.D/M (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (repeat <5-5000>) (interval <2-20000>) (detail) (force-explicitnull)

ipv4 A.B.C.D/M IPv4 prefix addressMODE Reply modes defined in RFC. Optional.

1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert

flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from

the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.

Default is 60.repeat <5-5000> Number of ping packets to be sent. Optional. Default is 5.interval <2-20000> Interval, in milliseconds, between MPLS ping packets. Optional. Default is 2.detail Print a detailed output of the ping command. Optional.force-explicitnull Force Explicit NULL label. Optional.

NSM MPLS Commands

©2001-2007 IP Infusion Inc. Confidential 127

Command ModePrivileged Exec mode

UsageUse this command to test the connectivity of static LSPs.

ExamplesZebOS# ping mpls ipv4 10.10.0.0/24 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 repeat 6 interval 3 detail force-explicitnull

ping mpls l2-circuitUse this command to initiate sending MPLS echo request packets in the specified Layer-2 Virtual Circuit (VC) of the MPLS cloud.

Command Syntaxping mpls l2-circuit <1-10000> (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (repeat <5-5000>) (interval <2-20000>) (detail) (force-explicitnull)

l2-circuit <1-10000> Layer-2 VC IDMODE Reply modes defined in RFC. Optional.

1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert

flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from

the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.

Default is 60.repeat <5-5000> Number of ping packets to be sent. Optional. Default is 5.interval <2-20000> Interval, in milliseconds, between MPLS ping packets. Optional. Default is 2.detail Print a detailed output of the ping command. Optional.force-explicitnull Force Explicit NULL label. Optional.

Command ModePrivileged Exec mode

UsageUse this command to test the operation of MPLS Layer-2 VC.

ExamplesZebOS# ping mpls l2-circuit 3 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 repeat 6 interval 3 detail force-explicitnull

ping mpls l3vpnUse this command to initiate sending MPLS echo request packets in the specified VPN instance of the MPLS cloud.

NSM MPLS Commands

128 ©2001-2007 IP Infusion Inc. Confidential

Command Syntaxping mpls l3vpn VRFNAME A.B.C.D/M (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (repeat <5-5000>) (interval <2-20000>) (detail) (force-explicitnull)

VRFNAME VRF instance nameA.B.C.D/M BGP VPN prefixMODE Reply modes defined in RFC. Optional.

1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert

flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from

the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.

Default is 60.repeat <5-5000> Number of ping packets to be sent. Optional. Default is 5.interval <2-20000> Interval, in milliseconds, between MPLS ping packets. Optional. Default is 2.detail Print a detailed output of the ping command. Optional.force-explicitnull Force Explicit NULL label. Optional.

Command ModePrivileged Exec mode

UsageUse this command to test the connectivity for BGP VPN peers.

ExamplesZebOS# ping mpls l3vpn vrfa 10.10.0.0/24 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 repeat 6 interval 3 detail force-explicitnull

ping mpls ldpUse this command to initiate sending MPLS echo request packets in the specified LDP LSP of the MPLS cloud.

ping mpls ldp A.B.C.D/M (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (repeat <5-5000>) (interval <2-20000>) (detail) (force-explicitnull)

ldp A.B.C.D/M LDP IPv4 FEC prefix addressMODE Reply modes defined in RFC. Optional.

1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert

flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from

the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.

NSM MPLS Commands

©2001-2007 IP Infusion Inc. Confidential 129

timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional. Default is 60.

repeat <5-5000> Number of ping packets to be sent. Optional. Default is 5.interval <2-20000> Interval, in milliseconds, between MPLS ping packets. Optional. Default is 2.detail Print a detailed output of the ping command. Optional.force-explicitnull Force Explicit NULL label. Optional.

Command ModePrivileged Exec mode

UsageUse this command to ping a normal LDP LSP.

ExamplesZebOS# ping mpls ldp 10.10.0.0/24 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 repeat 6 interval 3 detail force-explicitnull

ping mpls rsvpUse this command to initiate sending MPLS echo request packets in the specified RSVP-TE LSP of the MPLS cloud.

ping mpls rsvp egress A.B.C.D|tunnel-name NAME (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (repeat <5-5000>) (interval <2-20000>) (detail) (force-explicitnull)

egress A.B.C.D IPv4 egress addresstunnel-name NAME RSVP-TE tunnel nameMODE Reply modes defined in RFC. Optional.

1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert

flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from

the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.

Default is 60.repeat <5-5000> Number of ping packets to be sent. Optional. Default is 5.interval <2-20000> Interval, in milliseconds, between MPLS ping packets. Optional. Default is 2.detail Print a detailed output of the ping command. Optional.force-explicitnull Force Explicit NULL label. Optional.

Command ModePrivileged Exec mode

UsageUse this command to ping RSVP-TE tunnel LSPs.

NSM MPLS Commands

130 ©2001-2007 IP Infusion Inc. Confidential

ExamplesZebOS# ping mpls rsvp egress 1.2.3.5 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 repeat 6 interval 3 detail force-explicitnull

ZebOS# ping mpls rsvp tunnel-name tun1 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 repeat 6 interval 3 detail force-explicitnull

ping mpls vplsUse this command to initiate sending MPLS echo request packets in the specified VPLS instance of the MPLS cloud.

Command Syntaxping mpls vpls <1-10000> peer A.B.C.D/M (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (repeat <5-5000>) (interval <2-20000>) (detail) (force-explicitnull)

<1-10000> VPLS instance IDpeer A.B.C.D/M VPLS mesh peer addressMODE Reply modes defined in RFC. Optional.

1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert

flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from

the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.

Default is 60.repeat <5-5000> Number of ping packets to be sent. Optional. Default is 5.interval <2-20000> Interval, in milliseconds, between MPLS ping packets. Optional. Default is 2.detail Print a detailed output of the ping command. Optional.force-explicitnull Force Explicit NULL label. Optional.

Command ModePrivileged Exec mode

UsageUse this command to test the connectivity for LDP VPLS instances.

ExamplesZebOS# ping mpls vpls 2 peer 10.10.0.0/24 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 repeat 6 interval 3 detail force-explicitnull

trace mpls ipv4Use this command to initiate tracing the route traversed by the specified IPv4 static LSP echo request packet in the MPLS cloud.

NSM MPLS Commands

©2001-2007 IP Infusion Inc. Confidential 131

Command Syntaxtrace mpls ipv4 A.B.C.D/M (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (detail) (force-explicitnull)

ipv4 A.B.C.D/M IPv4 prefix addressMODE Reply modes defined in RFC. Optional.

1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert

flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from

the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.

Default is 60.detail Print a detailed output of the trace command with the received label values. Optional.force-explicitnull Force Explicit NULL label. Optional.

Command ModePrivileged Exec mode

ExamplesZebOS# trace mpls ipv4 10.10.0.0/24 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 detail force-explicitnull

trace mpls l2-circuitUse this command to initiate tracing the route traversed by the specified Layer-2 VC echo request packet in the MPLS cloud.

Command Syntaxtrace mpls l2-circuit <1-10000> (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (detail) (force-explicitnull)

l2-circuit <1-10000> Layer-2 VC IDMODE Reply modes defined in RFC. Optional.

1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert

flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from

the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.

Default is 60.detail Print a detailed output of the trace command with the received label values. Optional.force-explicitnull Force Explicit NULL label. Optional.

NSM MPLS Commands

132 ©2001-2007 IP Infusion Inc. Confidential

Command ModePrivileged Exec mode

ExamplesZebOS# trace mpls l2-circuit 3 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 detail force-explicitnull

trace mpls l3vpnUse this command to initiate tracing the route traversed by the specified VPN instance echo request packet in the MPLS cloud.

Command Syntaxtrace mpls l3vpn VRFNAME A.B.C.D/M (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (detail) (force-explicitnull)

VRFNAME VRF instance nameA.B.C.D/M BGP VPN prefixMODE Reply modes defined in RFC. Optional.

1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert

flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from

the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.

Default is 60.detail Print a detailed output of the trace command with the received label values. Optional.force-explicitnull Force Explicit NULL label. Optional.

Command ModePrivileged Exec mode

ExamplesZebOS# trace mpls l3vpn vrfa 10.10.0.0/24 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 detail force-explicitnull

trace mpls ldpUse this command to initiate tracing the route traversed by the specified LDP LSP echo request packet in the MPLS cloud.

Command Syntaxtrace mpls ldp A.B.C.D/M (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (detail) (force-explicitnull)

ldp A.B.C.D/M LDP IPv4 FEC prefix addressMODE Reply modes defined in RFC. Optional.

NSM MPLS Commands

©2001-2007 IP Infusion Inc. Confidential 133

1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert

flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from

the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.

Default is 60.detail Print a detailed output of the trace command with the received label values. Optional.force-explicitnull Force Explicit NULL label. Optional.

Command ModePrivileged Exec mode

ExamplesZebOS# trace mpls ldp 10.10.0.0/24 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 detail force-explicitnull

trace mpls rsvpUse this command to initiate tracing the route traversed by the specified RSVP-TE LSP echo request packet in the MPLS cloud.

Command Syntaxtrace mpls rsvp egress A.B.C.D|tunnel-name NAME (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (detail) (force-explicitnull)

egress A.B.C.D IPv4 egress addresstunnel-name NAME RSVP-TE tunnel nameMODE Reply modes defined in RFC. Optional.

1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert

flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from

the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.

Default is 60.detail Print a detailed output of the trace command with the received label values. Optional.force-explicitnull Force Explicit NULL label. Optional.

Command ModePrivileged Exec mode

NSM MPLS Commands

134 ©2001-2007 IP Infusion Inc. Confidential

ExamplesZebOS# trace mpls rsvp egress 1.2.3.5 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 detail force-explicitnull

ZebOS# trace mpls rsvp tunnel-name tun1 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 detail force-explicitnull

trace mpls vplsUse this command to initiate tracing the route traversed by the specified VPLS instance echo request packet in the MPLS cloud.

Command Syntaxtrace mpls vpls <1-10000> peer A.B.C.D/M (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (detail) (force-explicitnull)

<1-10000> VPLS instance IDpeer A.B.C.D/M VPLS mesh peer addressMODE Reply modes defined in RFC. Optional.

1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert

flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D destination IPv4 address field in the UPD ping packet. Optional. Must be from

the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> time to wait, in seconds, before rejecting the sent probe as a failure. Optional. Default

is 60.detail Print a detailed output of the trace command with the received label values. Optional.force-explicitnull Force Explicit NULL label. Optional.

Command ModePrivileged Exec mode

ExamplesZebOS# trace mpls vpls 2 peer 10.10.0.0/24 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 detail force-explicitnull

©2001-2007 IP Infusion Inc. Confidential 135

CHAPTER 6 NSM GMPLS Commands

gmpls capability-typeUse this command to specify the Generalized MPLS (GMPLS) interface switching capability-type.

Command Syntaxgmpls capability-type fsc|l2sc|lsc|psc1|psc2|psc3|psc4|tdm

no gmpls capability-type

fsc Fiber-Switch Capable (FSC)l2sc Layer-2 Switch Capable (L2SC)lsc Lambda-Switch Capable (LSC)psc1 Packet-Switch Capable-1 (PSC-1)psc2 Packet-Switch Capable-2 (PSC-2)psc3 Packet-Switch Capable-3 (PSC-3)psc4 Packet-Switch Capable-4 (PSC-4)tdm Time-Division-Multiplex Capable (TDM)

Command ModeInterface mode

Usage This command specifies the switching capability-type of the Interface. It also triggers advertisement of the interface switching capability type as GMPLS extensions by Interior Gateway Protocol (IGP).

It is possible to configure one or more capability types on an interface.

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# gmpls capability-type psc1

Related Commandsgmpls link-id, gmpls protection-type, gmpls risk-group

gmpls encoding-typeUse this command to specify the GMPLS interface LSP (Label Switched Path) encoding type.

Command Syntaxgmpls encoding-type packet|ethernet|pdh|sdh|digital|lambda|fiber|fiber-channel

no gmpls encoding-type

digital = Digital Wrapperethernet = Ethernet

NSM GMPLS Commands

136 ©2001-2007 IP Infusion Inc. Confidential

fiber = Fiberfiber-channel = Fiber channellambda = Lambda (photonic)packet = Packetpdh = ANSI/ETSI PDHsdh = SDH ITU-T G.707 / SONET ANSI T1.105

DefaultDisabled

Command ModeInterface mode

UsageThis command specifies the switching encoding-types of interfaces. To advertise this information by IGP, also specify at least one switching capability type, using the gmpls capability-type command.

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# gmpls encoding-type packet

Related commandsgmpls capability-type, gmpls min-lsp-bandwidth, gmpls sdh-indication

gmpls link-idUse this command to advertise link local/remote identifiers by IGP.

Command Syntax(no) gmpls link-id

DefaultDisabled

Command ModeInterface mode

UsageThis command triggers an advertisement of link local/remote identifiers as GMPLS extensions by IGP.

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# gmpls link-id

NSM GMPLS Commands

©2001-2007 IP Infusion Inc. Confidential 137

Related commandsgmpls protection-type, gmpls capability-type, gmpls risk-group

gmpls min-lsp-bandwidthUse this command to specify GMPLS minimum LSP bandwidth.

Command Syntaxgmpls min-lsp-bandwidth BANDWIDTH

no gmpls min-lsp-bandwidth

BANDWIDTH = <1-10000000000> bits, expressed in k|m|g for kilo bits, mega bits, or giga bits.

DefaultDisabled

Command ModeInterface mode

UsageThis command specifies the minimum LSP bandwidth of an interface. To advertise this information by IGP, also specify the switching capability type to PSC1, PSC2, PSC3, PSC4, or TDM, using the gmpls capability-type command.

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# gmpls min-lsp-bandwidth 1g

Related commandsgmpls capability-type, gmpls encoding-type, gmpls sdh-indication

gmpls protection-typeUse this command to specify the GMPLS link protection type.

Command Syntaxgmpls protection-type (dedicated-1plus1|decicated-1to1|enhanced|extra-traffic|unprotected|shared||)

no gmpls protection-type

dedicated-1plus1 Specify link type as dedicated 1+1dedicated-1to1 Specify link type as dedicated 1:1enhanced Specify link type as enhancedextra-traffic Specify link type as extra trafficunprotected Specify link type as unprotectedshared Specify link type as shared

NSM GMPLS Commands

138 ©2001-2007 IP Infusion Inc. Confidential

DefaultDisabled

Command ModeInterface mode

UsageThis command specifies the link protection type of an interface. It also triggers an advertisement of link protection type as GMPLS extensions by IGP.

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# gmpls protection-type extra-traffic

Related commandsgmpls link-id, gmpls capability-type, gmpls risk-group

gmpls risk-groupUse this command to specify the GMPLS Shared Risk Link Group (SRLG) value.

Command Syntax(no) gmpls risk-group GROUPVALUE

no gmpls risk-group

GROUPVALUE <0-4294967295> Specifies Shared Risk Link Group value

DefaultDisabled

Command ModeInterface mode

UsageThis command specifies the GMPLS Shared Risk Link Group value. It also triggers an advertisement of Shared Risk Link Group (SRLG) information as GMPLS extensions by IGP.

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# gmpls risk-group 200

Related commandsgmpls link-id, gmpls protection-type, gmpls capability-type

NSM GMPLS Commands

©2001-2007 IP Infusion Inc. Confidential 139

gmpls sdh-indicationUse this command to specify the GMPLS SONET/SDH indication.

Command Syntaxgmpls sdh-indication arbitrary|standard

no gmpls sdh-indication

arbitrary = Arbitrary SONET/SDH standard = Standard SONET/SDH

DefaultDisabled

Command ModeInterface mode

UsageThis command specifies the SONET/SDH indication of an interface. To advertise this information by IGP, also specify the switching capability type to Time Division Multiplexing (TDM), using the gmpls capability-type command.

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# gmpls sdh-indication standard

Related commandsgmpls capability-type, gmpls encoding-type, gmpls min-lsp-bandwidth

NSM GMPLS Commands

140 ©2001-2007 IP Infusion Inc. Confidential

©2001-2007 IP Infusion Inc. Confidential 141

CHAPTER 7 GMP Multicast Commands

This chapter lists configuration, clear, and show commands related to Group Management Protocols (GMPs), IGMP and MLD, in alphabetical order.

IGMP CommandsThe Internet Group Management Protocol (IGMP) module includes the IGMP Proxy service and IGMP Snooping functionalities. Some of the following commands may have commonalities and restrictions: these are described under the Usage section for each command.

clear ip igmpUse this command to clear all IGMP local-memberships on all interfaces.

Command Syntaxclear ip igmp (vrf VRFNAME)

VRFNAME Optional. Specify the VRF name.

Command ModePrivileged Exec mode

UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.

ExampleZebOS# clear ip igmp vrf VRF_A

Related Commandsclear ip igmp groups, clear ip igmp interface

clear ip igmp groupsUse this command to clear IGMP specific local-membership(s) on all interfaces.

Command Syntaxclear ip igmp (vrf VRFNAME) groups * | A.B.C.D

VRFNAME Optional. Specify the VRF name.* Clears all groups on all interfaces. This is an alias to the clear ip igmp command.A.B.C.D Specifies the group address’s local-membership to be cleared from all interfaces.

Command ModePrivileged Exec mode

GMP Multicast Commands

142 ©2001-2007 IP Infusion Inc. Confidential

UsageThis command applies to groups learned by IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.

ExamplesZebOS# clear ip igmp groups *ZebOS# clear ip igmp 224.1.1.1

Related Commandsclear ip igmp, clear ip igmp interface

clear ip igmp interfaceUse this command to clear IGMP interface entries.

Command Syntaxclear ip igmp (vrf VRFNAME) interface IFNAME

VRFNAME Optional. Specify the VRF name.IFNAME Specifies name of the interface; all groups learned from this interface are deleted.

Command ModePrivileged Exec mode

UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.

ExampleZebOS# clear ip igmp interface eth1

Related Commandsclear ip igmp, clear ip igmp groups

debug igmpUse this command to enable debugging of all IGMP, or a specific component of IGMP.

Use the no parameter with this command to disable all IGMP debugging, or debugging of a specific component of IGMP.

Command Syntaxdebug igmp (vrf VRFNAME) all|decode|events|fsm|tib

no debug igmp (vrf VRFNAME) all|decode|events|fsm|tib

VRFNAME Optional. Specify the VRF name.all debug all IGMPdecode debug IGMP decodingencode debug IGMP encodingevents debug IGMP eventsfsm debug IGMP Finite State Machine (FSM)

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 143

tib debug IGMP Tree Information Base (TIB)

Command ModesPrivileged Exec mode and Configure mode

UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.

ExampleZebOS# configure terminalZebOS(config)# debug igmp all

ip igmpUse this command to enable the IGMP protocol operation on an interface. This command enables IGMP protocol operation in stand-alone mode, and can be used to learn local-membership information prior to enabling a multicast routing protocol on the interface.

Use the no parameter with this command to return all IGMP related configuration to the default (including IGMP Snooping or IGMP Proxy service).

Command Syntaxip igmp

no ip igmp

Command ModeInterface mode

DefaultDisabled

UsageThis command will has no effect on interfaces configured for IGMP Proxy.

ExampleZebOS# configure terminalZebOS(config)# interface ethernet 0 ZebOS(config-if)# ip igmp

ip igmp access-group Use this command to control the multicast local-membership groups learnt on an interface.

Use the no parameter with this command to disable this access control.

Command Syntaxip igmp access-group <1-99>|WORD

no ip igmp access-group

<1-99> Access-list number.

GMP Multicast Commands

144 ©2001-2007 IP Infusion Inc. Confidential

WORD Standard IP access-list name.

Command ModeInterface mode

DefaultNo access list configured

UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.

ExamplesIn the following example, hosts serviced by Ethernet interface 0 can only join the group 225.2.2.2:

ZebOS# configure terminalZebOS(config)# access-list 1 225.2.2.2 0.0.0.0ZebOS(config)# interface ethernet 0 ZebOS(config-if)# ip igmp access-group 1

Related CommandsNone

ip igmp immediate-leaveIn IGMP version 2, use this command to minimize the leave latency of IGMP memberships. This command is used when only one receiver host is connected to each interface.

To disable this feature, use the no parameter with this command.

Command Syntaxip igmp immediate-leave group-list ACCESSLIST

no ip igmp immediate-leave

ACCESSLIST <1-99>|<1300-1999>|WORD Standard access-list name or number that defines multicast groups in which the immediate leave feature is enabled.

<1-99> Access-list number.<1300-1999> Access-list number (expanded range).WORD Standard IP access-list name.

Command ModeInterface mode

DefaultDisabled

UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 145

ExamplesThe following example shows how to enable the immediate-leave feature on an interface for a specific range of multicast groups. In this example, the router assumes that the group access-list consists of groups that have only one host membership at a time per interface:

ZebOS# configure terminalZebOS(config)# interface eth 0ZebOS(config-if)# ip igmp immediate-leave group-list 34 ZebOS(config-if)# exitZebOS(config)# access-list 34 permit 225.192.20.0 0.0.0.255

Related Commands

ip igmp last-member-query-interval

ip igmp last-member-query-countUse this command to set the last-member query-count value. To return to the default value on an interface, use the no parameter with this command.

Command Syntaxip igmp last-member-query-count <2-7>

no ip igmp last-member-query-count

<2-7> last member query count value

Command ModeInterface mode

DefaultThe default last member query count value is 2.

UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.

ExampleZebOS# configure terminalZebOS(config)# interface ethernet 0 ZebOS(config-if)# ip igmp last-member-query-count 3

ip igmp last-member-query-intervalUse this command to configure the frequency at which the router sends IGMP group-specific host query messages.

To set this frequency to the default value, use the no parameter with this command.

Command Syntaxip igmp last-member-query-interval INTERVAL

no ip igmp last-member-query-interval

GMP Multicast Commands

146 ©2001-2007 IP Infusion Inc. Confidential

INTERVAL = <1000-25500> Frequency (in milliseconds) at which IGMP group-specific host query messages are sent.

Command ModeInterface mode

Default1000 milliseconds

UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.

ExamplesThe following example changes the IGMP group-specific host query message interval to 2 seconds:

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ip igmp last-member-query-interval 2000

Related Commandsip igmp immediate-leave

ip igmp limitUse this command to configure the limit on the maximum number of group membership states, at either the router level, or for the specified interface. Once the specified number of group memberships is reached, all further local-memberships will be ignored. Optionally, an exception access-list can be configured to specify the group-address(es) to be excluded from being subject to the limit.

Use the no parameter with this command to unset the limit and any specified exception access-list.

Command Syntaxip igmp (vrf VRFNAME) limit LIMITVALUE (except ACCESSLIST)

no ip igmp (vrf VRFNAME) limit

VRFNAME Optional. Specify the VRF name.LIMITVALUE <1-2097152> Maximum number of group membership statesACCESSLIST <1-99>|<1300-1999>|WORD Number or name that defines multicast groups which are

exempted from being subject to configured limit.<1-99> Access-list number<1300-1999> Access-list number (expanded range)WORD Standard IP access-list name

Command ModeGlobal Config mode and Interface mode

UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.

When configured for IGMP Snooping, this command can be issued on only VLAN interfaces. The limit applies, individually, to each of its constituent interfaces.

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 147

ExamplesThe following example configures an IGMP limit of 100 group-membership states across all interfaces on which IGMP is enabled, and excludes group 224.1.1.1 from this limitation:

ZebOS# configure terminalZebOS(config)# access-list 1 224.1.1.1 0.0.0.0ZebOS(config)# ip igmp limit 100 except 1

The following example configures an IGMP limit of 100 group-membership states on eth0:

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ip igmp limit 100

ip igmp mroute-proxyUse this command to specify the IGMP Proxy service (upstream host-side) interface with which to be associated. IGMP router-side protocol operation is enabled only when the specified upstream proxy-service interface is functional.

Use the no parameter with this command to remove the association with the proxy-service interface.

Command Syntaxip igmp mroute-proxy IFNAME

no ip igmp mroute-proxy

Command ModeInterface mode

UsageThis command should not be used when configuring interfaces enabled for IGMP in association with a multicast routing protocol, otherwise the behavior will be undefined.

ExampleThe following example configures the eth 0 interface as the upstream proxy-service interface for the downstream router-side interface, eth 1.

ZebOS# configure terminalZebOS(config)# interface eth 1ZebOS(config-if)# ip igmp mroute-proxy eth 0

ip igmp proxy-serviceUse this command to designate an interface to be the IGMP proxy-service (upstream host-side) interface, thus enabling IGMP host-side protocol operation on this interface. All associated downstream router-side interfaces will have their memberships consolidated on this interface, according to IGMP host-side functionality.

Use the no parameter with this command to remove the designation of the interface as an upstream proxy-service interface.

Command Syntaxip igmp proxy-service

no ip igmp proxy-service

GMP Multicast Commands

148 ©2001-2007 IP Infusion Inc. Confidential

Command ModeInterface mode

UsageThis command should not be used when configuring interfaces enabled for IGMP in association with a multicast-routing protocol, otherwise the behavior will be undefined.

ExampleThe following example designates the eth 0 interface as the upstream proxy-service interface.

ZebOS# configure terminalZebOS(config)# interface eth 0ZebOS(config-if)# ip igmp proxy-service

ip igmp querier-timeout Use this command to configure the timeout period before the router takes over as the querier for the interface after the previous querier has stopped querying.

To restore the default value, use the no parameter with this command.

Command Syntaxip igmp querier-timeout TIMEOUT

no ip igmp querier-timeout

TIMEOUT = <60-300> Number of seconds that the router waits after the previous querier has stopped querying before it takes over as the querier.

Command ModeInterface mode

Default255 seconds

UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.

ExamplesThe following example configures the router to wait 120 seconds from the time it received the last query before it takes over as the querier for the interface:

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ip igmp querier-timeout 120

Related Commandsip igmp query-interval

ip igmp query-intervalUse this command to configure the frequency of sending IGMP host query messages.

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 149

To return to the default frequency, use the no parameter with this command.

Command Syntaxip igmp query-interval INTERVAL

no ip igmp query-interval

INTERVAL = <1-18000> Frequency (in seconds) at which IGMP host query messages are sent.

Command ModeInterface mode

DefaultThe default query interval is 125 seconds.

UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.

ExampleThe following example changes the frequency of sending IGMP host-query messages to 2 minutes:

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ip igmp query-interval 120

ip igmp query-max-response-timeUse this command to configure the maximum response time advertised in IGMP queries.

To restore the default value, use the no parameter with this command.

Command Syntaxip igmp query-max-response-time RESPONSETIME

no ip igmp query-max-response-time

RESPONSETIME = <1-240> Maximum response time (in seconds) advertised in IGMP queries.

Command ModeInterface mode

Default10 seconds

UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.

ExamplesThe following example configures a maximum response time of 8 seconds:

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ip igmp query-max-response-time 8

GMP Multicast Commands

150 ©2001-2007 IP Infusion Inc. Confidential

ip igmp robustness-variableUse this command to change the robustness variable value on an interface.

To return to the default value on an interface, use the no parameter with this command.

Command Syntaxip igmp robustness-variable <2-7>

no ip igmp robustness-variable

Command ModeInterface mode

DefaultThe default robustness variable value is 2.

UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.

ExampleZebOS# configure terminalZebOS(config)# interface ethernet 0 ZebOS(config-if)# ip igmp robustness-variable 3

ip igmp snoopingUse this command to enable IGMP Snooping. When this command is given in the Global Config mode, IGMP Snooping is enabled at the switch level. When this command is given at the VLAN interface level, IGMP Snooping is enabled for that VLAN.

Use the no parameter with this command to globally disable IGMP Snooping, or for the specified interface.

Command Syntaxip igmp (vrf VRFNAME) snooping

no ip igmp (vrf VRFNAME) snooping

VRFNAME Optional. Specify the VRF name.

Command ModeGlobal Config modeInterface mode for VLAN interface

DefaultIGMP Snooping is enabled.

UsageThis IGMP Snooping command can only be configured on VLAN interfaces

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 151

ExamplesZebOS# configure terminalZebOS(config)# ip igmp snoopingZebOS(config)# interface vlan1.1ZebOS(config-if)# ip igmp snooping

ip igmp snooping fast-leaveUse this command to enable IGMP Snooping fast-leave processing. Fast-leave processing is analogous to immediate-leave processing; the IGMP group-membership is removed, as soon as an IGMP leave group message is received without sending out a group-specific query.

Use the no parameter with this command to disable fast-leave processing.

Command Syntaxip igmp snooping fast-leave

no ip igmp snooping fast-leave

Command ModeInterface mode for VLAN interface

DefaultIGMP Snooping fast-leave processing is disabled.

UsageThis IGMP Snooping command can only be configured on VLAN interfaces.

ExampleThis example shows how to enable fast-leave processing on a VLAN.

ZebOS# configure terminalZebOS(config)# interface vlan1.1ZebOS(config-if)# ip igmp snooping fast-leave

ip igmp snooping mrouterUse this command to statically configure the specified VLAN constituent interface as a multicast router interface for IGMP Snooping in that VLAN.

Use the no parameter with this command to remove the static configuration of the interface as a multicast router interface.

Command Syntaxip igmp snooping mrouter interface IFNAME

no ip igmp snooping mrouter interface IFNAME

IFNAME Specify the name of the interface

Command ModeInterface mode for VLAN interface

GMP Multicast Commands

152 ©2001-2007 IP Infusion Inc. Confidential

UsageThis IGMP Snooping command can only be configured on VLAN interfaces.

ExampleThis example shows interface fe8 statically configured to be a multicast router interface.

ZebOS# configure terminalZebOS(config)# interface vlan1.1ZebOS(config-if)# ip igmp snooping mrouter interface fe8

ip igmp snooping querierUse this command to enable IGMP querier operation on a subnet (VLAN) when no multicast routing protocol is configured in the subnet (VLAN). When enabled, the IGMP Snooping querier sends out periodic IGMP queries for all interfaces on that VLAN.

Use the no parameter with this command to disable IGMP querier configuration.

Command Syntaxip igmp snooping querier

no ip igmp snooping querier

Command ModeInterface mode for VLAN interface

UsageThis command can only be configured on VLAN interfaces.

The IGMP Snooping querier uses the 0.0.0.0 Source IP address because it only masquerades as a proxy IGMP querier for faster network convergence.

It does not start, or automatically cease, the IGMP Querier operation if it detects query message(s) from a multicast router.

It restarts as the IGMP Snooping querier if no queries are seen within the other querier interval.

ExampleZebOS# configure terminalZebOS(config)# interface vlan1.1ZebOS(config-if)# ip igmp snooping querier

ip igmp snooping report-suppressionUse this command to enable report suppression for IGMP versions 1 and 2.

Use the no parameter with this command to disable report suppression.

Command Syntaxip igmp snooping report-suppression

no ip igmp snooping report-suppression

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 153

Command ModeInterface mode for VLAN interface

DefaultReport suppression does not apply to IGMPv3, and is turned off by default for IGMPv1 and IGMPv2 reports.

UsageThis command can only be configured on VLAN interfaces.

ExampleThis example shows how to enable report suppression for IGMPv2 reports.

ZebOS# configure terminalZebOS(config)# interface vlan1.1ZebOS(config-if)# ip igmp version 2ZebOS(config-if)# ip igmp snooping report-suppression

ip igmp ssm-map enableUse this command to enable SSM mapping on the router.

Use the no parameter with this command to disable SSM mapping.

Command Syntaxip igmp (vrf VRFNAME) ssm-map enable

no ip igmp (vrf VRFNAME) ssm-map enable

VRFNAME Optional. Specify the VRF name.

Command ModeGlobal Config mode

UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.

ExampleThis example shows how to configure SSM mapping on the router.

ZebOS# configure terminalZebOS(config)# ip igmp ssm-map enable

Related Commandsip igmp ssm-map static

ip igmp ssm-map staticUse this command to specify the static mode of defining SSM mapping. SSM mapping statically assigns sources to IGMPv1 and IGMPv2 groups to translate such (*,G) groups’ memberships to (S,G) memberships for use with PIM-SSM.

Use the no parameter with this command to remove the SSM map association.

GMP Multicast Commands

154 ©2001-2007 IP Infusion Inc. Confidential

Command Syntaxip igmp (vrf VRFNAME) ssm-map static ACCESSLIST A.B.C.D

no ip igmp (vrf VRFNAME) ssm-map static ACCESSLIST A.B.C.D

VRFNAME Optional. Specify the VRF name.ACCESSLIST

<1-99> Access-list number<1300-1999> Access-list number (expanded range).

A.B.C.D Standard IP access-list name.

Command ModeGlobal Config mode

UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.

ExamplesThis example shows how to configure an SSM static mapping for group-address 224.1.1.1.

ZebOS# configure terminalZebOS(config)# ip igmp ssm-map static 1 1.2.3.4ZebOS(config)# access-list 1 224.1.1.1 0.0.0.0

Related Commandsip igmp ssm-map enable

ip igmp static-groupUse this command to statically configure group membership entries on an interface. To statically add only a group membership, do not specify any parameters.

Use the no parameter with this command to delete static group membership entries.

Command Syntaxip igmp static-group A.B.C.D (source [E.F.G.H|ssm-map]) (interface IFNAME)

no ip igmp static-group A.B.C.D (source [E.F.G.H|ssm-map]) (interface IFNAME)

A.B.C.D Standard IP Multicast group address to be configured as a static group member.source Optional.

E.F.G.H Standard IP source address to be configured as a static source from where multicast packets originate.

ssm-map Mode of defining SSM mapping. SSM mapping statically assigns sources to IGMPv1 and IGMPv2 groups to translate these (*, G) groups' memberships to (S, G) memberships for use with PIM-SSM.

interface Optional. Physical interface. Use this parameter on VLAN interfaces when static configuration is required for IGMP snooping. If used, static configuration is applied to the physical interface specified in IFNAME. If not used, static configuration is applied on all VLAN constituent interfaces.

IFNAME Physical interface name.

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 155

Command ModeInterface mode

UsageThis command applies to IGMP operation on a specific interface to statically add group and/or source records; or to IGMP Snooping on a VLAN interface to statically add group and/or source records.

ExamplesThe following examples show how to statically add group and/or source records for IGMP:

ZebOS# configure terminalZebOS(config)#interface eth0ZebOS(config-if)# ip igmp static-group 226.1.2.3

ZebOS# configure terminalZebOS(config)#interface eth0ZebOS(config-if)#ip igmp static-group 226.1.2.4 source 1.2.3.4

ZebOS# configure terminalZebOS(config)#interface eth0ZebOS(config-if)# ip igmp static-group 226.1.2.5 source ssm-map

The following examples show how to statically add group and/or source records for IGMP Snooping:

ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ip igmp static-group 226.1.2.3

ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ip igmp static-group 226.1.2.6 source 1.2.3.4

ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ip igmp static-group 226.1.2.6 source ssm-map

ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ip igmp static-group 226.1.2.3 interface eth0

ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ip igmp static-group 226.1.2.6 source 1.2.3.4 interface eth0

ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ip igmp static-group 226.1.2.6 source ssm-map interface eth0

ip igmp versionUse this command to set the current IGMP protocol version on an interface.

To return to the default version, use the no parameter with this command.

GMP Multicast Commands

156 ©2001-2007 IP Infusion Inc. Confidential

Command Syntaxip igmp version <1-3>

no ip igmp version

<1-3> IGMP protocol version number

Command ModeInterface mode

UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.

DefaultThe default IGMP protocol version number is 3.

ExampleZebOS# configure terminalZebOS(config)# interface ethernet 0ZebOS(config-if)# ip igmp version 2

show ip igmp groupsUse this command to display the multicast groups with receivers directly connected to the router, and learned through IGMP.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ip igmp (vrf VRFNAME) groups (A.B.C.D|IFNAME detail)

VRFNAME Optional. Specify the VRF name.A.B.C.D Address of the multicast group. IFNAME Interface name for which to display local information.

Command ModeExec mode and Privileged Exec mode

ExamplesThe following command displays local-membership information for all interfaces:

ZebOS# show ip igmp groups IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 224.0.1.1 eth2 00:00:09 00:04:17 10.10.0.82 224.0.1.24 eth2 00:00:06 00:04:14 10.10.0.84 224.0.1.40 eth2 00:00:09 00:04:15 10.10.0.91 224.0.1.60 eth2 00:00:05 00:04:15 10.10.0.7 224.100.100.100 eth2 00:00:11 00:04:13 10.10.0.91 228.5.16.8 eth2 00:00:11 00:04:16 10.10.0.91 228.81.16.8 eth2 00:00:05 00:04:15 10.10.0.91

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 157

228.249.13.8 eth2 00:00:08 00:04:17 10.10.0.91 235.80.68.83 eth2 00:00:12 00:04:15 10.10.0.40 239.255.255.250 eth2 00:00:12 00:04:15 10.10.0.228

239.255.255.254 eth2 00:00:08 00:04:13 10.10.0.84

The following describes significant fields shown in the display above:

The following command displays local-membership details for a specific group:

ZebOS# show ip igmp groups 224.1.1.1 detailInterface: eth1Group: 224.1.1.1Uptime: 00:00:42Group mode: IncludeLast reporter: 192.168.50.111TIB-A Count: 2TIB-B Count: 0Group source list: (R - Remote, M - SSM Mapping) Source Address Uptime v3 Exp Fwd Flags 192.168.55.55 00:00:42 00:03:38 Yes R 192.168.55.66 00:00:42 00:03:38 Yes R

show ip igmp interfaceUse this command to display the state of IGMP, IGMP Proxy service, and IGMP Snooping for a specified interface, or all interfaces.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ip igmp (vrf VRFNAME) interface IFNAME

VRFNAME Optional. Specify the VRF name.IFNAME Interface name

Command ModeExec and Privileged Exec mode

ExampleThe following command displays the IGMP interface status on all interfaces enabled for IGMP.

ZebOS# show ip igmp interface Interface vlan1.1 (Index 4294967295)IGMP Active, Non-Querier, Version 3 (default)IGMP querying router is 0.0.0.0

Field Description

Group Address Address of the multicast group.

Interface Interface through which the group is reachable.

Uptime For the time period (in weeks, days, hours, minutes, and seconds) this multicast group is known.

Expires Time (in hours, minutes, and seconds) until the entry expires.

Last Reporter Last host to report being a member of the multicast group.

GMP Multicast Commands

158 ©2001-2007 IP Infusion Inc. Confidential

IGMP query interval is 125 secondsIGMP querier timeout is 255 secondsIGMP max query response time is 10 secondsLast member query response interval is 1000 millisecondsGroup Membership interval is 260 seconds|IGMP Snooping is globally enabled|IGMP Snooping is enabled on this interfaceIGMP Snooping fast-leave is not enabledIGMP Snooping querier is not enabledIGMP Snooping report suppression is enabled

show ip igmp snooping mrouterUse this command to display the multicast router interfaces, both configured and learned, in a VLAN.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ip igmp (vrf VRFNAME) snooping mrouter interface IFNAME

VRFNAME Optional. Specify the VRF name.IFNAME The name of the VLAN interface

Command ModeExec and Privileged Exec mode

ExampleThe following command displays the multicast router interfaces in VLAN 1.1.

ZebOS# show ip igmp snooping mrouter vlan1.1VLAN Interface1 ge91 ge11

show ip igmp snooping statisticsUse this command to display IGMP Snooping statistics data.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ip igmp (vrf VRFNAME) snooping statistics interface IFNAME

VRFNAME Optional. Specify the VRF name.IFNAME The name of the VLAN interface

Command ModeExec and Privileged Exec mode

ExampleThe following displays IGMPv3 statistical information for bridge 2.

ZebOS# show ip igmp snooping statistics interface vlan1.1

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 159

IGMP Snooping statistics for ge9Interface: ge10Group: 225.0.0.1Uptime: 00:00:09Group mode: Exclude (Expires: 00:04:10)Last reporter: 4.4.4.5Source list is empty

MLD CommandsThe Multicast Listener Discovery (MLD) module includes the MLD Proxy service and MLD Snooping functionalities. Some of the following commands may have commonalities and restrictions: these are described under the Usage section for each command.

clear ipv6 mldUse this command to clear all MLD local-memberships on all interfaces.

Command Syntaxclear ipv6 mld (vrf VRFNAME)

VRFNAME Optional. Specify the VRF name.

Command ModePrivileged Exec mode

UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.

ExampleZebOS# clear ipv6 mld vrf VRF_A

Related Commandsclear ipv6 mld groups, clear ipv6 mld interface

clear ipv6 mld groupsUse this command to clear MLD specific local-membership(s) on all interfaces.

Command Syntaxclear ipv6 mld (vrf VRFNAME) groups *|X:X::X:X

VRFNAME Optional. Specify the VRF name.* Clears all groups on all interfaces. This is an alias to the clear ipv6 mld command.X:X::X:X Specifies the group address’s local-membership to be cleared from all interfaces.

Command ModePrivileged Exec mode

GMP Multicast Commands

160 ©2001-2007 IP Infusion Inc. Confidential

UsageThis command applies to groups learned by MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.

ExamplesZebOS# clear ipv6 mld groups *ZebOS# clear ipv6 mld 224.1.1.1

Related Commandsclear ipv6 mld, clear ipv6 mld interface

clear ipv6 mld interfaceUse this command to clear MLD interface entries.

Command Syntaxclear ipv6 mld (vrf VRFNAME) interface IFNAME

VRFNAME Optional. Specify the VRF name.IFNAME Specifies name of the interface; all groups learned from this interface are deleted.

Command ModePrivileged Exec mode

UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.

ExampleZebOS# clear ipv6 mld interface eth1

Related Commandsclear ipv6 mld, clear ipv6 mld groups

debug mldUse this command to enable debugging of all MLD, or a specific component of MLD.

Use the no parameter with this command to disable all MLD debugging, or debugging of a specific component of MLD.

Command Syntaxdebug mld (vrf VRFNAME) all|decode|events|fsm|tib

no debug mld (vrf VRFNAME) all|decode|events|fsm|tib

VRFNAME Optional. Specify the VRF name.all debug all MLDdecode debug MLD decodingencode debug MLD encodingevents debug MLD eventsfsm debug MLD Finite State Machine (FSM)

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 161

tib debug MLD Tree Information Base (TIB)

Command ModePrivileged Exec mode and Configure mode

UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.

ExampleZebOS# configure terminalZebOS(config)# debug mld all

ipv6 mldUse this command to enable the MLD protocol operation on an interface. This command enables MLD protocol operation in stand-alone mode, and can be used to learn local-membership information prior to enabling a multicast routing protocol on the interface.

Use the no parameter with this command to return all MLD related configuration to the default (including MLD Snooping or MLD Proxy service).

Command Syntaxipv6 mld

no ipv6 mld

Command ModeInterface mode

DefaultDisabled

UsageThis command will has no effect on interfaces configured for MLD Proxy.

ExampleZebOS# configure terminalZebOS(config)# interface ethernet 0 ZebOS(config-if)# ipv6 mld

ipv6 mld access-group Use this command to control the multicast local-membership groups learnt on an interface.

Use the no parameter with this command to disable this access control.

Command Syntax

ipv6 mld access-group WORD

no ipv6 mld access-group

WORD Standard IPv6 access-list name.

GMP Multicast Commands

162 ©2001-2007 IP Infusion Inc. Confidential

Command ModeInterface mode

DefaultNo access list configured

UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.

ExamplesIn the following example, hosts serviced by Ethernet interface 0 can join the group ff0e::1/128 only:

ZebOS# configure terminalZebOS(config)# ipv6 access-list Group1 permit ff0e::1/128ZebOS(config)# interface fxp0 ZebOS(config-if)# ipv6 mld access-group Group1

Related CommandsNone

ipv6 mld immediate-leaveUse this command to minimize the leave latency of MLD memberships.

To disable this feature, use the no parameter with this command.

Command Syntaxipv6 mld immediate-leave group-list ACCESSLIST

no ipv6 mld immediate-leave

ACCESSLIST Standard IPv6 access-list name that defines multicast groups in which the immediate leave feature is enabled.

Command ModeInterface mode

DefaultDisabled

UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.

Use this command when only one receiver host is connected to each interface.

ExampleThe following example shows how to enable the immediate-leave feature on an interface for a specific range of multicast groups. In this example, the router assumes that the group access-list consists of groups that have only one node membership at a time per interface:

ZebOS# configure terminalZebOS(config)# interface eth 0

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 163

ZebOS(config-if)# ipv6 mld immediate-leave v6grpZebOS(config-if)# exit

Related Commandsipv6 mld last-member-query-interval

ipv6 mld last-member-query-countUse this command to set the last-member query-count value.

To return to the default value on an interface, use the no parameter with this command.

Command Syntaxipv6 mld last-member-query-count <2-7>

no ipv6 mld last-member-query-count

<2-7> last-member query-count value

Command ModeInterface mode

DefaultThe default last-member query-count value is 2.

UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.

ExampleZebOS# configure terminalZebOS(config)# interface ethernet 0 ZebOS(config-if)# ipv6 mld last-member-query-count 3

ipv6 mld last-member-query-intervalUse this command to configure the frequency at which the router sends MLD group-specific host query messages.

To set this frequency to the default value, use the no parameter with this command.

Command Syntaxipv6 mld last-member-query-interval INTERVAL

no ipv6 mld last-member-query-interval

INTERVAL = <1000-25500> Frequency (in milliseconds) at which MLD group-specific host query messages are sent.

Command ModeInterface mode

Default1000 milliseconds

GMP Multicast Commands

164 ©2001-2007 IP Infusion Inc. Confidential

UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.

ExamplesThe following example changes the MLD group-specific host query message interval to 2 seconds:

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 mld last-member-query-interval 2000

Related Commandsipv6 mld immediate-leave

ipv6 mld limitUse this command to configure the limit on the maximum number of group membership states at either the router level, or for the specified interface. Once the specified number of group memberships is reached, all further local-memberships will be ignored. Optionally, an exception access-list can be configured to specify the group-address(es) to be excluded from being subject to the limit.

Use the no parameter with this command to unset the limit and any specified exception access-list.

Command Syntaxipv6 mld (vrf VRFNAME) limit LIMITVALUE (except ACCESSLIST)

no ipv6 mld (vrf VRFNAME) limit

VRFNAME Optional. Specify the VRF name.LIMITVALUE <1-2097152> Maximum number of group membership statesACCESSLIST Standard IPv6 access-list name that defines multicast groups which are exempted from

being subject to the configured limit.

Command ModeGlobal Config mode and Interface mode

UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.

When configured for MLD Snooping, this command can be issued on only VLAN interfaces, and the limit applies individually to each of its constituent interfaces.

ExamplesThe following example configures an MLD limit of 100 group-membership states across all interfaces on which MLD is enabled, and excludes group 224.1.1.1 from this limitation:

ZebOS# configure terminalZebOS(config)# access-list 1 224.1.1.1 0.0.0.0ZebOS(config)# ipv6 mld limit 100 except v6grp

The following example configures an MLD limit of 100 group-membership states on eth0:

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 mld limit 100

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 165

Related Commandsipv6 mld immediate-leave

ipv6 mld mroute-proxyUse this command to specify the MLD Proxy service (upstream host-side) interface with which to be associated. MLD router-side protocol operation is enabled only when the specified upstream proxy-service interface is functional.

Use the no parameter with this command to remove the association with the proxy-service interface.

Command Syntaxipv6 mld mroute-proxy IFNAME

no ipv6 mld mroute-proxy

Command ModeInterface mode

UsageThis command should not be configured on interfaces enabled for MLD in association with a multicast routing protocol, otherwise, the behavior will be undefined.

ExampleThe following example configures the eth 0 interface as the upstream proxy-service interface for the downstream router-side interface, eth 1.

ZebOS# configure terminalZebOS(config)# interface eth 1ZebOS(config-if)# ipv6 mld mroute-proxy eth 0

ipv6 mld proxy-serviceUse this command to designate an interface to be the MLD proxy-service (upstream host-side) interface, thus enabling MLD host-side protocol operation on this interface. All associated downstream router-side interfaces will have their memberships consolidated on this interface, according to MLD host-side functionality.

Use the no parameter with this command to remove the designation of the interface as an upstream proxy-service interface.

Command Syntaxipv6 mld proxy-service

no ipv6 mld proxy-service

Command ModeInterface mode

UsageThis command should not be used when configuring interfaces enabled for MLD in association with a multicast-routing protocol, otherwise the behavior will be undefined.

GMP Multicast Commands

166 ©2001-2007 IP Infusion Inc. Confidential

ExampleThe following example designates the eth 0 interface as the upstream proxy-service interface.

ZebOS# configure terminalZebOS(config)# interface eth 0ZebOS(config-if)# ipv6 mld proxy-service

ipv6 mld querier-timeoutUse this command to configure the timeout period before the router takes over as the querier for the interface after the previous querier has stopped querying.

To restore the default value, use the no parameter with this command.

Command Syntaxipv6 mld querier-timeout TIMEOUT

no ipv6 mld querier-timeout

TIMEOUT = <60-300> Number of seconds that the router waits after the previous querier has stopped querying before it takes over as the querier.

Command ModeInterface mode

Default255 seconds

UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.

ExampleThe following example configures the router to wait 120 seconds from the time it received the last query before it takes over as the querier for the interface:

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 mld querier-timeout 120

Related Commandsipv6 mld query-interval

ipv6 mld query-intervalUse this command to configure the frequency of sending MLD host query messages.

To return to the default frequency, use the no parameter with this command.

Command Syntaxipv6 mld query-interval INTERVAL

no ipv6 mld query-interval

INTERVAL = <1-18000> Frequency (in seconds) at which MLD host query messages are sent.

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 167

Command ModeInterface mode

DefaultThe default query interval is 125 seconds.

UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.

ExampleThe following example changes the frequency of sending MLD host-query messages to 2 minutes:

ZebOS# configure terminalZebOS(config)# interface fxp0ZebOS(config-if)# ipv6 mld query-interval 120

Related Commandsipv6 mld querier-timeout

ipv6 mld query-max-response-time Use this command to configure the maximum response time advertised in MLD queries.

To restore the default value, use the no parameter with this command.

Command Syntaxipv6 mld query-max-response-time RESPONSETIME

no ipv6 mld query-max-response-time

RESPONSETIME = <1-240> Maximum response time (in seconds) advertised in MLD queries.

Command ModeInterface mode

Default10 seconds

UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.

ExampleThe following example configures a maximum response time of 8 seconds:

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 mld query-max-response-time 8

ipv6 mld robustness-variableUse this command to change the robustness variable value on an interface.

GMP Multicast Commands

168 ©2001-2007 IP Infusion Inc. Confidential

To return to the default value on an interface, use the no parameter with this command.

Command Syntaxipv6 mld robustness-variable <2-7>

no ipv6 mld robustness-variable

Command ModeInterface mode

DefaultThe default robustness variable value is 2.

UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.

ExampleZebOS# configure terminalZebOS(config)# interface ethernet 0 ZebOS(config-if)# ipv6 mld robustness-variable 3

ipv6 mld snoopingUse this command to enable MLD Snooping. When this command is given in the Global Config mode, MLD Snooping is enabled at the switch level. When this command is given at the VLAN interface level, MLD Snooping is enabled for that VLAN.

Use the no parameter with this command to globally disable MLD Snooping, or for the specified interface.

Command Syntaxipv6 mld (vrf VRFNAME) snooping

no ipv6 mld (vrf VRFNAME) snooping

VRFNAME Optional. Specify the VRF name.

Command ModeGlobal Config modeInterface mode for VLAN interface

DefaultMLD Snooping is enabled.

UsageThis MLD Snooping command can only be configured on VLAN interfaces

ExampleZebOS# configure terminalZebOS(config)# ipv6 mld snoopingZebOS(config)# interface vlan1.1ZebOS(config-if)# ipv6 mld snooping

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 169

ipv6 mld snooping fast-leaveUse this command to enable MLD Snooping fast-leave processing. Fast-leave processing is analogous to immediate-leave processing; the MLD group-membership is removed, as soon as an MLD leave group message is received without sending out a group-specific query.

Use the no parameter with this command to disable fast-leave processing.

Command Syntaxipv6 mld snooping fast-leave

no ipv6 mld snooping fast-leave

Command ModeInterface mode for VLAN interface

DefaultMLD Snooping fast-leave processing is disabled.

UsageThis MLD Snooping command can only be configured on VLAN interfaces.

ExampleThis example shows how to enable fast-leave processing on a VLAN.

ZebOS# configure terminalZebOS(config)# interface vlan1.1ZebOS(config-if)# ipv6 mld snooping fast-leave

ipv6 mld snooping mrouterUse this command to statically configure the specified VLAN constituent interface as a multicast router interface for MLD Snooping in that VLAN.

Use the no parameter with this command to remove the static configuration of the interface as a multicast router interface.

Command Syntaxipv6 mld snooping mrouter interface IFNAME

no ipv6 mld snooping mrouter interface IFNAME

IFNAME Specify the name of the interface

Command ModeInterface mode for VLAN interface

UsageThis MLD Snooping command can only be configured on VLAN interfaces.

ExampleThis example shows how to specify the next-hop interface to the multicast router.

GMP Multicast Commands

170 ©2001-2007 IP Infusion Inc. Confidential

ZebOS# configure terminalZebOS(config)# interface vlan1.1ZebOS(config-if)# ipv6 mld snooping mrouter interface fe8

ipv6 mld snooping querierUse this command to enable MLD querier operation on a subnet (VLAN) when no multicast routing protocol is configured in the subnet (VLAN). When enabled, the MLD Snooping querier sends out periodic MLD queries for all interfaces on that VLAN.

Use the no parameter with this command to disable MLD querier configuration.

Command Syntaxipv6 mld snooping querier

no ipv6 mld snooping querier

Command ModeInterface mode for VLAN interface

UsageThis command can only be configured on VLAN interfaces.

The MLD Snooping querier uses the 0.0.0.0 Source IP address because it only masquerades as a proxy MLD querier for faster network convergence.

It does not start, or automatically cease, the MLD Querier operation if it detects query message(s) from a multicast router.

It restarts as MLD Snooping querier if no queries are seen within the other querier interval.

ExampleZebOS# configure terminalZebOS(config)# interface vlan1.1ZebOS(config)# ipv6 mld snooping querier

ipv6 mld snooping report-suppressionUse this command to enable report suppression for MLD version 1.

Use the no parameter to disable report suppression.

Command Syntaxipv6 mld snooping report-suppression

no ipv6 mld snooping report-suppression

Command ModeInterface mode for VLAN interface

DefaultReport suppression does not apply to MLDv2, and is turned off by default for MLDv1 reports.

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 171

UsageThis MLD Snooping command can only be configured on VLAN interfaces.

ExampleThis example shows how to enable report suppression for MLDv1 reports.

ZebOS# configure terminalZebOS(config)# interface vlan1.1ZebOS(config-if)# ipv6 mld version 1ZebOS(config-if)# ipv6 mld snooping report-suppression

ipv6 mld ssm-map enableUse this command to enable SSM mapping on the router.

Use the no parameter with this command to disable SSM mapping.

Command Syntaxipv6 mld (vrf VRFNAME) ssm-map enable

no ipv6 mld (vrf VRFNAME) ssm-map enable

VRFNAME Optional. Specify the VRF name.

Command ModeGlobal Config mode

UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.

ExampleThis example shows how to enable MLD SSM mapping on the router.

ZebOS# configure terminalZebOS(config)# ipv6 mld ssm-map enable

Related Commandsipv6 mld ssm-map static

ipv6 mld ssm-map staticUse this command to specify the static mode of defining SSM mapping. SSM mapping statically assigns sources to MLDv1 groups to translate such (*,G) groups’ memberships to (S,G) memberships for use with PIM-SSM.

Use the no parameter with this command to remove the SSM map association.

Command Syntaxipv6 mld (vrf VRFNAME) ssm-map static WORD X:X::X:X

no ipv6 mld (vrf VRFNAME) ssm-map static WORD X:X::X:X

VRFNAME Optional. Specify the VRF name.WORD IPv6 named standard access-list.

GMP Multicast Commands

172 ©2001-2007 IP Infusion Inc. Confidential

X:X::X:X IPv6 address

Command ModeGlobal Config mode

UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.

ExampleThis example shows how to configure an SSM static mapping for group-address ff0e::1/128.

ZebOS# configure terminalZebOS(config)# ipv6 mld ssm-map static v6grp 2006::3ZebOS(config)# ipv6 access-list v6grp permit ff0e::1/128

Related Commandsipv6 mld ssm-map enable

ipv6 mld static-groupUse this command to statically configure IPv6 group membership entries on an interface. To statically add only a group membership, do not specify any parameters.

Use the no parameter with this command to delete static group membership entries.

Command Syntaxipv6 mld static-group X:X::X:X (source [Y:Y::Y:Y|ssm-map]) (interface IFNAME)

no ipv6 mld static-group X:X::X:X (source [Y:Y::Y:Y|ssm-map]) (interface IFNAME)

X:X::X:X Standard IPv6 Multicast group address to be configured as a static group member.source Optional.

Y:Y::Y:Y Standard IPv6 source address to be configured as a static source from where multicast packets originate.

ssm-map Mode of defining SSM mapping. SSM mapping statically assigns sources to MLDv1 groups to translate these (*,G) groups' memberships to (S,G) memberships for use with PIM-SSM.

interface Optional. Physical interface. Use this parameter on VLAN interfaces when static configuration is required for MLD snooping. If used, static configuration is applied to the physical interface specified in IFNAME. If not used, static configuration is applied on all VLAN constituent interfaces.

IFNAME Physical interface name.

Command ModeInterface mode

UsageThis command applies to MLD operation on a specific interface to statically add group and/or source records; or to MLD Snooping on a VLAN interface to statically add group and/or source records.

ExamplesThe following examples show how to statically add group and/or source records for MLD:

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 173

ZebOS# configure terminalZebOS(config)#interface eth0ZebOS(config-if)# ipv6 mld static-group ff1e::10

ZebOS# configure terminalZebOS(config)#interface eth0ZebOS(config-if)# ipv6 mld static-group ff1e::10 source fe80::2fd:6cff:fe1c:b

ZebOS# configure terminalZebOS(config)#interface eth0ZebOS(config-if)# ipv6 mld static-group ff1e::10 source ssm-map

The following examples show how to statically add group and/or source records for MLD Snooping:

ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ipv6 mld static-group ff1e::10

ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ipv6 mld static-group ff1e::10 source fe80::2fd:6cff:fe1c:b

ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ipv6 mld static-group ff1e::10 source ssm-map

ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ipv6 mld static-group ff1e::10 interface eth0

ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ipv6 mld static-group ff1e::10 source fe80::2fd:6cff:fe1c:b interface eth0

ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ipv6 mld static-group ff1e::10 source ssm-map interface eth0

ipv6 mld versionUse this command to set the current MLD protocol version on an interface.

To return to the default version on an interface, use the no parameter with this command.

Command Syntaxipv6 mld version <1-2>

no ipv6 mld version

<1-2> MLD protocol version number

Command ModeInterface mode

GMP Multicast Commands

174 ©2001-2007 IP Infusion Inc. Confidential

DefaultThe default MLD protocol version number is 2.

UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.

ExampleZebOS# configure terminalZebOS(config)# interface ethernet 0 ZebOS(config-if)# ipv6 mld version 1

show ipv6 mld groupsUse this command to display the multicast groups with receivers directly connected to the router, and learned through MLD.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ipv6 mld (vrf VRFNAME) groups (X:X::X:X |IFNAME detail)

VRFNAME Optional. Specify the VRF name.X:X::X:X Address of the multicast group. IFNAME Interface name for which to display local information.

Command ModeExec mode and Privileged Exec mode

ExampleThe following command displays local-membership information for all interfaces:

ZebOS# show ipv6 mld groupsMLD Connected Group MembershipGroup Address Interface Uptime Expires Last Reporterff1e::10 ge10 00:03:16 00:01:09 fe80::202:b3ff:fef0:79d8

show ipv6 mld interfaceUse this command to display the state of MLD, MLD Proxy service, and MLD Snooping for a specified interface, or all interfaces.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ipv6 mld (vrf VRFNAME) interface IFNAME

VRFNAME Optional. Specify the VRF name.IFNAME Interface name

GMP Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 175

Command ModeExec mode and Privileged Exec mode

ExampleThe following displays MLD interface status on all interfaces enabled for MLD.

ZebOS# show ipv6 mld interfaceInterface eth1 (Index 2) MLD Enabled, Active, Querier, Version 2 (default) Internet address is fe80::2fd:6cff:fe1c:b MLD interface has 0 group-record states MLD activity: 0 joins, 0 leaves MLD query interval is 125 seconds MLD querier timeout is 255 seconds MLD max query response time is 10 seconds Last member query response interval is 1000 milliseconds Group Membership interval is 260 seconds

show ipv6 mld snooping mrouterUse this command to display the multicast router interfaces, both configured and learned, in a VLAN.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ipv6 mld (vrf VRFNAME) snooping mrouter interface IFNAME

VRFNAME Optional. Specify the VRF name.IFNAME The name of the VLAN interface

Command ModeExec and Privileged Exec mode

ExampleThe following displays the multicast router interfaces in VLAN 1.1

ZebOS# show ipv6 mld snooping mrouter vlan1.1VLAN Interface1 ge91 ge11

GMP Multicast Commands

176 ©2001-2007 IP Infusion Inc. Confidential

show ipv6 mld snooping statisticsUse this command to display MLD Snooping statistics data.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ipv6 mld (vrf VRFNAME) snooping statistics interface IFNAME

VRFNAME Optional. Specify the VRF name.IFNAME The name of the VLAN interface

Command ModeExec and Privileged Exec mode

ExampleThe following displays MLDv2 statistical information for bridge 2.

ZebOS# show ipv6 mld snooping statisticsInterface: ge10Group: ff1e::10Uptime: 00:00:13Group mode: IncludeLast reporter: fe80::202:b3ff:fef0:79d8Group source list: (R - Remote, M - SSM Mapping) Source Address Uptime v2 Exp Fwd Flags 7ffe::4 00:00:13 00:04:06 Yes R

©2001-2007 IP Infusion Inc. Confidential 177

CHAPTER 8 NSM Multicast Commands

This chapter contains NSM Multicast related commands in alphabetical order. For IGMP and MLD specific Multicast commands, see Chapter 7, GMP Multicast Commands.

clear ip mrouteUse this command to delete entries from the IP multicast routing table.

Command Syntaxclear ip mroute (vrf VRFNAME) [*|GROUP_SRC_ADD]

VRFNAME Optional. Specify the VRF name.* = Deletes all multicast routesGROUP_SRC_ADD = GRPADD (SRCADD) Group IP address

GRPADD A.B.C.D Group IP address.SRCADD A.B.C.D Source IP address.

Command ModePrivileged Exec mode

UsageWhen this command is used, the MRIB clears the multicast route entries in its multicast route table, and removes the entries from the multicast forwarder. The MRIB sends a clear message to the multicast protocols. Each multicast protocol has its own clear multicast route command. The protocol-specific clear command clears multicast routes from the protocol, and also clears the routes from the MRIB.

ExampleZebOS# clear ip mroute vrf VRF_A 225.1.1.1 3.3.3.3

clear ip mroute statisticsUse this command to delete multicast route statistics entries from the IP multicast routing table.

Command Syntaxclear ip mroute (vrf VRFNAME) statistics [*|GRP_SRC_ADD]

VRFNAME Optional. Specify the VRF name.* All multicast route entries.GRP_SRC_ADD GRPADD (SRCADD) Group IP address.

GRPADD A.B.C.D Group IP addressSRCADD A.B.C.D Source IP address.

Command ModePrivileged Exec mode

NSM Multicast Commands

178 ©2001-2007 IP Infusion Inc. Confidential

ExampleZebOS# clear ip mroute statistics 225.1.1.2 4.3.4.4

clear ipv6 mrouteUse this command to delete entries from the IPv6 multicast routing table.

Command Syntaxclear ipv6 mroute (vrf VRFNAME) [*|GRP_SRC_ADD]

VRFNAME Optional. Specify the VRF name.* = Deletes all multicast routesGRP_SRC_ADD = GRPADD (SRCADD) Group IP address

GRPADD X:X::X:X Group IPv6 address.SRCADD X:X::X:X Source IP address.

Command ModePrivileged Exec mode

UsageWhen this command is used, the MRIB clears the multicast route entries in its multicast route table, and removes the entries from the multicast forwarder. The MRIB sends a clear message to the multicast protocols. Each multicast protocol has its own clear multicast route command.

ExampleZebOS# clear ipv6 mroute ff1e::10 3ffe::1

clear ipv6 mroute statisticsUse this command to delete multicast route statistics entries from the IPv6 multicast routing table.

Command Syntaxclear ipv6 mroute (vrf VRFNAME) statistics [*|GRP_SRC_ADD]

VRFNAME Optional. Specify the VRF name.* All multicast route entries.GRP_SRC_ADD GRPADD (SRCADD) Group IP address.

GRPADD X:X::X:X Group IP addressSRCADD X:X::X:X Source IP address.

Command ModePrivileged Exec mode

ExampleZebOS# clear ipv6 mroute ff1e::100 3ffe::3

debug nsm mcastUse this command to debug events in the multicast RIB.

NSM Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 179

Command Syntaxdebug nsm mcast (vrf VRFNAME) (all|fib-msg|mrt|register|stats|vif)

VRFNAME Optional. Specify the VRF name.all All IPv4 multicast debugging.fib-msg Multicast FIB messages.mrt Multicast routes.register Multicast PIM register messages.stats Multicast statistics.vif Multicast interface.

Command Mode Privileged Exec and Configure mode

ExampleZebOS# configure terminalZebOS(config)# debug nsm mcast register

ip mrouteUse this command to create a multicast static route. Use the no form of this command to clear the route.

Multicast static routes are unicast routes which allow multicast and unicast topologies to be incongruous. These routes are used by multicast routing protocols to perform reverse-path forwarding (RPF) checks.

Command Syntaxip mroute SRCADD/MASKLEN (PROTOCOL) RPFADD|INTERFACE (DISTANCE)

ip mroute SRCADD/MASKLEN (PROTOCOL)

SRCADD = A.B.C.D Specifies multicast source IP addressMASKLEN = <0-32> Specifies multicast source IP address mask lengthPROTOCOL Unicast routing protocol.

bgp BGPisis IS-ISospf OSPFrip RIPstatic

RPFADD = A.B.C.D RPF address for the multicast route. The host IP address can be a directly connected system or a remote system. When it is a remote system, a recursive lookup is done from the unicast routing table to find a directly connected system; the recursive lookup is done up to only one level.

INTERFACE Incoming interface name. Can only be specified for non-broadcast interfaces.DISTANCE Specifies whether a unicast route or multicast static route is used for the RPF lookup. Lower

distances have preference. If the multicast static route has the same distance as the other RPF sources, the multicast static route takes precedence. Default is 0. Range is 0-255.

Command ModeConfigure mode

NSM Multicast Commands

180 ©2001-2007 IP Infusion Inc. Confidential

ExamplesThe following example configures all sources via a single interface (in this case, a tunnel):

ZebOS# configure terminalZebOS(config)# ip mroute 10.10.10.50 255.255.255.0 tunnel1

The following example configures all specific sources within a network number to be accessible through 10.10.10.50:

ZebOS# configure terminalZebOS(config)# ip mroute 192.168.3.0 255.255.255.0 10.10.10.50

Validation Commandsshow ip rpf

ip multicast route-limitUse this command to limit the number of multicast routes that can be added to a multicast routing table.

Use the no parameter with this command to disable this configuration.

Command Syntax(no) ip multicast (vrf VRFNAME) route-limit LIMIT (THRESHOLD)

VRFNAME Optional. Specify the VRF name.LIMIT = <1-2147483647> Number of routes.THRESHOLD = <1-2147483647> Threshold at which to generate a warning message.

Command ModeConfigure mode

DefaultThe default limit and threshold value is 2147483647.

UsageThis command limits the number of multicast routes (mroutes) that can be added to a router, and generates an error message when the limit is exceeded. If the threshold parameter is set, a threshold warning message is generated when this threshold is exceeded, and the message continues to occur until the number of mroutes reaches the limit set by the limit argument.

Note: The mroute warning threshold must not exceed the mroute limit.

ExampleZebOS# configure terminalZebOS(config)# ip multicast route-limit 34 24

ip multicast ttl-thresholdUse this command to configure the time-to-live (TTL) threshold of packets being forwarded out of an interface.

Use the no parameter with this command to return to the default TTL threshold.

Command Syntaxip multicast ttl-threshold TTL

NSM Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 181

no ip multicast ttl-threshold

TTL <0-255> The time-to-live threshold.

Command ModeInterface mode

DefaultThe default TTL value is 1.

UsageOnly multicast packets with a TTL value greater than the threshold are forwarded out of the interface.

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ip multicast ttl-threshold 34

ip multicast-routingUse this command to turn on/off multicast routing on the router; when turned off, the multicast protocol daemon remains present, but does not perform multicast functions.

Use the no parameter with this command to disable this function.

Command Syntax(no) ip multicast-routing (vrf VRFNAME)

VRFNAME Optional. Specify the VRF name.

Command ModeConfigure mode

DefaultBy default, multicast routing is on.

UsageWhen the no parameter is used with this command, the MRIB releases all VIFs and tunnels, cleans up MRTs, stops IGMPv2 operation, and stops relaying multicast forwarder events to multicast protocols.

When multicast routing is enabled, the MRIB re-creates tunnels, and starts processing any VIF addition/deletion requests, MRT addition/deletion requests, and any multicast forwarding events.

ExampleZebOS# configure terminalZebOS(config)# ip multicast-routing

ipv6 mrouteUse this command to create a multicast static route. Use the no form of this command to clear the route.

NSM Multicast Commands

182 ©2001-2007 IP Infusion Inc. Confidential

Multicast static routes are unicast routes which allow multicast and unicast topologies to be incongruous. These routes are used by multicast routing protocols to perform reverse-path forwarding (RPF) checks.

Command Syntaxipv6 mroute SRCADD/MASKLEN (PROTOCOL) RPFADD|INTERFACE (DISTANCE)

no ipv6 mroute SRCADD/MASKLEN (PROTOCOL)

SRCADD = X:X::X:X Specifies multicast source IPv6 addressMASKLEN = <0-128> Specifies multicast source IPv6 address mask lengthPROTOCOL Unicast routing protocol.

bgp BGPisis IS-ISospf OSPFrip RIPstatic

RPFADD = X:X::X:X RPF address for the multicast route. The host IPv6 address can be a directly connected system, or a remote system. When it is a remote system, a recursive lookup is done from the unicast routing table to find a directly connected system; the recursive lookup is done only up to one level.

INTERFACE Incoming interface name. Can only be specified for non-broadcast interfaces.DISTANCE Specifies whether a unicast route or multicast static route is used for the RPF lookup. Lower

distances have preference. If the multicast static route has the same distance as the other RPF sources, the multicast static route takes precedence. Default is 0. Range is 0-255.

Command ModeConfigure mode

Validation Commandsshow ipv6 rpf

ipv6 multicast route-limitUse this command to limit the number of IPv6 multicast routes that can be added to a multicast routing table.

Use the no parameter with this command to disable this configuration.

Command Syntax(no) ipv6 multicast (vrf VRFNAME) route-limit LIMIT (THRESHOLD)

VRFNAME Optional. Specify the VRF name.LIMIT = <1-2147483647> Number of routes.THRESHOLD = <1-2147483647> Threshold at which to generate a warning message.

Command ModeConfigure mode

DefaultThe default limit and threshold value is 2147483647.

NSM Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 183

UsageThis command limits the number of IPv6 multicast routes that can be added to a router, and generates an error message when the limit is exceeded. If the threshold parameter is set, a threshold warning message is generated when this threshold is exceeded, and the message continues to occur until the number of mroutes reaches the limit set by the limit argument.

Note: The mroute warning threshold must not exceed the mroute limit.

ExampleZebOS# configure terminalZebOS(config)# ipv6 multicast route-limit 34 34

ipv6 multicast-routingUse this command to turn on/off IPv6 multicast routing on the router; when turned off, the multicast protocol daemon remains present, but does not perform multicast functions.

Use the no parameter with this command to disable this function.

Command Syntax(no) ipv6 multicast-routing (vrf VRFNAME)

VRFNAME Optional. Specify the VRF name.

Command ModeConfigure mode

DefaultBy default, multicast routing is on.

UsageWhen the no parameter is used with this command, the MRIB releases all VIFs and tunnels, cleans up MRTs, stops IGMPv2 operation, and stops relaying multicast forwarder events to multicast protocols.

When multicast routing is enabled, the MRIB re-creates tunnels, and starts processing any VIF addition/deletion requests, MRT addition/deletion requests, and any multicast forwarding events.

ExampleZebOS# configure terminalZebOS(config)# ipv6 multicast-routing

show ip mrouteUse this command to display the contents of the IP multicast routing (mroute) table.

Command Syntaxshow ip mroute (vrf VRFNAME) (GRPADD) (SRCADD) (dense|sparse)

VRFNAME Optional. Specify the VRF name.GRPADD Group IP address.SRCADD Source IP address.dense Display dense multicast routes.

NSM Multicast Commands

184 ©2001-2007 IP Infusion Inc. Confidential

sparse Display sparse multicast routes.

Command ModeExec and Privileged Exec mode

UsageThe following is a sample output of this command displaying the IP multicast routing table, with and without specifying the group and source IP address:

ZebOS# show ip mrouteIP Multicast Routing TableFlags: I - Immediate Stat, T - Timed Stat, F - Forwarder installedTimers: Uptime/Stat ExpiryInterface State: Interface (TTL) (10.10.1.52, 224.0.1.3), uptime 00:00:31, stat expires 00:02:59Owner PIM-SM, Flags: TF Incoming interface: wm0 Outgoing interface list: wm1 (1)ZebOS# show ip mroute 10.10.1.52 224.0.1.3 IP Multicast Routing TableFlags: I - Immediate Stat, T - Timed Stat, F - Forwarder installedTimers: Uptime/Stat ExpiryInterface State: Interface (TTL) (10.10.1.52, 224.0.1.3), uptime 00:03:24, stat expires 00:01:28Owner PIM-SM, Flags: TF Incoming interface: wm0 Outgoing interface list: wm1 (1)

ExampleZebOS# show ip mroute 10.10.3.34 224.1.4.3

show ip mroute countUse this command to display the route and packet count from the IP multicast routing (mroute) table.

Command Syntaxshow ip mroute (vrf VRFNAME) (GRPADD) (SRCADD) (dense|sparse) count

show ip mroute count

VRFNAME Optional. Specify the VRF name.GRPADD = Group IP address.SRCADD = Source IP address.dense Display dense multicast routes.sparse Display sparse multicast routes.count Route and packet count data.

NSM Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 185

Command ModeExec and Privileged Exec mode

UsageThe following is a sample output of this command displaying the packet count from the IP multicast routing table:

ZebOS# show ip mroute count IP Multicast StatisticsTotal 1 routes using 132 bytes memoryRoute limit/Route threshold: 2147483647/2147483647Total NOCACHE/WRONGVIF/WHOLEPKT recv from fwd: 1/0/0Total NOCACHE/WRONGVIF/WHOLEPKT sent to clients: 1/0/0Immediate/Timed stat updates sent to clients: 0/0Reg ACK recv/Reg NACK recv/Reg pkt sent: 0/0/0Next stats poll: 00:01:10 Forwarding Counts: Pkt count/Byte count, Other Counts: Wrong If pktsFwd msg counts: WRONGVIF/WHOLEPKT recvClient msg counts: WRONGVIF/WHOLEPKT/Imm Stat/Timed Stat sentReg pkt counts: Reg ACK recv/Reg NACK recv/Reg pkt sent (10.10.1.52, 224.0.1.3), Forwarding: 2/19456, Other: 0 Fwd msg: 0/0, Client msg: 0/0/0/0, Reg: 0/0/0

ExampleZebOS# show ip mroute 10.10.5.24 225.2.2.2 count

show ip mroute summaryUse this command to display the contents of the IP multicast routing (mroute) table in an abbreviated form.

Command Syntaxshow ip mroute (vrf VRFNAME) (GRPADD) (SRCADD) (dense|sparse) summary

show ip mroute summary

VRFNAME Optional. Specify the VRF name.GRPADD = Group IP address.SRCADD = Source IP address.dense Display dense multicast routes.sparse Display sparse multicast routes.summary = Provide abbreviated display.

Command ModeExec and Privileged Exec mode

UsageThe following is a sample output for this command displaying the IP multicast routing table in an abbreviated form:

ZebOS# show ip mroute summary IP Multicast Routing Table

NSM Multicast Commands

186 ©2001-2007 IP Infusion Inc. Confidential

Flags: I - Immediate Stat, T - Timed Stat, F - Forwarder installedTimers: Uptime/Stat ExpiryInterface State: Interface (TTL) (10.10.1.52, 224.0.1.3), 00:01:32/00:03:20, PIM-SM, Flags: TF

ExampleZebOS# show ip mroute 10.10.1.34 summary

show ip mvifUse this command to display the contents of the MRIB VIF table.

Command Syntaxshow ip mvif (vrf VRFNAME) (IFNAME)

VRFNAME Optional. Specify the VRF name.

Command ModeExec and Privileged Exec mode

UsageThe following are sample outputs of this command displaying the contents for the MRIB VIF table, both with and without the interface parameter specified:

ZebOS# show ip mvif Interface Vif Owner TTL Local Remote Uptime Idx Module Address Addresswm0 0 PIM-SM 1 192.168.1.53 0.0.0.0 00:04:26Register 1 1 192.168.1.53 0.0.0.0 00:04:26wm1 2 PIM-SM 1 192.168.10.53 0.0.0.0 00:04:25ZebO# show ip mvif wm0Interface Vif Owner TTL Local Remote Uptime Idx Module Address Addresswm0 0 PIM-SM 1 192.168.1.53 0.0.0.0 00:05:17

ExampleZebOS# show ip mvif wm0

show ip rpfUse this command to display RPF information for the specified source address.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ip rpf SRCADD

SRCADD = A.B.C.D Specifies source IP address

NSM Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 187

Command ModeExec mode and Privileged Exec mode

ExamplesZebOS# show ip rpf 10.10.10.50

show ipv6 mifUse this command to display the contents of the MRIB VIF table.

Command Syntaxshow ipv6 mif (vrf VRFNAME) (IFNAME)

VRFNAME Optional. Specify the VRF name.

Command ModeExec and Privileged Exec mode

UsageThe following are sample outputs of this command displaying the MRIB VIF table, with and without the interface parameter:

ZebOS# show ipv6 mifInterface Mif Owner Uptime Idx Modulewm0 0 PIM-SMv6 00:17:18Register 1 00:17:18wm1 2 PIM-SMv6 00:17:18ZebOS# show ipv6 mif wm0Interface Mif Owner Uptime Idx Modulewm0 0 PIM-SMv6 00:19:06

ExampleZebOS# show ipv6 mif wm0

show ipv6 mrouteUse this command to display the contents of the IPv6 multicast routing (mroute) table.

Command Syntaxshow ipv6 mroute (vrf VRFNAME) (GRPADD) (SRCADD) (dense|sparse)

VRFNAME Optional. Specify the VRF name.GRPADD = Group IPv6 address.SRCADD = Source IPv6 address.dense Display dense multicast routes.sparse Display sparse multicast routes.

NSM Multicast Commands

188 ©2001-2007 IP Infusion Inc. Confidential

Command ModeExec and Privileged Exec mode

UsageThe following is a sample output for this command displaying the IPv6 multicast routing table:

ZebOS# show ipv6 mroute IPv6 Multicast Routing TableFlags: I - Immediate Stat, T - Timed Stat, F - Forwarder installedTimers: Uptime/Stat ExpiryInterface State: Interface (3ffe:10:10:1::96, ff1e::10), uptime 00:00:09, stat expires 00:03:21Owner PIM-SMv6, Flags: TF Incoming interface: wm0 Outgoing interface list: wm1 (3ffe:10:10:1::96, ff1e::12), uptime 00:00:02, stat expires 00:03:28Owner PIM-SMv6, Flags: TF Incoming interface: wm0 Outgoing interface list: wm1

ExampleZebOS# show ipv6 mroute 3ffe:10:10:1::90 ff1e::15

show ipv6 mroute countUse this command to display the route and packet count from the IP multicast routing (mroute) table.

Command Syntaxshow ipv6 mroute (vrf VRFNAME) (GRPADD) (SRCADD) (dense|sparse) count

show ipv6 mroute count

VRFNAME Optional. Specify the VRF name.GRPADD = Group IPv6 address.SRCADD = Source IPv6 address.dense Display dense multicast routes.sparse Display sparse multicast routes.count Route and packet count data.

Command ModeExec and Privileged Exec mode

UsageThe following is a sample output for this command displaying route and packet count data from the IP multicast routing table:

NSM Multicast Commands

©2001-2007 IP Infusion Inc. Confidential 189

ZebOS# show ipv6 mroute count IPv6 Multicast StatisticsTotal 2 routes using 312 bytes memoryRoute limit/Route threshold: 2147483647/2147483647Total NOCACHE/WRONGmif/WHOLEPKT recv from fwd: 2/0/0Total NOCACHE/WRONGmif/WHOLEPKT sent to clients: 2/0/0Immediate/Timed stat updates sent to clients: 0/0Reg ACK recv/Reg NACK recv/Reg pkt sent: 0/0/0Next stats poll: 00:00:36 Forwarding Counts: Pkt count/Byte count, Other Counts: Wrong If pktsFwd msg counts: WRONGmif/WHOLEPKT recvClient msg counts: WRONGmif/WHOLEPKT/Imm Stat/Timed Stat sentReg pkt counts: Reg ACK recv/Reg NACK recv/Reg pkt sent (3ffe:10:10:1::96, ff1e::10), Forwarding: 1/0, Other: 0 Fwd msg: 0/0, Client msg: 0/0/0/0, Reg: 0/0/0 (3ffe:10:10:1::96, ff1e::12), Forwarding: 1/0, Other: 0 Fwd msg: 0/0, Client msg: 0/0/0/0, Reg: 0/0/0

ExampleZebOS# show ipv6 mroute 3ffe:10:20:2::92 ff1e::12 count

show ipv6 mroute summaryUse this command to display the contents of the IPv6 multicast routing (mroute) table in an abbreviated form.

Command Syntaxshow ipv6 mroute (vrf VRFNAME) (GRPADD) (SRCADD) (dense|sparse) summary

show ipv6 mroute summary

VRFNAME Optional. Specify the VRF name.GRPADD = Group IPv6 address.SRCADD = Source IPv6 address.dense Display dense multicast routes.sparse Display sparse multicast routes.summary = Provide abbreviated display.

Command ModeExec and Privileged Exec mode

UsageThe following is a show output of this command displaying an abbreviated version of the IP multicast routing table contents.

ZebOS# show ipv6 mroute summary IPv6 Multicast Routing Table

NSM Multicast Commands

190 ©2001-2007 IP Infusion Inc. Confidential

Flags: I - Immediate Stat, T - Timed Stat, F - Forwarder installedTimers: Uptime/Stat ExpiryInterface State: Interface (3ffe:10:10:1::96, ff1e::10), 00:00:10/00:03:20, PIM-SMv6, Flags: TF (3ffe:10:10:1::96, ff1e::12), 00:00:03/00:03:27, PIM-SMv6, Flags: TF

ExampleZebOS# show ipv6 mroute 3ffe:10:10:1::70 ff1e::6 summary

show ipv6 rpfUse this command to display RPF information for the specified source address.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow ipv6 rpf SRCADD

SRCADD = X:X::X:X Specifies source IPv6 address

Command ModeExec mode and Privileged Exec mode

ExamplesZebOS# show ipv6 rpf 3ffe::1

©2001-2007 IP Infusion Inc. Confidential 191

CHAPTER 9 NSM Traffic Engineering (TE) Commands

reservable-bandwidth Use this command to specify the maximum reservable bandwidth per interface. This value can be a larger or smaller value than max-bandwidth. When no max-reservable-bandwidth is specified, the default is equal to the max-bandwidth. Use the no parameter to remove the maximum reservable, and use the maximum bandwidth.

This command is available only when Traffic Engineering is enabled at build time. Use any of these switches to turn on TE: --enable te; --enable ospf-te; --enable cspf.

Command Syntaxreservable-bandwidth BANDWIDTH

BANDWIDTH = <1-999> k|m|g for 1 to 999 kilo bits, mega bits or giga bits.

Command ModeInterface mode

Usageinterface eth0reservable-bandwidth 100m

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# reservable-bandwidth 100m

Related Commandsbandwidth

NSM Traffic Engineering (TE) Commands

192 ©2001-2007 IP Infusion Inc. Confidential

©2001-2007 IP Infusion Inc. Confidential 193

CHAPTER 10 NSM DiffServ Commands

This chapter contains DiffServ commands in alphabetical order. These commands are available only if ZebOS is compiled with the --enable-diffserv configuration option.

mpls class-to-exp-bitUse this command to configure the node level PHB-EXP mapping.

Use the no parameter with this command to remove the configuration of a PHB-EXP mapping.

Command Syntax(no) mpls class-to-exp-bit CLASS <0-7>

CLASS Diffserv class mapped to particular PHB. For example, be, ef, af11 etc.<0-7> EXP bit mapped to the specified PHB.

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# mpls class-to-exp-bit ef 3

mpls support-diffserv-classUse this command to configure the supported Diffserv class.

Use the no parameter with this command to remove the configuration of the supported Diffserv class.

Command Syntax(no) mpls support-diffserv-class CLASS

CLASS Diffserv class mapped to the specified PHB. For example, ef, be, af11 etc.

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# mpls support-diffserv-class af11

show mpls diffservUse this command to display Diffserv configuration information.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

NSM DiffServ Commands

194 ©2001-2007 IP Infusion Inc. Confidential

Command Syntaxshow mpls diffserv

Command ModePrivileged Exec mode

UsageThe diffserv configuration information displayed by this command includes:

• All configurable Diffserv classes that can be used as PHB/PSC.

• PHB/PSC supported by this node.

• Node level PHB-EXP mapping.

Following is a sample output of the show mpls diffserv command showing diffserv configuration information.

ZebOS# show mpls diffservMPLS Differentiated Services Configurable Classes list:DSCP Class: be, value: 000000DSCP Class: cs1, value: 001000DSCP Class: af11, value: 001010DSCP Class: af12, value: 001100DSCP Class: af13, value: 001110DSCP Class: cs2, value: 010000DSCP Class: af21, value: 010010DSCP Class: af22, value: 010100DSCP Class: af23, value: 010110DSCP Class: cs3, value: 011000DSCP Class: af31, value: 011010DSCP Class: af32, value: 011100DSCP Class: af33, value: 011110DSCP Class: cs4, value: 100000DSCP Class: af41, value: 100010DSCP Class: af42, value: 100100DSCP Class: af43, value: 100110DSCP Class: cs5, value: 101000DSCP Class: ef, value: 101110DSCP Class: cs6, value: 110000DSCP Class: cs7, value: 111000

MPLS Differentiated Services Supported Classes data:CLASS DSCP_value be 000000af11 001010af12 001100 cs5 101000

MPLS Differentiated Services CLASS to EXP mapping data:CLASS DSCP_value EXP_value be 000000 0 be 000000 2af12 001100 3

NSM DiffServ Commands

©2001-2007 IP Infusion Inc. Confidential 195

ExamplesZebOS# show mpls diffserv

show mpls diffserv class-to-expUse this command to display the node level PHB-EXP mapping.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls diffserv class-to-exp

Command ModePrivileged Exec mode

UsageFollowing is a sample output of the show mpls diffserv class-to-exp command showing PHB-EXP mapping at the node level.

ZebOS# show mpls diffserv class-to-expMPLS Differentiated Services CLASS to EXP mapping data:CLASS DSCP_value EXP_value be 000000 0 be 000000 2af12 001100 3

ExamplesZebOS# show mpls diffserv class-to-exp

show mpls diffserv configurable-dscpUse this command to display all configurable DSCP values which can be used as PHB/PSC by this node.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls diffserv configurable-dscp

Command ModePrivileged Exec mode

UsageFollowing is a sample output of the show mpls diffserv configurable-dscp command showing all configurable diffserv DSCP values.

ZebOS# show mpls diffserv configurable-dscpMPLS Differentiated Services Configurable Classes list:DSCP Class: be, value: 000000DSCP Class: cs1, value: 001000

NSM DiffServ Commands

196 ©2001-2007 IP Infusion Inc. Confidential

DSCP Class: af11, value: 001010DSCP Class: af12, value: 001100DSCP Class: af13, value: 001110DSCP Class: cs2, value: 010000DSCP Class: af21, value: 010010DSCP Class: af22, value: 010100DSCP Class: af23, value: 010110DSCP Class: cs3, value: 011000DSCP Class: af31, value: 011010DSCP Class: af32, value: 011100DSCP Class: af33, value: 011110DSCP Class: cs4, value: 100000DSCP Class: af41, value: 100010DSCP Class: af42, value: 100100DSCP Class: af43, value: 100110DSCP Class: cs5, value: 101000DSCP Class: ef, value: 101110DSCP Class: cs6, value: 110000DSCP Class: cs7, value: 111000

ExamplesZebOS# show mpls diffserv configurable-dscp

show mpls diffserv supported-dscpUse this command to display supported DSCP values that can be used as PHB/PSC by this node.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls diffserv supported-dscp

Command ModePrivileged Exec mode

UsageFollowing is a sample output of the show mpls diffserv supported-dscp command showing the supported diffserv DSCP value.

ZebOS# show mpls diffserv supported-dscpMPLS Differentiated Services Supported Classes data:CLASS DSCP_value be 000000 af11 001010 af12 001100 cs5 101000

ExamplesZebOS# show mpls diffserv supported-dscp

©2001-2007 IP Infusion Inc. Confidential 197

CHAPTER 11 NSM DiffServ-TE Commands

bandwidth-constraintUse this command to configure the bandwidth constraint for a class type on the current interface.

Use the no parameter with this command to remove the bandwidth constraint of a class type on the current interface.

Command Syntax(no) bandwidth-constraint CT-NAME BANDWIDTH

CT-NAME Specifies the DS-TE class type name associated with the bandwidth.BANDWIDTH Specifies the bandwidth constraint <1-10000000000 bits>. Usable units are k|m|g for

kilo, mega or giga bits. The default value is 0.

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# bandwidth-constraint a1 100m

bc-modeUse this command to configure the bandwidth constraint mode for the current interface. There are three different modes available--MAM, RSDL and MAR.

Command Syntaxbc-mode MODE

MODE Specifies the bandwidth constraint mode: MAM, RSDL or MAR. MAM is the default mode.

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# bc-mode mam

mpls class-typeUse this command to configure the name for a class type. Defining the class type name enables and configures the class type on a particular node.

Use the no parameter with this command to remove the class type configuration.

NSM DiffServ-TE Commands

198 ©2001-2007 IP Infusion Inc. Confidential

Command Syntax (no) mpls class-type CLASS-TYPE CLASS-TYPE-NAME

CLASS-TYPE Class type to be configured (ct0-ct7).CLASS-TYPE-NAME Name to be configured for the specified class type.

Command ModeConfigure mode

Examples ZebOS# configure terminalZebOS(config)# mpls class-type ct1 a1

mpls te-classUse this command to configure a TE class using the class type name and the pre-emption priority.

Use the no parameter with this command to remove the TE class configuration.

Command Syntax(no) mpls te-class TE-CLASS CLASS-TYPE-NAME <0-7>

TE-CLASS Specifies DiffServ TE class (te0-te7).CLASS-TYPE-NAME Specifies class type name. <0-7> Pre-emption priority.

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(configure)# mpls te-class te3 default 6

show mpls dsteUse this command to display the DS-TE configuration information on this node. It displays information about the configured class types and TE classes.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntax show mpls dste

Command ModePrivileged Exec mode

UsageThe following is a sample output of the show mpls dste command displaying the DS-TE configuration information about the TE classes and class types.

NSM DiffServ-TE Commands

©2001-2007 IP Infusion Inc. Confidential 199

ZebOS# show mpls dste te0: { a1, 4 }te1: { a2, 5 }te3: { default, 6 }ct0: defaultct1: a1ct2: a2

ExamplesZebOS# show mpls dste

show mpls dste class-typeUse this command to display configured DS-TE class types.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls dste class-type

Command ModePrivileged Exec mode

UsageThe following is a sample output of the show mpls dste class-type command displaying the class types.

ZebOS# show mpls dste class-type ct0: defaultct1: a1ct2: a2

ExamplesZebOS# show mpls dste class-type

show mpls dste te-classUse this command to display configured DS-TE TE classes.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntax show mpls dste te-class

Command ModePrivileged Exec Mode

UsageThe following is a sample output of the show mpls dste te-class command displaying the TE classes.

NSM DiffServ-TE Commands

200 ©2001-2007 IP Infusion Inc. Confidential

ZebOS# show mpls dste te-class te0: { a1, 4 }te1: { a2, 5 }te3: { default, 6 }

ExamplesZebOS# show mpls dste te-class

©2001-2007 IP Infusion Inc. Confidential 201

CHAPTER 12 NSM Layer-2 Commands

Common Commands

flowcontrol offUse this command to disable flow control.

Command Syntaxflowcontrol [send|receive] off

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth1ZebOS(config-if)# flowcontrol receive off

flowcontrol on Use this command to enable flow control, and configure the flow control mode for the port.

Command Syntaxflowcontrol [send|receive] on

Command ModeInterface mode

UsageFlow control enables connected Ethernet ports to control traffic rates during congestion by allowing congested nodes to pause link operation at the other end. If one port experiences congestion, and cannot receive any more traffic, it notifies the other port to stop sending until the condition clears. When the local device detects congestion at its end, it notifies the remote device by sending a pause frame. On receiving a pause frame, the remote device stops sending data packets, which prevents loss of data packets during the congestion period.

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# flowcontrol send on

NSM Layer-2 Commands

202 ©2001-2007 IP Infusion Inc. Confidential

mirror interfaceUse this command to define a mirror source port and its direction. This command must be run separately for each source port.

Use the no parameter with this command to disable port mirroring by the destination port on the specified source port.

Command Syntaxmirror interface SOURCEPORT direction SNOOPDIRECTION

no mirror interface SOURCEPORT

SOURCEPORT Name of the Source interface to be used.SNOOPDIRECTION [both|receive|transmit]

both Specifies mirroring of traffic in both directions.receive Specifies mirroring of received traffic.transmit Specifies mirroring of transmitted traffic.

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# mirror interface eth1 direction both

show flowcontrol interfaceUse this command to display flow control information.

Command Syntaxshow flowcontrol interface IFNAME

IFNAME Specifies the name of the interface to be displayed.

Command ModeExec mode

ExampleZebOS# show flowcontrol interface ge2

UsageThe following is a sample output of the show flowcontrol interface command displaying flow control information:

ZebOS# show flowcontrol interface ge1Port Send FlowControl Receive FlowControl RxPause TxPause

admin oper admin oper

----- ------- -------- ------- -------- ------- -------ge1 on on on on 0 0

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 203

show mirrorUse this command to display the status of all mirrored ports.

Command Syntaxshow mirror

Command ModePrivileged Exec mode

ExampleZebOS# show mirror

UsageThe following is a sample output of the show mirror command displaying the status of all mirrored ports:

ZebOS# show mirrorMirror Test Port Name: ge1Mirror option: EnabledMirror direction: bothMonitored Port Name: ge2Mirror Test Port Name: ge3Mirror option: EnabledMirror direction: receiveMonitored Port Name: ge4Mirror Test Port Name: ge3Mirror option: EnabledMirror direction: receiveMonitored Port Name: ge1Mirror Test Port Name: ge1Mirror option: EnabledMirror direction: receiveMonitored Port Name: ge3Mirror Test Port Name: ge1Mirror option: EnabledMirror direction: transmitMonitored Port Name: ge4

show mirror interfaceUse this command to display port mirroring.

Command Syntaxshow mirror interface IFNAME

IFNAME Specifies the name of the destination port to be used.

Command ModeInterface, Privileged Exec and Exec mode

NSM Layer-2 Commands

204 ©2001-2007 IP Infusion Inc. Confidential

ExampleZebOS# show mirror interface eth1

UsageFollowing is a sample output of the show mirror interface command displaying mirroring information.

ZebOS(config)# interface ge1ZebOS(config-if)# mirror interface ge2 direction bothZebOS(config-if)# show mirror interface ge2Mirror Test Port Name: ge1Mirror option: EnabledMirror direction: bothMonitored Port Name: ge2

show storm-controlUse this command to display storm control information for all interfaces or a particular interface.

Command Syntaxshow storm-control (IFNAME)

IFNAME Specifies the name of the interface for which storm-control information is to be displayed.

Command ModePrivileged Exec mode

ExampleZebOS# show storm-control eth1

UsageThe following is a sample output of this command displaying storm control information:

ZebOS# show storm-control eth1Port BcastLevel BcastDiscards McastLevel McastDiscards DlfLevel DlfDiscardsfe14 40. 0% 64290164 100. 0% 64290164 100. 0% 64290164

show storm-control broadcast interfaceUse this command to display storm control information.

Command Syntaxshow storm-control broadcast interface IFNAME

IFNAME Specifies the name of the interface for which storm-control information is to be displayed.

Command ModePrivileged Exec mode

ExampleZebOS# show storm-control broadcast interface eth1

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 205

UsageThe following is a sample output of this command displaying storm control information:

ZebOS(config-if)# storm-control broadcast level 3ZebOS(config-if)# show storm-control broadcast

Port BcastSuppLevel TotalSuppressedPackets

ge1 3% 61503000

storm-control levelUse this command to specify the rising threshold level for broadcasting, multicast, or destination lookup failure traffic. The storm control action occurs when traffic utilization reaches this level.

Use the no parameter with this command to disable storm control.

Command Syntaxstorm-control broadcast|multicast|dlf level LEVEL

no storm-control broadcast|multicast|dlf

LEVEL <0-100> Specifies the percentage of the threshold; percentage of the maximum speed (pps) of the interface.

dlf destination lookup failure

DefaultBy default, storm control is disabled.

Command ModeInterface mode

UsageFlooding techniques are used to block the forwarding of unnecessary flooded traffic. A packet storm occurs when a large number of broadcast packets are received on a port. Forwarding these packets can cause the network to slow down or time out.

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# storm-control broadcast level 30

Bridge Commands

bridge acquireUse this command to enable a specific bridge to learn station location information for an instance. This helps in making forwarding decisions.

To disable learning, use the no parameter with this command.

NSM Layer-2 Commands

206 ©2001-2007 IP Infusion Inc. Confidential

Command Syntax bridge <1-32> acquire

no bridge <1-32> acquire

<1-32> Bridge-group ID used for bridging.

Command ModeConfigure mode

Default Learning is enabled by default for all instances.

ExamplesZebOS# configure terminalZebOS(config)# bridge 3 acquire

bridge addressUse this command to statically configure a bridge entry to forward or discard matching frames.

Command Syntax bridge <1-32> address MAC forward|discard IFNAME

no bridge <1-32> address MAC forward|discard IFNAME

<1-32> Bridge-group ID used for bridging.MAC the Media Access Control (MAC) address in the HHHH.HHHH.HHHH format.IFNAME the interface on which the frame comes in.

Command ModeConfigure mode

Examples ZebOS# configure terminalZebOS(config)# bridge 2 address 2222.2222.2222 forward eth0

bridge ageing-time Use this command to specify an ageing-out time for a learned MAC address. The learned MAC address will persist till this specified time.

Command Syntaxbridge-group <1-32> ageing-time AGEINGTIME

no bridge-group <1-32> ageing-time

<1-32> The ID of the bridge-group that this ageing time is for.AGEINGTIME = <10-1000000> The number of seconds of persistence.

DefaultThe default ageing time is 300 seconds.

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 207

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# bridge 3 ageing-time 1000

bridge-groupUse this command to bind an interface with a bridge specified by the parameter.

Command Syntax(no) bridge-group <1-32>

<1-32> Bridge-group ID used for bridging.

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth1ZebOS(config-if)# bridge-group 2

bridge protocol ieeeUse this command to add a IEEE 802.1d Spanning Tree Protocol bridge. Use the no parameter to remove a bridge.

Command Syntaxbridge <1-32> protocol ieee

no bridge <1-32>

<1-32> Bridge-group ID used for bridging.

Command ModeConfigure mode

DefaultThere is no default value.

UsageAfter creating a bridge instance, add interfaces to the bridge using the bridge-group command. Bring the bridge instance into operation with the no shutdown command in interface mode.

Exampleszebos# configure terminalzebos(config)# bridge 3 protocol ieee

NSM Layer-2 Commands

208 ©2001-2007 IP Infusion Inc. Confidential

Related Commandsbridge ageing-time

bridge protocol ieee vlan-bridgeUse this command to add a VLAN bridge (according to the IEEE 802.1q Spanning Tree Protocol) to the spanning tree.

Command Syntaxbridge <1-32> protocol ieee vlan-bridge

<1-32> Bridge-group ID used for bridging.

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# bridge 4 protocol ieee vlan-bridge

bridge protocol mstpUse this command to create a multiple spanning-tree protocol (MSTP) bridge of a specified parameter.

Use the no parameter with this command to unmap the VLANs from a particular instance, and associate it back to the default instance of 0.

Command Syntaxbridge <1-32> protocol mstp

no bridge <1-32>

<1-32> Specify the bridge group ID.

Command ModeConfigure mode

UsageThe MSTP bridges can have different spanning-tree topologies for different VLANs inside a region of “similar” MSTP bridges. The multiple spanning tree protocol, like the rapid spanning tree protocol, provides rapid reconfiguration capability, while providing load balancing ability.

Using this command creates an instance of the spanning tree, and associates the VLANs specified with that instance.

A bridge created by the above command forms its own separate region unless it is added explicitly to a region by using the region name command.

ExamplesZebOS# configure terminalZebOS(config)# bridge 2 protocol mstp

bridge protocol rstpUse this command to add an IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) bridge.

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 209

Command Syntaxbridge <1-32> protocol rstp (ring)

<1-32> Bridge-group ID used for bridging.ring Optional. Add an RSTP bridge for a ring topology.

Command ModeConfigure mode

UsageAfter creating a bridge instance, add interfaces to the bridge using the bridge-group command. Bring the bridge instance into operation with the no shutdown command in Interface mode.

ExamplesZebOS# configure terminalZebOS(config)# bridge 2 protocol rstp

bridge protocol rstp vlan-bridgeUse this command to add a VLAN bridge to the rapid spanning tree.

Command Syntaxbridge <1-32> protocol rstp vlan-bridge

<1-32> Bridge-group ID used for bridging.

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# bridge 3 protocol rstp vlan-bridge

clear mac address-tableUse this command to clear the filtering database for the default bridge.

Command Syntaxclear mac address-table static|multicast address|vlan|interface (WORD)

static Filtering database entries configured through the CLI.multicast Multicast filtering database entries.address Filtering database entries with the given MAC address.vlan Filtering database entries for the given VLAN.interface Filtering database entries for the given interface.WORD

VLAN ID when filtering database entries are cleared based on VLANs. Value range is 1-4094.Interface name when filtering database entries are cleared based on an interface name.MAC address name when filtering database entries are cleared based on the MAC address.

NSM Layer-2 Commands

210 ©2001-2007 IP Infusion Inc. Confidential

Command ModePrivileged Exec mode

ExamplesThis example shows how to clear all filtering database entries configured through the CLI.

ZebOS# clear mac address-table static

This example shows how to clear multicast filtering database entries.

ZebOS# clear mac address-table multicastThis example shows how to clear all filtering database entries for a given interface.

ZebOS# clear mac address-table static interface eth0

This example shows how to clear multicast filtering database entries for a given VLAN.

ZebOS# clear mac address-table multicast vlan 2

This example shows how to clear static filtering database entries for a given MAC address.

ZebOS# clear mac address-table static address 0202.0202.0202

Related Commandsclear mac address-table bridge

clear mac address-table bridgeUse this command to:

• clear the filtering database

• clear all filtering database entries configured through CLI (static)

• clear all multicast filtering database entries

• clear all multicast filtering database entries for a given VLAN or interface

• clear all static or multicast database entries based on a mac address

Command Syntaxclear mac address-table (static|multicast) (address|vlan|interface) WORD bridge NAME

static Filtering database entries configured through CLI.multicast Multicast filtering database entries.address Filtering database entries with the given mac address.vlan Filtering database entries for the given VLAN.interface Filtering database entries for the given interface.WORD

VLAN ID when filtering database entries are cleared based on VLANs. Value range is 1-4094.Interface name when filtering database entries are cleared based on an interface name.Mac address name when filtering database entries are cleared based on the mac address.

NAME Bridge name <1-32>.

Command ModePrivileged Exec mode

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 211

ExamplesThis example shows how to clear all filtering database entries configured through CLI.

ZebOS# clear mac address-table static bridge 1This example shows how to clear multicast filtering database entries.

ZebOS# clear mac address-table multicast bridge 1

This example shows how to clear all filtering database entries for a given interface.

ZebOS# clear mac address-table static interface eth0 bridge 1

This example shows how to clear multicast filtering database entries for a given VLAN.

ZebOS# clear mac address-table multicast vlan 2 bridge 1This example shows how to clear static filtering database entries for a given mac address.

ZebOS# clear mac address-table static address 0202.0202.0202 bridge 1

clear mac address-table dynamicUse this command to clear, on the default bridge, the filtering database of all entries learned through bridge operation, or filtering database entries learned through bridge operation for a given MAC address, interface, or VLAN.

Command Syntaxclear mac address-table dynamicclear mac address-table dynamic address|interface|vlan (WORD)

address Filtering database entries for the given MAC address.interface Filtering database entries for the given interface.vlan Filtering database entries for the given VLAN.WORD Optional.

MAC address when filtering database entries are cleared based on an MAC address.Interface name when filtering database entries are cleared based on an interface name.VLAN ID when filtering database entries are cleared based on VLANs. Value range is 1-4094.

Command ModePrivileged Exec mode

ExamplesThis example shows how to clear all filtering database entries learned through bridge operation for a given MAC address.

ZebOS# clear mac address-table dynamic address 0202.0202.0202

Related Commandsclear mac address-table dynamic bridge

clear mac address-table dynamic bridgeUse this command to clear the filtering database of all entries learned through bridge operation, or clear filtering database entries learned through bridge operation for a given MAC address, interface, or VLAN.

NSM Layer-2 Commands

212 ©2001-2007 IP Infusion Inc. Confidential

Command Syntaxclear mac address-table dynamic bridge NAME

NAME Bridge name <1-32>.clear mac address-table dynamic address|interface|vlan WORD bridge NAME

address Filtering database entries for the given MAC address.interface Filtering database entries for the given interface.vlan Filtering database entries for the given VLAN.WORD

MAC address when filtering database entries are cleared based on an MAC address.Interface name when filtering database entries are cleared based on an interface name.VLAN ID when filtering database entries are cleared based on VLANs. Value range is 1-4094.

Command ModePrivileged Exec mode

ExamplesThis example shows how to clear all filtering database entries learned through bridge operation for a given MAC address.

ZebOS# clear mac address-table dynamic address 0202.0202.0202 bridge 1

mac-address-table staticUse this command to configure the static forwarding table entry for the default bridge. Use the no parameter with this command to remove the entry for the default bridge.

Command Syntax(no) mac-address-table static MAC forward|discard IFNAME

MAC MAC address in the HHHH.HHHH.HHHH format.IFNAME Interface on which the frame comes in.

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# mac-address-table static 2222.2222.2222 forward eth0

Related Commandsbridge address

show bridgeUse this command to display the filtering database values.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 213

Command Syntaxshow bridge

Command ModePrivileged Exec mode

UsageThe following is a sample output of the show bridge command.

ZebOS# show bridge% b: bridge up - spanning tree enabled - learning enabled% b: ageing-time 300 - root path cost 0 - priority 32768% b: forward-time 15 - hello-time 2 - max-age 20 - root port 0% b: root id 8000000000000000% b: bridge id 8000000000000000% b: hello timer 0 - tcn timer 0 - topo change timer 0% b: 0 topology changes - last topology change Wed Dec 31 19:00:00 1969zebos#con tEnter configuration commands, one per line. End with CNTL/Z.zebos(config)#int eth1zebos(config-if)#bridge-group bZebOS# show bridge% b: bridge up - spanning tree enabled - learning enabled% b: ageing-time 300 - root path cost 0 - priority 32768% b: forward-time 15 - hello-time 2 - max-age 20 - root port 0% b: root id 8000000476e6c88c% b: bridge id 8000000476e6c88c% b: hello timer 0 - tcn timer 0 - topo change timer 0% b: 0 topology changes - last topology change Wed Dec 31 19:00:00 1969% eth1: port 3 - id 8003 - path cost 20000000 - designated cost 0% eth1: designated port id 8003 - state Listening - priority 128% eth1: designated root 8000000476e6c88c% eth1: designated bridge 8000000476e6c88c% eth1: forward-timer 10 - hold-timer 0 - msg age timer 0% eth1: forward-transitions 0

show interface switchport bridgeUse this command to display the characteristics of the Layer-2 interface with the current VLAN.

Command Syntaxshow interface switchport bridge <1-32>

<1-32> Specify the ID of the bridge-group for which information has to be displayed.

Command ModePrivileged Exec mode

UsageThe following is an output of this command displaying the characteristics of this interface on bridge b.

NSM Layer-2 Commands

214 ©2001-2007 IP Infusion Inc. Confidential

ZebOS# show interfaces switchport bridge 2 Interface name : eth5 Switchport mode : access Ingress filter : disable Acceptable frame types : all Vid swap : disable Default vlan : 2 Configured vlans : 2

Interface name : eth4 Switchport mode : access Ingress filter : disable Acceptable frame types : all Vid swap : disable Default vlan : 1 Configured vlans : 1

Examplezebos# show interface switchport bridge 4

switchportUse this command to set the switching characteristics of the Layer-2 protocols when using the ZebOS Hybrid Layer-2/Layer-3 solution.

Use the no parameter with this command to revert to the default behavior.

Command Syntax(no) switchport

Command ModeInterface mode

UsageIn case of ZebOS Hybrid L-2/ L-3, it is important to understand that by default, all interfaces are configured as routed interfaces; and if you want to change the behavior of a port from a Switched port to a routed port, you must explicitly configure this using the no switchport command in the interface mode.

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# no switchport

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 215

VLAN Commands

show vlanUse this command to display information about a particular VLAN by specifying the VLAN ID. It displays information for all the bridges configured.

Command Syntaxshow vlan <2-4094>

<2-4094> VLAN ID.

Command ModePrivileged Exec mode

ExampleThe following is an output of this command displaying information about VLAN 2.

ZebOS# show vlan 2Bridge Group VLAN ID Name State Member ports

([u]-Untagged, [t]-Tagged)

------------ --------- --------------- ----------- ------------------------

1 2 VLAN0002 active [u]eth1 [t]eth2

show vlan allUse this command to display information about all VLANs on the default bridge.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow vlan all

Command ModePrivileged Exec mode

Related Commandsshow vlan all bridge

show vlan all bridgeUse this command to display information about all VLANs on a bridge.

Command Syntaxshow vlan all bridge <1-32>

<1-32> Bridge group ID.

NSM Layer-2 Commands

216 ©2001-2007 IP Infusion Inc. Confidential

Command ModePrivileged Exec mode

ExampleThe following is a sample output of this command displaying all VLANs on bridge 1.

ZebOS# show vlan all bridge 1Bridge VLAN ID Name State Member ports (u)-Untagged, (t)-Tagged=============== ======= =============== ======= =============================1 1 default ACTIVE fe17(u) po1(t) fe43(t) fe44(t)Bridge VLAN ID Name State Member ports (u)-Untagged, (t)-Tagged=============== ======= =============== ======= ==============================1 11 VLAN0011 ACTIVE po1(t)

show vlan briefUse this command to display information about all VLANs configured for all bridges.

Command Syntaxshow vlan brief

Command ModePrivileged Exec mode

ExampleZebOS# show vlan briefBridge VLAN ID Name State Member ports

(u)-Untagged, (t)-Tagged

=============== ======= ================ ====== ==============================

1 1 default ACTIVE fe17(u) po1(t) fe43(t) fe44(t)

Bridge VLAN ID Name State Member ports

(u)-Untagged, (t)-Tagged

=============== ======= ================ ====== ==============================

1 11 VLAN0011 ACTIVE po1(t)

show vlan classifier groupUse this command to display information about all configured VLAN classifier groups or a specific group.

Command Syntaxshow vlan classifier group (<1-256>)

<1-256> VLAN classifier group identifier

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 217

Command ModeExec mode

UsageIf a group ID is not specified, all configured VLAN classifier groups are shown. If a group ID is specified, a specific configured VLAN classifier group is shown.

ExampleZebOS# show vlan classifier group 1vlan classifier group 1 add rule 1

show vlan classifier interface groupUse this command to display information about all interfaces configured for a VLAN group or all the groups.

Command Syntaxshow vlan classifier interface group (<1-16>)

<1-16> VLAN classifier interface group identifier

Command ModeExec mode

UsageIf a group ID is not specified, all interfaces configured for all VLAN classifier groups are shown. If a group ID is specified, the interfaces configured for this VLAN classifier group are shown.

ExampleZebOS# show vlan classifier interface groupvlan classifier group 1 interface fe2vlan classifier group 1 interface fe3vlan classifier group 2 interface fe5vlan classifier group 3 interface fe7

ZebOS# show vlan classifier interface group 1vlan classifier group 1 interface fe2vlan classifier group 1 interface fe3

show vlan classifier ruleUse this command to display information about all configured VLAN classifier rules or a specific rule.

Command Syntaxshow vlan classifier rule (<1-256>)

<1-256> VLAN classifier rule identifier

Command ModeExec mode and Privileged Exec mode

NSM Layer-2 Commands

218 ©2001-2007 IP Infusion Inc. Confidential

UsageIf a rule ID is not specified, all configured VLAN classifier rules are shown. If a rule ID is specified, a specific configured VLAN classifier rule is shown.

ExampleZebOS# show vlan vlan classifier rule 1vlan classifier group 1 add rule 1

show vlan dynamic bridgeUse this command to display information about all dynamic VLANs on a bridge.

Command Syntaxshow vlan dynamic bridge <1-32>

<1-32> Bridge-group ID.

Command ModePrivileged Exec mode

ExampleThe following is a sample output of this command displaying dynamic VLANs on bridge 1.

ZebOS# show vlan dynamic bridge 1Bridge VLAN ID Name State Member ports (u)-Untagged, (t)-Tagged=============== ======= ================ ======= =============================

1 11 *VLAN0011 ACTIVE fe33(t)

1 14 *VLAN0014 ACTIVE fe33(t)

show vlan static bridgeUse this command to display information about all static VLANs on a bridge.

Command Syntaxshow vlan static bridge <1-32>

<1-32> Bridge-group ID.

Command ModePrivileged Exec mode

ExampleThe following is a sample output of this command displaying static VLANs on bridge 1.

ZebOS# show vlan static bridge 1Bridge VLAN ID Name State Member ports (u)-Untagged, (t)-Tagged=============== ======= ================ =====================================

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 219

1 1 default ACTIVE fe17(u) po1(t) fe43(t)fe44(t)Bridge VLAN ID Name State Member ports (u)-Untagged, (t)-Tagged=============== ======= ================ =====================================1 11 VLAN0011 ACTIVE po1(t)

switchport access vlanUse this command to change the default VLAN on the current interface.

Use the no parameter to remove a previously created VLAN with the specified VLAN ID.

Command Syntax(no) switchport access vlan VLANID

VLANID = < 2-4094> The default VLAN ID for the specified interface.

Command ModeInterface mode

UsageIPI does not recommend the use of VLANID identifier 1 because of interoperability issues with other vendors’ equipment.

ExamplesThis example shows the steps of a typical VLAN session, creating and destroying a VLAN.

zebos# configure terminalzebos(config)# interface eth0zebos(config-if)# switchport access vlan 3...

zebos(config)# interface eth0zebos(config-if)# no switchport access vlan 3

Related Commandsshow vlan

switchport hybrid allowed vlan Use this command to set the switching characteristics of the Layer-2 interface to hybrid. Both tagged and untagged frames will be classified over hybrid interfaces.

Use the no parameter to turn off allowed hybrid switching.

Command Syntaxswitchport hybrid allowed vlan all

switchport hybrid allowed vlan none

switchport hybrid allowed vlan add VLANID (egress-tagged [enable|disable])

switchport hybrid allowed vlan remove VLANID

NSM Layer-2 Commands

220 ©2001-2007 IP Infusion Inc. Confidential

no switchport hybrid vlan

all Allow all VLANs to transmit and receive through the Layer-2 interface.none Allow no VLANs to transmit and receive through the Layer-2 interface.add Add a VLAN to the member set.remove Remove a VLAN from the member set.VLANID = <2-4094> The ID of the VLAN or VLANs that will be added to, or removed from, the Layer-2

interface.For a VLAN range, specify two VLAN numbers: lowest, then highest number in the range, separated by

a hyphen.For a VLAN list, specify the VLAN numbers separated by commas.

Note: Do not enter spaces between hyphens or commas when setting parameters for VLAN ranges or lists.

egress-taggedenable Enable the egress tagging for the outgoing frames.disable Disable the egress tagging for the outgoing frames.

Command ModeInterface mode

ExamplesThe following shows adding a single VLAN to the member set.

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport hybrid allowed vlan add egswitchport hybrid allowed vlan add 2 egress-tagged enable

The following shows adding a range of VLANs to the member set.

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport hybrid allowed vlan add egswitchport hybrid allowed vlan add 2-4 egress-tagged enable

The following shows adding a list of VLANs to the member set.

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport hybrid allowed vlan add egswitchport hybrid allowed vlan add 2,3,4 egress-tagged enable

switchport hybrid vlan Use this command to set the switching characteristics of the Layer-2 interface to hybrid.

Use the no parameter to turn off hybrid switching (no switchport hybrid), or add the Layer 2 interface to the default VLAN (no switchport hybrid vlan).

Command Syntaxswitchport hybrid vlan VLANID

VLANID The ID of the VLAN that will be added to, or removed from, the Layer-2 interfaceno switchport hybrid

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 221

Turns off the Layer 2 switching characteristic.no switchport hybrid vlan

Adds the Layer 2 interface to the default VLAN.

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport hybrid vlan 18

switchport mode accessUse this command to set the switching characteristics of the Layer-2 interface to access mode, and classify untagged frames only. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria.

Use the no parameter with this command to reset the mode of the Layer-2 interface to access (default).

Command Syntaxswitchport mode access (ingress-filter [enable|disable])

no switchport mode

ingress-filter Set the ingress filtering for the received frames.enable Set the ingress filtering for received frames. Received frames that cannot be classified in the

previous step based on the acceptable frame type parameter (access/trunk) are discarded.disable Turn off ingress filtering to accept frames that do not meet the classification criteria. This is

the default value.

DefaultThe result of not using this command is that ingress filtering is off, and that all frame types are classified and accepted.

Using this command without the ingress-filter parameter causes this command to use the default values.

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport mode access ingress-filter enable

switchport mode hybridUse this command to set the switching characteristics of the Layer-2 interface as hybrid, and classify both tagged and untagged frames. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria.

Use the no parameter to reset the mode of the Layer-2 interface to access (default).

NSM Layer-2 Commands

222 ©2001-2007 IP Infusion Inc. Confidential

Command Syntaxswitchport mode hybrid

switchport mode hybrid ingress-filter [enable|disable]

switchport mode hybrid acceptable-frame-type vlan-tagged

no switchport mode

ingress-filter Set the ingress filtering for the frames received.enable Set the ingress filtering for received frames. Received frames that cannot be classified in the

previous step based on the acceptable frame type parameter (access/trunk) are discarded.disable Turn off ingress filtering to accept frames that do not meet the classification criteria. This is

the default value.acceptable-frame-type Set the Layer-2 interface acceptable frame types. This processing occurs

after VLAN classification.vlan-tagged Accept only classified frames which belong to the port's member set.

DefaultThe result of not using this command is that ingress filtering is off, and that all frame types are classified and accepted.

Using this command without either ingress-filter or acceptable-frame-type parameters causes this command to use the default values for each.

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport mode hybrid acceptable-frame-type vlan-tagged

switchport mode trunkUse this command to set the switching characteristics of the Layer-2 interface as trunk, and specify only tagged frames. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria.

Use the no parameter to reset the mode of the Layer-2 interface to access (default).

Command Syntaxswitchport mode trunk (ingress-filter [enable|disable])

no switchport mode

ingress-filter Set the ingress filtering for the frames received.enable Set the ingress filtering for received frames. Received frames that cannot be classified in the

previous step based on the acceptable frame type parameter (access/trunk) are discarded.disable Turn off ingress filtering to accept frames that do not meet the classification criteria. This is

the default value.

DefaultThe result of not using this command is that ingress filtering is off, and that all frame types are classified and accepted.

Using this command without the ingress-filter parameter causes this command to use the default values.

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 223

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport mode trunk ingress-filter enable

switchport trunk allowed vlanUse this command to set the switching characteristics of the Layer-2 interface to trunk.The all parameter indicates that any VLAN ID is part of its port’s member set. The none parameter indicates that no VLAN ID is configured on this port. The add and remove parameters will add and remove VLAN IDs to/from the port’s member set.

Use the no parameter to remove all VLAN IDs configured on this port.

Command Syntaxswitchport trunk allowed vlan all

switchport trunk allowed vlan none

switchport trunk allowed vlan add VLANID

switchport trunk allowed vlan remove VLANID

switchport trunk allowed vlan except VLANID

no switchport trunk vlan

all Allow all VLANs to transmit and receive through the Layer-2 interface.none Allow no VLANs to transmit and receive through the Layer-2 interface.add Add a VLAN to transmit and receive through the Layer-2 interface.remove Remove a VLAN from transmit and receive through the Layer-2 interface.except All VLANs, except the VLAN for which the ID is specified, are part of its ports member set.VLANID <2-4094> The ID of the VLAN or VLANs that will be added to, or removed from, the Layer-2

interface. A single VLAN, VLAN range, or VLAN list can be set.For a VLAN range, specify two VLAN numbers: lowest, then highest number in the range, separated by

a hyphen.For a VLAN list, specify the VLAN numbers separated by commas.

Note: Do not enter spaces between hyphens or commas when setting parameters for VLAN ranges or lists.

Command ModeInterface mode

ExamplesThe following shows adding a single VLAN to the port’s member set.

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport trunk allowed vlan add V2

The following shows adding a range of VLANs to the port’s member set.

ZebOS# configure terminalZebOS(config)# interface eth0

NSM Layer-2 Commands

224 ©2001-2007 IP Infusion Inc. Confidential

ZebOS(config-if)# switchport trunk allowed vlan add V2-4

The following shows adding a list of VLANs to the port’s member set.

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport trunk allowed vlan add V2,3,4

switchport trunk native vlanUse this command to configure native VLANs for this port. The native VLAN is used for classifying the incoming untagged packets.

Use the no parameter to revert the native VLAN to the default VLAN ID 1.

Command Syntaxswitchport trunk native vlan VLANID

no switchport trunk native vlan

VLANID <1-4094> The ID of the VLAN that will be used to classify the incoming untagged packets. The VLAN ID must be a part of the VLAN member set of the port.

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport trunk native vlan 2

vlan bridge This command enables or disables the state of a particular VLAN on a bridge basis. Specifying the disable state causes all forwarding over the specified VLAN ID on the specified bridge to cease. Specifying the enable state allows forwarding of frames on the specified VLAN-aware bridge.

Command Syntaxvlan VLANID bridge <1-32> (name VLAN_NAME) (state [enable|disable])

no vlan VLANID bridge <1-32>

VLANID The VID of the VLAN that will be enabled or disabled on the bridge <2-4094>.<1-32> The ID of the bridge-group on which the VLAN will be affected.VLAN_NAME The ASCII name of the VLAN. Maximum length: 16 characters.enable Sets VLAN into an enable state.disable Sets VLAN into a disable state.

Command ModeVLAN Configuration mode

ExamplesZebOS# configure terminalZebOS(config)# vlan database

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 225

ZebOS(config-vlan)#vlan 45 bridge 2 name vlan2 state enable

vlan classifier ipv4Use this command to create an IPv4 subnet-based VLAN classifier rule and map it to a specific VLAN.

Command Syntaxvlan classifier <1-256> ipv4 A.B.C.D/M vlan <2-4094>

no vlan classifier <1-256> ipv4 A.B.C.D/M

<1-256> VLAN Classifier identifierA.B.C.D/M IP Subnet<2-4094> VLAN to which an untagged packet is mapped.

Command ModeConfigure mode

UsageIf the source IP address matches the IP subnet specified in the VLAN classifier rule, the received packets are mapped to the specified VLAN.

Command ExampleZebOS# configure terminalZebOS(config)# vlan classifier 3 ipv4 3.3.3.3/8 vlan 5

vlan classifier macUse this command to create a MAC address-based VLAN classifier rule, and map it to a specific VLAN.

Use the no parameter with this command to delete the specified VLAN classifier rule.

Command Syntaxvlan classifier <1-256> mac WORD vlan <2-4094>

no vlan classifier <1-256> (mac WORD)

<1-256> VLAN classifier identifierWORD Mac address<2-4094> VLAN to which an untagged packet is mapped

Command ModeConfigure mode

UsageIf the source MAC address matches the MAC address specified in the VLAN classifier rule, the untagged received frames are mapped to the specified VLAN.

ExampleZebOS# configure terminalZebOS(config)# vlan classifier 33 mac 00-0C-BB-13-2F-88 vlan 35

NSM Layer-2 Commands

226 ©2001-2007 IP Infusion Inc. Confidential

vlan classifier protoUse this command to create a protocol type-based VLAN classifier rule, and map it to a specific VLAN.

Command Syntaxvlan classifier <1-256> proto (Ethernet|appletalk|ipx|llc|<0-65535>)vlan <2-4094>

<1-256> VLAN Classifier identifierproto Type of protocolEthernet Ethernet protocolappletalk Appletalk protocolipx IPX protocolllc LLC protocol<0-65535> Other protocol values<2-4094> VLAN to which an untagged packet is mapped

Command ModeConfigure mode

UsageIf the protocol type matches the protocol specified in the VLAN classifier rule, the received packets are mapped to the specified VLAN.

ExampleZebOS# configure terminalZebOS(config)# vlan classifier 34 proto ethernet vlan 444

vlan databaseUse this command to enter the VLAN configuration mode.

Command Syntaxvlan database

Command ModeConfigure mode

UsageUse this command to enter the VLAN configuration mode, and add, delete, or modify values associated with a single VLAN.

ExamplesIn the following example, note the change to VLAN configuration mode from Configure mode:

ZebOS# configure terminalZebOS(config)# vlan databaseZebOS(config-vlan)#

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 227

Related Commandsvlan bridge

vlan mtu bridge Use this command to set the Maximum Transmission Unit (MTU) for a specified VLAN. Any packet with a size greater than the configured MTU is discarded.

Use the no parameter to reset the MTU configuration for the VLAN.

Command Syntaxvlan VLANID mtu MTU_VALUE bridge BRIDGE_NAME

no vlan VLANID mtu bridge BRIDGE_NAME

VLANID The ID of the VLAN for which the MTU has to be set.MTU_VALUE The value of the Maximum Transmission Unit.BRIDGE_NAME The name of the bridge on which VLAN is configured.

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# vlan 2 mtu 1000 bridge 1

vlan stateThis command enables or disables the state of a particular VLAN on the default bridge. Specifying the disable state causes all forwarding over the specified VLAN ID on the bridge to cease. Specifying the enable state allows forwarding of frames on the bridge. Using the no parameter with this command also disables the state of a particular VLAN on the default bridge.

Command Syntaxvlan VLANID (name VLAN_NAME) state enable|disableno vlan VLANID

VLANID ID of the VLAN that will be enabled or disabled on the bridge <2-4094>. VLAN_NAME Optional. ASCII name of the VLAN. Maximum length: 16 characters.enable Sets VLAN into an enable state.disable Sets VLAN into a disable state.

Command ModeVLAN Configuration mode

ExamplesZebOS# configure terminalZebOS(config)# vlan databaseZebOS(config-vlan)#vlan 45 name vlan2 state enable

NSM Layer-2 Commands

228 ©2001-2007 IP Infusion Inc. Confidential

Related Commandsvlan bridge

Private-VLAN Commands

private-vlan association bridgeUse this command to associate a secondary vlan to a primary vlan. Only one isolated vlan can be associated to a primary vlan. Multiple community vlans can be associated to a primary vlan.

Use the no form of this command to remove association of all the secondary vlans to a primary vlan.

Command Syntaxprivate-vlan PRIMARY_VLAN_ID association add SECONDARY_VLAN_ID bridge <1-32>

private-vlan PRIMARY_VLAN_ID association remove SECONDARY_VLAN_ID bridge <1-32>

no private-vlan PRIMARY_VLAN_ID association bridge <1-32>

PRIMARY_VLAN_ID VLAN ID of the primary vlanSECONDARY_VLAN_ID VLAN ID of the secondary vlan (either isolated or community)

Command ModeVLAN Configuration mode

ExampleZebOS# configure terminalZebOS(config)# vlan databaseZebOS(config-vlan)# private-vlan 2 association add 3-4 bridge 1ZebOS(config-vlan)# private-vlan 2 association remove 3-4 bridge 1ZebOS(config-vlan)# no private-vlan 2 association bridge 1

private-vlan bridgeUse this command to create community, isolated or primary vlan.

Use the no form of this command to remove the specified private vlan.

Command Syntaxprivate-vlan VLAN_ID (community | isolated | primary) bridge <1-32>

no private-vlan VLAN_ID (community | isolated | primary) bridge <1-32>

VLAN_ID VLAN ID of the vlan which is to be made a private vlan.community Community vlanisolated Isolated vlanprimary Primary vlanbridge Bridge ID

Command ModeVLAN Configuration mode

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 229

ExampleZebOS# configure terminalZebOS(config)# vlan databaseZebOS(config-vlan)# vlan 2 bridge 1 name vlan2 state enableZebOS(config-vlan)# vlan 3 bridge 1 name vlan3 state enableZebOS(config-vlan)# vlan 4 bridge 1 name vlan3 state enableZebOS(config-vlan)# private-vlan 2 primary bridge 1ZebOS(config-vlan)# private-vlan 3 isolated bridge 1ZebOS(config-vlan)# private-vlan 4 community bridge 1

switchport mode private-vlanUse this command to make a layer2 port as a host port or promiscuous port.

Use the no form of this command to remove the configuration.

Command Syntaxswitchport mode private-vlan (host | promiscuous)

no switchport mode private-vlan (host | promiscuous)

host This port type can communicate with all other host ports assigned to the same community vlan, but it cannot communicate with the ports in the same isolated vlan. All communications outside of this vlan must pass through a promiscuous port in the associated primary vlan.

promiscuous A promiscuous port can communicate with all interfaces, including the community and isolated ports within a private VLAN

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)#interface eth0ZebOS(config-if)# switchport mode private-vlan hostZebOS(config)#interface eth1ZebOS(config-if)# switchport mode private-vlan promiscuousZebOS(config)#interface eth2ZebOS(config-if)# no switchport mode private-vlan promiscuous

switchport private-vlan host-associationUse this command to associate a primary vlan and a secondary vlan to a host port. Only one primary and secondary vlan can be associated to a host port.

Use the no form of this command to remove the association.

Command Syntaxswitchport private-vlan host-association PRIMARY_VLAN_ID add SECONDARY_VLAN_ID

no switchport private-vlan host-association PRIMARY_VLAN_ID

PRIMARY_VLAN_ID VLAN ID of the primary vlan

SECONDARY_VLAN_ID VLAN ID of the secondary vlan (either isolated or community)

NSM Layer-2 Commands

230 ©2001-2007 IP Infusion Inc. Confidential

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport private-vlan host-association 2 add 3

ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# no switchport private-vlan host-association

switchport private-vlan mappingUse this command to associate a primary vlan and a set of secondary vlans to a promiscuous port.

Use the no form of this to remove all the association of secondary vlans to primary vlans for a promiscuous port.

Command Syntaxswitchport private-vlan mapping PRIMARY_VLAN_ID add SECONDARY_VLAN_ID

switchport private-vlan mapping PRIMARY_VLAN_ID remove SECONDARY_VLAN_ID

no switchport private-vlan mapping

PRIMARY_VLAN_ID VLAN ID of the primary vlanSECONDARY_VLAN_ID VLAN ID of the secondary vlan (either isolated or community)

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport private-vlan mapping 2 add 3-4ZebOS(config-if)# switchport private-vlan mapping 2 remove 3-4ZebOS(config-if)# no switchport private-vlan mapping

show vlan private-vlan bridgeUse this command to display the private-vlan configuration and associations.

Command Syntaxshow vlan private-vlan bridge <1-32>

Command ModePrivileged Exec mode

ExampleZebOS# show vlan private-vlan bridge 1PRIMARY SECONDARY TYPE INTERFACES------- --------- ---------- ---------- 2 3 isolated

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 231

2 4 community

GMRP Commands

clear gmrp statisticsUse this command to clear GMRP statistics for a given VLAN or all the VLANs configured on the Layer-2 switch.

Command Syntaxclear gmrp statistics [all|vlan VLAN-ID] bridge <1-32>

all Clear GMRP statistics for all the VLANs.VLAN-ID = vlanid <1 to 4094> Clear GMRP statistics for the particular VLAN_ID.

DefaultThis default clearing is for all the configured VLANs

Command ModePrivileged Exec mode

ExamplesThis example shows how to clear the GMRP statistics for a given VLAN 12.

ZebOS# clear gmrp statistics vlan 12 bridge 2

This example shows to clear the GMRP statistics for all the configured VLANs on a bridge.

ZebOS# clear gmrp statistics all bridge 2

debug gmrpUse this command to put various types of data to the console. Use the no parameter to turn off a specific type of debugging. Use the all parameter to display all types on the console, or use any combination of the other parameters to display pertinent data on the console.

Command Syntax(no) debug gmrp event|cli|timer|packet|all

event use this parameter to echo events to the console.cli use this parameter to echo commands to the console.timer use this parameter to echo the time start to the console.packet use this parameter to echo packet contents to the console.all to echo all of the above data types to the console.

Command ModesConfigure mode

DefaultIf this command is not used, no debugging data is displayed on the console.

NSM Layer-2 Commands

232 ©2001-2007 IP Infusion Inc. Confidential

ExamplesThis example shows set debugging for commands and packets:

ZebOS# configure terminalZebOS(config)# debug gmrp cli

set gmrpUse this command to enable or disable GMRP globally on the default bridge. This command does not enable or disable GMRP in all ports of the bridge. After enabling GMRP globally, use the set port gmrp command to enable GMRP on individual ports of the bridge.

Command Syntaxset gmrp enable|disable

enable Enable GMRP on a Layer-2 switch.disable Disable GMRP on a Layer-2 switch

DefaultIf this command is not used, GMRP is disabled.

Command ModesConfigure mode

UsageGMRP cannot be enabled if IGMP Snooping is enabled, or if GMRP has already been configured for a particular VLAN.

ExamplesZebOS# configure terminalZebOS(config)# set gmrp enable

Related Commandsset gmrp bridge

set gmrp bridgeUse this command to enable/disable GMRP globally on a particular bridge. This command does not enable/disable GMRP in all ports of the bridge. After enabling GMRP globally, use the set port gmrp command to enable GMRP on individual ports of the bridge.

Command Syntaxset gmrp enable|disable bridge <1-32>

enable Enable GMRP on Layer-2 switch.disable Disable GMRP on Layer-2 switch<1-32> Bridge-group ID used for bridging.

DefaultIf this command is not used, GMRP is disabled.

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 233

Command ModesConfigure mode

UsageGMRP cannot be enabled if IGMP Snooping is enabled, or if GMRP has already been configured for a particular VLAN.

ExamplesTo enable GMRP on a Layer-2 switch for a particular bridge 2:

ZebOS# configure terminalZebOS(config)# set gmrp enable bridge 2GMRP is enabled for bridge 2

To enable GMRP on a Layer-2 switch on a particular bridge 3 when IGMP Snooping is enabled:

ZebOS# configure terminalZebOS(config)# set gmrp enable bridge 3Disable IGMP Snooping and then enable GMRP on bridge 3

set gmrp extended-filtering bridgeUse this command to enable or disable extended filtering on a bridge as per Table 8-7 of IEEE802.1Q-2003.

Command Syntaxset gmrp extended-filtering enable|disable bridge BRIDGE NAME <1-32>

enable Enables extended filtering services on the bridgedisable Disabled extended filtering services on the bridge<1-32> Bridge-group ID used for bridging

DefaultExtended filtering is disabled on a GMRP enabled bridge.

Command ModePrivileged Exec

ExamplesEnable extended filtering services on bridge 1

ZebOS# set gmrp extended-filtering enable bridge 1

Disable extended filtering services on bridge 1

ZebOS# set gmrp extended-filtering disable bridge 1

set gmrp fwdallUse this command to set the GMRP forward all option for an interface.

Command Syntaxset gmrp fwdall enable|disable IF_NAME

NSM Layer-2 Commands

234 ©2001-2007 IP Infusion Inc. Confidential

DefaultIf this command is not used, the default setting is GMRP disabled.

Command ModesConfigure mode

ExamplesTo enable GMRP forwarding on a Layer-2 switch for a particular interface:

IPInfusion (enable)> set gmrp fwdall enable eth1

set gmrp registrationUse this command to set GMRP registration type for all ports for a given bridge.

Command Syntaxset gmrp registration normal|fixed|forbidden PORT-NAME bridge <1-32>

normal Specify dynamic GMRP multicast registration and deregistration on the port.fixed Specify the multicast groups currently registered on the switch are applied to the port, but any

subsequent registrations or deregistrations do not affect the port. Any registered multicast groups on the port are not deregistered based on the GARP timers.

forbidden Specify that all GMRP multicasts are deregistered, and prevent any further GMRP multicast registration on the port.

PORT-NAME Defines a text string used as the name of the interface; ASCII string from 1 to 16 characters.<1-32> Bridge-group ID used for bridging.

DefaultThe default is normal registration for all the ports

Command ModesConfigure mode

UsageTo deregister a multicast port, the port must be in the normal registration mode.

ExamplesThis example shows how to set the port to normal registration:

ZebOS# set gmrp registration normal eth0 bridge 2GMRP Registration is set to normal for eth0

set gmrp timerUse this command to set the values for the GMRP Join, Leave, and Leaveall timers for a specified bridge.

Command Syntaxset gmrp timer [join |leave |leaveall] TIMER_VALUE IFNAME

join Type of timer

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 235

leave Type of timerleaveall Type of timerTIMER_VALUE Timer value in hundredths of a second.IFNAME Specify the name of the interface.

DefaultThe default is the join timer (200 milliseconds); the leave timer is 600 milliseconds (ms); and the leaveall timer is 10000 ms.

Command ModesConfigure mode

UsageThe relationship for the timer values are as following:

• Leave timer must be greater than, or equal to, three times the join timer.

• Leaveall timer must be greater than the leave timer.

ExamplesThis example shows how to set the join timers for all ports and all VLANs.

ZebOS# configure terminalZebOS(config)# set gmrp join timer 100 eth0GARP Join timer value is set to 100 centiseconds

set gmrp vlanTo enable/disable GMRP on a Layer-2 switch for a particular VLAN.

Command Syntaxset gmrp enable|disable bridge <1-32> vlan <1-4094>

enable Enable GMRP on Layer-2 switch for the specified VLAN.disable Disable GMRP on Layer-2 switch for the specified VLAN.<1-32> Bridge-group ID used for bridging.<1-4094> VLAN number on which GMRP is to be enabled.

Command ModesConfigure mode

UsageGMRP on a VLAN basis cannot be enabled if IGMP Snooping is enabled, or if GMRP is globally enabled.

ExamplesTo enable GMRP on a Layer-2 switch for a particular bridge (2) and VLAN 2:

ZebOS# configure terminalZebOS(config)# set gmrp enable bridge 2 vlan 2

To disable GMRP on a Layer-2 switch for a particular bridge (2) and VLAN 2:

NSM Layer-2 Commands

236 ©2001-2007 IP Infusion Inc. Confidential

ZebOS# configure terminalZebOS(config)# set gmrp disable bridge 2 vlan 2

set port gmrpTo enable/disable GMRP on a particular port in all VLANs or all ports in a bridge.

Command Syntaxset port gmrp enable|disable all|IFNAME

enable Enable GMRP on Layer-2 switch portdisable Disable GMRP on Layer-2 switch portall All ports added to recently configured bridgeIFNAME Specify the name of the interface.

DefaultBy default, GMRP is disabled.

Command ModesConfigure mode

UsageGMRP on a port cannot be enabled for all VLANs if GMRP has already been configured for a particular VLAN for the port.

ExamplesThis example shows how to enable GMRP on a particular port in all VLANs on a specified bridge.

ZebOS# configure terminalZebOS(config)# set port gmrp enable eth0GMRP enabled on port eth0

ZebOS# configure terminalZebOS(config)# set port gmrp enable allGMRP enabled on all ports added to recently configured bridge

set port gmrp vlanTo enable/disable GMRP on a particular port in a particular VLAN.

Command Syntaxset port gmrp enable|disable IFNAME vlan <1-4094>

enable Enable GMRP on Layer-2 switch portdisable Disable GMRP on Layer-2 switch portIFNAME Specify the name of the interface.<1-4094> VLAN number on which GMRP is to be enabled.

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 237

UsageGMRP cannot be enabled on a VLAN basis if it has been enabled for all VLANs for the port.

GMRP cannot be enabled for a port for a VLAN if GMRP is not enabled for the VLAN for the bridge.

Command ModesConfigure mode

ExamplesThis example shows how to enable GMRP on a specified port (eth0) in VLAN 2.

ZebOS# configure terminalZebOS(config)# set port gmrp enable eth0 vlan 2GMRP enabled on port eth0 and vlan 2

show gmrp configurationUse this command to display GMRP related configuration information for the default bridge.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow gmrp configuration

Command ModePrivileged Exec mode

Related Commandsshow gmrp configuration bridge

show gmrp configuration bridgeTo display GMRP related configuration information for a given bridge.

To modify the lines displayed, use the | (output modifier token) and to save the output to a file, use the > (output redirection token). For more information, see ZebOS Command Line Interface Environment.

Command Syntaxshow gmrp configuration bridge <1-32>

<1-32> Bridge-group ID used for bridging.

Command ModePrivileged Exec mode

DefaultNone.

UsageThe following is an output of this command displaying GMRP related configuration information:

NSM Layer-2 Commands

238 ©2001-2007 IP Infusion Inc. Confidential

ZebOS# show gmrp configuration bridge 2Global GMRP Configuration for bridge :2GMRP Feature: Enabled

GMRP Timers (centiseconds):Join: 20Leave: 60Leave All: 1000

Port based GMRP Configuration:GMRP Status Registration Forward All Port--------------------------------------------------Enabled Normal Disabled eth4Enabled Normal Disabled eth5

where:

• GMRP Status Status of GMRP for the particular port.

• Registration Registration status of GMRP for the particular port.

• Forward All Forward All status of GMRP for the particular port.

• Ports Ports that have GMRP Enabled or Disabled.

Examplesshow gmrp configuration bridge 3

show gmrp machineUse this command to display the state machine for GMRP, for the default bridge.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow gmrp machine

Command ModeExec and Privileged Exec modes

Related Commandsshow gmrp machine bridge

show gmrp machine bridgeUse this command to display the state machine for GMRP, for a particular bridge.

Command Syntaxshow gmrp machine bridge <1-32>

<1-32> Bridge-group ID used for bridging.

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 239

Command ModeExec and Privileged Exec modes

UsageThe following is an output of this command displaying the GMRP state machine.

ZebOS# show gmrp machine bridge 2 port = eth0 VLAN = 1 applicant state[0] = VO registrar state[0] = MT applicant state[1] = VO registrar state[1] = MT port = eth1 VLAN = 1 applicant state[0] = VO registrar state[0] = MT applicant state[1] = VO registrar state[1] = MT

ExampleZebOS# show gmrp machine bridge 2

show gmrp statistics To display the GMRP related statistics.

Command Syntaxshow gmrp statistics

Command ModesPrivileged Exec mode

ExamplesThe following is an output of this command displaying GMRP statistics.

ZebOS# show gmrp statisticsGMRP Statistics for bridge b vlan 1---------------------------------------------------Total GMRP packets Received: 0Join Empties: 0Join Ins: 0Leave Empties: 0Leave Ins: 0Empties: 0

Total GMRP packets Transmitted: 0Join Empties: 0Join Ins: 0Leave Empties: 0Leave Ins: 0Empties: 0

show gmrp timerTo display GMRP timer values on a specified interface.

NSM Layer-2 Commands

240 ©2001-2007 IP Infusion Inc. Confidential

Command Syntaxshow gmrp timer IFNAME

IFNAME Specify the name of the interface.

Command ModesPrivileged Exec mode

UsageThe following is an output of this command displaying the GMRP timer values for interface eth4.

ZebOS# show gmrp timer eth4Timer Timer Value (centiseconds)------------------------------------------Join 20Leave 60Leave All 1000

ExamplesZebOS# show gmrp timer eth0

GVRP Commands

clear gvrp statisticsUse this command to clear GVRP statistics for all VLANs or a specific VLAN.

Command Syntaxclear gvrp statistics all bridge <1-32>

clear gvrp statistics vid VLANID bridge <1-32>

<1-32> Bridge-group ID used for bridging.VLANID = <1-4094> Specify VLAN ID value.

Command ModePrivileged Exec mode

ExamplesZebOS# clear gvrp statistics vid 333 bridge 2

debug gvrpUse this command to debug GVRP events, packets, timer starts, and commands, sending output to the console.

Use the no parameter to turn off debugging.

Command Syntax(no) debug gvrp (all|event|cli|timer|packet)

all = turns on or off debugging for all levels.

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 241

event = turns on or off debugging for events. cli = turns on or off debugging for commands. timer = turns on or off debugging for timer starts. packet = turns on or off debugging for packets.

Command modeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# debug gvrp all

set gvrpUse this command to enable (set) and disable (reset) GVRP globally for the default bridge instance. This command does not enable or disable GVRP in all ports of the bridge. After enabling GVRP globally, use the set port gvrp command to enable GVRP on individual ports of the bridge.

Command Syntaxset gvrp enable|disable

enable Enable GMRP on a Layer-2 switch.disable Disable GMRP on a Layer-2 switch

Command modeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# set gvrp enableZebOS(config)# set gvrp disable

Related Commandsset gvrp bridge

set gvrp applicantUse this command to set the GVRP applicant state to normal or active.

Command Syntaxset gvrp applicant state [active|normal] IFNAME

active Active statenormal Normal stateIFNAME Name of the interface.

Command modeConfigure mode

NSM Layer-2 Commands

242 ©2001-2007 IP Infusion Inc. Confidential

ExamplesZebOS# configure terminalZebOS(config)# set gvrp applicant state active eth0

set gvrp bridgeUse this command to enable (set) and disable (reset) GVRP globally for the bridge instance. This command does not enable/disable GVRP in all ports of the bridge. After enabling GVRP globally, use the set port gvrp command to enable GVRP on individual ports of the bridge.

Command Syntaxset gvrp enable bridge <1-32>

set gvrp disable bridge <1-32>

<1-32> Bridge-group ID used for bridging.

Command modeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# set gvrp enable bridge 2

set gvrp dynamic-vlan-creationUse this command to enable or disable dynamic VLAN creation for the default bridge instance.

Command Syntaxset gvrp dynamic-vlan-creation enable|disable

enable Enables dynamic VLAN creation for the default bridge instancedisable Disables dynamic VLAN creation for the default bridge instance

Command modeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# set gvrp dynamic-vlan-creation enableZebOS(config)# set gvrp dynamic-vlan-creation disable

Related Commandsset gvrp dynamic-vlan-creation bridge

set gvrp dynamic-vlan-creation bridgeUse this command to enable and disable dynamic VLAN creation for a specific bridge instance.

Command Syntaxset gvrp dynamic-vlan-creation enable bridge <1-32>

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 243

set gvrp dynamic-vlan-creation disable bridge <1-32>

<1-32> Bridge-group ID used for bridging.

Command modeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# set gvrp dynamic-vlan-creation enable bridge 2ZebOS(config)# set gvrp dynamic-vlan-creation disable bridge 2

set gvrp registrationUse this command to set GVRP Registration to normal, fixed, and forbidden Registration mode for a given port.

Command Syntaxset gvrp registration normal IF_NAME

set gvrp registration fixed IF_NAME

set gvrp registration forbidden IF_NAME

normal Specify dynamic GVRP multicast registration and deregistration on the port.fixed Specify the multicast groups currently registered on the switch are applied to the port, but any

subsequent registrations or deregistrations do not affect the port. Any registered multicast groups on the port are not deregistered based on the GARP timers.

forbidden Specify that all GVRP multicasts are deregistered, and prevent any further GVRP multicast registration on the port.

IF_NAME The name of the interface.

Command modeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# set gvrp registration fixed eth0

set gvrp timerUse this command to set GVMRP timers for a specific interface.

Command Syntaxset gvrp timer [join|leave|leaveall] TIMER_VALUE IF_NAME

join to set the timer for joining the group. leave to set the timer for leaving a group. leaveall to set the time for leaving all groups. TIMER_VALUE = <1-65535> The timer value in hundredths of a second.IF_NAME The name of the interface.

NSM Layer-2 Commands

244 ©2001-2007 IP Infusion Inc. Confidential

Command modeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# set gvrp timer leave 245 eth0

set port gvrpUse this command to enable and disable GVRP on a port or all ports in a bridge.

Command Syntaxset port gvrp enable all|IFNAME

set port gvrp disable all|IFNAME

all All ports added to recently configured bridge.IFNAME The name of the interface.

Command modeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# set port gvrp enable eth0

ZebOS# configure terminalZebOS(config)# set port gvrp enable all

show gvrp configuration bridgeUse this command to display GVRP configuration bridge data for a specified bridge instance.

Command Syntaxshow gvrp configuration (bridge <1-32>)

<1-32> Bridge-group ID used for bridging.

Command modeExec and Privileged Exec mode

UsageThe following is an output of this command displaying the GVRP configuration for bridge b.

ZebOS# show gvrp configuration bridge 3Global GVRP Configuration for bridge 3:GVRP Feature: EnabledDynamic Vlan Creation: DisabledPort based GVRP Configuration:

Timers(centiseconds)

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 245

Port GVRP Status Registration Applicant Join Leave LeaveAll--------------------------------------------------------------------------------eth4 Enabled Normal Normal 20 60 1000

eth5 Enabled Normal Normal 200 600 10000

ExampleZebOS# show gvrp configuration bridge 2

show gvrp machine bridgeUse this command to display the state machine for GVRP.

Command Syntaxshow gvrp machine bridge <1-32>

<1-32> Bridge-group ID used for bridging.

Command ModeExec and Privileged Exec modes

UsageThe following is an output of this command displaying the GVRP state machine.

ZebOS# show gvrp machine bridge 2 port = eth5 applicant state = QA registrar state = INN port = eth4 applicant state = QA registrar state = INN

ExampleZebOS# show gvrp machine bridge 2

show gvrp statistics Use this command to display a statistical summary for a bridge.

Command Syntaxshow gvrp statistics IFNAME

IFNAME Name of the port.

Command modeExec and Privileged Exec mode

UsageThe following is an output of this command displaying a statistical summary for bridge 2.

ZebOS# show gvrp statisticsBridge: b

Port JoinEmpty JoinIn LeaveEmpty LeaveIn Empty-------------------------------------------------------------------------------

NSM Layer-2 Commands

246 ©2001-2007 IP Infusion Inc. Confidential

eth5 RX 0 2 0 0 0 TX 0 0 0 0 0eth4 RX 0 1 0 0 1 TX 0 0 0 0 0

ExampleZebOS# show gvrp statistics eth0

show gvrp timerUse this command to display data for the timers.

Command Syntaxshow gvrp timer IF_NAME

Command modeExec and Privileged Exec mode

UsageThe following show output displays data for timer on interface eth4.

ZebOS# show gvrp timer eth4Timer Timer Value (centiseconds)------------------------------------------Join 20Leave 60Leave All 1000

MMRP CommandsThis section lists the Multiple Multicast Registration Protocol (MMRP) commands for managing bridges. MMRP provides a mechanism to allow end stations and Media Access Control (MAC) bridges to dynamically register or deregister Group membership and individual MAC address information with bridges attached to the same LAN. The operation of MMRP relies upon services provided by the Multiple Registration Protocol (MRP).

clear mmrp statisticsUse this command to clear MMRP statistics information for all interfaces on a bridge.

Command Syntaxclear mmrp statistics all bridge BRIDGE_NAME

BRIDGE_NAME Name of the bridge in the range of <1-32>

Command ModeExec mode

UsageThis command is used to clear all MMRP statistics information on a specified bridge.

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 247

ExamplesZebOS# configure terminalZebOS(config)# clear mmrp statistics all bridge 2

clear mmrp statistics vlanidUse this command to clear MMRP statistics information on a specific VLAN on a bridge.

Command Syntaxclear mmrp statistics vlanid [1-4094] bridge [1-32]

vlanid ID of the VLAN in the range of <1-1094> bridge Name of the bridge in the range of <1-32>

Command ModeExec mode

UsageThis command is used to clear MMRP statistics information on a selected VLAN on a specific bridge.

ExamplesZebOS# configure terminalZebOS(config)# clear mmrp statistics vlanid 2 bridge 2

set mmrpUse this command to enable or disable MMRP globally on the default bridge. This command does not enable or disable MMRP in all ports of the bridge. After enabling MMRP globally, use the set port mmrp command to enable MMRP on individual ports of the bridge.

Command Syntaxset mmrp enable|disable

enable Enable MMRP on a Layer-2 switch.disable Disable MMRP on a Layer-2 switch

DefaultIf this command is not used, MMRP is disabled.

Command ModesConfigure mode

UsageMMRP cannot be enabled if IGMP Snooping is enabled, or if MMRP has already been configured for a particular VLAN.

ExamplesZebOS# configure terminalZebOS(config)# set mmrp enable

NSM Layer-2 Commands

248 ©2001-2007 IP Infusion Inc. Confidential

Related Commandsset mmrp bridge

set mmrp bridgeUse this command to enable or disable MMRP globally on a particular bridge. This command does not enable or disable MMRP in all ports of the bridge. After enabling MMRP globally, use the set port mmrp command to enable MMRP on individual ports of the bridge.

Command Syntaxset mmrp enable|disable bridge <1-32>

enable Enable MMRP on Layer-2 switch.disable Disable MMRP on Layer-2 switch<1-32> Bridge-group ID used for bridging.

DefaultIf this command is not used, MMRP is disabled.

Command ModesConfigure mode

UsageMMRP cannot be enabled if IGMP Snooping is enabled, or if MMRP has already been configured for a particular VLAN.

ExamplesTo enable MMRP on a Layer-2 switch for a particular bridge 2:

ZebOS# configure terminalZebOS(config)# set mmrp enable bridge 2MMRP is enabled for bridge 2

To enable MMRP on a Layer-2 switch on a particular bridge 3 when IGMP Snooping is enabled:

ZebOS# configure terminalZebOS(config)# set mmrp enable bridge 3Disable IGMP Snooping and then enable MMRP on bridge 3

set mmrp disable bridgeUse this command to disable MMRP on an MMRP-enabled bridge.

Command Syntax set mmrp disable bridge BRIDGE_NAME

BRIDGE_NAME An integer in the range of <1 - 32>

DefaultThis setting is disabled by default.

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 249

Command ModeConfigure mode

UsageUsing this command disables MMRP on a specific bridge that was previously MMRP-enabled.

ExampleZebOS# configure terminalZebOS(config)# set mmrp disable bridge 1

Related Commandsset mmrp disable bridge vlan

set port mmrp disable

set mmrp disable bridge vlanUse this command to disable MMRP on a bridge for a specified instance.

Command Syntaxset mmrp disable bridge BRIDGE_NAME vlan VLANID

BRIDGE_NAME Name of the bridge in the range of <1-32>VLANID ID of the VLAN in the range of <1-4094>

DefaultDisabled by default

Command ModeConfiguration mode

UsageThis command disables MMRP on a selected VLAN ID on a specific MMRP-enabled bridge

ZebOS# configure terminalZebOS(config)# set mmrp disable bridge 1 vlan 3

Related Commandsset port mmrp disable vlan

set mmrp enable bridgeUse this command to enable MMRP on a bridge.

Command Syntax set mmrp enable bridge BRIDGE_NAME

BRIDGE_NAME An integer in the range of <1 - 32>

NSM Layer-2 Commands

250 ©2001-2007 IP Infusion Inc. Confidential

DefaultThis setting is disabled by default.

Command ModeConfigure mode

UsageUsing this command enables MMRP on a specific bridge.

ExamplesZebOS# configure terminalZebOS(config)# set mmrp enable bridge 1

Related Commandsset mmrp enable bridge vlan

set port mmrp enable

set mmrp enable bridge vlanUse this command to enable MMRP on a bridge for a specific VLAN instance.

Command Syntaxset mmrp enable bridge BRIDGE_NAME vlan VLANID

BRIDGE_NAME An integer in the range of <1 - 32>VLANID An integer in the range of <1- 4094>

DefaultThis setting is disabled by default.

Command ModeConfigure Mode

UsageThis command is used to enable MMRP on a specific VLAN on a chosen bridge.

ExampleZebOS# configure terminalZebOS(config)# set mmrp enable bridge 1 vlan 3

Related Commandsset port mmrp enable vlan

set mmrp extended-filteringUse this command to enable or disable extended filtering on the default bridge as per Table 8-7 of IEEE802.1Q-2003.

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 251

Command Syntaxset mmrp extended-filtering enable|disable

enable Enables extended filtering services on the bridgedisable Disables extended filtering services on the bridge

DefaultExtended filtering is disabled on an MMRP enabled bridge.

Command ModePrivileged Exec

Related Commandsset mmrp extended-filtering bridge

set mmrp extended-filtering disable bridgeUse this command to disable MMRP extended filtering on a bridge.

Command Syntaxset mmrp extended-filtering disable bridge BRIDGE_NAME

BRIDGE_NAME An integer in the range of <1 - 32>

DefaultExtended filtering is disabled by default.

Command ModeConfigure mode

UsageUsing this command disables extended filtering on a selected MMRP-enabled bridge.

ExamplesZebOS# configure terminalZebOS(config)# set mmrp extended-filtering disable bridge 2

set mmrp extended-filtering enable bridgeUse this command to enable extended filtering on an MMRP-enabled bridge.

Command Syntaxset mmrp extended-filtering enable bridge BRIDGE_NAME

BRIDGE_NAME An integer in the range of <1 - 32>

DefaultExtended filtering is disabled by default.

NSM Layer-2 Commands

252 ©2001-2007 IP Infusion Inc. Confidential

Command ModeConfigure mode

UsageUsing this command enables extended filtering on a chosen bridge.

ExamplesZebOS# configure terminalZebOS(config)# set mmrp extended-filtering enable bridge 2

set mmrp fwdall disableUse this command to disable the forwardall configuration on a port.

Command Syntaxset mmrp fwdall disable IF_NAME

IF_NAME Name of the interface

DefaultThe forwardall configuration is disabled by default.

Command ModeConfiguration mode

UsageThis command is used to disable the forwardall configuration on a port.

ExamplesZebOS# configure terminalZebOS(config)# set mmrp fwdall disable eth1

set mmrp fwdall enableUse this command to enable the forwardall configuration on a port.

Command Syntax set mmrp fwdall enable IF_NAME

IF_NAME Name of the interface

DefaultThe forwardall configuration is disabled by default.

Command ModeConfiguration mode

UsageThis command is used to enable the forwardall configuration on a port.

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 253

ExamplesZebOS# configure terminalZebOS(config)# set mmrp fwdall enable eth1

set mmrp timer joinUse this command to set the join timer value on an interface.

Command Syntax set mmrp timer join TIMER_VALUE|IF_NAME

TIMER_VALUE An integer in the range of <0-4294967295> representing milliseconds IF_NAME An interface name

DefaultThe default value of the MMRP join timer is 200 milliseconds.

Command ModeConfigure mode

UsageUsing this command sets the join timer value for a specific interface.

ExamplesZebOS# configure terminalZebOS(config)# set mmrp timer join 300 eth1

set mmrp timer leaveallUse this command to set the leaveall timer value on an interface.

Command Syntax set mmrp timer leaveall [TIMER_VALUE|IF_NAME]

TIMER_VALUE An integer in the range <0-4294967295> representing milliseconds IF_NAME The name of an interface

DefaultThe default value of the leaveall timer is 10000 milliseconds.

Command ModeConfigure mode

UsageUsing this command sets the leaveall timer value on a specific interface.

ExamplesZebOS# configure terminalZebOS(config)# set mmrp timer leaveall 20000 eth1

NSM Layer-2 Commands

254 ©2001-2007 IP Infusion Inc. Confidential

set mmrp pointtopoint enableUse this command to enable point-to-point behavior on an MMRP-enabled bridge.

Command Syntaxset mmrp pointtopoint enable BRIDGE

BRIDGE_NAME An integer in the range of <1 - 32>

DefaultPoint-to-point behavior is disabled by default.

Command ModeConfigure mode

UsageUsing this command enables point-to-point behavior on an MMRP-enabled bridge.

ExamplesZebOS# configure terminalZebOS(config)# set mmrp pointtopoint enable bridge 2

set mmrp registration fixedUse this command to set the MMRP registration mode to fixed.

Command Syntaxset mmrp registration fixed IF_NAME

IF_NAME The interface name

DefaultThe default MMRP registration mode is Normal.

Command ModeConfigure mode

UsageThis command is used to set the MMRP registration mode to fixed.

ExamplesZebOS# configure terminalZebOS(config)# set mmrp registration fixed eth1

set mmrp registration forbiddenUse this command to set the MMRP registration mode to forbidden.

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 255

Command Syntaxset mmrp registration forbidden IF_NAME

IF_NAME The interface name

DefaultThe default MMRP registration mode is normal.

Command ModeConfigure mode

UsageUsing this command sets the MMRP management registration mode to forbidden.

ExamplesZebOS# configure terminalZebOS(config)# set mmrp registration forbidden eth1

set mmrp registration normalUse this command to set the MMRP registration mode to normal.

Command Syntaxset mmrp registration normal IF_NAME

IF_NAME The interface name

DefaultThe default MMRP registration mode is normal.

Command ModeConfigure mode

UsageThis command is used to set the MMRP management registration mode to normal.

ExamplesZebOS# configure terminalZebOS(config)# set mmrp registration normal eth1

set port mmrp disableUse this command to disable MMRP on a selected port, or on all ports on a bridge.

Command Syntaxset port mmrp disable IF_NAME|all

IF_NAME The interface name of the portall All interfaces on the bridge

NSM Layer-2 Commands

256 ©2001-2007 IP Infusion Inc. Confidential

DefaultThis setting is disabled by default.

Command ModeConfigure mode

UsageThis command is used to disable MMRP on a selected interface or on all interfaces on a bridge.

ExamplesTo disable MMRP on a selected interface on a bridge, use this command structure:

ZebOS# configure terminalZebOS(config)# set port mmrp disable eth1

To disable MMRP on all interfaces on a bridge, use this command structure:

ZebOS# configure terminalZebOS(config)# set port mmrp disable all

Related Commandsset port mmrp disable vlan

set port mmrp disable vlanUse this command to disable MMRP on a particular VLAN on a port.

Command Syntaxset port mmrp disable IF_NAME vlan VLANID

IF_NAME The interface name of the portVLANID An integer in the range of <1 - 4094> that identifies the VLAN

DefaultThis setting is disabled by default.

Command ModeConfigure mode

UsageThis command is used to disable MMRP on a selected VLAN on a specific interface.

ExamplesZebOS# configure terminalZebOS(config)# set port mmrp disable eth1 vlan 4

Related Commandsset port mmrp disable

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 257

set port mmrp enableUse this command to enable MMRP on a selected port, or on all ports on a bridge.

Command Syntaxset port mmrp enable IF_NAME|all

IF_NAME The interface name of the portall All interfaces on the bridge

DefaultThis setting is disabled by default.

Command ModeConfigure mode

Usage.This command lets you enable MMRP on a selected interface on a bridge or on all interfaces on a bridge

ExamplesTo enable MMRP in a selected interface on a bridge, use this command structure:

ZebOS# configure terminalZebOS(config)# set port mmrp enable eth1

To enable MMRP in all interfaces on a bridge, use this command structure:

ZebOS# configure terminalZebOS(config)# set port mmrp enable all

set port mmrp enable vlanUse this command to enable MMRP on a particular VLAN on a port.

Command Syntaxset port mmrp enable IF_NAME vlan VLANID

IF_NAME The interface name of the portVLANID An integer in the range of <1 - 4094> that identifies the VLAN

DefaultThis setting is disabled by default.

Command ModeConfigure mode

UsageUsing this command enables MMRP functionality on a selected VLAN on a specific port.

ExamplesZebOS# configure terminal

NSM Layer-2 Commands

258 ©2001-2007 IP Infusion Inc. Confidential

ZebOS(config)# set port mmrp enable eth1 vlan 4

Related Commandsset port mmrp enable

show mmrp configurationUse this command to display MMRP related configuration information for the default bridge.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mmrp configuration

Command ModePrivileged Exec mode

Related Commandsshow mmrp configuration bridge

show mmrp configuration bridgeUse this command to display the MMRP configuration for an MMRP-enabled bridge.

Command Syntaxshow mmrp configuration bridge BRIDGE_NAME

BRIDGE_NAME An integer in the range of <1 - 32>

Command ModeExec mode

UsageThe following sample output from this command displays MMRP-related configuration information for bridge 2.

ZebOS# show mmrp configuration bridge 2Global MMRP Configuration for bridge :2MMRP Feature: EnabledPort based MMRP Configuration:Timers(centiseconds)Port MMRP Status Registration Forward All Join Leave LeaveAll---------------------------------------------------------------------------------------eth2 Enabled Normal Disabled 20 60 1000

ExamplesZebOS# configure terminalZebOS(config)# show mmrp configuration bridge 2

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 259

show mmrp machineUse this command to display the state machine for MMRP, for the default bridge.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mmrp machine

Command ModeExec and Privileged Exec modes

Related Commandsshow mmrp machine bridge

show mmrp machine bridgeUse this command to display the MMRP machine state on a bridge.

Command Syntaxshow mmrp machine bridge BRIDGE_NAME

BRIDGE_NAME An integer in the range of <1 - 32>

Command ModeExec mode

UsageThe following sample output from this command displays the MMRP state machine information.

ZebOS#show mmrp machine bridge 1 port = eth 2 VLAN = 1 applicant state[0] = LO registrar state[0] = MT applicant state[1] = LO registrar state[1] = MT

ExamplesZebOS# configure terminalZebOS(config)# show mmrp machine bridge 2

show mmrp statistics vlanid bridgeUse this command to display MMRP statistics for a specific VLAN bridge.

Command Syntaxshow mmrp statistics vlanid [1-4094] bridge [1-32]

<1-4094> An integer within this range used to identify a VLAN<1-32> An integer within this range used to identify a bridge

Command ModeExec mode

NSM Layer-2 Commands

260 ©2001-2007 IP Infusion Inc. Confidential

UsageThe following sample output from this command displays the MMRP statistics for bridge 1 and VLAN 1.

ZebOS#show mmrp statistics vlanid 1 bridge 1MMRP Statistics for bridge 1 vlan 1---------------------------------------------Total MMRP packets Received: 0Leave alls: 0Join Empties: 0Join Ins: 0New Empties: 0New Ins: 0Empties: 0

Total MMRP packets Transmitted: 0Leave alls: 0Join Empties: 0Join Ins: 0New Empties: 0New Ins: 0Empties: 0

ExamplesZebOS# configure terminalZebOS(config)# show mmrp statistics vlanid 2 bridge 2

show mmrp timerUse this command to display MMRP timer values associated with an interface.

Command Syntaxshow mmrp timer IF_NAME

IF_NAME The interface name

Command ModeConfigure mode

UsageThe following sample output from this command displays all MMRP timer values associated with the interface eth2.

ZebOS#show mmrp timer eth2Timer Timer Value (centiseconds)------------------------------------------Join 20Leave 60Leave All 1000

ExamplesZebOS# configure terminalZebOS(config)# show mmrp timer eth2

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 261

MVRP CommandsThis section contains the Multiple VLAN Registration Protocol (MVRP) commands. MVRP uses the Multiple Registration Protocol (MRP) attribute declaration and propagation features to dynamically establish and update VLAN information, for example, which VLAN has active members and through which ports can those members be reached.

clear mvrp statisticsUse this command to clear the MVRP statistics for an interface.

Command Syntaxclear mvrp statistics IF_NAME

IF_NAME The name of the interface

Default This functionality is disabled by default.

Command ModeExec mode

UsageUsing this command clears all MVRP statistics for a specific interface.

ExamplesZebOS# configure terminalZebOS(config)# clear mvrp statistics eth1

clear mvrp statistics allUse this command to clear the MVRP statistics on all interfaces on an MVRP-enabled bridge.

Command Syntaxclear mvrp statistics all

Default

This functionality is disabled by default.

Command ModeExec mode

UsageUsing this command clears the MVRP statistics for all interfaces on an MVRP-enabled bridge.

ExamplesZebOS# configure terminalZebOS(config)# clear mvrp statistics all

NSM Layer-2 Commands

262 ©2001-2007 IP Infusion Inc. Confidential

clear mvrp statistics bridgeUse this command to clear the MVRP statistics for a bridge.

Command Syntaxclear mvrp statistics bridge BRIDGE_NAME

BRIDGE_NAME An integer in the range of <1 – 32>

DefaultThis functionality is disabled by default.

Command ModeExec mode

UsageUsing this command clears MVRP statistics on a specific MVRP-enabled bridge.

ExamplesZebOS# configure terminalZebOS(config)# clear mvrp statistics bridge 2

set mvrpUse this command to enable (set) and disable (reset) MVRP globally for the default bridge instance. This command does not enable or disable MVRP in all ports of the bridge. After enabling MVRP globally, use the set port mvrp command to enable MMRP on individual ports of the bridge.

Command Syntaxset mvrp enable|disable

enable Enable MVRP on a Layer-2 switch.disable Disable MVRP on a Layer-2 switch

Command modeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# set gvrp enableZebOS(config)# set gvrp disable

Related Commandsset mvrp bridge

set mvrp applicant state activeUse this command to set the MVRP applicant state to active.

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 263

Command Syntaxset mvrp applicant state active IF_NAME

IF_NAME The name of the interface

DefaultThe default MVRP applicant state is normal.

Command ModeConfigure mode

Usage Using this command sets the MVRP applicant state to active.

ExamplesZebOS# configure terminalZebOS(config)# set mvrp applicant state active eth1

set mvrp applicant state normalUse this command to set the MVRP applicant state to normal.

Command Syntaxset mvrp applicant state normal IF_NAME

IF_NAME The name of the interface

DefaultThe default MVRP applicant state is normal.

Command ModeConfigure mode

UsageUsing this command sets the MVRP applicant state to normal.

ExamplesZebOS# configure terminalZebOS(config)# set mvrp applicant state normal eth1

set mvrp disable bridgeUse this command to disable MVRP functionality on a bridge.

Command Syntaxset mvrp disable bridge BRIDGE_NAME

BRIDGE_NAME An integer in the range of <1 - 32>

NSM Layer-2 Commands

264 ©2001-2007 IP Infusion Inc. Confidential

DefaultThis setting is disabled by default.

Command ModeConfigure mode

UsageUsing this command disables MVRP on a specific bridge.

ExamplesZebOS# configure terminalZebOS(config)# set mvrp disable bridge 1

set mvrp dynamic-vlan-creationUse this command to enable or disable dynamic VLAN creation for the default bridge instance.

Command Syntaxset mvrp dynamic-vlan-creation enable|disable

enable Enables dynamic VLAN creation for the default bridge instancedisable Disables dynamic VLAN creation for the default bridge instance

Command modeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# set mvrp dynamic-vlan-creation enableZebOS(config)# set mvrp dynamic-vlan-creation disable

Related Commandsset mvrp dynamic-vlan-creation bridge

set mvrp dynamic-vlan-creation disable bridgeUse this command to disable dynamic VLAN creation on an MVRP-enabled bridge.

Command Syntaxset mvrp dynamic-vlan-creation disable bridge BRIDGE_NAME

BRIDGE_NAME An integer in the range of <1 - 32>

DefaultThis setting is disabled by default.

Command ModeConfigure mode

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 265

UsageUsing this command disables dynamic VLAN creation on a specific MVRP-enabled bridge.

ExamplesZebOS# configure terminalZebOS(config)# set mvrp dynamic-vlan-creation disable bridge 1

set mvrp dynamic-vlan-creation enable bridgeUse this command to enable dynamic VLAN creation on an MVRP-enabled bridge.

Command Syntaxset mvrp dynamic-vlan-creation enable bridge BRIDGE_NAME

BRIDGE_NAME An integer in the range of <1 - 32>

DefaultThis setting is disabled by default.

Command ModeConfigure mode

UsageUsing this command enables dynamic VLAN creation on a specific MVRP-enabled bridge.

ExamplesZebOS# configure terminalZebOS(config)# set mvrp dynamic-vlan-creation enable bridge 1

set mvrp enable bridgeUse this command to enable MVRP functionality on a bridge.

Command Syntaxset mvrp enable bridge BRIDGE_NAME

BRIDGE_NAME An integer in the range of <1 - 32>

DefaultThis setting is disabled by default.

Command ModeConfigure mode

UsageUsing this command enables MVRP functionality on a specific bridge.

ExamplesZebOS# configure terminal

NSM Layer-2 Commands

266 ©2001-2007 IP Infusion Inc. Confidential

ZebOS(config)# set mvrp enable bridge 1

set mvrp timer joinUse this command to set the MVRP join timer value for a selected interface.

Command Syntaxset mvrp timer join TIMER_VALUE|IF_NAME

TIMER_VALUE An integer in the range <0-4294967295> representing millisecondsIF_NAME The name of the interface

DefaultThe default join timer value is 200 milliseconds.

Command ModeConfigure mode

UsageUsing this command sets the MVRP join timer value for a specific interface.

ExamplesZebOS# configure terminalZebOS(config)# set mvrp timer join 300 eth1

set mvrp timer leaveUse this command to set the MVRP leave timer value on an interface.

Command Syntaxset mvrp timer leave TIMER_VALUE|IF_NAME

TIMER_VALUE An integer in the range of <0-4294967295> representing millisecondsIF_NAME The name of the interface

DefaultThe default MVRP leave timer value is 200 milliseconds.

Command ModeConfigure mode

UsageUsing this command sets the MVRP leave timer value for a specific interface.

ExamplesZebOS# configure terminalZebOS(config)# set mvrp timer leave 300 eth1

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 267

set mvrp timer leaveallUse this command to set the MVRP leaveall timer value on an interface.

Command Syntaxset mvrp timer leaveall TIMER_VALUE|IF_NAME

TIMER_VALUE An integer in the range <0-4294967295> representing millisecondsIF_NAME An interface name

DefaultThe default MVRP leaveall timer value is 10000 milliseconds.

Command ModeConfigure mode

UsageUsing this command sets the MVRP leaveall timer value for an interface.

ExamplesZebOS# configure terminalZebOS(config)# set mvrp timer leaveall 20000 eth1

set mvrp pointtopoint enableUse this command to enable point-to-point behavior on a bridge.

Command Syntaxset mvrp pointtopoint enable BRIDGE_NAME

BRIDGE_NAME An integer in the range of <1 - 32>.

DefaultPoint-to-point operation is disabled by default.

Command ModeConfigure Mode

UsageUsing this command enables point-to-point operation on a specific MVRP-enabled bridge.

Examples ZebOS# configure terminalZebOS(config)# set mvrp pointtopoint enable bridge 2

set mvrp registration fixedUse this command to set the MVRP registration mode to fixed.

NSM Layer-2 Commands

268 ©2001-2007 IP Infusion Inc. Confidential

Command Syntaxset mvrp registration fixed IF_NAME

IF_NAME The name of the interface

DefaultThe default MVRP registration mode is normal.

Command ModeConfigure mode

UsageUsing this command sets the MVRP management registration mode to fixed.

ExamplesZebOS# configure terminalZebOS(config)# set mvrp registration fixed eth1

set mvrp registration forbiddenUse this command to set the MVRP registration mode to forbidden.

Command Syntaxset mvrp registration forbidden IF_NAME

IF_NAME The name of the interface.

DefaultThe default MVRP registration mode is normal.

Command ModeConfigure mode

UsageUsing this command sets the MVRP management registration mode to forbidden.

ExamplesZebOS# configure terminalZebOS(config)# set mvrp registration forbidden eth1

set mvrp registration normalUse this command to set the MVRP registration mode to normal.

Command Syntaxset mvrp registration normal IF_NAME

IF_NAME An interface name

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 269

DefaultThe default MVRP registration mode is normal.

Command ModeConfigure mode

UsageUsing this command sets the MVRP management registration mode to normal.

ExamplesZebOS# configure terminalZebOS(config)# set mvrp registration normal eth1

set port mvrp disableUse this command to disable MVRP on a selected port or on all ports on a bridge.

Command Syntaxset port mvrp enable IF_NAME|all

IF_NAME An interface nameall All interfaces on the bridge

DefaultThis setting is disabled by default.

Command ModeConfigure mode

UsageUsing this command disables MVRP on a selected port, or on all ports on a bridge.

ExamplesTo disable MVRP on a selected interface on a bridge, use this command structure:

ZebOS# configure terminalZebOS(config)# set port mvrp disable eth1

To disable MVRP on all interfaces on a bridge, use this command structure:

ZebOS# configure terminalZebOS(config)# set port mvrp disable all

Related Commandsset port mvrp disable vlan

set port mvrp enableUse this command to enable MVRP on a port.

NSM Layer-2 Commands

270 ©2001-2007 IP Infusion Inc. Confidential

Command Syntaxset port mvrp enable IF_NAME|all

IF_NAME The name of the interfaceall All interfaces on a bridge

DefaultThis setting is disabled by default.

Command ModeConfigure mode

UsageUsing this command enables MVRP on a specific interface, or on all interfaces on an MVRP-enabled bridge.

ExamplesTo enable MVRP on a selected interface, use this command structure:

ZebOS# configure terminalZebOS(config)# set port mvrp enable eth1

To enable MVRP on all interfaces, use this command structure:

ZebOS# configure terminalZebOS(config)# set port mvrp enable all

Related Commandsset port mvrp enable vlan

show mvrp configurationUse this command to display the MVRP configurations for a bridge.

Command Syntax show mvrp configuration bridge BRIDGE_NAME

BRIDGE_NAME An integer in the range of <1 – 32>

Command Mode Exec mode

Usage The following is sample output from this command displaying all the MVRP configurations on the MVRP-enabled bridge 1.

ZebOS#show mvrp configuration bridge 1 Global MVRP Configuration for bridge 1:Dynamic Vlan Creation: Enabled Port based MVRP Configuration:

Timers(centiseconds)Port MVRP Status Registration Applicant Join Leave LeaveAll---------------------------------------------------------------------------------------

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 271

eth2 Enabled Normal Normal 20 60 1000

Examples ZebOS# configure terminalZebOS(config)# show mvrp configuration bridge 2

show mvrp configuration allUse this command to display the MVRP configurations of all MVRP-enabled bridges.

Command Syntax show mvrp configuration all

Command ModeExec mode

UsageThe following sample output from this command displays MVRP configurations for all MVRP-enabled bridges.

ZebOS#show mvrp configurationGlobal MVRP Configuration for bridge 1:Dynamic Vlan Creation: EnabledPort based MVRP Configuration:

Timers(centiseconds)Port MVRP Status Registration Applicant Join Leave LeaveAll---------------------------------------------------------------------------------------eth2 Enabled Normal Normal 20 60 1000eth1 Enabled Normal Normal 20 60 1000

ExamplesZebOS# configure terminalZebOS(config)# show mvrp configuration all

show mvrp interface statisticsUse this command to display MVRP statistics for an interface.

Command Syntaxshow mvrp interface statistics IF_NAME

IF_NAME The name of the interface

Command ModeExec mode

UsageThe following sample output from this command displays the MVRP statistics for a specific interface.

ZebOS#show mvrp statistics eth2Bridge: 1

NSM Layer-2 Commands

272 ©2001-2007 IP Infusion Inc. Confidential

Port JoinEmpty JoinIn LeaveEmpty LeaveIn Empty NewIn NewEmpty---------------------------------------------------------------------------------------eth2 RX 0 0 0 0 0 0 0 TX 0 0 0 0 12 0 0

ExamplesZebOS# configure terminalZebOS(config)# show mvrp statistics eth1

show mvrp machine bridgeUse this command to display the MVRP machine state on a specific bridge.

Command Syntaxshow mvrp machine bridge BRIDGE_NAME

BRIDGE_NAME An integer in the range of <1 - 32>

Command ModeExec mode

UsageThe following sample output from this command displays the MVRP machine state on an MVRP-enabled bridge.

ZebOS#show mvrp machine bridge 1port = eth2 applicant state[0] = VO registrar state[0] = IN

ExamplesZebOS# configure terminalZebOS(config)# show mvrp machine bridge 2

show mvrp statisticsUse this command to display MVRP statistics for a bridge.

Command Syntax show mvrp statistics

Command Mode Exec mode

Usage The following sample output from this command displays all MVRP statistics for an MVRP-enabled bridge.

ZebOS#show mvrp statisticsBridge: 1

Port JoinEmpty JoinIn LeaveEmpty LeaveIn Empty NewIn NewEmpty------------------------------------------------------------------------------eth2 RX 0 0 0 0 0 0 TX 0 0 0 4 0 0

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 273

eth1 RX 0 0 0 0 0 0 TX 0 0 0 0 0 0

ExamplesZebOS# configure terminalZebOS(config)# show mvrp statistics

show mvrp timerUse this command to display MVRP timer values associated with a specific interface.

Command Syntax show mvrp timer IF_NAME

IF_NAME The name of the interface

Command Mode Configure mode

Usage The following sample output from this command displays all MVRP timer values associated with a specific interface.

ZebOS#show mvrp timer eth2Timer Timer Value (centiseconds)------------------------------------------Join 20Leave 60Leave All 1000

Examples ZebOS# configure terminalZebOS(config)# show mvrp timer eth2

Provider Bridging CommandsProvider bridging lets a provider organization provide Ethernet Virtual Circuit (EVC) services to the customer. The EVC is recognized by the Service Provider VLAN. The packets through the provider network are doubly tagged with inner (CVLAN) and outer (SVLAN) tags. The CVLAN tag is the customer network VLAN ID. The SVLAN tag is the provider network VLAN ID.

bridge protocol provider-mstpUse this command to create a provider multiple spanning-tree protocol (MSTP) bridge of a specified parameter.

Use the no parameter with this command to unmap the VLANs from a particular instance, and associate them back to the default instance of 0.

Command Syntaxbridge <1-32> protocol provider-mstp

no bridge <1-32>

NSM Layer-2 Commands

274 ©2001-2007 IP Infusion Inc. Confidential

<1-32> Bridge-group ID used for bridging

Command ModeConfigure mode

UsageThe MSTP bridges can have different spanning-tree topologies for different VLANs inside a region of similar MSTP bridges. The multiple spanning tree protocol, like the rapid spanning tree protocol, provides rapid reconfiguration capability, while providing load-balancing ability.

Using this command creates an instance of the spanning tree, and associates the VLANs specified with that instance.

A bridge created by the above command forms its own separate region, unless it is added explicitly to a region by using the region name command.

ExampleZebOS# configure terminalZebOS(config)# bridge 2 protocol provider-mstp

bridge protocol provider-rstpUse this command to add an IEEE 802.1D-2004 Rapid Spanning Tree Protocol (RSTP) bridge.

Command Syntaxbridge <1-32> protocol provider-rstp

<1-32> Bridge-group ID used for bridging

Command ModeConfigure mode

UsageAfter creating a bridge instance, add interfaces to the bridge using the bridge-group command. Bring the bridge instance into operation with the no shutdown command in interface mode.

ExampleZebOS# configure terminalZebOS(config)# bridge 2 protocol provider-rstp

cvlan registration tableUse this command to create a customer VLAN (CVLAN) registration table that will have the mapping between CVLANs and service provider VLANs (SVLANs).

Use the no parameter with this command to delete the CVLAN registration table.

Command Syntaxcvlan registration table WORD

cvlan registration table WORD bridge <1-32>

no cvlan registration table WORD

no cvlan registration table WORD bridge <1-32>

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 275

WORD Name of the CVLAN registration table<1-32> ID of the bridge-group on which the VLAN will be affected

Command ModeConfigure mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport provider-network allowed vlan add 2

cvlan svlanUse this command to create a mapping between the CVLAN and SVLAN.

Use the no parameter with this command to delete the mapping.

Command Syntaxcvlan VLAN_ID svlan VLAN_ID

no cvlan VLAN_ID

no svlan VLAN_ID

CVLAN_ID <1-4094> CVLAN IDSVLAN_ID <1-4094> SVLAN ID to which the CVLAN will be mapped

Command ModeConfigure mode

ExampleZebOS# configure terminalZebOS(config)# cvlan registration table customer1ZebOS(config-cvlan-registration)# cvlan 2 svlan 3ZebOS(config-cvlan-registration)# cvlan 3 svlan 3

l2-protocolUse this command to configure the protocol handling on a customer edge/customer network port.

Command Syntaxl2-protocol PROTOCOL tunnel|discard

PROTOCOL Protocol for the action specified.stp Spanning-tree Protocol (STP)gmrp GARP Multicast Address Registration Protocol (GMRP)gvrp GARP VLAN Registration Protocol (GVRP)mvrp Multiple VLAN Registration Protocol (MVRP)mmrp Mobile Mesh Routing Protocol (MMRP)

tunnel Tunnel the specified protocol on the interface.discard Discard the specified protocol packets on the interface.

NSM Layer-2 Commands

276 ©2001-2007 IP Infusion Inc. Confidential

DefaultThe default action is to tunnel.

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth1ZebOS(config-if)# l2-protocol stp tunnel

switchport allowed vlanUse this command to set the switching characteristics of the Layer-2 interface to the provider-network. The all parameter indicates that any VLAN ID is part of its port’s member set. The none parameter indicates that no VLAN ID is configured on this port. The add and remove parameters will add and remove VLAN IDs to/from the port’s member set.

Command Syntaxswitchport provider-network|customer-network allowed vlan all|none

switchport provider-network|customer-network allowed vlan add|remove|except VLANID

provider-network Provider network port that behaves per the 802.1 AD standard.customer-network Customer network port that behaves per the 802.1 AD standard.all Allow all VLANs to transmit and receive through the Layer-2 interface.none Allow no VLANs to transmit and receive through the Layer-2 interface.add Add a VLAN to the member setremove Remove a VLAN from the member set.except All VLANs, except the VLAN for which the ID is specified, are part of its ports member set.VLANID <2-4094> The ID of the VLAN that will be added to, or removed from, the Layer-2 interface.

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport provider-network allowed vlan add 2

switchport customer-edge access vlanUse this command to change the default customer VLAN on the current interface.

Use the no parameter with this command to remove a previously created customer VLAN with the specified VLAN ID.

Command Syntax(no) switchport customer-edge access vlan VLANID

customer-edge Configured port is a customer-edge port, and the VLAN ID must be a customer VLAN.VLANID <2-4094> Default VLAN ID for the specified interface.

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 277

Command ModeInterface mode

Exampleszebos# configure terminalzebos(config)# interface eth0zebos(config-if)# switchport customer-edge access vlan 3

zebos(config)# interface eth0zebos(config-if)# no switchport customer-edge access vlan

switchport customer-edge hybrid allowed vlanUse this command to set the switching characteristics of the Layer-2 customer facing interface to hybrid. Both tagged and untagged frames will be classified over hybrid interfaces.

Use the no parameter with this command to turn off allowed customer-edge hybrid switching.

Command Syntaxswitchport customer-edge hybrid allowed vlan all|none

switchport customer-edge hybrid allowed vlan add VLANID egress-tagged enable|disable

switchport customer-edge hybrid allowed vlan remove VLANID

customer-edge Configured port is a customer-edge port, and the VLAN ID must be a customer VLAN.all Allow all VLANs to transmit and receive through the Layer-2 interface.none Allow no VLANs to transmit and receive through the Layer-2 interface.add Add a VLAN to the member set.remove Remove a VLAN from the member set.VLANID <2-4094> ID of the VLAN that will be added to, or removed from, the Layer-2 interface.egress-tagged

enable Enable the egress tagging for the outgoing frames.disable Disable the egress tagging for the outgoing frames.

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport customer-edge hybrid allowed vlan add 2 egress-tagged enable

switchport customer-edge hybrid vlanUse this command to set the switching characteristics of the Layer-2 customer facing interface to hybrid.

Use the no parameter with this command to turn off customer-edge hybrid switching.

NSM Layer-2 Commands

278 ©2001-2007 IP Infusion Inc. Confidential

Command Syntaxswitchport customer-edge hybrid vlan VLANID

no switchport customer-edge hybrid vlan

customer-edge Configured port is a customer-edge port, and the VLAN ID must be a customer VLAN.VLANID <2-4094> ID of the VLAN that will be added to, or removed from, the Layer-2 interface.

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport customer-edge hybrid vlan 2

switchport customer-edge vlan registrationUse this command to apply a mapping to the customer edge port.

Use the no parameter with this command to delete the mapping from the interface.

Command Syntaxswitchport customer-edge vlan registration WORD

no switchport customer-edge vlan registration

WORD Name of the CVLAN registration table

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth1ZebOS(config-if)# switchport customer-edge vlan registration customer1

switchport customer-network vlan translationUse this command to add a translation table entry for SVLANs on a customer network port.

Use the no parameter with this command to delete a translation table entry for SVLANs on a customer network port.

Command Syntaxswitchport customer-network vlan translation svlan RVLAN_ID svlan TVLAN_ID

no switchport customer-network vlan translation svlan RVLAN_ID svlan TVLAN_ID

RVLAN_ID <2-4094> ID of the SVLAN to be translated.TVLAN_ID <2-4094> ID of the translated SVLAN.

Command ModeInterface mode

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 279

ExampleZebOS# configure terminalZebOS(config)# interface eth1ZebOS(config-if)# switchport customer-network vlan translation svlan 10 svlan 20

switchport modeUse this command to set the switching characteristics of the Layer-2 as provider-network or customer-network, and specify only tagged frames. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria.

Command Syntaxswitchport mode provider-network|customer-network (ingress-filter enable|disable)

provider-network Provider network port that behaves per the 802.1 AD standard.customer-network Customer network port that behaves per the 802.1 AD standard.ingress-filter Set the ingress filtering for the received frames.

enable Set the ingress filtering for received frames. Received frames that cannot be classified in the previous step based on the acceptable frame type parameter (access/trunk) are discarded.

disable Turn off ingress filtering to accept frames that do not meet the classification criteria. This is the default value.

DefaultThe result of not using this command is that ingress filtering is off, and that all frame types are classified and accepted.

Using this command without the ingress-filter parameter causes this command to use the default values.

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport mode provider-network ingress-filter enable

switchport mode customer-edge accessUse this command to set the switching characteristics of the Layer-2 customer facing interface to access mode, and classify only untagged frames. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria.

Command Syntaxswitchport mode customer-edge access (ingress-filter enable|disable)

customer-edge Configured port is a customer-edge port.ingress-filter Set the ingress filtering for the received frames.

enable Set the ingress filtering for received frames. Received frames that cannot be classified in the previous step based on the acceptable frame type parameter (access/trunk) are discarded.

disable Turn off ingress filtering to accept frames that do not meet the classification criteria. This is the default value.

NSM Layer-2 Commands

280 ©2001-2007 IP Infusion Inc. Confidential

DefaultThe result of not using this command is that ingress filtering is off, and that all frame types are classified and accepted.

Using this command without the ingress-filter parameter causes this command to use the default values.

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport mode customer-edge access ingress-filter enable

switchport mode customer-edge hybridUse this command to set the switching characteristics of the Layer-2 customer facing interface as hybrid, and classify both tagged and untagged frames. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria.

Use the no parameter to reset the mode of the Layer-2 interface to access (default).

Command Syntaxswitchport mode customer-edge hybrid

switchport mode customer-edge hybrid ingress-filter enable|disable

switchport mode customer-edge hybrid acceptable-frame-type vlan-tagged

no switchport mode

customer-edge The port that is configured is a customer edge port.ingress-filter Set the ingress filtering for the frames received.

enable Set the ingress filtering for received frames. Received frames that cannot be classified in the previous step based on the acceptable frame type parameter (access/trunk) are discarded.

disable Turn off ingress filtering to accept frames that do not meet the classification criteria. This is the default value.

acceptable-frame-type Set the Layer-2 interface acceptable frame types. This processing occurs after VLAN classification.

vlan-tagged Accept only classified frames which belong to the port's member set.

DefaultThe result of not using this command is that ingress filtering is off, and that all frame types are classified and accepted.

Using this command without either ingress-filter or acceptable-frame-type parameters causes this command to use the default values for each.

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport mode customer-edge hybrid acceptable-frame-type vlan-tagged

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 281

switchport mode customer-edge trunkUse this command to set the switching characteristics of the Layer-2 customer facing interface as trunk, and specify only tagged frames. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria.

Command Syntaxswitchport mode customer-edge trunk (ingress-filter enable|disable)

customer-edge The port that is configured is a customer edge port.ingress-filter Set the ingress filtering for the frames received.

enable Set the ingress filtering for received frames. Received frames that cannot be classified in the previous step based on the acceptable frame type parameter (access/trunk) are discarded.

disable Turn off ingress filtering to accept frames that do not meet the classification criteria. This is the default value.

DefaultThe result of not using this command is that ingress filtering is off, and that all frame types are classified and accepted.

Using this command without the ingress-filter parameter causes this command to use the default values.

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport mode customer-edge trunk ingress-filter enable

switchport provider-edge vlanUse this command to set the switching characteristics of the Layer-2 logical provider edge port. By default, egress tagging is enabled for all VLANs on the provider edge ports.

Command Syntaxswitchport provider-edge allowed vlan VLANID (egress-tagged enable|disable)

provider-edge The port is the logical port created by the SVLAN on the customer edge port. The VLAN ID must be a customer VLAN, and a mapping for the customer VLAN must already be configured.

VLANID <2-4094> The ID of the VLAN to be configured.egress-tagged

enable Enable the egress tagging for the outgoing frames.disable Disable the egress tagging for the outgoing frames.

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport provider-edge allowed vlan 2 egress-tagged enable

NSM Layer-2 Commands

282 ©2001-2007 IP Infusion Inc. Confidential

switchport provider-network vlan translationUse this command to add a translation table entry for CVLANs on a provider network port.

Use the no parameter with this command to delete a translation table entry for CVLANs on a provider network port.

Command Syntaxswitchport provider-network vlan translation svlan RSVLAN_ID cvlan RCVLAN_ID cvlan TCVLAN_ID

no switchport provider-network vlan translation svlan RSVLAN_ID cvlan RCVLAN_ID

RSVLAN_ID <2-4094> ID of the SVLAN to be translated.RCVLAN_ID <2-4094> ID of the CVLAN to be translated.TCVLAN_ID <2-4094> ID of the translated CVLAN.

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth1ZebOS(config-if)# switchport provider-network vlan translation svlan 10 cvlan 10 cvlan 20

switchport trunk customer-edge allowed vlanUse this command to set the switching characteristics of the customer facing Layer-2 interface to trunk. The all parameter indicates that any VLAN ID is part of its port’s member set. The none parameter indicates that no VLAN ID is configured on this port. The add and remove parameters will add and remove VLAN IDs to/from the port’s member set.

Command Syntaxswitchport customer-edge trunk allowed vlan all|none

switchport customer-edge trunk allowed vlan add|remove|except VLANID

customer-edge The port that is configured is a customer edge port, and the VLAN ID must be a customer VLAN.

all Allow all VLANs to transmit and receive through the Layer-2 interface.none Allow no VLANs to transmit and receive through the Layer-2 interface.add Add a VLAN to the member set.except All VLANs, except the VLAN for which the ID is specified, are part of its ports member set.remove Remove a VLAN from the member set.VLANID <2-4094> ID of the VLAN that will be added to, or removed from, the Layer-2 interface.

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 283

ZebOS(config-if)# switchport customer-edge trunk allowed vlan add 2

vlan typeUse this command to idenitify a VLAN as either a customer VLAN (CVLAN) or a service VLAN (SVLAN), name the VLAN, enable or disable it and specify point-to-point or multipoint-to-mulitpoint operation.

Command Syntaxvlan VLANID type customer|service bridge <1-32> name VLAN_NAME state enable|disable point-point|multipoint-multipointno vlan VLANID type customer|service bridge <1-32>

VLANID The VID of the VLAN to be enabled or disabled on the bridge in the range <2-4094>.type The type of the VLAN; specifies a CVLAN or an SVLAN<1-32> The ID of the bridge group for which the VLAN is affectedVLAN_NAME The ASCII name of the VLAN with a maximum allowable length of 16 charactersenable Sets the VLAN to an enabled statedisable Sets the VLAN to a disabled statepoint-point Denotes that this VLAN has two edge nodes, which can be access ports or customer-edge

portsmultipoint-multipoint Denotes that this VLAN has two edge nodes, which can be access ports or

customer-edge ports

Command ModeVLAN Configuration mode

ExamplesZebOS# configure terminalZebOS(config)# vlan databaseZebOS(config-vlan)#vlan 45 type service bridge 2 point-point

vlan type access-mapUse this command to configure the VLAN access control list.

Command Syntaxvlan type VLANTYPE access-map NAME <1-65535>

VLANTYPE Type of VLANcustomer

service

NAME Name of the VLAN access map<1-65535> Sequence to insert to, or delete from, the existing access-map entry

Command ModeConfigure mode

ExampleZebOS# configure terminalZebOS(config)# vlan type customer access-map ACL1 1

NSM Layer-2 Commands

284 ©2001-2007 IP Infusion Inc. Confidential

vlan type bridgeThis command enables or disables the state of a particular customer or service VLAN on a bridge basis. Specifying the disable state causes all forwarding over the specified VLAN ID on the specified bridge to cease. Specifying the enable state allows forwarding of frames on the specified VLAN-aware bridge.

Use the no parameter with this command to delete a VLAN.

Command Syntaxvlan VLANID type VLANTYPE bridge <1-32> (name VLAN_NAME) state enable|disable

no vlan VLANID type VLANTYPE bridge <1-32>

VLANID <2-4094> ID of the VLAN that will be enabled or disabled on the bridge.VLANTYPE Type of VLAN.

customer

service

<1-32> ID of the bridge-group on which the VLAN will be affected.VLAN_NAME Optional. ASCII name of the VLAN. Maximum length: 16 characters.enable Sets VLAN into an enable state.disable Sets VLAN into a disable state.

Command ModeVLAN Configuration mode

ExampleZebOS# configure terminalZebOS(config)# vlan databaseZebOS(config-vlan)#vlan 45 type service bridge 2 name vlan2 state enable

MEF UNIThis section contains commands for the Metro Ethernet Forum User Netword Interface (MSF UNI).

ce-vlan preserve-cos <1-4094>Use this command to configure Customer Edge (CE) VLAN class of service (COS) preservation for a particular SVLAN. Use the no for of this command to unset preserve-cos.

Command Syntaxce-vlan preserve-cos <1-4094>no ce-vlan preserve-cos <1-4094>

<1-4094> VLAN ID of the service VLAN for which the COS of the CVLANs must be preserved

Command ModeConfigure mode

ExamplesZebOS# configure terminal

NSM Layer-2 Commands

©2001-2007 IP Infusion Inc. Confidential 285

ZebOS(config)# ce-vlan preserve-cos 2

ethernet uniUse this command to configure service multiplexing and bundling on a UNI. Use the no option with this command to remove service multiplexing and bundling from a UNI.

Command Syntaxethernet uni [bundle all-to-one|multiplex]no ethernet uni {bundle all-to-one|multiplex}

bundle CVLAN registration table with only one SVLAN supported on the UNI. Multiple CVLANs can be mapped to the SVLAN.

multiplex UNI supports multiplexing without bundling (one or more) SVLANs with a single CVLAN mapped to each SVLAN.

all-to-one CVLAN registration table with only one SVLAN supported on the UNI. All CVLANs must be mapped to the SVLAN.

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth1ZebOS(config-if)# ethernet uni bundle

ethernet uni id NAMEUse this command to configure the UNI ID of an interface. Use the no form of this command to remove a UNI ID from an interface.

Command Syntaxethernet uni id NAMEno ethernet uni id NAME

NAME Name of the UNI. The maximum allowable length of the name is 64 characters.

UsageThis command can only be given for a customer edge port.

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth1

2protocol-tunnelUse this command in the interface mode to configure the protocol handling on a customer edge/customer network port. The VLAN ID should be given as input only for DOT1x and LACP.

NSM Layer-2 Commands

286 ©2001-2007 IP Infusion Inc. Confidential

Use this command in the configure mode to configure the protocol handling for a particular SVLAN. When using this command in the configure mode, the peer option cannot be used. The peer option also cannot be used with the GVRP/ MVRP protocols.

Command Syntaxl2protocol-tunnel stp|gvrp|gmrp|mvrp|mmrp|lacp|dot1x peer|tunnel|discard <1-4094>

stp|gmrp|gvrp|mvrp|mmrp|dot1x|lacp Protocol for the action specifiedpeer Peer the specified protocol on the interface or service VLAN.tunnel Tunnel the specified protocol on the interface or service VLAN.discard Discard the specified protocol packets on the interface or service VLAN.

DefaultThe default actions for interfaces are tunnel for GMRP/MMRP, peer for LACP, 802.1x and STP, and discard for GVRP/ MVRP.

Note: The Peer option is valid only for STP, LACP and 802.1x.

DefaultThe default action for a Service VLAN is to tunnel.

Command ModeInterface mode

Configure mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth1ZebOS(config-if)# l2protocol-tunnel stp tunnel

©2001-2007 IP Infusion Inc. Confidential 287

CHAPTER 13 NSM LACP Commands

channel-group modeUse this command to add a port to a channel group specified by the channel group number (<1-12>). This command enables link aggregation on a port, so that it may be selected for aggregation by the local system.

Command Syntaxchannel-group <1-12> mode (active|passive)

<1-12> Specify a channel group number.active Enable initiation of LACP negotiation on a portpassive Disable initiation of LACP negotiation on a port

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# channel-group 4 mode active

Related Commandsno channel-group

no channel-groupUse this command to turn off link aggregation on a port.

Command Syntaxno channel-group

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface eht0ZebOS(config-if)# no channel-group

Related Commandschannel-group mode

NSM LACP Commands

288 ©2001-2007 IP Infusion Inc. Confidential

show etherchannelUse this command to display information about an Ether channel specified by the channel-group number.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow etherchannel <1-12>

Command modePrivileged Exec mode

ExampleZebOS# show etherchannel 5

show static-channel-groupUse this command to display all configured static aggregators and their corresponding member ports.

Command Syntaxshow static-channel-group

Command ModePrivileged Exec mode

ExamplesZebOS# show static-channel-group% Static Aggregator: sa1% Member: eth0 eth1% Static Aggregator: sa2% Member: eth2

NSM LACP Commands

©2001-2007 IP Infusion Inc. Confidential 289

static-channel-groupUse this command to create a static aggregator, or add a member port to an already-existing static aggregator. Use the no parameter with this command to detach the port from the static aggregator.

Command Syntaxstatic-channel-group <1-12>

no static-channel-group

<1-12> Channel group number.

Command ModeInterface mode

UsageThis command adds the interface to the static aggregator with the specified key. If the aggregator does not exist, it is created, and the interface is added to it. The no prefix detaches the port from the static aggregator. If the port is the last member to be detached, the static aggregator is deleted.

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# static-channel-group 2

NSM LACP Commands

290 ©2001-2007 IP Infusion Inc. Confidential

©2001-2007 IP Infusion Inc. Confidential 291

CHAPTER 14 NSM VPLS Commands

mpls vplsUse this command to create an instance of Virtual Private LAN Service (VPLS). It also switches the command mode to VPLS mode.

Use the no parameter to delete a VPLS instance.

Command Syntax(no) mpls vpls NAME [<1-100000>]

NAME Specifies a string for identifying the VPLS instance.<1-100000> Specifies a 32-bit VPLS identifier value. This value must be specified for creating a new

VPLS instance. It might not be specified if a pre-existing VPLS instance is being updated.

Command ModeConfigure mode

ExamplesZebOS# configure terminalZebOS(config)# mpls vpls test 34ZebOS(config-vpls)#

mpls-vplsUse this command to associate an interface with a VPLS instance.

Use the no parameter to delete VPLS instance.

Command Syntax(no) mpls-vpls NAME

NAME Specifies a string identifying the VPLS instance.

Command ModeInterface mode

ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# mpls-vpls t1

show mpls vplsUse this command to display all configured VPLS instances. Specify the name of a VPLS instance for displaying information about a specific instance.

NSM VPLS Commands

292 ©2001-2007 IP Infusion Inc. Confidential

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls vpls (NAME)

NAME specifies the string identifying a VPLS instance.

Command ModeExec and Privileged Exec mode

UsageUsing show mpls vpls command without parameters displays information about all VPLS instances. The following are two sample outputs displaying information about all VPLS instances and a specified instance.

ZebOS# show mpls vpls Name VPLS-ID Type MPeers SPeers Statet1 1 Ethernet VPLS 2 1 Activet2 2 Ethernet VPLS 2 0 Active

ZebOS# show mpls vpls t1Virtual Private LAN Service Instance: t1, ID: 1 Group ID: 0, VPLS Type: Ethernet VPLS, Configured MTU: 0 Description: none Configured interfaces: none Mesh Peers: 192.168.0.80 (Up) 192.168.0.90 (Up) Spoke Peers: t100 (Up)

ExampleZebOS# show mpls vpls VPLS1

show mpls vpls detailUse this command to display detailed information about all configured VPLS instances.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls vpls detail

Command ModeExec and Privileged Exec mode

UsageThe following is a sample output of the show mpls vpls detail command displaying detailed information about all configured VPLS instances.

ZebOS# show mpls vpls detail Virtual Private LAN Service Instance: t1, ID: 1 Group ID: 0, VPLS Type: Ethernet VPLS, Configured MTU: 0

NSM VPLS Commands

©2001-2007 IP Infusion Inc. Confidential 293

Description: none Configured interfaces: none Mesh Peers: 192.168.0.80 (Up) 192.168.0.90 (Up) Spoke Peers: t100 (Up)

Virtual Private LAN Service Instance: t2, ID: 2 Group ID: 0, VPLS Type: Ethernet VPLS, Configured MTU: 0 Description: none Configured interfaces: none Mesh Peers: 192.168.0.80 (Up) 192.168.0.90 (Up)

ExampleZebOS# show mpls vpls detail

show mpls vpls meshUse this command to display information about all the core Virtual Circuit (VC) connections for all VPLS instances. Specify the name of a VPLS instance for displaying information about a specific instance.

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls vpls (NAME) mesh

NAME specifies the string identifying a VPLS instance.

Command ModeExec and Privileged Exec mode

UsageThe following is a sample output of the show mpls vpls mesh command displaying information about all the core VC connections for all VPLS instances.

ZebOS# show mpls vpls mesh VPLS-ID Peer Addr In-Intf In-Label Out-Intf Out-Label Lkps/St1 192.168.0.80 eth0 16 eth0 640 1/Up1 192.168.0.90 eth1 18 eth1 642 1/Up2 192.168.0.80 eth0 19 eth0 641 1/Up2 192.168.0.90 eth1 17 eth1 643 1/Up

ExampleZebOS# show mpls vpls VPL1 meshZebOS# show mpls vpls mesh

show mpls vpls spokeUse this command to display information about all the spoke VC connections for all VPLS instances. Specify the name of a VPLS instance for displaying information about a specific instance.

NSM VPLS Commands

294 ©2001-2007 IP Infusion Inc. Confidential

To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.

Command Syntaxshow mpls vpls (NAME) spoke

NAME specifies the string identifying a VPLS instance

Command ModeExec and Privileged Exec mode

UsageThe following is a sample output of the show mpls vpls spoke displaying the spoke VC connection to the VPLS instance.

ZebOS# show mpls vpls spoke VPLS-ID Virtual Circuit In-Intf In-Label Out-Intf Out-Label Lkps/St1 t100 eth2 20 eth2 640 1/Up

ExampleZebOS# show mpls vpls spokeZebOS# show mpls vpls VP1 spoke

vpls-descriptionUse this command to add a description line for a VPLS instance.

Use the no parameter to remove a VPLS description line.

Command Syntax(no) vpls-description LINE

LINE specifies a description line for this VPLS.

Command ModeVPLS Mode

ExampleZebOS# configure terminalZebOS(config)# mpls vpls test 34ZebOS(config-vpls)# vpls-description This is for testing

vpls-mtuUse this command to set the Maximum Transmission Unit (MTU) size for a given VPLS instance. This size is signaled to peer VPLS routers.

Use the no parameter to unset the MTU size.

Command Syntax(no) vpls-mtu <576-65535>

<576-65535> Allowed MTU size to be used for a given VPLS instance.

NSM VPLS Commands

©2001-2007 IP Infusion Inc. Confidential 295

Command ModeVPLS Mode

ExampleZebOS# configure terminalZebOS(config)# mpls vpls test 34ZebOS(config-vpls)# vpls-mtu 6506

vpls-peerUse this command to create a VPLS Virtual Circuit with a core router.

Use the no parameter to delete the VPLS Virtual Circuit to a specified peer.

Command Syntax(no) vpls-peer A.B.C.D

A.B.C.D Specifies the IP address of a VPLS peer node to which a mesh Virtual Circuit is to be created.

Command Mode VPLS Mode

UsageThe Virtual Circuit ID is the same as the VPLS ID configured for this VPLS. At least one such peer configuration is required for every VPLS instance.

ExampleZebOS# configure terminalZebOS(config)# mpls vpls test 34ZebOS(config-vpls)# vpls-peer 10.10.0.34

vpls-vcUse this command to bind an instance of MPLS Virtual Circuit to VPLS.

Use the no parameter to unbind the specified Virtual Circuit from a VPLS instance.

Command Syntax(no) vpls-vc NAME

NAME is a string identifying the MPLS Virtual Circuit to be added to this VPLS instance.

Command ModeVPLS Mode

UsageA given Virtual Circuit can either be bound to an interface or a VPLS instance, but not to both at the same time. This VC is generally termed as spoke VC as it connects a core VPLS router to a spoke node.

NSM VPLS Commands

296 ©2001-2007 IP Infusion Inc. Confidential

ExampleZebOS# configure terminalZebOS(config)# mpls vpls test 34ZebOS(config-vpls)# vpls-vc VC1

©2001-2007 IP Infusion Inc. Confidential 297

CHAPTER 15 Tunneling Commands

This chapter contains ZebOS commands related to IP tunneling. These commands are available only if tunneling configuration options are enabled when compiling the kernel (for example, IP:Tunneling under Networking Options). Refer to Configuring and Compiling the Linux Kernel appendix in the ZebOS Installation Guide for details.

interface tunnelUse this command to create a new tunnel interface.

Use the no parameter to destroy the tunnel interface.

Command Syntax(no) interface tunnel <0-2147483647>

DefaultDisabled

Command ModeConfigure mode

UsageThis command creates a new tunnel interface.

Example ZebOS# configure terminal ZebOS(config)# interface tunnel 100 ZebOS(config-if)#

Related Commandstunnel mode, tunnel source, tunnel destination

tunnel checksumUse this command to enable a checksum feature for the tunnel. Use the no parameter to disable the feature.

Command Syntax(no) tunnel checksum

DefaultDisabled

Command ModeInterface mode

Tunneling Commands

298 ©2001-2007 IP Infusion Inc. Confidential

UsageThis command enables a checksum feature for the tunnel. When configuring the tunnel checksum, make sure to:

• configure the tunnel checksum feature before configuring the tunnel source and destination.

• configure the tunnel checksum on both ends of the tunnel.

Example ZebOS# configure terminal ZebOS(config)# interface tunnel 0 ZebOS(config-if)# tunnel mode gre ZebOS(config-if)# tunnel checksum ZebOS(config-if)# tunnel source 192.168.1.1 ZebOS(config-if)# tunnel destination 192.168.254.2

Related Commandsinterface tunnel, tunnel mode, tunnel source, tunnel destination

tunnel destinationUse this command to specify a tunnel destination address in an IPv4 portion. Use the no parameter to unspecify the address.

Command Syntax(no) tunnel destination A.B.C.D

A.B.C.D Tunnel destination IPv4 address

Command ModeInterface mode

UsageThis command specify a tunnel destination address.

Example ZebOS# configure terminal ZebOS(config)# interface tunnel 200 ZebOS(config-if)# tunnel mode ipip ZebOS(config-if)# tunnel source 10.10.0.1 ZebOS(config-if)# tunnel destination 10.11.0.1

Related CommandsInterface tunnel, tunnel mode, tunnel source

tunnel modeUse this command to configure an IPv4 tunnel mode.

Use the no parameter to unconfigure the mode.

Tunneling Commands

©2001-2007 IP Infusion Inc. Confidential 299

Command Syntax (no) tunnel mode (gre|ipip)

gre Generic Routing Encapsulation (GRE) tunnel mode.ipip IPIP tunnel mode.

Command ModeInterface mode

UsageThis command specifies a tunnel encapsulation mode. Currently, GRE and IPIP mode are supported. The GRE tunnel mode is used for IPv4 to IPv4 tunneling, as well as, IPv6 to IPv4 tunneling.

Example ZebOS# configure terminal ZebOS(config)# interface tunnel 2 ZebOS(config-if)# tunnel source 192.168.1.1 ZebOS(config-if)# tunnel destination 192.168.2.1 ZebOS(config-if)# tunnel mode gre

Related CommandsInterface tunnel, tunnel mode ipv6ip, tunnel source, tunnel destination

tunnel mode ipv6ipUse this command to specify the IPv6 transition tunnel mode.

Use the no parameter to unconfigure the mode.

Command Syntax(no) tunnel mode ipv6ip (6to4|isatap)

6to4 6to4 automatic tunnel mode.isatap ISATAP automatic tunnel mode.Note: Using this command without the 6to4 or isatap parameters specifies manual configuration

mode.

Command ModeInterface mode

UsageThis command specifies a tunnel encapsulation mode for IPv6 in IPv4.

Example ZebOS# configure terminal ZebOS(config)# interface tunnel 0 ZebOS(config-if)# tunnel source 10.10.1.1 ZebOS(config-if)# tunnel destination 10.10.2.1 ZebOS(config-if)# tunnel mode ipv6ip

Tunneling Commands

300 ©2001-2007 IP Infusion Inc. Confidential

Related CommandsInterface tunnel, tunnel mode, tunnel source, tunnel destination

tunnel path-mtu-discoveryUse this command to enable path Maximum Transmission Unit (MTU) discovery in the underlying tunnel interface.

Use the no parameter to disable this feature.

Command Syntax(no) tunnel path-mtu-discovery

DefaultDisabled

Command ModeInterface mode

UsageThis command enables the path MTU discovery feature in the underlying physical interface.

Example ZebOS# configure terminal ZebOS(config)# interface tunnel 0 ZebOS(config-if)# tunnel mode gre ZebOS(config-if)# tunnel source 192.168.0.1 ZebOS(config-if)# tunnel destination 10.0.0.1 ZebOS(config-if)# tunnel path-mtu-discovery

Related CommandsInterface tunnel, tunnel mode, tunnel source, tunnel destination, tunnel ttl

tunnel sourceUse this command to specify a tunnel source address in a IPv4 portion.

Use the no parameter to unspecify the tunnel source address.

Command Syntax(no) tunnel source A.B.C.D

A.B.C.D IPv4 tunnel source address

Command ModeInterface mode

UsageThis command specifies a tunnel source address.

Tunneling Commands

©2001-2007 IP Infusion Inc. Confidential 301

Example ZebOS# configure terminal ZebOS(config)# interface tunnel 0 ZebOS(config-if)# tunnel mode gre ZebOS(config-if)# tunnel destination 10.10.1.1 ZebOS(config-if)# tunnel source 10.11.2.1

Related Commandsinterface tunnel, tunnel mode, tunnel destination

tunnel tosUse this command to specify a value of Type of Service (TOS) in the tunnel IPv4 encapsulation header.

Use the no parameter to make 0 the default value.

Command Syntax(no) tunnel tos <0-255>

DefaultThe default TOS value is 0.

Command ModeInterface mode

UsageThis command specifies a value of Type of Service (TOS) in the tunnel IPv4 encapsulation header.

Example ZebOS# configure terminal ZebOS(config)# interface tunnel 0 ZebOS(config-if)# tunnel mode gre ZebOS(config-if)# tunnel destination 192.168.10.2 ZebOS(config-if)# tunnel source 192.168.11.1 ZebOS(config-if)# tunnel tos 10

Related CommandsInterface tunnel, tunnel mode, tunnel source, tunnel destination

tunnel ttlUse this command to specify a value of Time to Live (TTL) in the tunnel IPv4 encapsulation header.

Use the no parameter to inheriting the underlying physical interface value by default.

Command Syntax(no) tunnel ttl <1-255>

Tunneling Commands

302 ©2001-2007 IP Infusion Inc. Confidential

DefaultBy default, physical interface value is inherited.

Command ModeInterface mode

UsageThis command specifies a value of Time to Live (TTL) in the tunnel IPv4 encapsulation header. Enable the path-mtu-discovery before setting the TTL value. However, the first time you set the TTL value, and the path-mtu-discovery is not set, the system automatically enables the path-mtu-discovery.

Example ZebOS# configure terminal ZebOS(config)# interface tunnel 0 ZebOS(config-if)# tunnel mode gre ZebOS(config-if)# tunnel destination 192.168.128.1 ZebOS(config-if)# tunnel source 192.168.0.1 ZebOS(config-if)# tunnel ttl 255

Related Commandstunnel path-mtu-discovery

©2001-2007 IP Infusion Inc. Confidential 303

CHAPTER 16 Remote Monitoring Commands

This chapter contains all Remote Monitoring (RMON) related commands in alphabetical order.

rmon alarmUse this command to configure alarm parameters, such as, alarm type, thresholds, and corresponding events on crossing the threshold for a particular variable.

Use the no form of this command to remove the alarm configuration.

Command Syntaxrmon alarm IX_VAL OID_VAR interval <1-65535> SAMPLE_TYPE rising-threshold <1-65535> event <1-65535> falling-threshold <1-65535> event <1-65535> (owner WORD)

no rmon alarm IX_VAL

IX_VAL = 1-65535 Alarm entry index valueOID_VAR = WORD Variable Object Identifier (OID) name to be monitoredinterval Polling interval in secondsSAMPLE_TYPE = delta|absolute Alarm sample typerising-threshold Rising threshold value of the alarm entry

event Event corresponding to the alarm crossing the rising threshold value of the alarm entryfalling-threshold Falling threshold value of the alarm entry

event Event corresponding to the alarm crossing the falling threshold value of the alarm entryowner Owner name to identify entry

Command ModeConfigure mode

DefaultNo default alarm is created.

ExamplesZebOS# configure terminalZebOS(config)# rmon alarm 229 etherStatsEntry.1.5 interval 50 delta rising-threshold 400 falling-threshold 600

rmon collection historyUse this command to configure a history statistics control group. History statistics parameters can be requested buckets, interval, and owner name on a particular interface. The number of history statistics buckets, and the interval to collect them, can be specified. The system based on the available memory configures the granted buckets.

Use the no form of this command to remove the history control configuration.

Remote Monitoring Commands

304 ©2001-2007 IP Infusion Inc. Confidential

Command Syntaxrmon collection history IX_VAL (buckets <1-65535>) (interval <1-3600>) (owner WORD)

no rmon collection history IX_VAL

IX_VAL = 1-65535 History control entry index valueinterval Polling interval in secondsbuckets Number of requested bucketsowner Owner name to identify the entry

Command ModeInterface mode

DefaultThere is no default collection history configuration.

UsageThe granted buckets are same as the requested buckets.

ExamplesZebOS# configure terminal ZebOS(config)# interface eth1ZebOS(config-if)# rmon collection history 200 buckets 500 interval 600 owner herbert

rmon collection statsUse this command to configure an Ethernet statistics parameter, such as, index and owner name, on a particular interface.

Use the no form of this command to remove the collection statistics configuration.

Command Syntaxrmon collection stats IF_INDEX <1-65535> (owner WORD)

no rmon collection stats <1-65535>

IF_INDEX Interface Indexowner Owner name to identify the entry

Command ModeInterface mode

DefaultEthernet statistics probe is not running.

ExamplesZebOS# configure terminal ZebOS(config)# interface eth1ZebOS(config-if)# rmon collection stats 200 owner herbert

Remote Monitoring Commands

©2001-2007 IP Infusion Inc. Confidential 305

rmon eventUse this command to configure event parameters, such as, event type, description, and the community string corresponding to the trap if the event type is trap.

Use the no form of this command to remove the event configuration.

Command Syntaxrmon event IX_VAL TYPE (description WORD) (owner WORD)

no rmon event IX_VAL

IX_VAL = 1-65535 Event entry index valueTYPE = log|trap WORD|log trap WORD Event type

log Log event typetrap Trap event typelog trap Log and trap event typeWORD Community string corresponding to the trap

description Event entry descriptionowner Owner name to identify the entry

Command ModeConfigure mode

DefaultNo default event is created.

UsageThe configured trap community does not take effect as the trap sending is handled by the SNMP daemon.

ExamplesZebOS# configure terminal ZebOS(config)# rmon event 299 log description cond3 alfred

show rmon alarmUse this command to display the alarms and threshold configured for the RMON probe.

Command Syntaxshow rmon alarm

Command ModeExec and Privileged Exec modes

ExamplesZebOS# show rmon alarm

Remote Monitoring Commands

306 ©2001-2007 IP Infusion Inc. Confidential

show rmon eventUse this command to display the events configured for the RMON probe.

Command Syntaxshow rmon event

Command ModeExec mode

ExamplesZebOS# show rmon event

show rmon historyUse this command to display the history Ethernet statistics collected on a particular interface.

Command Syntaxshow rmon history

Command ModeExec mode

ExamplesZebOS# show rmon history

show rmon statisticsUse this command to display the Ethernet statistics collected on a particular interface.

Command Syntaxshow rmon statistics

Command ModeExec mode

ExamplesZebOS# show rmon statistics

©2001-2007 IP Infusion Inc. Confidential 307

CHAPTER 17 Interpeak Security Commands

This chapter contains all commands related to Interpeak Security (IPSec) listed by function. Within each function listing, the commands are listed alphabetically.

Clear Commands

clear crypto isakmpUse this command to clear active IKE connections in Exec configuration mode.

Command Syntaxclear crypto isakmp

Command modeExec mode

UsageUse this command to clear active IKE connections.

clear crypto saUse this command in global configuration mode to delete IPSec security associations.

Command Syntaxclear crypto sa

Command modeExec mode

UsageIf the security associations are manually established, the security associations are deleted and reinstalled.

If you make configuration changes that affect security associations, these changes will not apply to existing security associations but to negotiations for subsequent security associations. You can use the clear crypto sa command to restart all security associations so they will use the most current configuration settings. In the case of manually established security associations, if you make changes that affect security associations you must use the clear crypto sa command before the changes take effect.

This commands clears (and reinitializes if appropriate) all IPSec security associations at the router.

Interpeak Security Commands

308 ©2001-2007 IP Infusion Inc. Confidential

clear crypto sa entry Use this command in global configuration mode to delete specific IPSec security associations with the specified address, protocol, and SPI.

Command Syntaxclear crypto sa entry destination-address A.B.C.D protocol (ah | esp) spi SPI

ah AH protocolesp ESP protocolSPI SPI Parameter Index of the SA to be reset

Command modeExec mode

UsageSame as clear crypto sa command.

clear crypto sa map Use this command in global configuration mode to delete specific IPSec security associations with the given name.

Command Syntaxclear crypto sa map MAP_NAME

MAP_NAME Name of specific IP security associations

Command modeExec mode

UsageSame as clear crypto sa command.

clear crypto sa peerUse this command in global configuration mode to delete specific IPSec security associations for the specified peer.

Command Syntaxclear crypto sa peer <ip-address>

Command modeExec mode

UsageSame as clear crypto sa command.

Interpeak Security Commands

©2001-2007 IP Infusion Inc. Confidential 309

Crypto Map Commands

crypto ipsec security-association lifetime Use this command in global configuration mode to change global lifetime values used when negotiating IPSec security associations.

Use the no form of the command to reset a lifetime to the default value.

Command Syntaxcrypto ipsec security-association lifetime (seconds|kilobytes) LIFETIME

no crypto ipsec security-association lifetime (seconds|kilobytes)

seconds LIFETIME Specifies the number of seconds the security association will live before expiringkilobytes LIFETIME Specifies the volume of traffic (in kilobytes) that can pass between IPSec peers

before the security association expires

Command modeGlobal configuration mode

Defaults3600 seconds (one hour) and 4,608,000 kilobytes (10 megabits per second for one hour).

UsageIPSec security associations use shared secret keys. These keys and their security associations time out together.

Assuming that the particular crypto map entry does not have lifetime values configured, when the router requests new security associations during security association negotiation, it will specify its global lifetime value in the request to the peer; it will use this value as the lifetime of the new security associations. When the router receives a negotiation request from the peer, it will use the smaller of the lifetime value proposed by the peer or the locally configured lifetime value as the lifetime of the new security associations.

If you change a global lifetime, the change is only applied when the crypto map entry does not have a lifetime value specified. The change will not be applied to existing security associations, but will be used in subsequent negotiations to establish new security associations. If you want the new settings to take effect sooner, you can clear all or part of the security association database by using the clear crypto sa command.

The lifetime values are ignored for manually established security associations.

crypto ipsec transform-set Use this command in global configuration mode to define a transform set—an acceptable combination of security protocols and algorithms.

Use the no form of the command to delete a transform set.

Command Syntaxcrypto ipsec transform-set NAME ah (None|ah-md5|ah-sha1)

crypto ipsec transform-set NAME esp-auth (None|esp-md5|esp-sha1) esp-enc (esp-null|esp-des|esp-3des|esp-aes|esp-blf|esp-cast)

Interpeak Security Commands

310 ©2001-2007 IP Infusion Inc. Confidential

no crypto ipsec transform-set NAME

NAME Name of the transform setah-md5 AH with the MD5 (HMAC variant) authentication algorithmah-sha1 AH with the MD5 (HMAC variant) authentication algorithmesp-nul Null encryption algorithmesp-des ESP with the 56-bit encryption algorithmesp-3des ESP with the 168-bit DES encryption algorithm (3DES or Triple DES)esp-aes Alternative AES algorithmesp-blf Alternative Blowfish algorithmesp-cast Alternative Cast algorithm

Command modeConfigure mode

UsageA transform set is an acceptable combination of security protocols, algorithms and other settings to apply to IPSec protected traffic. During the IPSec security association negotiation, the peers agree to use a particular transform set when protecting a particular data flow.

You can configure multiple transform sets, and then specify one or more of these transform sets in a crypto map entry.

When IKE is not used to establish security associations, a single transform st must be used. The transform set is not negotiated.

Before a transform set can be included in a crypto map entry it must be defined using this command. A transform set specifies one or two IPSec security protocols (either ESP or AH or both) and specifies which algorithms to use with the selected security protocol.

If one or more transforms are specified in the crypto ipsec transform-set command for an existing transform set, the specified transforms will replace the existing transforms for that transform set.

If you change a transform set definition, the change is only applied to crypto map entries that reference the transform set. The change will not be applied to existing security associations, but will be used in subsequent negotiations to establish new security associations. If you want the new settings to take effect sooner, you can clear all or part of the security association database by using the clear crypto sa command.

crypto map ipsec-manual | ipsec-isakmpUse this command in global configuration mode to create or modify a crypto map entry and enter the crypto map configuration mode.

Use the no form of this command to delete a crypto map entry or set.

Command Syntaxcrypto map MAP-NAME SEQ-NUM ipsec-manual | ipsec-isakmp

no crypto map MAP-NAME (SEQ-NUM|)

MAP-NAME The name you assign to the crypto map setSEQ-NUM The number you assign to the crypto map entryipsec-manual Indicates that IKE will not be used to establish the IPSec security associations for

protecting the traffic specified by this crypoto map entryipsec-isakmp Indicates that IKE will be used to establish the IPSec security associations for protecting

the traffic specified by this crypoto map entry

Interpeak Security Commands

©2001-2007 IP Infusion Inc. Confidential 311

Command modeGlobal configuration mode

UsageUse this command to create a new crypto map entry or to modify an existing crypto map entry.

Once a crypto map entry has been created, you cannot change the parameters specified at the global configuration level because these parameters determine which of the configuration commands are valid at the crypto map level. For example, once a map entry has been created as ipsec-isakmp, you cannot change it to ipsec-manual or cisco; you must delete and reenter the map entry.

After you define crypto map entries, you can assign the crypto map set to interfaces using the crypto map (interface IPSec) command.

crypto map local-addressUse this command in global configuration mode to specify and name an identifying interface to be used by the crypto map for IPSec traffic.

Use the no form of the command to remove this command from the configuration.

Command Syntaxcrypto map MAP-NAME local-address INTERFACE-ID

no crypto map MAP-NAME local-address

MAP-NAME The name that identifies the crypto map setINTERFACE-ID Specify the identifying interface that should be used by the router to identify itself to

remote peers

Command modeGlobal configuration mode

UsageIf you apply the same crypto map to two interfaces and do not use this command, two separate security associations (with different local IP addresses) could be established to the same peer for similar traffic. If you are using the second interface as redundant to the first interface, it could be preferable to have a single security association (with a single local IP address) created for traffic sharing the two interfaces. Having a single security association decreases overhead and makes administration simpler.

match address Use this command in crypto map configuration mode to specify an extended access list for a crypto map entry.

Use the no form of this command to remove the extended access list from a crypto map entry.

Command Syntaxmatch address ACCESSLIST-ID

no match address ACCESSLIST-ID

match ipv6-address ACCESSLIST-NAME

no match ipv6-address ACCESSLIST-NAME

Interpeak Security Commands

312 ©2001-2007 IP Infusion Inc. Confidential

ACCESSLIST-ID Identifies the extended access list by its numberACCESSLIST-NAME Identifies the extended access list by its name

Command modeCrypto map configuration mode

UsageUse this command to assign an extended access list to a crypto map entry. You also need to define this access list using the access-list or ip access-list extended commands.

The extended access list specified with this command will be used by IPSec to determine which traffic should be protected by crypto and which traffic does not need crypto protection. (Traffic that is permitted by the access list will be protected. Traffic that is denied by the access list will not be protected in the context of the corresponding crypto map entry.)

Note that the crypto access list is not used to determine whether to permit or deny traffic through the interface. An access list applied directly to the interface makes that determination.

The crypto access list specified by this command is used when evaluating both inbound and outbound traffic. Outbound traffic is evaluated against the crypto access lists specified by the interface's crypto map entries to determine if it should be protected by crypto and if so (if traffic matches a permit entry) which crypto policy applies. (If necessary, in the case of static IPSec crypto maps, new security associations are established using the data flow identity as specified in the permit entry; in the case of dynamic crypto map entries, if no SA exists, the packet is dropped.) After passing the regular access lists at the interface, inbound traffic is evaluated against the crypto access lists specified by the entries of the interface's crypto map set to determine if it should be protected by crypto and, if so, which crypto policy applies. (In the case of IPSec, unprotected traffic is discarded because it should have been protected by IPSec.)

In the case of IPSec, the access list is also used to identify the flow for which the IPSec security associations are established. In the outbound case, the permit entry is used as the data flow identity (in general), while in the inbound case the data flow identity specified by the peer must be "permitted" by the crypto access list.

mode Use this command in crypto transform configuration mode to change the mode for a transform set.

Use the no form of the command to reset the mode to the default value of tunnel mode.

Command Syntaxmode (tunnel | transport)

no mode

tunnel Specifies the tunnel mode for a transform settransport Specifies the transport mode for a transform set

Command modeCrypto transform configuration mode

UsageUse this command to change the mode specified for the transform. This setting is only used when the traffic to be protected has the same IP addresses as the IPSec peers (this traffic can be encapsulated either in tunnel or transport mode). This setting is ignored for all other traffic (all other traffic is encapsulated in tunnel mode).

Interpeak Security Commands

©2001-2007 IP Infusion Inc. Confidential 313

If you use this command to change the mode, the change will only affect the negotiation of subsequent IPSec security associations via crypto map entries which specify this transform set. (If you want the new settings to take effect sooner, you can clear all or part of the security association database. See the clear crypto sa command for more details.

set peer Use this command in crypto map configuration mode.to specify an IPSec peer in a crypto map entry.

Use the no form of this command to remove an IPSec peer from a crypto map entry.

Command Syntaxset peer A.B.C.D

no set peer A.B.C.D

set ipv6 peer X:X::X:X

no set ipv6 peer X:X::X:X

A.B.C.D IPv4 addressX:X::X:X IPv6 address

Command modeCrypto map configuration mode

UsageUse this command to specify an IPSec peer for a crypto map.

For ipsec-isakmp crypto map entries, you can specify multiple peers by repeating this command. The peer that packets are actually sent to is determined by the last peer that the router heard from (received either traffic or a negotiation request from) for a given data flow. If the attempt fails with the first peer, IKE tries the next peer on the crypto map list.

For ipsec-manual crypto entries, you can specify only one IPSec peer per crypto map. If you want to change the peer, you must first delete the old peer and then specify the new peer.

set security-association lifetimeUse this command in crypto map configuration mode to override the global lifetime value for a particular crypto map entry. The global lifetime value is used when negotiating IPSec security associations.

Use the no form of this command to reset a crypto map entry’s lifetime value to the global value.

Command Syntaxset security-association lifetime seconds | kilobytes LIFETIME

no set security-association lifetime seconds | kilobytes LIFETIME

seconds LIFETIME Specifies the number of seconds a security association will live before expiringkilobytes LIFETIME Specifies the volume of traffic (in kilobytes) that can pass between IPSec peers

using a given security association before that security association expires

Command modeCrypto map configuration mode

Interpeak Security Commands

314 ©2001-2007 IP Infusion Inc. Confidential

DefaultsThe crypto map’s security associations are negotiated according to the global lifetimes.

UsageThis command is only available for ipsec-isakmp crypto map entries and dynamic crypto map entries.

IPSec security associations use shared secret keys. These keys and their security associations time out together.

Assuming that the particular crypto map entry has lifetime values configured, when the router requests new security associations during security association negotiation, it will specify its crypto map lifetime value in the request to the peer; it will use this value as the lifetime of the new security associations. When the router receives a negotiation request from the peer, it will use the smaller of the lifetime value proposed by the peer or the locally configured lifetime value as the lifetime of the new security associations.

There are two lifetimes: a "timed" lifetime and a "traffic-volume" lifetime. The session keys/security association expires after the first of these lifetimes is reached.

set session-keyUse this command in crypto map configuration mode to manually specify the IPSec session keys within a crypto map entry. This command is only available for ipsec-manual crypto map entries.

Use the no form of this command to remove IPSec session keys from a crypto map entry.

Command Syntaxset session-key (inbound|outbound) ah SPI HEX-KEY-DATA

no set session-key (inbound|outbound) ah

set session-key (inbound|outbound) esp SPI cipher HEX-KEY-DATA authenticator HEX_KEY_DATA

no set session-key (inbound|outbound) esp

inbound Sets the inbound IPSec session keyoutbound Sets the outbound IPSec session keyah Sets the IPSec session key for the AH protocolSPI Specifies the Security Parameter Index (SPI), a number that is used to uniquely identify a security

associationHEX-KEY-DATA Specifies the session key; enter in hexadecimal format

Command modeCrypto map configuration mode

UsageUse this command to define IPSec keys for security associations via ipsec-manual crypto map entries. (In the case of ipsec-isakmp crypto map entries, the security associations with their corresponding keys are automatically established via the IKE negotiation.)

If the crypto map's transform set includes an AH protocol, you must define IPSec keys for AH for both inbound and outbound traffic. If the crypto map's transform set includes an ESP encryption protocol, you must define IPSec keys for ESP encryption for both inbound and outbound traffic. If your transform set includes an ESP authentication protocol, you must define IPSec keys for ESP authentication for inbound and outbound traffic.

When you define multiple IPSec session keys within a single crypto map, you can assign the same security parameter index (SPI) number to all the keys. The SPI is used to identify the security association used with the crypto map.

Interpeak Security Commands

©2001-2007 IP Infusion Inc. Confidential 315

However, not all peers have the same flexibility in SPI assignment. You should coordinate SPI assignment with your peer's operator, making certain that the same SPI is not used more than once for the same destination address/protocol combination.

Security associations established via this command do not expire (unlike security associations established via IKE).

Session keys at one peer must match the session keys at the remote peer.

If you change a session key, the security association using the key will be deleted and reinitialized.

set transform-set Use this command in crypto map configuration mode to specify which transform sets can be used with the crypto map entry.

Use the no form of this command to remove all transform sets from a crypto map entry.

Command Syntaxset transform-set NAME

no set transform-set NAME

NAME The name that identifies the crypto map set

Command modeCrypto map configuration mode

UsageUse this command to specify which transform sets to include in a crypto map entry.

For an ipsec-isakmp crypto map entry, you can list multiple transform sets with this command. List the higher priority transform sets first.

If the local router initiates the negotiation, the transform sets are presented to the peer in the order specified in the crypto map entry. If the peer initiates the negotiation, the local router accepts the first transform set that matches one of the transform sets specified in the crypto map entry.

The first matching transform set that is found at both peers is used for the security association. If no match is found, IPSec will not establish a security association. The traffic will be dropped because there is no security association to protect the traffic.

For an ipsec-manual crypto map entry, you can specify only one transform set. If the transform set does not match the transform set at the remote peer's crypto map, the two peers will fail to correctly communicate because the peers are using different rules to process the traffic.

If you want to change the list of transform sets, re-specify the new list of transform sets to replace the old list. This change is only applied to crypto map entries that reference this transform set. The change will not be applied to existing security associations, but will be used in subsequent negotiations to establish new security associations. If you want the new settings to take effect sooner, you can clear all or part of the security association database by using the clear crypto sa command.

Any transform sets included in a crypto map must previously have been defined using the crypto ipsec transform-set command.

Interpeak Security Commands

316 ©2001-2007 IP Infusion Inc. Confidential

ISAKMP Configuration Commands

crypto isakmp enableUse this command to globally enable IKE (Internet Key Exchange) at your peer router in global configuration mode.

Use the no form of this command to disable IKE at the peer.

Command Syntaxcrypto isakmp enable

no crypto isakmp enable

Command modeISAKMP policy configuration mode (config-isakmp)

UsageIKE is enabled by default. IKE does not have to be enabled for individual interfaces, but is enabled globally for all interfaces at the router.

If you do not want IKE to be used in your IPSec implementation, you can disable IKE at all your IPSec peers. If you disable IKE at one peer you must disable it at all your IPSec peers.

crypto isakmp keepalive Use this command to send Internet Key Exchange (IKE) keepalive messages from one router to another router in global configuration mode. To disable keepalives, use the no form of this command.

Command Syntaxcrypto isakmp keepalive SECS

no crypto isakmp keepalive

SECS Number of seconds between keepalive messages

Command modeISAKMP policy configuration mode (config-isakmp)

UsageThe crypto isakmp keepalive command is used to send IKE keepalives, which detect the continued connectivity of an IKE security association (SA), between two peer points.

crypto isakmp keyUse this command to configure a preshared authentication key in global configuration mode. You must configure this key whenever you specify preshared keys in an IKE policy.

Use the no form of this command to remove the configuration.

Interpeak Security Commands

©2001-2007 IP Infusion Inc. Confidential 317

Command Syntax(no) crypto isakmp key KEY address A.B.C.D/M

(no) crypto isakmp key KEY ipv6-address X:X::X:X/M

KEY Specify the preshared key. Us any combination of alphanumeric characters up to 128 bytes.A.B.C.D/M IPv4 addressX:X::X:X/M IPv6 address

Command modeISAKMP policy configuration mode (config-isakmp)

UsageUse this command to configure preshared authentication keys. You must perform this command at both peers.

If an IKE policy includes preshared keys as the authentication method, these preshared keys must be configured at both peers—otherwise the policy cannot be used (the policy will not be submitted for matching by the IKE process). The crypto isakmp key command is the second task required to configure the preshared keys at the peers. (The first task is accomplished with the crypto isakmp identity command.)

Use the address keyword if the remote peer ISAKMP identity was set with its IP address.

crypto isakmp policyUse this command to define an IKE policy in global configuration mode. IKE policies define a set of parameters to be used during the IKE negotiation.

Use the no form of this command to delete an IKE policy.

Command Syntaxcrypto isakmp policy PRIORITY

no crypto isakmp policy PRIORITY

PRIORITY Uniquely identifies the IKE policy and assigns a priority to the policy

Command modeISAKMP policy configuration mode (config-isakmp)

UsageUse this command to specify the parameters to be used during an IKE negotiation. (These parameters are used to create the IKE security association [SA].)

This command invokes the ISAKMP policy configuration (config-isakmp) mode.

You can configure multiple IKE policies on each peer participating in IPSec. When the IKE negotiation begins, it tries to find a common policy configured on both peers, starting with the highest priority policies as specified on the remote peer.

ISAKMP Policy Configuration CommandsThe commands in this section are all entered in the ISAKMP policy configuration (config-isakmp) mode. To invoke this mode, use the crypto isakmp policy command in global configuration mode.

Interpeak Security Commands

318 ©2001-2007 IP Infusion Inc. Confidential

authenticationUse this command in ISAKMP policy configuration mode to specify the authentication method within an IKE policy. IKE policies define a set of parameters to be used during IKE negotiation.

Use the no form of this command to reset the authentication method to the default value.

Command Syntaxauthentication (pre-share|rsa-encr|rsa-sig)

no authentication

pre-share Preshared keysrsa-encr RSA encryptionrsa-sig RSA signatures

DefaultsRSA signatures

Command modeISAKMP policy configuration mode (config-isakmp)

UsageUse this command to specify the authentication method to be used in an IKE policy.

If you specify RSA signatures, you must configure your peer routers to obtain certificates from a certification authority (CA).

If you specify RSA encryption, you must ensure that each peer has the other peer's RSA public keys. (See the crypto key pubkey-chain rsa, addressed-key, named-key, address, and key-string (IKE) commands.)

encryption Use this command to specify the encryption algorithm within an IKE policy in ISAKMP policy configuration mode. IKE policies define a set of parameters to be used during IKE negotiation.

Use the no form of this command to reset the encryption algorithm to the default value.

Command Syntaxencryption (des | 3des)

no encryption

des Specifies 56-bit DES-CBC as the encryption algorithm3des Specifies 168-bit DES (3DES) as the encryption algorithm

Command modeISAKMP policy configuration mode (config-isakmp)

UsageUse this command to specify the encryption algorithm to be used in an IKE policy.

Interpeak Security Commands

©2001-2007 IP Infusion Inc. Confidential 319

group Use this command to specify the Diffie-Hellman group identifier within an IKE policy in ISAKMP policy configuration mode. IKE policies define a set of parameters to be used during IKE negotiation. Use the no form of this command to reset the Diffie-Hellman group identifier to the default value.

Command Syntaxgroup (1 | 2)

no group

Command modeISAKMP policy configuration mode (config-isakmp)

Defaults768-bit Diffie-Hellman (group 1)

UsageUse this command to specify the Diffie-Hellman group to be used in an IKE policy.

hash Use this command to specify the hash algorithm within an IKE policy in ISAKMP policy configuration mode. IKE policies define a set of parameters to be used during IKE negotiation. Use the no form of this command to reset the hash algorithm to the default SHA-1 hash algorithm.

Command Syntaxhash (md5 | sha)

no hash

md5 Specifies MD5 (HMAC variant) as the hash algorithmsha Specifies SHA-1 (HMAC variant) as the hash algorithm

Command modeISAKMP policy configuration mode (config-isakmp)

DefaultsThe SHA-1 hash algorithm

UsageUse this command to specify the hash algorithm to be used in an IKE policy

lifetimeUse the lifetime (IKE policy) command in ISAKMP policy configuration mode to specify the lifetime of an IKE security association (SA).

Use the no form of this command to reset the SA lifetime to the default value.

Interpeak Security Commands

320 ©2001-2007 IP Infusion Inc. Confidential

Command Syntaxlifetime LIFETIME

no lifetime

LIFETIME Specifies how many seconds each SA should exist before expiring

Command modeISAKMP policy configuration mode (config-isakmp)

Defaults28,800 seconds

UsageUse this command to specify how long an IKE SA exists before expiring.

When IKE begins negotiations, the first thing it does is agree upon the security parameters for its own session. The agreed-upon parameters are then referenced by an SA at each peer. The SA is retained by each peer until the SA's lifetime expires. Before an SA expires, it can be reused by subsequent IKE negotiations, which can save time when setting up new IPSec SAs. Before an SA expires, it can be reused by subsequent IKE negotiations, which can save time when setting up new IPSec SAs. New IPSec SAs are negotiated before current IPSec SAs expire.

So, to save setup time for IPSec, configure a longer IKE SA lifetime. However, shorter lifetimes limit the exposure to attackers of this SA. The longer an SA is used, the more encrypted traffic can be gathered by an attacker and possibly used in an attack.

Note that when your local peer initiates an IKE negotiation between itself and a remote peer, an IKE policy can be selected only if the lifetime of the remote peer's policy is longer than or equal to the lifetime of the local peer's policy. Then, if the lifetimes are not equal, the shorter lifetime will be selected. To restate this behavior: If the two peer's policies' lifetimes are not the same, the initiating peer's lifetime must be shorter and the responding peer's lifetime must be longer, and the shorter lifetime will be used.

Interface Configuration Commands

crypto mapUse this command in interface configuration mode to apply a previously defined crypto map set to an interface.

Use the no form of the command to remove the crypto map set from the interface.

Command Syntaxcrypto map MAP-NAME

no crypto map MAP-NAME

MAP-NAME The name that identifies the crypto map set

Command modeInterface configuration mode

Interpeak Security Commands

©2001-2007 IP Infusion Inc. Confidential 321

UsageUse this command to assign a crypto map set to an interface. You must assign a crypto map set to an interface before that interface can provide IPSec services. Only one crypto map set can be assigned to an interface. If multiple crypto map entries have the same map-name but a different seq-num, they are considered to be part of the same set and will all be applied to the interface. The crypto map entry with the lowest seq-num is considered the highest priority and will be evaluated first. A single crypto map set can contain a combination of ipsec-isakmp, and ipsec-manual crypto map entries.

Show Commands

show crypto ipsec sa Use this command to view the settings used by current security associations in Exec mode.

Command Syntaxshow crypto ipsec sa map MAP_NAME

MAP_NAME The name that identifies the crypto map set

Command modeExec mode

UsageIf no keyword is used, all security associations are displayed.

show crypto ipsec transform-setUse this command to view all the configured transform sets, or a specific transform set, in Exec mode.

Command Syntaxshow crypto ipsec transform-set (NAME)

NAME transform set name

Command modeExec mode

show crypto isakmp policyUse this command to view the parameters for each IKE policy in Exec mode.

Command Syntaxshow crypto isakmp policy

Command modeExec mode

Interpeak Security Commands

322 ©2001-2007 IP Infusion Inc. Confidential

show crypto isakmp saUse this command to view all current IKE security associations (SAs) at a peer in Exec mode.

Command Syntaxshow crypto isakmp sa

Command modeExec mode

show crypto mapUse this command to view the crypto map configuration in Exec mode.

Command Syntaxshow crypto-map interface IFNAME

IFNAME interface name

Command modeExec mode

©2001-2007 IP Infusion Inc. Confidential 323

CHAPTER 18 QoS Commands

This chapter contains QoS commands in alphabetical order. These commands are available only if ZebOS is compiled with the --enable-qos configuration option.

classUse this command to define a traffic classification. Use the no parameter with this command to delete an existing class-map.

Command Syntax(no) class NAME

NAME name of the class map.

Command ModePolicy Map mode

ExampleThe following example shows creating a policy map, and defining the traffic classification.

ZebOS# configure terminalZebOS(config)# policy-map pmap1ZebOS(config-pmap)# class cmap1

Related Commandsclass-map, policy-map

class-mapUse this command to create a class map. Use the no parameter with this command to delete an existing class-map.

Command Syntax(no) class-map NAME

NAME name of the class map.

Command ModeConfigure mode

ExampleThe following example shows creating a class map.

ZebOS# configure terminalZebOS(config)# class-map cmap1

Related Commandsclass, policy-map, show class-map

QoS Commands

324 ©2001-2007 IP Infusion Inc. Confidential

ip-access-listUse this command to create an IP access-control list (ACL) based on the source address, or create an IP extended ACL based on the source and destination address. Use the no parameter with this command to delete an IP, or IP extended ACL.

Command SyntaxThe following syntax creates an IP ACL based on the source address:

(no) ip-access-list ACCESS-LIST NUMBER deny|permit SOURCE (SOURCE WILDCARD)

ACCESS-LIST NUMBER

<1-99> range for IP standard ACL<1300-1999> expanded range for IP standard ACL

deny = deny certain traffic if conditions matchedpermit = permit certain traffic if conditions matchedSOURCE = originating network or host sending packet. If the mask is set to 255.255.255.255, the specified

source address is ignored, and can be replaced by the word, any. For example, ip-access-list 10 permit 0.0.0.0 255.255.255.255 and ip-access-list 10 permit 33.44.11.34 255.255.255.255 can be replaced by ip-access-list 10 permit any.

SOURCE WILDCARD = optional. Wildcard bits in dotted decimal notation to apply to the source. Ones go in bit positions to ignore.

The following syntax creates an IP extended ACL based on the source and destination address:

(no) ip-access-list ACCESS-LIST NUMBER deny|permit ip SOURCE (SOURCE WILDCARD) DESTINATION (DESTINATION WILDCARD)

ACCESS-LIST NUMBER

<100-199> range for IP extended ACL<2000-2699> expanded range for IP extended ACL

deny = deny certain traffic if conditions matchedpermit = permit certain traffic if conditions matchedSOURCE = originating network or host sending packet. Can be A.B.C.D, host, or any. The host keyword

can be used for host IP addresses (where the mask is 0.0.0.0). For example, ip-access-list 10 permit 2.2.2.2 0.0.0.0 can be replaced by ip-access-list 4 permit host 2.2.2.2.

SOURCE WILDCARD = optional. Wildcard bits in dotted decimal notation to apply to the source. Ones go in bit positions to ignore.

DESTINATION = destination IP address. Can be A.B.C.D, host, or any.DESTINATION WILDCARD = optional. Wildcard bits in dotted decimal notation to apply to the destination.

Ones go in bit positions to ignore.

Command ModeConfigure mode

ExampleThe following example shows allowing access only for hosts on three specified networks. Wildcard bits correspond to the network address host portions. If a host has a source address that does not match the access list statements, it is rejected.

ZebOS# configure terminalZebOS(config)# ip-access-list 1 permit 192.5.255.0 0.0.0.255ZebOS(config)# ip-access-list 1 permit 128.88.0.0 0.0.255.255ZebOS(config)# ip-access-list 1 permit 36.0.0.0 0.0.0.255

QoS Commands

©2001-2007 IP Infusion Inc. Confidential 325

mac-access-listUse this command to create a MAC ACL. Use the no parameter with this command to delete a MAC ACL.

Command Syntax(no) mac-access-list <2000-2699> deny|permit SRC_MAC MASK DEST_MAC MASK <1-8>

<2000-2699> range for MAC ACLdeny = deny certain traffic if conditions matchedpermit = permit certain traffic if conditions matchedSRC_MAC = source MAC address; in HHHH.HHHH.HHHH format.DEST_MAC = destination MAC address; in HHHH.HHHH.HHHH format.MASK = specify which part of the MAC address will be ignored. In hexadecimal format.Note: any = can replace either the SRC_MAC MASK pair or the corresponding DEST_MAC MASK pair, but

not both pairs.

<1-8> = specify packet format. For example, 1 for Ethernet II, 2 for 802.3, 8 for LLC.

Command ModeConfigure mode

ExampleZebOS# configure terminalZebOS(config)# mac-access-list 2002 permit 2222.2222.2222 8 any 2

match access-groupUse this command to define match criterion for a class map.

Command Syntaxmatch access-group NAME

NAME number of name of the ACL

Command ModeClass Map mode

ExampleThe following example shows configuring a class map named cmap1 with 1 match criterion: access list 103, which allows traffic from any source to any destination.

ZebOS# configure terminalZebOS(config)# ip-access-list 103 permit any anyZebOS(config)# class-map cmap1ZebOS(config-cmap)# match access-group 103

Related Commandsclass-map

QoS Commands

326 ©2001-2007 IP Infusion Inc. Confidential

match ip-dscpUse this command to define the list to match against incoming packets.

Command Syntaxmatch ip-dscp LIST

LIST list to match against incoming packets. Up to 8 IP DSCP values separated by a space. Range is 0-63.

Command ModeClass Map mode

Usage Use the match ip-dscp command to define the match criterion after creating a class map.

ExampleThe following example shows configuring a class map named cmap1 with criterion that matches IP DSCP 56.

ZebOS# configure terminalZebOS(config)# class-map cmap1ZebOS(config-cmap)# match ip-dscp 56

Related Commandsclass-map, match vlan-range

match ip-precedenceUse this command to identify IP precedence values as match criteria. Use the no parameter with this command to remove IP precedence values from a class map.

Command Syntax(no) match ip-precedence VALUE

VALUE <0-7> Specifies the exact value from 0 to 7 used to identify a precedence value. Can be up to 8 precedence values.

Command ModeClass Map mode

ExampleThe following example shows configuring a class-map named cmap1 to evaluate all IPv4 packets for a precedence value of 5.

ZebOS(config)# class-map cmap1ZebOS(config-cmap)# match ip-precedence 5 6 4 3

match layer4Use this command to identify UDP or TCP ports as the match criteria. Use the no parameter with this command to remove the match criteria.

QoS Commands

©2001-2007 IP Infusion Inc. Confidential 327

Command Syntax(no) match layer4 source-port|destination-port <1-65535>

source-port source UDP or TCP port. Range is 1-655535.destination-port destination UDP or TCP port. Range is 1-655535.

Command ModeClass Map mode

ExampleZebOS(config)# class-map cmap1ZebOS(config-cmap)# match layer4 source-port 20

match mpls exp-bit topmostUse this command to define the match criterion of the MPLS experimental bit value in the topmost label for a class map. Use the no parameter with this command to remove this criterion from a class map.

Command Syntax(no) match mpls exp-bit topmost <0-7>

<0-7> experimental value. Can be up to 8 values

Command ModeClass Map mode

ExampleThe following example shows configuring a class-map named cmap1 with criterion that matches MPLS experimental bit, 0 1 2 3 4 5 6 7.

ZebOS(config)# class-map cmap1ZebOS(config-cmap)# match mpls exp-bit topmost 0 1 2 3 4 5 6 7

match vlanUse this command to define the VLAN ID used as match criteria to classify a traffic class. Use the no parameter with this command to disable the VLAN ID used as match criteria.

Command Syntax(no) match vlan <1-4094>

Command ModeClass Map mode

ExampleThe following example shows configuring a class-map named cmap1 to include traffic from VLAN 3.

ZebOS(config)# class-map cmap1ZebOS(config-cmap)# match vlan 3

QoS Commands

328 ©2001-2007 IP Infusion Inc. Confidential

match vlan-rangeUse this command to specify the range of VLANs for classifying traffic on a per-port-per-VLAN basis.

Command Syntaxmatch vlan-range <1-4094> to <1-4094>

Command ModeClass Map mode

Usage Use the match vlan-range command to specify the range of VLANs after defining the match criterion, and creating a class map when classifying traffic on a per-port-per-VLAN basis.

ExampleThe following example shows configuring a class map named cmap1 with criterion that matches IP DSCP 56, with a VLAN range of 20 to 30.

ZebOS# configure terminalZebOS(config)# class-map cmap1ZebOS(config-cmap)# match ip-dscp 56ZebOS(config-cmap)# match vlan-range 20 to 30

Related Commandsclass-map, match ip-dscp

mls qosUse this command to globally enable QoS, and define queueing. Use the no parameter with this command to globally disable QoS.

Command Syntax(no) mls qos QUEUE_WEIGHT COS_VALUE

QUEUE_WEIGHT weight of each of the 8 egress queues; range is 0-10COS_VALUE CoS values mapped to each of the 8 egress queues; range is 0-7

Note: The following describes a stub command used in non-standard configurations. In this case, this command is used to globally enable or disable QoS without defining queueing.

(no) mls qos

Command ModeConfigure mode

ExampleZebOS# configure terminalZebOS(config)# mls QoS 1 0 2 1 3 2 4 3 5 4 6 5 7 6 0 7

QoS Commands

©2001-2007 IP Infusion Inc. Confidential 329

mls qos aggregate-policeUse this command to specify policer parameters to apply to multiple traffic classes in the same policy map. Use the no parameter with this command to delete an aggregate policer, along with its parameters.

Command Syntax(no) mls qos aggregate-police NAME RATE BURST exceed-action drop

NAME name of the aggregate policer.RATE average traffic rate in bits per second (bps). Range is 1-1000000.BURST normal burst size in bytes. Range is 1-20000.exceed-action drop specify dropping the packet when rates are exceeded.

Command ModeConfigure mode

ExampleThe following example shows specifying policer parameters with a traffic rate of 48000 bps and a burst size of 8000 bps.

ZebOS# configure terminalZebOS(config)# mls qos aggregate-police transmit1 48000 8000 exceed-action drop

Related Commandspolice-aggregate, show mls qos aggregate policer

mls qos dscp-cosUse this command to apply a DSCP-to-CoS map to a specified interface. Use the no parameter with this command to remove a DSCP-to-CoS map from an interface.

Command Syntax(no) mls qos dscp-cos NAME

NAME DSCP-to-CoS map created using the mls qos map dscp-cos command.

Command ModeInterface mode

UsageUse the mls qos map dscp-cos command to create a DSCP-to-CoS map, then use the mls qos dscp-cos command to apply the map to an interface.

ExampleZebOS# configure terminalZebOS(config)# mls qos map dscp-cos dc1 0 8 16 24 32 40 48 50 to 0ZebOS(config)# interface fe0ZebOS(config-if)# mls qos dscp-cos dc1

QoS Commands

330 ©2001-2007 IP Infusion Inc. Confidential

Related Commandsmls qos map dscp-cos

mls qos dscp-mutationUse this command to specify the name of a DSCP-to-DSCP mutation map to apply to an interface. Use the no parameter with this command to delete a DSCP-to-DSCP mutation map.

Command Syntax(no) mls qos dscp-mutation DSCP_MUTATION_NAME

DSCP_MUTATION_NAME DSCP mutation map name

Command ModeInterface mode

UsageUse the mls qos dscp-mutation command to apply a DSCP-to-DSCP mutation map specified in the mls qos map dscp-mutation command to an ingress DSCP port.

ExampleZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# mls qos dscp-mutation mutation1

Related Commandsmls qos map dscp-mutation, show mls qos maps dscp-mutation

mls qos map dscp-cosUse this command to create a DSCP-to-CoS map. Use the no parameter with this command to remove a configured DSCP-to-CoS mapping table.

Command Syntax(no) mls qos map dscp-cos DSCP_COS_MAP_NAME LIST to VALUE

DSCP_COS_MAP_NAME name of DSCP-to-CoS mapping table.LIST up to 8 DSCP values, each separated by a space. Range is 0-63.VALUE CoS value: DSCP values correspond to this value. Range is 0-7.

Command ModeConfigure mode

ExampleThe following example shows mapping DSCP values 0, 8, 16, 24, 32, 40, 48, and 50 to CoS value 0.

ZebOS# configure terminalZebOS(config)# mls qos map dscp-cos dc1 0 8 16 24 32 40 48 50 to 0

QoS Commands

©2001-2007 IP Infusion Inc. Confidential 331

Related Commandsmls qos dscp-cos, show mls qos maps dscp-cos

mls qos map dscp-mutationUse this command to modify the DSCP-to-DSCP mutation map. Use the no parameter with this command to return to the default map.

Command Syntax(no) mls qos map dscp-mutation MUTATION_MAP_NAME IN_DSCP to OUT_DSCP

MUTATION_MAP_NAME DSCP mutation map nameIN_DSCP 8 DSCP values separated by spaces; range is 0-63OUT_DSCP single DSCP value; range is 0-63

Command ModeConfigure mode

ExampleThe following example shows defining a DSCP-to-DSCP mutation map.

ZebOS# configure terminalZebOS(config)# mls qos map dscp-mutation mutation1 1 2 3 4 5 6 7 to 0ZebOS(config)# mls qos map dscp-mutation mutation1 8 9 10 11 12 13 to 10ZebOS(config)# mls qos map dscp-mutation mutation1 20 21 22 to 20ZebOS(config)# mls qos map dscp-mutation mutation1 30 31 32 33 34 to 30ZebOS(config)# interface fe0ZebOS(config-if)# mls qos dscp-mutation mutation1

Related Commandsshow mls qos maps dscp-mutation

mls qos min-reserveUse this command to specify the minimum reserve-level and buffer size on all Ethernet ports. Use the no parameter with this command to return to the default minimum reserve buffer size.

Command Syntax(no) mls qos min-reserve <1-8> <10-170>

<1-8> minimum-reserve level<10-170> minimum-reserve buffer size, in packets

Command ModeConfigure mode

DefaultThe buffer size for all minimum-reserve levels is 0 packets.

QoS Commands

332 ©2001-2007 IP Infusion Inc. Confidential

ExampleThe following example shows configuring minimum-reserve level 4 to 21 packets.

ZebOS# configure terminalZebOS(config)# mls qos min-reserve 4 21

The following example shows configuring minimum-reserve level 4 to 21 packets, and assigning minimum-reserve level 4 to egress queue 2 on interface, fe1.

ZebOS# configure terminalZebOS(config)# mls qos min-reserve 4 21ZebOS(config)# interface fe1ZebOS(config-if)# wrr-queue min-reserve 2 4

Related Commandswrr-queue min-reserve

policeUse this command to specify a policer. Use the no parameter with this command to remove an existing policer.

Command Syntax(no) police RATE BURST exceed-action drop

RATE average traffic rate in bps. Range is 1-1000000.BURST normal burst size in bytes. Range is 1-20000.exceed-action drop specify dropping the packet when rates are exceeded.

Command ModeClass mode

ExampleZebOS# configure terminalZebOS(config)# policy-map pmap1ZebOS(config-pmap)# class cmap1ZebOS(config-pmap-c)# police 48000 8000 exceed-action drop

Related Commandsclass, policy map, show policy-map

police-aggregateUse this command to apply an aggregate policer to multiple classes in the same policy map. Use the no parameter with this command to delete an aggregate policer from a policy map.

Command Syntax(no) police-aggregate NAME

NAME aggregate-policer name

Command ModeClass mode

QoS Commands

©2001-2007 IP Infusion Inc. Confidential 333

UsageUse the police-aggregate command to apply the aggregate policer named in the mls qos aggregate-police command to multiple classes in the same policy map.

ExampleThe following example shows creating an aggregate policer, and attaching it to multiple classes within a policy map. In this example, the IP ACLs allow traffic from network 10.1.0.0 and host 11.3.1.1. The traffic rate from network 10.1.0.0 and host 11.3.1.1 is policed. If the traffic exceeds a 48000-bps average traffic rate and a 8000-byte normal burst size, it is considered out of profile, and is dropped. The policy map is attached to an ingress interface.

ZebOS# configure terminalZebOS(config)# ip-access-list 1 permit 10.1.0.0 0.0.255.255ZebOS(config)# ip-access-list 2 permit 11.3.1.1ZebOS(config)# mls qos aggregate-police transmit1 48000 8000 exceed-actiondropZebOS(config)# class-map cmap1ZebOS(config-cmap)# match access-group 1ZebOS(config-cmap)# exitZebOS(config)# class-map map cmap2ZebOS(config-cmap)# match access-group 2ZebOS(config-cmap)# exitZebOS(config)# policy-map aggflow1ZebOS(config-pmap)# class cmap1ZebOS(config-pmap-c)# police-aggregate transmit1ZebOS(config-pmap-c)# exitZebOS(config-pmap)# class cmap2ZebOS(config-pmap-c)# set ip-dscp 56ZebOS(config-pmap-c)# police-aggregate transmit1ZebOS(config-pmap-c)# exitZebOS(config-pmap)# exitZebOS(config)# interface fe0ZebOS(config-if)# service-policy input aggflow1

Related Commandsclass, policy map, mls qos aggregate-police

policy-mapUse this command to create a policy map. Use the no parameter with this command to delete an existing policy map.

Command Syntax(no) policy-map NAME

NAME name of the policy map

Command ModeConfigure mode

ExampleZebOS# configure terminalZebOS(config)# policy-map pmap1

QoS Commands

334 ©2001-2007 IP Infusion Inc. Confidential

Related Commandsclass, class-map, police, show policy-map

service-policy inputUse this command to apply a policy map to the input of an interface. Use the no parameter with this command to remove a policy map and interface association.

Command Syntax(no) service-policy input INPUT NAME

INPUT NAME policy map name

Command ModeInterface mode

ExampleZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# service-policy input pmap1

Related Commandspolicy-map

set cosUse this command to set a CoS value to assign to classified traffic, or enable copying of priority bit (pbit) from the inner VLAN to the outer VLAN, based on policy. Use the no parameter with this command to remove a CoS value, or disable pbit copying.

Command Syntax(no) set cos COS_VALUE|cos-inner

COS_VALUE CoS value to assign to classified traffic. Range is 0-7.cos-inner copy pbit from the inner VLAN to the outer VLAN, based on policy.

Command ModeClass mode

ExampleZebOS# configure terminalZebOS(config)# policy-map pmap1ZebOS(config-pmap)# class cmap1ZebOS(config-pmap-c)# set cos 2

Related Commandsclass, policy-map, set ip-dscp, set ip-precedence

QoS Commands

©2001-2007 IP Infusion Inc. Confidential 335

set ip-dscpUse this command to set a DSCP value to assign to classified traffic. Use the no parameter with this command to remove a DSCP value.

Command Syntax(no) set ip-dscp <0-63>

Command ModeClass mode

ExampleZebOS# configure terminalZebOS(config)# policy-map pmap1ZebOS(config-pmap)# class cmap1ZebOS(config-pmap-c)# set ip-dscp 40

Related Commandsclass, policy-map, set cos, set ip-precedence

set ip-precedenceUse this command to set an IP-precedence value to assign to classified traffic. Use the no parameter with this command to remove an IP-precedence value.

Command Syntax(no) set cos ip-precedence <0-7>

Command ModeClass mode

ExampleZebOS# configure terminalZebOS(config)# policy-map pmap1ZebOS(config-pmap)# class cmap1ZebOS(config-pmap-c)# set ip-precedence 2

Related Commandsclass, policy-map, set ip cos, set ip dscp

set mpls exp-bit topmostUse this command to set the MPLS experimental-bit value in the topmost label for a policy map. Use the no parameter with this command to remove this setting from a policy map.

Command Syntax(no) set mpls exp-bit topmost <0-7>

<0-7> experimental value.

QoS Commands

336 ©2001-2007 IP Infusion Inc. Confidential

Command ModePolicy Map Class mode

UsageSet a new MPLS experimental-bit value in a packet to classify MPLS traffic.

ExampleThe following example shows configuring a policy map named pmap1 for class map cmap 1, and setting the MPLS experimental-bit value to 7 in a packet.

ZebOS(config)# policy-map pmap1ZebOS(config-pmap)#class cmap1ZebOS(config-pmap-c)#set mpls exp-bit topmost 7

show class-mapUse this command to display the QoS class maps to define the match criteria to classify traffic.

Command Syntaxshow class-map NAME

NAME name of the class map.

Command ModeExec mode and Privileged Exec mode

ExampleZebOS# show class-map cmap1 CLASS-MAP-NAME: cmap1 Set IP DSCP: 56 Match IP DSCP: 7

Related Commandsclass-map

show mls qos aggregator-policerUse this command to display the aggregate policer configuration.

Command Syntaxshow mls qos aggregator-policer NAME

NAME name of the aggregate policer.

Command ModeExec mode and Privileged Exec mode

ExampleZebOS#show mls qos aggregator-policer agp1 AGGREGATOR-POLICER-NAME: agp1

QoS Commands

©2001-2007 IP Infusion Inc. Confidential 337

Police: Average rate(1 kbps), burst size(1 bytes) Exceed-action drop

Related Commandsmls qos aggregate-police

show mls qos interfaceUse this command to display queueing and scheduling information for an interface.

Command Syntaxshow mls qos interface IFNAME

IFNAME interface name.

Command ModeExec mode and Privileged Exec mode

ExampleZebOS#show mls qos interface fe0 Schedule mode: weighted round-robin The number of egress queue: 8 Weights (priority): 0(1), 0(1), 0(1), 0(1), 0(1), 0(1), 0(1), 0(1)

show mls qos maps dscp-cosUse this command to display DSCP-to-CoS mapping information.

Command Syntaxshow mls qos maps dscp-cos NAME

NAME name of the DSCP-to-CoS map.

Command ModeExec mode and Privileged Exec mode

ExampleZebOS#show mls qos maps dscp-cos dc1 DSCP-TO-COS-MAP: dc1 d1 : d2 0 1 2 3 4 5 6 7 8 9 ------------------------------------------------- 0 : 4 4 4 4 4 4 4 4 1 1 1 : 1 1 1 1 1 1 2 2 2 2 2 : 2 2 2 2 3 3 3 3 3 3 3 : 3 3 4 4 4 4 4 4 4 4 4 : 5 5 5 5 5 5 5 5 6 6 5 : 6 6 6 6 6 6 7 7 7 7 6 : 7 7 7 7

Related Commandsmls qos map dscp-cos

QoS Commands

338 ©2001-2007 IP Infusion Inc. Confidential

show mls qos maps dscp-mutationUse this command to display DSCP-to-DSCP mutation mapping information.

Command Syntaxshow mls qos maps dscp-mutation NAME

NAME name of the DSCP-to-DSCP mutation map.

Command ModeExec mode and Privileged Exec mode

ExampleZebOS#show mls qos maps dscp-mutation dm1 DSCP-TO-DSCP-MUTATION-MAP: dm1 d1 : d2 0 1 2 3 4 5 6 7 8 9 ------------------------------------------------- 0 : 0 1 2 3 4 5 6 7 8 9 1 : 4 4 4 4 4 4 4 17 18 19 2 : 20 21 22 23 24 25 26 27 28 29 3 : 30 31 32 33 34 35 36 37 38 39 4 : 40 41 42 43 44 45 46 47 48 49 5 : 50 51 52 53 54 55 56 57 58 59 6 : 60 61 62 63

Related Commandsmls qos map dscp-mutation

show policy-mapUse this command to display QoS policy map information.

Command Syntaxshow policy-map NAME

NAME name of the policy map.

Command ModeExec mode and Privileged Exec mode

ExampleZebOS#show policy-map mapa class pmap1 POLICY-MAP-NAME: pmap1 State: detached

CLASS-MAP-NAME: cmap1 Set IP DSCP: 56 Match IP DSCP: 7

QoS Commands

©2001-2007 IP Infusion Inc. Confidential 339

Related Commandspolicy-map

show qos-access-listUse this command to display IP and MAC ACLs.

Command Syntaxshow qos-access-list ACCESS-LIST NUMBER|WORD

NUMBER access-list number<1-99> range for IP standard ACL<100-199> range for IP extended ACL<1300-1999> expanded range for IP standard ACL<2000-2699> expanded range for IP extended ACL

WORD access-list name

Command ModeExec mode and Privileged Exec mode

ExampleZebOS#show qos-access-list 1 Standard IP-QOS-ACCESS-LIST: 1 permit 11.11.11.50

Related Commandsip-access-list, mac-access list

wrr-queue bandwidthUse this command to specify the bandwidth ratios of the transmit queues. Use the no parameter with this command to return to the default bandwidth.

Command Syntaxwrr-queue bandwidth WRR_WTS

(no) wrr-queue bandwidth

WRR_WTS Weighted Round Robin (WRR) weights for the 8 queues (8 values separated by spaces). Range is 1-65535.

Command ModeConfigure mode

ExampleZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# wrr-queue bandwidth 100 300 400 200 600 800 700 1000

QoS Commands

340 ©2001-2007 IP Infusion Inc. Confidential

Related Commandswrr-queue queue-limit

wrr-queue cos-mapUse this command to specify CoS values for a queue. Use the no parameter with this command to return to the default setting.

Command Syntaxwrr-queue cos-map QUEUE_ID COS_VALUE

(no) wrr-queue cos-map

QUEUE_ID Queue ID. Range is 0-7.COS_VALUE CoS values. Up to 8 values (separated by spaces). Range is 0-7.

Command ModeConfigure mode

Usage A maximum of 8 CoS values can be used to create the CoS map.

ExampleThe following example shows mapping CoS values 0 and 1 to queue 1.

ZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# wrr-queue cos-map 1 0 1

wrr-queue dscp-mapUse this command to map the DSCP values to the Weighted Random Early Detection (WRED) thresholds of an egress queue. Use the no parameter with this command to return to the default setting.

Command Syntaxwrr-queue dscp-map THRESHOLD_ID DSCP_VALS

(no) wrr-queue dscp-map THRESHOLD_ID

THRESHOLD_ID Queue threshold ID. Range is 1-2.DSCP_VALS DSCP values mapped to a threshold ID; each value separated by 1 space. Range is 0-63. A

maximum of 8 DSCP values can be entered per command.

Command ModeConfigure mode

ExampleThe following example shows mapping DSCP values 0 to 9 to threshold 1, and DSCP values 10 to 14 to threshold 2.

ZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# wrr-queue dscp-map 1 0 1 2 3 4 5 6 7

QoS Commands

©2001-2007 IP Infusion Inc. Confidential 341

ZebOS(config-if)# wrr-queue dscp-map 1 8 9ZebOS(config-if)# wrr-queue dscp-map 2 10 11 12 13 14

Related Commandsshow mls qos interface, wrr-queue cos-map, wrr-queue threshold

wrr-queue min-reserveUse this command to configure the buffer size of the minimum-reserve level for a specific queue. Use the no parameter with this command to return to the default setting.

Command Syntaxwrr-queue min-reserve QUEUE_ID MINRES_LVL

(no) wrr-queue min-reserve QUEUE_ID

QUEUE_ID Queue ID. Range is 0-7.MINRES_LVL Minimum reserve level. Range is 1-8.

Command ModeConfigure mode

ExampleThe following example shows assigning a minimum reserve level of 5 to egress queue 1 on fe0.

ZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# wrr-queue min-reserve 1 5

Related Commandsshow mls qos interface

wrr-queue queue-limitUse this command to configure the egress queue size ratios. Use the no parameter with this command to return to the default setting.

Command Syntaxwrr-queue queue-limit QUEUE_WTS

(no) wrr-queue queue-limit

QUEUE_WTS Queue weight ratio for up to 8 queues. Range is 1-100.

Command ModeConfigure mode

UsageRatio should total 100 percent.

QoS Commands

342 ©2001-2007 IP Infusion Inc. Confidential

ExampleThe following example shows configuring a 75:25 ratio for queues 1 and 2, respectively.

ZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# wrr-queue queue-limit 75 25

Related Commandswrr-queue bandwidth

wrr-queue random-detect max-thresholdUse this command to configure the WRED drop threshold percentages for an egress queue. Use the no parameter with this command to return to the default setting.

Command Syntaxwrr-queue random-detect max-threshold QUEUE_ID THRESHOLD_WT1 THRESHOLD_WT2

(no) wrr-queue random-detect max-threshold QUEUE_ID

QUEUE_ID Queue ID. Range is 0-7.THRESHOLD_WT1 Low WRED value. Threshold weight in percent. Range is 1-100.THRESHOLD_WT2 High WRED value. Threshold weight in percent. Range is 1-100.

Command ModeConfigure mode

UsageWRED values are a percentage of queue capacity.

ExampleThe following example shows configuring threshold percentage weights of 60 and 100 on queue 1.

ZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# wrr-queue random-detect max-threshold 1 60 100

Related Commandswrr-queue random-detect max-threshold, wrr-queue queue-limit

wrr-queue thresholdUse this command to configure the tail-drop threshold percentages for a queue. Use the no parameter with this command to return to the default setting.

Command Syntaxwrr-queue threshold QUEUE_ID THRESHOLD_WT1 THRESHOLD_WT2

(no) wrr-queue threshold QUEUE_ID

QUEUE_ID Queue ID. Range is 0-7.THRESHOLD_WT1 Number of weights in percent for threshold 1. Range is 1-100.

QoS Commands

©2001-2007 IP Infusion Inc. Confidential 343

THRESHOLD_WT2 Number of weights in percent for threshold 2. Range is 1-100.

Command ModeConfigure mode

ExampleZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# wrr-queue threshold 1 60 100

Related Commandswrr-queue queue-limit

QoS Commands

344 ©2001-2007 IP Infusion Inc. Confidential

©2001-2007 IP Infusion Inc. Confidential 345

CHAPTER 19 NSM Firewall Commands

This chapter contains all NSM Firewall-related commands in alphabetical order.

access-list ipv6Use this command to specify the ZebOS IPv6 extended access-list to be used for the rules for the specified firewall group.

Use the no form of this command to disassociate the IPv6 access list from the group.

Command Syntax(no) access-list ipv6 NAME

NAME ZebOS IPv6 extended access-list name

Command ModeFirewall mode

UsageSee access-list.

access-listUse this command to specify the ZebOS extended access-list to be used for the rules for the specified firewall group.

Use the no form of this command to disassociate the access list from the group.

Command Syntax(no) access-list NAME

NAME ZebOS extended access-list name

Command ModeFirewall mode

UsageThe rules in the specified access-list are used by the firewall module to configure the firewall rules at the kernel level. If a group is already applied to an interface, or applied globally, associating another access-list to the group adds the new access-list rules to the existing group, and in turn, directly updates the kernel rules. Disassociating an access list from a configured group results in deletion of the access-list rules from the kernel.

ExampleZebOS#configure terminalZebOS(config)#firewall group 1ZebOS(config-ipfirewall)#access-list AT

NSM Firewall Commands

346 ©2001-2007 IP Infusion Inc. Confidential

firewall groupUse this command to specify a firewall group, and enter Firewall mode.

Use the no form of this command to negate a firewall group.

Command Syntax(no) firewall group <1-30>

<1-30> Group number.

Command ModeConfigure mode

UsageThis command can be used to enter Firewall mode to configure, or reconfigure, parameters of a firewall group.

To configure a firewall group, use this command to create a firewall group with the specified number, then use the access-list command to specify the list containing the rules.

The no keyword negates the group (deletes the rule if the rule is not already applied). To negate a group if the rules are already applied, use the no access-list command to negate the rules, then use the no firewall group command to negate the group.

ExampleThe following example shows specifying a firewall group.

ZebOS#configure terminalZebOS(config)#firewall group 1

The following example shows configuring incoming traffic on firewall group 1, globally, to use the rule list, AT.

ZebOS#configure terminalZebOS(config)#firewall group 1ZebOS(config-ipfirewall)#access-list ATZebOS(config-ipfirewall)#exitZebOS(config)#firewall enable group 1 in

The following example shows deleting firewall group 1, globally, with rules already applied.

ZebOS#configure terminalZebOS(config)#firewall group 1ZebOS(config-ipfirewall)#no access-list ATZebOS(config-ipfirewall)#exitZebOS(config)#no firewall group 1ZebOS(config)#firewall disable group 1

NSM Firewall Commands

©2001-2007 IP Infusion Inc. Confidential 347

firewall group in|outUse this command to apply the rules of a group to a particular interface.

Use the no form of this command to negate a firewall group on a particular interface.

Command Syntax(no) firewall group <1-30> in|out

<1-30> Group number.in Incoming traffic.out Outgoing traffic.

Command ModeInterface mode

UsageUse this command to apply the group rules on a particular interface. The in and out keywords specify whether to apply the rules on incoming or outgoing traffic.

ExampleZebOS#configure terminalZebOS(config)#interface eth0ZebOS(config-if)#firewall group 1 in

show firewall ruleUse this command to display all firewall rules configured at the kernel level.

Command Syntaxshow firewall rule

Command ModeExec mode

ExampleZebOS#show firewall ruleAF_INET @1 pass in log on eth0 proto icmp from 2.2.2.2/24 to 4.4.4.4/24 icmp_type 13group 1

NSM Firewall Commands

348 ©2001-2007 IP Infusion Inc. Confidential

©2001-2007 IP Infusion Inc. Confidential 349

CHAPTER 20 NSM Broadcom Stacking Commands

This chapter contains all Broadcom Stacking-related commands in alphabetical order.

Note: All show commands in this chapter work properly only when stacking is enabled in the SDK.

show stacking dbUse this command to display the CPU key (MAC address) of each CPU in the hardware stack.

Command Syntaxshow stacking db (all)

Command ModeExec mode

DefaultNone

ExampleZebOS# show stacking db-------------------------------------------- STACKING DATABASE--------------------------------------------Total Number of CPU's = 2 MAC ADDRESSES (KEY) 12:34:23:45:34:56 ab:34:23:45:34:56

Related Commandsshow stacking db

show stacking dump dbUse this command to display detailed information about each CPU in the hardware stack.

Command Syntaxshow stacking dump db

Command ModeExec mode

DefaultNone

NSM Broadcom Stacking Commands

350 ©2001-2007 IP Infusion Inc. Confidential

ExampleZebOS# show stacking dump db-------------------------------------------- DETAILED STACKING DATABASE-------------------------------------------- Total Number of CPU's = 1 Master CPU : 12:34:23:45:34:56 Local CPU : 12:34:23:45:34:56 MASTER: Total number of ports = 53 LOCAL : Total number of ports = 53 SYSTEM[1] KEY: 12:34:23:45:34:56 Num of units: 1 Master Pri: 0 StackPort[1]-> Unit: 0 Port: 23 Weight: 10000 Flags: 0 Info:

Related Commandsshow stacking db

show stacking localUse this command to display the MAC address (CPU key) of the local CPU.

Command Syntaxshow stacking local

Command ModeExec mode

DefaultNone

ExampleZebOS# show stacking localLocal CPU : 12:34:23:45:34:56

Related Commandsshow stacking master

show stacking masterUse this command to display the MAC address (CPU key) of the master CPU.

Command Syntaxshow stacking master

Command ModeExec mode

NSM Broadcom Stacking Commands

©2001-2007 IP Infusion Inc. Confidential 351

DefaultNone

ExampleZebOS# show stacking masterLocal CPU : 12:34:23:45:34:56

Related Commandsshow stacking local, stacking masterdev

show stacking numCPUUse this command to display the number of CPUs in the hardware stack.

Command Syntaxshow stacking numCPU

Command ModeExec mode

DefaultNone

ExampleZebOS# show stacking numCPUNumber of CPU entries in the system 1

Related Commandsstacking masterdev, show stacking local, show stacking master

stacking masterdevUse this command to set the MAC address of the master device in the stacking system.

Command Syntaxstacking masterdev MAC_ADDRESS

MAC_ADDRESS MAC (hardware) address of the CPU in HHHH.HHHH.HHHH format

Command ModeConfigure mode

DefaultNone

ExampleZebOS# stacking masterdev 1234.2345.3456CPU has been made the master CPU

NSM Broadcom Stacking Commands

352 ©2001-2007 IP Infusion Inc. Confidential

Related Commandsshow stacking local, show stacking master

©2001-2007 IP Infusion Inc. Confidential Index - 1

Index

Symbols(), meaning in command syntax notation 4, meaning in command syntax notation 4, meaning in command syntax notation 4?, meaning in command syntax notation 4|, meaning in command syntax notation 4

Aabbreviated commands 2about this command reference 1access-class 13, 28access-list 13, 28, 345

extended 14standard 15

access-list ipv6 345access-list zebos 16add a vrf entry 119admin-group 77advanced-vty service 47Angle brackets 4ANSI/ETSI PDH 136Arbitrary SONET/SDH 139arp A.B.C.D MAC 77authentication 318

Bbandwidth 78bandwidth-constraint 197banner 17bc-mode 197bridge acquire 205bridge address 206bridge ageing-time 206Bridge commands

bridge acquire 205bridge address 206bridge ageing-time 206bridge group 207bridge protocol ieee 207bridge protocol ieee vlan-bridge 208bridge protocol mstp 208bridge protocol rstp 208bridge protocol rstp vlan-bridge 209clear mac address-table 209clear mac address-table bridge 210clear mac address-table dynamic 211clear mac address-table dynamic bridge 211mac-address-table static 212show bridge 212show interfaces switchport bridge 213

switchport 214bridge group 207bridge protocol ieee 207bridge protocol ieee vlan-bridge 208bridge protocol mstp 208bridge protocol provider-mstp 273bridge protocol provider-rstp 274bridge protocol rstp 208bridge protocol rstp vlan-bridge 209Broadcom Stacking Commands

show stacking db 349show stacking dump db 349show stacking local 350show stacking master 350show stacking numCPU 351stacking masterdev 351

Cce-vlan preserve-cos 284channel-group mode 287class 323class command mode 11class map command mode 11class-map 323clear crypto isakmp 307clear crypto sa 307clear crypto sa entry 308clear crypto sa map 308clear crypto sa peer 308clear gmrp statistics 231clear gvrp statistics 240clear ip igmp 141clear ip igmp groups 141clear ip igmp interface 142clear ip mroute 177clear ip mroute statistics 177clear ip prefix-list 18clear ip route kernel 78clear ipv6 mld 159clear ipv6 mld groups 159clear ipv6 mld interface 160clear ipv6 mroute 178clear ipv6 mroute statistics 178clear ipv6 neighbors 79clear mac address-table 209clear mac address-table bridge 210clear mac address-table dynamic 211clear mac address-table dynamic bridge 211clear mmrp statistics 246clear mmrp statistics vlanid 247clear mvrp interface statistics 261clear mvrp statistics all 261

Index - 2 ©2001-2007 IP Infusion Inc. Confidential

Index

clear mvrp statistics bridge 262command abbreviation 2command abbreviations 2command line errors 3command line help 1command line interface

online help access 1syntax 2

Command Modesclass 11class map 11illustration QoS modes 11policy map 11

command modesdefinitions 10

command negation 6command nodes

see command modes 10commands common to multiple protocols 13Commands Common to Protocols

access-class 13access-list 13access-list extended 14access-list standard 15access-list zebos 16banner 17clear ip prefix-list 18configure terminal 18copy running-config startup-config 18description 19disable 19enable 20enable password 20end 22exec-timeout 22exit 23help 23hostname 24ip prefix-list 24ip remote-address 25ip unnumbered 26ipv6 access-class 28ipv6 access-list 28ipv6 access-list zebos 29ipv6 prefix-list 30ipv6 unnumbered 31line vty 33log file 33log record-priority 34log stdout 34log syslog 35log trap 35login 36match as-path 37match community 37match interface 38match ip address 39match ip address prefix-list 39match ip next-hop 40

match ip next-hop prefix-list 41match ipv6 address 41match ipv6 address prefix-list 42match ipv6 next-hop 43match metric 43match origin 44match route-type 45match tag 45password 46route-map 46service advanced-vty 47service password-encryption 48service terminal-length 48set aggregator 49set as-path 49set atomic-aggregate 50set comm-list delete 51set community 51set dampening 52set extcommunity 53set ip next-hop 54set ipv6 next-hop 54set level 55set metric 55set metric-type 56set origin 57set originator-id 57set tag 58set vpnv4 next-hop 58set weight 59show access-list 60show cli 60show history 61show ip prefix-list 62show list 62show memory all 63show memory free 65show memory lib 66show memory summary 68show route-map 69show running-config 69show startup-config 71show version 72terminal length 73terminal monitor 73who 73write file 74write memory 74write terminal 74

common commands 13Common NSM Layer-2 commands

flowcontrol off 201flowcontrol on 201mirror interface 202show flowcontrol interface 202show mirror 203show mirror interface 203show storm-control 204show storm-control broadcast interface 204

©2001-2007 IP Infusion Inc. Confidential Index - 3

Index

storm-control level 205configure terminal 18Configure, command mode definition 10copy running-config start-config 18crypto ipsec security-association lifetime 309crypto ipsec transform-set 309crypto isakmp enable 316crypto isakmp keepalive 316crypto isakmp key 316crypto isakmp policy 317crypto map 320crypto map ipsec-manual | ipsec-isakmp 310crypto map local-address 311cvlan registration table 274cvlan svlan 275

DDebug Commands

debug igmp 142debug mld 160debug nsm 79debug nsm events 79debug nsm kernel 80debug nsm packet 80no debug nsm events 91no debug nsm kernel 91no debug nsm packet 91undebug nsm all 102undebug nsm events 102undebug nsm kernel 102undebug nsm packet 103

debug gmrp 231debug gvrp 240debug igmp 142debug mld 160debug nsm 79

events 79kernel 80packet 80

debug nsm mcast 178description 19DiffServ Commands 193

mpls class-to-exp-bit 193mpls support-diffserv-class 193show mpls diffserv 193show mpls diffserv class-to-exp 195show mpls diffserv configurable-dscp 195show mpls diffserv supported-dscp 196

Digital Wrapper 135disable 19display configurable dscp value 195display diffserv class-to-exp 195display LSPs originating from router 121display mpls diffserv 193display supported dscp value 196

Eenable 20enable password 20encryption 318end 22Ethernet 135ethernet uni 285ethernet unit id NAME 285Exec, command mode definition 10exec-timeout 22exit 23extended access-list 14

Ffib retain 80Fiber 136Fiber Channel 136Firewall Commands

access-list 345access-list ipv6 345firewall group 346firewall group in|out 347show firewall rule 347

firewall group 346firewall group in|out 347flowcontrol off 201flowcontrol on 201fsc 135

Ggmpls capability-type 135GMPLS Commands

gmpls capability-type 135gmpls encoding-type 135gmpls link-id 136gmpls min-lsp-bandwidth 137gmpls protection-type 137gmpls risk-group 138gmpls sdh-indication 139

gmpls encoding-type 135gmpls link-id 136gmpls min-lsp-bandwidth 137gmpls protection-type 137gmpls risk-group 138gmpls sdh-indication 139GMRP commands

clear gmrp statistics 231debug gmrp 231set gmrp 232set gmrp bridge 232set gmrp extended-filtering bridge 233set gmrp fwdall 233set gmrp registration 234set gmrp timer 234set gmrp vlan 235set port gmrp 236

Index - 4 ©2001-2007 IP Infusion Inc. Confidential

Index

set port gmrp vlan 236show gmrp configuration 237show gmrp configuration bridge 237show gmrp machine 238show gmrp machine bridge 238show gmrp statistics 239show gmrp timer 239

group 319GVRP Commands

clear gvrp statistics 240debug gvrp 240show gvrp configuration bridge 244

GVRP commandsset gvrp 241set gvrp applicant 241set gvrp bridge 242set gvrp dynamic-vlan-creation 242set gvrp dynamic-vlan-creation bridge 242set gvrp registration 243set gvrp timer 243set port gvrp 244show gvrp machine bridge 245show gvrp statistics 245show gvrp timer 246

Hhash 319help 23hostname 24

Iif-arbiter 81IGMP Commands

clear ip igmp 141clear ip igmp groups 141clear ip igmp interface 142debug igmp 142debug mld 160ip igmp 143ip igmp access-group 143ip igmp immediate-leave 144ip igmp last-member-query-count 145ip igmp last-member-query-interval 145ip igmp limit 146ip igmp mroute-proxy 147ip igmp proxy-service 147ip igmp querier-timeout 148ip igmp query-interval 148ip igmp query-max-response-time 149ip igmp robustness-variable 150ip igmp snooping 150ip igmp snooping fast-leave 151ip igmp snooping mrouter 151ip igmp snooping querier 152ip igmp snooping report-suppression 152ip igmp ssm-map enable 153ip igmp ssm-map static 153

ip igmp static-group 154ip igmp version 155ipv6 mld proxy-service 165show ip igmp groups 156show ip igmp interface 157show ip igmp snooping mrouter 158show ip igmp snooping statistics 158

interface 82Interface Switching Capability Descriptor 135interface tunnel 297Interface, command mode definition 10Interpeak Security Commands 307

authentication 318clear crypto isakmp 307clear crypto sa 307clear crypto sa entry 308clear crypto sa map 308clear crypto sa peer 308crypto ipsec security-association lifetime 309crypto ipsec transform-set 309crypto isakmp enable 316crypto isakmp keepalive 316crypto isakmp key 316crypto isakmp policy 317crypto map 320crypto map ipsec-manual | ipsec-isakmp 310crypto map local-address 311encryption 318group 319hash 319lifetime 319match address 311mode 312set peer 313set security-association lifetime 313set session-key 314set transform-set 315show crypto ipsec sa 321show crypto ipsec transform-set 321show crypto isakmp policy 321show crypto isakmp sa 322show crypto map 322

ip address 82ip forwarding 83ip igmp 143ip igmp access-group 143ip igmp immediate-leave 144ip igmp last-member-query-count 145ip igmp last-member-query-interval 145ip igmp limit 146ip igmp mroute-proxy 147ip igmp proxy-service 147ip igmp querier-timeout 148ip igmp query-interval 148ip igmp query-max-response-time 149ip igmp robustness-variable 150ip igmp snooping 150ip igmp snooping fast-leave 151ip igmp snooping mrouter 151

©2001-2007 IP Infusion Inc. Confidential Index - 5

Index

ip igmp snooping querier 152ip igmp snooping report-suppression 152ip igmp ssm-map enable 153ip igmp ssm-map static 153ip igmp static-group 154ip igmp version 155ip mroute 179ip multicast route-limit command 180ip multicast ttl-threshold 180ip multicast-routing 181ip prefix-list 24ip proxy-arp 83ip remote-address 25ip route 84ip route vrf 105ip unnumbered 26ip vrf 105ip vrf forwarding 106ip-access-list 324ipv6 access-class 28ipv6 access-list zebos 29ipv6 forwarding 84ipv6 mld 161ipv6 mld access-group 161ipv6 mld immediate-leave 162ipv6 mld last-member-query-count 163ipv6 mld last-member-query-interval 163ipv6 mld limit 164ipv6 mld mroute-proxy 165ipv6 mld proxy-service 165ipv6 mld querier-timeout 166ipv6 mld query-interval 166ipv6 mld query-max-response-time 167ipv6 mld robustness-variable 167ipv6 mld snooping 168ipv6 mld snooping fast-leave 169ipv6 mld snooping mrouter 169ipv6 mld snooping querier 170ipv6 mld snooping report-suppression 170ipv6 mld ssm-map enable 171ipv6 mld ssm-map static 171ipv6 mld static-group 172ipv6 mld version 173ipv6 mroute 181ipv6 multicast route-limit 182ipv6 multicast-routing 183ipv6 nd prefix 85ipv6 neighbor 88ipv6 prefix-list command 30ipv6 route 89ipv6 unnumbered 31

Ll2-protocol 275l2protocol-tunnel 285l2sc 135label-switching 109LACP Commands

channel-group mode 287no channel-group 287no static-channel-group 289show etherchannel 288show static-channel-group 288static-channel-group 289

Lambda (photonic) 136Layer 2 commands

vlan type 283lifetime 319line vty 33Line, command mode definition 10link protection type 138log file 33log record-priority 34log stdout 34log syslog 35log trap 35login 36lowercase, meaning in command syntax notation 4lsc 135

Mmac-access-list 325mac-address-table static 212managed-config-flag 84manual

conventions, procedures and syntax 4match access-group 325match address 311Match and Set Commands

match as-path 37match community 37match interface 38match ip address 39match ip address prefix-list 39match ip next-hop 40match ip next-hop prefix-list 41match ipv6 address 41match ipv6 address prefix-list 42match ipv6 next-hop 43match metric 43match origin 44match route-type 45match tag 45set aggregator 49set as-path 49set atomic-aggregate 50set comm-list delete 51set community 51set dampening 52set extcommunity 53set ip next-hop 54set ipv6 next-hop 54set level 55set metric 55set metric-type 56set origin 57

Index - 6 ©2001-2007 IP Infusion Inc. Confidential

Index

set originator-id 57set tag 58set vpnv4 next-hop 58set weight 59

match commandorigin 44

match ip-dscp 326match ip-precedence 326match layer4 326match mpls exp-bit topmost 327match vlan 327match vlan-range 328MEF UNI commands

2protocol-tunnel 285ce-vlan preserve-cos 284ethernet uni 285ethernet uni id NAME 285

mirror interface 202MLD Commands

clear ipv6 mld 159clear ipv6 mld groups 159clear ipv6 mld interface 160ipv6 mld 161ipv6 mld access-group 161ipv6 mld immediate-leave 162ipv6 mld last-member-query-count 163ipv6 mld last-member-query-interval 163ipv6 mld limit 164ipv6 mld mroute-proxy 165ipv6 mld querier-timeout 166ipv6 mld query-interval 166ipv6 mld query-max-response-time 167ipv6 mld robustness-variable 167ipv6 mld snooping 168ipv6 mld snooping fast-leave 169ipv6 mld snooping mrouter 169ipv6 mld snooping querier 170ipv6 mld snooping report-suppression 170ipv6 mld ssm-map enable 171ipv6 mld ssm-map static 171ipv6 mld static-group 172ipv6 mld version 173show ipv6 mld groups 174show ipv6 mld interface 174show ipv6 mld snooping mrouter 175show ipv6 mld snooping statistics 176show ipv6 mroute 187

mls qos 328mls qos aggregate-police 329mls qos dscp-cos 329mls qos dscp-mutation 330mls qos map dscp-cos 330mls qos map dscp-mutation 331mls qos min-reserve 331MMRP commands

clear mmrp statistics 246clear mmrp statistics vlanid 247set mmrp 247set mmrp bridge 248

set mmrp disable bridge 248set mmrp disable bridge vlan 249set mmrp enable bridge 249set mmrp enable bridge vlan 250set mmrp extended-filtering 250set mmrp extended-filtering disable bridge 251set mmrp extended-filtering enable bridge 251set mmrp fwdall disable 252set mmrp fwdall enable 252set mmrp ltimer leavealll 253set mmrp pointtopoint enable 254set mmrp registration fixed 254set mmrp registration forbidden 254set mmrp registration normal 255set mmrp timer join 253set port mmrp disable 255set port mmrp disable vlan 256set port mmrp enable 257set port mmrp enable vlan 257show mmrp configuration 258show mmrp configuration bridge 258show mmrp machine 259show mmrp machine bridge 259show mmrp statistics vlanid bridge 259show mmrp timer 260

mode 312mpls admin-groups 109mpls class-to-exp-bit 193mpls class-type 197mpls disable-all-interfaces 110mpls egress-ttl 110mpls enable-all-interfaces 110mpls ftn-entry 111mpls ilm-entry 112mpls ingress-ttl 112mpls l2-circuit 113mpls l2-circuit-ftn-entry 114mpls l2-circuit-ilm-entry 114MPLS Layer-2 VC Commands

see VC Commandsmpls local-packet-handling 115mpls log 115mpls lsp-model pipe 116mpls lsp-tunneling 116mpls map-route 117mpls max-label-value 117mpls min-label-value 118mpls propagate-ttl 118mpls support-diffserv-class 193mpls te-class 198mpls vpls 291mpls vrf-entry 119mpls-l2-circuit 113mpls-vpls 291multicast 90Multicast Commands

clear ip mroute 177clear ip mroute statistics 177clear ipv6 mroute 178

©2001-2007 IP Infusion Inc. Confidential Index - 7

Index

clear ipv6 mroute statistics 178debug nsm mcast 178ip mroute 179ip multicast route-limit 180ip multicast ttl-threshold 180ip multicast-routing 181ipv6 mroute 181ipv6 multicast route-limit 182ipv6 multicast-routing 183multicast 90show ip mroute 183show ip mroute count 184show ip mroute summary 185show ip mvif 186show ip rpf 186show ipv6 mif 187show ipv6 mroute 187show ipv6 mroute count 188show ipv6 mroute summary 189show ipv6 rpf 190

multicast routing 181, 183MVRP Ccmmands

set mvrp dynamic-vlan-creation enable bridge 265MVRP commands

clear mvrp interface statistics 261clear mvrp statistics all 261clear mvrp statistics bridge 262set mvrp 262set mvrp applicant state active 262set mvrp applicant state normal 263set mvrp disable bridge 263set mvrp dynamic-vlan-creation 264set mvrp dynamic-vlan-creation disable bridge 264set mvrp enable bridge 265set mvrp pointtopoint enable 267set mvrp registration fixed 267set mvrp registration forbidden 268set mvrp registration normal 268set mvrp timer join 266set mvrp timer leave 266set mvrp timer leaveall 267set port mvrp disable 269set port mvrp enable 269show mvrp configuration 270show mvrp configuration all 271show mvrp interface statistics 271show mvrp machine bridge 272show mvrp statistics 272show mvrp timer 273

Nno channel-group 287no debug nsm

kernel 91packet 91

no debug nsm kernel command 91, 103no parameter, action of 6no static-channel-group 289

NSM DiffServ-TE Commands 197bandwidth-constraint 197bc-mode 197mpls class-type 197mpls te-class 198show mpls dste 198show mpls dste class-type 199show mpls dste te-class 199

NSM GMPLS Commands 135NSM LACP Commands 287NSM Layer-2 Commands 201NSM MPLS Commands 109NSM MPLS OAM Commands 126NSM Multicast Commands 177NSM VPLS Commands 291

mpls vpls 291mpls-vpls 291show mpls vpls 291show mpls vpls detail 292show mpls vpls mesh 293show mpls vpls spoke 293vpls-description 294vpls-mtu 294vpls-peer 295vpls-vc 295

NSM VPN Commands 105

Oother-config-flag 85

Pparameter expansion 7parenthesis not part of command 4password 46password-encryption service 48ping mpls ipv4 126ping mpls l2-circuit 127ping mpls l3vpn 127ping mpls ldp 128ping mpls rsvp 129ping mpls vpls 130police command 332police-aggregate 332policy map command mode 11policy-map 333prefix-list 24private-vlan association bridge 228private-vlan bridge 228Private-VLAN commands

private-vlan association bridge 228private-vlan bridge 228show vlan private-vlan bridge 230switchport mode private-vlan 229switchport private-vlan host-association 229switchport private-vlan mapping 230

Privileged Exec, command mode definition 10Provider Bridging commands

Index - 8 ©2001-2007 IP Infusion Inc. Confidential

Index

bridge protocol provider-mstp 273bridge protocol provider-rstp 274cvlan registration table 274cvlan svlan 275l2-protocol 275switchport allowed vlan 276switchport customer-edge access vlan 276switchport customer-edge hybrid allowed vlan 277switchport customer-edge hybrid vlan 277switchport customer-edge vlan registration 278switchport customer-network vlan translation 278switchport mode 279switchport mode customer-edge access 279switchport mode customer-edge hybrid 280switchport mode customer-edge trunk 281switchport provider-edge vlan 281switchport provider-network vlan translation’switchport

provider-network vlan translation 282switchport trunk customer-edge allowed vlan 282vlan type access-map 283vlan type bridge 284

psc1 135psc2 135psc3 135psc4 135

QQoS Command Modes 11QoS commands

class 323class-map 323ip-access-list 324mac-access-list 325match access-group 325match ip-dscp 326match ip-precedence 326match layer4 326match mpls exp-bit topmost 327match vlan 327match vlan-range 328mls qos 328mls qos aggregate-police 329mls qos dscp-cos 329mls qos map dscp-cos 330mls qos map dscp-mutation 331mls qos min-reserve 331mos qos dscp-mutation 330police 332police-aggregate 332policy-map 333service-policy input 334set cos| 334set ip-dscp 335set ip-precedence 335set mpls exp-bit topmost 335show class-map 336show mls qos aggregator-policer 336show mls qos interface 337

show mls qos maps dscp-cos 337show mls qos maps dscp-mutation 338show policy-map 338show qos-access-list 339wrr-queue bandwidth 339wrr-queue cos-map 340wrr-queue dscp-map 340wrr-queue min-reserve 341wrr-queue queue-limit 341wrr-queue random-detect max-threshold 342wrr-queue threshold 342

Question mark 4

Rra-interval 86ra-lifetime 87reachable-time 87reservable bandwidth 191reservable-bandwidth 191rmon alarm 303rmon collection history 303rmon collection stats 304RMON Commands 303

rmon alarm 303rmon collection history 303rmon collection stats 304rmon event 305show rmon alarm 305show rmon event 306show rmon history 306show rmon statistics 306

rmon event 305route-map 46Router Advertised Commands

ipv6 nd managed-config-flag 84ipv6 nd other-config-flag 85ipv6 nd prefix 85ipv6 nd ra-interval 86ipv6 nd ra-lifetime 87ipv6 nd reachable-time 87ipv6 nd suppress-ra 88

SSDH ITU-T G.707 136service

advanced-vty 47password-encryption 48terminal-length 48

service advanced-vty 47service password-encryption 48service terminal-length 48service-policy input 334set cos 334set gmrp 232set gmrp bridge 232set gmrp extended-filtering bridge 233set gmrp fwdall 233

©2001-2007 IP Infusion Inc. Confidential Index - 9

Index

set gmrp registration 234set gmrp timer 234set gmrp vlan 235set gvrp 241set gvrp applicant 241set gvrp bridge 242set gvrp dynamic-vlan-creation 242set gvrp dynamic-vlan-creation bridge 242set gvrp registration 243set gvrp timer 243set ip-dscp 335set ip-precedence 335set mmrp 247set mmrp bridge 248set mmrp disable bridge 248set mmrp disable bridge vlan 249set mmrp enable bridge 249set mmrp enable bridge vlan 250set mmrp extended-filtering 250set mmrp extended-filtering disable bridge 251set mmrp extended-filtering enable bridge 251set mmrp fwdall disable 252set mmrp fwdall enable 252set mmrp pointtopoint enable 254set mmrp registration fixed 254set mmrp registration forbidden 254set mmrp registration norma 255set mmrp timer join 253set mmrp timer leaveall 253set mpls exp-bit topmost 335set mvrp 262set mvrp applicant state active 262set mvrp applicant state normal 263set mvrp disable bridge 263set mvrp dynamic-vlan-creation 264set mvrp dynamic-vlan-creation disable bridge 264set mvrp dynamic-vlan-creation enable bridge 265set mvrp enable bridge 265set mvrp pointtopoint enable 267set mvrp registration fixed 267set mvrp registration forbidden 268set mvrp registration normal 268set mvrp timer join 266set mvrp timer leave 266set mvrp timer leaveall 267set peer 313set port gmrp 236set port gmrp vlan 236set port gvrp 244set port mmrp disable 255set port mmrp disable vlan 256set port mmrp enable 257set port mmrp enable vlan 257set port mvrp disable 269set port mvrp enable 269set security-association lifetime 313set session-key 314set transform-set 315Shared Risk Link Group 138

showhistory 61ip access-list 93ip route vrf 106ip vrf 107

show access-list 60show bridge 212show class-map 336show cli 60show crypto ipsec sa 321show crypto ipsec transform-set 321show crypto isakmp policy 321show crypto isakmp sa 322show crypto map 322show debugging nsm 92show etherchannel 288show firewall rule 347show flowcontrol interface 202show gmrp configuration 237show gmrp configuration bridge 237show gmrp machine 238show gmrp machine bridge 238show gmrp statistics 239show gmrp timer 239show gvrp configuration bridge 244show gvrp machine bridge 245show gvrp statistics 245show gvrp timer 246show interface 92show interfaces switchport bridge 213show ip access-list 93show ip forwarding 94show ip igmp groups 156show ip igmp interface 157show ip igmp snooping mrouter 158show ip igmp snooping statistics 158show ip interface brief 94show ip mroute 183show ip mroute count 184show ip mroute summary 185show ip mvif 186show ip prefix-list 62show ip route 95show ip route database 96show ip route summary 97show ipv6 interface brief 98show ipv6 mif 187show ipv6 mld groups 174show ipv6 mld interface 174show ipv6 mld snooping mrouter 175show ipv6 mld snooping statistics 176show ipv6 mroute count 188show ipv6 mroute summary 189show ipv6 neighbors 99show ipv6 route summary 100show list 62show memory

all 63show memory free 65

Index - 10 ©2001-2007 IP Infusion Inc. Confidential

Index

show memory lib 66show memory summary 68show mirror 203show mirror interface 203show mls qos aggregator-policer 336show mls qos interface 337show mls qos maps dscp-cos 337show mls qos maps dscp-mutation 338show mmrp configuration 258show mmrp configuration bridge 258show mmrp machine 259show mmrp machine bridge 259show mmrp statistics vlanid bridge 259show mmrp timer 260show mpls 119show mpls admin-groups 120show mpls cross-connect-table 120show mpls diffserv 193show mpls diffserv class-to-exp 195show mpls diffserv configurable-dscp 195show mpls diffserv supported-dscp 196show mpls dste 198show mpls dste class-type 199show mpls dste te-class 199show mpls forwarding-table 121show mpls ftn-table 122show mpls ilm-table 122show mpls in-segment-table 123show mpls l2-circuit 123show mpls l2-circuit-group 124show mpls log 124show mpls mapped-routes 125show mpls out-segment-table 125show mpls vc-table 125show mpls vpls 291show mpls vpls detail 292show mpls vpls mesh 293show mpls vpls spoke 293show mpls vrf-table 126show mvrp configuration 270show mvrp configuration all 271show mvrp interface statistics 271show mvrp machine bridge 272show mvrp statistics 272show mvrp timer 273show nsm client 101show policy-map 338show qos-access-list 339show rmon alarm 305show rmon event 306show rmon history 306show rmon statistics 306show route-map 69show router-id 101show stacking db 349show stacking dump db 349show stacking local 350show stacking master 350show stacking numCPU 351

show startup-config 71show static-channel-group 288show storm-control 204show storm-control broadcast interface 204show unning-config 69show version 72show vlan 215show vlan all 215show vlan all bridge 215show vlan brief 216show vlan classifier group 216show vlan classifier interface group 217show vlan classifier rule 217show vlan dynamic bridge 218show vlan private-vlan bridge 230show vlan static bridge 218Square brackets 4stacking masterdev 351standard access-list 15Standard SONET/SDH 139static-channel-group 289storm-control level 205suppress-ra 88switching capability 136switchport 214switchport access vlan 219switchport allowed vlan 276switchport customer-edge access vlan 276switchport customer-edge hybrid allowed vlan 277switchport customer-edge hybrid vlan 277switchport customer-edge vlan registration 278switchport customer-network vlan translation 278switchport hybrid allowed vlan 219switchport hybrid vlan 220switchport mode 279switchport mode access 221switchport mode customer-edge access 279switchport mode customer-edge hybrid 280switchport mode customer-edge trunk 281switchport mode hybrid 221switchport mode private-vlan 229switchport mode trunk 222switchport private-vlan host-association 229switchport private-vlan mapping 230switchport provider-edge vlan 281switchport trunk allowed vlan 223switchport trunk customer-edge allowed vlan 282switchport trunk native vlan 224syntax conventions 4syntax help 2

Ttdm 135terminal length 73terminal monitor 73terminal-length 48Time Division Multiplexing 139trace mpls ipv4 130

©2001-2007 IP Infusion Inc. Confidential Index - 11

Index

trace mpls l2-circuit 131trace mpls l3vpn 132trace mpls ldp 132trace mpls rsvp 133trace mpls vpls 134tunnel checksum 297tunnel destination 298tunnel mode 298tunnel mode ipv6ip 299tunnel path-mtu-discovery 300tunnel source 300tunnel tos 301tunnel ttl 301Tunneling Commands 297

interface tunnel 297tunnel checksum 297tunnel destination 298tunnel mode 298tunnel mode ipv6ip 299tunnel path-mtu-discovery 300tunnel source 300tunnel tos 301tunnel ttl 301

Uundebug nsm

kernel 102packet 103

undebug nsm all 102UPPERCASE, meaning in command syntax notation 4

Vvariable parameter expansion 7VC Commands

label-switching 109mpls admin-groups 109mpls disable-all-interfaces 110mpls egress-ttl 110mpls enable-all-interfaces 110mpls ftn-entry 111mpls ilm-entry 112mpls ingress-ttl 112mpls l2-circuit 113mpls l2-circuit-ftn-entry 114mpls l2-circuit-ilm-entry 114mpls local-packet-handling 115mpls log 115mpls max-label-value 117mpls min-label-value 118mpls-l2-circuit 113show mpls admin-groups 120show mpls cross-connect-table 120show mpls l2-circuit 123show mpls l2-circuit-group 124show mpls log 124

vertical bar 4vlan bridge 224

vlan classifier ipv4 225vlan classifier mac 225vlan classifier proto 226VLAN commands

show vlan 215show vlan all 215show vlan all bridge 215show vlan brief 216show vlan classifier group 216show vlan classifier interface group 217show vlan classifier rule 217show vlan dynamic bridge 218show vlan static bridge 218switchport access vlan 219switchport hybrid allowed vlan 219switchport hybrid vlan 220switchport mode access 221switchport mode hybrid 221switchport mode trunk 222switchport trunk allowed vlan 223switchport trunk native vlan 224vlan bridge 224vlan classifier ipv4 225vlan classifier mac 225vlan classifier proto 226vlan database 226vlan mtu bridge 227vlan state 227

vlan database command 226vlan mtu bridge 227vlan state 227vlan type 283vlan type access-map 283vlan type bridge 284vpls-description 294vpls-mtu 294vpls-peer 295vpls-vc 295VPN Commands

ip route vrf 105ip vrf 105ip vrf forwarding 106show ip route vrf 106show ip vrf 107

Wwho 73write file 74write memory 74write terminal 74wrr-queue bandwidth 339wrr-queue cos-map 340wrr-queue dscp-map 340wrr-queue min-reserve 341wrr-queue queue-limit 341wrr-queue random-detect max-threshold 342wrr-queue threshold 342

Index - 12 ©2001-2007 IP Infusion Inc. Confidential

Index

ZZebOS Commands

maximum-paths 90mtu 90

ZebOS ipv6 Commandsipv6 address 89ipv6 route 89show ipv6 forwarding 98show ipv6 route 99

ZebOS MPLS Commandsegress-ttl 110enable-all-interfaces 110ftn-entry 111ilm-entry 112ingress-ttl 112l2-circuit 113l2-circuit-ftn-entry 114l2-circuit-ilm-entry 114label-switching 109local-packet-handling 115log 115lsp-tunneling 116map-route 117max-label-value 117min-label-value 118mpls admin-groups 109mpls disable-all-interfaces 110mpls lsp-model pipe 116mpls propagate-ttl 118mpls-l2-circuit 113show mpls 119show mpls admin-groups 120show mpls cross-connect-table 120show mpls forwarding-table 121show mpls ftn-table 122show mpls ilm-table 122show mpls in-segment-table 123show mpls l2-circuit 123show mpls l2-circuit-group 124show mpls log 124show mpls mapped-routes 125show mpls out-segment-table 125show mpls vc-table 125show mpls vrf-table 126vrf entry 119

ZebOS MPLS OAM Commandsping mpls ipv4 126ping mpls l2-circuit 127ping mpls l3vpn 127ping mpls ldp 128ping mpls rsvp 129ping mpls vpls 130trace mpls ipv4 130trace mpls l2-circuit 131trace mpls l3vpn 132trace mpls ldp 132trace mpls rsvp 133

trace mpls vpls 134ZebOS NSM Commands 77

admin-group 77arp A.B.C.D MAC 77bandwidth 78clear ip route kernel 78clear ipv6 neighbors 79debug nsm 79

events 79kernel 80no debug nsm kernel 91packet 80, 91, 103undebug nsm all 102undebug nsm events 102undebug nsm kernel 102

fib retain 80if-arbiter 81interface 82ip address 82ip forwarding 83ip proxy-arp 83ip route 84ipv6 address 89ipv6 forwarding 84ipv6 nd managed-config-flag 84ipv6 nd other-config-flag 85ipv6 nd prefix 85ipv6 nd ra-interval 86ipv6 nd ra-lifetime 87ipv6 nd reachable-time 87ipv6 nd suppress-ra 88ipv6 neighbor 88ipv6 route 89maximum-paths 90mtu 90multicast 90no debug nsm

no debug nsm events 91show debugging nsm 92show interface 92show ip access-list 93show ip forwarding 94show ip interface brief 94show ip route 95show ip route database 96show ip route summary 97show ipv6 forwarding 98show ipv6 interface brief 98show ipv6 neighbors 99show ipv6 route 99show ipv6 route summary 100show nsm client 101show router-id 101shutdown 102

ZebOS TE Commandsreservable-bandwidth 191