NSMC Command
description
Transcript of NSMC Command
IP Infusion Confidential
ZebOS® Intelligent Network Software
Version 7.5
NSM Command ReferenceMarch 2007
ii IP Infusion Confidential
© 2001-2007 IP Infusion Inc. All Rights Reserved.
This documentation is subject to change without notice. The software described in this document and this documentation are furnished under a license agreement or nondisclosure agreement. The software and documentation may be used or copied only in accordance with the terms of the applicable agreement. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form or any means electronic or mechanical, including photocopying and recording for any purpose other than the purchaser's internal use without the written permission of IP Infusion Inc.
IP Infusion Inc. 125 S. Market Street, 9th FloorSan Jose, CA 95113
(408) 794-1500 - main(408) 278-0521 - fax
For support, questions, or comments via E-mail, contact:[email protected]
Trademarks:
ZebOS is a registered trademark, and IP Infusion and the ipinfusion logo are trademarks of IP Infusion Inc.All other trademarks are trademarks of their respective companies.
©2001-2007 IP Infusion Inc. Confidential iii
Table of Contents
CHAPTER 1 ZebOS Command Line Interface Environment . . . . . . . . . . . . . 1About This Command Reference . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1Command Line Interface Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1
Definitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1Command Line Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1Syntax Help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .2
Command Reference Primer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4Typographic Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .4
Format used for Command Description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6Command Negation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .6Variable Parameter expansion. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7
Other Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .7Show Command Tokens. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .8Common Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .10QoS Command Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
CHAPTER 2 Commands Common to Multiple Protocols . . . . . . . . . . . . . . . 13access-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .13access-list extended . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .14access-list standard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .15access-list zebos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .16banner . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .17clear ip prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18configure terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18copy running-config startup-config. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .18description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .19enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20enable password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .20end . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22exec-timeout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .22exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .23hostname . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24ip prefix-list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .24ip remote-address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .25ip unnumbered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .26ipv6 access-class. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28ipv6 access-list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .28ipv6 access-list zebos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .29
Table of Contents
iv ©2001-2007 IP Infusion Inc. Confidential
ipv6 prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30ipv6 unnumbered . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31line vty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33log file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33log record-priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34log stdout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34log syslog . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35log trap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35login . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36match as-path. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37match community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37match interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38match ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39match ip address prefix-list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39match ip next-hop. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40match ip next-hop prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41match ipv6 address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41match ipv6 address prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42match ipv6 next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43match metric. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43match origin . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44match route-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45match tag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45password . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46route-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46service advanced-vty . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47service password-encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48service terminal-length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48set aggregator . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49set as-path . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49set atomic-aggregate . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50set comm-list delete . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51set community . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51set dampening . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52set extcommunity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53set ip next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54set ipv6 next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54set level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55set metric . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55set metric-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56set origin. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57set originator-id. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57set tag. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58set vpnv4 next-hop . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58set weight . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59show access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60show cli. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Table of Contents
©2001-2007 IP Infusion Inc. Confidential v
show history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .61show ip prefix-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62show list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .62show memory all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .63show memory free . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .65show memory lib . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .66show memory summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .68show route-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69show running-config. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .69show startup-config . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .71show version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .72terminal length . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73terminal monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73who . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .73write file and write memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74write terminal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .74
CHAPTER 3 NSM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77admin-group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77arp A.B.C.D MAC. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .77bandwidth. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78clear ip route kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .78clear ipv6 neighbors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79debug nsm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79debug nsm events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .79debug nsm kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80debug nsm packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80fib retain . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .80if-arbiter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .81interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82ip address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .82ip forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83ip proxy-arp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .83ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84ipv6 forwarding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84ipv6 nd managed-config-flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .84ipv6 nd other-config-flag . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85ipv6 nd prefix . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .85ipv6 nd ra-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .86ipv6 nd ra-lifetime. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87ipv6 nd reachable-time. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .87ipv6 nd suppress-ra . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88ipv6 neighbor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .88ipv6 route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89ipv6 address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .89maximum-paths . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90mtu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .90
Table of Contents
vi ©2001-2007 IP Infusion Inc. Confidential
multicast . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 90no debug nsm events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91no debug nsm kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91no debug nsm packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91show debugging nsm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92show interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92show ip access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93show ip forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94show ip interface brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 94show ip route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95show ip route database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96show ip route summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97show ipv6 forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98show ipv6 interface brief. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98show ipv6 neighbors. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99show ipv6 route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99show ipv6 route summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100show nsm client . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101show router-id. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102undebug nsm all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102undebug nsm events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102undebug nsm kernel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102undebug nsm packet . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
CHAPTER 4 NSM VPN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .105ip route vrf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105ip vrf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105ip vrf forwarding . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106show ip route vrf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106show ip vrf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
CHAPTER 5 NSM MPLS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .109MPLS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
label-switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109mpls admin-groups. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109mpls disable-all-interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110mpls egress-ttl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110mpls enable-all-interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .110mpls ftn-entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .111mpls ilm-entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112mpls ingress-ttl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .112mpls l2-circuit (Configure Mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113mpls-l2-circuit (Interface Mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .113mpls l2-circuit-ftn-entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114mpls l2-circuit-ilm-entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .114mpls local-packet-handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .115
Table of Contents
©2001-2007 IP Infusion Inc. Confidential vii
mpls log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115mpls lsp-model pipe . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116mpls lsp-tunneling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116mpls map-route . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117mpls max-label-value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 117mpls min-label-value . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118mpls propagate-ttl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118mpls vrf-entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119show mpls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 119show mpls admin-groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120show mpls cross-connect-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .120show mpls forwarding-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .121show mpls ftn-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122show mpls ilm-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .122show mpls in-segment-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123show mpls l2-circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .123show mpls l2-circuit-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124show mpls log . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .124show mpls mapped-routes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125show mpls out-segment-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125show mpls vc-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .125show mpls vrf-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126
MPLS OAM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126ping mpls ipv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .126ping mpls l2-circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127ping mpls l3vpn . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .127ping mpls ldp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .128ping mpls rsvp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .129ping mpls vpls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130trace mpls ipv4. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .130trace mpls l2-circuit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .131trace mpls l3vpn. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132trace mpls ldp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .132trace mpls rsvp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .133trace mpls vpls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .134
CHAPTER 6 NSM GMPLS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 135gmpls capability-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135gmpls encoding-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .135gmpls link-id . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .136gmpls min-lsp-bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137gmpls protection-type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .137gmpls risk-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .138gmpls sdh-indication . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .139
CHAPTER 7 GMP Multicast Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 141IGMP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .141
Table of Contents
viii ©2001-2007 IP Infusion Inc. Confidential
clear ip igmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141clear ip igmp groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141clear ip igmp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142debug igmp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 142ip igmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143ip igmp access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 143ip igmp immediate-leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 144ip igmp last-member-query-count. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145ip igmp last-member-query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 145ip igmp limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 146ip igmp mroute-proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147ip igmp proxy-service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 147ip igmp querier-timeout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148ip igmp query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148ip igmp query-max-response-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 149ip igmp robustness-variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150ip igmp snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 150ip igmp snooping fast-leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151ip igmp snooping mrouter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 151ip igmp snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152ip igmp snooping report-suppression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 152ip igmp ssm-map enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153ip igmp ssm-map static. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 153ip igmp static-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 154ip igmp version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155show ip igmp groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156show ip igmp interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 157show ip igmp snooping mrouter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158show ip igmp snooping statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
MLD Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159clear ipv6 mld . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159clear ipv6 mld groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159clear ipv6 mld interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160debug mld. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 160ipv6 mld . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161ipv6 mld access-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 161ipv6 mld immediate-leave. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 162ipv6 mld last-member-query-count. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163ipv6 mld last-member-query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 163ipv6 mld limit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 164ipv6 mld mroute-proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165ipv6 mld proxy-service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 165ipv6 mld querier-timeout. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166ipv6 mld query-interval . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 166ipv6 mld query-max-response-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167ipv6 mld robustness-variable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 167ipv6 mld snooping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 168
Table of Contents
©2001-2007 IP Infusion Inc. Confidential ix
ipv6 mld snooping fast-leave . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169ipv6 mld snooping mrouter. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .169ipv6 mld snooping querier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170ipv6 mld snooping report-suppression . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .170ipv6 mld ssm-map enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171ipv6 mld ssm-map static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .171ipv6 mld static-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .172ipv6 mld version . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .173show ipv6 mld groups . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174show ipv6 mld interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .174show ipv6 mld snooping mrouter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .175show ipv6 mld snooping statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .176
CHAPTER 8 NSM Multicast Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 177clear ip mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177clear ip mroute statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .177clear ipv6 mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178clear ipv6 mroute statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178debug nsm mcast. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .178ip mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .179ip multicast route-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180ip multicast ttl-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .180ip multicast-routing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181ipv6 mroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .181ipv6 multicast route-limit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .182ipv6 multicast-routing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183show ip mroute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .183show ip mroute count. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .184show ip mroute summary. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .185show ip mvif . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186show ip rpf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .186show ipv6 mif . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187show ipv6 mroute. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .187show ipv6 mroute count . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .188show ipv6 mroute summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .189show ipv6 rpf . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .190
CHAPTER 9 NSM Traffic Engineering (TE) Commands . . . . . . . . . . . . . . 191reservable-bandwidth. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .191
CHAPTER 10 NSM DiffServ Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . 193mpls class-to-exp-bit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193mpls support-diffserv-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193show mpls diffserv . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .193show mpls diffserv class-to-exp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195show mpls diffserv configurable-dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .195show mpls diffserv supported-dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .196
Table of Contents
x ©2001-2007 IP Infusion Inc. Confidential
CHAPTER 11 NSM DiffServ-TE Commands . . . . . . . . . . . . . . . . . . . . . . . . .197bandwidth-constraint . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197bc-mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197mpls class-type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 197mpls te-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198show mpls dste. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198show mpls dste class-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199show mpls dste te-class . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 199
CHAPTER 12 NSM Layer-2 Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .201Common Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201
flowcontrol off . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201flowcontrol on . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 201mirror interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202show flowcontrol interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202show mirror. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203show mirror interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 203show storm-control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204show storm-control broadcast interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 204storm-control level . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
Bridge Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205bridge acquire. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205bridge address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206bridge ageing-time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 206bridge-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207bridge protocol ieee . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207bridge protocol ieee vlan-bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208bridge protocol mstp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208bridge protocol rstp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208bridge protocol rstp vlan-bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209clear mac address-table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 209clear mac address-table bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 210clear mac address-table dynamic. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211clear mac address-table dynamic bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .211mac-address-table static . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212show bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212show interface switchport bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213switchport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214
VLAN Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215show vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215show vlan all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215show vlan all bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215show vlan brief . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216show vlan classifier group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216show vlan classifier interface group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217show vlan classifier rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217show vlan dynamic bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 218
Table of Contents
©2001-2007 IP Infusion Inc. Confidential xi
show vlan static bridge. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .218switchport access vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219switchport hybrid allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .219switchport hybrid vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .220switchport mode access. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221switchport mode hybrid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .221switchport mode trunk . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .222switchport trunk allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .223switchport trunk native vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224vlan bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .224vlan classifier ipv4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225vlan classifier mac . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .225vlan classifier proto . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226vlan database. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .226vlan mtu bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227vlan state . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .227
Private-VLAN Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228private-vlan association bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228private-vlan bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .228switchport mode private-vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229switchport private-vlan host-association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .229switchport private-vlan mapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .230show vlan private-vlan bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .230
GMRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231clear gmrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231debug gmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .231set gmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232set gmrp bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .232set gmrp extended-filtering bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233set gmrp fwdall. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .233set gmrp registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234set gmrp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .234set gmrp vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .235set port gmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236set port gmrp vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .236show gmrp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237show gmrp configuration bridge. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .237show gmrp machine. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238show gmrp machine bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .238show gmrp statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239show gmrp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .239
GVRP Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240clear gvrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240debug gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .240set gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241set gvrp applicant. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .241
Table of Contents
xii ©2001-2007 IP Infusion Inc. Confidential
set gvrp bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242set gvrp dynamic-vlan-creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242set gvrp dynamic-vlan-creation bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242set gvrp registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243set gvrp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 243set port gvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244show gvrp configuration bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244show gvrp machine bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245show gvrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 245show gvrp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246
MMRP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246clear mmrp statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246clear mmrp statistics vlanid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247set mmrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 247set mmrp bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248set mmrp disable bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248set mmrp disable bridge vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249set mmrp enable bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249set mmrp enable bridge vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250set mmrp extended-filtering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250set mmrp extended-filtering disable bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251set mmrp extended-filtering enable bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251set mmrp fwdall disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252set mmrp fwdall enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252set mmrp timer join. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253set mmrp timer leaveall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 253set mmrp pointtopoint enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254set mmrp registration fixed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254set mmrp registration forbidden . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 254set mmrp registration normal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255set port mmrp disable. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 255set port mmrp disable vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 256set port mmrp enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257set port mmrp enable vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 257show mmrp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258show mmrp configuration bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 258show mmrp machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259show mmrp machine bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259show mmrp statistics vlanid bridge. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 259show mmrp timer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260
MVRP Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261clear mvrp statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261clear mvrp statistics all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 261clear mvrp statistics bridge. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262set mvrp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262set mvrp applicant state active . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262
Table of Contents
©2001-2007 IP Infusion Inc. Confidential xiii
set mvrp applicant state normal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263set mvrp disable bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .263set mvrp dynamic-vlan-creation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264set mvrp dynamic-vlan-creation disable bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .264set mvrp dynamic-vlan-creation enable bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .265set mvrp enable bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .265set mvrp timer join . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266set mvrp timer leave. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .266set mvrp timer leaveall . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267set mvrp pointtopoint enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267set mvrp registration fixed . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .267set mvrp registration forbidden . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268set mvrp registration normal . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .268set port mvrp disable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269set port mvrp enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .269show mvrp configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .270show mvrp configuration all . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .271show mvrp interface statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .271show mvrp machine bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272show mvrp statistics. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .272show mvrp timer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273
Provider Bridging Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273bridge protocol provider-mstp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .273bridge protocol provider-rstp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .274cvlan registration table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .274cvlan svlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .275l2-protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .275switchport allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276switchport customer-edge access vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .276switchport customer-edge hybrid allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277switchport customer-edge hybrid vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .277switchport customer-edge vlan registration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278switchport customer-network vlan translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .278switchport mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279switchport mode customer-edge access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .279switchport mode customer-edge hybrid . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .280switchport mode customer-edge trunk. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .281switchport provider-edge vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .281switchport provider-network vlan translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282switchport trunk customer-edge allowed vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .282vlan type. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .283vlan type access-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .283vlan type bridge . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284
MEF UNI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284ce-vlan preserve-cos <1-4094> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .284ethernet uni . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .285
Table of Contents
xiv ©2001-2007 IP Infusion Inc. Confidential
ethernet uni id NAME . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2852protocol-tunnel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 285
CHAPTER 13 NSM LACP Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . .287channel-group mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287no channel-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 287show etherchannel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288show static-channel-group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288static-channel-group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
CHAPTER 14 NSM VPLS Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . .291mpls vpls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291mpls-vpls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291show mpls vpls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291show mpls vpls detail . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 292show mpls vpls mesh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293show mpls vpls spoke . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 293vpls-description . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294vpls-mtu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 294vpls-peer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295vpls-vc . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 295
CHAPTER 15 Tunneling Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .297interface tunnel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297tunnel checksum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 297tunnel destination . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298tunnel mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 298tunnel mode ipv6ip . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299tunnel path-mtu-discovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300tunnel source . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300tunnel tos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301tunnel ttl . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 301
CHAPTER 16 Remote Monitoring Commands . . . . . . . . . . . . . . . . . . . . . . .303rmon alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303rmon collection history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303rmon collection stats. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 304rmon event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305show rmon alarm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 305show rmon event . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306show rmon history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306show rmon statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 306
CHAPTER 17 Interpeak Security Commands . . . . . . . . . . . . . . . . . . . . . . . .307Clear Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307
clear crypto isakmp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307clear crypto sa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307clear crypto sa entry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308clear crypto sa map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 308
Table of Contents
©2001-2007 IP Infusion Inc. Confidential xv
clear crypto sa peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .308Crypto Map Commands. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309
crypto ipsec security-association lifetime. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309crypto ipsec transform-set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .309crypto map ipsec-manual | ipsec-isakmp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .310crypto map local-address. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311match address . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .312set peer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .313set security-association lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .313set session-key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .314set transform-set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .315
ISAKMP Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .316crypto isakmp enable . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .316crypto isakmp keepalive. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .316crypto isakmp key . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .316crypto isakmp policy. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .317
ISAKMP Policy Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .317authentication. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .318encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .318group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319hash . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319lifetime . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .319
Interface Configuration Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .320crypto map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .320
Show Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321show crypto ipsec sa . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321show crypto ipsec transform-set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321show crypto isakmp policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .321show crypto isakmp sa. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322show crypto map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .322
CHAPTER 18 QoS Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 323class. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .323class-map. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .323ip-access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .324mac-access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325match access-group. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .325match ip-dscp. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326match ip-precedence . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326match layer4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .326match mpls exp-bit topmost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .327match vlan . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .327match vlan-range . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328mls qos. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .328mls qos aggregate-police. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .329
Table of Contents
xvi ©2001-2007 IP Infusion Inc. Confidential
mls qos dscp-cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329mls qos dscp-mutation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330mls qos map dscp-cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330mls qos map dscp-mutation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331mls qos min-reserve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 331police . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332police-aggregate. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332policy-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333service-policy input. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334set cos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334set ip-dscp . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335set ip-precedence. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335set mpls exp-bit topmost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335show class-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336show mls qos aggregator-policer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 336show mls qos interface. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337show mls qos maps dscp-cos. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 337show mls qos maps dscp-mutation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338show policy-map. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 338show qos-access-list . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339wrr-queue bandwidth . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 339wrr-queue cos-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340wrr-queue dscp-map . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 340wrr-queue min-reserve . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341wrr-queue queue-limit. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341wrr-queue random-detect max-threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342wrr-queue threshold . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342
CHAPTER 19 NSM Firewall Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . .345access-list ipv6 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345access-list. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345firewall group . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346firewall group in|out . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347show firewall rule . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
CHAPTER 20 NSM Broadcom Stacking Commands. . . . . . . . . . . . . . . . . . .349show stacking db . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349show stacking dump db . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349show stacking local . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350show stacking master . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 350show stacking numCPU . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351stacking masterdev . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 351
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Index - 1
©2001-2007 IP Infusion Inc. Confidential 1
CHAPTER 1 ZebOS Command Line Interface Environment
About This Command ReferenceNetwork administrators and application developers who install and configure ZebOS® IP routing software should use this Command Reference.
This Reference contains the following information:
• An overview of the ZebOS Command Line Interface.
• The complete command reference for ZebOS Network Services Module (NSM).
ZebOS provides Telnet services so that users can log into any of the routing module layers and control the module by using the Command Line Interface (CLI).
Command Line Interface PrimerThe ZebOS® Command Line Interface (CLI) is a text based facility conforming to industry standards. Many of the commands may be used in scripts to automate configuration tasks. Each command CLI is usually associated with a specific function or a common function performing a specific task. Multiple users can telnet and issue commands using the Exec mode and the Privileged Exec mode. For ZebOS versions earlier than 7.4, only one user is allowed to use the Configure mode at a time. For ZebOS versions 7.4 and later, multiple users are allowed to simultaneously use the Configure mode.
The IMI Shell gives users and administrators the ability to issue commands to several daemons from a single telnet session.
Definitions
Command Line HelpThe ZebOS CLI contains a text-based help facility. Access this help by typing in the full or partial command string then typing a question mark “?”. The ZebOS CLI displays the command keywords or parameters along with a short description.
For example, at the CLI command prompt, type
ZebOS> show ? (the CLI does not display the question mark).The CLI displays this keyword list with short descriptions for each keyword:
ZebOS# show debugging Debugging functions (see also 'undebug') history Display the session command history ip IP information
token A non-character, non-numeric symbol: {}, {}, (), <>, |, ?, >, ., =
parameter An UPPERCASE term for which the user substitutes input.
keyword A lowercase term that the user types exactly as shown.
ZebOS Command Line Interface Environment
2 ©2001-2007 IP Infusion Inc. Confidential
memory Memory statistics route-map route-map information running-config running configuration startup-config Contents of startup configuration version Displays ZebOS version
If the ? is typed in the middle of a keyword, ZebOS displays help for that keyword only.
ZebOS> show de? (the CLI does not display the question mark). debugging Debugging functions (see also 'undebug')
If the ? is typed in the middle of a keyword but the incomplete keyword matches several other keywords, ZebOS displays help for all matching keywords.
ZebOS> show i? (the CLI does not display the question mark). interface Interface status and configuration ip IP information isis ISIS information
Syntax Help
Command CompletionThe ZebOS CLI can complete the spelling of a command or a parameter. Begin typing the command or parameter and then press TAB. For example, at the CLI command prompt type sh:
ZebOS> sh
Press TAB. The CLI shows:
ZebOS> show
If the command or parameter partial spelling is ambiguous, the ZebOS CLI displays the choices that match the abbreviation. Type show i and press TAB. The CLI shows:
ZebOS> show iinterface ip isisZebOS> show i
The CLI displays the interface and ip keywords. Type n to select interface and press TAB. The CLI shows:
ZebOS> show inZebOS> show interface
Type ? and the CLI displays the list of parameters for the show interface command.
ZebOS> show interface IFNAME Interface name | Output modifiers > Output redirection <cr>
The CLI displays the only parameter associated with this command, the IFNAME parameter. For more information on the output modifiers and output redirection, see the Special Tokens for Show Commands section.
Command AbbreviationsThe ZebOS CLI accepts abbreviations for commands. For example,
sh in eth0
is an abbreviation for the show interface command.
ZebOS Command Line Interface Environment
©2001-2007 IP Infusion Inc. Confidential 3
Command Line ErrorsAny unknown spelling variation causes the command line parser to display in response to the ?, the error Unrecognized command. The parser re-displays the command as last entered. When the user presses the enter key after typing an invalid command, the parser displays:
ZebOS(config)#router ospf here ^% Invalid input detected at '^' marker.
where the ^ points to the first character in error in the command.
If a command is incomplete it displays this message:
ZebOS> show% Incomplete command.
Some commands are too long for the display line and can wrap in mid-parameter or mid-keyword:
area 10.10.0.18 virtual-link 10.10.0.19 authentication-key 57393
ZebOS Command Line Interface Environment
4 ©2001-2007 IP Infusion Inc. Confidential
Command Reference Primer
Typographic ConventionsThe following table lists typographic conventions for command syntax descriptions.
Convention Name Description Example
Monospaced font
Command Represents command strings entered on a command line and sample source code.
show ip ospf
Proportional font
Description Gives specific details about a parameter. advertise Advertises this range
UPPERCASE Variable parameter Indicates user input. Values to be entered according to the descriptions that follow. Each uppercased token expands into one or more other tokens.
area AREAID range ADDRESS
lowercase Keyword parameter Indicates keywords. Values to be entered exactly as shown in the command description.
show ip ospf
| Vertical bar Delimits choices; One to be selected from the list. Not to be entered as part of the command.
A.B.C.D|<0-4294967295>
() Parentheses Encloses optional parameters. None or only one to be chosen. Not to be entered as part of the command.
(A.B.C.D|<0-4294967295>)
{ } Braces Encloses optional parameters. None, one or more than one to be chosen. Not to be entered as part of the command.
{priority <0-255>|poll-interval <1-65535>}
[] Square brackets Encloses optional parameters. Choose one. Not to be entered as part of the command.
[parm2|parm2|parm3]
? Question mark Used with the square brackets to limit the immediately following token to one occurrence. Not to be entered as part of the command.
[parm1|parm2|?parm3] expands toparm1 parm3 parm1 parm2(with parm3 occurring once)
< > Angle brackets Enclose a numeric range, endpoints inclusive. Not to be entered as part of the command.
<0-65535>
= Equal sign Separates the variable from explanatory text. Not to be entered as part of the command.
PROCESSID = <0-65535>
. Dot (period) Allows the repetition of the element that immediately follows it multiple times. Not to be entered as part of the command.
.AA:NN can be expanded to: 1:01 1:02 1:03.
A.B.C.D IP address An IPv4-style address. 10.0.11.123
X:X::X:X IP address An IPv6-style address. 3ffe:506::1, where the:: represents all 0s for those address components not explicitly given.
LINE End-of-line input token
Indicates user input of any string, including spaces. No other parameters may be entered after input for this token.
string of words
ZebOS Command Line Interface Environment
©2001-2007 IP Infusion Inc. Confidential 5
WORD Single token Indicates user input of any contiguous string (excluding spaces).
singlewordnospaces
IFNAME Single token Indicates the name of an interface. eth0
Convention Name Description Example
ZebOS Command Line Interface Environment
6 ©2001-2007 IP Infusion Inc. Confidential
Format used for Command Description
command nameDescription of the command. What the command does and when should it be used.
Command Syntaxsample command name mandatory-parameters (OPTIONAL-PARAMETERS)
DefaultThe status of the command before it is executed. Is it enabled or disabled by default.
Command ModeName of the command mode in which this command is to be used. Such as, Exec, Privilege Exec, Configure mode and so on.
UsageThis section is optional. It describes the usage of a specific command and the interactions between parameters. It also includes appropriate sample outputs for show commands.
ExampleUsed if needed to show the complexities of the command syntax.
Related CommandsThis section is optional and lists those commands that are of immediate importance.
Equivalent CommandsThis section is optional and lists commands that accomplish the same function.
Validation CommandsThis section is optional and lists commands that can be used to validate the effects of other commands.
Command NegationSome commands can be negated by using a no keyword.
In the following area virtual-link command, the no keyword is optional, This means that the entire syntax can be negated. Depending on the command or the parameters, command negation can mean the disabling of one entire feature for the router or the disabling of that feature for a specific ID, interface or address.
(no) area AREAADDRESSID virtual-link ROUTERID (AUTHENTICATE|MSGD|INTERVAL)
In the following example, negation is for the base command only. The negated form does not take any parameter.
default-metric <1-16777214>
no default-metric
ZebOS Command Line Interface Environment
©2001-2007 IP Infusion Inc. Confidential 7
Variable Parameter expansionFor the area virtual-link command,
(no) area AREAADDRESSID virtual-link ROUTERID (AUTHENTICATE|MSGD|INTERVAL)
the AREAADDRESSID parameter is replaced by either an IP address or a number in the given range:
AREAADDRESSID=A.B.C.D|<0-4294967295>
and ROUTERID by an IP address. The minimum command then is:
area 10.10.0.11 virtual-link 10.10.0.12
The parameters in the string (AUTHENTICATE|MSGD|INTERVAL) are optional, and only one may be chosen. Each one can be replaced by more keywords and parameters. One of these parameters, MD5, is replaced by the following string:
MD5= [message-digest-key <1-255> md5 MD5_KEY]
with MD5_KEY replaced by a 1-16 character string.
Other Conventions
This warning symbol indicates that you must be cautious as you might risk losing data or damaging your hardware.
!
ZebOS Command Line Interface Environment
8 ©2001-2007 IP Infusion Inc. Confidential
Show Command Tokens Two tokens modify the output of the show commands. Use the ? after typing the command to display:
ZebOS# show users | Output modifiers > Output redirection
Note: These tokens are available only through the IMI shell; they are unavailable to users who telnet to daemons.
Output ModifiersType the | (vertical bar) to use Output modifiers.
begin Begin with the line that matchesexclude Exclude lines that matchinclude Include lines that matchredirect Redirect output
Begin
The begin parameter displays the output beginning with the first line containing a token matching the input string (everything typed after the begin token).
ZebOS# show run | begin eth1
...skippinginterface eth1 ipv6 address fe80::204:75ff:fee6:5393/64!interface eth2 ipv6 address fe80::20d:56ff:fe96:725a/64!line con 0 loginline vty 0 4 login!end
Exclude
The exclude parameter excludes all lines of output that contain the input string. In the following output all lines containing the word “include” are excluded:
ZebOS# show interface eth1 | exclude inputInterface eth1 Scope: both Hardware is Ethernet, address is 0004.75e6.5393 index 3 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST> VRF Binding: Not bound Label switching is disabled No Virtual Circuit configured Administrative Group(s): None DSTE Bandwidth Constraint Mode is MAM inet6 fe80::204:75ff:fee6:5393/64
ZebOS Command Line Interface Environment
©2001-2007 IP Infusion Inc. Confidential 9
output packets 4438, bytes 394940, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 0
Include
The include parameter includes only those lines of output that contain the input string. In the output below, all lines containing the word “input” are included:
ZebOS# show interface eth1 | include input input packets 80434552, bytes 2147483647, dropped 0, multicast packets 0 input errors 0, length 0, overrun 0, CRC 0, frame 0, fifo 1, missed 0
Redirect
The redirect parameter puts the lines of output into the indicated file.
ZebOS# show history | redirect /var/frame.txt
Output RedirectionThe output redirection token > allows the user to specify a target file for the lines of output.
ZebOS# show history > /var/frame.txt
ZebOS Command Line Interface Environment
10 ©2001-2007 IP Infusion Inc. Confidential
Common Command ModesThe commands available for each protocol are separated into several modes (nodes) arranged in a hierarchy; The Exec mode is the lowest. Each mode has its own special commands; in some modes, commands from a lower level are available.
Note: Multiple users can telnet and issue commands using the Exec mode and the Privileged Exec mode. For ZebOS versions earlier than 7.4, only one user is allowed to use the Configure mode at a time. For ZebOS versions 7.4 and later, multiple users are allowed to simultaneously use the Configure mode.
Exec Mode Also called the View mode, is the base mode from where users can perform basic commands like show, exit, quit, help, list, and enable. All ZebOS daemons have this mode.
Privileged Exec Mode Also called the Enable mode, allows users to run debug, write (for saving and viewing the configuration) and show commands.
Configure Mode Also called Configure Terminal mode, this mode serves as a gateway into the Interface, Router, Line, Route Map, Key Chain and Address Family modes.
Interface Mode Is used to configure protocol-specific settings for a particular interface. Any attribute configured in this mode overrides an attribute configured in the Router mode.
Line Mode Makes the access-class commands available.
This diagram displays the common command mode tree.
Startup Routerin EXEC mode(View mode)
PrivilegedEXEC mode
(Enable mode)
Configure mode
Interfacemode
enable(password)
configure terminal
interface IFNAME
Line mode
line vty [FIRST] (LAST)
Command Mode
Command used to enter the next Command Mode
ZebOS Command Line Interface Environment
©2001-2007 IP Infusion Inc. Confidential 11
QoS Command ModesClass Map Use this mode to create class maps. A class map names and isolates specific traffic from other traffic, and defines criteria to match against a specific traffic flow to further classify it.
Policy Map Use this mode to create policy maps. A policy map specifies on which traffic class to act.
Class Use this mode to define a traffic classification.
The following diagram shows the complete QoS module command mode tree. For information about Exec, Privileged Exec, Configure and Interface modes, refer to the NSM daemon command modes mentioned earlier in this chapter.
Startup Routerin Exec mode
Command Mode
Command used to enter next command modeenable
(password)
PrivilegedExec mode
configureterminal
Configuremode
Class-Mapmode
class-map NAME
Policy-Mapmode
policy-map NAME
class NAME
Classmode
ZebOS Command Line Interface Environment
12 ©2001-2007 IP Infusion Inc. Confidential
©2001-2007 IP Infusion Inc. Confidential 13
CHAPTER 2 Commands Common to Multiple Protocols
access-classUse this command to filter a connection, based on an IP access list, for IPv4 networks.
Note: This command is unavailable to ZebOS Server Routing Suite (SRS) customers and ZebOS Advanced Routing Suite (ARS) customers using the IMISH for CLI management. To control access from the network/ hosts, IMISH administrators must change system files, such as, /etc/host.allow and /etc/hosts.deny.
Command Syntaxaccess-class LIST
LIST = IP access-list
Command ModeLine mode
Usage Use access-class command after configuring the access-list. See ZebOS NSM Commands chapter for details on the access-list command.
ExampleZebOS# configure terminalZebOS(config)# line vty 23 55ZebOS(config-line)# access-class myclass1
Related Commandsaccess-list, ipv6 access-class
access-listUse the access-list command to configure an access list for filtering packets. Use the no parameter to remove a specified access-list.
Command Syntax(no) access-list LISTNAME (DENY|PERMIT|REMARK)
LISTNAME = WORD DENY|PERMIT|REMARK IP ZebOS access-listDENY = deny [A.B.C.D/M (exact-match)]|any Specify route to reject.PERMIT = permit [A.B.C.D/M (exact-match)]|any Specify route to permit
A.B.C.D = An IP address.M = Mask specifying which part of the IP address will be ignored.any = Allows any IP address or prefix to match.exact-match = Specifies exact matching of prefixes
REMARK = remark .LINE
Commands Common to Multiple Protocols
14 ©2001-2007 IP Infusion Inc. Confidential
LINE = Multi-line, access-list entry comment up to 100 characters.
Command ModeConfigure mode
UsageUse access lists to control the transmission of packets on an interface, and restrict contents of routing updates. The switch stops checking the access list after a match occurs.
When using this command from a Telnet session, be sure to telnet to the relevant protocol daemon (for example, isisd); unpredictable results can occur if this command is used in a telnet session with the NSM daemon.
ExamplesZebOS# configure terminal ZebOS(config)# access-list mylist deny 10.10.0.72/24 exact-match ZebOS(config)# access-list mylist permit any
Validation Commandsshow running-config, show ip access-list, show ipv6 access-list
access-list extendedUse the access-list extended command to configure an access list for filtering packets. Use the no parameter to remove a specified access-list.
Command Syntax(no) access-list EXTENDED (deny|permit|REMARK)ip SOURCE DESTINATION
(no) access-list EXTENDED (deny|permit|REMARK)ip any any
EXTENDED = <100-199>|<2000-2699>
<100-199> = IP extended access list<2000-2699> = IP extended access list (expanded range)
deny Specify route to reject.permit Specify route to permit.REMARK = remark .LINE
LINE = Multi-line, access-list entry comment up to 100 characters.SOURCE = [A.B.C.D WILDCARDS]|any|host
A.B.C.D = IP address of the Source.WILDCARD = Wildcard mask to specify which part of A.B.C.D are ignored. It works as a reverse
address mask, e.g., 0.0.0.255 means you permit or deny the route which matches the first 24 bits, A.B.C.D.
DESTINATION = [A.B.C.D WILDCARDS]|any|host
A.B.C.D = IP address of the Destination.WILDCARD = Wildcard mask to specify which part of A.B.C.D is ignored. It works as a reverse address
mask, e.g., 0.0.0.255 means you permit or deny the route which matches the first 24 bits, A.B.C.D.any = Allows any IP address or prefix to match.host = host A.B.C.D A single host address.
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 15
Command ModeConfigure mode
UsageWhen using this command from a Telnet session, be sure to telnet to the relevant protocol daemon (for example, isisd); unpredictable results can occur if this command is used in a telnet session with the NSM daemon.
ExamplesZebOS# configure terminal ZebOS(config)# access-list 134 deny 1.1.1.0 0.0.0.255 ZebOS(config)# access-list 2345 permit host 10.10.2.76
Validation Commandsshow running-config, show ip access-list, show ipv6 access-list
access-list standardUse the access-list standard command to configure an access list for filtering packets. Use the no parameter to remove a specified access-list.
Command Syntax(no) access-list STANDARD (DENY|PERMIT|REMARK)
STANDARD = <1-99>|<1300-1999>
<1-99> = IP standard access list<1300-1999> = IP standard access list (expanded range)
DENY = deny [A.B.C.D (WILDCARD)]|any|host Specify route to reject.PERMIT = permit [A.B.C.D (WILDCARD)]|any|host Specify route to permit.
A.B.C.D = An IP address.WILDCARD = wildcard mask to specify which part of A.B.C.D is ignored. It works as a reverse address
mask, e.g., 0.0.0.255 means you permit or deny the route which matches the first 24 bits, A.B.C.D.any = Allows any IP address or prefix to match.host = host A.B.C.D A single host address.
REMARK = remark .LINE LINE = Multi-line, access-list entry comment up to 100 characters.
Command ModeConfigure mode
UsageWhen using this command from a Telnet session, be sure to telnet to the relevant protocol daemon (for example, isisd); unpredictable results can occur if this command is used in a telnet session with the NSM daemon.
ExamplesZebOS# configure terminal ZebOS(config)# access-list 67 deny 1.1.1.0 0.0.0.255 ZebOS(config)# access-list 1332 permit any
Commands Common to Multiple Protocols
16 ©2001-2007 IP Infusion Inc. Confidential
Validation Commandsshow running-config, show ip access-list, show ipv6 access-list
access-list zebosUse this command to configure an access list for filtering frames that permit or deny IP, ICMP, TCP, UDP packets or ICMP packets with a specific value based on the source or destination. Use the mask to specify a subset of addresses. Use the any parameter to allow all packets, regardless of source or destination. Use the icmp-type parameter to include a specific value. Use the log option to keep a log of the command outputs. Use the no parameter to remove a specified access-list.
Command Syntax [ip|icmp](no) access-list zebos WORD [deny|permit] [ip|icmp|any] [A.B.C.D/M|any] [A.B.C.D|M/any] (log)
zebos Extended access-list.WORD ZebOS access-list name.deny Specify route to reject.permit Specify route to permit.ip IP packet.icmp ICMP packet.any Any packet.A.B.C.D/M|any = Source IP address or local address and mask, or any local address.A.B.C.D/M|any = Destination IP address or local address and mask, or any local address.log Log the results.
Command Syntax [ICMP-TYPE](no) access-list zebos WORD [deny|permit] [icmp] [A.B.C.D/M|any] [A.B.C.D|M/any] icmp-type ICMP-TYPE (log)
zebos Extended access-list.WORD ZebOS access-list name.deny Specify route to reject.permit Specify route to permit.ip IP packet.icmp ICMP packet.any Any packet.A.B.C.D/M|any = Source IP address or local address and mask, or any local address.A.B.C.D/M|any = Destination IP address or local address and mask, or any local address.ICMP-TYPE = ICMP value.log Log the results.
Command Syntax [tcp|udp](no) access-list zebos WORD [deny|permit] [tcp|udp] [A.B.C.D/M|any] [et|lt|gt|ne] <0-65535> [A.B.C.D|M/any] [et|lt|gt|ne] <0-65535> (log)
zebos Extended access-list.WORD ZebOS access-list name.deny Specify route to reject.
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 17
permit Specify route to permit.tcp TCP packet.udp UDP packet.any Any packet.A.B.C.D/M|any = Source IP address or local address and mask, or any local address.et Source port numbers equal to the given valuelt Source port numbers less than the given valuegt Source port numbers greater than the given valuene Source port numbers not equal to the given value.<0-65535> Port number specifiedA.B.C.D/M|any = Destination IP address or local address and mask, or any local address.et Destination port numbers equal to the given valuelt Destination port numbers less than the given valuegt Destination port numbers greater than the given valuene Destination port numbers not equal to the given value<0-65535> Port number specifiedlog Log the results.
Command ModeConfigure mode
UsageUse access lists to control the transmission of packets on an interface, and restrict the content of routing updates. The switch stops checking the access list when a match is encountered.
ExampleZebOS# configure terminalZebOS(config)# access-list zebos TK deny tcp 2.2.2.3/24 eq 14 3.3.3.4/24 lt 12 log
Related Commandsshow running-config, show ip access-list
bannerUse the banner command to display the banner motive of the day on login. Use the no parameter to disable this function.
Note: When using the banner command through IMISH, you must write to memory using the write memory or write file command. If you have not written to memory, the change made by this command (the new banner) is not available when you log into IMISH the next time.
Command Syntax(no) banner motd default
Command ModeConfigure mode
Commands Common to Multiple Protocols
18 ©2001-2007 IP Infusion Inc. Confidential
ExamplesZebOS# configure terminalZebOS(config)# no banner motd
UsageBy default, the following banner is displayed on logging.
Hello, this is ZebOS (version 4.0051502-Main).Copyright 2001, 2002 IP Infusion Inc.
clear ip prefix-listUse this command to reset the hit count to zero in the prefix-list entries.
Command Syntaxclear ip prefix-list (WORD) (A.B.C.D/M)
WORD Specify the name of the prefix-list.A.B.C.D/M IP prefix and length.
Command ModePrivileged Exec mode
ExamplesZebOS# clear ip prefix-list List1
configure terminalUse the configure terminal command to enter the Configure command mode.
Command Syntaxconfigure terminal
Command ModePrivileged Exec mode
ExamplesThe following example shows the use of the configure terminal command to enter the Configure command mode (note the change in the command prompt).
ZebOS# configure terminalZebOS(config)#
copy running-config startup-configUse the copy running-config startup-config to write configurations to the file to be used at startup. This is the same as the write memory command.
Command Syntaxcopy running-config startup-config
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 19
Command ModePrivileged Exec mode
ExamplesZebOS# copy running-config startup-config
descriptionUse this command to provide an interface-specific description.
Command Syntaxdescription .LINE
LINE = Characters describing the specific interface.
Command ModeInterface mode
UsageThis command is used to provide description about a particular interface.
ExamplesThe following example provides information about the connecting router for interface eth1.
Router# configure terminalRouter(config)# interface eth1Router(config-if)# description Connected to Zenith's fas2/0
Validation Commandsshow running-config
disableUse the disable command to exit the Privileged Exec mode, and return to the Exec mode.
Command Syntaxdisable
Command ModePrivileged Exec mode
UsageThis is the only command that allows a user to go back to the Exec mode. Using the exit or quit command from the Privileged Exec mode ends the session, instead of going back
ExamplesZebOS# disableZebOS>
Commands Common to Multiple Protocols
20 ©2001-2007 IP Infusion Inc. Confidential
Related Commandsenable, end, exit
enableUse the enable command to enter the Privileged Exec command mode.
Command Syntaxenable
Command ModeExec mode
UsageTo return to the Exec mode from Privileged Exec mode, use the disable command. Using the exit or quit command from Privileged Exec mode ends the session.
ExamplesThe following example shows the use of the enable command to enter the Privileged Exec mode (note the change in the command prompt).
ZebOS> enableZebOS#
Related Commandsdisable, exit, quit
enable passwordUse the enable password command to modify or create a password to be used when entering the Enable mode.
Note: When using the enable password command through IMISH, you must write to memory using the write memory or write file command. If you have not written to memory, the change made by this command (the new password) is not available when you log into IMISH the next time.
Command Syntaxenable password HIDDEN|PLAIN
HIDDEN = 8 password Specifies a hidden password. PLAIN = password The unencrypted (cleartext) line password
Command ModeConfigure mode
UsageThis command enables the administrator to set a password for entering the enable mode. There are three methods to enable a password.
Note: In the examples below, for each method, the configuration is different: the configuration file output is different, but the password string to be used to enter the enable mode is the same (mypasswd).
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 21
• Plain Password The plain password is a clear text string that appears in the configuration file as configured.
• Encrypted Password Configure an encrypted password using the service encrypted-password command. First, use the enable password command to specify the string that you want to use as a password (mypasswd). Then, use the service encrypted-password command to encrypt the specified string (mypasswd). The advantage of using an encrypted password is that the configuration file does not show mypasswd, it will only show the encrypted string fU7zHzuutY2SA.
• Hidden Password Configure an encrypted password using the HIDDEN parameter (8) with the enable password command. Use this method if you already know the encrypted string corresponding to the plain text string that you want to use as a password. It is not required to use the service password-encryption command for this method. The output in the configuration file will show only the encrypted string, and not the text string.
Related Commandsservice password-encryption
Validation Commandsshow running-config
Configuration Output in the Configuration File
ZebOS# configure terminalZebOS(config)# enable password mypasswdZebOS(config)# end
ZebOS# show runCurrent configuration:hostname ZebOSenable password mypasswd!interface lo
Configuration Output in the Configuration File
ZebOS# configure terminalZebOS(config)# enable password mypasswdZebOS(config)# service password-encryptionZebOS(config)# end
ZebOS# show runCurrent configuration:hostname ZebOSenable password 8 fU7zHzuutY2SAservice password-encryption!interface lo
Configuration Output in the Configuration File
ZebOS# configure terminalZebOS(config)# enable password 8 fU7zHzuutY2SAZebOS(config)# end
ZebOS# show runCurrent configuration:hostname ZebOSenable password 8 fU7zHzuutY2SA!interface lo
Commands Common to Multiple Protocols
22 ©2001-2007 IP Infusion Inc. Confidential
endUse the end command to return to the Privileged Exec command mode from any other advanced command mode.
Command Syntaxend
Command ModeAll command modes
ExamplesThe following example shows the use of the end command to return to the Privileged Exec mode directly from Interface mode.
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# endZebOS#
Related Commandsexit, disable, enable
exec-timeoutUse the exec-timeout command to set the interval the command interpreter waits for user input detected. Use the no parameter to disable the wait interval.
Command Syntax exec-timeout MINUTES (SECONDS)
no exec-timeout
MINUTES = <0-35791> Timeout value in minutesSECONDS = <0-2147483> Timeout value in seconds
Command ModeLine mode
UsageThis command is used set the time the telnet session waits for an idle VTY session, before it timeouts. An exec-timeout 0 0 setting will cause the telnet session to wait indefinitely.
ExamplesIn the following example, the telnet session will timeout after 2 minutes, 30 seconds if there is no response from the user.
Router# configure terminalRouter(config)# line vty 23 66Router(config-line)# exec-timeout 2 30
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 23
Validation Commandsshow running-config
exitUse the exit command to exit the current mode, and return to the previous level. When used in Exec mode, the exit command terminates the session.
Command Syntaxexit
Command ModeAll command modes
Examples The following example shows the use of exit command to exit Interface mode, and return to Configure mode.
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# exitZebOS(config)#
Related Commandsend, enable, disable
helpUse the help command to display a description of the ZebOS help system.
Command Syntaxhelp
Command ModeAll command modes
UsageThis is the sample output from the help command:
ZebOS# helpZebOS VTY provides advanced help feature. When you need help,anytime at the command line please press '?'.
If nothing matches, the help list will be empty and you must backup until entering a '?' shows the available options.Two styles of help are provided:1. Full help is available when you are ready to enter acommand argument (e.g. 'show ?') and describes each possibleargument.2. Partial help is provided when an abbreviated argument is entered
Commands Common to Multiple Protocols
24 ©2001-2007 IP Infusion Inc. Confidential
and you want to know what arguments match the input (e.g. 'show me?'.)
ExamplesZebOS# configure terminalZebOS(config)# help
hostnameUse the hostname command to set or change the network server name. ZebOS daemons use this name in system prompts and default configuration file names. Use the no parameter to disable this function.
Note: When using the hostname command through IMISH, you must write to memory using the write memory or write file command. If you have not written to memory, the change made by this command (the new hostname) is not available when you log into IMISH the next time.
Command Syntax(no) hostname HOSTNAME
HOSTNAME Specifies the network name of the system.
Command ModeConfigure mode
UsageThis command provides a hostname for login purposes only, and not for the enable mode. A hostname could be added for each remote system with which the local router communicates, and from which it requires authentication. The other router must have a hostname entry for the local router. This entry must have the same password as the local router has for this router. This command is useful for defining host names for special privileges. For example, a hostname all requiring no password could be created allowing the users to connect to general information without password.
Note: Setting a hostname using this command takes precedence over setting a hostname in the kernel. If you set the hostname using the CLI, and then set the hostname in the kernel, the hostname set using the CLI will remain.
ExamplesThe following example sets the hostname to IPI, and shows the change in the prompt:
ZebOS# configure terminalZebOS(config)# hostname IPIIPI(config)#
Validation Commandsshow running-config
ip prefix-listUse this command to create an entry for a prefix list.
Use the no parameter with this command to delete the prefix-list entry.
Command Syntax(no) ip prefix-list sequence number
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 25
(no) ip prefix-list LISTNAME description (.LINE)
(no) ip prefix-list LISTNAME|SEQ
LINE= text description of the prefix list.LISTNAME= Specifies the name of a prefix list.SEQ = seq <1-429496725> (deny|permit) IPPREFIX any|LENGTH
seq <1-429496725> The sequence number of the prefix list.deny Specifies that packets are to be rejected.permit Specifies that packets are to be accepted.
IPPREFIX=A.B.C.D/M The IP address mask and length of the prefix list mask.any Takes all packets of any length. This parameter is the same as using 0.0.0.0/0 le 32 for
IPPREFIX.LENGTH= [LE|GE]
LE= le <0-32> Maximum prefix length to be matched.GE= ge <0-32> Minimum prefix length to be matched.
Command ModeConfigure mode
UsageRouter starts to match prefixes from the top of the prefix list, and stops whenever a match or deny occurs. To promote efficiency, use the seq parameter and place common matches or denials towards the top of the list. The sequence values are generated in the sequence of 5.
The parameters GE and LE specify the range of the prefix length to be matched. When setting these parameters, set the LE value to be less than 32, and the GE value to be less than LE value.
In this configuration, the ip prefix-list command matches all, but denies the IP address range, 76.2.2.0.
router bgp 100network 172.1.1.0network 172.1.2.0neighbor 10.6.5.3 remote-as 300neighbor 10.6.5.3 prefix-list mylist out!! ip prefix-list mylist seq 5 deny 76.2.2.0/24ip prefix -list mylist seq 10 permit 0.0.0.0/0
ExamplesZebOS# configure terminalZebOS(config)# ip prefix-list mylist seq 12345 deny 10.0.0.0/8 le 22 ge 14
Related Commandsmatch ip address, neighbor prefix-list, match route-map
ip remote-addressUse this command to set the remote address on a point-to-point non multi-access link.
Commands Common to Multiple Protocols
26 ©2001-2007 IP Infusion Inc. Confidential
Command Syntaxip remote-address A.B.C.D/M
A.B.C.D/M IP address and prefix length of the link remote address.
Command ModeInterface mode
UsageThis command sets the remote address (far end) of a point-to-point non multi-access link. This command can be used only on unnumbered interfaces. When a new remote-address is configured, the old address gets overwritten.
ExampleZebOS(config)#interface ppp0ZebOS(config-if)#ip unnumbered eth1ZebOS(config-if)#ip remote-address 1.1.1.1/32
Validation Commandsshow running-config, show interface
ip unnumberedUse this command to enable IP processing without an explicit address, on a point-to-point non multi-access link.
Use the no parameter with this command to unconfigure this feature on an interface.
Command Syntax(no) ip unnumbered IFNAME
IFNAME A string that specifies the interface.
Command ModeInterface mode
UsageThis command lets an interface borrow the IP address of a specified interface, to enable IP processing on a serial, point-to-point interface without assigning it an explicit IP address. In this way, the IP unnumbered interface can borrow the IP address of another interface already configured on the router, to conserve network and address space.
ExampleThe following example creates a tunnel between Router 1 (eth1) and Router 2 (eth2), and enables IP processing without an explicit address on an interface.
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 27
On Router 1
ZebOS# configure terminalZebOS (config)# interface loZebOS (config-if)# ip address 127.0.0.1/8ZebOS (config-if)# ip address 33.33.33.33/32 secondaryZebOS (config-if)# exitZebOS (config)# interface eth1ZebOS (config-if)# ip address 10.10.10.145/24ZebOS (config-if)# exitZebOS (config)# interface Tunnel0ZebOS (config-if)# tunnel source 10.70.0.145ZebOS (config-if)# tunnel destination 10.70.0.77ZebOS (config-if)# tunnel ttl 255ZebOS (config-if)# tunnel path-mtu-discoveryZebOS (config-if)# tunnel mode greZebOS (config-if)# ip unnumbered eth1ZebOS (config-if)# exitZebOS (config)# router ospfZebOS (config-router)# network 10.10.10.0/24 area 0
On Router 2
ZebOS# configure terminalZebOS (config)# interface loZebOS (config-if)# ip address 127.0.0.1/8ZebOS (config-if)# ip address 44.44.44.44/32 secondaryZebOS (config-if)# exitZebOS (config)# interface eth2ZebOS (config-if)# ip address 30.10.10.77/24ZebOS (config-if)# exitZebOS (config)# interface Tunnel0ZebOS (config-if)# tunnel source 10.70.0.77ZebOS (config-if)# tunnel destination 10.70.0.145ZebOS (config-if)# tunnel ttl 255ZebOS (config-if)# tunnel path-mtu-discoveryZebOS (config-if)# tunnel mode greZebOS (config-if)# ip unnumbered eth2ZebOS (config-if)# exitZebOS (config)# router ospfZebOS (config-router)# network 30.10.10.0/24 area 0
Related Commandsipv6 unnumbered
Tunnel
10.70.0.0/24eth0
10.70.0.145eth010.70.0.77
Router 1(eth1) .145
Router 2(eth2) .77
Commands Common to Multiple Protocols
28 ©2001-2007 IP Infusion Inc. Confidential
ipv6 access-classUse this command to filter a connection based on an IP access list for IPv6 networks.
Note: This command is unavailable to ZebOS Server Routing Suite (SRS) customers, and to ZebOS ARS customers using the IMISH for CLI management. To control access from the network/ hosts, IMISH administrators are required to change system files, such as /etc/host.allow and /etc/hosts.deny.
Command Syntaxipv6 access-class LIST
DefaultDisabled
Command ModeLine mode
UsageUse this command in conjunction with the IP access list to set permissions for VTY session users for ipv6 address family.
ExampleZebOS# configure terminalZebOS(config)# line vty 12 77ZebOS(config-line)# ipv6 access-class mylist1
Related Commandsaccess-list
ipv6 access-listUse this command to configure an access list for filtering frames.
Use the no parameter to remove a specified access-list.
Command Syntax(no) ipv6 access-list LISTNAME (DENY|PERMIT|REMARK)
LISTNAME = WORD DENY|PERMIT|REMARK IP ZebOS access-listDENY = deny [X:X::X:X/M (exact-match)]|any Specify route to reject.PERMIT = permit [X:X::X:X/M (exact-match)]|any Specify route to permit
A.B.C.D = An IPv6 address.M = Mask Specifying which part of the IPv6 address will be ignored.any = Allows any IPv6 address or prefix to match.exact-match = Specifies exact-matching of prefixes
REMARK = remark .LINE LINE = Multi-line, access-list entry comment up to 100 characters.
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 29
Command ModeConfigure mode
UsageUse access lists to control the transmission of packets on an interface, and restrict contents of routing updates. The switch stops checking the access list after a match occurs.
ExamplesZebOS# configure terminal ZebOS(config)# ipv6 access-list mylist deny 3ffe:506::/32 exact-match ZebOS(config)# ipv6 access-list mylist permit any
Validation Commandsshow running-config, show ipv6 access-list
ipv6 access-list zebosUse this command to configure an access list for filtering frames that permit or deny IP, ICMP, TCP, or UDP packets, or ICMP packets with a specific value based on the source or destination. Use the mask to specify a subset of addresses. Use the any parameter to allow all packets, regardless of source or destination. Use the icmp-type parameter to include a specific value. Use the log option to keep a log of the command outputs. Use the no parameter to remove a specified access-list.
Note: Use this command in IPV6 environments.
Command Syntax [ip|icmp](no)ipv6 access-list zebos WORD [deny|permit] [ip|icmp|any] [X:X::X:X/M|any] [X:X::X:X|M/any] (log)
zebos Extended access-list.WORD ZebOS access-list name.deny Specify route to reject.permit Specify route to permit.ip IP packet.icmp ICMP packet.any Any packet.X:X::X:X/M|any = Source IP address or local address and mask, or any local address.X:X::X:X/M|any = Destination IP address or local address and mask, or any local address.log Log the results.
Command Syntax [icmp TYPE value](no)ipv6 access-list zebos WORD [deny|permit] [icmp] [X:X::X:X/M|any] [X:X::X:X|M/any] icmp-type ICMP-TYPE (log)
zebos Extended access-list.WORD ZebOS access-list name.deny Specify route to reject.permit Specify route to permit.ip IP packet.
Commands Common to Multiple Protocols
30 ©2001-2007 IP Infusion Inc. Confidential
icmp ICMP packet.any Any packet.X:X::X:X/M|any = Source IP address or local address and mask, or any local address.X:X::X:X/M|any = Destination IP address or local address and mask, or any local address.ICMP-TYPE = ICMP value.log Log the results.
Command Syntax (Source and Destination Ports)(no)ipv6 access-list zebos WORD [deny|permit] [tcp|udp] [X:X::X:X/M|any] [et|lt|gt|ne] <0-65535> [X:X::X:X|M/any] [et|lt|gt|ne] <0-65535> (log)
zebos Extended access-list.WORD ZebOS access-list name.deny Specify route to reject.permit Specify route to permit.tcp TCP packet.udp UDP packet.any Any packet.X:X::X:X/M|any = Source IP address or local address and mask, or any local address.et Source port numbers equal to the given valuelt Source port numbers less than the given valuegt Source port numbers greater than the given valuene Source port numbers not equal to the given value.<0-65535> Port number specifiedX:X::X:X/M|any = Destination IP address or local address and mask, or any local address.et Destination port numbers equal to the given valuelt Destination port numbers less than the given valuegt Destination port numbers greater than the given valuene Destination port numbers not equal to the given value<0-65535> Port number specifiedlog Log the results.
Command ModeConfigure mode
UsageUse access lists to control the transmission of packets on an interface, and restrict the content of routing updates. The switch stops checking the access list when a match is encountered.
ExampleZebOS# configure terminalZebOS(config)# ipv6 access-list zebos TK deny tcp 2::2/64 eq 14 3::4/64 lt 12 log
ipv6 prefix-listUse this command to create an entry for an ipv6 prefix-list.
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 31
Command Syntax(no) ipv6 prefix-list sequence number
ipv6 prefix-list description .LINE
(no) ipv6 prefix-list description (.LINE)
(no) ipv6 prefix-list LISTNAME|SEQ
LINE= text description of the prefix list.LISTNAME= Specifies the name of a prefix list.SEQ = seq <1-429496725> (deny|permit) IPPREFIX any|LENGTH
seq <1-429496725> The sequence number of the prefix list.deny Specifies that packets are to be rejected.permit Specifies that packets are to be accepted.
IPPREFIX = X:X::X:X/M The IP address mask and length of the prefix list mask.any Takes all packets of any length. This parameter is the same as using 0.0.0.0/0 le 32 for
IPPREFIX.LENGTH= [LE|GE]
LE= le <0-32> Maximum prefix length to be matched.GE= ge <0-32> Minimum prefix length to be matched.
Command ModeConfigure mode
UsageRouter starts to match prefixes from the top of the prefix list, and stops whenever a match or deny occurs. To promote efficiency, use the seq parameter and place common matches or denials towards the top of the list. The sequence values are generated in the sequence of 5.
The parameters GE and LE specify the range of the prefix length to be matched.
Examplesipv6 prefix-list mylist seq 12345 deny 3ffe:345::/16 le 22 ge 14
ipv6 unnumberedUse this command to enable IPv6 processing without an explicit address, on a point-to-point non multi-access link.
Use the no parameter with this command to unconfigure this feature on an interface.
Command Syntax(no) ipv6 unnumbered IFNAME
IFNAME A string that specifies the interface.
Command ModeInterface mode
Commands Common to Multiple Protocols
32 ©2001-2007 IP Infusion Inc. Confidential
UsageThis command lets an interface borrow the IPv6 address of a specified interface, to enable IPv6 processing on a serial, point-to-point interface without assigning it an explicit IPv6 address. In this way, the IPv6 unnumbered interface can borrow the IPv6 address of another interface already configured on the router, to conserve network and address space.
ExampleThe following example creates a tunnel between Router 1 (eth1) and Router 2 (eth2), and enables IPv6 processing without an explicit address on an interface.
On Router 1
ZebOS# configure terminalZebOS (config)# interface loZebOS (config-if)# ipv6 address ::1/128ZebOS (config-if)# exitZebOS (config)# interface eth1ZebOS (config-if)# ipv6 address fe80::20e:cff:fe6e:56dd/64ZebOS (config-if)# exitZebOS (config)# interface Tunnel0ZebOS (config-if)# tunnel source 10.70.0.145ZebOS (config-if)# tunnel destination 10.70.0.77ZebOS (config-if)# tunnel ttl 255ZebOS (config-if)# tunnel path-mtu-discoveryZebOS (config-if)# tunnel mode greZebOS (config-if)# ipv6 unnumbered eth1ZebOS (config-if)# ipv6 router ospf area 0 tag 1ZebOS (config-if)# exitZebOS (config)# router ipv6 ospf 1ZebOS (config-router)# router-id 10.70.0.145
On Router 2
ZebOS# configure terminalZebOS (config)# interface loZebOS (config-if)# ipv6 address ::1/128ZebOS (config-if)# exitZebOS (config)# interface eth2ZebOS (config-if)# ipv6 address fe80::204:75ff:febf:f07a/64ZebOS (config-if)# exitZebOS (config)# interface Tunnel0ZebOS (config-if)# tunnel source 10.70.0.77ZebOS (config-if)# tunnel destination 10.70.0.145ZebOS (config-if)# tunnel ttl 255ZebOS (config-if)# tunnel path-mtu-discoveryZebOS (config-if)# tunnel mode greZebOS (config-if)# ipv6 unnumbered eth2
Tunnel
10.70.0.0/24eth0
10.70.0.145eth010.70.0.77
Router 1(eth1) .145
Router 2(eth2) .77
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 33
ZebOS (config-if)# ipv6 router ospf area 0 tag 1ZebOS (config-if)# exitZebOS (config)# router ipv6 ospf 1ZebOS (config-router)# router-id 10.70.0.77
Related Commandsip unnumbered
line vtyUse the line vty command to move or change to VTY mode.
Command Syntaxline vty [FIRST] (LAST)
FIRST <0-871> Specify the first line number.LAST <0-871> Specify the last line number.
Command ModeConfigure mode
UsageThis command is used to telnet to the NSM or any protocol daemons. This configuration is necessary for any telnet session. This configuration should be in the daemon's config file before starting the daemon.
Use this command to enter the line mode to configure the access-class, and set the exec-timeout.
ExamplesThe following example shows the use of the line command to enter the Line command mode (note the change in the prompt).
ZebOS# configure terminalZebOS(config)# line vtyZebOS(config-line)#
Validation Commandsshow running-config
log fileUse the log file command to specify log file controls, and where to save the logs in a configuration file.
Use the no parameter to revert logging to the default file.
Command Syntax log file FILENAME
no log file (FILENAME)
FILENAME = Specifies the file name of the log.
Command ModeConfigure mode
Commands Common to Multiple Protocols
34 ©2001-2007 IP Infusion Inc. Confidential
UsageThe log file is written to filename in the default location, usually usr/local/sbin.
ExamplesThis command is used to log the debug messages of a particular protocol daemon to the specified file.
Router# configure terminalRouter(config)# log file /usr/local/sbin/bgpd.log
Validation Commandsshow running-config
log record-priorityUse the log record-priority command to include the priority of the message within the entry in the log file. Use the no parameter to exclude the priority from the entry.
Command Syntax(no) log record-priority
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# log record-priority
Validation Commandsshow running-config
log stdoutUse the log stdout command to begin the logging of information to a standard output device, and set the level to debug. Use the trap parameter and its subparameters to set the logging to a different level.
Use the no parameter to disable logging to the stdout.
Command Syntax log stdout
no log stdout
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# log stdout
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 35
Validation Commandsshow running-config
log syslogUse the log syslog command to begin the logging of information to system log and set the level to debug. Use the trap parameter and its subparameters to set the logging to a different level.
Use the no parameter to disable logging to the system log.
Command Syntax log syslog
no log syslog
Command ModeConfigure mode
UsageThe syslog enables logging and analyzing configuration events and system error messages, centrally. This helps in monitoring interface status, security alerts, and CPU process overloads. It also allows real-time capturing of client debug output sessions.
ExamplesZebOS# configure terminalZebOS(config)# log syslog
Validation Commands
log trapUse the log trap command with the log file to specify system message logging levels.
Use the no parameter to include all levels of logging.
Command Syntax log trap PRIORITY
no log trap
PRIORITY = emergencies|alerts|critical|errors|warnings| notifications|informational|debugging
emergencies = turns on logging of only the most severe messages.alerts = turns on logging of the above plus this level. critical = turns on logging of the above plus this level.errors = turns on logging of the above plus this level.warnings = turns on logging of the above plus this level.notifications = turns on logging of the above plus this level.informational = turns on logging of the above plus this level.debugging = turns on logging of the above plus this level. This level of logging is the most
comprehensive
Commands Common to Multiple Protocols
36 ©2001-2007 IP Infusion Inc. Confidential
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# log trap alertsZebOS(config)# log trap criticalZebOS(config)# log trap informational
Validation Commandsshow running-config
Related Commandslog file
loginUse this command to set a password prompt before entering the configuration mode, and enable password checking.
Command Syntax(no) login
DefaultEnabled
Command ModeLine mode
UsageLogin is enabled by default. The no login command allows users to connect directly to the Privileged Exec mode skipping the password verification prompt. After using the no login command, if the user changes to the login command again, the system uses the password used earlier, unless the user specifies a password in the configure mode (see the following example).
ExampleThe following examples show the use of login and no login command. In this example, a password pass is set (in configure mode) before using the login command.
!ZebOS# configure terminalZebOS(config)# line vtyZebOS(config-line)# no login!!ZebOS# configure terminalZebOS#(config)# password passZebOS#(config)# line vtyZebOS#(config-line)# login!
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 37
match as-pathUse this command to match an autonomous system path access list.
Use the no parameter with this command to remove a path list entry.
Command Syntax match as-path LISTNAME
no match as-path
no match as-path LISTNAME
LISTNAME Specifies as autonomous system path access list name.
Command ModeRoute-map mode
UsageThe match as-path command specifies the autonomous system path to be matched. If there is a match for the specified AS path, and permit is specified, the route is redistributed or controlled, as specified by the set action. If the match criteria are met, and deny is specified, the route is not redistributed or controlled. If the match criteria are not met then the route is neither accepted nor forwarded, irrespective of permit or deny specifications.
The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes, depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.
Note: This command is valid only for BGP.
ExamplesZebOS# configure terminalZebOS(config)# route-map myroute deny 34ZebOS(config-route-map)# match as-path myaccesslist
Related Commandsmatch metric, match ip address, match community, set as-path, set community
match communityUse this command to specify the community to be matched.
Use the no parameter with this command to remove the community list entry.
Command Syntax match community WORD
no match community
no match community WORD
WORD Specifies the Community-list name
Command ModeRoute-map mode
Commands Common to Multiple Protocols
38 ©2001-2007 IP Infusion Inc. Confidential
UsageCommunities are used to group and filter routes. They are designed to provide the ability to apply policies to large numbers of routes by using match and set commands. Community lists are used to identify and filter routes by their common attributes.
Use the match community command to allow matching based on community lists.
The values set by the match community command overrides the global values. The route that does not match at least one match clause is ignored.
Note: This command is valid only for BGP.
ExamplesZebOS# configure terminalZebOS(config)# route-map myroute permit 3ZebOS(config-route-map)# match community mylist
Related Commandsmatch ip address, match as-path, set as-path, set community, match metric
match interfaceUse this command to define the interface match criterion.
Use the no parameter with this command to remove the specified match criterion.
Command Syntax match interface IFNAME
no match interface
IFNAME A string that specifies the interface for matching.
DefaultDisabled
Command ModeRoute-map mode
UsageThe match interface command specifies the next-hop interface name of a route to be matched.
Note: This command is only valid for RIP, OSPF, and IS-IS.
ExampleZebOS# configure terminalZebOS(config)# route-map mymap1 permit 10ZebOS(config-route-map)# match interface eth0
Related Commandsmatch tag, match route-type external
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 39
match ip addressUse this command to specify the match address of route.
Use the no parameter with this command to remove the match ip address entry.
Command Syntax match ip address ACCESSLISTID
no match ip address
no match ip address ACCESSLISTID
ACCESSLISTID = WORD|<1-199>|<1300-2699>WORD The name of IP access-list<1-199> The IP access-list number<1300-2699> The IP access-list number (expanded range)
Command ModeRoute-map mode
UsageThe match ip address command specifies the IP address to be matched. If there is a match for the specified IP address, and permit is specified, the route is redistributed or controlled, as specified by the set action. If the match criteria are met, and deny is specified then the route is not redistributed or controlled. If the match criteria are not met, the route is neither accepted nor forwarded, irrespective of permit or deny specifications.
The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes, depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.
Note: This command is valid for BGP, OSPF, RIP, and IS-IS only.
ExamplesZebOS# configure terminalZebOS(config)# route-map myroute permit 3ZebOS(config-route-map)# match ip address List1
Related Commandsmatch community, match as-path, set as-path, set community, match metric
match ip address prefix-listUse this command to match entries of prefix-lists.
Use the no parameter with this command too disable this function
Command Syntax match ip address prefix-list LISTNAME
no match ip address prefix-list LISTNAME
LISTNAME Specifies the IP prefix list name.
Commands Common to Multiple Protocols
40 ©2001-2007 IP Infusion Inc. Confidential
Command ModeRoute-map mode
UsageThis command specifies the entries of prefix-lists to be matched. If there is a match for the specified prefix-list entries, and permit is specified, the route is redistributed or controlled, as specified by the set action. If the match criteria are met, and deny is specified, the route is not redistributed or controlled. If the match criteria are not met, the route is neither accepted nor forwarded, irrespective of permit or deny specifications.
The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.
This command is valid for BGP, OSPF, and RIP only.
ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)#match ip address prefix-list mylist
match ip next-hopUse this command to specify a next-hop address to be matched in a route-map.
Use the no parameter with this command to disable this function.
Command Syntaxmatch ip next-hop ACCESSLISTID
no match ip next-hop
no match ip next-hop ACCESSLISTID
ACCESSLISTID = WORD|<1-199>|<1300-2699>|PREFIXLIST Specifies the IP access list name.WORD The IP access-list name<1-199> The IP access-list number<1300-2699> The IP access-list number (expanded range)PREFIXLIST prefix-list WORD Match entries of prefix-lists WORD IP prefix-list name
Command ModeRoute-map mode
UsageThe match ip next-hop command specifies the next-hop address to be matched. If there is a match for the specified next-hop address, and permit is specified, the route is redistributed or controlled as specified by the set action. If the match criteria are met, and deny is specified, the route is not redistributed or controlled. If the match criteria are not met, the route is neither accepted nor forwarded, irrespective of permit or deny specifications.
The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.
Note: This command is valid for BGP, OSPF, RIP, and IS-IS only.
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 41
ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# match ip next-hop mylist
Related Commandsmatch community, match as-path, set as-path, set community, match metric
match ip next-hop prefix-listUse this command to specify the next-hop IP address match criterion, using the prefix-list.
Use the no parameter with this command to remove the specified match criterion.
Command Syntax (no) match ip next-hop prefix-list LISTNAME
no match ip next-hop prefix-list
LISTNAME A string specifying the prefix-list name.
DefaultDisabled
Command ModeRoute-map mode
UsageUse the match ip next-hop prefix-list command to match the next-hop IP address of a route.
Note: This command is valid for BGP and RIP only.
ExamplesZebOS# configure terminalZebOS(config)# route-map mymap permit 3ZebOS(config-route-map)# match ip next-hop prefix-list list1
Related Commandsmatch metric, match interface, match ip next-hop
match ipv6 addressUse this command to specify the match address of route.
Use the no parameter with this command to remove the match ip address entry.
Command Syntax match ipv6 address WORD
no match ipv6 address WORD
WORD Specifies the IPv6 access list name.
Commands Common to Multiple Protocols
42 ©2001-2007 IP Infusion Inc. Confidential
Command ModeRoute-map mode
UsageThe match ipv6 address command specifies the IPv6 address to be matched. If there is a match for the specified IPv6 address, and permit is specified, the route is redistributed or controlled as specified by the set action. If the match criteria are met, and deny is specified, the route is not redistributed or controlled. If the match criteria are not met, the route is neither accepted nor forwarded, irrespective of permit or deny specifications.
The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.
Note: This command is valid for BGP, RIPng, and IS-IS only.
ExamplesZebOS# configure terminalZebOS(config)# route-map ipi deny 1ZebOS(config-route-map)# match ipv6 address ipi
match ipv6 address prefix-listUse this command to match entries of prefix-lists.
Use the no parameter with this command to disable this function
Command Syntax match ipv6 address prefix-list LISTNAME
no match ipv6 address prefix-list LISTNAME
LISTNAME Specifies the IPv6 prefix list name.
Command ModeRoute-map mode
UsageThe match ipv6 address prefix-list command specifies the entries of prefix-lists to be matched. If there is a match for the specified prefix-list entries, and permit is specified, the route is redistributed or controlled as specified by the set action. If the match criteria are met, and deny is specified, the route is not redistributed or controlled. If the match criteria are not met, the route is neither accepted nor forwarded, irrespective of permit or deny specifications.
The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes, depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.
This command is valid for BGP, OSPFv3, and RIPng only.
ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)#match ipv6 address prefix-list mylist
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 43
match ipv6 next-hopUse this command to specify a next-hop address to be matched by the route-map.
Use the no parameter with this command to disable this function
Command Syntax match ipv6 next-hop X:X::X:X|WORD
no match ipv6 next-hop X:X::X:X|WORD
X:X::X:X The IPv6 addressWORD The IPv6 access-list name
Command ModeRoute-map mode
UsageThe match ipv6 next-hop command specifies the next-hop address to be matched. If there is a match for the specified next-hop address, and permit is specified, the route is redistributed or controlled as specified by the set action. If the match criteria are met, and deny is specified, the route is not redistributed or controlled. If the match criteria are not met, the route is neither accepted nor forwarded, irrespective of permit or deny specifications.
The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.
Note: This command is valid for BGP and IS-IS only.
ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# match ipv6 next-hop 3ffe::1
match metricUse this command to match a metric of a route.
Use the no parameter with this command to disable this function
Command Syntaxmatch metric METRIC
no match metric METRIC
METRIC <0-4261412864> Specifies the metric value.
Command ModeRoute-map mode
UsageThe match metric command specifies the metric to be matched. If there is a match for the specified metric, and permit is specified, the route is redistributed or controlled as specified by the set action. If the match criteria are met,
Commands Common to Multiple Protocols
44 ©2001-2007 IP Infusion Inc. Confidential
and deny is specified, the route is not redistributed or controlled. If the match criteria are not met, the route is neither accepted nor forwarded, irrespective of permit or deny specifications.
The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.
Note: This command is valid for BGP, OSPF, RIP, and IS-IS only.
ExamplesZebOS# configure terminalZebOS(config)# route-map myroute permit 3ZebOS(config-route-map)# no match metric 888999
Related Commandsmatch community, match as-path, set as-path, set community, match ip next-hop
match originUse this command to match origin code.
Use the no parameter with this command to disable this matching.
Command Syntax(no) match origin (egp|igp|incomplete)
egp learned from EGPigp Local IGPincomplete Unknown heritage
Command ModeRoute-map mode
UsageThe origin attribute defines the origin of the path information. The egp parameter is indicated as an e in the routing table, and it indicates that the origin of the information is learned via Exterior Gateway Protocol. The igp parameter is indicated as an i in the routing table, and it indicates the origin of the path information is interior to the originating AS. The incomplete parameter is indicated as a ? in the routing table, and indicates that the origin of the path information is unknown or learned through other means. If a static route is redistributed into BGP, the origin of the route is incomplete.
The match origin command specifies the origin to be matched. If there is a match for the specified origin, and permit is specified, the route is redistributed or controlled as specified by the set action. If the match criteria are met, and deny is specified, the route is not redistributed or controlled. If the match criteria are not met, the route is neither accepted nor forwarded, irrespective of permit or deny specifications.
The route specified by the policies might not be the same as specified by the routing protocols. Setting policies enable packets to take different routes depending on their length or content. Packet forwarding based on configured policies overrides packet forwarding specified in routing tables.
Note: This command is valid for BGP only.
ExampleZebOS# configure terminal
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 45
ZebOS(config)# route-map myroute deny 34ZebOS(config-route-map)# match origin egp
Related Commands
match route-type Use this command to match specified external route type.
Use the no parameter with this command to turn off the matching.
Command Syntax (no) match route-type external (type-1 | type-2)
DefaultDisabled
Command ModeRoute-map mode
UsageUse the match route-type external command to match specific external route types. AS-external LSA is either Type-1 or Type-2. External type-1 matches only Type 1 external routes, and external type-2 matches only Type 2 external routes.
Note: This command is valid for OSPF only.
ExamplesZebOS# configure terminalZebOS(config)# route-map mymap1 permit 10ZebOS(config-route-map)# match route-type external type-1
Related Commandsmatch tag, match route-type external
match tagUse this command to match the specified tag value.
Use the no parameter with this command to turn off the declaration.
Command Syntax (no) match tag <0-4294967295>
DefaultDisabled
Command ModeRoute-map mode
Commands Common to Multiple Protocols
46 ©2001-2007 IP Infusion Inc. Confidential
UsageUse the match tag command to match the specified tag value.
Note: This command is valid for OSPF only.
ExamplesZebOS# configure terminalZebOS(config)# route-map mymap1 permit 10ZebOS(config-route-map)# match tag 100
Related Commandsmatch metric, match route-type external
passwordUse the password command to specify a network password.
Note: This command is unavailable to ZebOS Server Routing Suite (SRS) customers and ZebOS Advanced Routing Suite (ARS) customers using the IMISH for CLI management.
Command Syntaxpassword HIDDEN|PLAIN
HIDDEN = 8 password Specifies a hidden password. PLAIN = password The unencrypted (cleartext) line password password An up to 80-character, alpha-numeric string including spaces. This string cannot begin with a
number.
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# password 8 hiddenpasswordZebOS(config)# password plainpassword
Related Commandsenable
Validation Commandsshow running-config
route-mapUse this command to enter the route-map mode, and to permit or deny match/set operations.
Command Syntax (no) route-map MAPTAG deny|permit SEQ
MAPTAG= Identifies the route.deny Route map denies set operations
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 47
permit Route map permits set operationsSEQ= <1-65535> Specifies the sequence number for insertion or deletion.
Command ModeConfigure mode
UsageRoute-map is used to control and modify routing information. The route-map command allows redistribution of routes. It has a list of match and set commands associated with it. The match commands specify the conditions under which redistribution is allowed, and the set commands specify the particular redistribution actions to be performed if the criteria enforced by match commands are met. Route maps are used for detailed control over route distribution between routing processes.
Route maps also allow policy routing, and might route packets to a different route than the obvious shortest path.
If the permit parameter is specified, and the match criteria are met, the route is redistributed as specified by set actions. If the match criteria are not met, the next route map with the same tag is tested.
If the deny parameter is specified, and the match criteria are met, the route is not redistributed, and any other route maps with the same map tag are not examined.
Specify the sequence parameter to indicate the position a new route map is to have in the list of route maps already configured with the same name.
ExamplesThe following example shows the use of the route-map command to enter the route-map mode (note the change in the prompt), and the use of this mode in match and set commands.
ZebOS# configure terminalZebOS(config)# route-map route1 permit 1 ZebOS(config-route-map)# match as-path 60ZebOS(config-route-map)# set weight 70
service advanced-vtyUse this command to set multiple options to be listed when the Tab key is pressed, after completing a command. Use the no parameter to set no options to be listed when the Tab key is pressed, after completing a command.
Command Syntax(no) service advanced-vty
advanced-vty = Enable advanced mode VTY interface.
Command ModeConfigure mode
UsageThis feature applies to commands with more than one option.
ExamplesZebOS# configure terminalZebOS(config)# service advanced-vty
Commands Common to Multiple Protocols
48 ©2001-2007 IP Infusion Inc. Confidential
service password-encryptionUse this command to specify encryption of passwords. Use the no parameter to disable this feature.
Note: When using the service password-encryption command through IMISH, you must write to memory using the write memory or write file command. If you have not written to memory, the change made by this command (encryption) is not available when you log into IMISH the next time.
Command Syntax(no) service password-encryption
password-encryption = Enable encrypted passwords.
Command ModeConfigure mode
UsageThe service password-encryption command specifies encryption of the passwords. This encryption is simple, and designed to prevent casual observers from reading passwords not for serious hackers. The following output displays the encrypted password.
Router# configure terminalRouter(config)# service password-encryption
Current configuration:!hostname ZebOSpassword 8 aZSABJxOet0gsenable password 8 SLtKyTiWDXTZw!
ExamplesZebOS# configure terminalZebOS(config)# service password-encryption
Validation Commandsenable password
service terminal-lengthUse this command to set the terminal length for VTY sessions. Use the no parameter to disable this feature.
Command Syntax(no) service terminal-length LINES
terminal-length = Establish system-wide terminal length configuration.LINES = <0-512> Number of lines of VTY (0 means no line control).
Command ModeConfigure mode
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 49
UsageThe terminal-length parameter sets the terminal length for VTY sessions. In the following configuration, the terminal length for VTY sessions will be set to 60, making 60 the number of terminal lines for any telnet session.
ZebOS# configure terminalZebOS(config)# service terminal-length 60
ExamplesZebOS# configure terminalZebOS(config)# service advanced-vty
Validation Commandsshow running-config
set aggregator Use this command to set the AS number for the route map and router ID.
Use the no parameter with this command to disable this function
Command Syntax(no) set aggregator as ASNUM IPADDRESS
ASNUM Specifies the AS number of aggregator.IPADDRESS Specifies the IP address of aggregator.
Command ModeRoute-map mode
UsageAn Autonomous System (AS) is a collection of networks under a common administration sharing a common routing strategy. It is subdivided by areas, and is assigned a unique 16-bit number. Use the set aggregator command to assign an AS number for the aggregator.
To use the set aggregator command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.
If the packets do not match any of the defined criteria, they are routed through the normal routing process.
Note: This command is valid for BGP only.
ExamplesZebOS# configure terminalZebOS(config)# route-map myroute permit 3ZebOS(config-route-map)# set aggregator as 43 10.10.0.3
set as-pathUse this command to modify an autonomous system path for a route.
Use the no parameter with this command to disable this function.
Commands Common to Multiple Protocols
50 ©2001-2007 IP Infusion Inc. Confidential
Command Syntax(no) set as-path prepend (.ASN)
prepend Prepends the autonomous system path.ASN ZebOS prepends this number to the AS path.
Command ModeRouter-map mode
UsageUse the set as-path command to specify an autonomous system path. By specifying the length of the AS-Path, the router influences the best path selection by a neighbor. Use the prepend parameter with this command to prepend an AS path string to routes increasing the AS path length.
To use the set as-path command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.
If the packets do not match any of the defined criteria, they are routed through the normal routing process.
Note: This command is valid for BGP only.
ExamplesZebOS# configure terminalZebOS(config)# route-map myroute permit 3ZebOS(config-route-map)# set as-path prepend 8 24
set atomic-aggregateUse this command to set an atomic aggregate attribute.
Use the no parameter with this command to disable this function
Command Syntax set atomic-aggregate
no set atomic-aggregate
Command ModeRoute-map mode
UsageTo use the set atomic aggregate command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.
If the packets do not match any of the defined criteria, they are routed through the normal routing process.
Note: This command is valid for BGP only.
ExamplesZebOS# configure terminal
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 51
ZebOS(config)# route-map rmap1 permit 3 ZebOS(config-route-map)# set atomic-aggregate
Related Commands
set comm-list deleteUse this command to delete the matched communities from the community attribute of an inbound or outbound update when applying route-map.
Use the no parameter with this command to disable this feature.
Command Syntax(no) set comm-list (<1-199>|<100-199>|WORD) delete
<1-99> Standard community-list number.<100-199> Expanded community-list numberWORD Name of the Community-list.
Command ModeRoute-map mode
UsageThis command is valid for BGP only.
ExamplesZebOS# configure terminalZebOS(config)# route-map ipi permit 3ZebOS(config-route-map)# set comm-list 34 delete
set communityUse this command to set the communities attribute.
Use the no parameter with this command to delete the entry.
Command Syntax(no) set community [AA:NN|internet|local-AS|no-advertise|no-export](additive)
set community none
no set community
AA:NN Specifies the community number in this format.AA = The AS number. NN = The number assigned to community.
local-AS Specifies no sending outside the local AS (well-known community).internet Specifies the Internet.no-advertise Specifies no advertisement of this route to eBGP peersno-export Specifies no advertisement of this route to any peernone Removes the community attribute from the prefixes that pass the route-map.additive Adds to the existing community.
Commands Common to Multiple Protocols
52 ©2001-2007 IP Infusion Inc. Confidential
Command ModeRoute-map mode
UsageUse this command to set the community attribute and group destinations in a certain community, as well as, apply routing decisions according to those communities.
To use the set community command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.
If the packets do not match any of the defined criteria, they are routed through the normal routing process.
Note: This command is valid for BGP only.
ExamplesThe following examples show the use of the set community command with different parameters.
ZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set community no-export no-advertise
ZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set community no-advertise
ZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set community 10:01 23:34 12:14 no-export
set dampeningUse this command to enable route-flap dampening and set parameters.
Command Syntax(no) set dampening (REACHTIME (REUSE SUPPRESS MAXSUPPRESS))(UNREACHTIME)
REACHTIME <1-45> Specifies the reachability half-life time in minutes. The time for the penalty to decrease to one-half of its current value. The default is 15 minutes.
REUSE <1-20000> Specifies the reuse-limit value. When the penalty for a suppressed route decays below the reuse value, the routes become unsuppressed. The default reuse limit is 750.
SUPPRESS <1-20000> Specifies the suppress-limit value. When the penalty for a route exceeds the suppress value, the route is suppressed. The default suppress limit is 2000.
MAXSUPPRESS <1-255> Specifies the max-suppress-time. Maximum time that a dampened route is suppressed. The default max-suppress value is 4 times the half-life time (60 minutes).
UNREACHTIME <1-45> Specifies the un-reachability half-life time for penalty, in minutes. The default value is 15 minutes.
Command ModeRoute-map mode
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 53
UsageSet the unreachability half-life time to be equal to, or greater than, reachability half-life time. The suppress-limit value must be greater than or equal to the reuse limit value.
Note: This command is valid for BGP only.
ExampleZebOS# configure terminalZebOS(config)# route-map R1 permit 24ZebOS(config-route-map)# set dampening 20 333 534 30
set extcommunityUse this command to set an extended community attribute.
Use the no parameter with this command to disable this function
Command Syntax(no) set extcommunity rt|soo EXTCOMMNUMBER
no set extcommunity rt|soo
rt Specifies the route target of the extended community.soo Specifies the site-of-origin of the extended community.EXTCOMMNUMBER=ASN:nn_or_IP-address:nn VPN extended communityASN:nn= the AS number.IPADDRESS:nn= the AS number in IP address form.
Command ModeRoute-map mode
UsageTo use the set extcommunity command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.
If the packets do not match any of the defined criteria, they are routed through the normal routing process.
Note: This command is valid for BGP only.
ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set extcommunity rt 06:01
ZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set extcommunity rt 0.0.0.6:01
ZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set extcommunity soo 06:01
Commands Common to Multiple Protocols
54 ©2001-2007 IP Infusion Inc. Confidential
ZebOS# configure terminalZebOS(config-route-map)# route-map rmap1 permit 3ZebOS(config-route-map)# set extcommunity soo 0.0.0.6:01
set ip next-hop Use this command to set the specified next-hop value.
Use the no parameter with this command to turn off the setting.
Command Syntax (no) set ip next-hop A.B.C.D
no set ip next-hop
A.B.C.D Specifies the IP address of the next-hop
DefaultDisabled
Command ModeRoute-map mode
UsageUse this command to set the next-hop IP address to the routes.
Note: This command is valid for BGP, OSPF, and RIP only.
ExamplesZebOS# configure terminalZebOS(config)# route-map mymap permit 3ZebOS(config-route-map)# set ip next-hop 10.10.0.67
Related Commandsset metric
set ipv6 next-hopUse this command to set a next hop-address.
Use the no parameter with this command to delete an entry.
Command Syntax set ipv6 next-hop global|local IPADDRESS
no set ipv6 next-hop (global|local)
no set ipv6 next-hop (global|local)(IPADDRESS)
IPADDRESS= X:X::X:X Specifies the IPv6 address.global Specifies that the address is global.local Specifies that the address is local.
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 55
Command ModeRoute-map mode
UsageUse this command to set the next-hop IPv6 address to the routes.
Note: This command is valid for BGP and OSPFv3 only.
ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set ipv6 next-hop local fe80::203:47ff:fe97:66dc
set levelUse this command to set the IS-IS level to export a route.
Use the no parameter with this command to disable this function.
Command Syntaxset level-1|level-2|level-1-2
no set level
level-1 Export into a level-1 area.level-2 Export into a level-2 sub-domain.level-1-2 Export into level-1 and level-2.
Command ModeRoute-map mode
Note: This command is valid for IS-IS only.
ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set level level-1
set metricUse this command to set a metric value for a route.
Use the no parameter with this command to disable this function.
Command Syntaxset metric METRICVAL
no set metric (0-4261412864)
METRICVAL = <+/-metric>|<0-4261412864> The metric value.
Command ModeRoute-map mode
Commands Common to Multiple Protocols
56 ©2001-2007 IP Infusion Inc. Confidential
UsageThis command sets the metric value for a route, and influences external neighbors about the preferred path into an Autonomous System (AS). The preferred path is the one with a lower metric value. A router compares metrics for paths from neighbors in the same ASs. To compare metrics from neighbors coming from different ASs, use the bgp always-compare-med command.
To use the set metric command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.
If the packets do not match any of the defined criteria, they are routed through the normal routing process.
Note: This command is valid for BGP, OSPF, OSPFv3, RIP, RIPng, and IS-IS.
ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set metric 600
set metric-typeUse this command to set the metric type for the destination routing protocol.
Use the no parameter with this command to return to the default.
Command Syntax (no) set metric-type 1|2|type1|type2
1 = Select to set external type 1 metric.2 = Select to set external type 2 metric.type1 = Select to set external type 1 metric.type2 = Select to set external type 2 metric.
(no) set metric-type internal|external
internal = Select to set internal IS-IS type metric.external = Select to set external IS-IS type metric.
Command ModeRoute-map mode
UsageThe set metric-type 1|2|type1|type2 command sets the type to either Type-1 or Type-2 in the AS-external-LSA when the route-map matches the condition.
Note: The set metric-type 1|2|type1|type2 command is valid for OSPF and OSPFv3 only. The set metric-type internal|external command is valid for IS-IS only.
ExamplesIn this example the metric type of the destination protocol is set to OSPF external Type 1.
ZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set metric-type 1
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 57
Related Commandsredistribute, default-information
set originUse this command to set the BGP origin code.
Use the no parameter with this command to delete an entry.
Command Syntax set origin egp|igp|incomplete
no set origin (egp|igp|incomplete)
egp Specifies a remote EGP system.igp a local IGP system.incomplete Specifies a system of unknown heritage.
Command ModeRoute-map mode
UsageThe origin attribute defines the origin of the path information. The three parameters with this command indicate three different values. IGP is interior to the originating AS. This happens if IGP is redistributed into the BGP. EGP is learned through an Exterior Gateway Protocol. Incomplete is unknown or learned through some other means. This happens when static route is redistributed in BGP and the origin of the route is incomplete.
To use the set origin command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.
If the packets do not match any of the defined criteria, they are routed through the normal routing process.
Note: This command is valid for BGP only.
ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set origin egp
set originator-idUse this command to set the originator ID attribute.
Use the no parameter with this command to disable this function
Command Syntax set originator-id IPADDRESS
no set originator-id (IPADDRESS)
IPADDRESS Specifies the IP address of originator.
Commands Common to Multiple Protocols
58 ©2001-2007 IP Infusion Inc. Confidential
Command ModeRoute-map mode
UsageTo use the set originator-id command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.
If the packets do not match any of the defined criteria, they are routed through the normal routing process.
Note: This command is valid for BGP only.
ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set originator-id 1.1.1.1
set tagUse this command to set a specified tag value.
Use the no parameter with this command to return to the default.
Command Syntax (no) set tag TAGVALUE
TAGVALUE = <0-4294967295> Tag value for destination routing protocol.
Command ModeRoute-map mode
UsageTag in this command is the route tag which is labeled by another routing protocol (BGP or other IGP when redistributing), because AS-external-LSA has a route-tag field in its LSAs. Also, with using route-map, ZebOS can tag the LSAs with the appropriate tag value. Sometimes, the tag matches with using route-map, and sometimes, the value may be used by another application.
Note: This command is valid for OSPF only.
ExamplesIn the following example the tag value of the destination routing protocol is set to 6:
ZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set tag 6
Related Commandsredistribute, default-information
set vpnv4 next-hopUse this command to set a VPNv4 next-hop address.
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 59
Use the no parameter with this command to disable this function
Command Syntax set vpnv4 next-hop IPADDRESS
no set vpnv4 next-hop (IPADDRESS)
IPADDRESS Specifies the IP address of next hop.
Command ModeRoute-map mode
UsageTo use the set vpn4-hext-hop command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.
If the packets do not match any of the defined criteria, they are routed through the normal routing process.
Note: This command is valid for BGP only.
ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set vpnv4 next-hop 6.6.6.6
set weightUse this command to set weights for the routing table.
Use the no parameter with this command to delete an entry.
Command Syntax set weight WEIGHT
no set weight (WEIGHT)
WEIGHT = <0-4294967295> Specifies the weight value.
Command ModeRoute-map mode
UsageThe weight value is used to assist in best path selection. It is assigned locally to a router. When there are several routes with a common destination, the routes with a higher weight value are preferred.
To use the set weight command, you must first have a match clause. Match and set commands set the conditions for redistributing routes from one routing protocol to another. The match command specifies the match criteria under which redistribution is allowed for the current route-map. The set command specifies the set redistribution actions to be performed, if the match criteria are met.
match as-path 10set weight 400
In the above configuration, all routes that apply to access-list 10 will have the weight set at 400.
Commands Common to Multiple Protocols
60 ©2001-2007 IP Infusion Inc. Confidential
If the packets do not match any of the defined criteria, they are routed through the normal routing process.
Note: This command is valid for BGP only.
ExamplesZebOS# configure terminalZebOS(config)# route-map rmap1 permit 3ZebOS(config-route-map)# set weight 60
Related Commandsmatch as-path
show access-listUse this command to display a list of IP access lists.
Command Syntax show access-list
Command ModePrivileged Exec mode
ExamplesZebOS# show access-list
show cliUse this command to display the CLI tree of the current mode.
Command Syntaxshow cli
Command ModeAll command modes
UsageThis is a section of the sample output of the show cli command executed at the Interface mode.
+-ospf +-A.B.C.D +-authentication [no ip ospf (A.B.C.D|) authentication] +-authentication-key [no ip ospf (A.B.C.D|) authentication-key] +-cost [no ip ospf (A.B.C.D|) cost] +-database-filter [no ip ospf (A.B.C.D|) database-filter] +-hello-interval [no ip ospf (A.B.C.D|) hello-interval] +-message-digest-key
ExamplesZebOS# show cli
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 61
show historyUse the show history command to list the commands entered in the current session. The history buffer is cleared automatically upon reboot.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow history
Command ModeExec mode and Privileged Exec mode
Examplesshow history
UsageTwo sample results from the show history command:
IMI-CLI#show history 1 en 2 show ru 3 con t 4 route-map er deny 3 5 exit 6 ex 7 di
Though some modes do not have the show history command, commands entered in those modes are listed from the Privileged mode. All command line entries are listed, even erroneous commands.
ZebOS# show history 1 show ip protocols 2 show ip protocols rip 3 show history 4 enable 5 config terminal 6 show his 7 interface eth0 8 show history 9 router rip 10 end 11 list 12 con t 13 router rip 14 shoe history 15 show history 16 end
Commands Common to Multiple Protocols
62 ©2001-2007 IP Infusion Inc. Confidential
show ip prefix-listUse this command to display the prefix list entries.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Note: This command is valid for RIP and BGP protocols only.
Syntax Descriptionshow ip prefix-list (WORD|DETAIL|SUMMARY)
WORD=A.B.C.D/M (first-match|longer)A.B.C.D IP address for the prefix list.M=<0-32> is the length of the address/Mask.first-match the show command displays the first matching routing table for the given IP address or
prefix.longer causes the show command to lookup longer prefix.
DETAIL =detail(WORD)WORD = name of prefix list.
SUMMARY=summary(WORD)WORD = name of prefix list.
Command ModeExec mode
UsageThe following is a sample output of the show ip prefix-list command showing prefix-list entries.
ZebOS# show ip prefix-listip prefix-list ipi1: 3 entries seq 5 permit 172.1.1.0/16 seq 10 permit 173.1.1.0/16 seq 15 permit 174.1.1.0/16
Examples ZebOS# show ip prefix-list ZebOS# show ip prefix-list 10.10.0.98/8 first-matchZebOS# show ip prefix-list detail home
show listUse this command to display a list of all the commands relevant to the current mode.
Command Syntaxshow list
Command ModeAll command modes.
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 63
UsageThis is a section of the sample output of the show list command executed at the Configure mode.
ZebOS(config)# show list access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D A.B.C.D access-list (<1-99>|<1300-1999>) (deny|permit) any access-list (<1-99>|<1300-1999>) (deny|permit) host A.B.C.D access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D access-list (<1-99>|<1300-1999>) (deny|permit) A.B.C.D A.B.C.D
ExamplesZebOS# show list
show memory allUse this command to display memory statistics about all protocols and the ZebOS library.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Note: This command is available only if --enable-memmgr configuration option is enabled in the configure script.
Command Syntaxshow memory all
Command ModePrivileged Exec mode
UsageThe following is an output of this command displaying memory statistics about all protocols:
Zebos# show memory allMemory type Alloc cells Alloc bytes=================================== ============= ===============Temporary memory : 17759 1732336Hash : 16 1280Hash index : 16 58368Hash bucket : 61 4880Thread master : 8 8576Thread : 71 7952Link list : 148 11840...Buffer data : 3 3216Prefix : 4 320...Host config password : 7 560VTY master : 8 640VTY : 4 17600VTY history : 16 1280VTY if : 49 14896
Commands Common to Multiple Protocols
64 ©2001-2007 IP Infusion Inc. Confidential
VTY connected : 112 8960...Patricia tree node : 22 1760Message entry : 7 560Message handler : 8 896Host : 8 1408Log information : 16 1280Context : 16 3072----------------------------------- ------------- ---------------NSM Client Handler : 7 229712NSM Client : 7 14672NSM server entry : 7 229712NSM server client : 7 560NSM server : 1 2096NSM Route table : 12 960NSM Route node : 15 1680NSM Master : 1 112NSM RIB : 15 1200...IGMP interface info : 1 176NSM IPv6 Mcast entry : 1 560NSM IPv6 Mcast Client entry : 2 160NSM IPv6 Mcast Stat block entry : 2 8288MLD Top : 1 176MLD interface : 6 1056----------------------------------- ------------- -------------------------------------------------- ------------- ---------------OSPFv3 structure : 1 304OSPFv3 area : 1 176OSPFv3 interface : 1 304OSPFv3 neighbor : 3 912OSPFv3 vertex : 1 80...OSPFv3 prefix map : 1 80OSPFv3 packet : 681 105328OSPFv3 FIFO : 1 80OSPFv3 if params : 2 224OSPFv3 description : 4 320----------------------------------- ------------- ---------------BGP structure : 1 1072BGP VR structure : 1 112BGP global structure : 1 112BGP peer : 1 2096BGP as list master : 1 80Community list handler : 1 80BGP Damp Reuse List Array : 1 2096BGP table : 37 2960----------------------------------- ------------- ---------------PIM-DM Global : 1 176PIM-DM VR : 1 80
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 65
PIM-DM VRF : 1 176
ExamplesZebOS# show memory all
Related Commandsshow memory lib
show memory freeUse this command to display memory statistics about free memory for every protocol.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Note: This command is available only if --enable-memmgr configuration option is enabled in the configure script.
Command Syntaxshow memory free
Command ModePrivileged Exec mode
UsageThe following is an output of this command displaying the total free size and the number of available free blocks:
ZebOS# show memory free
Freed memories for IMI
Block size Total bytes Block count=============== =============== ==============32 80 164 257152 2296128 1421904 8079256 1214784 3996
...
Freed memories for NSM
Block size Total bytes Block count=============== =============== ==============32 80 164 257152 2296128 1421904 8079256 1214784 3996512 1127840 20141024 1055920 9852048 1031232 492...Freed memories for RIPng
Commands Common to Multiple Protocols
66 ©2001-2007 IP Infusion Inc. Confidential
Block size Total bytes Block count=============== =============== ==============32 0 064 257040 2295128 1421904 8079256 1214784 3996512 1127840 20141024 1054848 984...
ExamplesZebOS# show memory free
Related Commandsshow memory lib, show memory all
show memory libUse this command to display library memory statistics.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Note: This command is available only if --enable-memmgr configuration option is enabled in the configure script.
Command Syntaxshow memory lib
Command ModePrivileged Exec mode
UsageThe following is a section of the sample output for the show memory lib command showing the memory usage by library in different protocols.
ZebOS# show memory lib Library MTYPEs for NSMMemory type Alloc cells============================== ============Hash : 1Hash index : 1Hash bucket : 6Thread master : 1Thread : 11Link list : 10Link list node : 18Buffer : 0Buffer bucket : 0Buffer data : 0
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 67
Buffer IOV : 0...Config handle : 0Temporary memory : 2039Access list : 0Access list str : 0Access filter : 0Prefix list : 0Prefix list str : 0Prefix list entry : 0Route map : 0Route map name : 0Route map index : 0...Bit map : 3Bit map block : 3Bit map block array : 3Patricia tree : 5Patricia tree node : 0MPLS VRF table entry : 0------------------------------ ------------ Library MTYPEs for OSPFMemory type Alloc cells============================== ============Hash : 1Hash index : 1Hash bucket : 2Thread master : 1Thread : 25Link list : 40...Temporary memory : 2460Access list : 0Access list str : 0Access filter : 0Prefix list : 0...VTY path : 0Vector : 1340Vector index : 1340...Bit map block : 0Bit map block array : 0Patricia tree : 0Patricia tree node : 0MPLS VRF table entry : 0------------------------------ ------------
ExamplesZebOS# show memory lib
Commands Common to Multiple Protocols
68 ©2001-2007 IP Infusion Inc. Confidential
Related Commandsshow memory all
show memory summaryUse this command to display the summary of memory statistics.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Note: This command is available only if --enable-memmgr configuration option is enabled in the configure script.
Command Syntaxshow memory summary
Command ModePrivileged Exec mode
UsageFollowing is a sample output of the show memory summary command:
ZebOS# show memory summary
Memory summary for IMI
Total preallocated memory size: 10485760 Total preallocated memory overhead: 3141024 Total preallocated memory blocks: 65438
Total on demand allocated memory size: 913824 Total on demand allocated memory overhead: 388368 Total on demand allocated memory count: 8091
Requested ZebOS memory size: 2048768 Allocated ZebOS memory size: 6393904 Allocated ZebOS memory blocks: 55301
Total memory left in the free pool: 8535072 Total blocks left in the free pool: 18228
Memory summary for NSM
Total preallocated memory size: 10485760 Total preallocated memory overhead: 3141024... Total on demand allocated memory overhead: 388368 Total on demand allocated memory count: 8091
Requested ZebOS memory size: 2049160 Allocated ZebOS memory size: 6394464
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 69
Allocated ZebOS memory blocks: 55302
Total memory left in the free pool: 8534512 Total blocks left in the free pool: 18227
Memory summary for RIPng
Total preallocated memory size: 10485760 Total preallocated memory overhead: 3141024 Total preallocated memory blocks: 65438
...
Total memory left in the free pool: 8533360 Total blocks left in the free pool: 18225
ExamplesZebOS# show memory summary
show route-mapUse this command to display user readable route-map information.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow route-map
Command ModePrivileged Exec mode
Usage The following is a sample output of the show route-map command.
ZebOS# show route-map route-map ipi, permit, sequence 1 Match clauses: metric 200 Set clauses: metric 60
ExamplesZebOS> show route-map
show running-configUse the show running-config command to display the current configuration file.
Commands Common to Multiple Protocols
70 ©2001-2007 IP Infusion Inc. Confidential
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow running-config
Command ModePrivileged Exec mode
Examplesshow running-config
UsageThe display for the show running-config command is bracketed by Current configuration and end.
ZebOS# show running-config
Current configuration:!hostname ripdpassword zebralog stdout!debug rip eventsdebug rip packet!interface lo!interface cipcb0!interface sit0!interface eth0!interface eth1 ip rip send version 2 ip rip receive version 2 ip rip authentication string !!!!!interface dummy0!interface ip6tnl0!interface ip6tnl1!!router rip network eth0 network eth1 passive-interface eth0
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 71
redistribute connected!ip prefix-list hoge seq 5 permit anyip prefix-list hoge seq 10 permit 10.0.0.0/8!route-map nexthop permit 1 set ip next-hop 10.10.0.97!line vty exec-timeout 0 0!end
Related Commandswrite terminal
show startup-configUse the show startup-config command to display the startup configuration.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow startup-config
Command ModePrivileged Exec mode
Examplesshow startup-config
UsageThe following is a sample output of the show startup-config command displaying the configuration at startup.
ripd# show startup-config!! ZebOS configuration saved from vty! 2001/04/21 11:38:52!hostname ripdpassword zebralog stdout!debug rip eventsdebug rip packet!interface lo!interface eth0
Commands Common to Multiple Protocols
72 ©2001-2007 IP Infusion Inc. Confidential
ip rip send version 1 2 ip rip receive version 1 2!interface eth1 ip rip send version 1 2 ip rip receive version 1 2!router rip redistribute connected network 10.10.10.0/24 network 10.10.11.0/24!line vty exec-timeout 0 0
show versionUse the show version command to display the version of ZebOS currently running.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow version
Command ModePrivileged Exec mode and Exec mode
UsageThe following is an output from the show version command.
ZebOS# show versionZebOS SRS 6.1 (i686-pc-linux-gnu) 12172003Copyright 2001-2003 IP Infusion Inc.
NET-SNMP SNMP agent software(c) 1989, 1991, 1992 by Carnegie Mellon University;(c) 1996, 1998-6.10 The Regents of the University of California.All Rights Reserved;(c) 6.11, Networks Associates Technology, Inc. All rights reserved;(c) 6.11, Cambridge Broadband Ltd. All rights reserved. RSA Data Security, Inc. MD5 Message-Digest Algorithm(c) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.Libedit Library(c) 1992, 1993 The Regents of the University of California. All rightsreserved.OpenSSL LibraryCopyright (C) 1998-6.12 The OpenSSL Project. All rights reserved.Original SSLeay LicenseCopyright (C) 1995-1998 Eric Young ([email protected])
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 73
terminal lengthUse the terminal length command to set number of lines displayed on a terminal. Use the no parameter with this command to revert to the default setting.
Command Syntax(no) terminal length LENGTH
LENGTH = <0-512> The number of lines on a terminal. The default length is 25 lines.
Command ModeExec mode and Privileged Exec mode
ExamplesThe following example sets the terminal length to 30 lines.
ZebOS# terminal length 30
terminal monitorUse the terminal monitor command to display debugging output on a terminal.
Command Syntax(no) terminal monitor
Command ModePrivileged Exec mode
ExamplesZebOS# terminal monitor
Related CommandsAll debug commands
whoUse the who command to display all other VTY connections.
Note: This command is unavailable to ZebOS Server Routing Suite (SRS) customers and to ZebOS Advanced Routing Suite (ARS) customers using the IMISH for CLI management.
Note: This command is only available on the Linux platform.
Command Syntaxwho
Command ModeExec mode
Commands Common to Multiple Protocols
74 ©2001-2007 IP Infusion Inc. Confidential
UsageThe following is an output from the who command displaying all other VTY connections. The entry “*” marks the connection with the configuration rights.
Router# who vty[8] connected from 127.0.0.1.*vty[9] connected from 127.0.0.1. vty[10] connected from 10.10.0.74
ExamplesZebOS> who
write file and write memoryUse the write file or write memory command to write configuration data to a file.
Command Syntaxwrite file
write memory
Command ModePrivileged Exec mode
ExamplesZebOS# write file
Related Commandsshow running-config
write terminalUse the write terminal command to display current configurations to the VTY terminal.
Command Syntaxwrite terminal
Command ModePrivileged Exec mode
UsageThe following is an output from the write terminal command displaying current configuration on the terminal.
ripd# write terminal
Current configuration:!hostname ripdpassword zebralog stdout
Commands Common to Multiple Protocols
©2001-2007 IP Infusion Inc. Confidential 75
!debug rip eventsdebug rip packet!interface lo!interface eth0 ip rip send version 1 2 ip rip receive version 1 2!interface eth1 ip rip send version 1 2 ip rip receive version 1 2!!router rip network 10.10.10.0/24 network 10.10.11.0/24 redistribute connected!line vty exec-timeout 0 0!end
ExamplesZebOS# write terminal
Related Commandsshow-running-config
Commands Common to Multiple Protocols
76 ©2001-2007 IP Infusion Inc. Confidential
©2001-2007 IP Infusion Inc. Confidential 77
CHAPTER 3 NSM Commands
admin-group Use this command to create an administrative group to be used for links. Each link can be a member of one or more, or no administrative groups.
Note: This command is unavailable to ZebOS Server Routing Suite (SRS) customers and to ZebOS Advanced Routing Suite (ARS) customers using the IMISH for CLI management.
Command Syntaxadmin-group NAME <0-31>
NAME = Specify the name of the admin group to be added<0-31> = Specify the number of groups per system Note: <0-31> available only from the Configure mode
Command ModeInterface mode
Usage When used in the interface mode, this command adds a link between an interface and a group. The name is the name of the group previously configured. There can be multiple groups per interface. The group is created in the Configure mode, then interfaces are added to the group in the Interface mode.
ExamplesIn the following example, the interface eth0 has been added to the group ipi:
ZebOS# configure terminalZebOS(config) interface eth0ZebOS(config-if)# admin-group ipi
arp A.B.C.D MACUse this command to create a static group ARP entry.
Use the no parameter to remove the static group ARP entry.
Command Syntaxarp A.B.C.D MAC (alias | )
no arp A.B.C.D
A.B.C.D IP addressMAC MAC address
Command ModeConfigure mode
NSM Commands
78 ©2001-2007 IP Infusion Inc. Confidential
ExamplesZebOS# configure terminalZebOS(config)# arp 10.10.10.10 0010.2355.4566 alias
bandwidth Use this command to specify the maximum bandwidth to be used for each interface. The bandwidth value is in bits, and can also accept units.
Use the no parameter to remove the maximum bandwidth.
Command Syntax(no) bandwidth BANDWIDTH
BANDWIDTH
<1-999> k|m for 1 to 999 kilo bits or mega bits.<1-10> g for 1 to 10 giga bits.
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# bandwidth 100m
Related Commandsreservable-bandwidth
Validation Commandsshow running-config, show interface
clear ip route kernelUse this command to clear IPv4 stale kernel routes from NSM RIB and FIB.
Command Syntaxclear ip route kernel
DefaultNone
Command ModePrivileged Exec mode
ExamplesZebOS# clear ip route kernel
NSM Commands
©2001-2007 IP Infusion Inc. Confidential 79
Related Commandsclear ipv6 route kernel, fib retain
clear ipv6 neighborsUse this command to clear all dynamic IPv6 neighbor entries.
Command Syntaxclear ipv6 route kernel
Command ModePrivileged Exec mode
debug nsmUse this command to specify a set of debug options for NSM events, kernel, and packets.
Command Syntax(no) debug nsm
Command ModeExec mode, Privileged Exec mode, and Configure mode
ExamplesZebOS# debug nsm
Related Commandsdebug nsm kernel, debug nsm events, debug nsm packet
Validation Commandsshow debugging nsm
debug nsm eventsUse this command to specify the set of debug options for NSM daemon events.
Command Syntaxdebug nsm events
Command ModePrivileged Exec mode and Configure mode
ExamplesZebOS# debug nsm events
Related Commandsdebug nsm kernel
NSM Commands
80 ©2001-2007 IP Infusion Inc. Confidential
Validation Commandsshow debugging nsm
debug nsm kernelUse this command to specify the debug option-set for the NSM daemon routing manager between the kernel interface.
Command Syntaxdebug nsm kernel
Command ModePrivileged Exec mode and Configure mode
ExamplesZebOS# debug nsm kernel
Validation Commandsshow debugging nsm
debug nsm packetUse this command to specify the debug option-set for the nsm packet.
Command Syntaxdebug nsm packet (recv|send)(detail)
recv = Specifies the debug option-set for receive packet.send = Specifies the debug option-set for send packet.detail = Sets the debug option set to detailed information.
Command ModePrivileged Exec mode and Configure mode
ExamplesZebOS# debug nsm packet ZebOS# debug nsm packet recv detail
Validation Commandsshow debugging nsm
fib retainUse this command to modify the retain time for stale routes in the Forwarding Information Base (FIB) during NSM restart.
Use the no parameter with this command to revert to default; not retaining NSM routes in the FIB when NSM is killed.
Note: NSM still retains the stale routes for 60 seconds when it restarts.
NSM Commands
©2001-2007 IP Infusion Inc. Confidential 81
Command Syntax(no) fib retain (TIME|Forever)
Forever Specifies an infinite retain time for stale routes.TIME = time <1-65535> Specifies the retain time for stale routes. The default retain time is 60
seconds.<1-65535> The retain time in seconds.
DefaultNSM routes are cleared from the FIB when NSM is killed, but when NSM is restarted, stale routes are retained for 60 seconds.
Command ModeConfigure mode
UsageNSM reads the Forwarding Information Base (FIB), and treats previously self-installed routes as stale routes. You can display stale routes by running the show ip route database command. All routes preceded by the symbol p are stale routes. When protocol modules restart, NSM overrides these stale routes with routes reinstalled by protocol modules.
The behavior of NSM routes when NSM is killed is as follows:
• no fib retain (default) Cleans up NSM routes from the FIB, but retains stale routes for 60 seconds when restarted.
• fib retain Does not clear routes from the FIB, and retains stale routes for 60 seconds when restarted.
• fib retain forever Does not clear routes from the FIB and retains stale routes forever.
• fib retain time <1-65535> Does not clear routes from the FIB and retains stale routes for the specified seconds.
Note: You can remove stale routes at any time by using the clear ip route kernel command.
ExamplesZebOS# configure terminalZebOS(config)# fib retain time 180
if-arbiterUse this command to discover new interfaces recently added to the kernel, and add them to the ZebOS database.
Command syntaxif-arbiter interval <1-65535>
no if-arbiter
<1-65535> Specifies the interval (in seconds) after which NSM sends query to kernel.
DefaultBy default, if-arbiter is disabled. When interface-related operations are performed outside of ZebOS (for example, when using OS ifconfig), enable if-arbiter for a transient time to complete synchronization. When synchronization is complete, disable it using the if-arbiter CLI.
NSM Commands
82 ©2001-2007 IP Infusion Inc. Confidential
Command ModeConfigure mode
UsageThis command starts the arbiter to check interface information periodically. ZebOS dynamically finds any new interfaces added to the kernel. If an interface is loaded dynamically into the kernel when ZebOS is already running, this command polls kernel information periodically, and updates.
ExamplesZebOS# configure terminalZebOS(config)# if-arbiter interval 5
Validation Commandsshow running-config
interfaceUse this command to select an interface to configure, and to enter the Interface command mode.
Command Syntaxinterface IFNAME
IFNAME = Specifies the name of the interface
Command ModeConfigure mode
ExamplesThis example shows the use of this command to enter the Interface mode (note the change in the prompt).
Router# configure terminalRouter(config)# interface eth0Router(config-if)#
ip addressUse this command to set the IP address of an interface.
Use the no parameter with this command to remove the IP address from an interface.
Command Syntaxip address IP-ADDRESS (secondary)
no ip address IP-ADDRESSno ip address
IP-ADDRESS A.B.C.D/M Specifies the IP address and prefix length of an interface.secondary Specifies the IP address as secondary.
Command modeInterface mode
NSM Commands
©2001-2007 IP Infusion Inc. Confidential 83
UsageWhen the secondary parameter is not specified with this command, this command overwrites the primary IP address. When the secondary parameter is specified with this command, this command adds a new IP address to the interface.
The secondary address cannot be configured in the absence of a primary IP address.
The primary address cannot be removed when a secondary address is present.
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ip address 10.10.10.50/24ZebOS(config-if)# ip address 10.10.11.50/24 secondary
Validation commandsshow running-config, show interface, show ip interface brief
ip forwardingUse this command to turn on IP forwarding.
Use the no parameter with this command to turn off IP forwarding.
Command Syntax(no) ip forwarding
Command ModeConfigure mode
ExamplesRouter# configure terminalRouter(config)# ip forwarding
ip proxy-arpUse this command to enable the proxy ARP feature on an interface.
Use the no parameter to disable the proxy ARP feature on an interface.
Command Syntaxip proxy-arp
no ip proxy-arp
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ip proxy-arp
NSM Commands
84 ©2001-2007 IP Infusion Inc. Confidential
ip route Use this command to establish the distance for static routes of a subnet mask. Use the no form of this command to disable the distance for static routes of a subnet mask.
Command Syntax(no) ip route DESTPREFIX IPADDRESSMASK GATEWAYIP|INTERFACE (DISTVALUE)
(no) ip route DESTPREFIX/M GATEWAYIP|INTERFACE (DISTVALUE)
DESTPREFIX = A.B.C.D Specifies the IP destination prefix.DESTPREFIX/M = A.B.C.D/M Specifies the IP destination prefix and a mask length <0-32>.IPADDRESSMASK = A.B.C.D Specifies the IP destination prefix mask. GATEWAYIP = A.B.C.D Specifies the IP gateway address.DISTVALUE = <1-255> Specifies the distance value for the route.INTERFACE = Specifies the name of the interface.
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# ip route 192.168.3.0 255.255.255.0 2.2.2.2 128ZebOS(config)# ip route 1.1.1.0/24 eth0 32
Validation Commandsshow ip route, show running-config
ipv6 forwardingUse this command to turn on IPv6 forwarding.
Use the no parameter with this command to turn off IPv6 forwarding.
Command Syntax(no)ipv6 forwarding
Command ModeConfigure mode
ExamplesRouter# configure terminalRouter(config)# ipv6 forwarding
ipv6 nd managed-config-flag
Use this command to set the managed address configuration flag in the Router Advertisement to be used for the IPv6 address auto-configuration.
Use the no parameter with this command to reset the value to default.
NSM Commands
©2001-2007 IP Infusion Inc. Confidential 85
Command Syntax(no) ipv6 nd managed-config-flag
DefaultUnset
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 nd managed-config-flagZebOS(config-if)# no ipv6 nd suppress-ra
Related Commandsipv6 nd suppress-ra, ipv6 nd prefix, ipv6 nd other-config-flag
ipv6 nd other-config-flagUse this command to set the other stateful configuration flag in Router Advertisement to be used for IPv6 address auto-configuration.
Use no parameter with this command to reset the value to default.
Command Syntax(no) ipv6 nd other-config-flag
DefaultUnset
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 nd other-config-flagZebOS(config-if)# no ipv6 nd suppress-ra
Related Commandsipv6 nd suppress-ra, ipv6 nd prefix, ipv6 nd managed-config-flag
ipv6 nd prefixUse this command to specify the IPv6 prefix information that is advertised by the Router Advertisement for IPv6 address auto-configuration.
Use no parameter with this command to reset the IPv6 prefix.
NSM Commands
86 ©2001-2007 IP Infusion Inc. Confidential
Command Syntax(no) ipv6 nd prefix X:X::X:X/M <0-4294967295> <0-4294967295> (off-link|) (no-autoconfig|)
X:X::X:X/M Specify the IPv6 prefix.<0-4294967295> Specify theIPv6 prefix valid lifetime.<0-4294967295> Specify the IPv6 prefix preferred lifetime.off-link Specify the IPv6 prefix off-link flag.no-autoconfig Specify the IPv6 prefix no autoconfiguration flag.
DefaultUnspecified
Command ModeInterface mode
UsageThis command specifies the IPv6 prefix that is advertised by the Router Advertisement message.
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 nd prefix 2001:ffff::/64ZebOS(config-if)# no ipv6 nd suppress-ra
Related Commandsipv6 nd suppress-ra, ipv6 nd prefix
ipv6 nd ra-intervalUse this command to specify the interval between IPv6 Router Advertisements (RA).
Use no parameter with this command to reset the value to default.
Command Syntax(no) ipv6 nd ra-interval <3-1800>
Default600 seconds.
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 nd ra-interval 60ZebOS(config-if)# ipv6 nd prefix 3ffe:ffff:ffff::/64ZebOS(config-if)# no ipv6 nd suppress-ra
NSM Commands
©2001-2007 IP Infusion Inc. Confidential 87
Related Commandsipv6 nd suppress-ra, ipv6 nd prefix
ipv6 nd ra-lifetimeUse this command to specify the lifetime of this router enabling it to act as a default gateway for the network.
Use no parameter with this command to reset the value to default.
Command Syntax(no) ipv6 nd ra-lifetime <0-9000>
Default1800 seconds
Command ModeInterface mode
UsageThis command specifies the lifetime of the current router to be announced in IPv6 Router Advertisement.
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 nd ra-lifetime 9000ZebOS(config-if)# no ipv6 nd suppress-ra
Related Commandsipv6 nd suppress-ra, ipv6 nd prefix
ipv6 nd reachable-timeUse this command to specify the reachable time in the Router Advertisement to be used for detecting unreachability of the IPv6 neighbor.
Use the no parameter with this command to reset the value to default.
Command Syntax(no) ipv6 nd reachable-time <0-3600000>
Default0 milliseconds
Command ModeInterface mode
ExampleZebOS# configure terminal
NSM Commands
88 ©2001-2007 IP Infusion Inc. Confidential
ZebOS(config)# interface eth0ZebOS(config-if)# ipv6 nd reachable-time 1800000ZebOS(config-if)# no ipv6 nd suppress-ra
Related Commandsipv6 nd suppress-ra, ipv6 nd prefix
ipv6 nd suppress-raUse this command to control IPv6 Router Advertisement (RA) transmission for the current interface. Router Advertisement is used for IPv6 stateless auto-configuration.
Use no parameter with this command to enable Router Advertisement transmission.
Command Syntax(no) ipv6 nd suppress-ra
DefaultSuppressed
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# no ipv6 nd suppress-ra
Related Commandsipv6 nd ra-interval, ipv6 nd prefix
ipv6 neighborUse this command to add an IPv6 neighbor entry. Use the no form of this command to an IPv6 neighbor entry.
Command Syntaxipv6 neighbor ADDRESS IF NAME MAC
no ipv6 neighbor ADDRESS IF NAME
ADDRESS = X:X::X:X neighbor’s IPv6 addressIFNAME = interface nameMAC = HHHH.HHHH.HHHH MAC hardware address
Command ModeConfigure mode
NSM Commands
©2001-2007 IP Infusion Inc. Confidential 89
ipv6 route Use this command to establish the distance for static routes of a subnet mask. Use the no form of this command to disable the distance for static routes of a subnet mask.
Command Syntax(no) ipv6 route DESTPREFIX/M GATEWAYIP|INTERFACE DISTVALUE
DESTPREFIX = Specifies the IP destination prefix.DESTPREFIX/M = X:X::X:X/M Specifies the IP destination prefix and a mask length <0-128>.GATEWAYIP = X:X::X:X Specifies the IP gateway address.DISTVALUE = <1-255> Specifies the distance value for the route.INTERFACE = Specifies the name of the interface
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# ipv6 route 3ffe:506::1 128ZebOS(config)# ipv6 route 3ffe:506::1/128 myintname 32
Validation Commandsshow running-config, show ipv6 route
ipv6 addressUse this command to set the IPv6 address of an interface. Use the no form of this command to disable this function.
Command Syntaxipv6 address IPADDRESS
no ipv6 address
IPADDRESS = X:X::X:X/M Specifies the IP destination prefix and a mask length <0-128>.
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 address 3ffe:506::1/128
Validation Commandsshow running-config, show interface, show ipv6 route
NSM Commands
90 ©2001-2007 IP Infusion Inc. Confidential
maximum-pathsUse this command to enable multipath support on ZebOS, and set the maximum number of paths to be installed in the FIB (Forward Information Base).
Use the no parameter with this command to revert to default.
Note: Currently, this command is available on Linux systems only.
Command Syntax(no) maximum-paths <1-10>
no maximum-paths
<1-10> Specify the maximum number of paths to be installed in the FIB.
DefaultBy default, the maximum number of paths is set to 4.
Command ModeConfigure mode
ExampleZebOS# configure terminalZebOS(config)# maximum-paths 5
mtuUse this command to set the Maximum Transmission Unit (MTU) size of an interface.
Command Syntaxmtu SIZE
SIZE <64-17940> Specifies the size of MTU in bytes.
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# mtu 120
multicastUse this command to set the multicast flag to an interface.
Use the no form of this command to disable this function.
Command Syntax(no) multicast
NSM Commands
©2001-2007 IP Infusion Inc. Confidential 91
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# multicast
Validation Commandsshow running-config
no debug nsm eventsUse this command to disable the debugging options for NSM daemon events.
Command Syntaxno debug nsm events
Command ModePrivileged Exec mode and Configure mode
ExamplesZebOS# no debug nsm events
Equivalent Commandsundebug nsm events
no debug nsm kernelUse this command to disable the debugging option for the NSM daemon routing manager between the kernel interface.
Command Syntaxno debug nsm kernel
Command ModePrivileged Exec mode and Configure mode
ExamplesZebOS# no debug nsm kernel
Equivalent Commandsno debug nsm kernel
no debug nsm packetUse this command to disable the debugging option for the nsm packet.
NSM Commands
92 ©2001-2007 IP Infusion Inc. Confidential
Command Syntaxno debug nsm packet (recv|send)(detail)
recv = Disable the debugging option for receive packet.send = Disable the debugging option for send packet.detail = Disable the debugging option for detailed information.
Command ModePrivileged Exec mode and Configure mode
ExamplesZebOS# no debug nsm packet ZebOS# no debug nsm packet recv detail
Validation Commandsshow debugging nsm
Equivalent Commandsno debug nsm packet
show debugging nsmUse this command to display debugging information for the ZebOS routing manager.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow debugging nsm
Command ModeExec mode and Privileged Exec mode
UsageThe following is a sample output of the show debugging nsm command displaying the NSM debugging status.
ZebOS# show debugging nsm NSM debugging status:
NSM event debugging is on
NSM packet debugging is on
NSM kernel debugging is on
ExamplesZebOS# show debugging nsm
show interfaceUse this command to display interface configuration and status.
NSM Commands
©2001-2007 IP Infusion Inc. Confidential 93
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow interface IFNAME
IFNAME Specifies the name of the interface for which status and configuration information is desired.
Command ModeExec mode and Privileged Exec mode
Usage When the QoS feature is enabled for the interface, this is what this command displays:
Router# show interface eth0 Interface eth0 index 2 metric 1 mtu 1500 <UP,BROADCAST,RUNNING,MULTICAST> HWaddr: 00:b0:d0:da:92:5f Administrative Group(s) : ipi bandwidth 100m maximum reservable bandwidth 100m available b/w at priority 0 is 100.000m available b/w at priority 1 is 100.000m available b/w at priority 2 is 100.000m available b/w at priority 3 is 100.000m available b/w at priority 4 is 100.000m available b/w at priority 5 is 100.000m available b/w at priority 6 is 100.000m available b/w at priority 7 is 100.000m inet 10.10.0.34/24 broadcast 10.10.0.255 input packets 973824, bytes 127560568, dropped 0, multicast packets 0 input errors 1, length 0, overrun 0, CRC 0, frame 1, fifo 1, missed 0 output packets 84422, bytes 26945483, dropped 0 output errors 0, aborted 0, carrier 0, fifo 0, heartbeat 0, window 0 collisions 2483
Examples ZebOS# show interface myifname
show ip access-listUse this command to display a IP access lists.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ip access-list
Command ModePrivileged Exec mode
NSM Commands
94 ©2001-2007 IP Infusion Inc. Confidential
UsageThe following is a sample output of the show ip access-list command showing the IP access-list entries.
ZebOS# show ip access-list Standard IP access list 1 permit 172.168.6.0, wildcard bits 0.0.0.255 permit 192.168.6.0, wildcard bits 0.0.0.255
ExamplesZebOS# show ip access-list
show ip forwardingUse this command to display the IP forwarding status.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ip forwarding
Command ModeExec mode and Privileged Exec mode
UsageThe following is a sample output of the show ip forwarding command displaying the IP forwarding status.
ZebOS# show ip forwardingIP forwarding is on
ExamplesZebOS# show ip forwarding
show ip interface briefUse this command to display brief information about interfaces and the IP addresses assigned to them. To display information about a specific interface, specify the interface name with the command.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ip interface [IFNAME] brief
IFNAME Specify the name of the interface.
Command ModeExec mode and Privileged Exec mode
UsageThe following is a sample output from the show ip interface brief command:
NSM Commands
©2001-2007 IP Infusion Inc. Confidential 95
ZebOS# show ip interface brief
Interface IP-Address Status Protocollo 127.0.0.1 up upgre0 unassigned administratively down downeth0 10.10.0.142 up upeth1 10.10.11.123 up upeth2 unassigned administratively down downeth3 unassigned administratively down downsit0 unassigned administratively down downtun24 unassigned administratively down downtunl0 unassigned administratively down down
ExamplesZebOS# show ip interface eth0 brief
Related Commandsshow ipv6 interface brief
show ip routeUse this command to display the IP routing table for a protocol or from a particular table.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ip route (bgp |connected |kernel |ospf |rip |static |A.B.C.D |A.B.C.D/M)
bgp = Display selected BGP routes.connected = Display selected connected routes.kernel = Display selected kernel routes.ospf = Display selected OSPF routes.rip = Display selected RIP routes.static = Display selected static routes.A.B.C.D = Network in the IP routing table to displayA.B.C.D/M = IP prefix <network>/<length>, e.g., 35.0.0.0/8
Command ModeExec mode and Privileged Exec mode
UsageWhen multiple entries are available for the same prefix, NSM uses an internal route selection mechanism based on protocol administrative distance and metric values to choose the best route. All best routes are entered into the FIB, and can be viewed using the this command. To display all routes (selected and not selected), use the show ip route database command. The following show output displays only the best routes. To illustrate the difference between the show ip route database output and this output, the same configuration has been used in both examples.
Note: For a detailed line-by-line description of an output of this command, refer to the ZebOS Troubleshooting Guide.
ZebOS# show ip routeCodes: K - kernel, C - connected, S - static, R - RIP, B - BGP
NSM Commands
96 ©2001-2007 IP Infusion Inc. Confidential
O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default
O 1.1.1.0/24 [110/20] via 2.2.2.1, eth2, 00:00:10C 2.2.2.0/24 is directly connected, eth2C 3.3.3.0/24 is directly connected, eth1O IA 4.4.4.0/24 [110/21] via 2.2.2.1, eth2, 00:00:10K 10.10.0.0/24 via 10.70.0.1, eth0C 10.70.0.0/24 is directly connected, eth0C 33.33.33.33/32 is directly connected, loC 127.0.0.0/8 is directly connected, loK 169.254.0.0/16 is directly connected, eth0
The following is a show output of this command with the ospf parameter, displaying only the selected OPSF routes learned by NSM:
ZebOS# show ip route ospfO 1.1.1.0/24 [110/20] via 2.2.2.1, eth2, 00:00:44O IA 4.4.4.0/24 [110/21] via 2.2.2.1, eth2, 00:00:44
ExamplesZebOS# show ip route ospf
Related Commandsshow ip route database
show ip route databaseUse this command to display all routing entries known by NSM. When multiple entries are available for the same prefix, NSM uses an internal route selection mechanism based on protocol administrative distance and metric values to choose the best route. All best routes are entered into the FIB, and can be viewed using the show ip route command.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ip route database (bgp|connected|isis|kernel|ospf|rip|static)
bgp Display all the BGP routes learned by NSM.connected Display all the connected routes learned by NSM.isis Display all the IS-IS routes learned by NSM.kernel Display all the kernel routes learned by NSM.ospf Display all the OSPF routes learned by NSM.rip Display all the RIP routes learned by NSM.static Display all the static routes learned by NSM.
Command ModeExec mode and Privileged Exec mode
NSM Commands
©2001-2007 IP Infusion Inc. Confidential 97
UsageThe following is an output of this command displaying all routes learned by NSM.
Note: This output shows selected as well as non selected routes.
To illustrate the difference between the show ip route output and this output, the same configuration has been used in both examples.
Note: For a detailed line-by-line description of an output of this command, refer to the ZebOS Troubleshooting Guide.
ZebOS# show ip route databaseCodes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area > - selected route, * - FIB route, p - stale info
O *> 1.1.1.0/24 [110/20] via 2.2.2.1, eth2, 00:01:26O 2.2.2.0/24 [110/10] is directly connected, eth2, 00:02:16C *> 2.2.2.0/24 is directly connected, eth2C *> 3.3.3.0/24 is directly connected, eth1O IA *> 4.4.4.0/24 [110/21] via 2.2.2.1, eth2, 00:01:26K *> 10.10.0.0/24 via 10.70.0.1, eth0K * 10.70.0.0/24 is directly connected, eth0C *> 10.70.0.0/24 is directly connected, eth0C *> 33.33.33.33/32 is directly connected, loS 100.100.100.0/24 [1/0] via 5.5.5.1 inactiveC *> 127.0.0.0/8 is directly connected, loK *> 169.254.0.0/16 is directly connected, eth0
The following is a show output of this command with the ospf parameter, displaying all OPSF routes learned by NSM:
ZebOS# show ip route database ospfO *> 1.1.1.0/24 [110/20] via 2.2.2.1, eth2, 00:01:26O 2.2.2.0/24 [110/10] is directly connected, eth2, 00:02:16O IA *> 4.4.4.0/24 [110/21] via 2.2.2.1, eth2, 00:01:26
ExamplesZebOS# show ip route database static
Related Commandsshow ip route
show ip route summaryUse this command to display the summary of the current NSM RIB entries.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ip route summary
NSM Commands
98 ©2001-2007 IP Infusion Inc. Confidential
Command ModeExec mode and Privileged Exec mode
ExamplesZebOS# show ip route summaryIP routing table name is Default-IP-Routing-Table(0)IP routing table maximum-paths is 4RouteSource Networkskernel 1connected 5ospf 2Total 8FIB 2
Related Commandsshow ip route, show ip route database
show ipv6 forwardingUse this command to display IPv6 forwarding status.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ipv6 forwarding
Command ModeExec mode and Privileged Exec mode
UsageThe following is a sample output of the show ipv6 forwarding command displaying the IPv6 forwarding status.
ZebOS# show ipv6 forwardingipv6 forwarding is on
ExamplesZebOS# show ipv6 forwarding
show ipv6 interface briefUse this command to display brief information about interfaces and the IPv6 address assigned to them. To display information about a specific interface, specify the interface name with the command.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ipv6 interface [IFNAME] brief
IFNAME Specify the name of the interface.
NSM Commands
©2001-2007 IP Infusion Inc. Confidential 99
Command ModeExec mode and Privileged Exec mode
UsageThe following is a sample output from the show ipv6 interface brief command:
ZebOS# show ipv6 interface brief lo [up/up] ::1gre0 [administratively down/down] unassignedeth0 [up/up] 3ffe:abcd:104::1 3ffe:abcd:103::1 fe80::2e0:29ff:fe6f:cf0eth1 [up/up] fe80::260:97ff:fe20:f257eth2 [administratively down/down] unassignedeth3 [administratively down/down] unassignedsit0 [administratively down/down] unassignedtun24 [administratively down/down] unassignedtunl0 [administratively down/down] unassigned
ExamplesZebOS# show ipv6 interface eth0 brief
Related Commandsshow ip interface brief
show ipv6 neighborsUse this command to display all IPv6 neighbors.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ipv6 neighbors
Command ModeExec mode and Privileged Exec mode
show ipv6 routeUse this command to display the IP routing table for a protocol or from a particular table.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ipv6 route (bgp|connected|kernel|ospf|rip|static|X:X::X:X|X:X::X:X/M)
NSM Commands
100 ©2001-2007 IP Infusion Inc. Confidential
bgp = Border Gateway Protocol (BGP)connected = connectedkernel = kernelospf = Open Shortest Path First (OSPF)rip = Routing Information Protocol (RIP)static = static routesX:X::X:X = Network in the IP routing table to displayX:X::X:X/M = IP prefix <network>/<length>, e.g., 35.0.0.0/8
Command ModeExec mode and Privileged Exec mode
UsageThe following is a sample output of the show ipv6 route command displaying the IPv6 routing table.
ZebOS# show ipv6 routeCodes: K - kernel route, C - connected, S - static, R - RIPng, O - OSPFv3, I - IS-IS, B - BGP, > - selected route, * - FIB route, p - stale info.C> * ::1/128 is directly connected, loC> * 3ffe:1::/48 is directly connected, eth1C> * 3ffe:2:2::/48 is directly connected, eth2C * fe80::/10 is directly connected, eth1C * fe80::/10 is directly connected, eth2C * fe80::/10 is directly connected, eth3C> * fe80::/10 is directly connected, eth0
ExamplesZebOS# show ipv6 route ospf
show ipv6 route summaryUse this command to display the summary of the current NSM RIB entries.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ipv6 route summary
Command ModeExec mode and Privileged Exec mode
ExamplesZebOS# show ipv6 route summaryIPv6 routing table name is Default-IPv6-Routing-Table(0)IPv6 routing table maximum-paths is 4RouteSource Networksconnected 4ospf 5Total 9
NSM Commands
©2001-2007 IP Infusion Inc. Confidential 101
FIB 5
Related Commandsshow ip route, show ip route database
show nsm clientUse this command to display NSM client information.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow nsm client
Command ModePrivileged Exec mode
UsageThis command displays the details of currently connected NSM clients, such as: the services requested by the protocols, statistics and the connection time. The following is a sample output for this command:
Router# show nsm clientNSM client ID: 1 OSPF, socket 8 Service: Interface Service, Route Service Message received 1, sent 6 Connection time: Thu Sep 26 16:08:23 2002
ExamplesZebOS# show nsm client
show router-idUse this command to display the Router ID of the current system.
Command Syntax show router-id
Command ModePrivileged Exec mode
UsageZebOS> show router-idRouter ID: 10.55.0.2 (automatic)
ExamplesZebOS# show router-id
NSM Commands
102 ©2001-2007 IP Infusion Inc. Confidential
shutdown Use this command to shut down the selected interface. Use the no form of this command to disable this function.
Command Syntax(no) shutdown
Command ModeInterface mode
Examplesthe following example shows the use of the shutdown command to shut down the interface called eth0.
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if) shutdown
undebug nsm allUse this command to disable all NSM debugging.
Command Syntaxundebug nsm all
Command ModePrivileged Exec mode and Configure mode
ExamplesZebOS# undebug nsm all
undebug nsm eventsUse this command to disable the debugging options for NSM daemon events.
Command Syntaxundebug nsm events
Command ModePrivileged Exec mode and Configure mode
ExamplesZebOS# undebug nsm events
undebug nsm kernelUse this command to disable the debugging option for the NSM daemon routing manager between the kernel interface.
NSM Commands
©2001-2007 IP Infusion Inc. Confidential 103
Command Syntaxundebug nsm kernel
Command ModePrivileged Exec mode and Configure mode
ExamplesZebOS# undebug nsm kernel
undebug nsm packetUse this command to disable the debugging option for the nsm packet.
Command Syntaxundebug nsm packet (recv|send)(detail)
recv = Disable the debugging option for receive packet.send = Disable the debugging option for send packet.detail = Disable the debugging option for detailed information.
Command ModePrivileged Exec mode and Configure mode
ExamplesZebOS# debug nsm packet ZebOS# debug nsm packet recv detail
Validation Commandsshow debugging nsm
NSM Commands
104 ©2001-2007 IP Infusion Inc. Confidential
©2001-2007 IP Infusion Inc. Confidential 105
CHAPTER 4 NSM VPN Commands
ip route vrfThis command creates a new static entry for the VRF. To delete static route entry, use the no parameter with this command.
Command Syntax(no) ip route vrf VRF-NAME PREFIX (GATEWAY_ADDRESS) INTERFACE
VRF-NAME = A name used to identify a VRF.PREFIX = Route prefix for destination. A.B.C.D/M format.GATEWAY_ADDRESS = Nexthop address for the destination. A.B.C.D formatINTERFACE = Output interface name for the destination.
Command ModeConfigure mode
Usage The interface should be associated with VRF beforehand.
The output interface always should be specified.
ExamplesZebOS# configure terminalZebOS(config)# ip route vrf VRF_A 10.10.10.0/24 10.10.0.1 eth0
Related Commandsip vrf, ip vrf forwarding,
ip vrfThis command creates a VRF RIB, assigns a VRF-ID, and switches command mode to VRF mode on the ZebOS daemon. To remove a VRF RIB, use the no parameter with command.
Command Syntax(no) ip vrf VRF-NAME
VRF-NAME = a name used to identify a VRF.
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# ip vrf IPIZebOS(config-vrf)#
NSM VPN Commands
106 ©2001-2007 IP Infusion Inc. Confidential
Related Commandsip route vrf, ip vrf forwarding
ip vrf forwardingThis command associates an interface with a VRF. To unbind an interface with a VRF, use the no parameter with this command.
Command Syntax(no) ip vrf forwarding VRF-NAME
VRF-NAME = Name of the VRF created using the ip vrf command in the configure mode (see ip vrf command)
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# ip vrf IPIZebOS(config)# interface eth1ZebOS(config-if)# ip vrf forwarding IPI
Related Commandsip route vrf, ip vrf
show ip route vrfThis command shows a routing table of the VRF.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ip route vrf VRF-NAME
VRF-NAME = A name used to identify a VRF.
Command ModePrivileged Exec mode
Usage ZebOS# show ip route vrf VRF_ACodes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, B - BGP, > - selected route, * - FIB route
S> 10.10.10.0/24 [1/0] via 10.10.0.1, eth1C> * 10.10.0.0/24 is directly connected, eth1
Note: FIB flag might not correct for VRF routing information.
NSM VPN Commands
©2001-2007 IP Infusion Inc. Confidential 107
Related Commandsshow ip vrf
show ip vrfThis command shows the routing information of the VRF.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ip vrf (VRF-NAME)
VRF-NAME = a name used to identify a VRF.
Command ModePrivileged Exec mode
Usage ZebOS# show ip vrf IPIVRF IPI; (id=1); default RD 1:2Interfaces: eth2Export VPN route-target communities RT:100:1Import VPN route-target communities RT:100:1No import route-map
ExamplesZebOS# show ip vrf myvrfname
Related Commandsshow ip route vrf
NSM VPN Commands
108 ©2001-2007 IP Infusion Inc. Confidential
©2001-2007 IP Infusion Inc. Confidential 109
CHAPTER 5 NSM MPLS Commands
MPLS Commands
label-switchingUse this command to enable label switching on an interface.
Command Syntax(no) label-switching (LABELSPACE)
LABELSPACE <0-65535> Specifies the label space value.
Command ModeInterface mode
Usage This command is used to either enable label-switching on an interface, or to modify the label-space to which this interface is bound. If no label-space is provided, this interface is bound to the platform-wide (zero) label-space.
ExamplesThis example shows the enabling of label switching on the eth0 interface.
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# label-switching 654
mpls admin-groupsUse this command to add a new administrative group. Use the no parameter with this command to remove the specified administrative group.
Command Syntax(no) mpls admin-group NAME <0-31>
NAME Specifies the name of the administrative group to be added<0-31> Specifies the value of the administrative group to be added
Command ModeConfigure mode
UsageThis command is used to create a name-to-value binding for an administrative group.
Note: Only 32 administrative groups can be configured at one time.
NSM MPLS Commands
110 ©2001-2007 IP Infusion Inc. Confidential
ExamplesZebOS# configure terminalZebOS(config)# mpls admin-group mygroup 3
mpls disable-all-interfacesUse this command to disable all interfaces for MPLS.
Command Syntaxmpls disable-all-interfaces
Command ModeConfigure mode
Usage This command serves as a complete show-stopper for all signaling on the router. When this command is used, all signaling protocols are made aware of this change, and all MPLS-specific processing ceases.
ExamplesZebOS# configure terminalZebOS(config)# mpls disable-all-interfaces
mpls egress-ttlUse this command to specify a Time to Live (TTL) value for LSPs for which this LSR is the egress. Use the no parameter with this command to unset the custom TTL value.
Command Syntaxno mpls egress-ttl
(no) mpls egress-ttl <0-255>
<0-255> The TTL value to be used.
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# mpls egress-ttl 45
Related Commandsmpls ingress-ttl
mpls enable-all-interfacesUse this command to enable all interfaces for MPLS.
Command Syntaxmpls enable-all-interfaces
NSM MPLS Commands
©2001-2007 IP Infusion Inc. Confidential 111
DefaultAll interfaces are disabled by default.
Command ModeConfigure mode
Usage This command is used to enable all interfaces on a router for label-switching. This would be very helpful on a router that has a very large number of interfaces.
Note: Executing this command does not enable any signaling protocol interaction via all the interfaces. Each protocol needs to be explicitly enabled per interface.
ExamplesZebOS# configure terminalZebOS(config)# mpls enable-all-interfaces
Related Commandsmpls disable-all-interfaces
mpls ftn-entryUse this command to add an FTN entry. Use the no parameter with this command to delete the entry.
Command Syntax(no) mpls ftn-entry tunnel-id <1-100> A.B.C.D/M|A.B.C.D A.B.C.D LABEL NEXTHOP IFNAME (INDEX) (primary|secondary)
1-100 = tunnel IDA.B.C.D/M|A.B.C.D A.B.C.D Forwarding Equivalence Class (FEC) with maskLABEL = <16-1046400> Outgoing labelNEXTHOP = A.B.C.D Next hop IPv4 addressIFNAME Name of the outgoing interfaceINDEX FTN index update. Optional. If issued, the FTN entry is updated. If not issued, a new FTN entry is
created.primary primary LSP. Optional. Default is primary.secondary secondary LSP. Optional. Default is primary.
Command ModeConfigure mode
Usage Use this command to create FTN entries in the FTN table, in the MPLS Forwarder. For all incoming IP packets on an MPLS-enabled router, a best-match lookup is done in the FTN table based on the incoming IP packet's destination address. If a match is found, the packet is labeled, and switched.
ExamplesZebOS# configure terminalZebOS(config)# mpls ftn-entry 2 10.10.0.0/24 16 1.2.3.4 eth1 secondary
NSM MPLS Commands
112 ©2001-2007 IP Infusion Inc. Confidential
mpls ilm-entryUse this command to add an ILM entry. Use the no parameter with this command to delete the entry.
Command Syntax(no) mpls ilm-entry LABEL_IN IFNAME_IN LABEL_OUT IFNAME_OUT NEXTHOP OPERATION (A.B.C.D/M|A.B.C.D A.B.C.D) (INDEX)
LABEL_IN <16-1046400> Incoming labelIFNAME_IN Specifies incoming interface nameLABEL_OUT <16-1046400> Outgoing label (Use 1046401 for egress)IFNAME_OUT Specifies outgoing interface nameNEXTHOP A.B.C.D Next hop IPv4 addressOPERATION = pop|swap|vpnpop Label operation
pop|swap incoming labelvpnpop incoming label and forward VPN packet
A.B.C.D/M|A.B.C.D A.B.C.D Forwarding Equivalence Class (FEC) with mask. OptionalINDEX <1-429496725> ILM index update. Optional. If issued, the ILM entry is updated. If not issued, a
new ILM entry is created.
Command ModeConfigure mode
UsageUse this command to create an ILM entry in the ILM table to which the incoming interface specified is bound. Upon receipt of a labeled packet on an MPLS-enabled router, a lookup is done based on the incoming label in the ILM table. If a match is found, the packet may either be label-switched downstream, or popped and passed over IP.
ExamplesZebOS# configure terminalZebOS(config)# mpls ilm-entry 100 eth0 200 eth1 1.2.3.4 pop 10.10.0.0/24
mpls ingress-ttlUse this command to specify a Time to Live (TTL) value for LSPs for which this LSR is the ingress. Use the no parameter with this command to unset the custom TTL value being used for LSPs for which this LSR is the ingress.
Command Syntax(no) mpls ingress-ttl <0-255>
no mpls ingress-ttl
<0-255> Specifies the TTL value to be used.
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# mpls ingress-ttl
NSM MPLS Commands
©2001-2007 IP Infusion Inc. Confidential 113
mpls l2-circuit (Configure Mode)Use this command in Configure mode to create an instance of an MPLS Layer-2 Virtual Circuit.
Command Syntax(no) mpls l2-circuit NAME <1-1000000> A.B.C.D (GROUPNAME)
(no) mpls l2-circuit NAME <1-1000000>
NAME Specifies a string identifying the MPLS Layer-2 Virtual Circuit.<1-1000000> Specifies a 32-bit identifier to which the specified name is to be mapped.A.B.C.D Specifies the IPv4 address for the MPLS L-2 Virtual Circuit end-pointGROUPNAME Specify a group to which this Layer-2 circuit belongs. Note: Multiple Layer-2 circuits may belong to the same group
Command ModeConfigure mode
UsageThis command is used to create an instance of a Layer-2 MPLS Virtual Circuit. This instance may be bound to any interface on the router.
Note: Only one interface may be bound to a Layer-2 circuit at a time.
ExamplesZebOS# configure terminalZebOS(config)# mpls l2-circuit mycircuit 45678 1.2.3.4
mpls-l2-circuit (Interface Mode)Use this command on the Interface mode to bind an interface to a MPLS Layer-2 Virtual Circuit created on the Configure mode.
Command Syntax(no) mpls-l2-circuit NAME VC-TYPE
NAME Specifies a string identifying the MPLS Layer-2 Virtual Circuit.VC_TYPE = ppp|ethernet|vlan The type of Virtual Circuit. The default is vlan.
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# mpls-l2-circuit mycircuit ethernet
Related Commandsmpls l2-circuit
NSM MPLS Commands
114 ©2001-2007 IP Infusion Inc. Confidential
mpls l2-circuit-ftn-entryUse this command to add a Layer-2 MPLS Virtual Circuit FTN entry.
Note: This command is mainly for developers, and is available only when the --enable-dev-test option is used in the configure script.
Command Syntaxmpls l2-circuit-ftn-entry VC-ID LABEL NEXTHOP IFNAME_IN IFNAME_OUT PUSH_AND_LOOKUP_FOR_VC|PUSH_FOR_VC
VC-ID Virtual circuit identifierLABEL < 16-1046400 > Outgoing labelNEXTHOP Specifies the nexthop IPv4 addressIFNAME_IN Incoming interface nameIFNAME_OUT Outgoing interface namePUSH_AND_LOOKUP_FOR_VC Do second lookup in global FTN table for labelsPUSH_FOR_VC Only one label should be pushed
Command ModeConfigure mode
UsageUse this command to create an MPLS Layer-2 Virtual Circuit FTN entry for an interface.
Note: The interface must be bound to the Virtual Circuit ID specified before this command is executed
ExamplesZebOS# configure terminalZebOS(config)# mpls l2-circuit-ftn-entry rt 345 2.2.2.2 eth0 eth1 PUSH_FOR_VC
mpls l2-circuit-ilm-entryUse this command to add an ILM entry.
Note: This command is mainly for developers, and is available only when the --enable-dev-test option is used in the configure script.
Command Syntaxmpls l2-circuit-ilm-entry VC-ID LABEL IFNAME_IN IFNAME_OUT NEXTHOP
VC-ID Virtual Circuit identifierLABEL Incoming labelIFNAME_IN Incoming interface nameIFNAME_OUT Outgoing interface nameNEXTHOP A.B.C.D Nexthop IPv4 address
Command ModeConfigure mode
NSM MPLS Commands
©2001-2007 IP Infusion Inc. Confidential 115
Usage Use this command to create an ILM entry in the ILM table to which the incoming interface specified is bound. Upon receipt of a labeled packet on an MPLS-enabled router, a lookup is done based on the incoming label in the ILM table. If a match is found, the packet may either be label-switched downstream, or popped and passed over IP.
ExamplesZebOS# configure terminalZebOS(config)# mpls l2-circuit-ilm-entry rt 16 eth0 eth1 1.2.3.4
mpls local-packet-handlingUse this command to enable the labeling of locally generated TCP packets. Use the no parameter with this command to disable labeling of locally generated TCP packets.
Command Syntax(no) mpls local-packet-handling
Command ModeConfigure mode
UsageThis command enables the labeling of locally generated TCP packets only. All other locally generated packets are not looked at by the MPLS Forwarder
ExamplesZebOS# configure terminalZebOS(config)# mpls local-packet-handling
mpls logUse this command to exercise logging control. Use the no parameter with this command to stop logging messages in the MPLS Forwarder.
Command Syntax mpls log all|debug|error|notice|warning
no mpls log debug|error|notice|warning
all Logs all messages in MPLS Forwarderdebug Logs all messages in MPLS Forwardererror Logs all messages in MPLS Forwardernotice Logs all messages in MPLS Forwarderwarning Logs all messages in MPLS Forwarder
Command ModeConfigure mode
NSM MPLS Commands
116 ©2001-2007 IP Infusion Inc. Confidential
UsageThis command has been provided to interact with the Linux kernel. If using the kernel logging utility - klogd - it needs to be enabled to a logging level that allows for the requested log messages to be printed.
ExamplesZebOS# configure terminalZebOS(config)# mpls log error
mpls lsp-model pipeUse this command to configure the MPLS LSP model as Pipe. Use the no parameter with this command to configure the MPLS LSP model as Uniform.
Command Syntax(no) mpls lsp-model pipe
Command ModeConfigure mode
DefaultUniform is the default model configuration.
ExamplesZebOS# configure terminalZebOS(config)# mpls lsp-model pipe
ZebOS# configure terminalZebOS(config)# no mpls lsp-model pipe
mpls lsp-tunnelingUse this command to choose the transit LSP and a locally configured LSP tunnel for carrying the transit LSP.
Command Syntaxmpls lsp-tunneling IFNAME INLABEL OUTLABEL A.B.C.D/M
IFNAME Name of the incoming interface.INLABEL <16-1048575> Label used to identify incoming transit LSP traffic. OUTLABEL <16-1048575> Transit LSP Label distributed by tunnel LSP egress node to its upstream
node. Note: Tunnel egress node should have platform wide label space configured.
A.B.C.D/M Prefix used to identify tunnel LSP.
Command ModeConfigure mode
Command ExampleZebOS# configure terminalZebOS(config)# mpls lsp-tunneling eth0 15 30 1.2.2.4/16
NSM MPLS Commands
©2001-2007 IP Infusion Inc. Confidential 117
mpls map-routeUse this command to map a prefix to a Forwarding Equivalence Class (FEC).
Command Syntax(no) mpls map-route PREFIX MASK1 FEC MASK2
(no) mpls map-route PREFIX/M1 FEC/M2
PREFIX = A.B.C.D Specifies the IPv4 prefix to be mappedFEC = A.B.C.D Specifies the IPv4 FEC for route to be mapped to.MASK1 = A.B.C.D Specifies the mask for IPv4 address to be mappedMASK2 = A.B.C.D Specifies the mask for Forwarding Equivalence Class (FEC)M1 Specifies the mask for IPv4 address to be mappedM2 Specifies the mask for the Forwarding Equivalence Class (FEC)
Command ModeConfigure mode
ExamplesIn the following examples 5.6.7.8/32 is the FEC for an LSP, and 1.2.3.4 is the prefix to be mapped.
ZebOS# configure terminalZebOS(config)# mpls map-route 1.2.3.4/32 5.6.7.8/32!ZebOS# configure terminalZebOS(config)# mpls map-route 1.2.3.4 255.255.255.255 5.6.7.8 255.255.255.255
mpls max-label-valueUse this command to specify a maximum label value. Use the no parameter with this command to use the default maximum label value for all the label pools. Specify the label space to set or unset maximum label value for a specific label space.
Note: The system allows label-space range (maximum and minimum label values) changes for interface-specific label spaces only. The platform-wide label-space range cannot be modified.
Command Syntaxmpls max-label-value <16-1048575> (label-space <0-65535>)
<16-1048575> Maximum size for all label pools.<0-65535> Label space for which maximum value needs to be modified. Optional.
no mpls max-label-value (<16-1048575>) (label-space <0-65535>)
<16-1048575> Maximum size for all label pools. Optional. <0-65535> Label space for which maximum value needs to be modified. Optional.
Command ModeConfigure mode
Usage After setting the maximum label value for a label space, make sure to bind the label space to an interface.
NSM MPLS Commands
118 ©2001-2007 IP Infusion Inc. Confidential
ExamplesZebOS# configure terminalZebOS(config)# mpls max-label-value 5 label-space 4456
mpls min-label-valueUse this command to specify a minimum label value. Use the no parameter with this command to use the default minimum label value for all label pools. Specify the label space to set or unset minimum label value for a specific label space.
Note: The system allows label space range (maximum and minimum label values) changes for interface-specific label spaces only. Platform-wide label-space range cannot be modified.
Command Syntaxmpls min-label-value <16-1048575> (label-space <0-65535>)
<16-1048575> Minimum size for all label pools.<0-65535> Label space for which minimum value needs to be modified. Optional.
no mpls min-label-value (<16-1048575>) (label-space <0-65535>)
<16-1048575> Minimum size for all label pools. Optional. <0-65535> Label space for which minimum value needs to be modified. Optional.
Command ModeConfigure mode
UsageAfter setting the minimum label value for a label space, make sure to bind the label space to an interface.
ExamplesZebOS# configure terminalZebOS(config)# mpls min-label-value 5 label-space 2342
mpls propagate-ttlUse this command to enable TTL propagation. Enabling TTL propagation causes the TTL value in the IP header to be copied onto the TTL field in the shim header, at the LSP ingress. Use the no parameter with this command to disable TTL propagation.
Command Syntax(no) mpls propogate-ttl
Command ModeConfigure mode
DefaultTTL propagation is enabled by default.
ExamplesZebOS# configure terminal
NSM MPLS Commands
©2001-2007 IP Infusion Inc. Confidential 119
ZebOS(config)# mpls propogate-ttl
ZebOS# configure terminalZebOS(config)# no mpls propogate-ttl
mpls vrf-entryUse this command to add a VRF entry.
Note: This command is mainly for developers, and is available only when the --enable-dev-test option is used in the configure script.
Command Syntax(no) mpls vrf-entry VRF-NAME A.B.C.D|A.B.C.D/M LABEL_OUT NEXTHOP IFNAME DLVR_TO_IP|PUSH|PUSH_AND_LOOKUP
no mpls vrf-entry VRF-NAME A.B.C.D|A.B.C.D/M
VRF-NAME Specifies the VRF identifierA.B.C.D = A.B.C.D MASK Forwarding Equivalence Class (FEC)
MASK A.B.C.D Mask for Forwarding Equivalence ClassA.B.C.D/M Forwarding Equivalence Class with maskLABEL_OUT = <16-1046400> Outgoing labelNEXTHOP = A.B.C.D Next hop IPv4 addressIFNAME Name of the outgoing interface DLVR_TO_IP Forward over IP PUSH Only one label should be pushed.PUSH_AND_LOOKUP Do second lookup in global FTN table for label.
Command ModeConfigure mode
UsageUse this command to add a VRF entry to the VRF table with the name (VRF-NAME). To use this command, the VRF table must already exist.
ExamplesZebOS# configure terminalZebOS(config)# mpls vrf-entry myVRF 10.10.0.0/24 100 1.2.3.4 eth1 PUSH
Related Commandsip vrf NAME
show mplsUse this command to display all label data.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
NSM MPLS Commands
120 ©2001-2007 IP Infusion Inc. Confidential
Command Syntaxshow mpls
Command ModeExec mode and Privileged Exec mode
UsageZebOS# show mpls Minimum label configured: 16 Maximum label configured: 1048575 Per label-space information: Label-space 0 is using minimum label: 16 and maximum label: 1048575 Custom ingress TTL configured: none Custom egress TTL configured: none Log message detail: none Admin group detail: none
ExamplesZebOS# show mpls
show mpls admin-groupsUse this command to display all administrative groups configured.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls admin-groups
Command ModeExec mode and Privileged Exec mode
UsageZebOS# show mpls admin-groups Admin group detail: Value of 0 associated with admin group 'a' Value of 1 associated with admin group 'b' Value of 2 associated with admin group 'c' Value of 4 associated with admin group 'd'ipi-ilabs2-nsm#
ExamplesZebOS# show mpls admin-groups
show mpls cross-connect-tableUse this command to display detailed information of all the entries created in the MPLS cross-connect table.
NSM MPLS Commands
©2001-2007 IP Infusion Inc. Confidential 121
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls cross-connect-table
Command ModeExec mode and Privileged Exec mode
UsageThe following is a sample output of the show mpls cross-connect-table
ZebOS# show mpls cross-connect-table Cross connect ix: 3, in intf: -, in label: 0, out-segment ix: 3 Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 3, owner: RSVP, out intf: eth1, out label: 16 Nexthop addr: 10.10.20.80, cross connect ix: 3, op code: Push
Cross connect ix: 6, in intf: -, in label: 0, out-segment ix: 6 Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 6, owner: RSVP, out intf: eth1, out label: 17 Nexthop addr: 10.10.20.80, cross connect ix: 6, op code: Push
ExamplesZebOS# show mpls cross-connect-table
show mpls forwarding-tableUse this command to display all LSPs originating from this router. It also displays codes indicating the selected FTN (FEC to Next-Hop-Label-Forwarding-Entry).
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls forwarding-table
Command ModeExec mode and Privileged Exec mode
UsageThe following output shows the code explanations, FEC, Nexthop, and outgoing interfaces and labels.
ZebOS# show mpls forwarding-table Codes: > - selected FTN, B - BGP FTN, C - CR-LDP FTN, K - CLI FTN, L - LDP FTN, R - RSVP-TE FTN, S - SNMP FTN, U - unknown FTN
Code FEC Nexthop Out-Label Out-IntfR> 10.10.26.63/32 10.10.20.80 16 eth1 R> 192.168.0.63/32 10.10.20.80 17 eth1
NSM MPLS Commands
122 ©2001-2007 IP Infusion Inc. Confidential
ExamplesZebOS# show mpls forwarding table
show mpls ftn-tableUse this command to display information of all the entries created in the MPLS FTN (FEC to Next-Hop-Label-Forwarding-Entry) table.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls ftn-table
Command ModeExec mode and Privileged Exec mode
UsageZebOS# show mpls ftn-table Primary FTN entry with FEC: 10.10.26.63/32, ix 3, row status: Active Owner: RSVP, Action-type: Redirect to Tunnel, Exp-bits: 0x0 Description: t1 Cross connect ix: 3, in intf: -, in label: 0, out-segment ix: 3 Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 3, owner: RSVP, out intf: eth1, out label: 16 Nexthop addr: 10.10.20.80, cross connect ix: 3, op code: Push
Primary FTN entry with FEC: 192.168.0.63/32, ix 4, row status: Active Owner: RSVP, Action-type: Redirect to Tunnel, Exp-bits: 0x0 Description: t2 Cross connect ix: 6, in intf: -, in label: 0, out-segment ix: 6 Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 6, owner: RSVP, out intf: eth1, out label: 17 Nexthop addr: 10.10.20.80, cross connect ix: 6, op code: Push
ExamplesZebOS# show mpls ftn-table
show mpls ilm-tableUse this command to display summarized information of the ILM (Incoming Label Map) table.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls ilm-table
Command ModeExec mode and Privileged Exec mode
NSM MPLS Commands
©2001-2007 IP Infusion Inc. Confidential 123
Usage ZebOS# show mpls ilm-table In-Label Out-Label In-Intf Out-Intf Nexthop FEC16 3 eth1 eth0 10.10.24.63 10.10.26.63/3217 3 eth1 eth0 10.10.24.63 192.168.0.63/32
ExamplesZebOS# show mpls ilm-table
show mpls in-segment-tableUse this command to display detailed information of all entries in the Incoming Label Map (also known as in-segment) table.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls in-segment-table
Command ModeExec mode and Privileged Exec mode
Usage ZebOS# show mpls in-segment-table In-segment entry with in label: 16, in intf: eth1, row status: Active Owner: RSVP, # of pops: 1, fec: 10.10.26.63/32 Cross connect ix: 1, in intf: eth1, in label: 16, out-segment ix: 1 Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 1, owner: RSVP, out intf: eth0, out label: 3 Nexthop addr: 10.10.24.63, cross connect ix: 1, op code: Swap
In-segment entry with in label: 17, in intf: eth1, row status: Active Owner: RSVP, # of pops: 1, fec: 192.168.0.63/32 Cross connect ix: 1, in intf: eth1, in label: 17, out-segment ix: 1 Owner: RSVP, Persistent: No, Admin Status: Up, Oper Status: Up Out-segment with ix: 1, owner: RSVP, out intf: eth0, out label: 3 Nexthop addr: 10.10.24.63, cross connect ix: 1, op code: Swap
ExamplesZebOS# show mpls in-segment-table
show mpls l2-circuitUse this command to display MPLS Layer-2 Virtual Circuit data.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls l2-circuit
NSM MPLS Commands
124 ©2001-2007 IP Infusion Inc. Confidential
Command ModeExec mode and Privileged Exec mode
Usage The following is a sample output of the show mpls l2-circuit command displaying Virtual Circuit data.
ZebOS# show mpls l2-circuit ipiMPLS Layer-2 Virtual Circuit: ipi, id: 1000 Endpoint: 192.168.0.80 Control Word: 0 MPLS Layer-2 Virtual Circuit Group: none Bound to interface: eth2 Virtual Circuit Type: Ethernet
ExamplesZebOS# show mpls l2-circuit
show mpls l2-circuit-groupUse this command to display MPLS Layer-2 Virtual Circuit group data.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls l2-circuit-group
Command ModeExec mode and Privileged Exec mode
ExamplesZebOS# show mpls l2-circuit-group
show mpls logUse this command to display logging information configured for MPLS.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls log
Command ModeExec mode and Privileged Exec mode
ExamplesZebOS# show mpls log
NSM MPLS Commands
©2001-2007 IP Infusion Inc. Confidential 125
show mpls mapped-routesUse this command to display all configured mapped MPLS routes.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls mapped-routes
Command ModeExec mode and Privileged Exec mode
ExamplesZebOS# show mpls mapped-routes
show mpls out-segment-tableUse this command to display detailed information of all entries in the out-segment (also known as NHLFE) table.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls out-segment-table
Command ModeExec mode and Privileged Exec mode
ExamplesZebOS# show mpls out-segment-table
show mpls vc-tableUse this command to display summarized information of all Virtual Circuit FTN (FEC to Next-Hop-Label-Forwarding-Entry) entries.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Note: This command is available only if --enable-mpls-vc configuration option is enabled in the configure script.
Command Syntaxshow mpls vc-table
Command ModeExec mode and Privileged Exec mode
ExamplesZebOS# show mpls vc-table
NSM MPLS Commands
126 ©2001-2007 IP Infusion Inc. Confidential
show mpls vrf-tableUse this command to display detailed information of all the configured VRF entries. Specify the name of the VRF to display information about a specific VRF entry.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Note: This command is available only if --enable-vrf configuration option is enabled in the configure script.
Command Syntaxshow mpls vrf-table
Command ModeExec mode and Privileged Exec mode
ExamplesZebOS# show mpls vrf-table
MPLS OAM CommandsMPLS Operation, Administration, and Maintenance (OAM) provides an external ability to detect data plan failures that cannot be detected by the protocols. MPLS OAM provides ping and trace-route facilities for the data plane with which end-to-end connectivity can be tested.
ping mpls ipv4Use this command to initiate sending MPLS echo request packets in the specified static LSP of the MPLS cloud.
Command Syntaxping mpls ipv4 A.B.C.D/M (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (repeat <5-5000>) (interval <2-20000>) (detail) (force-explicitnull)
ipv4 A.B.C.D/M IPv4 prefix addressMODE Reply modes defined in RFC. Optional.
1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert
flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from
the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.
Default is 60.repeat <5-5000> Number of ping packets to be sent. Optional. Default is 5.interval <2-20000> Interval, in milliseconds, between MPLS ping packets. Optional. Default is 2.detail Print a detailed output of the ping command. Optional.force-explicitnull Force Explicit NULL label. Optional.
NSM MPLS Commands
©2001-2007 IP Infusion Inc. Confidential 127
Command ModePrivileged Exec mode
UsageUse this command to test the connectivity of static LSPs.
ExamplesZebOS# ping mpls ipv4 10.10.0.0/24 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 repeat 6 interval 3 detail force-explicitnull
ping mpls l2-circuitUse this command to initiate sending MPLS echo request packets in the specified Layer-2 Virtual Circuit (VC) of the MPLS cloud.
Command Syntaxping mpls l2-circuit <1-10000> (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (repeat <5-5000>) (interval <2-20000>) (detail) (force-explicitnull)
l2-circuit <1-10000> Layer-2 VC IDMODE Reply modes defined in RFC. Optional.
1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert
flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from
the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.
Default is 60.repeat <5-5000> Number of ping packets to be sent. Optional. Default is 5.interval <2-20000> Interval, in milliseconds, between MPLS ping packets. Optional. Default is 2.detail Print a detailed output of the ping command. Optional.force-explicitnull Force Explicit NULL label. Optional.
Command ModePrivileged Exec mode
UsageUse this command to test the operation of MPLS Layer-2 VC.
ExamplesZebOS# ping mpls l2-circuit 3 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 repeat 6 interval 3 detail force-explicitnull
ping mpls l3vpnUse this command to initiate sending MPLS echo request packets in the specified VPN instance of the MPLS cloud.
NSM MPLS Commands
128 ©2001-2007 IP Infusion Inc. Confidential
Command Syntaxping mpls l3vpn VRFNAME A.B.C.D/M (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (repeat <5-5000>) (interval <2-20000>) (detail) (force-explicitnull)
VRFNAME VRF instance nameA.B.C.D/M BGP VPN prefixMODE Reply modes defined in RFC. Optional.
1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert
flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from
the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.
Default is 60.repeat <5-5000> Number of ping packets to be sent. Optional. Default is 5.interval <2-20000> Interval, in milliseconds, between MPLS ping packets. Optional. Default is 2.detail Print a detailed output of the ping command. Optional.force-explicitnull Force Explicit NULL label. Optional.
Command ModePrivileged Exec mode
UsageUse this command to test the connectivity for BGP VPN peers.
ExamplesZebOS# ping mpls l3vpn vrfa 10.10.0.0/24 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 repeat 6 interval 3 detail force-explicitnull
ping mpls ldpUse this command to initiate sending MPLS echo request packets in the specified LDP LSP of the MPLS cloud.
ping mpls ldp A.B.C.D/M (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (repeat <5-5000>) (interval <2-20000>) (detail) (force-explicitnull)
ldp A.B.C.D/M LDP IPv4 FEC prefix addressMODE Reply modes defined in RFC. Optional.
1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert
flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from
the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.
NSM MPLS Commands
©2001-2007 IP Infusion Inc. Confidential 129
timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional. Default is 60.
repeat <5-5000> Number of ping packets to be sent. Optional. Default is 5.interval <2-20000> Interval, in milliseconds, between MPLS ping packets. Optional. Default is 2.detail Print a detailed output of the ping command. Optional.force-explicitnull Force Explicit NULL label. Optional.
Command ModePrivileged Exec mode
UsageUse this command to ping a normal LDP LSP.
ExamplesZebOS# ping mpls ldp 10.10.0.0/24 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 repeat 6 interval 3 detail force-explicitnull
ping mpls rsvpUse this command to initiate sending MPLS echo request packets in the specified RSVP-TE LSP of the MPLS cloud.
ping mpls rsvp egress A.B.C.D|tunnel-name NAME (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (repeat <5-5000>) (interval <2-20000>) (detail) (force-explicitnull)
egress A.B.C.D IPv4 egress addresstunnel-name NAME RSVP-TE tunnel nameMODE Reply modes defined in RFC. Optional.
1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert
flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from
the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.
Default is 60.repeat <5-5000> Number of ping packets to be sent. Optional. Default is 5.interval <2-20000> Interval, in milliseconds, between MPLS ping packets. Optional. Default is 2.detail Print a detailed output of the ping command. Optional.force-explicitnull Force Explicit NULL label. Optional.
Command ModePrivileged Exec mode
UsageUse this command to ping RSVP-TE tunnel LSPs.
NSM MPLS Commands
130 ©2001-2007 IP Infusion Inc. Confidential
ExamplesZebOS# ping mpls rsvp egress 1.2.3.5 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 repeat 6 interval 3 detail force-explicitnull
ZebOS# ping mpls rsvp tunnel-name tun1 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 repeat 6 interval 3 detail force-explicitnull
ping mpls vplsUse this command to initiate sending MPLS echo request packets in the specified VPLS instance of the MPLS cloud.
Command Syntaxping mpls vpls <1-10000> peer A.B.C.D/M (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (repeat <5-5000>) (interval <2-20000>) (detail) (force-explicitnull)
<1-10000> VPLS instance IDpeer A.B.C.D/M VPLS mesh peer addressMODE Reply modes defined in RFC. Optional.
1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert
flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from
the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.
Default is 60.repeat <5-5000> Number of ping packets to be sent. Optional. Default is 5.interval <2-20000> Interval, in milliseconds, between MPLS ping packets. Optional. Default is 2.detail Print a detailed output of the ping command. Optional.force-explicitnull Force Explicit NULL label. Optional.
Command ModePrivileged Exec mode
UsageUse this command to test the connectivity for LDP VPLS instances.
ExamplesZebOS# ping mpls vpls 2 peer 10.10.0.0/24 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 repeat 6 interval 3 detail force-explicitnull
trace mpls ipv4Use this command to initiate tracing the route traversed by the specified IPv4 static LSP echo request packet in the MPLS cloud.
NSM MPLS Commands
©2001-2007 IP Infusion Inc. Confidential 131
Command Syntaxtrace mpls ipv4 A.B.C.D/M (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (detail) (force-explicitnull)
ipv4 A.B.C.D/M IPv4 prefix addressMODE Reply modes defined in RFC. Optional.
1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert
flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from
the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.
Default is 60.detail Print a detailed output of the trace command with the received label values. Optional.force-explicitnull Force Explicit NULL label. Optional.
Command ModePrivileged Exec mode
ExamplesZebOS# trace mpls ipv4 10.10.0.0/24 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 detail force-explicitnull
trace mpls l2-circuitUse this command to initiate tracing the route traversed by the specified Layer-2 VC echo request packet in the MPLS cloud.
Command Syntaxtrace mpls l2-circuit <1-10000> (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (detail) (force-explicitnull)
l2-circuit <1-10000> Layer-2 VC IDMODE Reply modes defined in RFC. Optional.
1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert
flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from
the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.
Default is 60.detail Print a detailed output of the trace command with the received label values. Optional.force-explicitnull Force Explicit NULL label. Optional.
NSM MPLS Commands
132 ©2001-2007 IP Infusion Inc. Confidential
Command ModePrivileged Exec mode
ExamplesZebOS# trace mpls l2-circuit 3 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 detail force-explicitnull
trace mpls l3vpnUse this command to initiate tracing the route traversed by the specified VPN instance echo request packet in the MPLS cloud.
Command Syntaxtrace mpls l3vpn VRFNAME A.B.C.D/M (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (detail) (force-explicitnull)
VRFNAME VRF instance nameA.B.C.D/M BGP VPN prefixMODE Reply modes defined in RFC. Optional.
1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert
flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from
the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.
Default is 60.detail Print a detailed output of the trace command with the received label values. Optional.force-explicitnull Force Explicit NULL label. Optional.
Command ModePrivileged Exec mode
ExamplesZebOS# trace mpls l3vpn vrfa 10.10.0.0/24 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 detail force-explicitnull
trace mpls ldpUse this command to initiate tracing the route traversed by the specified LDP LSP echo request packet in the MPLS cloud.
Command Syntaxtrace mpls ldp A.B.C.D/M (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (detail) (force-explicitnull)
ldp A.B.C.D/M LDP IPv4 FEC prefix addressMODE Reply modes defined in RFC. Optional.
NSM MPLS Commands
©2001-2007 IP Infusion Inc. Confidential 133
1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert
flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from
the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.
Default is 60.detail Print a detailed output of the trace command with the received label values. Optional.force-explicitnull Force Explicit NULL label. Optional.
Command ModePrivileged Exec mode
ExamplesZebOS# trace mpls ldp 10.10.0.0/24 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 detail force-explicitnull
trace mpls rsvpUse this command to initiate tracing the route traversed by the specified RSVP-TE LSP echo request packet in the MPLS cloud.
Command Syntaxtrace mpls rsvp egress A.B.C.D|tunnel-name NAME (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (detail) (force-explicitnull)
egress A.B.C.D IPv4 egress addresstunnel-name NAME RSVP-TE tunnel nameMODE Reply modes defined in RFC. Optional.
1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert
flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D Destination IPv4 address field in the UPD ping packet. Optional. Must be from
the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> Time to wait, in seconds, before rejecting the sent probe as a failure. Optional.
Default is 60.detail Print a detailed output of the trace command with the received label values. Optional.force-explicitnull Force Explicit NULL label. Optional.
Command ModePrivileged Exec mode
NSM MPLS Commands
134 ©2001-2007 IP Infusion Inc. Confidential
ExamplesZebOS# trace mpls rsvp egress 1.2.3.5 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 detail force-explicitnull
ZebOS# trace mpls rsvp tunnel-name tun1 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 detail force-explicitnull
trace mpls vplsUse this command to initiate tracing the route traversed by the specified VPLS instance echo request packet in the MPLS cloud.
Command Syntaxtrace mpls vpls <1-10000> peer A.B.C.D/M (reply-mode MODE) (flags) (destination A.B.C.D)(source A.B.C.D/M) (ttl <1-225>) (timeout <1-500>) (detail) (force-explicitnull)
<1-10000> VPLS instance IDpeer A.B.C.D/M VPLS mesh peer addressMODE Reply modes defined in RFC. Optional.
1 Reply with IP UDP packet (default)2 Reply with IP UDP packet with router alert
flags Received LSR must do an FEC stack validation. Optional. Default is disabled.destination A.B.C.D destination IPv4 address field in the UPD ping packet. Optional. Must be from
the range 127/8 excluding the default local loopback address.source A.B.C.D/M Source IPv4 address field in the UPD packet. Optional. Default is the router ID.ttl <1-225> Ping packet time-to-live value, in seconds. Optional. Default is 225.timeout <1-500> time to wait, in seconds, before rejecting the sent probe as a failure. Optional. Default
is 60.detail Print a detailed output of the trace command with the received label values. Optional.force-explicitnull Force Explicit NULL label. Optional.
Command ModePrivileged Exec mode
ExamplesZebOS# trace mpls vpls 2 peer 10.10.0.0/24 reply-mode 2 flags destination 1.2.3.4 source 10.10.0.1/25 ttl 226 timeout 65 detail force-explicitnull
©2001-2007 IP Infusion Inc. Confidential 135
CHAPTER 6 NSM GMPLS Commands
gmpls capability-typeUse this command to specify the Generalized MPLS (GMPLS) interface switching capability-type.
Command Syntaxgmpls capability-type fsc|l2sc|lsc|psc1|psc2|psc3|psc4|tdm
no gmpls capability-type
fsc Fiber-Switch Capable (FSC)l2sc Layer-2 Switch Capable (L2SC)lsc Lambda-Switch Capable (LSC)psc1 Packet-Switch Capable-1 (PSC-1)psc2 Packet-Switch Capable-2 (PSC-2)psc3 Packet-Switch Capable-3 (PSC-3)psc4 Packet-Switch Capable-4 (PSC-4)tdm Time-Division-Multiplex Capable (TDM)
Command ModeInterface mode
Usage This command specifies the switching capability-type of the Interface. It also triggers advertisement of the interface switching capability type as GMPLS extensions by Interior Gateway Protocol (IGP).
It is possible to configure one or more capability types on an interface.
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# gmpls capability-type psc1
Related Commandsgmpls link-id, gmpls protection-type, gmpls risk-group
gmpls encoding-typeUse this command to specify the GMPLS interface LSP (Label Switched Path) encoding type.
Command Syntaxgmpls encoding-type packet|ethernet|pdh|sdh|digital|lambda|fiber|fiber-channel
no gmpls encoding-type
digital = Digital Wrapperethernet = Ethernet
NSM GMPLS Commands
136 ©2001-2007 IP Infusion Inc. Confidential
fiber = Fiberfiber-channel = Fiber channellambda = Lambda (photonic)packet = Packetpdh = ANSI/ETSI PDHsdh = SDH ITU-T G.707 / SONET ANSI T1.105
DefaultDisabled
Command ModeInterface mode
UsageThis command specifies the switching encoding-types of interfaces. To advertise this information by IGP, also specify at least one switching capability type, using the gmpls capability-type command.
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# gmpls encoding-type packet
Related commandsgmpls capability-type, gmpls min-lsp-bandwidth, gmpls sdh-indication
gmpls link-idUse this command to advertise link local/remote identifiers by IGP.
Command Syntax(no) gmpls link-id
DefaultDisabled
Command ModeInterface mode
UsageThis command triggers an advertisement of link local/remote identifiers as GMPLS extensions by IGP.
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# gmpls link-id
NSM GMPLS Commands
©2001-2007 IP Infusion Inc. Confidential 137
Related commandsgmpls protection-type, gmpls capability-type, gmpls risk-group
gmpls min-lsp-bandwidthUse this command to specify GMPLS minimum LSP bandwidth.
Command Syntaxgmpls min-lsp-bandwidth BANDWIDTH
no gmpls min-lsp-bandwidth
BANDWIDTH = <1-10000000000> bits, expressed in k|m|g for kilo bits, mega bits, or giga bits.
DefaultDisabled
Command ModeInterface mode
UsageThis command specifies the minimum LSP bandwidth of an interface. To advertise this information by IGP, also specify the switching capability type to PSC1, PSC2, PSC3, PSC4, or TDM, using the gmpls capability-type command.
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# gmpls min-lsp-bandwidth 1g
Related commandsgmpls capability-type, gmpls encoding-type, gmpls sdh-indication
gmpls protection-typeUse this command to specify the GMPLS link protection type.
Command Syntaxgmpls protection-type (dedicated-1plus1|decicated-1to1|enhanced|extra-traffic|unprotected|shared||)
no gmpls protection-type
dedicated-1plus1 Specify link type as dedicated 1+1dedicated-1to1 Specify link type as dedicated 1:1enhanced Specify link type as enhancedextra-traffic Specify link type as extra trafficunprotected Specify link type as unprotectedshared Specify link type as shared
NSM GMPLS Commands
138 ©2001-2007 IP Infusion Inc. Confidential
DefaultDisabled
Command ModeInterface mode
UsageThis command specifies the link protection type of an interface. It also triggers an advertisement of link protection type as GMPLS extensions by IGP.
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# gmpls protection-type extra-traffic
Related commandsgmpls link-id, gmpls capability-type, gmpls risk-group
gmpls risk-groupUse this command to specify the GMPLS Shared Risk Link Group (SRLG) value.
Command Syntax(no) gmpls risk-group GROUPVALUE
no gmpls risk-group
GROUPVALUE <0-4294967295> Specifies Shared Risk Link Group value
DefaultDisabled
Command ModeInterface mode
UsageThis command specifies the GMPLS Shared Risk Link Group value. It also triggers an advertisement of Shared Risk Link Group (SRLG) information as GMPLS extensions by IGP.
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# gmpls risk-group 200
Related commandsgmpls link-id, gmpls protection-type, gmpls capability-type
NSM GMPLS Commands
©2001-2007 IP Infusion Inc. Confidential 139
gmpls sdh-indicationUse this command to specify the GMPLS SONET/SDH indication.
Command Syntaxgmpls sdh-indication arbitrary|standard
no gmpls sdh-indication
arbitrary = Arbitrary SONET/SDH standard = Standard SONET/SDH
DefaultDisabled
Command ModeInterface mode
UsageThis command specifies the SONET/SDH indication of an interface. To advertise this information by IGP, also specify the switching capability type to Time Division Multiplexing (TDM), using the gmpls capability-type command.
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# gmpls sdh-indication standard
Related commandsgmpls capability-type, gmpls encoding-type, gmpls min-lsp-bandwidth
NSM GMPLS Commands
140 ©2001-2007 IP Infusion Inc. Confidential
©2001-2007 IP Infusion Inc. Confidential 141
CHAPTER 7 GMP Multicast Commands
This chapter lists configuration, clear, and show commands related to Group Management Protocols (GMPs), IGMP and MLD, in alphabetical order.
IGMP CommandsThe Internet Group Management Protocol (IGMP) module includes the IGMP Proxy service and IGMP Snooping functionalities. Some of the following commands may have commonalities and restrictions: these are described under the Usage section for each command.
clear ip igmpUse this command to clear all IGMP local-memberships on all interfaces.
Command Syntaxclear ip igmp (vrf VRFNAME)
VRFNAME Optional. Specify the VRF name.
Command ModePrivileged Exec mode
UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.
ExampleZebOS# clear ip igmp vrf VRF_A
Related Commandsclear ip igmp groups, clear ip igmp interface
clear ip igmp groupsUse this command to clear IGMP specific local-membership(s) on all interfaces.
Command Syntaxclear ip igmp (vrf VRFNAME) groups * | A.B.C.D
VRFNAME Optional. Specify the VRF name.* Clears all groups on all interfaces. This is an alias to the clear ip igmp command.A.B.C.D Specifies the group address’s local-membership to be cleared from all interfaces.
Command ModePrivileged Exec mode
GMP Multicast Commands
142 ©2001-2007 IP Infusion Inc. Confidential
UsageThis command applies to groups learned by IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.
ExamplesZebOS# clear ip igmp groups *ZebOS# clear ip igmp 224.1.1.1
Related Commandsclear ip igmp, clear ip igmp interface
clear ip igmp interfaceUse this command to clear IGMP interface entries.
Command Syntaxclear ip igmp (vrf VRFNAME) interface IFNAME
VRFNAME Optional. Specify the VRF name.IFNAME Specifies name of the interface; all groups learned from this interface are deleted.
Command ModePrivileged Exec mode
UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.
ExampleZebOS# clear ip igmp interface eth1
Related Commandsclear ip igmp, clear ip igmp groups
debug igmpUse this command to enable debugging of all IGMP, or a specific component of IGMP.
Use the no parameter with this command to disable all IGMP debugging, or debugging of a specific component of IGMP.
Command Syntaxdebug igmp (vrf VRFNAME) all|decode|events|fsm|tib
no debug igmp (vrf VRFNAME) all|decode|events|fsm|tib
VRFNAME Optional. Specify the VRF name.all debug all IGMPdecode debug IGMP decodingencode debug IGMP encodingevents debug IGMP eventsfsm debug IGMP Finite State Machine (FSM)
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 143
tib debug IGMP Tree Information Base (TIB)
Command ModesPrivileged Exec mode and Configure mode
UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.
ExampleZebOS# configure terminalZebOS(config)# debug igmp all
ip igmpUse this command to enable the IGMP protocol operation on an interface. This command enables IGMP protocol operation in stand-alone mode, and can be used to learn local-membership information prior to enabling a multicast routing protocol on the interface.
Use the no parameter with this command to return all IGMP related configuration to the default (including IGMP Snooping or IGMP Proxy service).
Command Syntaxip igmp
no ip igmp
Command ModeInterface mode
DefaultDisabled
UsageThis command will has no effect on interfaces configured for IGMP Proxy.
ExampleZebOS# configure terminalZebOS(config)# interface ethernet 0 ZebOS(config-if)# ip igmp
ip igmp access-group Use this command to control the multicast local-membership groups learnt on an interface.
Use the no parameter with this command to disable this access control.
Command Syntaxip igmp access-group <1-99>|WORD
no ip igmp access-group
<1-99> Access-list number.
GMP Multicast Commands
144 ©2001-2007 IP Infusion Inc. Confidential
WORD Standard IP access-list name.
Command ModeInterface mode
DefaultNo access list configured
UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.
ExamplesIn the following example, hosts serviced by Ethernet interface 0 can only join the group 225.2.2.2:
ZebOS# configure terminalZebOS(config)# access-list 1 225.2.2.2 0.0.0.0ZebOS(config)# interface ethernet 0 ZebOS(config-if)# ip igmp access-group 1
Related CommandsNone
ip igmp immediate-leaveIn IGMP version 2, use this command to minimize the leave latency of IGMP memberships. This command is used when only one receiver host is connected to each interface.
To disable this feature, use the no parameter with this command.
Command Syntaxip igmp immediate-leave group-list ACCESSLIST
no ip igmp immediate-leave
ACCESSLIST <1-99>|<1300-1999>|WORD Standard access-list name or number that defines multicast groups in which the immediate leave feature is enabled.
<1-99> Access-list number.<1300-1999> Access-list number (expanded range).WORD Standard IP access-list name.
Command ModeInterface mode
DefaultDisabled
UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 145
ExamplesThe following example shows how to enable the immediate-leave feature on an interface for a specific range of multicast groups. In this example, the router assumes that the group access-list consists of groups that have only one host membership at a time per interface:
ZebOS# configure terminalZebOS(config)# interface eth 0ZebOS(config-if)# ip igmp immediate-leave group-list 34 ZebOS(config-if)# exitZebOS(config)# access-list 34 permit 225.192.20.0 0.0.0.255
Related Commands
ip igmp last-member-query-interval
ip igmp last-member-query-countUse this command to set the last-member query-count value. To return to the default value on an interface, use the no parameter with this command.
Command Syntaxip igmp last-member-query-count <2-7>
no ip igmp last-member-query-count
<2-7> last member query count value
Command ModeInterface mode
DefaultThe default last member query count value is 2.
UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.
ExampleZebOS# configure terminalZebOS(config)# interface ethernet 0 ZebOS(config-if)# ip igmp last-member-query-count 3
ip igmp last-member-query-intervalUse this command to configure the frequency at which the router sends IGMP group-specific host query messages.
To set this frequency to the default value, use the no parameter with this command.
Command Syntaxip igmp last-member-query-interval INTERVAL
no ip igmp last-member-query-interval
GMP Multicast Commands
146 ©2001-2007 IP Infusion Inc. Confidential
INTERVAL = <1000-25500> Frequency (in milliseconds) at which IGMP group-specific host query messages are sent.
Command ModeInterface mode
Default1000 milliseconds
UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.
ExamplesThe following example changes the IGMP group-specific host query message interval to 2 seconds:
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ip igmp last-member-query-interval 2000
Related Commandsip igmp immediate-leave
ip igmp limitUse this command to configure the limit on the maximum number of group membership states, at either the router level, or for the specified interface. Once the specified number of group memberships is reached, all further local-memberships will be ignored. Optionally, an exception access-list can be configured to specify the group-address(es) to be excluded from being subject to the limit.
Use the no parameter with this command to unset the limit and any specified exception access-list.
Command Syntaxip igmp (vrf VRFNAME) limit LIMITVALUE (except ACCESSLIST)
no ip igmp (vrf VRFNAME) limit
VRFNAME Optional. Specify the VRF name.LIMITVALUE <1-2097152> Maximum number of group membership statesACCESSLIST <1-99>|<1300-1999>|WORD Number or name that defines multicast groups which are
exempted from being subject to configured limit.<1-99> Access-list number<1300-1999> Access-list number (expanded range)WORD Standard IP access-list name
Command ModeGlobal Config mode and Interface mode
UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.
When configured for IGMP Snooping, this command can be issued on only VLAN interfaces. The limit applies, individually, to each of its constituent interfaces.
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 147
ExamplesThe following example configures an IGMP limit of 100 group-membership states across all interfaces on which IGMP is enabled, and excludes group 224.1.1.1 from this limitation:
ZebOS# configure terminalZebOS(config)# access-list 1 224.1.1.1 0.0.0.0ZebOS(config)# ip igmp limit 100 except 1
The following example configures an IGMP limit of 100 group-membership states on eth0:
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ip igmp limit 100
ip igmp mroute-proxyUse this command to specify the IGMP Proxy service (upstream host-side) interface with which to be associated. IGMP router-side protocol operation is enabled only when the specified upstream proxy-service interface is functional.
Use the no parameter with this command to remove the association with the proxy-service interface.
Command Syntaxip igmp mroute-proxy IFNAME
no ip igmp mroute-proxy
Command ModeInterface mode
UsageThis command should not be used when configuring interfaces enabled for IGMP in association with a multicast routing protocol, otherwise the behavior will be undefined.
ExampleThe following example configures the eth 0 interface as the upstream proxy-service interface for the downstream router-side interface, eth 1.
ZebOS# configure terminalZebOS(config)# interface eth 1ZebOS(config-if)# ip igmp mroute-proxy eth 0
ip igmp proxy-serviceUse this command to designate an interface to be the IGMP proxy-service (upstream host-side) interface, thus enabling IGMP host-side protocol operation on this interface. All associated downstream router-side interfaces will have their memberships consolidated on this interface, according to IGMP host-side functionality.
Use the no parameter with this command to remove the designation of the interface as an upstream proxy-service interface.
Command Syntaxip igmp proxy-service
no ip igmp proxy-service
GMP Multicast Commands
148 ©2001-2007 IP Infusion Inc. Confidential
Command ModeInterface mode
UsageThis command should not be used when configuring interfaces enabled for IGMP in association with a multicast-routing protocol, otherwise the behavior will be undefined.
ExampleThe following example designates the eth 0 interface as the upstream proxy-service interface.
ZebOS# configure terminalZebOS(config)# interface eth 0ZebOS(config-if)# ip igmp proxy-service
ip igmp querier-timeout Use this command to configure the timeout period before the router takes over as the querier for the interface after the previous querier has stopped querying.
To restore the default value, use the no parameter with this command.
Command Syntaxip igmp querier-timeout TIMEOUT
no ip igmp querier-timeout
TIMEOUT = <60-300> Number of seconds that the router waits after the previous querier has stopped querying before it takes over as the querier.
Command ModeInterface mode
Default255 seconds
UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.
ExamplesThe following example configures the router to wait 120 seconds from the time it received the last query before it takes over as the querier for the interface:
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ip igmp querier-timeout 120
Related Commandsip igmp query-interval
ip igmp query-intervalUse this command to configure the frequency of sending IGMP host query messages.
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 149
To return to the default frequency, use the no parameter with this command.
Command Syntaxip igmp query-interval INTERVAL
no ip igmp query-interval
INTERVAL = <1-18000> Frequency (in seconds) at which IGMP host query messages are sent.
Command ModeInterface mode
DefaultThe default query interval is 125 seconds.
UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.
ExampleThe following example changes the frequency of sending IGMP host-query messages to 2 minutes:
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ip igmp query-interval 120
ip igmp query-max-response-timeUse this command to configure the maximum response time advertised in IGMP queries.
To restore the default value, use the no parameter with this command.
Command Syntaxip igmp query-max-response-time RESPONSETIME
no ip igmp query-max-response-time
RESPONSETIME = <1-240> Maximum response time (in seconds) advertised in IGMP queries.
Command ModeInterface mode
Default10 seconds
UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.
ExamplesThe following example configures a maximum response time of 8 seconds:
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ip igmp query-max-response-time 8
GMP Multicast Commands
150 ©2001-2007 IP Infusion Inc. Confidential
ip igmp robustness-variableUse this command to change the robustness variable value on an interface.
To return to the default value on an interface, use the no parameter with this command.
Command Syntaxip igmp robustness-variable <2-7>
no ip igmp robustness-variable
Command ModeInterface mode
DefaultThe default robustness variable value is 2.
UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.
ExampleZebOS# configure terminalZebOS(config)# interface ethernet 0 ZebOS(config-if)# ip igmp robustness-variable 3
ip igmp snoopingUse this command to enable IGMP Snooping. When this command is given in the Global Config mode, IGMP Snooping is enabled at the switch level. When this command is given at the VLAN interface level, IGMP Snooping is enabled for that VLAN.
Use the no parameter with this command to globally disable IGMP Snooping, or for the specified interface.
Command Syntaxip igmp (vrf VRFNAME) snooping
no ip igmp (vrf VRFNAME) snooping
VRFNAME Optional. Specify the VRF name.
Command ModeGlobal Config modeInterface mode for VLAN interface
DefaultIGMP Snooping is enabled.
UsageThis IGMP Snooping command can only be configured on VLAN interfaces
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 151
ExamplesZebOS# configure terminalZebOS(config)# ip igmp snoopingZebOS(config)# interface vlan1.1ZebOS(config-if)# ip igmp snooping
ip igmp snooping fast-leaveUse this command to enable IGMP Snooping fast-leave processing. Fast-leave processing is analogous to immediate-leave processing; the IGMP group-membership is removed, as soon as an IGMP leave group message is received without sending out a group-specific query.
Use the no parameter with this command to disable fast-leave processing.
Command Syntaxip igmp snooping fast-leave
no ip igmp snooping fast-leave
Command ModeInterface mode for VLAN interface
DefaultIGMP Snooping fast-leave processing is disabled.
UsageThis IGMP Snooping command can only be configured on VLAN interfaces.
ExampleThis example shows how to enable fast-leave processing on a VLAN.
ZebOS# configure terminalZebOS(config)# interface vlan1.1ZebOS(config-if)# ip igmp snooping fast-leave
ip igmp snooping mrouterUse this command to statically configure the specified VLAN constituent interface as a multicast router interface for IGMP Snooping in that VLAN.
Use the no parameter with this command to remove the static configuration of the interface as a multicast router interface.
Command Syntaxip igmp snooping mrouter interface IFNAME
no ip igmp snooping mrouter interface IFNAME
IFNAME Specify the name of the interface
Command ModeInterface mode for VLAN interface
GMP Multicast Commands
152 ©2001-2007 IP Infusion Inc. Confidential
UsageThis IGMP Snooping command can only be configured on VLAN interfaces.
ExampleThis example shows interface fe8 statically configured to be a multicast router interface.
ZebOS# configure terminalZebOS(config)# interface vlan1.1ZebOS(config-if)# ip igmp snooping mrouter interface fe8
ip igmp snooping querierUse this command to enable IGMP querier operation on a subnet (VLAN) when no multicast routing protocol is configured in the subnet (VLAN). When enabled, the IGMP Snooping querier sends out periodic IGMP queries for all interfaces on that VLAN.
Use the no parameter with this command to disable IGMP querier configuration.
Command Syntaxip igmp snooping querier
no ip igmp snooping querier
Command ModeInterface mode for VLAN interface
UsageThis command can only be configured on VLAN interfaces.
The IGMP Snooping querier uses the 0.0.0.0 Source IP address because it only masquerades as a proxy IGMP querier for faster network convergence.
It does not start, or automatically cease, the IGMP Querier operation if it detects query message(s) from a multicast router.
It restarts as the IGMP Snooping querier if no queries are seen within the other querier interval.
ExampleZebOS# configure terminalZebOS(config)# interface vlan1.1ZebOS(config-if)# ip igmp snooping querier
ip igmp snooping report-suppressionUse this command to enable report suppression for IGMP versions 1 and 2.
Use the no parameter with this command to disable report suppression.
Command Syntaxip igmp snooping report-suppression
no ip igmp snooping report-suppression
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 153
Command ModeInterface mode for VLAN interface
DefaultReport suppression does not apply to IGMPv3, and is turned off by default for IGMPv1 and IGMPv2 reports.
UsageThis command can only be configured on VLAN interfaces.
ExampleThis example shows how to enable report suppression for IGMPv2 reports.
ZebOS# configure terminalZebOS(config)# interface vlan1.1ZebOS(config-if)# ip igmp version 2ZebOS(config-if)# ip igmp snooping report-suppression
ip igmp ssm-map enableUse this command to enable SSM mapping on the router.
Use the no parameter with this command to disable SSM mapping.
Command Syntaxip igmp (vrf VRFNAME) ssm-map enable
no ip igmp (vrf VRFNAME) ssm-map enable
VRFNAME Optional. Specify the VRF name.
Command ModeGlobal Config mode
UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.
ExampleThis example shows how to configure SSM mapping on the router.
ZebOS# configure terminalZebOS(config)# ip igmp ssm-map enable
Related Commandsip igmp ssm-map static
ip igmp ssm-map staticUse this command to specify the static mode of defining SSM mapping. SSM mapping statically assigns sources to IGMPv1 and IGMPv2 groups to translate such (*,G) groups’ memberships to (S,G) memberships for use with PIM-SSM.
Use the no parameter with this command to remove the SSM map association.
GMP Multicast Commands
154 ©2001-2007 IP Infusion Inc. Confidential
Command Syntaxip igmp (vrf VRFNAME) ssm-map static ACCESSLIST A.B.C.D
no ip igmp (vrf VRFNAME) ssm-map static ACCESSLIST A.B.C.D
VRFNAME Optional. Specify the VRF name.ACCESSLIST
<1-99> Access-list number<1300-1999> Access-list number (expanded range).
A.B.C.D Standard IP access-list name.
Command ModeGlobal Config mode
UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.
ExamplesThis example shows how to configure an SSM static mapping for group-address 224.1.1.1.
ZebOS# configure terminalZebOS(config)# ip igmp ssm-map static 1 1.2.3.4ZebOS(config)# access-list 1 224.1.1.1 0.0.0.0
Related Commandsip igmp ssm-map enable
ip igmp static-groupUse this command to statically configure group membership entries on an interface. To statically add only a group membership, do not specify any parameters.
Use the no parameter with this command to delete static group membership entries.
Command Syntaxip igmp static-group A.B.C.D (source [E.F.G.H|ssm-map]) (interface IFNAME)
no ip igmp static-group A.B.C.D (source [E.F.G.H|ssm-map]) (interface IFNAME)
A.B.C.D Standard IP Multicast group address to be configured as a static group member.source Optional.
E.F.G.H Standard IP source address to be configured as a static source from where multicast packets originate.
ssm-map Mode of defining SSM mapping. SSM mapping statically assigns sources to IGMPv1 and IGMPv2 groups to translate these (*, G) groups' memberships to (S, G) memberships for use with PIM-SSM.
interface Optional. Physical interface. Use this parameter on VLAN interfaces when static configuration is required for IGMP snooping. If used, static configuration is applied to the physical interface specified in IFNAME. If not used, static configuration is applied on all VLAN constituent interfaces.
IFNAME Physical interface name.
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 155
Command ModeInterface mode
UsageThis command applies to IGMP operation on a specific interface to statically add group and/or source records; or to IGMP Snooping on a VLAN interface to statically add group and/or source records.
ExamplesThe following examples show how to statically add group and/or source records for IGMP:
ZebOS# configure terminalZebOS(config)#interface eth0ZebOS(config-if)# ip igmp static-group 226.1.2.3
ZebOS# configure terminalZebOS(config)#interface eth0ZebOS(config-if)#ip igmp static-group 226.1.2.4 source 1.2.3.4
ZebOS# configure terminalZebOS(config)#interface eth0ZebOS(config-if)# ip igmp static-group 226.1.2.5 source ssm-map
The following examples show how to statically add group and/or source records for IGMP Snooping:
ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ip igmp static-group 226.1.2.3
ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ip igmp static-group 226.1.2.6 source 1.2.3.4
ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ip igmp static-group 226.1.2.6 source ssm-map
ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ip igmp static-group 226.1.2.3 interface eth0
ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ip igmp static-group 226.1.2.6 source 1.2.3.4 interface eth0
ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ip igmp static-group 226.1.2.6 source ssm-map interface eth0
ip igmp versionUse this command to set the current IGMP protocol version on an interface.
To return to the default version, use the no parameter with this command.
GMP Multicast Commands
156 ©2001-2007 IP Infusion Inc. Confidential
Command Syntaxip igmp version <1-3>
no ip igmp version
<1-3> IGMP protocol version number
Command ModeInterface mode
UsageThis command applies to interfaces configured for IGMP Layer-3 multicast protocols, IGMP Snooping, or IGMP Proxy.
DefaultThe default IGMP protocol version number is 3.
ExampleZebOS# configure terminalZebOS(config)# interface ethernet 0ZebOS(config-if)# ip igmp version 2
show ip igmp groupsUse this command to display the multicast groups with receivers directly connected to the router, and learned through IGMP.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ip igmp (vrf VRFNAME) groups (A.B.C.D|IFNAME detail)
VRFNAME Optional. Specify the VRF name.A.B.C.D Address of the multicast group. IFNAME Interface name for which to display local information.
Command ModeExec mode and Privileged Exec mode
ExamplesThe following command displays local-membership information for all interfaces:
ZebOS# show ip igmp groups IGMP Connected Group Membership Group Address Interface Uptime Expires Last Reporter 224.0.1.1 eth2 00:00:09 00:04:17 10.10.0.82 224.0.1.24 eth2 00:00:06 00:04:14 10.10.0.84 224.0.1.40 eth2 00:00:09 00:04:15 10.10.0.91 224.0.1.60 eth2 00:00:05 00:04:15 10.10.0.7 224.100.100.100 eth2 00:00:11 00:04:13 10.10.0.91 228.5.16.8 eth2 00:00:11 00:04:16 10.10.0.91 228.81.16.8 eth2 00:00:05 00:04:15 10.10.0.91
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 157
228.249.13.8 eth2 00:00:08 00:04:17 10.10.0.91 235.80.68.83 eth2 00:00:12 00:04:15 10.10.0.40 239.255.255.250 eth2 00:00:12 00:04:15 10.10.0.228
239.255.255.254 eth2 00:00:08 00:04:13 10.10.0.84
The following describes significant fields shown in the display above:
The following command displays local-membership details for a specific group:
ZebOS# show ip igmp groups 224.1.1.1 detailInterface: eth1Group: 224.1.1.1Uptime: 00:00:42Group mode: IncludeLast reporter: 192.168.50.111TIB-A Count: 2TIB-B Count: 0Group source list: (R - Remote, M - SSM Mapping) Source Address Uptime v3 Exp Fwd Flags 192.168.55.55 00:00:42 00:03:38 Yes R 192.168.55.66 00:00:42 00:03:38 Yes R
show ip igmp interfaceUse this command to display the state of IGMP, IGMP Proxy service, and IGMP Snooping for a specified interface, or all interfaces.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ip igmp (vrf VRFNAME) interface IFNAME
VRFNAME Optional. Specify the VRF name.IFNAME Interface name
Command ModeExec and Privileged Exec mode
ExampleThe following command displays the IGMP interface status on all interfaces enabled for IGMP.
ZebOS# show ip igmp interface Interface vlan1.1 (Index 4294967295)IGMP Active, Non-Querier, Version 3 (default)IGMP querying router is 0.0.0.0
Field Description
Group Address Address of the multicast group.
Interface Interface through which the group is reachable.
Uptime For the time period (in weeks, days, hours, minutes, and seconds) this multicast group is known.
Expires Time (in hours, minutes, and seconds) until the entry expires.
Last Reporter Last host to report being a member of the multicast group.
GMP Multicast Commands
158 ©2001-2007 IP Infusion Inc. Confidential
IGMP query interval is 125 secondsIGMP querier timeout is 255 secondsIGMP max query response time is 10 secondsLast member query response interval is 1000 millisecondsGroup Membership interval is 260 seconds|IGMP Snooping is globally enabled|IGMP Snooping is enabled on this interfaceIGMP Snooping fast-leave is not enabledIGMP Snooping querier is not enabledIGMP Snooping report suppression is enabled
show ip igmp snooping mrouterUse this command to display the multicast router interfaces, both configured and learned, in a VLAN.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ip igmp (vrf VRFNAME) snooping mrouter interface IFNAME
VRFNAME Optional. Specify the VRF name.IFNAME The name of the VLAN interface
Command ModeExec and Privileged Exec mode
ExampleThe following command displays the multicast router interfaces in VLAN 1.1.
ZebOS# show ip igmp snooping mrouter vlan1.1VLAN Interface1 ge91 ge11
show ip igmp snooping statisticsUse this command to display IGMP Snooping statistics data.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ip igmp (vrf VRFNAME) snooping statistics interface IFNAME
VRFNAME Optional. Specify the VRF name.IFNAME The name of the VLAN interface
Command ModeExec and Privileged Exec mode
ExampleThe following displays IGMPv3 statistical information for bridge 2.
ZebOS# show ip igmp snooping statistics interface vlan1.1
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 159
IGMP Snooping statistics for ge9Interface: ge10Group: 225.0.0.1Uptime: 00:00:09Group mode: Exclude (Expires: 00:04:10)Last reporter: 4.4.4.5Source list is empty
MLD CommandsThe Multicast Listener Discovery (MLD) module includes the MLD Proxy service and MLD Snooping functionalities. Some of the following commands may have commonalities and restrictions: these are described under the Usage section for each command.
clear ipv6 mldUse this command to clear all MLD local-memberships on all interfaces.
Command Syntaxclear ipv6 mld (vrf VRFNAME)
VRFNAME Optional. Specify the VRF name.
Command ModePrivileged Exec mode
UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.
ExampleZebOS# clear ipv6 mld vrf VRF_A
Related Commandsclear ipv6 mld groups, clear ipv6 mld interface
clear ipv6 mld groupsUse this command to clear MLD specific local-membership(s) on all interfaces.
Command Syntaxclear ipv6 mld (vrf VRFNAME) groups *|X:X::X:X
VRFNAME Optional. Specify the VRF name.* Clears all groups on all interfaces. This is an alias to the clear ipv6 mld command.X:X::X:X Specifies the group address’s local-membership to be cleared from all interfaces.
Command ModePrivileged Exec mode
GMP Multicast Commands
160 ©2001-2007 IP Infusion Inc. Confidential
UsageThis command applies to groups learned by MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.
ExamplesZebOS# clear ipv6 mld groups *ZebOS# clear ipv6 mld 224.1.1.1
Related Commandsclear ipv6 mld, clear ipv6 mld interface
clear ipv6 mld interfaceUse this command to clear MLD interface entries.
Command Syntaxclear ipv6 mld (vrf VRFNAME) interface IFNAME
VRFNAME Optional. Specify the VRF name.IFNAME Specifies name of the interface; all groups learned from this interface are deleted.
Command ModePrivileged Exec mode
UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.
ExampleZebOS# clear ipv6 mld interface eth1
Related Commandsclear ipv6 mld, clear ipv6 mld groups
debug mldUse this command to enable debugging of all MLD, or a specific component of MLD.
Use the no parameter with this command to disable all MLD debugging, or debugging of a specific component of MLD.
Command Syntaxdebug mld (vrf VRFNAME) all|decode|events|fsm|tib
no debug mld (vrf VRFNAME) all|decode|events|fsm|tib
VRFNAME Optional. Specify the VRF name.all debug all MLDdecode debug MLD decodingencode debug MLD encodingevents debug MLD eventsfsm debug MLD Finite State Machine (FSM)
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 161
tib debug MLD Tree Information Base (TIB)
Command ModePrivileged Exec mode and Configure mode
UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.
ExampleZebOS# configure terminalZebOS(config)# debug mld all
ipv6 mldUse this command to enable the MLD protocol operation on an interface. This command enables MLD protocol operation in stand-alone mode, and can be used to learn local-membership information prior to enabling a multicast routing protocol on the interface.
Use the no parameter with this command to return all MLD related configuration to the default (including MLD Snooping or MLD Proxy service).
Command Syntaxipv6 mld
no ipv6 mld
Command ModeInterface mode
DefaultDisabled
UsageThis command will has no effect on interfaces configured for MLD Proxy.
ExampleZebOS# configure terminalZebOS(config)# interface ethernet 0 ZebOS(config-if)# ipv6 mld
ipv6 mld access-group Use this command to control the multicast local-membership groups learnt on an interface.
Use the no parameter with this command to disable this access control.
Command Syntax
ipv6 mld access-group WORD
no ipv6 mld access-group
WORD Standard IPv6 access-list name.
GMP Multicast Commands
162 ©2001-2007 IP Infusion Inc. Confidential
Command ModeInterface mode
DefaultNo access list configured
UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.
ExamplesIn the following example, hosts serviced by Ethernet interface 0 can join the group ff0e::1/128 only:
ZebOS# configure terminalZebOS(config)# ipv6 access-list Group1 permit ff0e::1/128ZebOS(config)# interface fxp0 ZebOS(config-if)# ipv6 mld access-group Group1
Related CommandsNone
ipv6 mld immediate-leaveUse this command to minimize the leave latency of MLD memberships.
To disable this feature, use the no parameter with this command.
Command Syntaxipv6 mld immediate-leave group-list ACCESSLIST
no ipv6 mld immediate-leave
ACCESSLIST Standard IPv6 access-list name that defines multicast groups in which the immediate leave feature is enabled.
Command ModeInterface mode
DefaultDisabled
UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.
Use this command when only one receiver host is connected to each interface.
ExampleThe following example shows how to enable the immediate-leave feature on an interface for a specific range of multicast groups. In this example, the router assumes that the group access-list consists of groups that have only one node membership at a time per interface:
ZebOS# configure terminalZebOS(config)# interface eth 0
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 163
ZebOS(config-if)# ipv6 mld immediate-leave v6grpZebOS(config-if)# exit
Related Commandsipv6 mld last-member-query-interval
ipv6 mld last-member-query-countUse this command to set the last-member query-count value.
To return to the default value on an interface, use the no parameter with this command.
Command Syntaxipv6 mld last-member-query-count <2-7>
no ipv6 mld last-member-query-count
<2-7> last-member query-count value
Command ModeInterface mode
DefaultThe default last-member query-count value is 2.
UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.
ExampleZebOS# configure terminalZebOS(config)# interface ethernet 0 ZebOS(config-if)# ipv6 mld last-member-query-count 3
ipv6 mld last-member-query-intervalUse this command to configure the frequency at which the router sends MLD group-specific host query messages.
To set this frequency to the default value, use the no parameter with this command.
Command Syntaxipv6 mld last-member-query-interval INTERVAL
no ipv6 mld last-member-query-interval
INTERVAL = <1000-25500> Frequency (in milliseconds) at which MLD group-specific host query messages are sent.
Command ModeInterface mode
Default1000 milliseconds
GMP Multicast Commands
164 ©2001-2007 IP Infusion Inc. Confidential
UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.
ExamplesThe following example changes the MLD group-specific host query message interval to 2 seconds:
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 mld last-member-query-interval 2000
Related Commandsipv6 mld immediate-leave
ipv6 mld limitUse this command to configure the limit on the maximum number of group membership states at either the router level, or for the specified interface. Once the specified number of group memberships is reached, all further local-memberships will be ignored. Optionally, an exception access-list can be configured to specify the group-address(es) to be excluded from being subject to the limit.
Use the no parameter with this command to unset the limit and any specified exception access-list.
Command Syntaxipv6 mld (vrf VRFNAME) limit LIMITVALUE (except ACCESSLIST)
no ipv6 mld (vrf VRFNAME) limit
VRFNAME Optional. Specify the VRF name.LIMITVALUE <1-2097152> Maximum number of group membership statesACCESSLIST Standard IPv6 access-list name that defines multicast groups which are exempted from
being subject to the configured limit.
Command ModeGlobal Config mode and Interface mode
UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.
When configured for MLD Snooping, this command can be issued on only VLAN interfaces, and the limit applies individually to each of its constituent interfaces.
ExamplesThe following example configures an MLD limit of 100 group-membership states across all interfaces on which MLD is enabled, and excludes group 224.1.1.1 from this limitation:
ZebOS# configure terminalZebOS(config)# access-list 1 224.1.1.1 0.0.0.0ZebOS(config)# ipv6 mld limit 100 except v6grp
The following example configures an MLD limit of 100 group-membership states on eth0:
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 mld limit 100
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 165
Related Commandsipv6 mld immediate-leave
ipv6 mld mroute-proxyUse this command to specify the MLD Proxy service (upstream host-side) interface with which to be associated. MLD router-side protocol operation is enabled only when the specified upstream proxy-service interface is functional.
Use the no parameter with this command to remove the association with the proxy-service interface.
Command Syntaxipv6 mld mroute-proxy IFNAME
no ipv6 mld mroute-proxy
Command ModeInterface mode
UsageThis command should not be configured on interfaces enabled for MLD in association with a multicast routing protocol, otherwise, the behavior will be undefined.
ExampleThe following example configures the eth 0 interface as the upstream proxy-service interface for the downstream router-side interface, eth 1.
ZebOS# configure terminalZebOS(config)# interface eth 1ZebOS(config-if)# ipv6 mld mroute-proxy eth 0
ipv6 mld proxy-serviceUse this command to designate an interface to be the MLD proxy-service (upstream host-side) interface, thus enabling MLD host-side protocol operation on this interface. All associated downstream router-side interfaces will have their memberships consolidated on this interface, according to MLD host-side functionality.
Use the no parameter with this command to remove the designation of the interface as an upstream proxy-service interface.
Command Syntaxipv6 mld proxy-service
no ipv6 mld proxy-service
Command ModeInterface mode
UsageThis command should not be used when configuring interfaces enabled for MLD in association with a multicast-routing protocol, otherwise the behavior will be undefined.
GMP Multicast Commands
166 ©2001-2007 IP Infusion Inc. Confidential
ExampleThe following example designates the eth 0 interface as the upstream proxy-service interface.
ZebOS# configure terminalZebOS(config)# interface eth 0ZebOS(config-if)# ipv6 mld proxy-service
ipv6 mld querier-timeoutUse this command to configure the timeout period before the router takes over as the querier for the interface after the previous querier has stopped querying.
To restore the default value, use the no parameter with this command.
Command Syntaxipv6 mld querier-timeout TIMEOUT
no ipv6 mld querier-timeout
TIMEOUT = <60-300> Number of seconds that the router waits after the previous querier has stopped querying before it takes over as the querier.
Command ModeInterface mode
Default255 seconds
UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.
ExampleThe following example configures the router to wait 120 seconds from the time it received the last query before it takes over as the querier for the interface:
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 mld querier-timeout 120
Related Commandsipv6 mld query-interval
ipv6 mld query-intervalUse this command to configure the frequency of sending MLD host query messages.
To return to the default frequency, use the no parameter with this command.
Command Syntaxipv6 mld query-interval INTERVAL
no ipv6 mld query-interval
INTERVAL = <1-18000> Frequency (in seconds) at which MLD host query messages are sent.
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 167
Command ModeInterface mode
DefaultThe default query interval is 125 seconds.
UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.
ExampleThe following example changes the frequency of sending MLD host-query messages to 2 minutes:
ZebOS# configure terminalZebOS(config)# interface fxp0ZebOS(config-if)# ipv6 mld query-interval 120
Related Commandsipv6 mld querier-timeout
ipv6 mld query-max-response-time Use this command to configure the maximum response time advertised in MLD queries.
To restore the default value, use the no parameter with this command.
Command Syntaxipv6 mld query-max-response-time RESPONSETIME
no ipv6 mld query-max-response-time
RESPONSETIME = <1-240> Maximum response time (in seconds) advertised in MLD queries.
Command ModeInterface mode
Default10 seconds
UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.
ExampleThe following example configures a maximum response time of 8 seconds:
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ipv6 mld query-max-response-time 8
ipv6 mld robustness-variableUse this command to change the robustness variable value on an interface.
GMP Multicast Commands
168 ©2001-2007 IP Infusion Inc. Confidential
To return to the default value on an interface, use the no parameter with this command.
Command Syntaxipv6 mld robustness-variable <2-7>
no ipv6 mld robustness-variable
Command ModeInterface mode
DefaultThe default robustness variable value is 2.
UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.
ExampleZebOS# configure terminalZebOS(config)# interface ethernet 0 ZebOS(config-if)# ipv6 mld robustness-variable 3
ipv6 mld snoopingUse this command to enable MLD Snooping. When this command is given in the Global Config mode, MLD Snooping is enabled at the switch level. When this command is given at the VLAN interface level, MLD Snooping is enabled for that VLAN.
Use the no parameter with this command to globally disable MLD Snooping, or for the specified interface.
Command Syntaxipv6 mld (vrf VRFNAME) snooping
no ipv6 mld (vrf VRFNAME) snooping
VRFNAME Optional. Specify the VRF name.
Command ModeGlobal Config modeInterface mode for VLAN interface
DefaultMLD Snooping is enabled.
UsageThis MLD Snooping command can only be configured on VLAN interfaces
ExampleZebOS# configure terminalZebOS(config)# ipv6 mld snoopingZebOS(config)# interface vlan1.1ZebOS(config-if)# ipv6 mld snooping
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 169
ipv6 mld snooping fast-leaveUse this command to enable MLD Snooping fast-leave processing. Fast-leave processing is analogous to immediate-leave processing; the MLD group-membership is removed, as soon as an MLD leave group message is received without sending out a group-specific query.
Use the no parameter with this command to disable fast-leave processing.
Command Syntaxipv6 mld snooping fast-leave
no ipv6 mld snooping fast-leave
Command ModeInterface mode for VLAN interface
DefaultMLD Snooping fast-leave processing is disabled.
UsageThis MLD Snooping command can only be configured on VLAN interfaces.
ExampleThis example shows how to enable fast-leave processing on a VLAN.
ZebOS# configure terminalZebOS(config)# interface vlan1.1ZebOS(config-if)# ipv6 mld snooping fast-leave
ipv6 mld snooping mrouterUse this command to statically configure the specified VLAN constituent interface as a multicast router interface for MLD Snooping in that VLAN.
Use the no parameter with this command to remove the static configuration of the interface as a multicast router interface.
Command Syntaxipv6 mld snooping mrouter interface IFNAME
no ipv6 mld snooping mrouter interface IFNAME
IFNAME Specify the name of the interface
Command ModeInterface mode for VLAN interface
UsageThis MLD Snooping command can only be configured on VLAN interfaces.
ExampleThis example shows how to specify the next-hop interface to the multicast router.
GMP Multicast Commands
170 ©2001-2007 IP Infusion Inc. Confidential
ZebOS# configure terminalZebOS(config)# interface vlan1.1ZebOS(config-if)# ipv6 mld snooping mrouter interface fe8
ipv6 mld snooping querierUse this command to enable MLD querier operation on a subnet (VLAN) when no multicast routing protocol is configured in the subnet (VLAN). When enabled, the MLD Snooping querier sends out periodic MLD queries for all interfaces on that VLAN.
Use the no parameter with this command to disable MLD querier configuration.
Command Syntaxipv6 mld snooping querier
no ipv6 mld snooping querier
Command ModeInterface mode for VLAN interface
UsageThis command can only be configured on VLAN interfaces.
The MLD Snooping querier uses the 0.0.0.0 Source IP address because it only masquerades as a proxy MLD querier for faster network convergence.
It does not start, or automatically cease, the MLD Querier operation if it detects query message(s) from a multicast router.
It restarts as MLD Snooping querier if no queries are seen within the other querier interval.
ExampleZebOS# configure terminalZebOS(config)# interface vlan1.1ZebOS(config)# ipv6 mld snooping querier
ipv6 mld snooping report-suppressionUse this command to enable report suppression for MLD version 1.
Use the no parameter to disable report suppression.
Command Syntaxipv6 mld snooping report-suppression
no ipv6 mld snooping report-suppression
Command ModeInterface mode for VLAN interface
DefaultReport suppression does not apply to MLDv2, and is turned off by default for MLDv1 reports.
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 171
UsageThis MLD Snooping command can only be configured on VLAN interfaces.
ExampleThis example shows how to enable report suppression for MLDv1 reports.
ZebOS# configure terminalZebOS(config)# interface vlan1.1ZebOS(config-if)# ipv6 mld version 1ZebOS(config-if)# ipv6 mld snooping report-suppression
ipv6 mld ssm-map enableUse this command to enable SSM mapping on the router.
Use the no parameter with this command to disable SSM mapping.
Command Syntaxipv6 mld (vrf VRFNAME) ssm-map enable
no ipv6 mld (vrf VRFNAME) ssm-map enable
VRFNAME Optional. Specify the VRF name.
Command ModeGlobal Config mode
UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.
ExampleThis example shows how to enable MLD SSM mapping on the router.
ZebOS# configure terminalZebOS(config)# ipv6 mld ssm-map enable
Related Commandsipv6 mld ssm-map static
ipv6 mld ssm-map staticUse this command to specify the static mode of defining SSM mapping. SSM mapping statically assigns sources to MLDv1 groups to translate such (*,G) groups’ memberships to (S,G) memberships for use with PIM-SSM.
Use the no parameter with this command to remove the SSM map association.
Command Syntaxipv6 mld (vrf VRFNAME) ssm-map static WORD X:X::X:X
no ipv6 mld (vrf VRFNAME) ssm-map static WORD X:X::X:X
VRFNAME Optional. Specify the VRF name.WORD IPv6 named standard access-list.
GMP Multicast Commands
172 ©2001-2007 IP Infusion Inc. Confidential
X:X::X:X IPv6 address
Command ModeGlobal Config mode
UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.
ExampleThis example shows how to configure an SSM static mapping for group-address ff0e::1/128.
ZebOS# configure terminalZebOS(config)# ipv6 mld ssm-map static v6grp 2006::3ZebOS(config)# ipv6 access-list v6grp permit ff0e::1/128
Related Commandsipv6 mld ssm-map enable
ipv6 mld static-groupUse this command to statically configure IPv6 group membership entries on an interface. To statically add only a group membership, do not specify any parameters.
Use the no parameter with this command to delete static group membership entries.
Command Syntaxipv6 mld static-group X:X::X:X (source [Y:Y::Y:Y|ssm-map]) (interface IFNAME)
no ipv6 mld static-group X:X::X:X (source [Y:Y::Y:Y|ssm-map]) (interface IFNAME)
X:X::X:X Standard IPv6 Multicast group address to be configured as a static group member.source Optional.
Y:Y::Y:Y Standard IPv6 source address to be configured as a static source from where multicast packets originate.
ssm-map Mode of defining SSM mapping. SSM mapping statically assigns sources to MLDv1 groups to translate these (*,G) groups' memberships to (S,G) memberships for use with PIM-SSM.
interface Optional. Physical interface. Use this parameter on VLAN interfaces when static configuration is required for MLD snooping. If used, static configuration is applied to the physical interface specified in IFNAME. If not used, static configuration is applied on all VLAN constituent interfaces.
IFNAME Physical interface name.
Command ModeInterface mode
UsageThis command applies to MLD operation on a specific interface to statically add group and/or source records; or to MLD Snooping on a VLAN interface to statically add group and/or source records.
ExamplesThe following examples show how to statically add group and/or source records for MLD:
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 173
ZebOS# configure terminalZebOS(config)#interface eth0ZebOS(config-if)# ipv6 mld static-group ff1e::10
ZebOS# configure terminalZebOS(config)#interface eth0ZebOS(config-if)# ipv6 mld static-group ff1e::10 source fe80::2fd:6cff:fe1c:b
ZebOS# configure terminalZebOS(config)#interface eth0ZebOS(config-if)# ipv6 mld static-group ff1e::10 source ssm-map
The following examples show how to statically add group and/or source records for MLD Snooping:
ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ipv6 mld static-group ff1e::10
ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ipv6 mld static-group ff1e::10 source fe80::2fd:6cff:fe1c:b
ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ipv6 mld static-group ff1e::10 source ssm-map
ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ipv6 mld static-group ff1e::10 interface eth0
ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ipv6 mld static-group ff1e::10 source fe80::2fd:6cff:fe1c:b interface eth0
ZebOS# configure terminalZebOS(config)#interface vlan1.1ZebOS(config-if)# ipv6 mld static-group ff1e::10 source ssm-map interface eth0
ipv6 mld versionUse this command to set the current MLD protocol version on an interface.
To return to the default version on an interface, use the no parameter with this command.
Command Syntaxipv6 mld version <1-2>
no ipv6 mld version
<1-2> MLD protocol version number
Command ModeInterface mode
GMP Multicast Commands
174 ©2001-2007 IP Infusion Inc. Confidential
DefaultThe default MLD protocol version number is 2.
UsageThis command applies to interfaces configured for MLD Layer-3 multicast protocols, MLD Snooping, or MLD Proxy.
ExampleZebOS# configure terminalZebOS(config)# interface ethernet 0 ZebOS(config-if)# ipv6 mld version 1
show ipv6 mld groupsUse this command to display the multicast groups with receivers directly connected to the router, and learned through MLD.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ipv6 mld (vrf VRFNAME) groups (X:X::X:X |IFNAME detail)
VRFNAME Optional. Specify the VRF name.X:X::X:X Address of the multicast group. IFNAME Interface name for which to display local information.
Command ModeExec mode and Privileged Exec mode
ExampleThe following command displays local-membership information for all interfaces:
ZebOS# show ipv6 mld groupsMLD Connected Group MembershipGroup Address Interface Uptime Expires Last Reporterff1e::10 ge10 00:03:16 00:01:09 fe80::202:b3ff:fef0:79d8
show ipv6 mld interfaceUse this command to display the state of MLD, MLD Proxy service, and MLD Snooping for a specified interface, or all interfaces.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ipv6 mld (vrf VRFNAME) interface IFNAME
VRFNAME Optional. Specify the VRF name.IFNAME Interface name
GMP Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 175
Command ModeExec mode and Privileged Exec mode
ExampleThe following displays MLD interface status on all interfaces enabled for MLD.
ZebOS# show ipv6 mld interfaceInterface eth1 (Index 2) MLD Enabled, Active, Querier, Version 2 (default) Internet address is fe80::2fd:6cff:fe1c:b MLD interface has 0 group-record states MLD activity: 0 joins, 0 leaves MLD query interval is 125 seconds MLD querier timeout is 255 seconds MLD max query response time is 10 seconds Last member query response interval is 1000 milliseconds Group Membership interval is 260 seconds
show ipv6 mld snooping mrouterUse this command to display the multicast router interfaces, both configured and learned, in a VLAN.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ipv6 mld (vrf VRFNAME) snooping mrouter interface IFNAME
VRFNAME Optional. Specify the VRF name.IFNAME The name of the VLAN interface
Command ModeExec and Privileged Exec mode
ExampleThe following displays the multicast router interfaces in VLAN 1.1
ZebOS# show ipv6 mld snooping mrouter vlan1.1VLAN Interface1 ge91 ge11
GMP Multicast Commands
176 ©2001-2007 IP Infusion Inc. Confidential
show ipv6 mld snooping statisticsUse this command to display MLD Snooping statistics data.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ipv6 mld (vrf VRFNAME) snooping statistics interface IFNAME
VRFNAME Optional. Specify the VRF name.IFNAME The name of the VLAN interface
Command ModeExec and Privileged Exec mode
ExampleThe following displays MLDv2 statistical information for bridge 2.
ZebOS# show ipv6 mld snooping statisticsInterface: ge10Group: ff1e::10Uptime: 00:00:13Group mode: IncludeLast reporter: fe80::202:b3ff:fef0:79d8Group source list: (R - Remote, M - SSM Mapping) Source Address Uptime v2 Exp Fwd Flags 7ffe::4 00:00:13 00:04:06 Yes R
©2001-2007 IP Infusion Inc. Confidential 177
CHAPTER 8 NSM Multicast Commands
This chapter contains NSM Multicast related commands in alphabetical order. For IGMP and MLD specific Multicast commands, see Chapter 7, GMP Multicast Commands.
clear ip mrouteUse this command to delete entries from the IP multicast routing table.
Command Syntaxclear ip mroute (vrf VRFNAME) [*|GROUP_SRC_ADD]
VRFNAME Optional. Specify the VRF name.* = Deletes all multicast routesGROUP_SRC_ADD = GRPADD (SRCADD) Group IP address
GRPADD A.B.C.D Group IP address.SRCADD A.B.C.D Source IP address.
Command ModePrivileged Exec mode
UsageWhen this command is used, the MRIB clears the multicast route entries in its multicast route table, and removes the entries from the multicast forwarder. The MRIB sends a clear message to the multicast protocols. Each multicast protocol has its own clear multicast route command. The protocol-specific clear command clears multicast routes from the protocol, and also clears the routes from the MRIB.
ExampleZebOS# clear ip mroute vrf VRF_A 225.1.1.1 3.3.3.3
clear ip mroute statisticsUse this command to delete multicast route statistics entries from the IP multicast routing table.
Command Syntaxclear ip mroute (vrf VRFNAME) statistics [*|GRP_SRC_ADD]
VRFNAME Optional. Specify the VRF name.* All multicast route entries.GRP_SRC_ADD GRPADD (SRCADD) Group IP address.
GRPADD A.B.C.D Group IP addressSRCADD A.B.C.D Source IP address.
Command ModePrivileged Exec mode
NSM Multicast Commands
178 ©2001-2007 IP Infusion Inc. Confidential
ExampleZebOS# clear ip mroute statistics 225.1.1.2 4.3.4.4
clear ipv6 mrouteUse this command to delete entries from the IPv6 multicast routing table.
Command Syntaxclear ipv6 mroute (vrf VRFNAME) [*|GRP_SRC_ADD]
VRFNAME Optional. Specify the VRF name.* = Deletes all multicast routesGRP_SRC_ADD = GRPADD (SRCADD) Group IP address
GRPADD X:X::X:X Group IPv6 address.SRCADD X:X::X:X Source IP address.
Command ModePrivileged Exec mode
UsageWhen this command is used, the MRIB clears the multicast route entries in its multicast route table, and removes the entries from the multicast forwarder. The MRIB sends a clear message to the multicast protocols. Each multicast protocol has its own clear multicast route command.
ExampleZebOS# clear ipv6 mroute ff1e::10 3ffe::1
clear ipv6 mroute statisticsUse this command to delete multicast route statistics entries from the IPv6 multicast routing table.
Command Syntaxclear ipv6 mroute (vrf VRFNAME) statistics [*|GRP_SRC_ADD]
VRFNAME Optional. Specify the VRF name.* All multicast route entries.GRP_SRC_ADD GRPADD (SRCADD) Group IP address.
GRPADD X:X::X:X Group IP addressSRCADD X:X::X:X Source IP address.
Command ModePrivileged Exec mode
ExampleZebOS# clear ipv6 mroute ff1e::100 3ffe::3
debug nsm mcastUse this command to debug events in the multicast RIB.
NSM Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 179
Command Syntaxdebug nsm mcast (vrf VRFNAME) (all|fib-msg|mrt|register|stats|vif)
VRFNAME Optional. Specify the VRF name.all All IPv4 multicast debugging.fib-msg Multicast FIB messages.mrt Multicast routes.register Multicast PIM register messages.stats Multicast statistics.vif Multicast interface.
Command Mode Privileged Exec and Configure mode
ExampleZebOS# configure terminalZebOS(config)# debug nsm mcast register
ip mrouteUse this command to create a multicast static route. Use the no form of this command to clear the route.
Multicast static routes are unicast routes which allow multicast and unicast topologies to be incongruous. These routes are used by multicast routing protocols to perform reverse-path forwarding (RPF) checks.
Command Syntaxip mroute SRCADD/MASKLEN (PROTOCOL) RPFADD|INTERFACE (DISTANCE)
ip mroute SRCADD/MASKLEN (PROTOCOL)
SRCADD = A.B.C.D Specifies multicast source IP addressMASKLEN = <0-32> Specifies multicast source IP address mask lengthPROTOCOL Unicast routing protocol.
bgp BGPisis IS-ISospf OSPFrip RIPstatic
RPFADD = A.B.C.D RPF address for the multicast route. The host IP address can be a directly connected system or a remote system. When it is a remote system, a recursive lookup is done from the unicast routing table to find a directly connected system; the recursive lookup is done up to only one level.
INTERFACE Incoming interface name. Can only be specified for non-broadcast interfaces.DISTANCE Specifies whether a unicast route or multicast static route is used for the RPF lookup. Lower
distances have preference. If the multicast static route has the same distance as the other RPF sources, the multicast static route takes precedence. Default is 0. Range is 0-255.
Command ModeConfigure mode
NSM Multicast Commands
180 ©2001-2007 IP Infusion Inc. Confidential
ExamplesThe following example configures all sources via a single interface (in this case, a tunnel):
ZebOS# configure terminalZebOS(config)# ip mroute 10.10.10.50 255.255.255.0 tunnel1
The following example configures all specific sources within a network number to be accessible through 10.10.10.50:
ZebOS# configure terminalZebOS(config)# ip mroute 192.168.3.0 255.255.255.0 10.10.10.50
Validation Commandsshow ip rpf
ip multicast route-limitUse this command to limit the number of multicast routes that can be added to a multicast routing table.
Use the no parameter with this command to disable this configuration.
Command Syntax(no) ip multicast (vrf VRFNAME) route-limit LIMIT (THRESHOLD)
VRFNAME Optional. Specify the VRF name.LIMIT = <1-2147483647> Number of routes.THRESHOLD = <1-2147483647> Threshold at which to generate a warning message.
Command ModeConfigure mode
DefaultThe default limit and threshold value is 2147483647.
UsageThis command limits the number of multicast routes (mroutes) that can be added to a router, and generates an error message when the limit is exceeded. If the threshold parameter is set, a threshold warning message is generated when this threshold is exceeded, and the message continues to occur until the number of mroutes reaches the limit set by the limit argument.
Note: The mroute warning threshold must not exceed the mroute limit.
ExampleZebOS# configure terminalZebOS(config)# ip multicast route-limit 34 24
ip multicast ttl-thresholdUse this command to configure the time-to-live (TTL) threshold of packets being forwarded out of an interface.
Use the no parameter with this command to return to the default TTL threshold.
Command Syntaxip multicast ttl-threshold TTL
NSM Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 181
no ip multicast ttl-threshold
TTL <0-255> The time-to-live threshold.
Command ModeInterface mode
DefaultThe default TTL value is 1.
UsageOnly multicast packets with a TTL value greater than the threshold are forwarded out of the interface.
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# ip multicast ttl-threshold 34
ip multicast-routingUse this command to turn on/off multicast routing on the router; when turned off, the multicast protocol daemon remains present, but does not perform multicast functions.
Use the no parameter with this command to disable this function.
Command Syntax(no) ip multicast-routing (vrf VRFNAME)
VRFNAME Optional. Specify the VRF name.
Command ModeConfigure mode
DefaultBy default, multicast routing is on.
UsageWhen the no parameter is used with this command, the MRIB releases all VIFs and tunnels, cleans up MRTs, stops IGMPv2 operation, and stops relaying multicast forwarder events to multicast protocols.
When multicast routing is enabled, the MRIB re-creates tunnels, and starts processing any VIF addition/deletion requests, MRT addition/deletion requests, and any multicast forwarding events.
ExampleZebOS# configure terminalZebOS(config)# ip multicast-routing
ipv6 mrouteUse this command to create a multicast static route. Use the no form of this command to clear the route.
NSM Multicast Commands
182 ©2001-2007 IP Infusion Inc. Confidential
Multicast static routes are unicast routes which allow multicast and unicast topologies to be incongruous. These routes are used by multicast routing protocols to perform reverse-path forwarding (RPF) checks.
Command Syntaxipv6 mroute SRCADD/MASKLEN (PROTOCOL) RPFADD|INTERFACE (DISTANCE)
no ipv6 mroute SRCADD/MASKLEN (PROTOCOL)
SRCADD = X:X::X:X Specifies multicast source IPv6 addressMASKLEN = <0-128> Specifies multicast source IPv6 address mask lengthPROTOCOL Unicast routing protocol.
bgp BGPisis IS-ISospf OSPFrip RIPstatic
RPFADD = X:X::X:X RPF address for the multicast route. The host IPv6 address can be a directly connected system, or a remote system. When it is a remote system, a recursive lookup is done from the unicast routing table to find a directly connected system; the recursive lookup is done only up to one level.
INTERFACE Incoming interface name. Can only be specified for non-broadcast interfaces.DISTANCE Specifies whether a unicast route or multicast static route is used for the RPF lookup. Lower
distances have preference. If the multicast static route has the same distance as the other RPF sources, the multicast static route takes precedence. Default is 0. Range is 0-255.
Command ModeConfigure mode
Validation Commandsshow ipv6 rpf
ipv6 multicast route-limitUse this command to limit the number of IPv6 multicast routes that can be added to a multicast routing table.
Use the no parameter with this command to disable this configuration.
Command Syntax(no) ipv6 multicast (vrf VRFNAME) route-limit LIMIT (THRESHOLD)
VRFNAME Optional. Specify the VRF name.LIMIT = <1-2147483647> Number of routes.THRESHOLD = <1-2147483647> Threshold at which to generate a warning message.
Command ModeConfigure mode
DefaultThe default limit and threshold value is 2147483647.
NSM Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 183
UsageThis command limits the number of IPv6 multicast routes that can be added to a router, and generates an error message when the limit is exceeded. If the threshold parameter is set, a threshold warning message is generated when this threshold is exceeded, and the message continues to occur until the number of mroutes reaches the limit set by the limit argument.
Note: The mroute warning threshold must not exceed the mroute limit.
ExampleZebOS# configure terminalZebOS(config)# ipv6 multicast route-limit 34 34
ipv6 multicast-routingUse this command to turn on/off IPv6 multicast routing on the router; when turned off, the multicast protocol daemon remains present, but does not perform multicast functions.
Use the no parameter with this command to disable this function.
Command Syntax(no) ipv6 multicast-routing (vrf VRFNAME)
VRFNAME Optional. Specify the VRF name.
Command ModeConfigure mode
DefaultBy default, multicast routing is on.
UsageWhen the no parameter is used with this command, the MRIB releases all VIFs and tunnels, cleans up MRTs, stops IGMPv2 operation, and stops relaying multicast forwarder events to multicast protocols.
When multicast routing is enabled, the MRIB re-creates tunnels, and starts processing any VIF addition/deletion requests, MRT addition/deletion requests, and any multicast forwarding events.
ExampleZebOS# configure terminalZebOS(config)# ipv6 multicast-routing
show ip mrouteUse this command to display the contents of the IP multicast routing (mroute) table.
Command Syntaxshow ip mroute (vrf VRFNAME) (GRPADD) (SRCADD) (dense|sparse)
VRFNAME Optional. Specify the VRF name.GRPADD Group IP address.SRCADD Source IP address.dense Display dense multicast routes.
NSM Multicast Commands
184 ©2001-2007 IP Infusion Inc. Confidential
sparse Display sparse multicast routes.
Command ModeExec and Privileged Exec mode
UsageThe following is a sample output of this command displaying the IP multicast routing table, with and without specifying the group and source IP address:
ZebOS# show ip mrouteIP Multicast Routing TableFlags: I - Immediate Stat, T - Timed Stat, F - Forwarder installedTimers: Uptime/Stat ExpiryInterface State: Interface (TTL) (10.10.1.52, 224.0.1.3), uptime 00:00:31, stat expires 00:02:59Owner PIM-SM, Flags: TF Incoming interface: wm0 Outgoing interface list: wm1 (1)ZebOS# show ip mroute 10.10.1.52 224.0.1.3 IP Multicast Routing TableFlags: I - Immediate Stat, T - Timed Stat, F - Forwarder installedTimers: Uptime/Stat ExpiryInterface State: Interface (TTL) (10.10.1.52, 224.0.1.3), uptime 00:03:24, stat expires 00:01:28Owner PIM-SM, Flags: TF Incoming interface: wm0 Outgoing interface list: wm1 (1)
ExampleZebOS# show ip mroute 10.10.3.34 224.1.4.3
show ip mroute countUse this command to display the route and packet count from the IP multicast routing (mroute) table.
Command Syntaxshow ip mroute (vrf VRFNAME) (GRPADD) (SRCADD) (dense|sparse) count
show ip mroute count
VRFNAME Optional. Specify the VRF name.GRPADD = Group IP address.SRCADD = Source IP address.dense Display dense multicast routes.sparse Display sparse multicast routes.count Route and packet count data.
NSM Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 185
Command ModeExec and Privileged Exec mode
UsageThe following is a sample output of this command displaying the packet count from the IP multicast routing table:
ZebOS# show ip mroute count IP Multicast StatisticsTotal 1 routes using 132 bytes memoryRoute limit/Route threshold: 2147483647/2147483647Total NOCACHE/WRONGVIF/WHOLEPKT recv from fwd: 1/0/0Total NOCACHE/WRONGVIF/WHOLEPKT sent to clients: 1/0/0Immediate/Timed stat updates sent to clients: 0/0Reg ACK recv/Reg NACK recv/Reg pkt sent: 0/0/0Next stats poll: 00:01:10 Forwarding Counts: Pkt count/Byte count, Other Counts: Wrong If pktsFwd msg counts: WRONGVIF/WHOLEPKT recvClient msg counts: WRONGVIF/WHOLEPKT/Imm Stat/Timed Stat sentReg pkt counts: Reg ACK recv/Reg NACK recv/Reg pkt sent (10.10.1.52, 224.0.1.3), Forwarding: 2/19456, Other: 0 Fwd msg: 0/0, Client msg: 0/0/0/0, Reg: 0/0/0
ExampleZebOS# show ip mroute 10.10.5.24 225.2.2.2 count
show ip mroute summaryUse this command to display the contents of the IP multicast routing (mroute) table in an abbreviated form.
Command Syntaxshow ip mroute (vrf VRFNAME) (GRPADD) (SRCADD) (dense|sparse) summary
show ip mroute summary
VRFNAME Optional. Specify the VRF name.GRPADD = Group IP address.SRCADD = Source IP address.dense Display dense multicast routes.sparse Display sparse multicast routes.summary = Provide abbreviated display.
Command ModeExec and Privileged Exec mode
UsageThe following is a sample output for this command displaying the IP multicast routing table in an abbreviated form:
ZebOS# show ip mroute summary IP Multicast Routing Table
NSM Multicast Commands
186 ©2001-2007 IP Infusion Inc. Confidential
Flags: I - Immediate Stat, T - Timed Stat, F - Forwarder installedTimers: Uptime/Stat ExpiryInterface State: Interface (TTL) (10.10.1.52, 224.0.1.3), 00:01:32/00:03:20, PIM-SM, Flags: TF
ExampleZebOS# show ip mroute 10.10.1.34 summary
show ip mvifUse this command to display the contents of the MRIB VIF table.
Command Syntaxshow ip mvif (vrf VRFNAME) (IFNAME)
VRFNAME Optional. Specify the VRF name.
Command ModeExec and Privileged Exec mode
UsageThe following are sample outputs of this command displaying the contents for the MRIB VIF table, both with and without the interface parameter specified:
ZebOS# show ip mvif Interface Vif Owner TTL Local Remote Uptime Idx Module Address Addresswm0 0 PIM-SM 1 192.168.1.53 0.0.0.0 00:04:26Register 1 1 192.168.1.53 0.0.0.0 00:04:26wm1 2 PIM-SM 1 192.168.10.53 0.0.0.0 00:04:25ZebO# show ip mvif wm0Interface Vif Owner TTL Local Remote Uptime Idx Module Address Addresswm0 0 PIM-SM 1 192.168.1.53 0.0.0.0 00:05:17
ExampleZebOS# show ip mvif wm0
show ip rpfUse this command to display RPF information for the specified source address.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ip rpf SRCADD
SRCADD = A.B.C.D Specifies source IP address
NSM Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 187
Command ModeExec mode and Privileged Exec mode
ExamplesZebOS# show ip rpf 10.10.10.50
show ipv6 mifUse this command to display the contents of the MRIB VIF table.
Command Syntaxshow ipv6 mif (vrf VRFNAME) (IFNAME)
VRFNAME Optional. Specify the VRF name.
Command ModeExec and Privileged Exec mode
UsageThe following are sample outputs of this command displaying the MRIB VIF table, with and without the interface parameter:
ZebOS# show ipv6 mifInterface Mif Owner Uptime Idx Modulewm0 0 PIM-SMv6 00:17:18Register 1 00:17:18wm1 2 PIM-SMv6 00:17:18ZebOS# show ipv6 mif wm0Interface Mif Owner Uptime Idx Modulewm0 0 PIM-SMv6 00:19:06
ExampleZebOS# show ipv6 mif wm0
show ipv6 mrouteUse this command to display the contents of the IPv6 multicast routing (mroute) table.
Command Syntaxshow ipv6 mroute (vrf VRFNAME) (GRPADD) (SRCADD) (dense|sparse)
VRFNAME Optional. Specify the VRF name.GRPADD = Group IPv6 address.SRCADD = Source IPv6 address.dense Display dense multicast routes.sparse Display sparse multicast routes.
NSM Multicast Commands
188 ©2001-2007 IP Infusion Inc. Confidential
Command ModeExec and Privileged Exec mode
UsageThe following is a sample output for this command displaying the IPv6 multicast routing table:
ZebOS# show ipv6 mroute IPv6 Multicast Routing TableFlags: I - Immediate Stat, T - Timed Stat, F - Forwarder installedTimers: Uptime/Stat ExpiryInterface State: Interface (3ffe:10:10:1::96, ff1e::10), uptime 00:00:09, stat expires 00:03:21Owner PIM-SMv6, Flags: TF Incoming interface: wm0 Outgoing interface list: wm1 (3ffe:10:10:1::96, ff1e::12), uptime 00:00:02, stat expires 00:03:28Owner PIM-SMv6, Flags: TF Incoming interface: wm0 Outgoing interface list: wm1
ExampleZebOS# show ipv6 mroute 3ffe:10:10:1::90 ff1e::15
show ipv6 mroute countUse this command to display the route and packet count from the IP multicast routing (mroute) table.
Command Syntaxshow ipv6 mroute (vrf VRFNAME) (GRPADD) (SRCADD) (dense|sparse) count
show ipv6 mroute count
VRFNAME Optional. Specify the VRF name.GRPADD = Group IPv6 address.SRCADD = Source IPv6 address.dense Display dense multicast routes.sparse Display sparse multicast routes.count Route and packet count data.
Command ModeExec and Privileged Exec mode
UsageThe following is a sample output for this command displaying route and packet count data from the IP multicast routing table:
NSM Multicast Commands
©2001-2007 IP Infusion Inc. Confidential 189
ZebOS# show ipv6 mroute count IPv6 Multicast StatisticsTotal 2 routes using 312 bytes memoryRoute limit/Route threshold: 2147483647/2147483647Total NOCACHE/WRONGmif/WHOLEPKT recv from fwd: 2/0/0Total NOCACHE/WRONGmif/WHOLEPKT sent to clients: 2/0/0Immediate/Timed stat updates sent to clients: 0/0Reg ACK recv/Reg NACK recv/Reg pkt sent: 0/0/0Next stats poll: 00:00:36 Forwarding Counts: Pkt count/Byte count, Other Counts: Wrong If pktsFwd msg counts: WRONGmif/WHOLEPKT recvClient msg counts: WRONGmif/WHOLEPKT/Imm Stat/Timed Stat sentReg pkt counts: Reg ACK recv/Reg NACK recv/Reg pkt sent (3ffe:10:10:1::96, ff1e::10), Forwarding: 1/0, Other: 0 Fwd msg: 0/0, Client msg: 0/0/0/0, Reg: 0/0/0 (3ffe:10:10:1::96, ff1e::12), Forwarding: 1/0, Other: 0 Fwd msg: 0/0, Client msg: 0/0/0/0, Reg: 0/0/0
ExampleZebOS# show ipv6 mroute 3ffe:10:20:2::92 ff1e::12 count
show ipv6 mroute summaryUse this command to display the contents of the IPv6 multicast routing (mroute) table in an abbreviated form.
Command Syntaxshow ipv6 mroute (vrf VRFNAME) (GRPADD) (SRCADD) (dense|sparse) summary
show ipv6 mroute summary
VRFNAME Optional. Specify the VRF name.GRPADD = Group IPv6 address.SRCADD = Source IPv6 address.dense Display dense multicast routes.sparse Display sparse multicast routes.summary = Provide abbreviated display.
Command ModeExec and Privileged Exec mode
UsageThe following is a show output of this command displaying an abbreviated version of the IP multicast routing table contents.
ZebOS# show ipv6 mroute summary IPv6 Multicast Routing Table
NSM Multicast Commands
190 ©2001-2007 IP Infusion Inc. Confidential
Flags: I - Immediate Stat, T - Timed Stat, F - Forwarder installedTimers: Uptime/Stat ExpiryInterface State: Interface (3ffe:10:10:1::96, ff1e::10), 00:00:10/00:03:20, PIM-SMv6, Flags: TF (3ffe:10:10:1::96, ff1e::12), 00:00:03/00:03:27, PIM-SMv6, Flags: TF
ExampleZebOS# show ipv6 mroute 3ffe:10:10:1::70 ff1e::6 summary
show ipv6 rpfUse this command to display RPF information for the specified source address.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow ipv6 rpf SRCADD
SRCADD = X:X::X:X Specifies source IPv6 address
Command ModeExec mode and Privileged Exec mode
ExamplesZebOS# show ipv6 rpf 3ffe::1
©2001-2007 IP Infusion Inc. Confidential 191
CHAPTER 9 NSM Traffic Engineering (TE) Commands
reservable-bandwidth Use this command to specify the maximum reservable bandwidth per interface. This value can be a larger or smaller value than max-bandwidth. When no max-reservable-bandwidth is specified, the default is equal to the max-bandwidth. Use the no parameter to remove the maximum reservable, and use the maximum bandwidth.
This command is available only when Traffic Engineering is enabled at build time. Use any of these switches to turn on TE: --enable te; --enable ospf-te; --enable cspf.
Command Syntaxreservable-bandwidth BANDWIDTH
BANDWIDTH = <1-999> k|m|g for 1 to 999 kilo bits, mega bits or giga bits.
Command ModeInterface mode
Usageinterface eth0reservable-bandwidth 100m
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# reservable-bandwidth 100m
Related Commandsbandwidth
NSM Traffic Engineering (TE) Commands
192 ©2001-2007 IP Infusion Inc. Confidential
©2001-2007 IP Infusion Inc. Confidential 193
CHAPTER 10 NSM DiffServ Commands
This chapter contains DiffServ commands in alphabetical order. These commands are available only if ZebOS is compiled with the --enable-diffserv configuration option.
mpls class-to-exp-bitUse this command to configure the node level PHB-EXP mapping.
Use the no parameter with this command to remove the configuration of a PHB-EXP mapping.
Command Syntax(no) mpls class-to-exp-bit CLASS <0-7>
CLASS Diffserv class mapped to particular PHB. For example, be, ef, af11 etc.<0-7> EXP bit mapped to the specified PHB.
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# mpls class-to-exp-bit ef 3
mpls support-diffserv-classUse this command to configure the supported Diffserv class.
Use the no parameter with this command to remove the configuration of the supported Diffserv class.
Command Syntax(no) mpls support-diffserv-class CLASS
CLASS Diffserv class mapped to the specified PHB. For example, ef, be, af11 etc.
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# mpls support-diffserv-class af11
show mpls diffservUse this command to display Diffserv configuration information.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
NSM DiffServ Commands
194 ©2001-2007 IP Infusion Inc. Confidential
Command Syntaxshow mpls diffserv
Command ModePrivileged Exec mode
UsageThe diffserv configuration information displayed by this command includes:
• All configurable Diffserv classes that can be used as PHB/PSC.
• PHB/PSC supported by this node.
• Node level PHB-EXP mapping.
Following is a sample output of the show mpls diffserv command showing diffserv configuration information.
ZebOS# show mpls diffservMPLS Differentiated Services Configurable Classes list:DSCP Class: be, value: 000000DSCP Class: cs1, value: 001000DSCP Class: af11, value: 001010DSCP Class: af12, value: 001100DSCP Class: af13, value: 001110DSCP Class: cs2, value: 010000DSCP Class: af21, value: 010010DSCP Class: af22, value: 010100DSCP Class: af23, value: 010110DSCP Class: cs3, value: 011000DSCP Class: af31, value: 011010DSCP Class: af32, value: 011100DSCP Class: af33, value: 011110DSCP Class: cs4, value: 100000DSCP Class: af41, value: 100010DSCP Class: af42, value: 100100DSCP Class: af43, value: 100110DSCP Class: cs5, value: 101000DSCP Class: ef, value: 101110DSCP Class: cs6, value: 110000DSCP Class: cs7, value: 111000
MPLS Differentiated Services Supported Classes data:CLASS DSCP_value be 000000af11 001010af12 001100 cs5 101000
MPLS Differentiated Services CLASS to EXP mapping data:CLASS DSCP_value EXP_value be 000000 0 be 000000 2af12 001100 3
NSM DiffServ Commands
©2001-2007 IP Infusion Inc. Confidential 195
ExamplesZebOS# show mpls diffserv
show mpls diffserv class-to-expUse this command to display the node level PHB-EXP mapping.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls diffserv class-to-exp
Command ModePrivileged Exec mode
UsageFollowing is a sample output of the show mpls diffserv class-to-exp command showing PHB-EXP mapping at the node level.
ZebOS# show mpls diffserv class-to-expMPLS Differentiated Services CLASS to EXP mapping data:CLASS DSCP_value EXP_value be 000000 0 be 000000 2af12 001100 3
ExamplesZebOS# show mpls diffserv class-to-exp
show mpls diffserv configurable-dscpUse this command to display all configurable DSCP values which can be used as PHB/PSC by this node.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls diffserv configurable-dscp
Command ModePrivileged Exec mode
UsageFollowing is a sample output of the show mpls diffserv configurable-dscp command showing all configurable diffserv DSCP values.
ZebOS# show mpls diffserv configurable-dscpMPLS Differentiated Services Configurable Classes list:DSCP Class: be, value: 000000DSCP Class: cs1, value: 001000
NSM DiffServ Commands
196 ©2001-2007 IP Infusion Inc. Confidential
DSCP Class: af11, value: 001010DSCP Class: af12, value: 001100DSCP Class: af13, value: 001110DSCP Class: cs2, value: 010000DSCP Class: af21, value: 010010DSCP Class: af22, value: 010100DSCP Class: af23, value: 010110DSCP Class: cs3, value: 011000DSCP Class: af31, value: 011010DSCP Class: af32, value: 011100DSCP Class: af33, value: 011110DSCP Class: cs4, value: 100000DSCP Class: af41, value: 100010DSCP Class: af42, value: 100100DSCP Class: af43, value: 100110DSCP Class: cs5, value: 101000DSCP Class: ef, value: 101110DSCP Class: cs6, value: 110000DSCP Class: cs7, value: 111000
ExamplesZebOS# show mpls diffserv configurable-dscp
show mpls diffserv supported-dscpUse this command to display supported DSCP values that can be used as PHB/PSC by this node.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls diffserv supported-dscp
Command ModePrivileged Exec mode
UsageFollowing is a sample output of the show mpls diffserv supported-dscp command showing the supported diffserv DSCP value.
ZebOS# show mpls diffserv supported-dscpMPLS Differentiated Services Supported Classes data:CLASS DSCP_value be 000000 af11 001010 af12 001100 cs5 101000
ExamplesZebOS# show mpls diffserv supported-dscp
©2001-2007 IP Infusion Inc. Confidential 197
CHAPTER 11 NSM DiffServ-TE Commands
bandwidth-constraintUse this command to configure the bandwidth constraint for a class type on the current interface.
Use the no parameter with this command to remove the bandwidth constraint of a class type on the current interface.
Command Syntax(no) bandwidth-constraint CT-NAME BANDWIDTH
CT-NAME Specifies the DS-TE class type name associated with the bandwidth.BANDWIDTH Specifies the bandwidth constraint <1-10000000000 bits>. Usable units are k|m|g for
kilo, mega or giga bits. The default value is 0.
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# bandwidth-constraint a1 100m
bc-modeUse this command to configure the bandwidth constraint mode for the current interface. There are three different modes available--MAM, RSDL and MAR.
Command Syntaxbc-mode MODE
MODE Specifies the bandwidth constraint mode: MAM, RSDL or MAR. MAM is the default mode.
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# bc-mode mam
mpls class-typeUse this command to configure the name for a class type. Defining the class type name enables and configures the class type on a particular node.
Use the no parameter with this command to remove the class type configuration.
NSM DiffServ-TE Commands
198 ©2001-2007 IP Infusion Inc. Confidential
Command Syntax (no) mpls class-type CLASS-TYPE CLASS-TYPE-NAME
CLASS-TYPE Class type to be configured (ct0-ct7).CLASS-TYPE-NAME Name to be configured for the specified class type.
Command ModeConfigure mode
Examples ZebOS# configure terminalZebOS(config)# mpls class-type ct1 a1
mpls te-classUse this command to configure a TE class using the class type name and the pre-emption priority.
Use the no parameter with this command to remove the TE class configuration.
Command Syntax(no) mpls te-class TE-CLASS CLASS-TYPE-NAME <0-7>
TE-CLASS Specifies DiffServ TE class (te0-te7).CLASS-TYPE-NAME Specifies class type name. <0-7> Pre-emption priority.
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(configure)# mpls te-class te3 default 6
show mpls dsteUse this command to display the DS-TE configuration information on this node. It displays information about the configured class types and TE classes.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntax show mpls dste
Command ModePrivileged Exec mode
UsageThe following is a sample output of the show mpls dste command displaying the DS-TE configuration information about the TE classes and class types.
NSM DiffServ-TE Commands
©2001-2007 IP Infusion Inc. Confidential 199
ZebOS# show mpls dste te0: { a1, 4 }te1: { a2, 5 }te3: { default, 6 }ct0: defaultct1: a1ct2: a2
ExamplesZebOS# show mpls dste
show mpls dste class-typeUse this command to display configured DS-TE class types.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls dste class-type
Command ModePrivileged Exec mode
UsageThe following is a sample output of the show mpls dste class-type command displaying the class types.
ZebOS# show mpls dste class-type ct0: defaultct1: a1ct2: a2
ExamplesZebOS# show mpls dste class-type
show mpls dste te-classUse this command to display configured DS-TE TE classes.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntax show mpls dste te-class
Command ModePrivileged Exec Mode
UsageThe following is a sample output of the show mpls dste te-class command displaying the TE classes.
NSM DiffServ-TE Commands
200 ©2001-2007 IP Infusion Inc. Confidential
ZebOS# show mpls dste te-class te0: { a1, 4 }te1: { a2, 5 }te3: { default, 6 }
ExamplesZebOS# show mpls dste te-class
©2001-2007 IP Infusion Inc. Confidential 201
CHAPTER 12 NSM Layer-2 Commands
Common Commands
flowcontrol offUse this command to disable flow control.
Command Syntaxflowcontrol [send|receive] off
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth1ZebOS(config-if)# flowcontrol receive off
flowcontrol on Use this command to enable flow control, and configure the flow control mode for the port.
Command Syntaxflowcontrol [send|receive] on
Command ModeInterface mode
UsageFlow control enables connected Ethernet ports to control traffic rates during congestion by allowing congested nodes to pause link operation at the other end. If one port experiences congestion, and cannot receive any more traffic, it notifies the other port to stop sending until the condition clears. When the local device detects congestion at its end, it notifies the remote device by sending a pause frame. On receiving a pause frame, the remote device stops sending data packets, which prevents loss of data packets during the congestion period.
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# flowcontrol send on
NSM Layer-2 Commands
202 ©2001-2007 IP Infusion Inc. Confidential
mirror interfaceUse this command to define a mirror source port and its direction. This command must be run separately for each source port.
Use the no parameter with this command to disable port mirroring by the destination port on the specified source port.
Command Syntaxmirror interface SOURCEPORT direction SNOOPDIRECTION
no mirror interface SOURCEPORT
SOURCEPORT Name of the Source interface to be used.SNOOPDIRECTION [both|receive|transmit]
both Specifies mirroring of traffic in both directions.receive Specifies mirroring of received traffic.transmit Specifies mirroring of transmitted traffic.
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# mirror interface eth1 direction both
show flowcontrol interfaceUse this command to display flow control information.
Command Syntaxshow flowcontrol interface IFNAME
IFNAME Specifies the name of the interface to be displayed.
Command ModeExec mode
ExampleZebOS# show flowcontrol interface ge2
UsageThe following is a sample output of the show flowcontrol interface command displaying flow control information:
ZebOS# show flowcontrol interface ge1Port Send FlowControl Receive FlowControl RxPause TxPause
admin oper admin oper
----- ------- -------- ------- -------- ------- -------ge1 on on on on 0 0
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 203
show mirrorUse this command to display the status of all mirrored ports.
Command Syntaxshow mirror
Command ModePrivileged Exec mode
ExampleZebOS# show mirror
UsageThe following is a sample output of the show mirror command displaying the status of all mirrored ports:
ZebOS# show mirrorMirror Test Port Name: ge1Mirror option: EnabledMirror direction: bothMonitored Port Name: ge2Mirror Test Port Name: ge3Mirror option: EnabledMirror direction: receiveMonitored Port Name: ge4Mirror Test Port Name: ge3Mirror option: EnabledMirror direction: receiveMonitored Port Name: ge1Mirror Test Port Name: ge1Mirror option: EnabledMirror direction: receiveMonitored Port Name: ge3Mirror Test Port Name: ge1Mirror option: EnabledMirror direction: transmitMonitored Port Name: ge4
show mirror interfaceUse this command to display port mirroring.
Command Syntaxshow mirror interface IFNAME
IFNAME Specifies the name of the destination port to be used.
Command ModeInterface, Privileged Exec and Exec mode
NSM Layer-2 Commands
204 ©2001-2007 IP Infusion Inc. Confidential
ExampleZebOS# show mirror interface eth1
UsageFollowing is a sample output of the show mirror interface command displaying mirroring information.
ZebOS(config)# interface ge1ZebOS(config-if)# mirror interface ge2 direction bothZebOS(config-if)# show mirror interface ge2Mirror Test Port Name: ge1Mirror option: EnabledMirror direction: bothMonitored Port Name: ge2
show storm-controlUse this command to display storm control information for all interfaces or a particular interface.
Command Syntaxshow storm-control (IFNAME)
IFNAME Specifies the name of the interface for which storm-control information is to be displayed.
Command ModePrivileged Exec mode
ExampleZebOS# show storm-control eth1
UsageThe following is a sample output of this command displaying storm control information:
ZebOS# show storm-control eth1Port BcastLevel BcastDiscards McastLevel McastDiscards DlfLevel DlfDiscardsfe14 40. 0% 64290164 100. 0% 64290164 100. 0% 64290164
show storm-control broadcast interfaceUse this command to display storm control information.
Command Syntaxshow storm-control broadcast interface IFNAME
IFNAME Specifies the name of the interface for which storm-control information is to be displayed.
Command ModePrivileged Exec mode
ExampleZebOS# show storm-control broadcast interface eth1
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 205
UsageThe following is a sample output of this command displaying storm control information:
ZebOS(config-if)# storm-control broadcast level 3ZebOS(config-if)# show storm-control broadcast
Port BcastSuppLevel TotalSuppressedPackets
ge1 3% 61503000
storm-control levelUse this command to specify the rising threshold level for broadcasting, multicast, or destination lookup failure traffic. The storm control action occurs when traffic utilization reaches this level.
Use the no parameter with this command to disable storm control.
Command Syntaxstorm-control broadcast|multicast|dlf level LEVEL
no storm-control broadcast|multicast|dlf
LEVEL <0-100> Specifies the percentage of the threshold; percentage of the maximum speed (pps) of the interface.
dlf destination lookup failure
DefaultBy default, storm control is disabled.
Command ModeInterface mode
UsageFlooding techniques are used to block the forwarding of unnecessary flooded traffic. A packet storm occurs when a large number of broadcast packets are received on a port. Forwarding these packets can cause the network to slow down or time out.
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# storm-control broadcast level 30
Bridge Commands
bridge acquireUse this command to enable a specific bridge to learn station location information for an instance. This helps in making forwarding decisions.
To disable learning, use the no parameter with this command.
NSM Layer-2 Commands
206 ©2001-2007 IP Infusion Inc. Confidential
Command Syntax bridge <1-32> acquire
no bridge <1-32> acquire
<1-32> Bridge-group ID used for bridging.
Command ModeConfigure mode
Default Learning is enabled by default for all instances.
ExamplesZebOS# configure terminalZebOS(config)# bridge 3 acquire
bridge addressUse this command to statically configure a bridge entry to forward or discard matching frames.
Command Syntax bridge <1-32> address MAC forward|discard IFNAME
no bridge <1-32> address MAC forward|discard IFNAME
<1-32> Bridge-group ID used for bridging.MAC the Media Access Control (MAC) address in the HHHH.HHHH.HHHH format.IFNAME the interface on which the frame comes in.
Command ModeConfigure mode
Examples ZebOS# configure terminalZebOS(config)# bridge 2 address 2222.2222.2222 forward eth0
bridge ageing-time Use this command to specify an ageing-out time for a learned MAC address. The learned MAC address will persist till this specified time.
Command Syntaxbridge-group <1-32> ageing-time AGEINGTIME
no bridge-group <1-32> ageing-time
<1-32> The ID of the bridge-group that this ageing time is for.AGEINGTIME = <10-1000000> The number of seconds of persistence.
DefaultThe default ageing time is 300 seconds.
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 207
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# bridge 3 ageing-time 1000
bridge-groupUse this command to bind an interface with a bridge specified by the parameter.
Command Syntax(no) bridge-group <1-32>
<1-32> Bridge-group ID used for bridging.
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth1ZebOS(config-if)# bridge-group 2
bridge protocol ieeeUse this command to add a IEEE 802.1d Spanning Tree Protocol bridge. Use the no parameter to remove a bridge.
Command Syntaxbridge <1-32> protocol ieee
no bridge <1-32>
<1-32> Bridge-group ID used for bridging.
Command ModeConfigure mode
DefaultThere is no default value.
UsageAfter creating a bridge instance, add interfaces to the bridge using the bridge-group command. Bring the bridge instance into operation with the no shutdown command in interface mode.
Exampleszebos# configure terminalzebos(config)# bridge 3 protocol ieee
NSM Layer-2 Commands
208 ©2001-2007 IP Infusion Inc. Confidential
Related Commandsbridge ageing-time
bridge protocol ieee vlan-bridgeUse this command to add a VLAN bridge (according to the IEEE 802.1q Spanning Tree Protocol) to the spanning tree.
Command Syntaxbridge <1-32> protocol ieee vlan-bridge
<1-32> Bridge-group ID used for bridging.
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# bridge 4 protocol ieee vlan-bridge
bridge protocol mstpUse this command to create a multiple spanning-tree protocol (MSTP) bridge of a specified parameter.
Use the no parameter with this command to unmap the VLANs from a particular instance, and associate it back to the default instance of 0.
Command Syntaxbridge <1-32> protocol mstp
no bridge <1-32>
<1-32> Specify the bridge group ID.
Command ModeConfigure mode
UsageThe MSTP bridges can have different spanning-tree topologies for different VLANs inside a region of “similar” MSTP bridges. The multiple spanning tree protocol, like the rapid spanning tree protocol, provides rapid reconfiguration capability, while providing load balancing ability.
Using this command creates an instance of the spanning tree, and associates the VLANs specified with that instance.
A bridge created by the above command forms its own separate region unless it is added explicitly to a region by using the region name command.
ExamplesZebOS# configure terminalZebOS(config)# bridge 2 protocol mstp
bridge protocol rstpUse this command to add an IEEE 802.1w Rapid Spanning Tree Protocol (RSTP) bridge.
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 209
Command Syntaxbridge <1-32> protocol rstp (ring)
<1-32> Bridge-group ID used for bridging.ring Optional. Add an RSTP bridge for a ring topology.
Command ModeConfigure mode
UsageAfter creating a bridge instance, add interfaces to the bridge using the bridge-group command. Bring the bridge instance into operation with the no shutdown command in Interface mode.
ExamplesZebOS# configure terminalZebOS(config)# bridge 2 protocol rstp
bridge protocol rstp vlan-bridgeUse this command to add a VLAN bridge to the rapid spanning tree.
Command Syntaxbridge <1-32> protocol rstp vlan-bridge
<1-32> Bridge-group ID used for bridging.
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# bridge 3 protocol rstp vlan-bridge
clear mac address-tableUse this command to clear the filtering database for the default bridge.
Command Syntaxclear mac address-table static|multicast address|vlan|interface (WORD)
static Filtering database entries configured through the CLI.multicast Multicast filtering database entries.address Filtering database entries with the given MAC address.vlan Filtering database entries for the given VLAN.interface Filtering database entries for the given interface.WORD
VLAN ID when filtering database entries are cleared based on VLANs. Value range is 1-4094.Interface name when filtering database entries are cleared based on an interface name.MAC address name when filtering database entries are cleared based on the MAC address.
NSM Layer-2 Commands
210 ©2001-2007 IP Infusion Inc. Confidential
Command ModePrivileged Exec mode
ExamplesThis example shows how to clear all filtering database entries configured through the CLI.
ZebOS# clear mac address-table static
This example shows how to clear multicast filtering database entries.
ZebOS# clear mac address-table multicastThis example shows how to clear all filtering database entries for a given interface.
ZebOS# clear mac address-table static interface eth0
This example shows how to clear multicast filtering database entries for a given VLAN.
ZebOS# clear mac address-table multicast vlan 2
This example shows how to clear static filtering database entries for a given MAC address.
ZebOS# clear mac address-table static address 0202.0202.0202
Related Commandsclear mac address-table bridge
clear mac address-table bridgeUse this command to:
• clear the filtering database
• clear all filtering database entries configured through CLI (static)
• clear all multicast filtering database entries
• clear all multicast filtering database entries for a given VLAN or interface
• clear all static or multicast database entries based on a mac address
Command Syntaxclear mac address-table (static|multicast) (address|vlan|interface) WORD bridge NAME
static Filtering database entries configured through CLI.multicast Multicast filtering database entries.address Filtering database entries with the given mac address.vlan Filtering database entries for the given VLAN.interface Filtering database entries for the given interface.WORD
VLAN ID when filtering database entries are cleared based on VLANs. Value range is 1-4094.Interface name when filtering database entries are cleared based on an interface name.Mac address name when filtering database entries are cleared based on the mac address.
NAME Bridge name <1-32>.
Command ModePrivileged Exec mode
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 211
ExamplesThis example shows how to clear all filtering database entries configured through CLI.
ZebOS# clear mac address-table static bridge 1This example shows how to clear multicast filtering database entries.
ZebOS# clear mac address-table multicast bridge 1
This example shows how to clear all filtering database entries for a given interface.
ZebOS# clear mac address-table static interface eth0 bridge 1
This example shows how to clear multicast filtering database entries for a given VLAN.
ZebOS# clear mac address-table multicast vlan 2 bridge 1This example shows how to clear static filtering database entries for a given mac address.
ZebOS# clear mac address-table static address 0202.0202.0202 bridge 1
clear mac address-table dynamicUse this command to clear, on the default bridge, the filtering database of all entries learned through bridge operation, or filtering database entries learned through bridge operation for a given MAC address, interface, or VLAN.
Command Syntaxclear mac address-table dynamicclear mac address-table dynamic address|interface|vlan (WORD)
address Filtering database entries for the given MAC address.interface Filtering database entries for the given interface.vlan Filtering database entries for the given VLAN.WORD Optional.
MAC address when filtering database entries are cleared based on an MAC address.Interface name when filtering database entries are cleared based on an interface name.VLAN ID when filtering database entries are cleared based on VLANs. Value range is 1-4094.
Command ModePrivileged Exec mode
ExamplesThis example shows how to clear all filtering database entries learned through bridge operation for a given MAC address.
ZebOS# clear mac address-table dynamic address 0202.0202.0202
Related Commandsclear mac address-table dynamic bridge
clear mac address-table dynamic bridgeUse this command to clear the filtering database of all entries learned through bridge operation, or clear filtering database entries learned through bridge operation for a given MAC address, interface, or VLAN.
NSM Layer-2 Commands
212 ©2001-2007 IP Infusion Inc. Confidential
Command Syntaxclear mac address-table dynamic bridge NAME
NAME Bridge name <1-32>.clear mac address-table dynamic address|interface|vlan WORD bridge NAME
address Filtering database entries for the given MAC address.interface Filtering database entries for the given interface.vlan Filtering database entries for the given VLAN.WORD
MAC address when filtering database entries are cleared based on an MAC address.Interface name when filtering database entries are cleared based on an interface name.VLAN ID when filtering database entries are cleared based on VLANs. Value range is 1-4094.
Command ModePrivileged Exec mode
ExamplesThis example shows how to clear all filtering database entries learned through bridge operation for a given MAC address.
ZebOS# clear mac address-table dynamic address 0202.0202.0202 bridge 1
mac-address-table staticUse this command to configure the static forwarding table entry for the default bridge. Use the no parameter with this command to remove the entry for the default bridge.
Command Syntax(no) mac-address-table static MAC forward|discard IFNAME
MAC MAC address in the HHHH.HHHH.HHHH format.IFNAME Interface on which the frame comes in.
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# mac-address-table static 2222.2222.2222 forward eth0
Related Commandsbridge address
show bridgeUse this command to display the filtering database values.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 213
Command Syntaxshow bridge
Command ModePrivileged Exec mode
UsageThe following is a sample output of the show bridge command.
ZebOS# show bridge% b: bridge up - spanning tree enabled - learning enabled% b: ageing-time 300 - root path cost 0 - priority 32768% b: forward-time 15 - hello-time 2 - max-age 20 - root port 0% b: root id 8000000000000000% b: bridge id 8000000000000000% b: hello timer 0 - tcn timer 0 - topo change timer 0% b: 0 topology changes - last topology change Wed Dec 31 19:00:00 1969zebos#con tEnter configuration commands, one per line. End with CNTL/Z.zebos(config)#int eth1zebos(config-if)#bridge-group bZebOS# show bridge% b: bridge up - spanning tree enabled - learning enabled% b: ageing-time 300 - root path cost 0 - priority 32768% b: forward-time 15 - hello-time 2 - max-age 20 - root port 0% b: root id 8000000476e6c88c% b: bridge id 8000000476e6c88c% b: hello timer 0 - tcn timer 0 - topo change timer 0% b: 0 topology changes - last topology change Wed Dec 31 19:00:00 1969% eth1: port 3 - id 8003 - path cost 20000000 - designated cost 0% eth1: designated port id 8003 - state Listening - priority 128% eth1: designated root 8000000476e6c88c% eth1: designated bridge 8000000476e6c88c% eth1: forward-timer 10 - hold-timer 0 - msg age timer 0% eth1: forward-transitions 0
show interface switchport bridgeUse this command to display the characteristics of the Layer-2 interface with the current VLAN.
Command Syntaxshow interface switchport bridge <1-32>
<1-32> Specify the ID of the bridge-group for which information has to be displayed.
Command ModePrivileged Exec mode
UsageThe following is an output of this command displaying the characteristics of this interface on bridge b.
NSM Layer-2 Commands
214 ©2001-2007 IP Infusion Inc. Confidential
ZebOS# show interfaces switchport bridge 2 Interface name : eth5 Switchport mode : access Ingress filter : disable Acceptable frame types : all Vid swap : disable Default vlan : 2 Configured vlans : 2
Interface name : eth4 Switchport mode : access Ingress filter : disable Acceptable frame types : all Vid swap : disable Default vlan : 1 Configured vlans : 1
Examplezebos# show interface switchport bridge 4
switchportUse this command to set the switching characteristics of the Layer-2 protocols when using the ZebOS Hybrid Layer-2/Layer-3 solution.
Use the no parameter with this command to revert to the default behavior.
Command Syntax(no) switchport
Command ModeInterface mode
UsageIn case of ZebOS Hybrid L-2/ L-3, it is important to understand that by default, all interfaces are configured as routed interfaces; and if you want to change the behavior of a port from a Switched port to a routed port, you must explicitly configure this using the no switchport command in the interface mode.
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# no switchport
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 215
VLAN Commands
show vlanUse this command to display information about a particular VLAN by specifying the VLAN ID. It displays information for all the bridges configured.
Command Syntaxshow vlan <2-4094>
<2-4094> VLAN ID.
Command ModePrivileged Exec mode
ExampleThe following is an output of this command displaying information about VLAN 2.
ZebOS# show vlan 2Bridge Group VLAN ID Name State Member ports
([u]-Untagged, [t]-Tagged)
------------ --------- --------------- ----------- ------------------------
1 2 VLAN0002 active [u]eth1 [t]eth2
show vlan allUse this command to display information about all VLANs on the default bridge.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow vlan all
Command ModePrivileged Exec mode
Related Commandsshow vlan all bridge
show vlan all bridgeUse this command to display information about all VLANs on a bridge.
Command Syntaxshow vlan all bridge <1-32>
<1-32> Bridge group ID.
NSM Layer-2 Commands
216 ©2001-2007 IP Infusion Inc. Confidential
Command ModePrivileged Exec mode
ExampleThe following is a sample output of this command displaying all VLANs on bridge 1.
ZebOS# show vlan all bridge 1Bridge VLAN ID Name State Member ports (u)-Untagged, (t)-Tagged=============== ======= =============== ======= =============================1 1 default ACTIVE fe17(u) po1(t) fe43(t) fe44(t)Bridge VLAN ID Name State Member ports (u)-Untagged, (t)-Tagged=============== ======= =============== ======= ==============================1 11 VLAN0011 ACTIVE po1(t)
show vlan briefUse this command to display information about all VLANs configured for all bridges.
Command Syntaxshow vlan brief
Command ModePrivileged Exec mode
ExampleZebOS# show vlan briefBridge VLAN ID Name State Member ports
(u)-Untagged, (t)-Tagged
=============== ======= ================ ====== ==============================
1 1 default ACTIVE fe17(u) po1(t) fe43(t) fe44(t)
Bridge VLAN ID Name State Member ports
(u)-Untagged, (t)-Tagged
=============== ======= ================ ====== ==============================
1 11 VLAN0011 ACTIVE po1(t)
show vlan classifier groupUse this command to display information about all configured VLAN classifier groups or a specific group.
Command Syntaxshow vlan classifier group (<1-256>)
<1-256> VLAN classifier group identifier
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 217
Command ModeExec mode
UsageIf a group ID is not specified, all configured VLAN classifier groups are shown. If a group ID is specified, a specific configured VLAN classifier group is shown.
ExampleZebOS# show vlan classifier group 1vlan classifier group 1 add rule 1
show vlan classifier interface groupUse this command to display information about all interfaces configured for a VLAN group or all the groups.
Command Syntaxshow vlan classifier interface group (<1-16>)
<1-16> VLAN classifier interface group identifier
Command ModeExec mode
UsageIf a group ID is not specified, all interfaces configured for all VLAN classifier groups are shown. If a group ID is specified, the interfaces configured for this VLAN classifier group are shown.
ExampleZebOS# show vlan classifier interface groupvlan classifier group 1 interface fe2vlan classifier group 1 interface fe3vlan classifier group 2 interface fe5vlan classifier group 3 interface fe7
ZebOS# show vlan classifier interface group 1vlan classifier group 1 interface fe2vlan classifier group 1 interface fe3
show vlan classifier ruleUse this command to display information about all configured VLAN classifier rules or a specific rule.
Command Syntaxshow vlan classifier rule (<1-256>)
<1-256> VLAN classifier rule identifier
Command ModeExec mode and Privileged Exec mode
NSM Layer-2 Commands
218 ©2001-2007 IP Infusion Inc. Confidential
UsageIf a rule ID is not specified, all configured VLAN classifier rules are shown. If a rule ID is specified, a specific configured VLAN classifier rule is shown.
ExampleZebOS# show vlan vlan classifier rule 1vlan classifier group 1 add rule 1
show vlan dynamic bridgeUse this command to display information about all dynamic VLANs on a bridge.
Command Syntaxshow vlan dynamic bridge <1-32>
<1-32> Bridge-group ID.
Command ModePrivileged Exec mode
ExampleThe following is a sample output of this command displaying dynamic VLANs on bridge 1.
ZebOS# show vlan dynamic bridge 1Bridge VLAN ID Name State Member ports (u)-Untagged, (t)-Tagged=============== ======= ================ ======= =============================
1 11 *VLAN0011 ACTIVE fe33(t)
1 14 *VLAN0014 ACTIVE fe33(t)
show vlan static bridgeUse this command to display information about all static VLANs on a bridge.
Command Syntaxshow vlan static bridge <1-32>
<1-32> Bridge-group ID.
Command ModePrivileged Exec mode
ExampleThe following is a sample output of this command displaying static VLANs on bridge 1.
ZebOS# show vlan static bridge 1Bridge VLAN ID Name State Member ports (u)-Untagged, (t)-Tagged=============== ======= ================ =====================================
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 219
1 1 default ACTIVE fe17(u) po1(t) fe43(t)fe44(t)Bridge VLAN ID Name State Member ports (u)-Untagged, (t)-Tagged=============== ======= ================ =====================================1 11 VLAN0011 ACTIVE po1(t)
switchport access vlanUse this command to change the default VLAN on the current interface.
Use the no parameter to remove a previously created VLAN with the specified VLAN ID.
Command Syntax(no) switchport access vlan VLANID
VLANID = < 2-4094> The default VLAN ID for the specified interface.
Command ModeInterface mode
UsageIPI does not recommend the use of VLANID identifier 1 because of interoperability issues with other vendors’ equipment.
ExamplesThis example shows the steps of a typical VLAN session, creating and destroying a VLAN.
zebos# configure terminalzebos(config)# interface eth0zebos(config-if)# switchport access vlan 3...
zebos(config)# interface eth0zebos(config-if)# no switchport access vlan 3
Related Commandsshow vlan
switchport hybrid allowed vlan Use this command to set the switching characteristics of the Layer-2 interface to hybrid. Both tagged and untagged frames will be classified over hybrid interfaces.
Use the no parameter to turn off allowed hybrid switching.
Command Syntaxswitchport hybrid allowed vlan all
switchport hybrid allowed vlan none
switchport hybrid allowed vlan add VLANID (egress-tagged [enable|disable])
switchport hybrid allowed vlan remove VLANID
NSM Layer-2 Commands
220 ©2001-2007 IP Infusion Inc. Confidential
no switchport hybrid vlan
all Allow all VLANs to transmit and receive through the Layer-2 interface.none Allow no VLANs to transmit and receive through the Layer-2 interface.add Add a VLAN to the member set.remove Remove a VLAN from the member set.VLANID = <2-4094> The ID of the VLAN or VLANs that will be added to, or removed from, the Layer-2
interface.For a VLAN range, specify two VLAN numbers: lowest, then highest number in the range, separated by
a hyphen.For a VLAN list, specify the VLAN numbers separated by commas.
Note: Do not enter spaces between hyphens or commas when setting parameters for VLAN ranges or lists.
egress-taggedenable Enable the egress tagging for the outgoing frames.disable Disable the egress tagging for the outgoing frames.
Command ModeInterface mode
ExamplesThe following shows adding a single VLAN to the member set.
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport hybrid allowed vlan add egswitchport hybrid allowed vlan add 2 egress-tagged enable
The following shows adding a range of VLANs to the member set.
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport hybrid allowed vlan add egswitchport hybrid allowed vlan add 2-4 egress-tagged enable
The following shows adding a list of VLANs to the member set.
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport hybrid allowed vlan add egswitchport hybrid allowed vlan add 2,3,4 egress-tagged enable
switchport hybrid vlan Use this command to set the switching characteristics of the Layer-2 interface to hybrid.
Use the no parameter to turn off hybrid switching (no switchport hybrid), or add the Layer 2 interface to the default VLAN (no switchport hybrid vlan).
Command Syntaxswitchport hybrid vlan VLANID
VLANID The ID of the VLAN that will be added to, or removed from, the Layer-2 interfaceno switchport hybrid
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 221
Turns off the Layer 2 switching characteristic.no switchport hybrid vlan
Adds the Layer 2 interface to the default VLAN.
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport hybrid vlan 18
switchport mode accessUse this command to set the switching characteristics of the Layer-2 interface to access mode, and classify untagged frames only. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria.
Use the no parameter with this command to reset the mode of the Layer-2 interface to access (default).
Command Syntaxswitchport mode access (ingress-filter [enable|disable])
no switchport mode
ingress-filter Set the ingress filtering for the received frames.enable Set the ingress filtering for received frames. Received frames that cannot be classified in the
previous step based on the acceptable frame type parameter (access/trunk) are discarded.disable Turn off ingress filtering to accept frames that do not meet the classification criteria. This is
the default value.
DefaultThe result of not using this command is that ingress filtering is off, and that all frame types are classified and accepted.
Using this command without the ingress-filter parameter causes this command to use the default values.
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport mode access ingress-filter enable
switchport mode hybridUse this command to set the switching characteristics of the Layer-2 interface as hybrid, and classify both tagged and untagged frames. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria.
Use the no parameter to reset the mode of the Layer-2 interface to access (default).
NSM Layer-2 Commands
222 ©2001-2007 IP Infusion Inc. Confidential
Command Syntaxswitchport mode hybrid
switchport mode hybrid ingress-filter [enable|disable]
switchport mode hybrid acceptable-frame-type vlan-tagged
no switchport mode
ingress-filter Set the ingress filtering for the frames received.enable Set the ingress filtering for received frames. Received frames that cannot be classified in the
previous step based on the acceptable frame type parameter (access/trunk) are discarded.disable Turn off ingress filtering to accept frames that do not meet the classification criteria. This is
the default value.acceptable-frame-type Set the Layer-2 interface acceptable frame types. This processing occurs
after VLAN classification.vlan-tagged Accept only classified frames which belong to the port's member set.
DefaultThe result of not using this command is that ingress filtering is off, and that all frame types are classified and accepted.
Using this command without either ingress-filter or acceptable-frame-type parameters causes this command to use the default values for each.
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport mode hybrid acceptable-frame-type vlan-tagged
switchport mode trunkUse this command to set the switching characteristics of the Layer-2 interface as trunk, and specify only tagged frames. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria.
Use the no parameter to reset the mode of the Layer-2 interface to access (default).
Command Syntaxswitchport mode trunk (ingress-filter [enable|disable])
no switchport mode
ingress-filter Set the ingress filtering for the frames received.enable Set the ingress filtering for received frames. Received frames that cannot be classified in the
previous step based on the acceptable frame type parameter (access/trunk) are discarded.disable Turn off ingress filtering to accept frames that do not meet the classification criteria. This is
the default value.
DefaultThe result of not using this command is that ingress filtering is off, and that all frame types are classified and accepted.
Using this command without the ingress-filter parameter causes this command to use the default values.
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 223
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport mode trunk ingress-filter enable
switchport trunk allowed vlanUse this command to set the switching characteristics of the Layer-2 interface to trunk.The all parameter indicates that any VLAN ID is part of its port’s member set. The none parameter indicates that no VLAN ID is configured on this port. The add and remove parameters will add and remove VLAN IDs to/from the port’s member set.
Use the no parameter to remove all VLAN IDs configured on this port.
Command Syntaxswitchport trunk allowed vlan all
switchport trunk allowed vlan none
switchport trunk allowed vlan add VLANID
switchport trunk allowed vlan remove VLANID
switchport trunk allowed vlan except VLANID
no switchport trunk vlan
all Allow all VLANs to transmit and receive through the Layer-2 interface.none Allow no VLANs to transmit and receive through the Layer-2 interface.add Add a VLAN to transmit and receive through the Layer-2 interface.remove Remove a VLAN from transmit and receive through the Layer-2 interface.except All VLANs, except the VLAN for which the ID is specified, are part of its ports member set.VLANID <2-4094> The ID of the VLAN or VLANs that will be added to, or removed from, the Layer-2
interface. A single VLAN, VLAN range, or VLAN list can be set.For a VLAN range, specify two VLAN numbers: lowest, then highest number in the range, separated by
a hyphen.For a VLAN list, specify the VLAN numbers separated by commas.
Note: Do not enter spaces between hyphens or commas when setting parameters for VLAN ranges or lists.
Command ModeInterface mode
ExamplesThe following shows adding a single VLAN to the port’s member set.
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport trunk allowed vlan add V2
The following shows adding a range of VLANs to the port’s member set.
ZebOS# configure terminalZebOS(config)# interface eth0
NSM Layer-2 Commands
224 ©2001-2007 IP Infusion Inc. Confidential
ZebOS(config-if)# switchport trunk allowed vlan add V2-4
The following shows adding a list of VLANs to the port’s member set.
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport trunk allowed vlan add V2,3,4
switchport trunk native vlanUse this command to configure native VLANs for this port. The native VLAN is used for classifying the incoming untagged packets.
Use the no parameter to revert the native VLAN to the default VLAN ID 1.
Command Syntaxswitchport trunk native vlan VLANID
no switchport trunk native vlan
VLANID <1-4094> The ID of the VLAN that will be used to classify the incoming untagged packets. The VLAN ID must be a part of the VLAN member set of the port.
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport trunk native vlan 2
vlan bridge This command enables or disables the state of a particular VLAN on a bridge basis. Specifying the disable state causes all forwarding over the specified VLAN ID on the specified bridge to cease. Specifying the enable state allows forwarding of frames on the specified VLAN-aware bridge.
Command Syntaxvlan VLANID bridge <1-32> (name VLAN_NAME) (state [enable|disable])
no vlan VLANID bridge <1-32>
VLANID The VID of the VLAN that will be enabled or disabled on the bridge <2-4094>.<1-32> The ID of the bridge-group on which the VLAN will be affected.VLAN_NAME The ASCII name of the VLAN. Maximum length: 16 characters.enable Sets VLAN into an enable state.disable Sets VLAN into a disable state.
Command ModeVLAN Configuration mode
ExamplesZebOS# configure terminalZebOS(config)# vlan database
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 225
ZebOS(config-vlan)#vlan 45 bridge 2 name vlan2 state enable
vlan classifier ipv4Use this command to create an IPv4 subnet-based VLAN classifier rule and map it to a specific VLAN.
Command Syntaxvlan classifier <1-256> ipv4 A.B.C.D/M vlan <2-4094>
no vlan classifier <1-256> ipv4 A.B.C.D/M
<1-256> VLAN Classifier identifierA.B.C.D/M IP Subnet<2-4094> VLAN to which an untagged packet is mapped.
Command ModeConfigure mode
UsageIf the source IP address matches the IP subnet specified in the VLAN classifier rule, the received packets are mapped to the specified VLAN.
Command ExampleZebOS# configure terminalZebOS(config)# vlan classifier 3 ipv4 3.3.3.3/8 vlan 5
vlan classifier macUse this command to create a MAC address-based VLAN classifier rule, and map it to a specific VLAN.
Use the no parameter with this command to delete the specified VLAN classifier rule.
Command Syntaxvlan classifier <1-256> mac WORD vlan <2-4094>
no vlan classifier <1-256> (mac WORD)
<1-256> VLAN classifier identifierWORD Mac address<2-4094> VLAN to which an untagged packet is mapped
Command ModeConfigure mode
UsageIf the source MAC address matches the MAC address specified in the VLAN classifier rule, the untagged received frames are mapped to the specified VLAN.
ExampleZebOS# configure terminalZebOS(config)# vlan classifier 33 mac 00-0C-BB-13-2F-88 vlan 35
NSM Layer-2 Commands
226 ©2001-2007 IP Infusion Inc. Confidential
vlan classifier protoUse this command to create a protocol type-based VLAN classifier rule, and map it to a specific VLAN.
Command Syntaxvlan classifier <1-256> proto (Ethernet|appletalk|ipx|llc|<0-65535>)vlan <2-4094>
<1-256> VLAN Classifier identifierproto Type of protocolEthernet Ethernet protocolappletalk Appletalk protocolipx IPX protocolllc LLC protocol<0-65535> Other protocol values<2-4094> VLAN to which an untagged packet is mapped
Command ModeConfigure mode
UsageIf the protocol type matches the protocol specified in the VLAN classifier rule, the received packets are mapped to the specified VLAN.
ExampleZebOS# configure terminalZebOS(config)# vlan classifier 34 proto ethernet vlan 444
vlan databaseUse this command to enter the VLAN configuration mode.
Command Syntaxvlan database
Command ModeConfigure mode
UsageUse this command to enter the VLAN configuration mode, and add, delete, or modify values associated with a single VLAN.
ExamplesIn the following example, note the change to VLAN configuration mode from Configure mode:
ZebOS# configure terminalZebOS(config)# vlan databaseZebOS(config-vlan)#
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 227
Related Commandsvlan bridge
vlan mtu bridge Use this command to set the Maximum Transmission Unit (MTU) for a specified VLAN. Any packet with a size greater than the configured MTU is discarded.
Use the no parameter to reset the MTU configuration for the VLAN.
Command Syntaxvlan VLANID mtu MTU_VALUE bridge BRIDGE_NAME
no vlan VLANID mtu bridge BRIDGE_NAME
VLANID The ID of the VLAN for which the MTU has to be set.MTU_VALUE The value of the Maximum Transmission Unit.BRIDGE_NAME The name of the bridge on which VLAN is configured.
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# vlan 2 mtu 1000 bridge 1
vlan stateThis command enables or disables the state of a particular VLAN on the default bridge. Specifying the disable state causes all forwarding over the specified VLAN ID on the bridge to cease. Specifying the enable state allows forwarding of frames on the bridge. Using the no parameter with this command also disables the state of a particular VLAN on the default bridge.
Command Syntaxvlan VLANID (name VLAN_NAME) state enable|disableno vlan VLANID
VLANID ID of the VLAN that will be enabled or disabled on the bridge <2-4094>. VLAN_NAME Optional. ASCII name of the VLAN. Maximum length: 16 characters.enable Sets VLAN into an enable state.disable Sets VLAN into a disable state.
Command ModeVLAN Configuration mode
ExamplesZebOS# configure terminalZebOS(config)# vlan databaseZebOS(config-vlan)#vlan 45 name vlan2 state enable
NSM Layer-2 Commands
228 ©2001-2007 IP Infusion Inc. Confidential
Related Commandsvlan bridge
Private-VLAN Commands
private-vlan association bridgeUse this command to associate a secondary vlan to a primary vlan. Only one isolated vlan can be associated to a primary vlan. Multiple community vlans can be associated to a primary vlan.
Use the no form of this command to remove association of all the secondary vlans to a primary vlan.
Command Syntaxprivate-vlan PRIMARY_VLAN_ID association add SECONDARY_VLAN_ID bridge <1-32>
private-vlan PRIMARY_VLAN_ID association remove SECONDARY_VLAN_ID bridge <1-32>
no private-vlan PRIMARY_VLAN_ID association bridge <1-32>
PRIMARY_VLAN_ID VLAN ID of the primary vlanSECONDARY_VLAN_ID VLAN ID of the secondary vlan (either isolated or community)
Command ModeVLAN Configuration mode
ExampleZebOS# configure terminalZebOS(config)# vlan databaseZebOS(config-vlan)# private-vlan 2 association add 3-4 bridge 1ZebOS(config-vlan)# private-vlan 2 association remove 3-4 bridge 1ZebOS(config-vlan)# no private-vlan 2 association bridge 1
private-vlan bridgeUse this command to create community, isolated or primary vlan.
Use the no form of this command to remove the specified private vlan.
Command Syntaxprivate-vlan VLAN_ID (community | isolated | primary) bridge <1-32>
no private-vlan VLAN_ID (community | isolated | primary) bridge <1-32>
VLAN_ID VLAN ID of the vlan which is to be made a private vlan.community Community vlanisolated Isolated vlanprimary Primary vlanbridge Bridge ID
Command ModeVLAN Configuration mode
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 229
ExampleZebOS# configure terminalZebOS(config)# vlan databaseZebOS(config-vlan)# vlan 2 bridge 1 name vlan2 state enableZebOS(config-vlan)# vlan 3 bridge 1 name vlan3 state enableZebOS(config-vlan)# vlan 4 bridge 1 name vlan3 state enableZebOS(config-vlan)# private-vlan 2 primary bridge 1ZebOS(config-vlan)# private-vlan 3 isolated bridge 1ZebOS(config-vlan)# private-vlan 4 community bridge 1
switchport mode private-vlanUse this command to make a layer2 port as a host port or promiscuous port.
Use the no form of this command to remove the configuration.
Command Syntaxswitchport mode private-vlan (host | promiscuous)
no switchport mode private-vlan (host | promiscuous)
host This port type can communicate with all other host ports assigned to the same community vlan, but it cannot communicate with the ports in the same isolated vlan. All communications outside of this vlan must pass through a promiscuous port in the associated primary vlan.
promiscuous A promiscuous port can communicate with all interfaces, including the community and isolated ports within a private VLAN
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)#interface eth0ZebOS(config-if)# switchport mode private-vlan hostZebOS(config)#interface eth1ZebOS(config-if)# switchport mode private-vlan promiscuousZebOS(config)#interface eth2ZebOS(config-if)# no switchport mode private-vlan promiscuous
switchport private-vlan host-associationUse this command to associate a primary vlan and a secondary vlan to a host port. Only one primary and secondary vlan can be associated to a host port.
Use the no form of this command to remove the association.
Command Syntaxswitchport private-vlan host-association PRIMARY_VLAN_ID add SECONDARY_VLAN_ID
no switchport private-vlan host-association PRIMARY_VLAN_ID
PRIMARY_VLAN_ID VLAN ID of the primary vlan
SECONDARY_VLAN_ID VLAN ID of the secondary vlan (either isolated or community)
NSM Layer-2 Commands
230 ©2001-2007 IP Infusion Inc. Confidential
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport private-vlan host-association 2 add 3
ZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# no switchport private-vlan host-association
switchport private-vlan mappingUse this command to associate a primary vlan and a set of secondary vlans to a promiscuous port.
Use the no form of this to remove all the association of secondary vlans to primary vlans for a promiscuous port.
Command Syntaxswitchport private-vlan mapping PRIMARY_VLAN_ID add SECONDARY_VLAN_ID
switchport private-vlan mapping PRIMARY_VLAN_ID remove SECONDARY_VLAN_ID
no switchport private-vlan mapping
PRIMARY_VLAN_ID VLAN ID of the primary vlanSECONDARY_VLAN_ID VLAN ID of the secondary vlan (either isolated or community)
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport private-vlan mapping 2 add 3-4ZebOS(config-if)# switchport private-vlan mapping 2 remove 3-4ZebOS(config-if)# no switchport private-vlan mapping
show vlan private-vlan bridgeUse this command to display the private-vlan configuration and associations.
Command Syntaxshow vlan private-vlan bridge <1-32>
Command ModePrivileged Exec mode
ExampleZebOS# show vlan private-vlan bridge 1PRIMARY SECONDARY TYPE INTERFACES------- --------- ---------- ---------- 2 3 isolated
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 231
2 4 community
GMRP Commands
clear gmrp statisticsUse this command to clear GMRP statistics for a given VLAN or all the VLANs configured on the Layer-2 switch.
Command Syntaxclear gmrp statistics [all|vlan VLAN-ID] bridge <1-32>
all Clear GMRP statistics for all the VLANs.VLAN-ID = vlanid <1 to 4094> Clear GMRP statistics for the particular VLAN_ID.
DefaultThis default clearing is for all the configured VLANs
Command ModePrivileged Exec mode
ExamplesThis example shows how to clear the GMRP statistics for a given VLAN 12.
ZebOS# clear gmrp statistics vlan 12 bridge 2
This example shows to clear the GMRP statistics for all the configured VLANs on a bridge.
ZebOS# clear gmrp statistics all bridge 2
debug gmrpUse this command to put various types of data to the console. Use the no parameter to turn off a specific type of debugging. Use the all parameter to display all types on the console, or use any combination of the other parameters to display pertinent data on the console.
Command Syntax(no) debug gmrp event|cli|timer|packet|all
event use this parameter to echo events to the console.cli use this parameter to echo commands to the console.timer use this parameter to echo the time start to the console.packet use this parameter to echo packet contents to the console.all to echo all of the above data types to the console.
Command ModesConfigure mode
DefaultIf this command is not used, no debugging data is displayed on the console.
NSM Layer-2 Commands
232 ©2001-2007 IP Infusion Inc. Confidential
ExamplesThis example shows set debugging for commands and packets:
ZebOS# configure terminalZebOS(config)# debug gmrp cli
set gmrpUse this command to enable or disable GMRP globally on the default bridge. This command does not enable or disable GMRP in all ports of the bridge. After enabling GMRP globally, use the set port gmrp command to enable GMRP on individual ports of the bridge.
Command Syntaxset gmrp enable|disable
enable Enable GMRP on a Layer-2 switch.disable Disable GMRP on a Layer-2 switch
DefaultIf this command is not used, GMRP is disabled.
Command ModesConfigure mode
UsageGMRP cannot be enabled if IGMP Snooping is enabled, or if GMRP has already been configured for a particular VLAN.
ExamplesZebOS# configure terminalZebOS(config)# set gmrp enable
Related Commandsset gmrp bridge
set gmrp bridgeUse this command to enable/disable GMRP globally on a particular bridge. This command does not enable/disable GMRP in all ports of the bridge. After enabling GMRP globally, use the set port gmrp command to enable GMRP on individual ports of the bridge.
Command Syntaxset gmrp enable|disable bridge <1-32>
enable Enable GMRP on Layer-2 switch.disable Disable GMRP on Layer-2 switch<1-32> Bridge-group ID used for bridging.
DefaultIf this command is not used, GMRP is disabled.
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 233
Command ModesConfigure mode
UsageGMRP cannot be enabled if IGMP Snooping is enabled, or if GMRP has already been configured for a particular VLAN.
ExamplesTo enable GMRP on a Layer-2 switch for a particular bridge 2:
ZebOS# configure terminalZebOS(config)# set gmrp enable bridge 2GMRP is enabled for bridge 2
To enable GMRP on a Layer-2 switch on a particular bridge 3 when IGMP Snooping is enabled:
ZebOS# configure terminalZebOS(config)# set gmrp enable bridge 3Disable IGMP Snooping and then enable GMRP on bridge 3
set gmrp extended-filtering bridgeUse this command to enable or disable extended filtering on a bridge as per Table 8-7 of IEEE802.1Q-2003.
Command Syntaxset gmrp extended-filtering enable|disable bridge BRIDGE NAME <1-32>
enable Enables extended filtering services on the bridgedisable Disabled extended filtering services on the bridge<1-32> Bridge-group ID used for bridging
DefaultExtended filtering is disabled on a GMRP enabled bridge.
Command ModePrivileged Exec
ExamplesEnable extended filtering services on bridge 1
ZebOS# set gmrp extended-filtering enable bridge 1
Disable extended filtering services on bridge 1
ZebOS# set gmrp extended-filtering disable bridge 1
set gmrp fwdallUse this command to set the GMRP forward all option for an interface.
Command Syntaxset gmrp fwdall enable|disable IF_NAME
NSM Layer-2 Commands
234 ©2001-2007 IP Infusion Inc. Confidential
DefaultIf this command is not used, the default setting is GMRP disabled.
Command ModesConfigure mode
ExamplesTo enable GMRP forwarding on a Layer-2 switch for a particular interface:
IPInfusion (enable)> set gmrp fwdall enable eth1
set gmrp registrationUse this command to set GMRP registration type for all ports for a given bridge.
Command Syntaxset gmrp registration normal|fixed|forbidden PORT-NAME bridge <1-32>
normal Specify dynamic GMRP multicast registration and deregistration on the port.fixed Specify the multicast groups currently registered on the switch are applied to the port, but any
subsequent registrations or deregistrations do not affect the port. Any registered multicast groups on the port are not deregistered based on the GARP timers.
forbidden Specify that all GMRP multicasts are deregistered, and prevent any further GMRP multicast registration on the port.
PORT-NAME Defines a text string used as the name of the interface; ASCII string from 1 to 16 characters.<1-32> Bridge-group ID used for bridging.
DefaultThe default is normal registration for all the ports
Command ModesConfigure mode
UsageTo deregister a multicast port, the port must be in the normal registration mode.
ExamplesThis example shows how to set the port to normal registration:
ZebOS# set gmrp registration normal eth0 bridge 2GMRP Registration is set to normal for eth0
set gmrp timerUse this command to set the values for the GMRP Join, Leave, and Leaveall timers for a specified bridge.
Command Syntaxset gmrp timer [join |leave |leaveall] TIMER_VALUE IFNAME
join Type of timer
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 235
leave Type of timerleaveall Type of timerTIMER_VALUE Timer value in hundredths of a second.IFNAME Specify the name of the interface.
DefaultThe default is the join timer (200 milliseconds); the leave timer is 600 milliseconds (ms); and the leaveall timer is 10000 ms.
Command ModesConfigure mode
UsageThe relationship for the timer values are as following:
• Leave timer must be greater than, or equal to, three times the join timer.
• Leaveall timer must be greater than the leave timer.
ExamplesThis example shows how to set the join timers for all ports and all VLANs.
ZebOS# configure terminalZebOS(config)# set gmrp join timer 100 eth0GARP Join timer value is set to 100 centiseconds
set gmrp vlanTo enable/disable GMRP on a Layer-2 switch for a particular VLAN.
Command Syntaxset gmrp enable|disable bridge <1-32> vlan <1-4094>
enable Enable GMRP on Layer-2 switch for the specified VLAN.disable Disable GMRP on Layer-2 switch for the specified VLAN.<1-32> Bridge-group ID used for bridging.<1-4094> VLAN number on which GMRP is to be enabled.
Command ModesConfigure mode
UsageGMRP on a VLAN basis cannot be enabled if IGMP Snooping is enabled, or if GMRP is globally enabled.
ExamplesTo enable GMRP on a Layer-2 switch for a particular bridge (2) and VLAN 2:
ZebOS# configure terminalZebOS(config)# set gmrp enable bridge 2 vlan 2
To disable GMRP on a Layer-2 switch for a particular bridge (2) and VLAN 2:
NSM Layer-2 Commands
236 ©2001-2007 IP Infusion Inc. Confidential
ZebOS# configure terminalZebOS(config)# set gmrp disable bridge 2 vlan 2
set port gmrpTo enable/disable GMRP on a particular port in all VLANs or all ports in a bridge.
Command Syntaxset port gmrp enable|disable all|IFNAME
enable Enable GMRP on Layer-2 switch portdisable Disable GMRP on Layer-2 switch portall All ports added to recently configured bridgeIFNAME Specify the name of the interface.
DefaultBy default, GMRP is disabled.
Command ModesConfigure mode
UsageGMRP on a port cannot be enabled for all VLANs if GMRP has already been configured for a particular VLAN for the port.
ExamplesThis example shows how to enable GMRP on a particular port in all VLANs on a specified bridge.
ZebOS# configure terminalZebOS(config)# set port gmrp enable eth0GMRP enabled on port eth0
ZebOS# configure terminalZebOS(config)# set port gmrp enable allGMRP enabled on all ports added to recently configured bridge
set port gmrp vlanTo enable/disable GMRP on a particular port in a particular VLAN.
Command Syntaxset port gmrp enable|disable IFNAME vlan <1-4094>
enable Enable GMRP on Layer-2 switch portdisable Disable GMRP on Layer-2 switch portIFNAME Specify the name of the interface.<1-4094> VLAN number on which GMRP is to be enabled.
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 237
UsageGMRP cannot be enabled on a VLAN basis if it has been enabled for all VLANs for the port.
GMRP cannot be enabled for a port for a VLAN if GMRP is not enabled for the VLAN for the bridge.
Command ModesConfigure mode
ExamplesThis example shows how to enable GMRP on a specified port (eth0) in VLAN 2.
ZebOS# configure terminalZebOS(config)# set port gmrp enable eth0 vlan 2GMRP enabled on port eth0 and vlan 2
show gmrp configurationUse this command to display GMRP related configuration information for the default bridge.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow gmrp configuration
Command ModePrivileged Exec mode
Related Commandsshow gmrp configuration bridge
show gmrp configuration bridgeTo display GMRP related configuration information for a given bridge.
To modify the lines displayed, use the | (output modifier token) and to save the output to a file, use the > (output redirection token). For more information, see ZebOS Command Line Interface Environment.
Command Syntaxshow gmrp configuration bridge <1-32>
<1-32> Bridge-group ID used for bridging.
Command ModePrivileged Exec mode
DefaultNone.
UsageThe following is an output of this command displaying GMRP related configuration information:
NSM Layer-2 Commands
238 ©2001-2007 IP Infusion Inc. Confidential
ZebOS# show gmrp configuration bridge 2Global GMRP Configuration for bridge :2GMRP Feature: Enabled
GMRP Timers (centiseconds):Join: 20Leave: 60Leave All: 1000
Port based GMRP Configuration:GMRP Status Registration Forward All Port--------------------------------------------------Enabled Normal Disabled eth4Enabled Normal Disabled eth5
where:
• GMRP Status Status of GMRP for the particular port.
• Registration Registration status of GMRP for the particular port.
• Forward All Forward All status of GMRP for the particular port.
• Ports Ports that have GMRP Enabled or Disabled.
Examplesshow gmrp configuration bridge 3
show gmrp machineUse this command to display the state machine for GMRP, for the default bridge.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow gmrp machine
Command ModeExec and Privileged Exec modes
Related Commandsshow gmrp machine bridge
show gmrp machine bridgeUse this command to display the state machine for GMRP, for a particular bridge.
Command Syntaxshow gmrp machine bridge <1-32>
<1-32> Bridge-group ID used for bridging.
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 239
Command ModeExec and Privileged Exec modes
UsageThe following is an output of this command displaying the GMRP state machine.
ZebOS# show gmrp machine bridge 2 port = eth0 VLAN = 1 applicant state[0] = VO registrar state[0] = MT applicant state[1] = VO registrar state[1] = MT port = eth1 VLAN = 1 applicant state[0] = VO registrar state[0] = MT applicant state[1] = VO registrar state[1] = MT
ExampleZebOS# show gmrp machine bridge 2
show gmrp statistics To display the GMRP related statistics.
Command Syntaxshow gmrp statistics
Command ModesPrivileged Exec mode
ExamplesThe following is an output of this command displaying GMRP statistics.
ZebOS# show gmrp statisticsGMRP Statistics for bridge b vlan 1---------------------------------------------------Total GMRP packets Received: 0Join Empties: 0Join Ins: 0Leave Empties: 0Leave Ins: 0Empties: 0
Total GMRP packets Transmitted: 0Join Empties: 0Join Ins: 0Leave Empties: 0Leave Ins: 0Empties: 0
show gmrp timerTo display GMRP timer values on a specified interface.
NSM Layer-2 Commands
240 ©2001-2007 IP Infusion Inc. Confidential
Command Syntaxshow gmrp timer IFNAME
IFNAME Specify the name of the interface.
Command ModesPrivileged Exec mode
UsageThe following is an output of this command displaying the GMRP timer values for interface eth4.
ZebOS# show gmrp timer eth4Timer Timer Value (centiseconds)------------------------------------------Join 20Leave 60Leave All 1000
ExamplesZebOS# show gmrp timer eth0
GVRP Commands
clear gvrp statisticsUse this command to clear GVRP statistics for all VLANs or a specific VLAN.
Command Syntaxclear gvrp statistics all bridge <1-32>
clear gvrp statistics vid VLANID bridge <1-32>
<1-32> Bridge-group ID used for bridging.VLANID = <1-4094> Specify VLAN ID value.
Command ModePrivileged Exec mode
ExamplesZebOS# clear gvrp statistics vid 333 bridge 2
debug gvrpUse this command to debug GVRP events, packets, timer starts, and commands, sending output to the console.
Use the no parameter to turn off debugging.
Command Syntax(no) debug gvrp (all|event|cli|timer|packet)
all = turns on or off debugging for all levels.
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 241
event = turns on or off debugging for events. cli = turns on or off debugging for commands. timer = turns on or off debugging for timer starts. packet = turns on or off debugging for packets.
Command modeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# debug gvrp all
set gvrpUse this command to enable (set) and disable (reset) GVRP globally for the default bridge instance. This command does not enable or disable GVRP in all ports of the bridge. After enabling GVRP globally, use the set port gvrp command to enable GVRP on individual ports of the bridge.
Command Syntaxset gvrp enable|disable
enable Enable GMRP on a Layer-2 switch.disable Disable GMRP on a Layer-2 switch
Command modeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# set gvrp enableZebOS(config)# set gvrp disable
Related Commandsset gvrp bridge
set gvrp applicantUse this command to set the GVRP applicant state to normal or active.
Command Syntaxset gvrp applicant state [active|normal] IFNAME
active Active statenormal Normal stateIFNAME Name of the interface.
Command modeConfigure mode
NSM Layer-2 Commands
242 ©2001-2007 IP Infusion Inc. Confidential
ExamplesZebOS# configure terminalZebOS(config)# set gvrp applicant state active eth0
set gvrp bridgeUse this command to enable (set) and disable (reset) GVRP globally for the bridge instance. This command does not enable/disable GVRP in all ports of the bridge. After enabling GVRP globally, use the set port gvrp command to enable GVRP on individual ports of the bridge.
Command Syntaxset gvrp enable bridge <1-32>
set gvrp disable bridge <1-32>
<1-32> Bridge-group ID used for bridging.
Command modeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# set gvrp enable bridge 2
set gvrp dynamic-vlan-creationUse this command to enable or disable dynamic VLAN creation for the default bridge instance.
Command Syntaxset gvrp dynamic-vlan-creation enable|disable
enable Enables dynamic VLAN creation for the default bridge instancedisable Disables dynamic VLAN creation for the default bridge instance
Command modeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# set gvrp dynamic-vlan-creation enableZebOS(config)# set gvrp dynamic-vlan-creation disable
Related Commandsset gvrp dynamic-vlan-creation bridge
set gvrp dynamic-vlan-creation bridgeUse this command to enable and disable dynamic VLAN creation for a specific bridge instance.
Command Syntaxset gvrp dynamic-vlan-creation enable bridge <1-32>
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 243
set gvrp dynamic-vlan-creation disable bridge <1-32>
<1-32> Bridge-group ID used for bridging.
Command modeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# set gvrp dynamic-vlan-creation enable bridge 2ZebOS(config)# set gvrp dynamic-vlan-creation disable bridge 2
set gvrp registrationUse this command to set GVRP Registration to normal, fixed, and forbidden Registration mode for a given port.
Command Syntaxset gvrp registration normal IF_NAME
set gvrp registration fixed IF_NAME
set gvrp registration forbidden IF_NAME
normal Specify dynamic GVRP multicast registration and deregistration on the port.fixed Specify the multicast groups currently registered on the switch are applied to the port, but any
subsequent registrations or deregistrations do not affect the port. Any registered multicast groups on the port are not deregistered based on the GARP timers.
forbidden Specify that all GVRP multicasts are deregistered, and prevent any further GVRP multicast registration on the port.
IF_NAME The name of the interface.
Command modeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# set gvrp registration fixed eth0
set gvrp timerUse this command to set GVMRP timers for a specific interface.
Command Syntaxset gvrp timer [join|leave|leaveall] TIMER_VALUE IF_NAME
join to set the timer for joining the group. leave to set the timer for leaving a group. leaveall to set the time for leaving all groups. TIMER_VALUE = <1-65535> The timer value in hundredths of a second.IF_NAME The name of the interface.
NSM Layer-2 Commands
244 ©2001-2007 IP Infusion Inc. Confidential
Command modeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# set gvrp timer leave 245 eth0
set port gvrpUse this command to enable and disable GVRP on a port or all ports in a bridge.
Command Syntaxset port gvrp enable all|IFNAME
set port gvrp disable all|IFNAME
all All ports added to recently configured bridge.IFNAME The name of the interface.
Command modeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# set port gvrp enable eth0
ZebOS# configure terminalZebOS(config)# set port gvrp enable all
show gvrp configuration bridgeUse this command to display GVRP configuration bridge data for a specified bridge instance.
Command Syntaxshow gvrp configuration (bridge <1-32>)
<1-32> Bridge-group ID used for bridging.
Command modeExec and Privileged Exec mode
UsageThe following is an output of this command displaying the GVRP configuration for bridge b.
ZebOS# show gvrp configuration bridge 3Global GVRP Configuration for bridge 3:GVRP Feature: EnabledDynamic Vlan Creation: DisabledPort based GVRP Configuration:
Timers(centiseconds)
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 245
Port GVRP Status Registration Applicant Join Leave LeaveAll--------------------------------------------------------------------------------eth4 Enabled Normal Normal 20 60 1000
eth5 Enabled Normal Normal 200 600 10000
ExampleZebOS# show gvrp configuration bridge 2
show gvrp machine bridgeUse this command to display the state machine for GVRP.
Command Syntaxshow gvrp machine bridge <1-32>
<1-32> Bridge-group ID used for bridging.
Command ModeExec and Privileged Exec modes
UsageThe following is an output of this command displaying the GVRP state machine.
ZebOS# show gvrp machine bridge 2 port = eth5 applicant state = QA registrar state = INN port = eth4 applicant state = QA registrar state = INN
ExampleZebOS# show gvrp machine bridge 2
show gvrp statistics Use this command to display a statistical summary for a bridge.
Command Syntaxshow gvrp statistics IFNAME
IFNAME Name of the port.
Command modeExec and Privileged Exec mode
UsageThe following is an output of this command displaying a statistical summary for bridge 2.
ZebOS# show gvrp statisticsBridge: b
Port JoinEmpty JoinIn LeaveEmpty LeaveIn Empty-------------------------------------------------------------------------------
NSM Layer-2 Commands
246 ©2001-2007 IP Infusion Inc. Confidential
eth5 RX 0 2 0 0 0 TX 0 0 0 0 0eth4 RX 0 1 0 0 1 TX 0 0 0 0 0
ExampleZebOS# show gvrp statistics eth0
show gvrp timerUse this command to display data for the timers.
Command Syntaxshow gvrp timer IF_NAME
Command modeExec and Privileged Exec mode
UsageThe following show output displays data for timer on interface eth4.
ZebOS# show gvrp timer eth4Timer Timer Value (centiseconds)------------------------------------------Join 20Leave 60Leave All 1000
MMRP CommandsThis section lists the Multiple Multicast Registration Protocol (MMRP) commands for managing bridges. MMRP provides a mechanism to allow end stations and Media Access Control (MAC) bridges to dynamically register or deregister Group membership and individual MAC address information with bridges attached to the same LAN. The operation of MMRP relies upon services provided by the Multiple Registration Protocol (MRP).
clear mmrp statisticsUse this command to clear MMRP statistics information for all interfaces on a bridge.
Command Syntaxclear mmrp statistics all bridge BRIDGE_NAME
BRIDGE_NAME Name of the bridge in the range of <1-32>
Command ModeExec mode
UsageThis command is used to clear all MMRP statistics information on a specified bridge.
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 247
ExamplesZebOS# configure terminalZebOS(config)# clear mmrp statistics all bridge 2
clear mmrp statistics vlanidUse this command to clear MMRP statistics information on a specific VLAN on a bridge.
Command Syntaxclear mmrp statistics vlanid [1-4094] bridge [1-32]
vlanid ID of the VLAN in the range of <1-1094> bridge Name of the bridge in the range of <1-32>
Command ModeExec mode
UsageThis command is used to clear MMRP statistics information on a selected VLAN on a specific bridge.
ExamplesZebOS# configure terminalZebOS(config)# clear mmrp statistics vlanid 2 bridge 2
set mmrpUse this command to enable or disable MMRP globally on the default bridge. This command does not enable or disable MMRP in all ports of the bridge. After enabling MMRP globally, use the set port mmrp command to enable MMRP on individual ports of the bridge.
Command Syntaxset mmrp enable|disable
enable Enable MMRP on a Layer-2 switch.disable Disable MMRP on a Layer-2 switch
DefaultIf this command is not used, MMRP is disabled.
Command ModesConfigure mode
UsageMMRP cannot be enabled if IGMP Snooping is enabled, or if MMRP has already been configured for a particular VLAN.
ExamplesZebOS# configure terminalZebOS(config)# set mmrp enable
NSM Layer-2 Commands
248 ©2001-2007 IP Infusion Inc. Confidential
Related Commandsset mmrp bridge
set mmrp bridgeUse this command to enable or disable MMRP globally on a particular bridge. This command does not enable or disable MMRP in all ports of the bridge. After enabling MMRP globally, use the set port mmrp command to enable MMRP on individual ports of the bridge.
Command Syntaxset mmrp enable|disable bridge <1-32>
enable Enable MMRP on Layer-2 switch.disable Disable MMRP on Layer-2 switch<1-32> Bridge-group ID used for bridging.
DefaultIf this command is not used, MMRP is disabled.
Command ModesConfigure mode
UsageMMRP cannot be enabled if IGMP Snooping is enabled, or if MMRP has already been configured for a particular VLAN.
ExamplesTo enable MMRP on a Layer-2 switch for a particular bridge 2:
ZebOS# configure terminalZebOS(config)# set mmrp enable bridge 2MMRP is enabled for bridge 2
To enable MMRP on a Layer-2 switch on a particular bridge 3 when IGMP Snooping is enabled:
ZebOS# configure terminalZebOS(config)# set mmrp enable bridge 3Disable IGMP Snooping and then enable MMRP on bridge 3
set mmrp disable bridgeUse this command to disable MMRP on an MMRP-enabled bridge.
Command Syntax set mmrp disable bridge BRIDGE_NAME
BRIDGE_NAME An integer in the range of <1 - 32>
DefaultThis setting is disabled by default.
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 249
Command ModeConfigure mode
UsageUsing this command disables MMRP on a specific bridge that was previously MMRP-enabled.
ExampleZebOS# configure terminalZebOS(config)# set mmrp disable bridge 1
Related Commandsset mmrp disable bridge vlan
set port mmrp disable
set mmrp disable bridge vlanUse this command to disable MMRP on a bridge for a specified instance.
Command Syntaxset mmrp disable bridge BRIDGE_NAME vlan VLANID
BRIDGE_NAME Name of the bridge in the range of <1-32>VLANID ID of the VLAN in the range of <1-4094>
DefaultDisabled by default
Command ModeConfiguration mode
UsageThis command disables MMRP on a selected VLAN ID on a specific MMRP-enabled bridge
ZebOS# configure terminalZebOS(config)# set mmrp disable bridge 1 vlan 3
Related Commandsset port mmrp disable vlan
set mmrp enable bridgeUse this command to enable MMRP on a bridge.
Command Syntax set mmrp enable bridge BRIDGE_NAME
BRIDGE_NAME An integer in the range of <1 - 32>
NSM Layer-2 Commands
250 ©2001-2007 IP Infusion Inc. Confidential
DefaultThis setting is disabled by default.
Command ModeConfigure mode
UsageUsing this command enables MMRP on a specific bridge.
ExamplesZebOS# configure terminalZebOS(config)# set mmrp enable bridge 1
Related Commandsset mmrp enable bridge vlan
set port mmrp enable
set mmrp enable bridge vlanUse this command to enable MMRP on a bridge for a specific VLAN instance.
Command Syntaxset mmrp enable bridge BRIDGE_NAME vlan VLANID
BRIDGE_NAME An integer in the range of <1 - 32>VLANID An integer in the range of <1- 4094>
DefaultThis setting is disabled by default.
Command ModeConfigure Mode
UsageThis command is used to enable MMRP on a specific VLAN on a chosen bridge.
ExampleZebOS# configure terminalZebOS(config)# set mmrp enable bridge 1 vlan 3
Related Commandsset port mmrp enable vlan
set mmrp extended-filteringUse this command to enable or disable extended filtering on the default bridge as per Table 8-7 of IEEE802.1Q-2003.
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 251
Command Syntaxset mmrp extended-filtering enable|disable
enable Enables extended filtering services on the bridgedisable Disables extended filtering services on the bridge
DefaultExtended filtering is disabled on an MMRP enabled bridge.
Command ModePrivileged Exec
Related Commandsset mmrp extended-filtering bridge
set mmrp extended-filtering disable bridgeUse this command to disable MMRP extended filtering on a bridge.
Command Syntaxset mmrp extended-filtering disable bridge BRIDGE_NAME
BRIDGE_NAME An integer in the range of <1 - 32>
DefaultExtended filtering is disabled by default.
Command ModeConfigure mode
UsageUsing this command disables extended filtering on a selected MMRP-enabled bridge.
ExamplesZebOS# configure terminalZebOS(config)# set mmrp extended-filtering disable bridge 2
set mmrp extended-filtering enable bridgeUse this command to enable extended filtering on an MMRP-enabled bridge.
Command Syntaxset mmrp extended-filtering enable bridge BRIDGE_NAME
BRIDGE_NAME An integer in the range of <1 - 32>
DefaultExtended filtering is disabled by default.
NSM Layer-2 Commands
252 ©2001-2007 IP Infusion Inc. Confidential
Command ModeConfigure mode
UsageUsing this command enables extended filtering on a chosen bridge.
ExamplesZebOS# configure terminalZebOS(config)# set mmrp extended-filtering enable bridge 2
set mmrp fwdall disableUse this command to disable the forwardall configuration on a port.
Command Syntaxset mmrp fwdall disable IF_NAME
IF_NAME Name of the interface
DefaultThe forwardall configuration is disabled by default.
Command ModeConfiguration mode
UsageThis command is used to disable the forwardall configuration on a port.
ExamplesZebOS# configure terminalZebOS(config)# set mmrp fwdall disable eth1
set mmrp fwdall enableUse this command to enable the forwardall configuration on a port.
Command Syntax set mmrp fwdall enable IF_NAME
IF_NAME Name of the interface
DefaultThe forwardall configuration is disabled by default.
Command ModeConfiguration mode
UsageThis command is used to enable the forwardall configuration on a port.
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 253
ExamplesZebOS# configure terminalZebOS(config)# set mmrp fwdall enable eth1
set mmrp timer joinUse this command to set the join timer value on an interface.
Command Syntax set mmrp timer join TIMER_VALUE|IF_NAME
TIMER_VALUE An integer in the range of <0-4294967295> representing milliseconds IF_NAME An interface name
DefaultThe default value of the MMRP join timer is 200 milliseconds.
Command ModeConfigure mode
UsageUsing this command sets the join timer value for a specific interface.
ExamplesZebOS# configure terminalZebOS(config)# set mmrp timer join 300 eth1
set mmrp timer leaveallUse this command to set the leaveall timer value on an interface.
Command Syntax set mmrp timer leaveall [TIMER_VALUE|IF_NAME]
TIMER_VALUE An integer in the range <0-4294967295> representing milliseconds IF_NAME The name of an interface
DefaultThe default value of the leaveall timer is 10000 milliseconds.
Command ModeConfigure mode
UsageUsing this command sets the leaveall timer value on a specific interface.
ExamplesZebOS# configure terminalZebOS(config)# set mmrp timer leaveall 20000 eth1
NSM Layer-2 Commands
254 ©2001-2007 IP Infusion Inc. Confidential
set mmrp pointtopoint enableUse this command to enable point-to-point behavior on an MMRP-enabled bridge.
Command Syntaxset mmrp pointtopoint enable BRIDGE
BRIDGE_NAME An integer in the range of <1 - 32>
DefaultPoint-to-point behavior is disabled by default.
Command ModeConfigure mode
UsageUsing this command enables point-to-point behavior on an MMRP-enabled bridge.
ExamplesZebOS# configure terminalZebOS(config)# set mmrp pointtopoint enable bridge 2
set mmrp registration fixedUse this command to set the MMRP registration mode to fixed.
Command Syntaxset mmrp registration fixed IF_NAME
IF_NAME The interface name
DefaultThe default MMRP registration mode is Normal.
Command ModeConfigure mode
UsageThis command is used to set the MMRP registration mode to fixed.
ExamplesZebOS# configure terminalZebOS(config)# set mmrp registration fixed eth1
set mmrp registration forbiddenUse this command to set the MMRP registration mode to forbidden.
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 255
Command Syntaxset mmrp registration forbidden IF_NAME
IF_NAME The interface name
DefaultThe default MMRP registration mode is normal.
Command ModeConfigure mode
UsageUsing this command sets the MMRP management registration mode to forbidden.
ExamplesZebOS# configure terminalZebOS(config)# set mmrp registration forbidden eth1
set mmrp registration normalUse this command to set the MMRP registration mode to normal.
Command Syntaxset mmrp registration normal IF_NAME
IF_NAME The interface name
DefaultThe default MMRP registration mode is normal.
Command ModeConfigure mode
UsageThis command is used to set the MMRP management registration mode to normal.
ExamplesZebOS# configure terminalZebOS(config)# set mmrp registration normal eth1
set port mmrp disableUse this command to disable MMRP on a selected port, or on all ports on a bridge.
Command Syntaxset port mmrp disable IF_NAME|all
IF_NAME The interface name of the portall All interfaces on the bridge
NSM Layer-2 Commands
256 ©2001-2007 IP Infusion Inc. Confidential
DefaultThis setting is disabled by default.
Command ModeConfigure mode
UsageThis command is used to disable MMRP on a selected interface or on all interfaces on a bridge.
ExamplesTo disable MMRP on a selected interface on a bridge, use this command structure:
ZebOS# configure terminalZebOS(config)# set port mmrp disable eth1
To disable MMRP on all interfaces on a bridge, use this command structure:
ZebOS# configure terminalZebOS(config)# set port mmrp disable all
Related Commandsset port mmrp disable vlan
set port mmrp disable vlanUse this command to disable MMRP on a particular VLAN on a port.
Command Syntaxset port mmrp disable IF_NAME vlan VLANID
IF_NAME The interface name of the portVLANID An integer in the range of <1 - 4094> that identifies the VLAN
DefaultThis setting is disabled by default.
Command ModeConfigure mode
UsageThis command is used to disable MMRP on a selected VLAN on a specific interface.
ExamplesZebOS# configure terminalZebOS(config)# set port mmrp disable eth1 vlan 4
Related Commandsset port mmrp disable
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 257
set port mmrp enableUse this command to enable MMRP on a selected port, or on all ports on a bridge.
Command Syntaxset port mmrp enable IF_NAME|all
IF_NAME The interface name of the portall All interfaces on the bridge
DefaultThis setting is disabled by default.
Command ModeConfigure mode
Usage.This command lets you enable MMRP on a selected interface on a bridge or on all interfaces on a bridge
ExamplesTo enable MMRP in a selected interface on a bridge, use this command structure:
ZebOS# configure terminalZebOS(config)# set port mmrp enable eth1
To enable MMRP in all interfaces on a bridge, use this command structure:
ZebOS# configure terminalZebOS(config)# set port mmrp enable all
set port mmrp enable vlanUse this command to enable MMRP on a particular VLAN on a port.
Command Syntaxset port mmrp enable IF_NAME vlan VLANID
IF_NAME The interface name of the portVLANID An integer in the range of <1 - 4094> that identifies the VLAN
DefaultThis setting is disabled by default.
Command ModeConfigure mode
UsageUsing this command enables MMRP functionality on a selected VLAN on a specific port.
ExamplesZebOS# configure terminal
NSM Layer-2 Commands
258 ©2001-2007 IP Infusion Inc. Confidential
ZebOS(config)# set port mmrp enable eth1 vlan 4
Related Commandsset port mmrp enable
show mmrp configurationUse this command to display MMRP related configuration information for the default bridge.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mmrp configuration
Command ModePrivileged Exec mode
Related Commandsshow mmrp configuration bridge
show mmrp configuration bridgeUse this command to display the MMRP configuration for an MMRP-enabled bridge.
Command Syntaxshow mmrp configuration bridge BRIDGE_NAME
BRIDGE_NAME An integer in the range of <1 - 32>
Command ModeExec mode
UsageThe following sample output from this command displays MMRP-related configuration information for bridge 2.
ZebOS# show mmrp configuration bridge 2Global MMRP Configuration for bridge :2MMRP Feature: EnabledPort based MMRP Configuration:Timers(centiseconds)Port MMRP Status Registration Forward All Join Leave LeaveAll---------------------------------------------------------------------------------------eth2 Enabled Normal Disabled 20 60 1000
ExamplesZebOS# configure terminalZebOS(config)# show mmrp configuration bridge 2
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 259
show mmrp machineUse this command to display the state machine for MMRP, for the default bridge.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mmrp machine
Command ModeExec and Privileged Exec modes
Related Commandsshow mmrp machine bridge
show mmrp machine bridgeUse this command to display the MMRP machine state on a bridge.
Command Syntaxshow mmrp machine bridge BRIDGE_NAME
BRIDGE_NAME An integer in the range of <1 - 32>
Command ModeExec mode
UsageThe following sample output from this command displays the MMRP state machine information.
ZebOS#show mmrp machine bridge 1 port = eth 2 VLAN = 1 applicant state[0] = LO registrar state[0] = MT applicant state[1] = LO registrar state[1] = MT
ExamplesZebOS# configure terminalZebOS(config)# show mmrp machine bridge 2
show mmrp statistics vlanid bridgeUse this command to display MMRP statistics for a specific VLAN bridge.
Command Syntaxshow mmrp statistics vlanid [1-4094] bridge [1-32]
<1-4094> An integer within this range used to identify a VLAN<1-32> An integer within this range used to identify a bridge
Command ModeExec mode
NSM Layer-2 Commands
260 ©2001-2007 IP Infusion Inc. Confidential
UsageThe following sample output from this command displays the MMRP statistics for bridge 1 and VLAN 1.
ZebOS#show mmrp statistics vlanid 1 bridge 1MMRP Statistics for bridge 1 vlan 1---------------------------------------------Total MMRP packets Received: 0Leave alls: 0Join Empties: 0Join Ins: 0New Empties: 0New Ins: 0Empties: 0
Total MMRP packets Transmitted: 0Leave alls: 0Join Empties: 0Join Ins: 0New Empties: 0New Ins: 0Empties: 0
ExamplesZebOS# configure terminalZebOS(config)# show mmrp statistics vlanid 2 bridge 2
show mmrp timerUse this command to display MMRP timer values associated with an interface.
Command Syntaxshow mmrp timer IF_NAME
IF_NAME The interface name
Command ModeConfigure mode
UsageThe following sample output from this command displays all MMRP timer values associated with the interface eth2.
ZebOS#show mmrp timer eth2Timer Timer Value (centiseconds)------------------------------------------Join 20Leave 60Leave All 1000
ExamplesZebOS# configure terminalZebOS(config)# show mmrp timer eth2
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 261
MVRP CommandsThis section contains the Multiple VLAN Registration Protocol (MVRP) commands. MVRP uses the Multiple Registration Protocol (MRP) attribute declaration and propagation features to dynamically establish and update VLAN information, for example, which VLAN has active members and through which ports can those members be reached.
clear mvrp statisticsUse this command to clear the MVRP statistics for an interface.
Command Syntaxclear mvrp statistics IF_NAME
IF_NAME The name of the interface
Default This functionality is disabled by default.
Command ModeExec mode
UsageUsing this command clears all MVRP statistics for a specific interface.
ExamplesZebOS# configure terminalZebOS(config)# clear mvrp statistics eth1
clear mvrp statistics allUse this command to clear the MVRP statistics on all interfaces on an MVRP-enabled bridge.
Command Syntaxclear mvrp statistics all
Default
This functionality is disabled by default.
Command ModeExec mode
UsageUsing this command clears the MVRP statistics for all interfaces on an MVRP-enabled bridge.
ExamplesZebOS# configure terminalZebOS(config)# clear mvrp statistics all
NSM Layer-2 Commands
262 ©2001-2007 IP Infusion Inc. Confidential
clear mvrp statistics bridgeUse this command to clear the MVRP statistics for a bridge.
Command Syntaxclear mvrp statistics bridge BRIDGE_NAME
BRIDGE_NAME An integer in the range of <1 – 32>
DefaultThis functionality is disabled by default.
Command ModeExec mode
UsageUsing this command clears MVRP statistics on a specific MVRP-enabled bridge.
ExamplesZebOS# configure terminalZebOS(config)# clear mvrp statistics bridge 2
set mvrpUse this command to enable (set) and disable (reset) MVRP globally for the default bridge instance. This command does not enable or disable MVRP in all ports of the bridge. After enabling MVRP globally, use the set port mvrp command to enable MMRP on individual ports of the bridge.
Command Syntaxset mvrp enable|disable
enable Enable MVRP on a Layer-2 switch.disable Disable MVRP on a Layer-2 switch
Command modeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# set gvrp enableZebOS(config)# set gvrp disable
Related Commandsset mvrp bridge
set mvrp applicant state activeUse this command to set the MVRP applicant state to active.
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 263
Command Syntaxset mvrp applicant state active IF_NAME
IF_NAME The name of the interface
DefaultThe default MVRP applicant state is normal.
Command ModeConfigure mode
Usage Using this command sets the MVRP applicant state to active.
ExamplesZebOS# configure terminalZebOS(config)# set mvrp applicant state active eth1
set mvrp applicant state normalUse this command to set the MVRP applicant state to normal.
Command Syntaxset mvrp applicant state normal IF_NAME
IF_NAME The name of the interface
DefaultThe default MVRP applicant state is normal.
Command ModeConfigure mode
UsageUsing this command sets the MVRP applicant state to normal.
ExamplesZebOS# configure terminalZebOS(config)# set mvrp applicant state normal eth1
set mvrp disable bridgeUse this command to disable MVRP functionality on a bridge.
Command Syntaxset mvrp disable bridge BRIDGE_NAME
BRIDGE_NAME An integer in the range of <1 - 32>
NSM Layer-2 Commands
264 ©2001-2007 IP Infusion Inc. Confidential
DefaultThis setting is disabled by default.
Command ModeConfigure mode
UsageUsing this command disables MVRP on a specific bridge.
ExamplesZebOS# configure terminalZebOS(config)# set mvrp disable bridge 1
set mvrp dynamic-vlan-creationUse this command to enable or disable dynamic VLAN creation for the default bridge instance.
Command Syntaxset mvrp dynamic-vlan-creation enable|disable
enable Enables dynamic VLAN creation for the default bridge instancedisable Disables dynamic VLAN creation for the default bridge instance
Command modeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# set mvrp dynamic-vlan-creation enableZebOS(config)# set mvrp dynamic-vlan-creation disable
Related Commandsset mvrp dynamic-vlan-creation bridge
set mvrp dynamic-vlan-creation disable bridgeUse this command to disable dynamic VLAN creation on an MVRP-enabled bridge.
Command Syntaxset mvrp dynamic-vlan-creation disable bridge BRIDGE_NAME
BRIDGE_NAME An integer in the range of <1 - 32>
DefaultThis setting is disabled by default.
Command ModeConfigure mode
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 265
UsageUsing this command disables dynamic VLAN creation on a specific MVRP-enabled bridge.
ExamplesZebOS# configure terminalZebOS(config)# set mvrp dynamic-vlan-creation disable bridge 1
set mvrp dynamic-vlan-creation enable bridgeUse this command to enable dynamic VLAN creation on an MVRP-enabled bridge.
Command Syntaxset mvrp dynamic-vlan-creation enable bridge BRIDGE_NAME
BRIDGE_NAME An integer in the range of <1 - 32>
DefaultThis setting is disabled by default.
Command ModeConfigure mode
UsageUsing this command enables dynamic VLAN creation on a specific MVRP-enabled bridge.
ExamplesZebOS# configure terminalZebOS(config)# set mvrp dynamic-vlan-creation enable bridge 1
set mvrp enable bridgeUse this command to enable MVRP functionality on a bridge.
Command Syntaxset mvrp enable bridge BRIDGE_NAME
BRIDGE_NAME An integer in the range of <1 - 32>
DefaultThis setting is disabled by default.
Command ModeConfigure mode
UsageUsing this command enables MVRP functionality on a specific bridge.
ExamplesZebOS# configure terminal
NSM Layer-2 Commands
266 ©2001-2007 IP Infusion Inc. Confidential
ZebOS(config)# set mvrp enable bridge 1
set mvrp timer joinUse this command to set the MVRP join timer value for a selected interface.
Command Syntaxset mvrp timer join TIMER_VALUE|IF_NAME
TIMER_VALUE An integer in the range <0-4294967295> representing millisecondsIF_NAME The name of the interface
DefaultThe default join timer value is 200 milliseconds.
Command ModeConfigure mode
UsageUsing this command sets the MVRP join timer value for a specific interface.
ExamplesZebOS# configure terminalZebOS(config)# set mvrp timer join 300 eth1
set mvrp timer leaveUse this command to set the MVRP leave timer value on an interface.
Command Syntaxset mvrp timer leave TIMER_VALUE|IF_NAME
TIMER_VALUE An integer in the range of <0-4294967295> representing millisecondsIF_NAME The name of the interface
DefaultThe default MVRP leave timer value is 200 milliseconds.
Command ModeConfigure mode
UsageUsing this command sets the MVRP leave timer value for a specific interface.
ExamplesZebOS# configure terminalZebOS(config)# set mvrp timer leave 300 eth1
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 267
set mvrp timer leaveallUse this command to set the MVRP leaveall timer value on an interface.
Command Syntaxset mvrp timer leaveall TIMER_VALUE|IF_NAME
TIMER_VALUE An integer in the range <0-4294967295> representing millisecondsIF_NAME An interface name
DefaultThe default MVRP leaveall timer value is 10000 milliseconds.
Command ModeConfigure mode
UsageUsing this command sets the MVRP leaveall timer value for an interface.
ExamplesZebOS# configure terminalZebOS(config)# set mvrp timer leaveall 20000 eth1
set mvrp pointtopoint enableUse this command to enable point-to-point behavior on a bridge.
Command Syntaxset mvrp pointtopoint enable BRIDGE_NAME
BRIDGE_NAME An integer in the range of <1 - 32>.
DefaultPoint-to-point operation is disabled by default.
Command ModeConfigure Mode
UsageUsing this command enables point-to-point operation on a specific MVRP-enabled bridge.
Examples ZebOS# configure terminalZebOS(config)# set mvrp pointtopoint enable bridge 2
set mvrp registration fixedUse this command to set the MVRP registration mode to fixed.
NSM Layer-2 Commands
268 ©2001-2007 IP Infusion Inc. Confidential
Command Syntaxset mvrp registration fixed IF_NAME
IF_NAME The name of the interface
DefaultThe default MVRP registration mode is normal.
Command ModeConfigure mode
UsageUsing this command sets the MVRP management registration mode to fixed.
ExamplesZebOS# configure terminalZebOS(config)# set mvrp registration fixed eth1
set mvrp registration forbiddenUse this command to set the MVRP registration mode to forbidden.
Command Syntaxset mvrp registration forbidden IF_NAME
IF_NAME The name of the interface.
DefaultThe default MVRP registration mode is normal.
Command ModeConfigure mode
UsageUsing this command sets the MVRP management registration mode to forbidden.
ExamplesZebOS# configure terminalZebOS(config)# set mvrp registration forbidden eth1
set mvrp registration normalUse this command to set the MVRP registration mode to normal.
Command Syntaxset mvrp registration normal IF_NAME
IF_NAME An interface name
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 269
DefaultThe default MVRP registration mode is normal.
Command ModeConfigure mode
UsageUsing this command sets the MVRP management registration mode to normal.
ExamplesZebOS# configure terminalZebOS(config)# set mvrp registration normal eth1
set port mvrp disableUse this command to disable MVRP on a selected port or on all ports on a bridge.
Command Syntaxset port mvrp enable IF_NAME|all
IF_NAME An interface nameall All interfaces on the bridge
DefaultThis setting is disabled by default.
Command ModeConfigure mode
UsageUsing this command disables MVRP on a selected port, or on all ports on a bridge.
ExamplesTo disable MVRP on a selected interface on a bridge, use this command structure:
ZebOS# configure terminalZebOS(config)# set port mvrp disable eth1
To disable MVRP on all interfaces on a bridge, use this command structure:
ZebOS# configure terminalZebOS(config)# set port mvrp disable all
Related Commandsset port mvrp disable vlan
set port mvrp enableUse this command to enable MVRP on a port.
NSM Layer-2 Commands
270 ©2001-2007 IP Infusion Inc. Confidential
Command Syntaxset port mvrp enable IF_NAME|all
IF_NAME The name of the interfaceall All interfaces on a bridge
DefaultThis setting is disabled by default.
Command ModeConfigure mode
UsageUsing this command enables MVRP on a specific interface, or on all interfaces on an MVRP-enabled bridge.
ExamplesTo enable MVRP on a selected interface, use this command structure:
ZebOS# configure terminalZebOS(config)# set port mvrp enable eth1
To enable MVRP on all interfaces, use this command structure:
ZebOS# configure terminalZebOS(config)# set port mvrp enable all
Related Commandsset port mvrp enable vlan
show mvrp configurationUse this command to display the MVRP configurations for a bridge.
Command Syntax show mvrp configuration bridge BRIDGE_NAME
BRIDGE_NAME An integer in the range of <1 – 32>
Command Mode Exec mode
Usage The following is sample output from this command displaying all the MVRP configurations on the MVRP-enabled bridge 1.
ZebOS#show mvrp configuration bridge 1 Global MVRP Configuration for bridge 1:Dynamic Vlan Creation: Enabled Port based MVRP Configuration:
Timers(centiseconds)Port MVRP Status Registration Applicant Join Leave LeaveAll---------------------------------------------------------------------------------------
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 271
eth2 Enabled Normal Normal 20 60 1000
Examples ZebOS# configure terminalZebOS(config)# show mvrp configuration bridge 2
show mvrp configuration allUse this command to display the MVRP configurations of all MVRP-enabled bridges.
Command Syntax show mvrp configuration all
Command ModeExec mode
UsageThe following sample output from this command displays MVRP configurations for all MVRP-enabled bridges.
ZebOS#show mvrp configurationGlobal MVRP Configuration for bridge 1:Dynamic Vlan Creation: EnabledPort based MVRP Configuration:
Timers(centiseconds)Port MVRP Status Registration Applicant Join Leave LeaveAll---------------------------------------------------------------------------------------eth2 Enabled Normal Normal 20 60 1000eth1 Enabled Normal Normal 20 60 1000
ExamplesZebOS# configure terminalZebOS(config)# show mvrp configuration all
show mvrp interface statisticsUse this command to display MVRP statistics for an interface.
Command Syntaxshow mvrp interface statistics IF_NAME
IF_NAME The name of the interface
Command ModeExec mode
UsageThe following sample output from this command displays the MVRP statistics for a specific interface.
ZebOS#show mvrp statistics eth2Bridge: 1
NSM Layer-2 Commands
272 ©2001-2007 IP Infusion Inc. Confidential
Port JoinEmpty JoinIn LeaveEmpty LeaveIn Empty NewIn NewEmpty---------------------------------------------------------------------------------------eth2 RX 0 0 0 0 0 0 0 TX 0 0 0 0 12 0 0
ExamplesZebOS# configure terminalZebOS(config)# show mvrp statistics eth1
show mvrp machine bridgeUse this command to display the MVRP machine state on a specific bridge.
Command Syntaxshow mvrp machine bridge BRIDGE_NAME
BRIDGE_NAME An integer in the range of <1 - 32>
Command ModeExec mode
UsageThe following sample output from this command displays the MVRP machine state on an MVRP-enabled bridge.
ZebOS#show mvrp machine bridge 1port = eth2 applicant state[0] = VO registrar state[0] = IN
ExamplesZebOS# configure terminalZebOS(config)# show mvrp machine bridge 2
show mvrp statisticsUse this command to display MVRP statistics for a bridge.
Command Syntax show mvrp statistics
Command Mode Exec mode
Usage The following sample output from this command displays all MVRP statistics for an MVRP-enabled bridge.
ZebOS#show mvrp statisticsBridge: 1
Port JoinEmpty JoinIn LeaveEmpty LeaveIn Empty NewIn NewEmpty------------------------------------------------------------------------------eth2 RX 0 0 0 0 0 0 TX 0 0 0 4 0 0
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 273
eth1 RX 0 0 0 0 0 0 TX 0 0 0 0 0 0
ExamplesZebOS# configure terminalZebOS(config)# show mvrp statistics
show mvrp timerUse this command to display MVRP timer values associated with a specific interface.
Command Syntax show mvrp timer IF_NAME
IF_NAME The name of the interface
Command Mode Configure mode
Usage The following sample output from this command displays all MVRP timer values associated with a specific interface.
ZebOS#show mvrp timer eth2Timer Timer Value (centiseconds)------------------------------------------Join 20Leave 60Leave All 1000
Examples ZebOS# configure terminalZebOS(config)# show mvrp timer eth2
Provider Bridging CommandsProvider bridging lets a provider organization provide Ethernet Virtual Circuit (EVC) services to the customer. The EVC is recognized by the Service Provider VLAN. The packets through the provider network are doubly tagged with inner (CVLAN) and outer (SVLAN) tags. The CVLAN tag is the customer network VLAN ID. The SVLAN tag is the provider network VLAN ID.
bridge protocol provider-mstpUse this command to create a provider multiple spanning-tree protocol (MSTP) bridge of a specified parameter.
Use the no parameter with this command to unmap the VLANs from a particular instance, and associate them back to the default instance of 0.
Command Syntaxbridge <1-32> protocol provider-mstp
no bridge <1-32>
NSM Layer-2 Commands
274 ©2001-2007 IP Infusion Inc. Confidential
<1-32> Bridge-group ID used for bridging
Command ModeConfigure mode
UsageThe MSTP bridges can have different spanning-tree topologies for different VLANs inside a region of similar MSTP bridges. The multiple spanning tree protocol, like the rapid spanning tree protocol, provides rapid reconfiguration capability, while providing load-balancing ability.
Using this command creates an instance of the spanning tree, and associates the VLANs specified with that instance.
A bridge created by the above command forms its own separate region, unless it is added explicitly to a region by using the region name command.
ExampleZebOS# configure terminalZebOS(config)# bridge 2 protocol provider-mstp
bridge protocol provider-rstpUse this command to add an IEEE 802.1D-2004 Rapid Spanning Tree Protocol (RSTP) bridge.
Command Syntaxbridge <1-32> protocol provider-rstp
<1-32> Bridge-group ID used for bridging
Command ModeConfigure mode
UsageAfter creating a bridge instance, add interfaces to the bridge using the bridge-group command. Bring the bridge instance into operation with the no shutdown command in interface mode.
ExampleZebOS# configure terminalZebOS(config)# bridge 2 protocol provider-rstp
cvlan registration tableUse this command to create a customer VLAN (CVLAN) registration table that will have the mapping between CVLANs and service provider VLANs (SVLANs).
Use the no parameter with this command to delete the CVLAN registration table.
Command Syntaxcvlan registration table WORD
cvlan registration table WORD bridge <1-32>
no cvlan registration table WORD
no cvlan registration table WORD bridge <1-32>
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 275
WORD Name of the CVLAN registration table<1-32> ID of the bridge-group on which the VLAN will be affected
Command ModeConfigure mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport provider-network allowed vlan add 2
cvlan svlanUse this command to create a mapping between the CVLAN and SVLAN.
Use the no parameter with this command to delete the mapping.
Command Syntaxcvlan VLAN_ID svlan VLAN_ID
no cvlan VLAN_ID
no svlan VLAN_ID
CVLAN_ID <1-4094> CVLAN IDSVLAN_ID <1-4094> SVLAN ID to which the CVLAN will be mapped
Command ModeConfigure mode
ExampleZebOS# configure terminalZebOS(config)# cvlan registration table customer1ZebOS(config-cvlan-registration)# cvlan 2 svlan 3ZebOS(config-cvlan-registration)# cvlan 3 svlan 3
l2-protocolUse this command to configure the protocol handling on a customer edge/customer network port.
Command Syntaxl2-protocol PROTOCOL tunnel|discard
PROTOCOL Protocol for the action specified.stp Spanning-tree Protocol (STP)gmrp GARP Multicast Address Registration Protocol (GMRP)gvrp GARP VLAN Registration Protocol (GVRP)mvrp Multiple VLAN Registration Protocol (MVRP)mmrp Mobile Mesh Routing Protocol (MMRP)
tunnel Tunnel the specified protocol on the interface.discard Discard the specified protocol packets on the interface.
NSM Layer-2 Commands
276 ©2001-2007 IP Infusion Inc. Confidential
DefaultThe default action is to tunnel.
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth1ZebOS(config-if)# l2-protocol stp tunnel
switchport allowed vlanUse this command to set the switching characteristics of the Layer-2 interface to the provider-network. The all parameter indicates that any VLAN ID is part of its port’s member set. The none parameter indicates that no VLAN ID is configured on this port. The add and remove parameters will add and remove VLAN IDs to/from the port’s member set.
Command Syntaxswitchport provider-network|customer-network allowed vlan all|none
switchport provider-network|customer-network allowed vlan add|remove|except VLANID
provider-network Provider network port that behaves per the 802.1 AD standard.customer-network Customer network port that behaves per the 802.1 AD standard.all Allow all VLANs to transmit and receive through the Layer-2 interface.none Allow no VLANs to transmit and receive through the Layer-2 interface.add Add a VLAN to the member setremove Remove a VLAN from the member set.except All VLANs, except the VLAN for which the ID is specified, are part of its ports member set.VLANID <2-4094> The ID of the VLAN that will be added to, or removed from, the Layer-2 interface.
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport provider-network allowed vlan add 2
switchport customer-edge access vlanUse this command to change the default customer VLAN on the current interface.
Use the no parameter with this command to remove a previously created customer VLAN with the specified VLAN ID.
Command Syntax(no) switchport customer-edge access vlan VLANID
customer-edge Configured port is a customer-edge port, and the VLAN ID must be a customer VLAN.VLANID <2-4094> Default VLAN ID for the specified interface.
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 277
Command ModeInterface mode
Exampleszebos# configure terminalzebos(config)# interface eth0zebos(config-if)# switchport customer-edge access vlan 3
zebos(config)# interface eth0zebos(config-if)# no switchport customer-edge access vlan
switchport customer-edge hybrid allowed vlanUse this command to set the switching characteristics of the Layer-2 customer facing interface to hybrid. Both tagged and untagged frames will be classified over hybrid interfaces.
Use the no parameter with this command to turn off allowed customer-edge hybrid switching.
Command Syntaxswitchport customer-edge hybrid allowed vlan all|none
switchport customer-edge hybrid allowed vlan add VLANID egress-tagged enable|disable
switchport customer-edge hybrid allowed vlan remove VLANID
customer-edge Configured port is a customer-edge port, and the VLAN ID must be a customer VLAN.all Allow all VLANs to transmit and receive through the Layer-2 interface.none Allow no VLANs to transmit and receive through the Layer-2 interface.add Add a VLAN to the member set.remove Remove a VLAN from the member set.VLANID <2-4094> ID of the VLAN that will be added to, or removed from, the Layer-2 interface.egress-tagged
enable Enable the egress tagging for the outgoing frames.disable Disable the egress tagging for the outgoing frames.
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport customer-edge hybrid allowed vlan add 2 egress-tagged enable
switchport customer-edge hybrid vlanUse this command to set the switching characteristics of the Layer-2 customer facing interface to hybrid.
Use the no parameter with this command to turn off customer-edge hybrid switching.
NSM Layer-2 Commands
278 ©2001-2007 IP Infusion Inc. Confidential
Command Syntaxswitchport customer-edge hybrid vlan VLANID
no switchport customer-edge hybrid vlan
customer-edge Configured port is a customer-edge port, and the VLAN ID must be a customer VLAN.VLANID <2-4094> ID of the VLAN that will be added to, or removed from, the Layer-2 interface.
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport customer-edge hybrid vlan 2
switchport customer-edge vlan registrationUse this command to apply a mapping to the customer edge port.
Use the no parameter with this command to delete the mapping from the interface.
Command Syntaxswitchport customer-edge vlan registration WORD
no switchport customer-edge vlan registration
WORD Name of the CVLAN registration table
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth1ZebOS(config-if)# switchport customer-edge vlan registration customer1
switchport customer-network vlan translationUse this command to add a translation table entry for SVLANs on a customer network port.
Use the no parameter with this command to delete a translation table entry for SVLANs on a customer network port.
Command Syntaxswitchport customer-network vlan translation svlan RVLAN_ID svlan TVLAN_ID
no switchport customer-network vlan translation svlan RVLAN_ID svlan TVLAN_ID
RVLAN_ID <2-4094> ID of the SVLAN to be translated.TVLAN_ID <2-4094> ID of the translated SVLAN.
Command ModeInterface mode
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 279
ExampleZebOS# configure terminalZebOS(config)# interface eth1ZebOS(config-if)# switchport customer-network vlan translation svlan 10 svlan 20
switchport modeUse this command to set the switching characteristics of the Layer-2 as provider-network or customer-network, and specify only tagged frames. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria.
Command Syntaxswitchport mode provider-network|customer-network (ingress-filter enable|disable)
provider-network Provider network port that behaves per the 802.1 AD standard.customer-network Customer network port that behaves per the 802.1 AD standard.ingress-filter Set the ingress filtering for the received frames.
enable Set the ingress filtering for received frames. Received frames that cannot be classified in the previous step based on the acceptable frame type parameter (access/trunk) are discarded.
disable Turn off ingress filtering to accept frames that do not meet the classification criteria. This is the default value.
DefaultThe result of not using this command is that ingress filtering is off, and that all frame types are classified and accepted.
Using this command without the ingress-filter parameter causes this command to use the default values.
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport mode provider-network ingress-filter enable
switchport mode customer-edge accessUse this command to set the switching characteristics of the Layer-2 customer facing interface to access mode, and classify only untagged frames. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria.
Command Syntaxswitchport mode customer-edge access (ingress-filter enable|disable)
customer-edge Configured port is a customer-edge port.ingress-filter Set the ingress filtering for the received frames.
enable Set the ingress filtering for received frames. Received frames that cannot be classified in the previous step based on the acceptable frame type parameter (access/trunk) are discarded.
disable Turn off ingress filtering to accept frames that do not meet the classification criteria. This is the default value.
NSM Layer-2 Commands
280 ©2001-2007 IP Infusion Inc. Confidential
DefaultThe result of not using this command is that ingress filtering is off, and that all frame types are classified and accepted.
Using this command without the ingress-filter parameter causes this command to use the default values.
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport mode customer-edge access ingress-filter enable
switchport mode customer-edge hybridUse this command to set the switching characteristics of the Layer-2 customer facing interface as hybrid, and classify both tagged and untagged frames. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria.
Use the no parameter to reset the mode of the Layer-2 interface to access (default).
Command Syntaxswitchport mode customer-edge hybrid
switchport mode customer-edge hybrid ingress-filter enable|disable
switchport mode customer-edge hybrid acceptable-frame-type vlan-tagged
no switchport mode
customer-edge The port that is configured is a customer edge port.ingress-filter Set the ingress filtering for the frames received.
enable Set the ingress filtering for received frames. Received frames that cannot be classified in the previous step based on the acceptable frame type parameter (access/trunk) are discarded.
disable Turn off ingress filtering to accept frames that do not meet the classification criteria. This is the default value.
acceptable-frame-type Set the Layer-2 interface acceptable frame types. This processing occurs after VLAN classification.
vlan-tagged Accept only classified frames which belong to the port's member set.
DefaultThe result of not using this command is that ingress filtering is off, and that all frame types are classified and accepted.
Using this command without either ingress-filter or acceptable-frame-type parameters causes this command to use the default values for each.
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport mode customer-edge hybrid acceptable-frame-type vlan-tagged
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 281
switchport mode customer-edge trunkUse this command to set the switching characteristics of the Layer-2 customer facing interface as trunk, and specify only tagged frames. Received frames are classified based on the VLAN characteristics, then accepted or discarded based on the specified filtering criteria.
Command Syntaxswitchport mode customer-edge trunk (ingress-filter enable|disable)
customer-edge The port that is configured is a customer edge port.ingress-filter Set the ingress filtering for the frames received.
enable Set the ingress filtering for received frames. Received frames that cannot be classified in the previous step based on the acceptable frame type parameter (access/trunk) are discarded.
disable Turn off ingress filtering to accept frames that do not meet the classification criteria. This is the default value.
DefaultThe result of not using this command is that ingress filtering is off, and that all frame types are classified and accepted.
Using this command without the ingress-filter parameter causes this command to use the default values.
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport mode customer-edge trunk ingress-filter enable
switchport provider-edge vlanUse this command to set the switching characteristics of the Layer-2 logical provider edge port. By default, egress tagging is enabled for all VLANs on the provider edge ports.
Command Syntaxswitchport provider-edge allowed vlan VLANID (egress-tagged enable|disable)
provider-edge The port is the logical port created by the SVLAN on the customer edge port. The VLAN ID must be a customer VLAN, and a mapping for the customer VLAN must already be configured.
VLANID <2-4094> The ID of the VLAN to be configured.egress-tagged
enable Enable the egress tagging for the outgoing frames.disable Disable the egress tagging for the outgoing frames.
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# switchport provider-edge allowed vlan 2 egress-tagged enable
NSM Layer-2 Commands
282 ©2001-2007 IP Infusion Inc. Confidential
switchport provider-network vlan translationUse this command to add a translation table entry for CVLANs on a provider network port.
Use the no parameter with this command to delete a translation table entry for CVLANs on a provider network port.
Command Syntaxswitchport provider-network vlan translation svlan RSVLAN_ID cvlan RCVLAN_ID cvlan TCVLAN_ID
no switchport provider-network vlan translation svlan RSVLAN_ID cvlan RCVLAN_ID
RSVLAN_ID <2-4094> ID of the SVLAN to be translated.RCVLAN_ID <2-4094> ID of the CVLAN to be translated.TCVLAN_ID <2-4094> ID of the translated CVLAN.
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth1ZebOS(config-if)# switchport provider-network vlan translation svlan 10 cvlan 10 cvlan 20
switchport trunk customer-edge allowed vlanUse this command to set the switching characteristics of the customer facing Layer-2 interface to trunk. The all parameter indicates that any VLAN ID is part of its port’s member set. The none parameter indicates that no VLAN ID is configured on this port. The add and remove parameters will add and remove VLAN IDs to/from the port’s member set.
Command Syntaxswitchport customer-edge trunk allowed vlan all|none
switchport customer-edge trunk allowed vlan add|remove|except VLANID
customer-edge The port that is configured is a customer edge port, and the VLAN ID must be a customer VLAN.
all Allow all VLANs to transmit and receive through the Layer-2 interface.none Allow no VLANs to transmit and receive through the Layer-2 interface.add Add a VLAN to the member set.except All VLANs, except the VLAN for which the ID is specified, are part of its ports member set.remove Remove a VLAN from the member set.VLANID <2-4094> ID of the VLAN that will be added to, or removed from, the Layer-2 interface.
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 283
ZebOS(config-if)# switchport customer-edge trunk allowed vlan add 2
vlan typeUse this command to idenitify a VLAN as either a customer VLAN (CVLAN) or a service VLAN (SVLAN), name the VLAN, enable or disable it and specify point-to-point or multipoint-to-mulitpoint operation.
Command Syntaxvlan VLANID type customer|service bridge <1-32> name VLAN_NAME state enable|disable point-point|multipoint-multipointno vlan VLANID type customer|service bridge <1-32>
VLANID The VID of the VLAN to be enabled or disabled on the bridge in the range <2-4094>.type The type of the VLAN; specifies a CVLAN or an SVLAN<1-32> The ID of the bridge group for which the VLAN is affectedVLAN_NAME The ASCII name of the VLAN with a maximum allowable length of 16 charactersenable Sets the VLAN to an enabled statedisable Sets the VLAN to a disabled statepoint-point Denotes that this VLAN has two edge nodes, which can be access ports or customer-edge
portsmultipoint-multipoint Denotes that this VLAN has two edge nodes, which can be access ports or
customer-edge ports
Command ModeVLAN Configuration mode
ExamplesZebOS# configure terminalZebOS(config)# vlan databaseZebOS(config-vlan)#vlan 45 type service bridge 2 point-point
vlan type access-mapUse this command to configure the VLAN access control list.
Command Syntaxvlan type VLANTYPE access-map NAME <1-65535>
VLANTYPE Type of VLANcustomer
service
NAME Name of the VLAN access map<1-65535> Sequence to insert to, or delete from, the existing access-map entry
Command ModeConfigure mode
ExampleZebOS# configure terminalZebOS(config)# vlan type customer access-map ACL1 1
NSM Layer-2 Commands
284 ©2001-2007 IP Infusion Inc. Confidential
vlan type bridgeThis command enables or disables the state of a particular customer or service VLAN on a bridge basis. Specifying the disable state causes all forwarding over the specified VLAN ID on the specified bridge to cease. Specifying the enable state allows forwarding of frames on the specified VLAN-aware bridge.
Use the no parameter with this command to delete a VLAN.
Command Syntaxvlan VLANID type VLANTYPE bridge <1-32> (name VLAN_NAME) state enable|disable
no vlan VLANID type VLANTYPE bridge <1-32>
VLANID <2-4094> ID of the VLAN that will be enabled or disabled on the bridge.VLANTYPE Type of VLAN.
customer
service
<1-32> ID of the bridge-group on which the VLAN will be affected.VLAN_NAME Optional. ASCII name of the VLAN. Maximum length: 16 characters.enable Sets VLAN into an enable state.disable Sets VLAN into a disable state.
Command ModeVLAN Configuration mode
ExampleZebOS# configure terminalZebOS(config)# vlan databaseZebOS(config-vlan)#vlan 45 type service bridge 2 name vlan2 state enable
MEF UNIThis section contains commands for the Metro Ethernet Forum User Netword Interface (MSF UNI).
ce-vlan preserve-cos <1-4094>Use this command to configure Customer Edge (CE) VLAN class of service (COS) preservation for a particular SVLAN. Use the no for of this command to unset preserve-cos.
Command Syntaxce-vlan preserve-cos <1-4094>no ce-vlan preserve-cos <1-4094>
<1-4094> VLAN ID of the service VLAN for which the COS of the CVLANs must be preserved
Command ModeConfigure mode
ExamplesZebOS# configure terminal
NSM Layer-2 Commands
©2001-2007 IP Infusion Inc. Confidential 285
ZebOS(config)# ce-vlan preserve-cos 2
ethernet uniUse this command to configure service multiplexing and bundling on a UNI. Use the no option with this command to remove service multiplexing and bundling from a UNI.
Command Syntaxethernet uni [bundle all-to-one|multiplex]no ethernet uni {bundle all-to-one|multiplex}
bundle CVLAN registration table with only one SVLAN supported on the UNI. Multiple CVLANs can be mapped to the SVLAN.
multiplex UNI supports multiplexing without bundling (one or more) SVLANs with a single CVLAN mapped to each SVLAN.
all-to-one CVLAN registration table with only one SVLAN supported on the UNI. All CVLANs must be mapped to the SVLAN.
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth1ZebOS(config-if)# ethernet uni bundle
ethernet uni id NAMEUse this command to configure the UNI ID of an interface. Use the no form of this command to remove a UNI ID from an interface.
Command Syntaxethernet uni id NAMEno ethernet uni id NAME
NAME Name of the UNI. The maximum allowable length of the name is 64 characters.
UsageThis command can only be given for a customer edge port.
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth1
2protocol-tunnelUse this command in the interface mode to configure the protocol handling on a customer edge/customer network port. The VLAN ID should be given as input only for DOT1x and LACP.
NSM Layer-2 Commands
286 ©2001-2007 IP Infusion Inc. Confidential
Use this command in the configure mode to configure the protocol handling for a particular SVLAN. When using this command in the configure mode, the peer option cannot be used. The peer option also cannot be used with the GVRP/ MVRP protocols.
Command Syntaxl2protocol-tunnel stp|gvrp|gmrp|mvrp|mmrp|lacp|dot1x peer|tunnel|discard <1-4094>
stp|gmrp|gvrp|mvrp|mmrp|dot1x|lacp Protocol for the action specifiedpeer Peer the specified protocol on the interface or service VLAN.tunnel Tunnel the specified protocol on the interface or service VLAN.discard Discard the specified protocol packets on the interface or service VLAN.
DefaultThe default actions for interfaces are tunnel for GMRP/MMRP, peer for LACP, 802.1x and STP, and discard for GVRP/ MVRP.
Note: The Peer option is valid only for STP, LACP and 802.1x.
DefaultThe default action for a Service VLAN is to tunnel.
Command ModeInterface mode
Configure mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth1ZebOS(config-if)# l2protocol-tunnel stp tunnel
©2001-2007 IP Infusion Inc. Confidential 287
CHAPTER 13 NSM LACP Commands
channel-group modeUse this command to add a port to a channel group specified by the channel group number (<1-12>). This command enables link aggregation on a port, so that it may be selected for aggregation by the local system.
Command Syntaxchannel-group <1-12> mode (active|passive)
<1-12> Specify a channel group number.active Enable initiation of LACP negotiation on a portpassive Disable initiation of LACP negotiation on a port
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# channel-group 4 mode active
Related Commandsno channel-group
no channel-groupUse this command to turn off link aggregation on a port.
Command Syntaxno channel-group
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface eht0ZebOS(config-if)# no channel-group
Related Commandschannel-group mode
NSM LACP Commands
288 ©2001-2007 IP Infusion Inc. Confidential
show etherchannelUse this command to display information about an Ether channel specified by the channel-group number.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow etherchannel <1-12>
Command modePrivileged Exec mode
ExampleZebOS# show etherchannel 5
show static-channel-groupUse this command to display all configured static aggregators and their corresponding member ports.
Command Syntaxshow static-channel-group
Command ModePrivileged Exec mode
ExamplesZebOS# show static-channel-group% Static Aggregator: sa1% Member: eth0 eth1% Static Aggregator: sa2% Member: eth2
NSM LACP Commands
©2001-2007 IP Infusion Inc. Confidential 289
static-channel-groupUse this command to create a static aggregator, or add a member port to an already-existing static aggregator. Use the no parameter with this command to detach the port from the static aggregator.
Command Syntaxstatic-channel-group <1-12>
no static-channel-group
<1-12> Channel group number.
Command ModeInterface mode
UsageThis command adds the interface to the static aggregator with the specified key. If the aggregator does not exist, it is created, and the interface is added to it. The no prefix detaches the port from the static aggregator. If the port is the last member to be detached, the static aggregator is deleted.
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# static-channel-group 2
NSM LACP Commands
290 ©2001-2007 IP Infusion Inc. Confidential
©2001-2007 IP Infusion Inc. Confidential 291
CHAPTER 14 NSM VPLS Commands
mpls vplsUse this command to create an instance of Virtual Private LAN Service (VPLS). It also switches the command mode to VPLS mode.
Use the no parameter to delete a VPLS instance.
Command Syntax(no) mpls vpls NAME [<1-100000>]
NAME Specifies a string for identifying the VPLS instance.<1-100000> Specifies a 32-bit VPLS identifier value. This value must be specified for creating a new
VPLS instance. It might not be specified if a pre-existing VPLS instance is being updated.
Command ModeConfigure mode
ExamplesZebOS# configure terminalZebOS(config)# mpls vpls test 34ZebOS(config-vpls)#
mpls-vplsUse this command to associate an interface with a VPLS instance.
Use the no parameter to delete VPLS instance.
Command Syntax(no) mpls-vpls NAME
NAME Specifies a string identifying the VPLS instance.
Command ModeInterface mode
ExamplesZebOS# configure terminalZebOS(config)# interface eth0ZebOS(config-if)# mpls-vpls t1
show mpls vplsUse this command to display all configured VPLS instances. Specify the name of a VPLS instance for displaying information about a specific instance.
NSM VPLS Commands
292 ©2001-2007 IP Infusion Inc. Confidential
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls vpls (NAME)
NAME specifies the string identifying a VPLS instance.
Command ModeExec and Privileged Exec mode
UsageUsing show mpls vpls command without parameters displays information about all VPLS instances. The following are two sample outputs displaying information about all VPLS instances and a specified instance.
ZebOS# show mpls vpls Name VPLS-ID Type MPeers SPeers Statet1 1 Ethernet VPLS 2 1 Activet2 2 Ethernet VPLS 2 0 Active
ZebOS# show mpls vpls t1Virtual Private LAN Service Instance: t1, ID: 1 Group ID: 0, VPLS Type: Ethernet VPLS, Configured MTU: 0 Description: none Configured interfaces: none Mesh Peers: 192.168.0.80 (Up) 192.168.0.90 (Up) Spoke Peers: t100 (Up)
ExampleZebOS# show mpls vpls VPLS1
show mpls vpls detailUse this command to display detailed information about all configured VPLS instances.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls vpls detail
Command ModeExec and Privileged Exec mode
UsageThe following is a sample output of the show mpls vpls detail command displaying detailed information about all configured VPLS instances.
ZebOS# show mpls vpls detail Virtual Private LAN Service Instance: t1, ID: 1 Group ID: 0, VPLS Type: Ethernet VPLS, Configured MTU: 0
NSM VPLS Commands
©2001-2007 IP Infusion Inc. Confidential 293
Description: none Configured interfaces: none Mesh Peers: 192.168.0.80 (Up) 192.168.0.90 (Up) Spoke Peers: t100 (Up)
Virtual Private LAN Service Instance: t2, ID: 2 Group ID: 0, VPLS Type: Ethernet VPLS, Configured MTU: 0 Description: none Configured interfaces: none Mesh Peers: 192.168.0.80 (Up) 192.168.0.90 (Up)
ExampleZebOS# show mpls vpls detail
show mpls vpls meshUse this command to display information about all the core Virtual Circuit (VC) connections for all VPLS instances. Specify the name of a VPLS instance for displaying information about a specific instance.
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls vpls (NAME) mesh
NAME specifies the string identifying a VPLS instance.
Command ModeExec and Privileged Exec mode
UsageThe following is a sample output of the show mpls vpls mesh command displaying information about all the core VC connections for all VPLS instances.
ZebOS# show mpls vpls mesh VPLS-ID Peer Addr In-Intf In-Label Out-Intf Out-Label Lkps/St1 192.168.0.80 eth0 16 eth0 640 1/Up1 192.168.0.90 eth1 18 eth1 642 1/Up2 192.168.0.80 eth0 19 eth0 641 1/Up2 192.168.0.90 eth1 17 eth1 643 1/Up
ExampleZebOS# show mpls vpls VPL1 meshZebOS# show mpls vpls mesh
show mpls vpls spokeUse this command to display information about all the spoke VC connections for all VPLS instances. Specify the name of a VPLS instance for displaying information about a specific instance.
NSM VPLS Commands
294 ©2001-2007 IP Infusion Inc. Confidential
To modify the lines displayed, use the | (output modifier token); to save the output to a file, use the > output redirection token. For more information, see the ZebOS Command Line Interface Environment chapter.
Command Syntaxshow mpls vpls (NAME) spoke
NAME specifies the string identifying a VPLS instance
Command ModeExec and Privileged Exec mode
UsageThe following is a sample output of the show mpls vpls spoke displaying the spoke VC connection to the VPLS instance.
ZebOS# show mpls vpls spoke VPLS-ID Virtual Circuit In-Intf In-Label Out-Intf Out-Label Lkps/St1 t100 eth2 20 eth2 640 1/Up
ExampleZebOS# show mpls vpls spokeZebOS# show mpls vpls VP1 spoke
vpls-descriptionUse this command to add a description line for a VPLS instance.
Use the no parameter to remove a VPLS description line.
Command Syntax(no) vpls-description LINE
LINE specifies a description line for this VPLS.
Command ModeVPLS Mode
ExampleZebOS# configure terminalZebOS(config)# mpls vpls test 34ZebOS(config-vpls)# vpls-description This is for testing
vpls-mtuUse this command to set the Maximum Transmission Unit (MTU) size for a given VPLS instance. This size is signaled to peer VPLS routers.
Use the no parameter to unset the MTU size.
Command Syntax(no) vpls-mtu <576-65535>
<576-65535> Allowed MTU size to be used for a given VPLS instance.
NSM VPLS Commands
©2001-2007 IP Infusion Inc. Confidential 295
Command ModeVPLS Mode
ExampleZebOS# configure terminalZebOS(config)# mpls vpls test 34ZebOS(config-vpls)# vpls-mtu 6506
vpls-peerUse this command to create a VPLS Virtual Circuit with a core router.
Use the no parameter to delete the VPLS Virtual Circuit to a specified peer.
Command Syntax(no) vpls-peer A.B.C.D
A.B.C.D Specifies the IP address of a VPLS peer node to which a mesh Virtual Circuit is to be created.
Command Mode VPLS Mode
UsageThe Virtual Circuit ID is the same as the VPLS ID configured for this VPLS. At least one such peer configuration is required for every VPLS instance.
ExampleZebOS# configure terminalZebOS(config)# mpls vpls test 34ZebOS(config-vpls)# vpls-peer 10.10.0.34
vpls-vcUse this command to bind an instance of MPLS Virtual Circuit to VPLS.
Use the no parameter to unbind the specified Virtual Circuit from a VPLS instance.
Command Syntax(no) vpls-vc NAME
NAME is a string identifying the MPLS Virtual Circuit to be added to this VPLS instance.
Command ModeVPLS Mode
UsageA given Virtual Circuit can either be bound to an interface or a VPLS instance, but not to both at the same time. This VC is generally termed as spoke VC as it connects a core VPLS router to a spoke node.
NSM VPLS Commands
296 ©2001-2007 IP Infusion Inc. Confidential
ExampleZebOS# configure terminalZebOS(config)# mpls vpls test 34ZebOS(config-vpls)# vpls-vc VC1
©2001-2007 IP Infusion Inc. Confidential 297
CHAPTER 15 Tunneling Commands
This chapter contains ZebOS commands related to IP tunneling. These commands are available only if tunneling configuration options are enabled when compiling the kernel (for example, IP:Tunneling under Networking Options). Refer to Configuring and Compiling the Linux Kernel appendix in the ZebOS Installation Guide for details.
interface tunnelUse this command to create a new tunnel interface.
Use the no parameter to destroy the tunnel interface.
Command Syntax(no) interface tunnel <0-2147483647>
DefaultDisabled
Command ModeConfigure mode
UsageThis command creates a new tunnel interface.
Example ZebOS# configure terminal ZebOS(config)# interface tunnel 100 ZebOS(config-if)#
Related Commandstunnel mode, tunnel source, tunnel destination
tunnel checksumUse this command to enable a checksum feature for the tunnel. Use the no parameter to disable the feature.
Command Syntax(no) tunnel checksum
DefaultDisabled
Command ModeInterface mode
Tunneling Commands
298 ©2001-2007 IP Infusion Inc. Confidential
UsageThis command enables a checksum feature for the tunnel. When configuring the tunnel checksum, make sure to:
• configure the tunnel checksum feature before configuring the tunnel source and destination.
• configure the tunnel checksum on both ends of the tunnel.
Example ZebOS# configure terminal ZebOS(config)# interface tunnel 0 ZebOS(config-if)# tunnel mode gre ZebOS(config-if)# tunnel checksum ZebOS(config-if)# tunnel source 192.168.1.1 ZebOS(config-if)# tunnel destination 192.168.254.2
Related Commandsinterface tunnel, tunnel mode, tunnel source, tunnel destination
tunnel destinationUse this command to specify a tunnel destination address in an IPv4 portion. Use the no parameter to unspecify the address.
Command Syntax(no) tunnel destination A.B.C.D
A.B.C.D Tunnel destination IPv4 address
Command ModeInterface mode
UsageThis command specify a tunnel destination address.
Example ZebOS# configure terminal ZebOS(config)# interface tunnel 200 ZebOS(config-if)# tunnel mode ipip ZebOS(config-if)# tunnel source 10.10.0.1 ZebOS(config-if)# tunnel destination 10.11.0.1
Related CommandsInterface tunnel, tunnel mode, tunnel source
tunnel modeUse this command to configure an IPv4 tunnel mode.
Use the no parameter to unconfigure the mode.
Tunneling Commands
©2001-2007 IP Infusion Inc. Confidential 299
Command Syntax (no) tunnel mode (gre|ipip)
gre Generic Routing Encapsulation (GRE) tunnel mode.ipip IPIP tunnel mode.
Command ModeInterface mode
UsageThis command specifies a tunnel encapsulation mode. Currently, GRE and IPIP mode are supported. The GRE tunnel mode is used for IPv4 to IPv4 tunneling, as well as, IPv6 to IPv4 tunneling.
Example ZebOS# configure terminal ZebOS(config)# interface tunnel 2 ZebOS(config-if)# tunnel source 192.168.1.1 ZebOS(config-if)# tunnel destination 192.168.2.1 ZebOS(config-if)# tunnel mode gre
Related CommandsInterface tunnel, tunnel mode ipv6ip, tunnel source, tunnel destination
tunnel mode ipv6ipUse this command to specify the IPv6 transition tunnel mode.
Use the no parameter to unconfigure the mode.
Command Syntax(no) tunnel mode ipv6ip (6to4|isatap)
6to4 6to4 automatic tunnel mode.isatap ISATAP automatic tunnel mode.Note: Using this command without the 6to4 or isatap parameters specifies manual configuration
mode.
Command ModeInterface mode
UsageThis command specifies a tunnel encapsulation mode for IPv6 in IPv4.
Example ZebOS# configure terminal ZebOS(config)# interface tunnel 0 ZebOS(config-if)# tunnel source 10.10.1.1 ZebOS(config-if)# tunnel destination 10.10.2.1 ZebOS(config-if)# tunnel mode ipv6ip
Tunneling Commands
300 ©2001-2007 IP Infusion Inc. Confidential
Related CommandsInterface tunnel, tunnel mode, tunnel source, tunnel destination
tunnel path-mtu-discoveryUse this command to enable path Maximum Transmission Unit (MTU) discovery in the underlying tunnel interface.
Use the no parameter to disable this feature.
Command Syntax(no) tunnel path-mtu-discovery
DefaultDisabled
Command ModeInterface mode
UsageThis command enables the path MTU discovery feature in the underlying physical interface.
Example ZebOS# configure terminal ZebOS(config)# interface tunnel 0 ZebOS(config-if)# tunnel mode gre ZebOS(config-if)# tunnel source 192.168.0.1 ZebOS(config-if)# tunnel destination 10.0.0.1 ZebOS(config-if)# tunnel path-mtu-discovery
Related CommandsInterface tunnel, tunnel mode, tunnel source, tunnel destination, tunnel ttl
tunnel sourceUse this command to specify a tunnel source address in a IPv4 portion.
Use the no parameter to unspecify the tunnel source address.
Command Syntax(no) tunnel source A.B.C.D
A.B.C.D IPv4 tunnel source address
Command ModeInterface mode
UsageThis command specifies a tunnel source address.
Tunneling Commands
©2001-2007 IP Infusion Inc. Confidential 301
Example ZebOS# configure terminal ZebOS(config)# interface tunnel 0 ZebOS(config-if)# tunnel mode gre ZebOS(config-if)# tunnel destination 10.10.1.1 ZebOS(config-if)# tunnel source 10.11.2.1
Related Commandsinterface tunnel, tunnel mode, tunnel destination
tunnel tosUse this command to specify a value of Type of Service (TOS) in the tunnel IPv4 encapsulation header.
Use the no parameter to make 0 the default value.
Command Syntax(no) tunnel tos <0-255>
DefaultThe default TOS value is 0.
Command ModeInterface mode
UsageThis command specifies a value of Type of Service (TOS) in the tunnel IPv4 encapsulation header.
Example ZebOS# configure terminal ZebOS(config)# interface tunnel 0 ZebOS(config-if)# tunnel mode gre ZebOS(config-if)# tunnel destination 192.168.10.2 ZebOS(config-if)# tunnel source 192.168.11.1 ZebOS(config-if)# tunnel tos 10
Related CommandsInterface tunnel, tunnel mode, tunnel source, tunnel destination
tunnel ttlUse this command to specify a value of Time to Live (TTL) in the tunnel IPv4 encapsulation header.
Use the no parameter to inheriting the underlying physical interface value by default.
Command Syntax(no) tunnel ttl <1-255>
Tunneling Commands
302 ©2001-2007 IP Infusion Inc. Confidential
DefaultBy default, physical interface value is inherited.
Command ModeInterface mode
UsageThis command specifies a value of Time to Live (TTL) in the tunnel IPv4 encapsulation header. Enable the path-mtu-discovery before setting the TTL value. However, the first time you set the TTL value, and the path-mtu-discovery is not set, the system automatically enables the path-mtu-discovery.
Example ZebOS# configure terminal ZebOS(config)# interface tunnel 0 ZebOS(config-if)# tunnel mode gre ZebOS(config-if)# tunnel destination 192.168.128.1 ZebOS(config-if)# tunnel source 192.168.0.1 ZebOS(config-if)# tunnel ttl 255
Related Commandstunnel path-mtu-discovery
©2001-2007 IP Infusion Inc. Confidential 303
CHAPTER 16 Remote Monitoring Commands
This chapter contains all Remote Monitoring (RMON) related commands in alphabetical order.
rmon alarmUse this command to configure alarm parameters, such as, alarm type, thresholds, and corresponding events on crossing the threshold for a particular variable.
Use the no form of this command to remove the alarm configuration.
Command Syntaxrmon alarm IX_VAL OID_VAR interval <1-65535> SAMPLE_TYPE rising-threshold <1-65535> event <1-65535> falling-threshold <1-65535> event <1-65535> (owner WORD)
no rmon alarm IX_VAL
IX_VAL = 1-65535 Alarm entry index valueOID_VAR = WORD Variable Object Identifier (OID) name to be monitoredinterval Polling interval in secondsSAMPLE_TYPE = delta|absolute Alarm sample typerising-threshold Rising threshold value of the alarm entry
event Event corresponding to the alarm crossing the rising threshold value of the alarm entryfalling-threshold Falling threshold value of the alarm entry
event Event corresponding to the alarm crossing the falling threshold value of the alarm entryowner Owner name to identify entry
Command ModeConfigure mode
DefaultNo default alarm is created.
ExamplesZebOS# configure terminalZebOS(config)# rmon alarm 229 etherStatsEntry.1.5 interval 50 delta rising-threshold 400 falling-threshold 600
rmon collection historyUse this command to configure a history statistics control group. History statistics parameters can be requested buckets, interval, and owner name on a particular interface. The number of history statistics buckets, and the interval to collect them, can be specified. The system based on the available memory configures the granted buckets.
Use the no form of this command to remove the history control configuration.
Remote Monitoring Commands
304 ©2001-2007 IP Infusion Inc. Confidential
Command Syntaxrmon collection history IX_VAL (buckets <1-65535>) (interval <1-3600>) (owner WORD)
no rmon collection history IX_VAL
IX_VAL = 1-65535 History control entry index valueinterval Polling interval in secondsbuckets Number of requested bucketsowner Owner name to identify the entry
Command ModeInterface mode
DefaultThere is no default collection history configuration.
UsageThe granted buckets are same as the requested buckets.
ExamplesZebOS# configure terminal ZebOS(config)# interface eth1ZebOS(config-if)# rmon collection history 200 buckets 500 interval 600 owner herbert
rmon collection statsUse this command to configure an Ethernet statistics parameter, such as, index and owner name, on a particular interface.
Use the no form of this command to remove the collection statistics configuration.
Command Syntaxrmon collection stats IF_INDEX <1-65535> (owner WORD)
no rmon collection stats <1-65535>
IF_INDEX Interface Indexowner Owner name to identify the entry
Command ModeInterface mode
DefaultEthernet statistics probe is not running.
ExamplesZebOS# configure terminal ZebOS(config)# interface eth1ZebOS(config-if)# rmon collection stats 200 owner herbert
Remote Monitoring Commands
©2001-2007 IP Infusion Inc. Confidential 305
rmon eventUse this command to configure event parameters, such as, event type, description, and the community string corresponding to the trap if the event type is trap.
Use the no form of this command to remove the event configuration.
Command Syntaxrmon event IX_VAL TYPE (description WORD) (owner WORD)
no rmon event IX_VAL
IX_VAL = 1-65535 Event entry index valueTYPE = log|trap WORD|log trap WORD Event type
log Log event typetrap Trap event typelog trap Log and trap event typeWORD Community string corresponding to the trap
description Event entry descriptionowner Owner name to identify the entry
Command ModeConfigure mode
DefaultNo default event is created.
UsageThe configured trap community does not take effect as the trap sending is handled by the SNMP daemon.
ExamplesZebOS# configure terminal ZebOS(config)# rmon event 299 log description cond3 alfred
show rmon alarmUse this command to display the alarms and threshold configured for the RMON probe.
Command Syntaxshow rmon alarm
Command ModeExec and Privileged Exec modes
ExamplesZebOS# show rmon alarm
Remote Monitoring Commands
306 ©2001-2007 IP Infusion Inc. Confidential
show rmon eventUse this command to display the events configured for the RMON probe.
Command Syntaxshow rmon event
Command ModeExec mode
ExamplesZebOS# show rmon event
show rmon historyUse this command to display the history Ethernet statistics collected on a particular interface.
Command Syntaxshow rmon history
Command ModeExec mode
ExamplesZebOS# show rmon history
show rmon statisticsUse this command to display the Ethernet statistics collected on a particular interface.
Command Syntaxshow rmon statistics
Command ModeExec mode
ExamplesZebOS# show rmon statistics
©2001-2007 IP Infusion Inc. Confidential 307
CHAPTER 17 Interpeak Security Commands
This chapter contains all commands related to Interpeak Security (IPSec) listed by function. Within each function listing, the commands are listed alphabetically.
Clear Commands
clear crypto isakmpUse this command to clear active IKE connections in Exec configuration mode.
Command Syntaxclear crypto isakmp
Command modeExec mode
UsageUse this command to clear active IKE connections.
clear crypto saUse this command in global configuration mode to delete IPSec security associations.
Command Syntaxclear crypto sa
Command modeExec mode
UsageIf the security associations are manually established, the security associations are deleted and reinstalled.
If you make configuration changes that affect security associations, these changes will not apply to existing security associations but to negotiations for subsequent security associations. You can use the clear crypto sa command to restart all security associations so they will use the most current configuration settings. In the case of manually established security associations, if you make changes that affect security associations you must use the clear crypto sa command before the changes take effect.
This commands clears (and reinitializes if appropriate) all IPSec security associations at the router.
Interpeak Security Commands
308 ©2001-2007 IP Infusion Inc. Confidential
clear crypto sa entry Use this command in global configuration mode to delete specific IPSec security associations with the specified address, protocol, and SPI.
Command Syntaxclear crypto sa entry destination-address A.B.C.D protocol (ah | esp) spi SPI
ah AH protocolesp ESP protocolSPI SPI Parameter Index of the SA to be reset
Command modeExec mode
UsageSame as clear crypto sa command.
clear crypto sa map Use this command in global configuration mode to delete specific IPSec security associations with the given name.
Command Syntaxclear crypto sa map MAP_NAME
MAP_NAME Name of specific IP security associations
Command modeExec mode
UsageSame as clear crypto sa command.
clear crypto sa peerUse this command in global configuration mode to delete specific IPSec security associations for the specified peer.
Command Syntaxclear crypto sa peer <ip-address>
Command modeExec mode
UsageSame as clear crypto sa command.
Interpeak Security Commands
©2001-2007 IP Infusion Inc. Confidential 309
Crypto Map Commands
crypto ipsec security-association lifetime Use this command in global configuration mode to change global lifetime values used when negotiating IPSec security associations.
Use the no form of the command to reset a lifetime to the default value.
Command Syntaxcrypto ipsec security-association lifetime (seconds|kilobytes) LIFETIME
no crypto ipsec security-association lifetime (seconds|kilobytes)
seconds LIFETIME Specifies the number of seconds the security association will live before expiringkilobytes LIFETIME Specifies the volume of traffic (in kilobytes) that can pass between IPSec peers
before the security association expires
Command modeGlobal configuration mode
Defaults3600 seconds (one hour) and 4,608,000 kilobytes (10 megabits per second for one hour).
UsageIPSec security associations use shared secret keys. These keys and their security associations time out together.
Assuming that the particular crypto map entry does not have lifetime values configured, when the router requests new security associations during security association negotiation, it will specify its global lifetime value in the request to the peer; it will use this value as the lifetime of the new security associations. When the router receives a negotiation request from the peer, it will use the smaller of the lifetime value proposed by the peer or the locally configured lifetime value as the lifetime of the new security associations.
If you change a global lifetime, the change is only applied when the crypto map entry does not have a lifetime value specified. The change will not be applied to existing security associations, but will be used in subsequent negotiations to establish new security associations. If you want the new settings to take effect sooner, you can clear all or part of the security association database by using the clear crypto sa command.
The lifetime values are ignored for manually established security associations.
crypto ipsec transform-set Use this command in global configuration mode to define a transform set—an acceptable combination of security protocols and algorithms.
Use the no form of the command to delete a transform set.
Command Syntaxcrypto ipsec transform-set NAME ah (None|ah-md5|ah-sha1)
crypto ipsec transform-set NAME esp-auth (None|esp-md5|esp-sha1) esp-enc (esp-null|esp-des|esp-3des|esp-aes|esp-blf|esp-cast)
Interpeak Security Commands
310 ©2001-2007 IP Infusion Inc. Confidential
no crypto ipsec transform-set NAME
NAME Name of the transform setah-md5 AH with the MD5 (HMAC variant) authentication algorithmah-sha1 AH with the MD5 (HMAC variant) authentication algorithmesp-nul Null encryption algorithmesp-des ESP with the 56-bit encryption algorithmesp-3des ESP with the 168-bit DES encryption algorithm (3DES or Triple DES)esp-aes Alternative AES algorithmesp-blf Alternative Blowfish algorithmesp-cast Alternative Cast algorithm
Command modeConfigure mode
UsageA transform set is an acceptable combination of security protocols, algorithms and other settings to apply to IPSec protected traffic. During the IPSec security association negotiation, the peers agree to use a particular transform set when protecting a particular data flow.
You can configure multiple transform sets, and then specify one or more of these transform sets in a crypto map entry.
When IKE is not used to establish security associations, a single transform st must be used. The transform set is not negotiated.
Before a transform set can be included in a crypto map entry it must be defined using this command. A transform set specifies one or two IPSec security protocols (either ESP or AH or both) and specifies which algorithms to use with the selected security protocol.
If one or more transforms are specified in the crypto ipsec transform-set command for an existing transform set, the specified transforms will replace the existing transforms for that transform set.
If you change a transform set definition, the change is only applied to crypto map entries that reference the transform set. The change will not be applied to existing security associations, but will be used in subsequent negotiations to establish new security associations. If you want the new settings to take effect sooner, you can clear all or part of the security association database by using the clear crypto sa command.
crypto map ipsec-manual | ipsec-isakmpUse this command in global configuration mode to create or modify a crypto map entry and enter the crypto map configuration mode.
Use the no form of this command to delete a crypto map entry or set.
Command Syntaxcrypto map MAP-NAME SEQ-NUM ipsec-manual | ipsec-isakmp
no crypto map MAP-NAME (SEQ-NUM|)
MAP-NAME The name you assign to the crypto map setSEQ-NUM The number you assign to the crypto map entryipsec-manual Indicates that IKE will not be used to establish the IPSec security associations for
protecting the traffic specified by this crypoto map entryipsec-isakmp Indicates that IKE will be used to establish the IPSec security associations for protecting
the traffic specified by this crypoto map entry
Interpeak Security Commands
©2001-2007 IP Infusion Inc. Confidential 311
Command modeGlobal configuration mode
UsageUse this command to create a new crypto map entry or to modify an existing crypto map entry.
Once a crypto map entry has been created, you cannot change the parameters specified at the global configuration level because these parameters determine which of the configuration commands are valid at the crypto map level. For example, once a map entry has been created as ipsec-isakmp, you cannot change it to ipsec-manual or cisco; you must delete and reenter the map entry.
After you define crypto map entries, you can assign the crypto map set to interfaces using the crypto map (interface IPSec) command.
crypto map local-addressUse this command in global configuration mode to specify and name an identifying interface to be used by the crypto map for IPSec traffic.
Use the no form of the command to remove this command from the configuration.
Command Syntaxcrypto map MAP-NAME local-address INTERFACE-ID
no crypto map MAP-NAME local-address
MAP-NAME The name that identifies the crypto map setINTERFACE-ID Specify the identifying interface that should be used by the router to identify itself to
remote peers
Command modeGlobal configuration mode
UsageIf you apply the same crypto map to two interfaces and do not use this command, two separate security associations (with different local IP addresses) could be established to the same peer for similar traffic. If you are using the second interface as redundant to the first interface, it could be preferable to have a single security association (with a single local IP address) created for traffic sharing the two interfaces. Having a single security association decreases overhead and makes administration simpler.
match address Use this command in crypto map configuration mode to specify an extended access list for a crypto map entry.
Use the no form of this command to remove the extended access list from a crypto map entry.
Command Syntaxmatch address ACCESSLIST-ID
no match address ACCESSLIST-ID
match ipv6-address ACCESSLIST-NAME
no match ipv6-address ACCESSLIST-NAME
Interpeak Security Commands
312 ©2001-2007 IP Infusion Inc. Confidential
ACCESSLIST-ID Identifies the extended access list by its numberACCESSLIST-NAME Identifies the extended access list by its name
Command modeCrypto map configuration mode
UsageUse this command to assign an extended access list to a crypto map entry. You also need to define this access list using the access-list or ip access-list extended commands.
The extended access list specified with this command will be used by IPSec to determine which traffic should be protected by crypto and which traffic does not need crypto protection. (Traffic that is permitted by the access list will be protected. Traffic that is denied by the access list will not be protected in the context of the corresponding crypto map entry.)
Note that the crypto access list is not used to determine whether to permit or deny traffic through the interface. An access list applied directly to the interface makes that determination.
The crypto access list specified by this command is used when evaluating both inbound and outbound traffic. Outbound traffic is evaluated against the crypto access lists specified by the interface's crypto map entries to determine if it should be protected by crypto and if so (if traffic matches a permit entry) which crypto policy applies. (If necessary, in the case of static IPSec crypto maps, new security associations are established using the data flow identity as specified in the permit entry; in the case of dynamic crypto map entries, if no SA exists, the packet is dropped.) After passing the regular access lists at the interface, inbound traffic is evaluated against the crypto access lists specified by the entries of the interface's crypto map set to determine if it should be protected by crypto and, if so, which crypto policy applies. (In the case of IPSec, unprotected traffic is discarded because it should have been protected by IPSec.)
In the case of IPSec, the access list is also used to identify the flow for which the IPSec security associations are established. In the outbound case, the permit entry is used as the data flow identity (in general), while in the inbound case the data flow identity specified by the peer must be "permitted" by the crypto access list.
mode Use this command in crypto transform configuration mode to change the mode for a transform set.
Use the no form of the command to reset the mode to the default value of tunnel mode.
Command Syntaxmode (tunnel | transport)
no mode
tunnel Specifies the tunnel mode for a transform settransport Specifies the transport mode for a transform set
Command modeCrypto transform configuration mode
UsageUse this command to change the mode specified for the transform. This setting is only used when the traffic to be protected has the same IP addresses as the IPSec peers (this traffic can be encapsulated either in tunnel or transport mode). This setting is ignored for all other traffic (all other traffic is encapsulated in tunnel mode).
Interpeak Security Commands
©2001-2007 IP Infusion Inc. Confidential 313
If you use this command to change the mode, the change will only affect the negotiation of subsequent IPSec security associations via crypto map entries which specify this transform set. (If you want the new settings to take effect sooner, you can clear all or part of the security association database. See the clear crypto sa command for more details.
set peer Use this command in crypto map configuration mode.to specify an IPSec peer in a crypto map entry.
Use the no form of this command to remove an IPSec peer from a crypto map entry.
Command Syntaxset peer A.B.C.D
no set peer A.B.C.D
set ipv6 peer X:X::X:X
no set ipv6 peer X:X::X:X
A.B.C.D IPv4 addressX:X::X:X IPv6 address
Command modeCrypto map configuration mode
UsageUse this command to specify an IPSec peer for a crypto map.
For ipsec-isakmp crypto map entries, you can specify multiple peers by repeating this command. The peer that packets are actually sent to is determined by the last peer that the router heard from (received either traffic or a negotiation request from) for a given data flow. If the attempt fails with the first peer, IKE tries the next peer on the crypto map list.
For ipsec-manual crypto entries, you can specify only one IPSec peer per crypto map. If you want to change the peer, you must first delete the old peer and then specify the new peer.
set security-association lifetimeUse this command in crypto map configuration mode to override the global lifetime value for a particular crypto map entry. The global lifetime value is used when negotiating IPSec security associations.
Use the no form of this command to reset a crypto map entry’s lifetime value to the global value.
Command Syntaxset security-association lifetime seconds | kilobytes LIFETIME
no set security-association lifetime seconds | kilobytes LIFETIME
seconds LIFETIME Specifies the number of seconds a security association will live before expiringkilobytes LIFETIME Specifies the volume of traffic (in kilobytes) that can pass between IPSec peers
using a given security association before that security association expires
Command modeCrypto map configuration mode
Interpeak Security Commands
314 ©2001-2007 IP Infusion Inc. Confidential
DefaultsThe crypto map’s security associations are negotiated according to the global lifetimes.
UsageThis command is only available for ipsec-isakmp crypto map entries and dynamic crypto map entries.
IPSec security associations use shared secret keys. These keys and their security associations time out together.
Assuming that the particular crypto map entry has lifetime values configured, when the router requests new security associations during security association negotiation, it will specify its crypto map lifetime value in the request to the peer; it will use this value as the lifetime of the new security associations. When the router receives a negotiation request from the peer, it will use the smaller of the lifetime value proposed by the peer or the locally configured lifetime value as the lifetime of the new security associations.
There are two lifetimes: a "timed" lifetime and a "traffic-volume" lifetime. The session keys/security association expires after the first of these lifetimes is reached.
set session-keyUse this command in crypto map configuration mode to manually specify the IPSec session keys within a crypto map entry. This command is only available for ipsec-manual crypto map entries.
Use the no form of this command to remove IPSec session keys from a crypto map entry.
Command Syntaxset session-key (inbound|outbound) ah SPI HEX-KEY-DATA
no set session-key (inbound|outbound) ah
set session-key (inbound|outbound) esp SPI cipher HEX-KEY-DATA authenticator HEX_KEY_DATA
no set session-key (inbound|outbound) esp
inbound Sets the inbound IPSec session keyoutbound Sets the outbound IPSec session keyah Sets the IPSec session key for the AH protocolSPI Specifies the Security Parameter Index (SPI), a number that is used to uniquely identify a security
associationHEX-KEY-DATA Specifies the session key; enter in hexadecimal format
Command modeCrypto map configuration mode
UsageUse this command to define IPSec keys for security associations via ipsec-manual crypto map entries. (In the case of ipsec-isakmp crypto map entries, the security associations with their corresponding keys are automatically established via the IKE negotiation.)
If the crypto map's transform set includes an AH protocol, you must define IPSec keys for AH for both inbound and outbound traffic. If the crypto map's transform set includes an ESP encryption protocol, you must define IPSec keys for ESP encryption for both inbound and outbound traffic. If your transform set includes an ESP authentication protocol, you must define IPSec keys for ESP authentication for inbound and outbound traffic.
When you define multiple IPSec session keys within a single crypto map, you can assign the same security parameter index (SPI) number to all the keys. The SPI is used to identify the security association used with the crypto map.
Interpeak Security Commands
©2001-2007 IP Infusion Inc. Confidential 315
However, not all peers have the same flexibility in SPI assignment. You should coordinate SPI assignment with your peer's operator, making certain that the same SPI is not used more than once for the same destination address/protocol combination.
Security associations established via this command do not expire (unlike security associations established via IKE).
Session keys at one peer must match the session keys at the remote peer.
If you change a session key, the security association using the key will be deleted and reinitialized.
set transform-set Use this command in crypto map configuration mode to specify which transform sets can be used with the crypto map entry.
Use the no form of this command to remove all transform sets from a crypto map entry.
Command Syntaxset transform-set NAME
no set transform-set NAME
NAME The name that identifies the crypto map set
Command modeCrypto map configuration mode
UsageUse this command to specify which transform sets to include in a crypto map entry.
For an ipsec-isakmp crypto map entry, you can list multiple transform sets with this command. List the higher priority transform sets first.
If the local router initiates the negotiation, the transform sets are presented to the peer in the order specified in the crypto map entry. If the peer initiates the negotiation, the local router accepts the first transform set that matches one of the transform sets specified in the crypto map entry.
The first matching transform set that is found at both peers is used for the security association. If no match is found, IPSec will not establish a security association. The traffic will be dropped because there is no security association to protect the traffic.
For an ipsec-manual crypto map entry, you can specify only one transform set. If the transform set does not match the transform set at the remote peer's crypto map, the two peers will fail to correctly communicate because the peers are using different rules to process the traffic.
If you want to change the list of transform sets, re-specify the new list of transform sets to replace the old list. This change is only applied to crypto map entries that reference this transform set. The change will not be applied to existing security associations, but will be used in subsequent negotiations to establish new security associations. If you want the new settings to take effect sooner, you can clear all or part of the security association database by using the clear crypto sa command.
Any transform sets included in a crypto map must previously have been defined using the crypto ipsec transform-set command.
Interpeak Security Commands
316 ©2001-2007 IP Infusion Inc. Confidential
ISAKMP Configuration Commands
crypto isakmp enableUse this command to globally enable IKE (Internet Key Exchange) at your peer router in global configuration mode.
Use the no form of this command to disable IKE at the peer.
Command Syntaxcrypto isakmp enable
no crypto isakmp enable
Command modeISAKMP policy configuration mode (config-isakmp)
UsageIKE is enabled by default. IKE does not have to be enabled for individual interfaces, but is enabled globally for all interfaces at the router.
If you do not want IKE to be used in your IPSec implementation, you can disable IKE at all your IPSec peers. If you disable IKE at one peer you must disable it at all your IPSec peers.
crypto isakmp keepalive Use this command to send Internet Key Exchange (IKE) keepalive messages from one router to another router in global configuration mode. To disable keepalives, use the no form of this command.
Command Syntaxcrypto isakmp keepalive SECS
no crypto isakmp keepalive
SECS Number of seconds between keepalive messages
Command modeISAKMP policy configuration mode (config-isakmp)
UsageThe crypto isakmp keepalive command is used to send IKE keepalives, which detect the continued connectivity of an IKE security association (SA), between two peer points.
crypto isakmp keyUse this command to configure a preshared authentication key in global configuration mode. You must configure this key whenever you specify preshared keys in an IKE policy.
Use the no form of this command to remove the configuration.
Interpeak Security Commands
©2001-2007 IP Infusion Inc. Confidential 317
Command Syntax(no) crypto isakmp key KEY address A.B.C.D/M
(no) crypto isakmp key KEY ipv6-address X:X::X:X/M
KEY Specify the preshared key. Us any combination of alphanumeric characters up to 128 bytes.A.B.C.D/M IPv4 addressX:X::X:X/M IPv6 address
Command modeISAKMP policy configuration mode (config-isakmp)
UsageUse this command to configure preshared authentication keys. You must perform this command at both peers.
If an IKE policy includes preshared keys as the authentication method, these preshared keys must be configured at both peers—otherwise the policy cannot be used (the policy will not be submitted for matching by the IKE process). The crypto isakmp key command is the second task required to configure the preshared keys at the peers. (The first task is accomplished with the crypto isakmp identity command.)
Use the address keyword if the remote peer ISAKMP identity was set with its IP address.
crypto isakmp policyUse this command to define an IKE policy in global configuration mode. IKE policies define a set of parameters to be used during the IKE negotiation.
Use the no form of this command to delete an IKE policy.
Command Syntaxcrypto isakmp policy PRIORITY
no crypto isakmp policy PRIORITY
PRIORITY Uniquely identifies the IKE policy and assigns a priority to the policy
Command modeISAKMP policy configuration mode (config-isakmp)
UsageUse this command to specify the parameters to be used during an IKE negotiation. (These parameters are used to create the IKE security association [SA].)
This command invokes the ISAKMP policy configuration (config-isakmp) mode.
You can configure multiple IKE policies on each peer participating in IPSec. When the IKE negotiation begins, it tries to find a common policy configured on both peers, starting with the highest priority policies as specified on the remote peer.
ISAKMP Policy Configuration CommandsThe commands in this section are all entered in the ISAKMP policy configuration (config-isakmp) mode. To invoke this mode, use the crypto isakmp policy command in global configuration mode.
Interpeak Security Commands
318 ©2001-2007 IP Infusion Inc. Confidential
authenticationUse this command in ISAKMP policy configuration mode to specify the authentication method within an IKE policy. IKE policies define a set of parameters to be used during IKE negotiation.
Use the no form of this command to reset the authentication method to the default value.
Command Syntaxauthentication (pre-share|rsa-encr|rsa-sig)
no authentication
pre-share Preshared keysrsa-encr RSA encryptionrsa-sig RSA signatures
DefaultsRSA signatures
Command modeISAKMP policy configuration mode (config-isakmp)
UsageUse this command to specify the authentication method to be used in an IKE policy.
If you specify RSA signatures, you must configure your peer routers to obtain certificates from a certification authority (CA).
If you specify RSA encryption, you must ensure that each peer has the other peer's RSA public keys. (See the crypto key pubkey-chain rsa, addressed-key, named-key, address, and key-string (IKE) commands.)
encryption Use this command to specify the encryption algorithm within an IKE policy in ISAKMP policy configuration mode. IKE policies define a set of parameters to be used during IKE negotiation.
Use the no form of this command to reset the encryption algorithm to the default value.
Command Syntaxencryption (des | 3des)
no encryption
des Specifies 56-bit DES-CBC as the encryption algorithm3des Specifies 168-bit DES (3DES) as the encryption algorithm
Command modeISAKMP policy configuration mode (config-isakmp)
UsageUse this command to specify the encryption algorithm to be used in an IKE policy.
Interpeak Security Commands
©2001-2007 IP Infusion Inc. Confidential 319
group Use this command to specify the Diffie-Hellman group identifier within an IKE policy in ISAKMP policy configuration mode. IKE policies define a set of parameters to be used during IKE negotiation. Use the no form of this command to reset the Diffie-Hellman group identifier to the default value.
Command Syntaxgroup (1 | 2)
no group
Command modeISAKMP policy configuration mode (config-isakmp)
Defaults768-bit Diffie-Hellman (group 1)
UsageUse this command to specify the Diffie-Hellman group to be used in an IKE policy.
hash Use this command to specify the hash algorithm within an IKE policy in ISAKMP policy configuration mode. IKE policies define a set of parameters to be used during IKE negotiation. Use the no form of this command to reset the hash algorithm to the default SHA-1 hash algorithm.
Command Syntaxhash (md5 | sha)
no hash
md5 Specifies MD5 (HMAC variant) as the hash algorithmsha Specifies SHA-1 (HMAC variant) as the hash algorithm
Command modeISAKMP policy configuration mode (config-isakmp)
DefaultsThe SHA-1 hash algorithm
UsageUse this command to specify the hash algorithm to be used in an IKE policy
lifetimeUse the lifetime (IKE policy) command in ISAKMP policy configuration mode to specify the lifetime of an IKE security association (SA).
Use the no form of this command to reset the SA lifetime to the default value.
Interpeak Security Commands
320 ©2001-2007 IP Infusion Inc. Confidential
Command Syntaxlifetime LIFETIME
no lifetime
LIFETIME Specifies how many seconds each SA should exist before expiring
Command modeISAKMP policy configuration mode (config-isakmp)
Defaults28,800 seconds
UsageUse this command to specify how long an IKE SA exists before expiring.
When IKE begins negotiations, the first thing it does is agree upon the security parameters for its own session. The agreed-upon parameters are then referenced by an SA at each peer. The SA is retained by each peer until the SA's lifetime expires. Before an SA expires, it can be reused by subsequent IKE negotiations, which can save time when setting up new IPSec SAs. Before an SA expires, it can be reused by subsequent IKE negotiations, which can save time when setting up new IPSec SAs. New IPSec SAs are negotiated before current IPSec SAs expire.
So, to save setup time for IPSec, configure a longer IKE SA lifetime. However, shorter lifetimes limit the exposure to attackers of this SA. The longer an SA is used, the more encrypted traffic can be gathered by an attacker and possibly used in an attack.
Note that when your local peer initiates an IKE negotiation between itself and a remote peer, an IKE policy can be selected only if the lifetime of the remote peer's policy is longer than or equal to the lifetime of the local peer's policy. Then, if the lifetimes are not equal, the shorter lifetime will be selected. To restate this behavior: If the two peer's policies' lifetimes are not the same, the initiating peer's lifetime must be shorter and the responding peer's lifetime must be longer, and the shorter lifetime will be used.
Interface Configuration Commands
crypto mapUse this command in interface configuration mode to apply a previously defined crypto map set to an interface.
Use the no form of the command to remove the crypto map set from the interface.
Command Syntaxcrypto map MAP-NAME
no crypto map MAP-NAME
MAP-NAME The name that identifies the crypto map set
Command modeInterface configuration mode
Interpeak Security Commands
©2001-2007 IP Infusion Inc. Confidential 321
UsageUse this command to assign a crypto map set to an interface. You must assign a crypto map set to an interface before that interface can provide IPSec services. Only one crypto map set can be assigned to an interface. If multiple crypto map entries have the same map-name but a different seq-num, they are considered to be part of the same set and will all be applied to the interface. The crypto map entry with the lowest seq-num is considered the highest priority and will be evaluated first. A single crypto map set can contain a combination of ipsec-isakmp, and ipsec-manual crypto map entries.
Show Commands
show crypto ipsec sa Use this command to view the settings used by current security associations in Exec mode.
Command Syntaxshow crypto ipsec sa map MAP_NAME
MAP_NAME The name that identifies the crypto map set
Command modeExec mode
UsageIf no keyword is used, all security associations are displayed.
show crypto ipsec transform-setUse this command to view all the configured transform sets, or a specific transform set, in Exec mode.
Command Syntaxshow crypto ipsec transform-set (NAME)
NAME transform set name
Command modeExec mode
show crypto isakmp policyUse this command to view the parameters for each IKE policy in Exec mode.
Command Syntaxshow crypto isakmp policy
Command modeExec mode
Interpeak Security Commands
322 ©2001-2007 IP Infusion Inc. Confidential
show crypto isakmp saUse this command to view all current IKE security associations (SAs) at a peer in Exec mode.
Command Syntaxshow crypto isakmp sa
Command modeExec mode
show crypto mapUse this command to view the crypto map configuration in Exec mode.
Command Syntaxshow crypto-map interface IFNAME
IFNAME interface name
Command modeExec mode
©2001-2007 IP Infusion Inc. Confidential 323
CHAPTER 18 QoS Commands
This chapter contains QoS commands in alphabetical order. These commands are available only if ZebOS is compiled with the --enable-qos configuration option.
classUse this command to define a traffic classification. Use the no parameter with this command to delete an existing class-map.
Command Syntax(no) class NAME
NAME name of the class map.
Command ModePolicy Map mode
ExampleThe following example shows creating a policy map, and defining the traffic classification.
ZebOS# configure terminalZebOS(config)# policy-map pmap1ZebOS(config-pmap)# class cmap1
Related Commandsclass-map, policy-map
class-mapUse this command to create a class map. Use the no parameter with this command to delete an existing class-map.
Command Syntax(no) class-map NAME
NAME name of the class map.
Command ModeConfigure mode
ExampleThe following example shows creating a class map.
ZebOS# configure terminalZebOS(config)# class-map cmap1
Related Commandsclass, policy-map, show class-map
QoS Commands
324 ©2001-2007 IP Infusion Inc. Confidential
ip-access-listUse this command to create an IP access-control list (ACL) based on the source address, or create an IP extended ACL based on the source and destination address. Use the no parameter with this command to delete an IP, or IP extended ACL.
Command SyntaxThe following syntax creates an IP ACL based on the source address:
(no) ip-access-list ACCESS-LIST NUMBER deny|permit SOURCE (SOURCE WILDCARD)
ACCESS-LIST NUMBER
<1-99> range for IP standard ACL<1300-1999> expanded range for IP standard ACL
deny = deny certain traffic if conditions matchedpermit = permit certain traffic if conditions matchedSOURCE = originating network or host sending packet. If the mask is set to 255.255.255.255, the specified
source address is ignored, and can be replaced by the word, any. For example, ip-access-list 10 permit 0.0.0.0 255.255.255.255 and ip-access-list 10 permit 33.44.11.34 255.255.255.255 can be replaced by ip-access-list 10 permit any.
SOURCE WILDCARD = optional. Wildcard bits in dotted decimal notation to apply to the source. Ones go in bit positions to ignore.
The following syntax creates an IP extended ACL based on the source and destination address:
(no) ip-access-list ACCESS-LIST NUMBER deny|permit ip SOURCE (SOURCE WILDCARD) DESTINATION (DESTINATION WILDCARD)
ACCESS-LIST NUMBER
<100-199> range for IP extended ACL<2000-2699> expanded range for IP extended ACL
deny = deny certain traffic if conditions matchedpermit = permit certain traffic if conditions matchedSOURCE = originating network or host sending packet. Can be A.B.C.D, host, or any. The host keyword
can be used for host IP addresses (where the mask is 0.0.0.0). For example, ip-access-list 10 permit 2.2.2.2 0.0.0.0 can be replaced by ip-access-list 4 permit host 2.2.2.2.
SOURCE WILDCARD = optional. Wildcard bits in dotted decimal notation to apply to the source. Ones go in bit positions to ignore.
DESTINATION = destination IP address. Can be A.B.C.D, host, or any.DESTINATION WILDCARD = optional. Wildcard bits in dotted decimal notation to apply to the destination.
Ones go in bit positions to ignore.
Command ModeConfigure mode
ExampleThe following example shows allowing access only for hosts on three specified networks. Wildcard bits correspond to the network address host portions. If a host has a source address that does not match the access list statements, it is rejected.
ZebOS# configure terminalZebOS(config)# ip-access-list 1 permit 192.5.255.0 0.0.0.255ZebOS(config)# ip-access-list 1 permit 128.88.0.0 0.0.255.255ZebOS(config)# ip-access-list 1 permit 36.0.0.0 0.0.0.255
QoS Commands
©2001-2007 IP Infusion Inc. Confidential 325
mac-access-listUse this command to create a MAC ACL. Use the no parameter with this command to delete a MAC ACL.
Command Syntax(no) mac-access-list <2000-2699> deny|permit SRC_MAC MASK DEST_MAC MASK <1-8>
<2000-2699> range for MAC ACLdeny = deny certain traffic if conditions matchedpermit = permit certain traffic if conditions matchedSRC_MAC = source MAC address; in HHHH.HHHH.HHHH format.DEST_MAC = destination MAC address; in HHHH.HHHH.HHHH format.MASK = specify which part of the MAC address will be ignored. In hexadecimal format.Note: any = can replace either the SRC_MAC MASK pair or the corresponding DEST_MAC MASK pair, but
not both pairs.
<1-8> = specify packet format. For example, 1 for Ethernet II, 2 for 802.3, 8 for LLC.
Command ModeConfigure mode
ExampleZebOS# configure terminalZebOS(config)# mac-access-list 2002 permit 2222.2222.2222 8 any 2
match access-groupUse this command to define match criterion for a class map.
Command Syntaxmatch access-group NAME
NAME number of name of the ACL
Command ModeClass Map mode
ExampleThe following example shows configuring a class map named cmap1 with 1 match criterion: access list 103, which allows traffic from any source to any destination.
ZebOS# configure terminalZebOS(config)# ip-access-list 103 permit any anyZebOS(config)# class-map cmap1ZebOS(config-cmap)# match access-group 103
Related Commandsclass-map
QoS Commands
326 ©2001-2007 IP Infusion Inc. Confidential
match ip-dscpUse this command to define the list to match against incoming packets.
Command Syntaxmatch ip-dscp LIST
LIST list to match against incoming packets. Up to 8 IP DSCP values separated by a space. Range is 0-63.
Command ModeClass Map mode
Usage Use the match ip-dscp command to define the match criterion after creating a class map.
ExampleThe following example shows configuring a class map named cmap1 with criterion that matches IP DSCP 56.
ZebOS# configure terminalZebOS(config)# class-map cmap1ZebOS(config-cmap)# match ip-dscp 56
Related Commandsclass-map, match vlan-range
match ip-precedenceUse this command to identify IP precedence values as match criteria. Use the no parameter with this command to remove IP precedence values from a class map.
Command Syntax(no) match ip-precedence VALUE
VALUE <0-7> Specifies the exact value from 0 to 7 used to identify a precedence value. Can be up to 8 precedence values.
Command ModeClass Map mode
ExampleThe following example shows configuring a class-map named cmap1 to evaluate all IPv4 packets for a precedence value of 5.
ZebOS(config)# class-map cmap1ZebOS(config-cmap)# match ip-precedence 5 6 4 3
match layer4Use this command to identify UDP or TCP ports as the match criteria. Use the no parameter with this command to remove the match criteria.
QoS Commands
©2001-2007 IP Infusion Inc. Confidential 327
Command Syntax(no) match layer4 source-port|destination-port <1-65535>
source-port source UDP or TCP port. Range is 1-655535.destination-port destination UDP or TCP port. Range is 1-655535.
Command ModeClass Map mode
ExampleZebOS(config)# class-map cmap1ZebOS(config-cmap)# match layer4 source-port 20
match mpls exp-bit topmostUse this command to define the match criterion of the MPLS experimental bit value in the topmost label for a class map. Use the no parameter with this command to remove this criterion from a class map.
Command Syntax(no) match mpls exp-bit topmost <0-7>
<0-7> experimental value. Can be up to 8 values
Command ModeClass Map mode
ExampleThe following example shows configuring a class-map named cmap1 with criterion that matches MPLS experimental bit, 0 1 2 3 4 5 6 7.
ZebOS(config)# class-map cmap1ZebOS(config-cmap)# match mpls exp-bit topmost 0 1 2 3 4 5 6 7
match vlanUse this command to define the VLAN ID used as match criteria to classify a traffic class. Use the no parameter with this command to disable the VLAN ID used as match criteria.
Command Syntax(no) match vlan <1-4094>
Command ModeClass Map mode
ExampleThe following example shows configuring a class-map named cmap1 to include traffic from VLAN 3.
ZebOS(config)# class-map cmap1ZebOS(config-cmap)# match vlan 3
QoS Commands
328 ©2001-2007 IP Infusion Inc. Confidential
match vlan-rangeUse this command to specify the range of VLANs for classifying traffic on a per-port-per-VLAN basis.
Command Syntaxmatch vlan-range <1-4094> to <1-4094>
Command ModeClass Map mode
Usage Use the match vlan-range command to specify the range of VLANs after defining the match criterion, and creating a class map when classifying traffic on a per-port-per-VLAN basis.
ExampleThe following example shows configuring a class map named cmap1 with criterion that matches IP DSCP 56, with a VLAN range of 20 to 30.
ZebOS# configure terminalZebOS(config)# class-map cmap1ZebOS(config-cmap)# match ip-dscp 56ZebOS(config-cmap)# match vlan-range 20 to 30
Related Commandsclass-map, match ip-dscp
mls qosUse this command to globally enable QoS, and define queueing. Use the no parameter with this command to globally disable QoS.
Command Syntax(no) mls qos QUEUE_WEIGHT COS_VALUE
QUEUE_WEIGHT weight of each of the 8 egress queues; range is 0-10COS_VALUE CoS values mapped to each of the 8 egress queues; range is 0-7
Note: The following describes a stub command used in non-standard configurations. In this case, this command is used to globally enable or disable QoS without defining queueing.
(no) mls qos
Command ModeConfigure mode
ExampleZebOS# configure terminalZebOS(config)# mls QoS 1 0 2 1 3 2 4 3 5 4 6 5 7 6 0 7
QoS Commands
©2001-2007 IP Infusion Inc. Confidential 329
mls qos aggregate-policeUse this command to specify policer parameters to apply to multiple traffic classes in the same policy map. Use the no parameter with this command to delete an aggregate policer, along with its parameters.
Command Syntax(no) mls qos aggregate-police NAME RATE BURST exceed-action drop
NAME name of the aggregate policer.RATE average traffic rate in bits per second (bps). Range is 1-1000000.BURST normal burst size in bytes. Range is 1-20000.exceed-action drop specify dropping the packet when rates are exceeded.
Command ModeConfigure mode
ExampleThe following example shows specifying policer parameters with a traffic rate of 48000 bps and a burst size of 8000 bps.
ZebOS# configure terminalZebOS(config)# mls qos aggregate-police transmit1 48000 8000 exceed-action drop
Related Commandspolice-aggregate, show mls qos aggregate policer
mls qos dscp-cosUse this command to apply a DSCP-to-CoS map to a specified interface. Use the no parameter with this command to remove a DSCP-to-CoS map from an interface.
Command Syntax(no) mls qos dscp-cos NAME
NAME DSCP-to-CoS map created using the mls qos map dscp-cos command.
Command ModeInterface mode
UsageUse the mls qos map dscp-cos command to create a DSCP-to-CoS map, then use the mls qos dscp-cos command to apply the map to an interface.
ExampleZebOS# configure terminalZebOS(config)# mls qos map dscp-cos dc1 0 8 16 24 32 40 48 50 to 0ZebOS(config)# interface fe0ZebOS(config-if)# mls qos dscp-cos dc1
QoS Commands
330 ©2001-2007 IP Infusion Inc. Confidential
Related Commandsmls qos map dscp-cos
mls qos dscp-mutationUse this command to specify the name of a DSCP-to-DSCP mutation map to apply to an interface. Use the no parameter with this command to delete a DSCP-to-DSCP mutation map.
Command Syntax(no) mls qos dscp-mutation DSCP_MUTATION_NAME
DSCP_MUTATION_NAME DSCP mutation map name
Command ModeInterface mode
UsageUse the mls qos dscp-mutation command to apply a DSCP-to-DSCP mutation map specified in the mls qos map dscp-mutation command to an ingress DSCP port.
ExampleZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# mls qos dscp-mutation mutation1
Related Commandsmls qos map dscp-mutation, show mls qos maps dscp-mutation
mls qos map dscp-cosUse this command to create a DSCP-to-CoS map. Use the no parameter with this command to remove a configured DSCP-to-CoS mapping table.
Command Syntax(no) mls qos map dscp-cos DSCP_COS_MAP_NAME LIST to VALUE
DSCP_COS_MAP_NAME name of DSCP-to-CoS mapping table.LIST up to 8 DSCP values, each separated by a space. Range is 0-63.VALUE CoS value: DSCP values correspond to this value. Range is 0-7.
Command ModeConfigure mode
ExampleThe following example shows mapping DSCP values 0, 8, 16, 24, 32, 40, 48, and 50 to CoS value 0.
ZebOS# configure terminalZebOS(config)# mls qos map dscp-cos dc1 0 8 16 24 32 40 48 50 to 0
QoS Commands
©2001-2007 IP Infusion Inc. Confidential 331
Related Commandsmls qos dscp-cos, show mls qos maps dscp-cos
mls qos map dscp-mutationUse this command to modify the DSCP-to-DSCP mutation map. Use the no parameter with this command to return to the default map.
Command Syntax(no) mls qos map dscp-mutation MUTATION_MAP_NAME IN_DSCP to OUT_DSCP
MUTATION_MAP_NAME DSCP mutation map nameIN_DSCP 8 DSCP values separated by spaces; range is 0-63OUT_DSCP single DSCP value; range is 0-63
Command ModeConfigure mode
ExampleThe following example shows defining a DSCP-to-DSCP mutation map.
ZebOS# configure terminalZebOS(config)# mls qos map dscp-mutation mutation1 1 2 3 4 5 6 7 to 0ZebOS(config)# mls qos map dscp-mutation mutation1 8 9 10 11 12 13 to 10ZebOS(config)# mls qos map dscp-mutation mutation1 20 21 22 to 20ZebOS(config)# mls qos map dscp-mutation mutation1 30 31 32 33 34 to 30ZebOS(config)# interface fe0ZebOS(config-if)# mls qos dscp-mutation mutation1
Related Commandsshow mls qos maps dscp-mutation
mls qos min-reserveUse this command to specify the minimum reserve-level and buffer size on all Ethernet ports. Use the no parameter with this command to return to the default minimum reserve buffer size.
Command Syntax(no) mls qos min-reserve <1-8> <10-170>
<1-8> minimum-reserve level<10-170> minimum-reserve buffer size, in packets
Command ModeConfigure mode
DefaultThe buffer size for all minimum-reserve levels is 0 packets.
QoS Commands
332 ©2001-2007 IP Infusion Inc. Confidential
ExampleThe following example shows configuring minimum-reserve level 4 to 21 packets.
ZebOS# configure terminalZebOS(config)# mls qos min-reserve 4 21
The following example shows configuring minimum-reserve level 4 to 21 packets, and assigning minimum-reserve level 4 to egress queue 2 on interface, fe1.
ZebOS# configure terminalZebOS(config)# mls qos min-reserve 4 21ZebOS(config)# interface fe1ZebOS(config-if)# wrr-queue min-reserve 2 4
Related Commandswrr-queue min-reserve
policeUse this command to specify a policer. Use the no parameter with this command to remove an existing policer.
Command Syntax(no) police RATE BURST exceed-action drop
RATE average traffic rate in bps. Range is 1-1000000.BURST normal burst size in bytes. Range is 1-20000.exceed-action drop specify dropping the packet when rates are exceeded.
Command ModeClass mode
ExampleZebOS# configure terminalZebOS(config)# policy-map pmap1ZebOS(config-pmap)# class cmap1ZebOS(config-pmap-c)# police 48000 8000 exceed-action drop
Related Commandsclass, policy map, show policy-map
police-aggregateUse this command to apply an aggregate policer to multiple classes in the same policy map. Use the no parameter with this command to delete an aggregate policer from a policy map.
Command Syntax(no) police-aggregate NAME
NAME aggregate-policer name
Command ModeClass mode
QoS Commands
©2001-2007 IP Infusion Inc. Confidential 333
UsageUse the police-aggregate command to apply the aggregate policer named in the mls qos aggregate-police command to multiple classes in the same policy map.
ExampleThe following example shows creating an aggregate policer, and attaching it to multiple classes within a policy map. In this example, the IP ACLs allow traffic from network 10.1.0.0 and host 11.3.1.1. The traffic rate from network 10.1.0.0 and host 11.3.1.1 is policed. If the traffic exceeds a 48000-bps average traffic rate and a 8000-byte normal burst size, it is considered out of profile, and is dropped. The policy map is attached to an ingress interface.
ZebOS# configure terminalZebOS(config)# ip-access-list 1 permit 10.1.0.0 0.0.255.255ZebOS(config)# ip-access-list 2 permit 11.3.1.1ZebOS(config)# mls qos aggregate-police transmit1 48000 8000 exceed-actiondropZebOS(config)# class-map cmap1ZebOS(config-cmap)# match access-group 1ZebOS(config-cmap)# exitZebOS(config)# class-map map cmap2ZebOS(config-cmap)# match access-group 2ZebOS(config-cmap)# exitZebOS(config)# policy-map aggflow1ZebOS(config-pmap)# class cmap1ZebOS(config-pmap-c)# police-aggregate transmit1ZebOS(config-pmap-c)# exitZebOS(config-pmap)# class cmap2ZebOS(config-pmap-c)# set ip-dscp 56ZebOS(config-pmap-c)# police-aggregate transmit1ZebOS(config-pmap-c)# exitZebOS(config-pmap)# exitZebOS(config)# interface fe0ZebOS(config-if)# service-policy input aggflow1
Related Commandsclass, policy map, mls qos aggregate-police
policy-mapUse this command to create a policy map. Use the no parameter with this command to delete an existing policy map.
Command Syntax(no) policy-map NAME
NAME name of the policy map
Command ModeConfigure mode
ExampleZebOS# configure terminalZebOS(config)# policy-map pmap1
QoS Commands
334 ©2001-2007 IP Infusion Inc. Confidential
Related Commandsclass, class-map, police, show policy-map
service-policy inputUse this command to apply a policy map to the input of an interface. Use the no parameter with this command to remove a policy map and interface association.
Command Syntax(no) service-policy input INPUT NAME
INPUT NAME policy map name
Command ModeInterface mode
ExampleZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# service-policy input pmap1
Related Commandspolicy-map
set cosUse this command to set a CoS value to assign to classified traffic, or enable copying of priority bit (pbit) from the inner VLAN to the outer VLAN, based on policy. Use the no parameter with this command to remove a CoS value, or disable pbit copying.
Command Syntax(no) set cos COS_VALUE|cos-inner
COS_VALUE CoS value to assign to classified traffic. Range is 0-7.cos-inner copy pbit from the inner VLAN to the outer VLAN, based on policy.
Command ModeClass mode
ExampleZebOS# configure terminalZebOS(config)# policy-map pmap1ZebOS(config-pmap)# class cmap1ZebOS(config-pmap-c)# set cos 2
Related Commandsclass, policy-map, set ip-dscp, set ip-precedence
QoS Commands
©2001-2007 IP Infusion Inc. Confidential 335
set ip-dscpUse this command to set a DSCP value to assign to classified traffic. Use the no parameter with this command to remove a DSCP value.
Command Syntax(no) set ip-dscp <0-63>
Command ModeClass mode
ExampleZebOS# configure terminalZebOS(config)# policy-map pmap1ZebOS(config-pmap)# class cmap1ZebOS(config-pmap-c)# set ip-dscp 40
Related Commandsclass, policy-map, set cos, set ip-precedence
set ip-precedenceUse this command to set an IP-precedence value to assign to classified traffic. Use the no parameter with this command to remove an IP-precedence value.
Command Syntax(no) set cos ip-precedence <0-7>
Command ModeClass mode
ExampleZebOS# configure terminalZebOS(config)# policy-map pmap1ZebOS(config-pmap)# class cmap1ZebOS(config-pmap-c)# set ip-precedence 2
Related Commandsclass, policy-map, set ip cos, set ip dscp
set mpls exp-bit topmostUse this command to set the MPLS experimental-bit value in the topmost label for a policy map. Use the no parameter with this command to remove this setting from a policy map.
Command Syntax(no) set mpls exp-bit topmost <0-7>
<0-7> experimental value.
QoS Commands
336 ©2001-2007 IP Infusion Inc. Confidential
Command ModePolicy Map Class mode
UsageSet a new MPLS experimental-bit value in a packet to classify MPLS traffic.
ExampleThe following example shows configuring a policy map named pmap1 for class map cmap 1, and setting the MPLS experimental-bit value to 7 in a packet.
ZebOS(config)# policy-map pmap1ZebOS(config-pmap)#class cmap1ZebOS(config-pmap-c)#set mpls exp-bit topmost 7
show class-mapUse this command to display the QoS class maps to define the match criteria to classify traffic.
Command Syntaxshow class-map NAME
NAME name of the class map.
Command ModeExec mode and Privileged Exec mode
ExampleZebOS# show class-map cmap1 CLASS-MAP-NAME: cmap1 Set IP DSCP: 56 Match IP DSCP: 7
Related Commandsclass-map
show mls qos aggregator-policerUse this command to display the aggregate policer configuration.
Command Syntaxshow mls qos aggregator-policer NAME
NAME name of the aggregate policer.
Command ModeExec mode and Privileged Exec mode
ExampleZebOS#show mls qos aggregator-policer agp1 AGGREGATOR-POLICER-NAME: agp1
QoS Commands
©2001-2007 IP Infusion Inc. Confidential 337
Police: Average rate(1 kbps), burst size(1 bytes) Exceed-action drop
Related Commandsmls qos aggregate-police
show mls qos interfaceUse this command to display queueing and scheduling information for an interface.
Command Syntaxshow mls qos interface IFNAME
IFNAME interface name.
Command ModeExec mode and Privileged Exec mode
ExampleZebOS#show mls qos interface fe0 Schedule mode: weighted round-robin The number of egress queue: 8 Weights (priority): 0(1), 0(1), 0(1), 0(1), 0(1), 0(1), 0(1), 0(1)
show mls qos maps dscp-cosUse this command to display DSCP-to-CoS mapping information.
Command Syntaxshow mls qos maps dscp-cos NAME
NAME name of the DSCP-to-CoS map.
Command ModeExec mode and Privileged Exec mode
ExampleZebOS#show mls qos maps dscp-cos dc1 DSCP-TO-COS-MAP: dc1 d1 : d2 0 1 2 3 4 5 6 7 8 9 ------------------------------------------------- 0 : 4 4 4 4 4 4 4 4 1 1 1 : 1 1 1 1 1 1 2 2 2 2 2 : 2 2 2 2 3 3 3 3 3 3 3 : 3 3 4 4 4 4 4 4 4 4 4 : 5 5 5 5 5 5 5 5 6 6 5 : 6 6 6 6 6 6 7 7 7 7 6 : 7 7 7 7
Related Commandsmls qos map dscp-cos
QoS Commands
338 ©2001-2007 IP Infusion Inc. Confidential
show mls qos maps dscp-mutationUse this command to display DSCP-to-DSCP mutation mapping information.
Command Syntaxshow mls qos maps dscp-mutation NAME
NAME name of the DSCP-to-DSCP mutation map.
Command ModeExec mode and Privileged Exec mode
ExampleZebOS#show mls qos maps dscp-mutation dm1 DSCP-TO-DSCP-MUTATION-MAP: dm1 d1 : d2 0 1 2 3 4 5 6 7 8 9 ------------------------------------------------- 0 : 0 1 2 3 4 5 6 7 8 9 1 : 4 4 4 4 4 4 4 17 18 19 2 : 20 21 22 23 24 25 26 27 28 29 3 : 30 31 32 33 34 35 36 37 38 39 4 : 40 41 42 43 44 45 46 47 48 49 5 : 50 51 52 53 54 55 56 57 58 59 6 : 60 61 62 63
Related Commandsmls qos map dscp-mutation
show policy-mapUse this command to display QoS policy map information.
Command Syntaxshow policy-map NAME
NAME name of the policy map.
Command ModeExec mode and Privileged Exec mode
ExampleZebOS#show policy-map mapa class pmap1 POLICY-MAP-NAME: pmap1 State: detached
CLASS-MAP-NAME: cmap1 Set IP DSCP: 56 Match IP DSCP: 7
QoS Commands
©2001-2007 IP Infusion Inc. Confidential 339
Related Commandspolicy-map
show qos-access-listUse this command to display IP and MAC ACLs.
Command Syntaxshow qos-access-list ACCESS-LIST NUMBER|WORD
NUMBER access-list number<1-99> range for IP standard ACL<100-199> range for IP extended ACL<1300-1999> expanded range for IP standard ACL<2000-2699> expanded range for IP extended ACL
WORD access-list name
Command ModeExec mode and Privileged Exec mode
ExampleZebOS#show qos-access-list 1 Standard IP-QOS-ACCESS-LIST: 1 permit 11.11.11.50
Related Commandsip-access-list, mac-access list
wrr-queue bandwidthUse this command to specify the bandwidth ratios of the transmit queues. Use the no parameter with this command to return to the default bandwidth.
Command Syntaxwrr-queue bandwidth WRR_WTS
(no) wrr-queue bandwidth
WRR_WTS Weighted Round Robin (WRR) weights for the 8 queues (8 values separated by spaces). Range is 1-65535.
Command ModeConfigure mode
ExampleZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# wrr-queue bandwidth 100 300 400 200 600 800 700 1000
QoS Commands
340 ©2001-2007 IP Infusion Inc. Confidential
Related Commandswrr-queue queue-limit
wrr-queue cos-mapUse this command to specify CoS values for a queue. Use the no parameter with this command to return to the default setting.
Command Syntaxwrr-queue cos-map QUEUE_ID COS_VALUE
(no) wrr-queue cos-map
QUEUE_ID Queue ID. Range is 0-7.COS_VALUE CoS values. Up to 8 values (separated by spaces). Range is 0-7.
Command ModeConfigure mode
Usage A maximum of 8 CoS values can be used to create the CoS map.
ExampleThe following example shows mapping CoS values 0 and 1 to queue 1.
ZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# wrr-queue cos-map 1 0 1
wrr-queue dscp-mapUse this command to map the DSCP values to the Weighted Random Early Detection (WRED) thresholds of an egress queue. Use the no parameter with this command to return to the default setting.
Command Syntaxwrr-queue dscp-map THRESHOLD_ID DSCP_VALS
(no) wrr-queue dscp-map THRESHOLD_ID
THRESHOLD_ID Queue threshold ID. Range is 1-2.DSCP_VALS DSCP values mapped to a threshold ID; each value separated by 1 space. Range is 0-63. A
maximum of 8 DSCP values can be entered per command.
Command ModeConfigure mode
ExampleThe following example shows mapping DSCP values 0 to 9 to threshold 1, and DSCP values 10 to 14 to threshold 2.
ZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# wrr-queue dscp-map 1 0 1 2 3 4 5 6 7
QoS Commands
©2001-2007 IP Infusion Inc. Confidential 341
ZebOS(config-if)# wrr-queue dscp-map 1 8 9ZebOS(config-if)# wrr-queue dscp-map 2 10 11 12 13 14
Related Commandsshow mls qos interface, wrr-queue cos-map, wrr-queue threshold
wrr-queue min-reserveUse this command to configure the buffer size of the minimum-reserve level for a specific queue. Use the no parameter with this command to return to the default setting.
Command Syntaxwrr-queue min-reserve QUEUE_ID MINRES_LVL
(no) wrr-queue min-reserve QUEUE_ID
QUEUE_ID Queue ID. Range is 0-7.MINRES_LVL Minimum reserve level. Range is 1-8.
Command ModeConfigure mode
ExampleThe following example shows assigning a minimum reserve level of 5 to egress queue 1 on fe0.
ZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# wrr-queue min-reserve 1 5
Related Commandsshow mls qos interface
wrr-queue queue-limitUse this command to configure the egress queue size ratios. Use the no parameter with this command to return to the default setting.
Command Syntaxwrr-queue queue-limit QUEUE_WTS
(no) wrr-queue queue-limit
QUEUE_WTS Queue weight ratio for up to 8 queues. Range is 1-100.
Command ModeConfigure mode
UsageRatio should total 100 percent.
QoS Commands
342 ©2001-2007 IP Infusion Inc. Confidential
ExampleThe following example shows configuring a 75:25 ratio for queues 1 and 2, respectively.
ZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# wrr-queue queue-limit 75 25
Related Commandswrr-queue bandwidth
wrr-queue random-detect max-thresholdUse this command to configure the WRED drop threshold percentages for an egress queue. Use the no parameter with this command to return to the default setting.
Command Syntaxwrr-queue random-detect max-threshold QUEUE_ID THRESHOLD_WT1 THRESHOLD_WT2
(no) wrr-queue random-detect max-threshold QUEUE_ID
QUEUE_ID Queue ID. Range is 0-7.THRESHOLD_WT1 Low WRED value. Threshold weight in percent. Range is 1-100.THRESHOLD_WT2 High WRED value. Threshold weight in percent. Range is 1-100.
Command ModeConfigure mode
UsageWRED values are a percentage of queue capacity.
ExampleThe following example shows configuring threshold percentage weights of 60 and 100 on queue 1.
ZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# wrr-queue random-detect max-threshold 1 60 100
Related Commandswrr-queue random-detect max-threshold, wrr-queue queue-limit
wrr-queue thresholdUse this command to configure the tail-drop threshold percentages for a queue. Use the no parameter with this command to return to the default setting.
Command Syntaxwrr-queue threshold QUEUE_ID THRESHOLD_WT1 THRESHOLD_WT2
(no) wrr-queue threshold QUEUE_ID
QUEUE_ID Queue ID. Range is 0-7.THRESHOLD_WT1 Number of weights in percent for threshold 1. Range is 1-100.
QoS Commands
©2001-2007 IP Infusion Inc. Confidential 343
THRESHOLD_WT2 Number of weights in percent for threshold 2. Range is 1-100.
Command ModeConfigure mode
ExampleZebOS# configure terminalZebOS(config)# interface fe0ZebOS(config-if)# wrr-queue threshold 1 60 100
Related Commandswrr-queue queue-limit
QoS Commands
344 ©2001-2007 IP Infusion Inc. Confidential
©2001-2007 IP Infusion Inc. Confidential 345
CHAPTER 19 NSM Firewall Commands
This chapter contains all NSM Firewall-related commands in alphabetical order.
access-list ipv6Use this command to specify the ZebOS IPv6 extended access-list to be used for the rules for the specified firewall group.
Use the no form of this command to disassociate the IPv6 access list from the group.
Command Syntax(no) access-list ipv6 NAME
NAME ZebOS IPv6 extended access-list name
Command ModeFirewall mode
UsageSee access-list.
access-listUse this command to specify the ZebOS extended access-list to be used for the rules for the specified firewall group.
Use the no form of this command to disassociate the access list from the group.
Command Syntax(no) access-list NAME
NAME ZebOS extended access-list name
Command ModeFirewall mode
UsageThe rules in the specified access-list are used by the firewall module to configure the firewall rules at the kernel level. If a group is already applied to an interface, or applied globally, associating another access-list to the group adds the new access-list rules to the existing group, and in turn, directly updates the kernel rules. Disassociating an access list from a configured group results in deletion of the access-list rules from the kernel.
ExampleZebOS#configure terminalZebOS(config)#firewall group 1ZebOS(config-ipfirewall)#access-list AT
NSM Firewall Commands
346 ©2001-2007 IP Infusion Inc. Confidential
firewall groupUse this command to specify a firewall group, and enter Firewall mode.
Use the no form of this command to negate a firewall group.
Command Syntax(no) firewall group <1-30>
<1-30> Group number.
Command ModeConfigure mode
UsageThis command can be used to enter Firewall mode to configure, or reconfigure, parameters of a firewall group.
To configure a firewall group, use this command to create a firewall group with the specified number, then use the access-list command to specify the list containing the rules.
The no keyword negates the group (deletes the rule if the rule is not already applied). To negate a group if the rules are already applied, use the no access-list command to negate the rules, then use the no firewall group command to negate the group.
ExampleThe following example shows specifying a firewall group.
ZebOS#configure terminalZebOS(config)#firewall group 1
The following example shows configuring incoming traffic on firewall group 1, globally, to use the rule list, AT.
ZebOS#configure terminalZebOS(config)#firewall group 1ZebOS(config-ipfirewall)#access-list ATZebOS(config-ipfirewall)#exitZebOS(config)#firewall enable group 1 in
The following example shows deleting firewall group 1, globally, with rules already applied.
ZebOS#configure terminalZebOS(config)#firewall group 1ZebOS(config-ipfirewall)#no access-list ATZebOS(config-ipfirewall)#exitZebOS(config)#no firewall group 1ZebOS(config)#firewall disable group 1
NSM Firewall Commands
©2001-2007 IP Infusion Inc. Confidential 347
firewall group in|outUse this command to apply the rules of a group to a particular interface.
Use the no form of this command to negate a firewall group on a particular interface.
Command Syntax(no) firewall group <1-30> in|out
<1-30> Group number.in Incoming traffic.out Outgoing traffic.
Command ModeInterface mode
UsageUse this command to apply the group rules on a particular interface. The in and out keywords specify whether to apply the rules on incoming or outgoing traffic.
ExampleZebOS#configure terminalZebOS(config)#interface eth0ZebOS(config-if)#firewall group 1 in
show firewall ruleUse this command to display all firewall rules configured at the kernel level.
Command Syntaxshow firewall rule
Command ModeExec mode
ExampleZebOS#show firewall ruleAF_INET @1 pass in log on eth0 proto icmp from 2.2.2.2/24 to 4.4.4.4/24 icmp_type 13group 1
NSM Firewall Commands
348 ©2001-2007 IP Infusion Inc. Confidential
©2001-2007 IP Infusion Inc. Confidential 349
CHAPTER 20 NSM Broadcom Stacking Commands
This chapter contains all Broadcom Stacking-related commands in alphabetical order.
Note: All show commands in this chapter work properly only when stacking is enabled in the SDK.
show stacking dbUse this command to display the CPU key (MAC address) of each CPU in the hardware stack.
Command Syntaxshow stacking db (all)
Command ModeExec mode
DefaultNone
ExampleZebOS# show stacking db-------------------------------------------- STACKING DATABASE--------------------------------------------Total Number of CPU's = 2 MAC ADDRESSES (KEY) 12:34:23:45:34:56 ab:34:23:45:34:56
Related Commandsshow stacking db
show stacking dump dbUse this command to display detailed information about each CPU in the hardware stack.
Command Syntaxshow stacking dump db
Command ModeExec mode
DefaultNone
NSM Broadcom Stacking Commands
350 ©2001-2007 IP Infusion Inc. Confidential
ExampleZebOS# show stacking dump db-------------------------------------------- DETAILED STACKING DATABASE-------------------------------------------- Total Number of CPU's = 1 Master CPU : 12:34:23:45:34:56 Local CPU : 12:34:23:45:34:56 MASTER: Total number of ports = 53 LOCAL : Total number of ports = 53 SYSTEM[1] KEY: 12:34:23:45:34:56 Num of units: 1 Master Pri: 0 StackPort[1]-> Unit: 0 Port: 23 Weight: 10000 Flags: 0 Info:
Related Commandsshow stacking db
show stacking localUse this command to display the MAC address (CPU key) of the local CPU.
Command Syntaxshow stacking local
Command ModeExec mode
DefaultNone
ExampleZebOS# show stacking localLocal CPU : 12:34:23:45:34:56
Related Commandsshow stacking master
show stacking masterUse this command to display the MAC address (CPU key) of the master CPU.
Command Syntaxshow stacking master
Command ModeExec mode
NSM Broadcom Stacking Commands
©2001-2007 IP Infusion Inc. Confidential 351
DefaultNone
ExampleZebOS# show stacking masterLocal CPU : 12:34:23:45:34:56
Related Commandsshow stacking local, stacking masterdev
show stacking numCPUUse this command to display the number of CPUs in the hardware stack.
Command Syntaxshow stacking numCPU
Command ModeExec mode
DefaultNone
ExampleZebOS# show stacking numCPUNumber of CPU entries in the system 1
Related Commandsstacking masterdev, show stacking local, show stacking master
stacking masterdevUse this command to set the MAC address of the master device in the stacking system.
Command Syntaxstacking masterdev MAC_ADDRESS
MAC_ADDRESS MAC (hardware) address of the CPU in HHHH.HHHH.HHHH format
Command ModeConfigure mode
DefaultNone
ExampleZebOS# stacking masterdev 1234.2345.3456CPU has been made the master CPU
NSM Broadcom Stacking Commands
352 ©2001-2007 IP Infusion Inc. Confidential
Related Commandsshow stacking local, show stacking master
©2001-2007 IP Infusion Inc. Confidential Index - 1
Index
Symbols(), meaning in command syntax notation 4, meaning in command syntax notation 4, meaning in command syntax notation 4?, meaning in command syntax notation 4|, meaning in command syntax notation 4
Aabbreviated commands 2about this command reference 1access-class 13, 28access-list 13, 28, 345
extended 14standard 15
access-list ipv6 345access-list zebos 16add a vrf entry 119admin-group 77advanced-vty service 47Angle brackets 4ANSI/ETSI PDH 136Arbitrary SONET/SDH 139arp A.B.C.D MAC 77authentication 318
Bbandwidth 78bandwidth-constraint 197banner 17bc-mode 197bridge acquire 205bridge address 206bridge ageing-time 206Bridge commands
bridge acquire 205bridge address 206bridge ageing-time 206bridge group 207bridge protocol ieee 207bridge protocol ieee vlan-bridge 208bridge protocol mstp 208bridge protocol rstp 208bridge protocol rstp vlan-bridge 209clear mac address-table 209clear mac address-table bridge 210clear mac address-table dynamic 211clear mac address-table dynamic bridge 211mac-address-table static 212show bridge 212show interfaces switchport bridge 213
switchport 214bridge group 207bridge protocol ieee 207bridge protocol ieee vlan-bridge 208bridge protocol mstp 208bridge protocol provider-mstp 273bridge protocol provider-rstp 274bridge protocol rstp 208bridge protocol rstp vlan-bridge 209Broadcom Stacking Commands
show stacking db 349show stacking dump db 349show stacking local 350show stacking master 350show stacking numCPU 351stacking masterdev 351
Cce-vlan preserve-cos 284channel-group mode 287class 323class command mode 11class map command mode 11class-map 323clear crypto isakmp 307clear crypto sa 307clear crypto sa entry 308clear crypto sa map 308clear crypto sa peer 308clear gmrp statistics 231clear gvrp statistics 240clear ip igmp 141clear ip igmp groups 141clear ip igmp interface 142clear ip mroute 177clear ip mroute statistics 177clear ip prefix-list 18clear ip route kernel 78clear ipv6 mld 159clear ipv6 mld groups 159clear ipv6 mld interface 160clear ipv6 mroute 178clear ipv6 mroute statistics 178clear ipv6 neighbors 79clear mac address-table 209clear mac address-table bridge 210clear mac address-table dynamic 211clear mac address-table dynamic bridge 211clear mmrp statistics 246clear mmrp statistics vlanid 247clear mvrp interface statistics 261clear mvrp statistics all 261
Index - 2 ©2001-2007 IP Infusion Inc. Confidential
Index
clear mvrp statistics bridge 262command abbreviation 2command abbreviations 2command line errors 3command line help 1command line interface
online help access 1syntax 2
Command Modesclass 11class map 11illustration QoS modes 11policy map 11
command modesdefinitions 10
command negation 6command nodes
see command modes 10commands common to multiple protocols 13Commands Common to Protocols
access-class 13access-list 13access-list extended 14access-list standard 15access-list zebos 16banner 17clear ip prefix-list 18configure terminal 18copy running-config startup-config 18description 19disable 19enable 20enable password 20end 22exec-timeout 22exit 23help 23hostname 24ip prefix-list 24ip remote-address 25ip unnumbered 26ipv6 access-class 28ipv6 access-list 28ipv6 access-list zebos 29ipv6 prefix-list 30ipv6 unnumbered 31line vty 33log file 33log record-priority 34log stdout 34log syslog 35log trap 35login 36match as-path 37match community 37match interface 38match ip address 39match ip address prefix-list 39match ip next-hop 40
match ip next-hop prefix-list 41match ipv6 address 41match ipv6 address prefix-list 42match ipv6 next-hop 43match metric 43match origin 44match route-type 45match tag 45password 46route-map 46service advanced-vty 47service password-encryption 48service terminal-length 48set aggregator 49set as-path 49set atomic-aggregate 50set comm-list delete 51set community 51set dampening 52set extcommunity 53set ip next-hop 54set ipv6 next-hop 54set level 55set metric 55set metric-type 56set origin 57set originator-id 57set tag 58set vpnv4 next-hop 58set weight 59show access-list 60show cli 60show history 61show ip prefix-list 62show list 62show memory all 63show memory free 65show memory lib 66show memory summary 68show route-map 69show running-config 69show startup-config 71show version 72terminal length 73terminal monitor 73who 73write file 74write memory 74write terminal 74
common commands 13Common NSM Layer-2 commands
flowcontrol off 201flowcontrol on 201mirror interface 202show flowcontrol interface 202show mirror 203show mirror interface 203show storm-control 204show storm-control broadcast interface 204
©2001-2007 IP Infusion Inc. Confidential Index - 3
Index
storm-control level 205configure terminal 18Configure, command mode definition 10copy running-config start-config 18crypto ipsec security-association lifetime 309crypto ipsec transform-set 309crypto isakmp enable 316crypto isakmp keepalive 316crypto isakmp key 316crypto isakmp policy 317crypto map 320crypto map ipsec-manual | ipsec-isakmp 310crypto map local-address 311cvlan registration table 274cvlan svlan 275
DDebug Commands
debug igmp 142debug mld 160debug nsm 79debug nsm events 79debug nsm kernel 80debug nsm packet 80no debug nsm events 91no debug nsm kernel 91no debug nsm packet 91undebug nsm all 102undebug nsm events 102undebug nsm kernel 102undebug nsm packet 103
debug gmrp 231debug gvrp 240debug igmp 142debug mld 160debug nsm 79
events 79kernel 80packet 80
debug nsm mcast 178description 19DiffServ Commands 193
mpls class-to-exp-bit 193mpls support-diffserv-class 193show mpls diffserv 193show mpls diffserv class-to-exp 195show mpls diffserv configurable-dscp 195show mpls diffserv supported-dscp 196
Digital Wrapper 135disable 19display configurable dscp value 195display diffserv class-to-exp 195display LSPs originating from router 121display mpls diffserv 193display supported dscp value 196
Eenable 20enable password 20encryption 318end 22Ethernet 135ethernet uni 285ethernet unit id NAME 285Exec, command mode definition 10exec-timeout 22exit 23extended access-list 14
Ffib retain 80Fiber 136Fiber Channel 136Firewall Commands
access-list 345access-list ipv6 345firewall group 346firewall group in|out 347show firewall rule 347
firewall group 346firewall group in|out 347flowcontrol off 201flowcontrol on 201fsc 135
Ggmpls capability-type 135GMPLS Commands
gmpls capability-type 135gmpls encoding-type 135gmpls link-id 136gmpls min-lsp-bandwidth 137gmpls protection-type 137gmpls risk-group 138gmpls sdh-indication 139
gmpls encoding-type 135gmpls link-id 136gmpls min-lsp-bandwidth 137gmpls protection-type 137gmpls risk-group 138gmpls sdh-indication 139GMRP commands
clear gmrp statistics 231debug gmrp 231set gmrp 232set gmrp bridge 232set gmrp extended-filtering bridge 233set gmrp fwdall 233set gmrp registration 234set gmrp timer 234set gmrp vlan 235set port gmrp 236
Index - 4 ©2001-2007 IP Infusion Inc. Confidential
Index
set port gmrp vlan 236show gmrp configuration 237show gmrp configuration bridge 237show gmrp machine 238show gmrp machine bridge 238show gmrp statistics 239show gmrp timer 239
group 319GVRP Commands
clear gvrp statistics 240debug gvrp 240show gvrp configuration bridge 244
GVRP commandsset gvrp 241set gvrp applicant 241set gvrp bridge 242set gvrp dynamic-vlan-creation 242set gvrp dynamic-vlan-creation bridge 242set gvrp registration 243set gvrp timer 243set port gvrp 244show gvrp machine bridge 245show gvrp statistics 245show gvrp timer 246
Hhash 319help 23hostname 24
Iif-arbiter 81IGMP Commands
clear ip igmp 141clear ip igmp groups 141clear ip igmp interface 142debug igmp 142debug mld 160ip igmp 143ip igmp access-group 143ip igmp immediate-leave 144ip igmp last-member-query-count 145ip igmp last-member-query-interval 145ip igmp limit 146ip igmp mroute-proxy 147ip igmp proxy-service 147ip igmp querier-timeout 148ip igmp query-interval 148ip igmp query-max-response-time 149ip igmp robustness-variable 150ip igmp snooping 150ip igmp snooping fast-leave 151ip igmp snooping mrouter 151ip igmp snooping querier 152ip igmp snooping report-suppression 152ip igmp ssm-map enable 153ip igmp ssm-map static 153
ip igmp static-group 154ip igmp version 155ipv6 mld proxy-service 165show ip igmp groups 156show ip igmp interface 157show ip igmp snooping mrouter 158show ip igmp snooping statistics 158
interface 82Interface Switching Capability Descriptor 135interface tunnel 297Interface, command mode definition 10Interpeak Security Commands 307
authentication 318clear crypto isakmp 307clear crypto sa 307clear crypto sa entry 308clear crypto sa map 308clear crypto sa peer 308crypto ipsec security-association lifetime 309crypto ipsec transform-set 309crypto isakmp enable 316crypto isakmp keepalive 316crypto isakmp key 316crypto isakmp policy 317crypto map 320crypto map ipsec-manual | ipsec-isakmp 310crypto map local-address 311encryption 318group 319hash 319lifetime 319match address 311mode 312set peer 313set security-association lifetime 313set session-key 314set transform-set 315show crypto ipsec sa 321show crypto ipsec transform-set 321show crypto isakmp policy 321show crypto isakmp sa 322show crypto map 322
ip address 82ip forwarding 83ip igmp 143ip igmp access-group 143ip igmp immediate-leave 144ip igmp last-member-query-count 145ip igmp last-member-query-interval 145ip igmp limit 146ip igmp mroute-proxy 147ip igmp proxy-service 147ip igmp querier-timeout 148ip igmp query-interval 148ip igmp query-max-response-time 149ip igmp robustness-variable 150ip igmp snooping 150ip igmp snooping fast-leave 151ip igmp snooping mrouter 151
©2001-2007 IP Infusion Inc. Confidential Index - 5
Index
ip igmp snooping querier 152ip igmp snooping report-suppression 152ip igmp ssm-map enable 153ip igmp ssm-map static 153ip igmp static-group 154ip igmp version 155ip mroute 179ip multicast route-limit command 180ip multicast ttl-threshold 180ip multicast-routing 181ip prefix-list 24ip proxy-arp 83ip remote-address 25ip route 84ip route vrf 105ip unnumbered 26ip vrf 105ip vrf forwarding 106ip-access-list 324ipv6 access-class 28ipv6 access-list zebos 29ipv6 forwarding 84ipv6 mld 161ipv6 mld access-group 161ipv6 mld immediate-leave 162ipv6 mld last-member-query-count 163ipv6 mld last-member-query-interval 163ipv6 mld limit 164ipv6 mld mroute-proxy 165ipv6 mld proxy-service 165ipv6 mld querier-timeout 166ipv6 mld query-interval 166ipv6 mld query-max-response-time 167ipv6 mld robustness-variable 167ipv6 mld snooping 168ipv6 mld snooping fast-leave 169ipv6 mld snooping mrouter 169ipv6 mld snooping querier 170ipv6 mld snooping report-suppression 170ipv6 mld ssm-map enable 171ipv6 mld ssm-map static 171ipv6 mld static-group 172ipv6 mld version 173ipv6 mroute 181ipv6 multicast route-limit 182ipv6 multicast-routing 183ipv6 nd prefix 85ipv6 neighbor 88ipv6 prefix-list command 30ipv6 route 89ipv6 unnumbered 31
Ll2-protocol 275l2protocol-tunnel 285l2sc 135label-switching 109LACP Commands
channel-group mode 287no channel-group 287no static-channel-group 289show etherchannel 288show static-channel-group 288static-channel-group 289
Lambda (photonic) 136Layer 2 commands
vlan type 283lifetime 319line vty 33Line, command mode definition 10link protection type 138log file 33log record-priority 34log stdout 34log syslog 35log trap 35login 36lowercase, meaning in command syntax notation 4lsc 135
Mmac-access-list 325mac-address-table static 212managed-config-flag 84manual
conventions, procedures and syntax 4match access-group 325match address 311Match and Set Commands
match as-path 37match community 37match interface 38match ip address 39match ip address prefix-list 39match ip next-hop 40match ip next-hop prefix-list 41match ipv6 address 41match ipv6 address prefix-list 42match ipv6 next-hop 43match metric 43match origin 44match route-type 45match tag 45set aggregator 49set as-path 49set atomic-aggregate 50set comm-list delete 51set community 51set dampening 52set extcommunity 53set ip next-hop 54set ipv6 next-hop 54set level 55set metric 55set metric-type 56set origin 57
Index - 6 ©2001-2007 IP Infusion Inc. Confidential
Index
set originator-id 57set tag 58set vpnv4 next-hop 58set weight 59
match commandorigin 44
match ip-dscp 326match ip-precedence 326match layer4 326match mpls exp-bit topmost 327match vlan 327match vlan-range 328MEF UNI commands
2protocol-tunnel 285ce-vlan preserve-cos 284ethernet uni 285ethernet uni id NAME 285
mirror interface 202MLD Commands
clear ipv6 mld 159clear ipv6 mld groups 159clear ipv6 mld interface 160ipv6 mld 161ipv6 mld access-group 161ipv6 mld immediate-leave 162ipv6 mld last-member-query-count 163ipv6 mld last-member-query-interval 163ipv6 mld limit 164ipv6 mld mroute-proxy 165ipv6 mld querier-timeout 166ipv6 mld query-interval 166ipv6 mld query-max-response-time 167ipv6 mld robustness-variable 167ipv6 mld snooping 168ipv6 mld snooping fast-leave 169ipv6 mld snooping mrouter 169ipv6 mld snooping querier 170ipv6 mld snooping report-suppression 170ipv6 mld ssm-map enable 171ipv6 mld ssm-map static 171ipv6 mld static-group 172ipv6 mld version 173show ipv6 mld groups 174show ipv6 mld interface 174show ipv6 mld snooping mrouter 175show ipv6 mld snooping statistics 176show ipv6 mroute 187
mls qos 328mls qos aggregate-police 329mls qos dscp-cos 329mls qos dscp-mutation 330mls qos map dscp-cos 330mls qos map dscp-mutation 331mls qos min-reserve 331MMRP commands
clear mmrp statistics 246clear mmrp statistics vlanid 247set mmrp 247set mmrp bridge 248
set mmrp disable bridge 248set mmrp disable bridge vlan 249set mmrp enable bridge 249set mmrp enable bridge vlan 250set mmrp extended-filtering 250set mmrp extended-filtering disable bridge 251set mmrp extended-filtering enable bridge 251set mmrp fwdall disable 252set mmrp fwdall enable 252set mmrp ltimer leavealll 253set mmrp pointtopoint enable 254set mmrp registration fixed 254set mmrp registration forbidden 254set mmrp registration normal 255set mmrp timer join 253set port mmrp disable 255set port mmrp disable vlan 256set port mmrp enable 257set port mmrp enable vlan 257show mmrp configuration 258show mmrp configuration bridge 258show mmrp machine 259show mmrp machine bridge 259show mmrp statistics vlanid bridge 259show mmrp timer 260
mode 312mpls admin-groups 109mpls class-to-exp-bit 193mpls class-type 197mpls disable-all-interfaces 110mpls egress-ttl 110mpls enable-all-interfaces 110mpls ftn-entry 111mpls ilm-entry 112mpls ingress-ttl 112mpls l2-circuit 113mpls l2-circuit-ftn-entry 114mpls l2-circuit-ilm-entry 114MPLS Layer-2 VC Commands
see VC Commandsmpls local-packet-handling 115mpls log 115mpls lsp-model pipe 116mpls lsp-tunneling 116mpls map-route 117mpls max-label-value 117mpls min-label-value 118mpls propagate-ttl 118mpls support-diffserv-class 193mpls te-class 198mpls vpls 291mpls vrf-entry 119mpls-l2-circuit 113mpls-vpls 291multicast 90Multicast Commands
clear ip mroute 177clear ip mroute statistics 177clear ipv6 mroute 178
©2001-2007 IP Infusion Inc. Confidential Index - 7
Index
clear ipv6 mroute statistics 178debug nsm mcast 178ip mroute 179ip multicast route-limit 180ip multicast ttl-threshold 180ip multicast-routing 181ipv6 mroute 181ipv6 multicast route-limit 182ipv6 multicast-routing 183multicast 90show ip mroute 183show ip mroute count 184show ip mroute summary 185show ip mvif 186show ip rpf 186show ipv6 mif 187show ipv6 mroute 187show ipv6 mroute count 188show ipv6 mroute summary 189show ipv6 rpf 190
multicast routing 181, 183MVRP Ccmmands
set mvrp dynamic-vlan-creation enable bridge 265MVRP commands
clear mvrp interface statistics 261clear mvrp statistics all 261clear mvrp statistics bridge 262set mvrp 262set mvrp applicant state active 262set mvrp applicant state normal 263set mvrp disable bridge 263set mvrp dynamic-vlan-creation 264set mvrp dynamic-vlan-creation disable bridge 264set mvrp enable bridge 265set mvrp pointtopoint enable 267set mvrp registration fixed 267set mvrp registration forbidden 268set mvrp registration normal 268set mvrp timer join 266set mvrp timer leave 266set mvrp timer leaveall 267set port mvrp disable 269set port mvrp enable 269show mvrp configuration 270show mvrp configuration all 271show mvrp interface statistics 271show mvrp machine bridge 272show mvrp statistics 272show mvrp timer 273
Nno channel-group 287no debug nsm
kernel 91packet 91
no debug nsm kernel command 91, 103no parameter, action of 6no static-channel-group 289
NSM DiffServ-TE Commands 197bandwidth-constraint 197bc-mode 197mpls class-type 197mpls te-class 198show mpls dste 198show mpls dste class-type 199show mpls dste te-class 199
NSM GMPLS Commands 135NSM LACP Commands 287NSM Layer-2 Commands 201NSM MPLS Commands 109NSM MPLS OAM Commands 126NSM Multicast Commands 177NSM VPLS Commands 291
mpls vpls 291mpls-vpls 291show mpls vpls 291show mpls vpls detail 292show mpls vpls mesh 293show mpls vpls spoke 293vpls-description 294vpls-mtu 294vpls-peer 295vpls-vc 295
NSM VPN Commands 105
Oother-config-flag 85
Pparameter expansion 7parenthesis not part of command 4password 46password-encryption service 48ping mpls ipv4 126ping mpls l2-circuit 127ping mpls l3vpn 127ping mpls ldp 128ping mpls rsvp 129ping mpls vpls 130police command 332police-aggregate 332policy map command mode 11policy-map 333prefix-list 24private-vlan association bridge 228private-vlan bridge 228Private-VLAN commands
private-vlan association bridge 228private-vlan bridge 228show vlan private-vlan bridge 230switchport mode private-vlan 229switchport private-vlan host-association 229switchport private-vlan mapping 230
Privileged Exec, command mode definition 10Provider Bridging commands
Index - 8 ©2001-2007 IP Infusion Inc. Confidential
Index
bridge protocol provider-mstp 273bridge protocol provider-rstp 274cvlan registration table 274cvlan svlan 275l2-protocol 275switchport allowed vlan 276switchport customer-edge access vlan 276switchport customer-edge hybrid allowed vlan 277switchport customer-edge hybrid vlan 277switchport customer-edge vlan registration 278switchport customer-network vlan translation 278switchport mode 279switchport mode customer-edge access 279switchport mode customer-edge hybrid 280switchport mode customer-edge trunk 281switchport provider-edge vlan 281switchport provider-network vlan translation’switchport
provider-network vlan translation 282switchport trunk customer-edge allowed vlan 282vlan type access-map 283vlan type bridge 284
psc1 135psc2 135psc3 135psc4 135
QQoS Command Modes 11QoS commands
class 323class-map 323ip-access-list 324mac-access-list 325match access-group 325match ip-dscp 326match ip-precedence 326match layer4 326match mpls exp-bit topmost 327match vlan 327match vlan-range 328mls qos 328mls qos aggregate-police 329mls qos dscp-cos 329mls qos map dscp-cos 330mls qos map dscp-mutation 331mls qos min-reserve 331mos qos dscp-mutation 330police 332police-aggregate 332policy-map 333service-policy input 334set cos| 334set ip-dscp 335set ip-precedence 335set mpls exp-bit topmost 335show class-map 336show mls qos aggregator-policer 336show mls qos interface 337
show mls qos maps dscp-cos 337show mls qos maps dscp-mutation 338show policy-map 338show qos-access-list 339wrr-queue bandwidth 339wrr-queue cos-map 340wrr-queue dscp-map 340wrr-queue min-reserve 341wrr-queue queue-limit 341wrr-queue random-detect max-threshold 342wrr-queue threshold 342
Question mark 4
Rra-interval 86ra-lifetime 87reachable-time 87reservable bandwidth 191reservable-bandwidth 191rmon alarm 303rmon collection history 303rmon collection stats 304RMON Commands 303
rmon alarm 303rmon collection history 303rmon collection stats 304rmon event 305show rmon alarm 305show rmon event 306show rmon history 306show rmon statistics 306
rmon event 305route-map 46Router Advertised Commands
ipv6 nd managed-config-flag 84ipv6 nd other-config-flag 85ipv6 nd prefix 85ipv6 nd ra-interval 86ipv6 nd ra-lifetime 87ipv6 nd reachable-time 87ipv6 nd suppress-ra 88
SSDH ITU-T G.707 136service
advanced-vty 47password-encryption 48terminal-length 48
service advanced-vty 47service password-encryption 48service terminal-length 48service-policy input 334set cos 334set gmrp 232set gmrp bridge 232set gmrp extended-filtering bridge 233set gmrp fwdall 233
©2001-2007 IP Infusion Inc. Confidential Index - 9
Index
set gmrp registration 234set gmrp timer 234set gmrp vlan 235set gvrp 241set gvrp applicant 241set gvrp bridge 242set gvrp dynamic-vlan-creation 242set gvrp dynamic-vlan-creation bridge 242set gvrp registration 243set gvrp timer 243set ip-dscp 335set ip-precedence 335set mmrp 247set mmrp bridge 248set mmrp disable bridge 248set mmrp disable bridge vlan 249set mmrp enable bridge 249set mmrp enable bridge vlan 250set mmrp extended-filtering 250set mmrp extended-filtering disable bridge 251set mmrp extended-filtering enable bridge 251set mmrp fwdall disable 252set mmrp fwdall enable 252set mmrp pointtopoint enable 254set mmrp registration fixed 254set mmrp registration forbidden 254set mmrp registration norma 255set mmrp timer join 253set mmrp timer leaveall 253set mpls exp-bit topmost 335set mvrp 262set mvrp applicant state active 262set mvrp applicant state normal 263set mvrp disable bridge 263set mvrp dynamic-vlan-creation 264set mvrp dynamic-vlan-creation disable bridge 264set mvrp dynamic-vlan-creation enable bridge 265set mvrp enable bridge 265set mvrp pointtopoint enable 267set mvrp registration fixed 267set mvrp registration forbidden 268set mvrp registration normal 268set mvrp timer join 266set mvrp timer leave 266set mvrp timer leaveall 267set peer 313set port gmrp 236set port gmrp vlan 236set port gvrp 244set port mmrp disable 255set port mmrp disable vlan 256set port mmrp enable 257set port mmrp enable vlan 257set port mvrp disable 269set port mvrp enable 269set security-association lifetime 313set session-key 314set transform-set 315Shared Risk Link Group 138
showhistory 61ip access-list 93ip route vrf 106ip vrf 107
show access-list 60show bridge 212show class-map 336show cli 60show crypto ipsec sa 321show crypto ipsec transform-set 321show crypto isakmp policy 321show crypto isakmp sa 322show crypto map 322show debugging nsm 92show etherchannel 288show firewall rule 347show flowcontrol interface 202show gmrp configuration 237show gmrp configuration bridge 237show gmrp machine 238show gmrp machine bridge 238show gmrp statistics 239show gmrp timer 239show gvrp configuration bridge 244show gvrp machine bridge 245show gvrp statistics 245show gvrp timer 246show interface 92show interfaces switchport bridge 213show ip access-list 93show ip forwarding 94show ip igmp groups 156show ip igmp interface 157show ip igmp snooping mrouter 158show ip igmp snooping statistics 158show ip interface brief 94show ip mroute 183show ip mroute count 184show ip mroute summary 185show ip mvif 186show ip prefix-list 62show ip route 95show ip route database 96show ip route summary 97show ipv6 interface brief 98show ipv6 mif 187show ipv6 mld groups 174show ipv6 mld interface 174show ipv6 mld snooping mrouter 175show ipv6 mld snooping statistics 176show ipv6 mroute count 188show ipv6 mroute summary 189show ipv6 neighbors 99show ipv6 route summary 100show list 62show memory
all 63show memory free 65
Index - 10 ©2001-2007 IP Infusion Inc. Confidential
Index
show memory lib 66show memory summary 68show mirror 203show mirror interface 203show mls qos aggregator-policer 336show mls qos interface 337show mls qos maps dscp-cos 337show mls qos maps dscp-mutation 338show mmrp configuration 258show mmrp configuration bridge 258show mmrp machine 259show mmrp machine bridge 259show mmrp statistics vlanid bridge 259show mmrp timer 260show mpls 119show mpls admin-groups 120show mpls cross-connect-table 120show mpls diffserv 193show mpls diffserv class-to-exp 195show mpls diffserv configurable-dscp 195show mpls diffserv supported-dscp 196show mpls dste 198show mpls dste class-type 199show mpls dste te-class 199show mpls forwarding-table 121show mpls ftn-table 122show mpls ilm-table 122show mpls in-segment-table 123show mpls l2-circuit 123show mpls l2-circuit-group 124show mpls log 124show mpls mapped-routes 125show mpls out-segment-table 125show mpls vc-table 125show mpls vpls 291show mpls vpls detail 292show mpls vpls mesh 293show mpls vpls spoke 293show mpls vrf-table 126show mvrp configuration 270show mvrp configuration all 271show mvrp interface statistics 271show mvrp machine bridge 272show mvrp statistics 272show mvrp timer 273show nsm client 101show policy-map 338show qos-access-list 339show rmon alarm 305show rmon event 306show rmon history 306show rmon statistics 306show route-map 69show router-id 101show stacking db 349show stacking dump db 349show stacking local 350show stacking master 350show stacking numCPU 351
show startup-config 71show static-channel-group 288show storm-control 204show storm-control broadcast interface 204show unning-config 69show version 72show vlan 215show vlan all 215show vlan all bridge 215show vlan brief 216show vlan classifier group 216show vlan classifier interface group 217show vlan classifier rule 217show vlan dynamic bridge 218show vlan private-vlan bridge 230show vlan static bridge 218Square brackets 4stacking masterdev 351standard access-list 15Standard SONET/SDH 139static-channel-group 289storm-control level 205suppress-ra 88switching capability 136switchport 214switchport access vlan 219switchport allowed vlan 276switchport customer-edge access vlan 276switchport customer-edge hybrid allowed vlan 277switchport customer-edge hybrid vlan 277switchport customer-edge vlan registration 278switchport customer-network vlan translation 278switchport hybrid allowed vlan 219switchport hybrid vlan 220switchport mode 279switchport mode access 221switchport mode customer-edge access 279switchport mode customer-edge hybrid 280switchport mode customer-edge trunk 281switchport mode hybrid 221switchport mode private-vlan 229switchport mode trunk 222switchport private-vlan host-association 229switchport private-vlan mapping 230switchport provider-edge vlan 281switchport trunk allowed vlan 223switchport trunk customer-edge allowed vlan 282switchport trunk native vlan 224syntax conventions 4syntax help 2
Ttdm 135terminal length 73terminal monitor 73terminal-length 48Time Division Multiplexing 139trace mpls ipv4 130
©2001-2007 IP Infusion Inc. Confidential Index - 11
Index
trace mpls l2-circuit 131trace mpls l3vpn 132trace mpls ldp 132trace mpls rsvp 133trace mpls vpls 134tunnel checksum 297tunnel destination 298tunnel mode 298tunnel mode ipv6ip 299tunnel path-mtu-discovery 300tunnel source 300tunnel tos 301tunnel ttl 301Tunneling Commands 297
interface tunnel 297tunnel checksum 297tunnel destination 298tunnel mode 298tunnel mode ipv6ip 299tunnel path-mtu-discovery 300tunnel source 300tunnel tos 301tunnel ttl 301
Uundebug nsm
kernel 102packet 103
undebug nsm all 102UPPERCASE, meaning in command syntax notation 4
Vvariable parameter expansion 7VC Commands
label-switching 109mpls admin-groups 109mpls disable-all-interfaces 110mpls egress-ttl 110mpls enable-all-interfaces 110mpls ftn-entry 111mpls ilm-entry 112mpls ingress-ttl 112mpls l2-circuit 113mpls l2-circuit-ftn-entry 114mpls l2-circuit-ilm-entry 114mpls local-packet-handling 115mpls log 115mpls max-label-value 117mpls min-label-value 118mpls-l2-circuit 113show mpls admin-groups 120show mpls cross-connect-table 120show mpls l2-circuit 123show mpls l2-circuit-group 124show mpls log 124
vertical bar 4vlan bridge 224
vlan classifier ipv4 225vlan classifier mac 225vlan classifier proto 226VLAN commands
show vlan 215show vlan all 215show vlan all bridge 215show vlan brief 216show vlan classifier group 216show vlan classifier interface group 217show vlan classifier rule 217show vlan dynamic bridge 218show vlan static bridge 218switchport access vlan 219switchport hybrid allowed vlan 219switchport hybrid vlan 220switchport mode access 221switchport mode hybrid 221switchport mode trunk 222switchport trunk allowed vlan 223switchport trunk native vlan 224vlan bridge 224vlan classifier ipv4 225vlan classifier mac 225vlan classifier proto 226vlan database 226vlan mtu bridge 227vlan state 227
vlan database command 226vlan mtu bridge 227vlan state 227vlan type 283vlan type access-map 283vlan type bridge 284vpls-description 294vpls-mtu 294vpls-peer 295vpls-vc 295VPN Commands
ip route vrf 105ip vrf 105ip vrf forwarding 106show ip route vrf 106show ip vrf 107
Wwho 73write file 74write memory 74write terminal 74wrr-queue bandwidth 339wrr-queue cos-map 340wrr-queue dscp-map 340wrr-queue min-reserve 341wrr-queue queue-limit 341wrr-queue random-detect max-threshold 342wrr-queue threshold 342
Index - 12 ©2001-2007 IP Infusion Inc. Confidential
Index
ZZebOS Commands
maximum-paths 90mtu 90
ZebOS ipv6 Commandsipv6 address 89ipv6 route 89show ipv6 forwarding 98show ipv6 route 99
ZebOS MPLS Commandsegress-ttl 110enable-all-interfaces 110ftn-entry 111ilm-entry 112ingress-ttl 112l2-circuit 113l2-circuit-ftn-entry 114l2-circuit-ilm-entry 114label-switching 109local-packet-handling 115log 115lsp-tunneling 116map-route 117max-label-value 117min-label-value 118mpls admin-groups 109mpls disable-all-interfaces 110mpls lsp-model pipe 116mpls propagate-ttl 118mpls-l2-circuit 113show mpls 119show mpls admin-groups 120show mpls cross-connect-table 120show mpls forwarding-table 121show mpls ftn-table 122show mpls ilm-table 122show mpls in-segment-table 123show mpls l2-circuit 123show mpls l2-circuit-group 124show mpls log 124show mpls mapped-routes 125show mpls out-segment-table 125show mpls vc-table 125show mpls vrf-table 126vrf entry 119
ZebOS MPLS OAM Commandsping mpls ipv4 126ping mpls l2-circuit 127ping mpls l3vpn 127ping mpls ldp 128ping mpls rsvp 129ping mpls vpls 130trace mpls ipv4 130trace mpls l2-circuit 131trace mpls l3vpn 132trace mpls ldp 132trace mpls rsvp 133
trace mpls vpls 134ZebOS NSM Commands 77
admin-group 77arp A.B.C.D MAC 77bandwidth 78clear ip route kernel 78clear ipv6 neighbors 79debug nsm 79
events 79kernel 80no debug nsm kernel 91packet 80, 91, 103undebug nsm all 102undebug nsm events 102undebug nsm kernel 102
fib retain 80if-arbiter 81interface 82ip address 82ip forwarding 83ip proxy-arp 83ip route 84ipv6 address 89ipv6 forwarding 84ipv6 nd managed-config-flag 84ipv6 nd other-config-flag 85ipv6 nd prefix 85ipv6 nd ra-interval 86ipv6 nd ra-lifetime 87ipv6 nd reachable-time 87ipv6 nd suppress-ra 88ipv6 neighbor 88ipv6 route 89maximum-paths 90mtu 90multicast 90no debug nsm
no debug nsm events 91show debugging nsm 92show interface 92show ip access-list 93show ip forwarding 94show ip interface brief 94show ip route 95show ip route database 96show ip route summary 97show ipv6 forwarding 98show ipv6 interface brief 98show ipv6 neighbors 99show ipv6 route 99show ipv6 route summary 100show nsm client 101show router-id 101shutdown 102
ZebOS TE Commandsreservable-bandwidth 191