3Com Switch 4200G Family Command Reference Guideh20628. · 3Com® Switch 4200G Family Command Reference Guide Switch 4200G 12-Port Switch 4200G 24-Port Switch 4200G 48-Port Part …

3Com® Switch 4200G Family Command Reference Guide

Switch 4200G 12-PortSwitch 4200G 24-PortSwitch 4200G 48-Port

www.3Com.com Part Number: 10014916 Rev. AD Published: April, 2007

3Com Corporation 350 Campus Drive Marlborough, MA USA 01752-3064

Copyright © 2006-2007, 3Com Corporation. All rights reserved. No part of this documentation may be reproduced in any form or by any means or used to make any derivative work (such as translation, transformation, or adaptation) without written permission from 3Com Corporation.

3Com Corporation reserves the right to revise this documentation and to make changes in content from time to time without obligation on the part of 3Com Corporation to provide notification of such revision or change.

3Com Corporation provides this documentation without warranty, term, or condition of any kind, either implied or expressed, including, but not limited to, the implied warranties, terms or conditions of merchantability, satisfactory quality, and fitness for a particular purpose. 3Com may make improvements or changes in the product(s) and/or the program(s) described in this documentation at any time.

If there is any software on removable media described in this documentation, it is furnished under a license agreement included with the product as a separate document, in the hard copy documentation, or on the removable media in a directory file named LICENSE.TXT or !LICENSE.TXT. If you are unable to locate a copy, please contact 3Com and a copy will be provided to you.

UNITED STATES GOVERNMENT LEGEND

If you are a United States government agency, then this documentation and the software described herein are provided to you subject to the following:

All technical data and computer software are commercial in nature and developed solely at private expense. Software is delivered as “Commercial Computer Software” as defined in DFARS 252.227-7014 (June 1995) or as a “commercial item” as defined in FAR 2.101(a) and as such is provided with only such rights as are provided in 3Com’s standard commercial license for the Software. Technical data is provided with limited rights only as provided in DFAR 252.227-7015 (Nov 1995) or FAR 52.227-14 (June 1987), whichever is applicable. You agree not to remove or deface any portion of any legend provided on any licensed program or documentation contained in, or delivered to you in conjunction with, this User Guide.

Unless otherwise indicated, 3Com registered trademarks are registered in the United States and may or may not be registered in other countries.

3Com and the 3Com logo are registered trademarks of 3Com Corporation.

Cisco is a registered trademark of Cisco Systems, Inc.

Funk RADIUS is a registered trademark of Funk Software, Inc.

Aegis is a registered trademark of Aegis Group PLC.

Intel and Pentium are registered trademarks of Intel Corporation. Microsoft, MS-DOS, Windows, and Windows NT are registered trademarks of Microsoft Corporation. Novell and NetWare are registered trademarks of Novell, Inc. UNIX is a registered trademark in the United States and other countries, licensed exclusively through X/Open Company, Ltd.

IEEE and 802 are registered trademarks of the Institute of Electrical and Electronics Engineers, Inc.

All other company and product names may be trademarks of the respective companies with which they are associated.

ENVIRONMENTAL STATEMENT

It is the policy of 3Com Corporation to be environmentally-friendly in all operations. To uphold our policy, we are committed to:

Establishing environmental performance standards that comply with national legislation and regulations.

Conserving energy, materials and natural resources in all operations.

Reducing the waste generated by all operations. Ensuring that all waste conforms to recognized environmental standards. Maximizing the recyclable and reusable content of all products.

Ensuring that all products can be recycled, reused and disposed of safely.

Ensuring that all products are labelled according to recognized environmental standards.

Improving our environmental record on a continual basis.

End of Life Statement

3Com processes allow for the recovery, reclamation and safe disposal of all end-of-life electronic components.

Regulated Materials Statement

3Com products do not contain any hazardous or ozone-depleting material.

CONTENTS

ABOUT THIS GUIDE

About This Software Version 3Organization of the Manual 3Intended Readership 3Conventions 3Related Manuals 4Alphebetical Listing of Commands 5

ALPHABETICAL LISTING OF COMMANDS

COMMANDS

Commands 13

NUMERICSCOMMANDS BY FUNCTION

Commands by Function 845

2 CONTENTS

ABOUT THIS GUIDE

This guide describes the command line interface (CLI) configuration commands used to control the 3Com Switch 4200G Family of switches.

About This Software Version

The software in the 3Com Switch 4200G Family is a subset of that used in some other 3Com products. Depending on the capabilities of your hardware platform, some commands described in this guide may not be available on your Switch, although the unavailable commands may still display on the command line interface (CLI). If you try to use an unavailable command, an error message displays.

CAUTION: Any command that displays on the CLI, but is not described in this guide, is not supported in Version #.# software. 3Com only supports the commands described in this guide. Other commands may result in the loss of data, and are entered at the user’s risk.

Organization of the Manual

The 3Com Switch 4200G Family Command Reference Guide list all commands in alphabetical order. A index of commands organized by function is provided at the end of this document.

Intended Readership The manual is intended for the following readers:

■ Network administrators

■ Network engineers

■ Users who are familiar with the basics of networking

Conventions This manual uses the following conventions:

Table 1 Icons

Icon Notice Type Description

Information note Information that describes important features or instructions.

Caution Information that alerts you to potential loss of data or potential damage to an application, system, or device.

Warning Information that alerts you to potential personal injury.

4 ● 3Com Switch 4200G Family Command Reference

Related Manuals The 3Com Switch 4200G Family Getting Started Guide provides information about installation.

The 3Com Switch 4200G Family Configuration Guide provides information about configuring your network using the commands described in this guide.

Table 2 Text conventions

Convention Description

Screen displays This typeface represents text as it appears on the screen.

Keyboard key names If you must press two or more keys simultaneously, the key names are linked with a plus sign (+), for example:

Press Ctrl+Alt+Del

The words “enter” and “type”

When you see the word “enter” in this guide, you must type something, and then press Return or Enter. Do not press Return or Enter when an instruction simply says “type.”

Fixed command text

This typeface indicates the fixed part of a command text. You must type the command, or this part of the command, exactly as shown, and press Return or Enter when you are ready to enter the command.

Example: The command display history-command must be entered exactly as shown.

Variable command text

This typeface indicates the variable part of a command text. You must type a value here, and press Return or Enter when you are ready to enter the command.

Example: in the command super level, a value in the range 0 to 3 must be entered in the position indicated by level

{ x | y | ... } Alternative items, one of which must be entered, are grouped in braces and separated by vertical bars. You must select and enter one of the items.

Example: in the command flow-control {hardware | none | software}, the braces and the vertical bars combined indicate that you must enter one of the parameters. Enter either hardware, or none, or software.

[ ]

Items shown in square brackets [ ] are optional.

Example 1: in the command display users [all], the square brackets indicate that the parameter all is optional. You can enter the command with or without this parameter.

Example 2: in the command user-interface [type] first-number [last-number] the square brackets indicate that the parameters [type] and [last-number] are both optional. You can enter a value in place of one, both or neither of these parameters.

Alternative items, one of which can optionally be entered, are grouped in square brackets and separated by vertical bars. Example 3: in the command header [shell | incoming | login] text, the square brackets indicate that the parameters shell, incoming and login are all optional. The vertical bars indicate that only one of the parameters is allowed.

ALPHABETICAL LISTING OF COMMANDS

Alphebetical Listing of Commands

This section lists all commands in alphabetical order.

access-limit 14accounting 15accounting domain 16accounting-on enable 17accounting optional 19acl 21acl 22active region-configuration 24add-member 25address-check 26administrator-address 27am user-bind 28apply qos-profile 29apply qos-profile interface 30arp check enable 31arp static 32arp timer aging 34ascii 35attribute 36authentication 38authentication-mode 40authorization 42auto-build 43auto-execute command 44binary 45black-list add-mac 46black-list delete-mac 47boot attribute-switch 48boot boot-loader 49boot boot-loader 50boot boot-loader backup-attribute 51boot bootrom 52boot web-package 53broadcast-suppression 54build 55bye 56bye 57cd 58cd 59

cd 60cdup 61cdup 62check region-configuration 63clock datetime 65clock summer-time 66clock timezone 68close 69cluster 70cluster enable 71cluster-local-user 72cluster-mac 73cluster-mac syn-interval 74cluster-snmp-agent community 75cluster-snmp-agent group v3 77cluster-snmp-agent mib-view in-cluded 79cluster-snmp-agent usm-user v3 81cluster switch-to 83cluster switch-to sysname 84command-privilege level 86copy 87copy configuration 88cut connection 89data-flow-format 91databits 93debugging 94debugging 95debugging arp packet 96debugging dhcp client 97debugging dhcp-relay 98debugging DLDP 100debugging ntp-service 101debugging radius 102debugging snmp-agent 103debugging udp-helper 104delete 105delete 107delete 108

6 ● Alphebetical Listing of Commands 3Com Switch 4200G Family
Command Reference
delete-member 109delete static-routes all 110description 111description 112description 113description 114dhcp relay information enable 115dhcp relay information strategy 116dhcp-security static 117dhcp-server 118dhcp-server ip 119dir 120dir 122dir 124disconnect 125display acl 126display am user-bind 127display arp 128display arp count 130display arp timer aging 131display boot-loader 132display boot-loader 133display bootp client 134display brief interface 135display channel 137display clock 138display cluster 139display cluster base-topology 141display cluster black-list 142display cluster candidates 143display cluster current-topology 145display cluster members 147display connection 149display cpu 151display current-configuration 152display debugging 156display debugging habp 157display device 158display dhcp client 159display dhcp-security 160display dhcp-server 161display dhcp-server interface vlan-interface 163display dhcp-snooping 164display dhcp-snooping 165display dhcp-snooping trust 166display dhcp-snooping trust 167display diagnostic-information 168

display domain 169display dot1x 171display fib 175display ftp-server 176display ftp-user 177display garp statistics 178display garp timer 179display gvrp statistics 180display gvrp status 181display habp 182display habp table 183display habp traffic 184display history-command 185display icmp statistics 186display igmp-snooping configura-tion 188display igmp-snooping group 189display igmp-snooping statistics 190display info-center 191display interface 193display interface VLAN-interface 196display ip host 197display ip interface vlan-interface 198display ip routing-table 200display ip routing-table acl 201display ip routing-table ip-address 204display ip routing-table ip-address1 ip-address2 208display ip routing-table ip-prefix 210display ip routing-table protocol 213display ip routing-table radix 215display ip routing-table statistics 216display ip routing-table verbose 217display ip socket 218display ip statistics 220display isolate port 222display lacp system-id 223display link-aggregation interface 224display link-aggregation summary 226display link-aggregation verbose 227

3Com Switch 4200G Family Alphebetical Listing of Commands ● 7 Command Reference

display local-server statistics 229display local-user 230display logbuffer 232display logbuffer summary 234display-loopback-detection 235display mac-address 236display mac-address aging-time 238display mac-address multicast static 239display mac-address security 240display mac-authentication 241display memory 243display mirroring-group 244display ndp 246display ntdp 249display ntdp device-list 250display ntdp single-device mac-ad-dress 251display ntp-service sessions 253display ntp-service status 255display ntp-service trace 256display packet-filter 257display port 258display port-security 259display port vlan-vpn 261display protocol-priority 262display qos cos-drop-prece-dence-map 263display qos cos-dscp-map 264display qos cos-local-prece-dence-map 265display qos dscp-cos-map 266display qos dscp-drop-prece-dence-map 267display qos dscp-dscp-map 268display qos dscp-local-prece-dence-map 269display qos-interface all 270display qos-interface priority-trust 272display qos-interface traffic-limit 273display qos-interface traffic-shape 274display qos-interface traffic-statistic 275display qos-profile 276display queue-scheduler 277

display radius 278display radius statistics 280display rmon alarm 282display rmon event 283display rmon eventlog 284display rmon history 285display rmon prialarm 286display rmon statistics 287display rsa local-key-pair public 288display rsa peer-public-key 289display saved-configuration 290display schedule reboot 292display snmp-agent 293display snmp-agent community 294display snmp-agent group 295display snmp-agent mib-view 296display snmp-agent statistics 298display snmp-agent sys-info 300display snmp-agent trap-list 301display snmp-agent usm-user 302display ssh server 303display ssh server-info 304display ssh user-information 305display startup 306display stop-accounting-buffer 307display stp 309display stp region-configuration 311display tcp statistics 312display tcp status 314display this 315display time-range 316display trapbuffer 318display udp-helper server 319display user-interface 320display users 322display users 323display version 324display vlan 325display vlan 326display voice vlan oui 328display voice vlan status 329domain 330dot1x 332dot1x authentication-method 334dot1x dhcp-launch 335dot1x guest-vlan 336dot1x max-user 338dot1x port-control 340

Command Reference
dot1x port-method 342dot1x quiet-period 344dot1x retry 345dot1x retry-version-max 346dot1x timer 347dot1x version-check 349duplex 351enable snmp trap updown 352end-station polling ip-address 353execute 354exit 355file prompt 356flow-control 357format 358free user-interface 359free web-users 360ftp 361ftp cluster 362ftp server 363ftp server enable 364ftp timeout 365garp timer 366garp timer leaveall 368get 369get 370gratuitous-arp learning enable 371gvrp 372gvrp registration 373habp enable 374habp server vlan 375habp timer 376header 377help 379history-command max-size 380holdtime 381idle-cut 382idle-timeout 383igmp host-join vlan 384igmp-snooping 385igmp-snooping fast-leave 386igmp-snooping group-limit 387igmp-snooping group-policy 388igmp-snooping host-aging-time 390igmp-snooping max-response-time 391igmp-snooping router-aging-time 392info-center channel name 393

info-center console channel 394info-center enable 395info-center logbuffer 396info-center monitor channel 397info-center snmp channel 398info-center source 399info-center synchronous 403info-center timestamp 404info-center trapbuffer 405instance 406interface 408interface VLAN-interface 409ip address 410ip address bootp-alloc 411ip address dhcp-alloc 412ip host 413ip http acl 414ip-pool 415ip route-static 416ip route-static 418jumboframe enable 420key 421lacp enable 423lacp port-priority 424lacp system-priority 425language-mode 426lcd 427level 428link-aggregation group description 429link-aggregation group mode 430local-server 431local-user 433local-user password-display mode 435lock 436logging-host 437loopback-detection control enable 438loopback-detection enable 439loopback-detection interval-time 441loopback-detection per-vlan enable 442ls 443ls 444mac-address 445mac-address max-mac-count 447


mac-address max-mac-count 0 448mac-address multicast interface vlan 449mac-address multicast vlan 450mac-address security 451mac-address timer 452mac-authentication 453mac-authentication authmode 455mac-authentication authpassword 456mac-authentication authusername 457mac-authentication domain 458mac-authentication timer 459management-vlan 460management-vlan synchronization enable 461mdi 462messenger 463mirroring group 464mirroring-group mirroring-port 465mirroring-group reflector-port 466mirroring-group remote-probe vlan 467mirroring-port 468mkdir 469mkdir 470mkdir 471monitor-port 472more 473move 474name 475name 476nas-ip 477ndp enable 478ndp timer aging 479ndp timer hello 480nm-interface vlan-interface 481ntdp enable 482ntdp explore 483ntdp hop 484ntdp timer 485ntdp timer hop-delay 486ntdp timer port-delay 487ntp-service access 488ntp-service authentication enable 490ntp-service authentication-keyid

491ntp-service broadcast-client 492ntp-service broadcast-server 493ntp-service in-interface disable 494ntp-service max-dynamic sessions 495ntp-service multicast-client 496ntp-service multicast-server 497ntp-service reliable authentica-tion-keyid 498ntp-service source-interface 499ntp-service unicast-peer 500ntp-service unicast-server 502open 504packet-filter 505packet-filter 506parity 507passive 508password 509password 510peer-public-key end 511ping 512port 515port access vlan 516port hybrid pvid vlan 517port hybrid vlan 518port isolate 519port link-aggregation group 520port link-type 521port-security enable 522port-security intrusion-mode 523port-security max-mac-count 525port-security ntk-mode 527port-security OUI 529port-security port-mode 530port-security timer disableport 533port-security trap 534port trunk pvid vlan 536port trunk permit vlan 537primary accounting 538primary authentication 540priority 542priority trust 543protocol inbound 545protocol inbound 546protocol-priority protocol-type 547public-key-code begin 548public-key-code begin 549

Command Reference
public-key-code end 550public-key-code end 551put 552put 553pwd 554pwd 555pwd 556qos cos-drop-precedence-map 557qos cos-dscp-map 559qos cos-local-precedence-map 561qos dscp-cos-map 563qos dscp-drop-precedence-map 565qos dscp-dscp-map 567qos dscp-local-precedence-map 569qos-profile 571qos-profile port-based 572queue-scheduler 573quit 575quit 576quit 577quit 578radius nas-ip 579radius-scheme 580radius scheme 581radius trap 583reboot 584reboot member 585region-name 586remote-probe vlan 587remotehelp 588remove 589rename 590rename 591rename 592reset arp 593reset counters interface 594reset dot1x statistics 595reset garp statistics 596reset igmp-snooping statistics 597reset ip statistics 598reset logbuffer 599reset ndp statistics 600reset radius statistics 601reset recycle-bin 602reset saved-configuration 603reset stop-accounting-buffer 605reset stp 607reset tcp statistics 608

reset traffic-limit 609reset traffic-statistic 610reset trapbuffer 611retry 612retry realtime-accounting 613retry stop-accounting 615return 616revision-level 617rmdir 618rmdir 619rmdir 620rmon alarm 621rmon event 623rmon history 624rmon prialarm 625rmon statistics 628rsa local-key-pair create 629rsa local-key-pair destroy 631rsa peer-public-key 632rsa peer-public-key 633rule (Advanced ACL) 634rule (Basic ACL) 638rule comment 640rule (Layer 2 ACL) 641save 643schedule reboot at 645schedule reboot delay 647scheme 648screen-length 650secondary accounting 651secondary authentication 652security-policy-server 653self-service-url 654send 656server-type 657service-type 658service-type 660service-type multicast 662set authentication password 663sftp 664sftp server enable 666sftp time-out 667shell 668shutdown 669shutdown 670smarton 671smarton password 672smarton switchid 673


smarton timer 674snmp-agent 675snmp-agent community 676snmp-agent community 677snmp-agent group 678snmp-agent group 680snmp-agent local-engineid 682snmp-agent log 683snmp-agent mib-view 684snmp-agent packet max-size 685snmp-agent sys-info 686snmp-agent target-host 687snmp-agent trap enable 689snmp-agent trap life 691snmp-agent trap queue-size 692snmp-agent trap source 693snmp-agent usm-user 694snmp-agent usm-user 696snmp-agent usm-user 698snmp-agent usm-user 700snmp-host 702speed 703speed 704ssh client assign rsa-key 705ssh client first-time enable 706ssh server authentication-retries 707ssh server timeout 708ssh user assign rsa-key 709ssh user authentication-type 710ssh user service-type 712ssh2 713startup bootrom-access enable 715startup saved-configuration 716state 717state 720stop-accounting-buffer enable 722stopbits 723stp 724stp bpdu-protection 725stp bridge-diameter 726stp config-digest-snooping 727stp cost 729stp edged-port 730stp interface 732stp interface config-digest-snooping 734stp interface cost 736stp interface edged-port 738

stp interface loop protection 740stp interface mcheck 742stp interface no-agreement-check 743stp interface point-to-point 744stp interface port priority 746stp interface root-protection 748stp interface transmit-limit 750stp loop-protection 752stp max-hops 753stp mcheck 754stp mode 755stp no-agreement-check 756stp pathcost-standard 757stp point-to-point 759stp port priority 761stp priority 762stp region-configuration 763stp root primary 764stp root-protection 766stp root secondary 767stp tc-protection 769stp timer-factor 770stp timer forward-delay 771stp timer hello 773stp timer max-age 774stp transmit-limit 775super 776super password 778sysname 780sysname 781system-view 782tcp timer fin-timeout 783tcp timer syn-timeout 784tcp window 785telnet 786terminal debugging 787terminal debugging 788terminal logging 789terminal monitor 790terminal trapping 791tftp 792tftp cluster get 793tftp cluster put 794tftp get 795tftp put 796tftp-server 797tftp-server acl 798

Command Reference
time-range 799timer 801timer 802timer quiet 803timer realtime-accounting 804timer response-timeout 806topology accept 807topology restore-from 808topology save-to 809tracemac 810tracert 811traffic-limit 813traffic shape 815traffic-statistic 816udp-helper enable 817udp-helper port 818udp-helper server 819undelete 820user 821

user-interface 822user-name-format 823user privilege level 824verbose 825virtual-cable-test 826vlan 828vlan-assignment-mode 830vlan-mapping modulo 832vlan-vpn enable 834vlan-vpn tpid 835vlan-vpn tunnel 836vlan-vpn uplink enable 837voice vlan 838voice vlan aging 839voice vlan enable 840voice vlan mac-address 841voice vlan mode 842voice vlan security enable 843

COMMANDS

Commands The commands in this document are listed in alphabetical order.

14 ● access-limit 3Com Switch 4200G Family Command Reference

access-limit

Purpose Use the access-limit command to set the maximum number of access users that can be contained in current ISP domain.

Use the undo access-limit command to restore the default maximum number.

Syntax access-limit { disable | enable max-user-number }

undo access-limit

Parameters disable Specifies not to limit the number of access users that can be contained in current ISP domain.

If not specified, disable is selected by default.

enable max-user-number Specifies the maximum number of access users that can be contained in current ISP domain. Valid values are 1 to 1048.

Example To allow ISP domain aabbc.net to contain at most 500 access users, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G]domain aabbc.netNew Domain added.[S4200G-isp-aabbcc.net] access-limit enable 500

View This command can be used in the following views:

■ ISP Domain view

Description This command limits the amount of supplicants contained in the current ISP domain. Because resource contention may occur between access users, there is a need to properly limit the number of access users in an ISP domain to provide reliable performance to the users in the ISP domain.

3Com Switch 4200G Family accounting ● 15 Command Reference

accounting

Purpose Use the accounting command to configure an accounting scheme for the current ISP domain.

Use the undo accounting command to cancel the accounting scheme configuration of the current ISP domain.

Syntax accounting { none | radius-scheme radius-scheme-name }

undo accounting

Parameters none Specifies not to perform accounting.

radius-scheme-name Name of a RADIUS scheme, consisting of a character string no more than 32 characters long.

Default By default, no accounting scheme is configured for the ISP domain.

Example To specify “radius” as the RADIUS accounting scheme that will be referenced by current ISP domain, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] domain aabbcc.netNew Domain added.


■ ISP Domain view

Description When you use the accounting command to specify a RADIUS scheme for the current ISP domain, the RADIUS scheme must already be defined.

If the accounting command is used in an ISP domain view, the system uses the scheme specified in this command to charge the users. Otherwise, the system uses the scheme specified in the scheme command to charge the users.

Related Command ■ scheme

■ radius scheme

16 ● accounting domain 3Com Switch 4200G Family Command Reference

accounting domain

Purpose Use the accounting domain command to enable the DHCP accounting function.

Use the undo accounting domain command to disable the DHCP accounting function.

Syntax accounting domain domain-name

undo accounting domain

Parameters domain-name Name of a domain, consisting of a string from 1 to 24 characters long. (You can use the domain command to create a domain.)

Example Enter system view.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.

Enter DHCP address pool view.

[S4200G] dhcp server ip-pool test

Enable the DHCP accounting function (assuming that domain 123 already exists).

[S4200G-dhcp-pool-test] accounting domain 123


■ DHCP Address Pool view

3Com Switch 4200G Family accounting-on enable ● 17 Command Reference

accounting-on enable

Purpose Use the accounting-on enable command to enable user re-authentication upon device restart function.

Use the undo accounting-on enable command to disable user re-authentication upon device restart function and restore the default interval and the number of attempts to transmit the Accounting-On packet.

Use the undo accounting-on send command to restore the default maximum number of attempts to transmit the Accounting-On packet.

Use the undo accounting-on interval command to restore the default transmit of the Accounting-On packet.

Syntax accounting-on enable [ send times | interval interval ]

undo accounting-on { enable | send | interval }

Parameters times Specifies the number of times to attempt sending the Accounting-On packet, ranging from 1 to 256. If not specified, the default is 15 times.

interval Specifies the interval at which to send the Accounting-On packet, ranging from 1 to 30 seconds. If not specified, the default is 3 seconds.

Default By default, this feature is disabled.

Example To enable the user re-authentication upon device restart function for the RADIUS scheme named CAMS, enter the following:

<S4200G> system-view[S4200G] radius scheme CAMS[S4200G-radius-CAMS] accounting-on enable


■ RADIUS Scheme view

Description The purpose of this feature is to resolve the following problem: users cannot re-log onto the network after the switch reboots because they are already online. After this feature is enabled, every time the switch reboots:

■ The switch generates an Accounting-On packet, which mainly contains the following information: NAS-ID, NAS-IP (source IP address), and session ID.

■ The switch sends the Accounting-On packet to the CAMS at regular intervals.

18 ● accounting-on enable 3Com Switch 4200G Family Command Reference

■ Once the CAMS receives the Accounting-On packet, it sends a response to the switch. At the same time it finds and deletes the existing online information of the user who was accessing the network through the switch before the reboot based on the NAS-ID, NAS-IP and session ID contained in the Accounting-On packet, and ends the charging of the user according to the last accounting update packet.

■ Once the switch receives the response from the CAMS, it stops sending other Accounting-On packets.

■ If the switch has tried the set maximum times to transmit the Accounting-On packet but still does not receive any response from the CAMS, it stops the sending of the Accounting-On packet.

Note: The switch can automatically generate the main attributes (NAS-ID, NAS-IP and session ID) of the Accounting-On packets. However, you can also manually configure the NAS-IP attribute with the nas-ip command. When doing this, be sure to configure a correct and valid IP address. If this attribute is not configured manually, the switch will automatically select the IP address of the VLAN interface as the NAS-IP address.

Related Command nas-ip

3Com Switch 4200G Family accounting optional ● 19 Command Reference

accounting optional

Purpose Use the accounting optional command to open the accounting-optional switch.

Use the undo accounting optional command to close the accounting-optional switch.

Syntax accounting optional

undo accounting optional

Parameters None

Default By default, the accounting-optional switch is closed.

Example To open the accounting-optional switch for the ISP domain named aabbcc.net, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] domain aabbcc.netNew Domain added.[S4200G-isp-aabbcc.net] accounting optional

To open the accounting-optional switch for the RADIUS scheme radius1, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] accounting optional


■ ISP Domain view


Description Note:

■ When the system charges an online user but it does not find any available RADIUS accounting server or fails to communicate with any RADIUS accounting server, the user can continue the access to network resources if the accounting optional command has been used, otherwise the user is disconnected from the system. The accounting optional command is often used in the cases where only authentication is needed and no accounting is needed.

20 ● accounting optional 3Com Switch 4200G Family Command Reference

■ After the accounting optional command is used for a RADIUS scheme, the system will no longer send real-time accounting update packets and stop-accounting packets for any user in an ISP domain referencing the RADIUS scheme.

■ This configuration takes effect only on the accounting using this RADIUS scheme.

3Com Switch 4200G Family acl ● 21 Command Reference

acl

Purpose Use the acl command to reference ACL and implement the ACL control to the TELNET users.

Use the undo acl command to remove the control from the TELNET users.

Syntax acl acl-number { inbound | outbound }

undo acl { inbound | outbound }

Parameters acl-number The number identifier of basic and advanced number-based ACLs. Valid values are 2000 to 3999.

inbound Performs ACL control to the users who access the local Switch using TELNET.

outbound Performs ACL control to the users who access other Switches from the local Switch using TELNET.

Example Apply ACL 2000 to filter users Telneting to the current switch (assuming that ACL 2,000 already exists.).

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] user-interface vty 0 4[S4200G-ui-vty0-4] acl 2000 inbound


■ User Interface view

22 ● acl 3Com Switch 4200G Family Command Reference

acl

Purpose Use the acl command to define an ACL identified by a number, and enter the corresponding ACL View.

Use the undo acl command to delete all entries of an ACL or to delete all ACLs.

Syntax acl number acl-number [ match-order { config | auto } ]

undo acl { number acl-number | all }

Parameters number acl-number Specifies the number of an access control list (ACL) in the range of:

2,000 to 2,999: identifies basic ACLs.

3,000 to 3,999: identifies advanced ACLs.

4,000 to 4,999: identifies layer 2 ACLs.

match-order Specifies the match order for the ACL rules. The match-order keyword is not available for the definition of a Layer 2 ACL. Match orders include config and auto.

config Specifies to match ACL rules according to the user-defined order.

auto Specifies to match ACL rules according to the "depth-first" order.

all Specifies to delete all ACLs.

Default By default, the ACLs are matched in config order.

Example Define rules for ACL 2000, and specify "depth-first" order as the rule match order.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] acl number 2000 match-order auto[S4200G-acl-basic-2000]


■ System view

Description After entering the corresponding ACL view, you can use the rule command to add entries to the ACL.

An ACL supports the following types of match orders:

3Com Switch 4200G Family acl ● 23 Command Reference

■ Configured order: ACL rules are matched according to the configured order.

■ Automatic ordering: ACL rules are matched according to the "depth-first" order

The "depth-first" ordering of rules in IP ACLs (basic and advanced ACLs) is implemented based on the lengths of the source IP address masks and the destination IP address masks. The rule with the longest masks is first matched, and then comes the rule with the second longest masks, and so on. In the ordering, the lengths of the source IP address masks are compared first; if the source IP address masks have the same length, the lengths of the destination IP address masks are compared. For example, the rule of which the source IP address mask is 255.255.255.0 precedes the rule of which the source IP address mask is 255.255.0.0 in the match order.

You can use the match-order keyword to specify whether to use the configured order or "depth-first" order (rules with smaller ranges are matched first) to match rules. If neither match orders are specified, the configured match order will be adopted.

You cannot modify the match order for an ACL once you have specified it, unless you delete all the entries of the ACL.

The ACL match order feature is effective only when the ACL is referenced by software for data filtering and traffic classification.

Related Command rule

24 ● active region-configuration 3Com Switch 4200G Family Command Reference

active region-configuration

Purpose Use the active region-configuration command to activate the settings of an MST (multiple spanning tree) region.

Syntax active region-configuration

Parameters None

Example To activate the MST region settings, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp region-configuration [S4200G-mst-region] active region-configuration


■ MST Region view

Description This command causes the switch to operate with the new MST region settings, when spanning trees are regenerated.

Changes of MST region parameters, especially those of the VLAN mapping tables, can cause MSTP to recalculate the spanning trees, creating network topology jitters across the network. To reduce network topology jitters caused by configuration changes, MSTP does not recalculate the spanning trees immediately in response to region configuration changes. Rather, MSTP brings the configurations into effect only after you activate the new MST region settings or enable MSTP.

Related Commands ■ check region-configuration

■ instance

■ region-name

■ revision-level

■ vlan-mapping modulo

3Com Switch 4200G Family add-member ● 25 Command Reference

add-member

Purpose Use the add-member command to add a candidate device to a cluster.

Syntax add-member [ member-number] mac-address H-H-H [ password password ]

Parameters member-number Member number assigned to the candidate device to be added to a cluster. This argument ranges from 1 to 256.

H-H-H MAC address of the candidate device (in hexadecimal).

password Password of the candidate device, a string comprising 1 to 256 characters. The password is required when you add a candidate device to a cluster. However, this argument is not needed if the candidate device is not configured with a password.

Example Add a candidate device to the cluster, setting the member number to 6. (Assume that the MAC address and user password of the candidate device are 00E0-fc00-35e7 and 123456.)

<aaa_0.S4200G>system-viewSystem View: return to User View with Ctrl+Z.[aaa_0.S4200G-cluster][aaa_0.S4200G-cluster] add-member 6 mac-address 00E0-fc00-35e7 password 123456


■ Cluster view

Description Use the add-member command to add a candidate device to a cluster.

You can add a candidate device to a cluster on the management device only.

If you do not specify the member number when adding a cluster member, the management device assigns the least available member number to it.

After a candidate device is added to a cluster, its device password becomes the management device password.

26 ● address-check 3Com Switch 4200G Family Command Reference

address-check

Purpose Use the address-check command to enable or disable DHCP relay security on a VLAN interface, so as to start or stop the validity check on user addresses under the VLAN interface.

Syntax address-check enable

address-check disable

Parameters None

Default By default, DHCP relay security is disabled on a VLAN interface.



Enter VLAN 1 interface view.

[S4200G] interface vlan-interface 1

Enable DHCP relay security on VLAN 1 interface.

[S4200G-Vlan-interface1] address-check enable


■ VLAN Interface view

3Com Switch 4200G Family administrator-address ● 27 Command Reference

administrator-address

Purpose Use the administrator-address command to store the MAC address of the management device on a member device.

Use the undo administrator-address command to remove a member from the cluster, usually for debugging or restoration.

Syntax administrator-address mac-address name name

undo administrator-address

Parameters mac-address MAC address of the management device.

name name Name of an existing cluster consisting of no more than 8 characters, including only alphanumeric characters, subtraction sign “-” and/or underline “_”

Default By default, a switch is not in any cluster.

Example Remove a member device from the cluster.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z[S4200G] cluster[S4200G-cluster] undo administrator-address


■ Cluster view

Description A cluster contains one (and only one) management device. After rebooting, a member device identifies the management device by the MAC address of the management device.

The recommended way to remove a cluster member from a cluster is to execute the delete-member command on the management device.

28 ● am user-bind 3Com Switch 4200G Family Command Reference

am user-bind

Purpose Use the am user-bind command to bind the MAC and IP addresses of a legal user to a specified port.

Use the undo am user-bind command to cancel the binding.

Syntax am user-bind mac-addr mac-address ip-addr ip-address [ interface interface-type interface-number ]

undo am user-bind mac-addr mac-address ip-addr ip-address [ interface interface-type interface-number ]

Parameters mac-address MAC address to be bound.

ip-address IP address to be bound.

interface-type Type of the port to be bound to.

interface-number Number of the port to be bound to.

Example Bind the legal user whose MAC address is 00e0-fc00-3900 and IP address is 10.153.1.1 to GigabitEthernet1/0/2 port.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] am user-bind mac-addr 00e0-fc00-5100 ip-addr 10.153.1.1 interface GigabitEthernet1/0/2


■ System view

■ Ethernet Port view

Description After a binding operation, only the valid user's packets can pass through the port.

■ You need to specify the bound port if you use this command in system view.

■ You do not need to specify the bound port if you use this command in Ethernet port view, because the MAC and IP address will be bound to the current port.

You can bind up to 128 pairs of MAC and IP addresses on a unit. The system allows only one binding operation for the same MAC address.

3Com Switch 4200G Family apply qos-profile ● 29 Command Reference

apply qos-profile

Purpose Use the apply qos-profile command to manually apply the QoS profile to the current port.

Use the undo apply qos-profile command to manually remove the QoS profile from a port.

Syntax apply qos-profile profile-name

undo apply qos-profile profile-name

Parameters profile-name Specifies the QoS profile name, consisting of a string 1 to 32 characters long, starting with letters [a-z, A-Z] and excluding the reserved keywords (for example; all, interface, user, undo, user-based, and port-based)

Example To apply the qos-profile named h3c on the current port manually, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface gigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] apply qos-profile h3c



Description You cannot delete a QoS profile which has been applied to a port. Likewise a profile has to be created before it can be assigned to a port.

30 ● apply qos-profile interface 3Com Switch 4200G Family Command Reference

apply qos-profile interface

Purpose Use the apply qos-profile interface command to manually apply a QoS profile to one or more consecutive ports.

Use the undo apply qos-profile command to manually remove the configuration from one or more consecutive ports.

Syntax apply qos-profile profile-name interface interface-type interface-num [ to interface interface-type interface-num ]

undo apply qos-profile profile-name interface interface-type interface-num [ to interface interface-type interface-num ]

Parameters profile-name Specifies the QoS profile name, consisting of a string 1 to 32 characters long, starting with letters [a-z, A-Z] and excluding the reserved keywords (for example; all, interface, user, undo, user-based, and port-based).

interface interface-type interface-num [ to interface interface-type interface-num ] Specifies the range of ports. The beginning interface

interface-type interface-num specifies the beginning port and the one in the end specifies the end port.

Example To apply profile named h3c on GigabitEthernet1/0/1 to GigabitEthernet1/0/4 manually, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] apply qos-profile h3c interface gigabitethernet1/0/1 to gigabitethernet1/0/4


■ System view

Description You cannot delete the specific QoS profile that has been applied to the port.

3Com Switch 4200G Family arp check enable ● 31 Command Reference

arp check enable

Purpose Use the arp check enable command to enable the ARP entry checking function, that is, to disable a switch from creating multicast MAC address ARP entries for MAC addresses learned.

Use the undo arp check enable command to disable the ARP entry checking function. In this case, a switch creates multicast MAC address ARP entries for MAC addresses learned.

Syntax arp check enable

undo arp check enable

Parameters None

Default By default, the checking of ARP entry is enabled and the device does not learn the ARP entry where the MAC address is a multicast MAC address.

Example To configure to create multicast MAC address ARP entries for MAC addresses learned, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] undo arp check enable


■ System view

32 ● arp static 3Com Switch 4200G Family Command Reference

arp static

Purpose Use the arp static command to configure the static ARP mapping entries in the ARP mapping table.

Use the undo arp ip_address command to remove a ARP mapping entry from the ARP table.

Syntax arp static ip_address mac_address [ vlan_id interface_type interface_number }]

undo arp ip_address

Parameters ip_address Specifies the IP address of the ARP mapping entry.

mac_address Specifies the MAC address of the ARP mapping entry, in the format H-H-H, where H indicates a four digit hexadecimal number, for example 00e0-fc01-0000.

vlan_id Specifies the ID number of the local VLAN that you want to use to associate with the ARP mapping entry. Valid values for the VLAN ID are 1 to 4094.

interface_type Specifies the type of the port that you want to use to send frames to this address. This parameter be entered if a VLAN ID is specified.

interface_number Specifies the number of the port that you want to use to send frames to this address. This parameter must be entered if a VLAN ID is specified.

Default By default, the ARP mapping table is empty, and the Switch uses dynamic ARP to maintain its address mapping.

Example To Create a static ARP mapping entry, with the IP address of 202.38.10.2, the MAC address of 00e0-fc01-0000. The ARP mapping entry belongs to GigabitEthernet1/0/1 port (assuming that GigabitEthernet1/0/1 port belongs to VLAN1), enter following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] arp static 202.38.10.2 00e0-fc01-0000 1 GigabitEthernet1/0/1


■ System view

3Com Switch 4200G Family arp static ● 33 Command Reference

Description The system ARP mapping table is empty when a switch is just started. And the dynamic address mapping entries are generated by ARP.

Note:

■ Static ARP mapping entries are valid as long as the Ethernet switch operates. However, an ARP mapping entry is removed if the corresponding VLAN is removed. By default, a dynamic ARP mapping entry remains valid for 20 minutes.

■ As for the arp static command, the value of the vlan-id argument must be the ID of an existing VLAN, and the port identified by the interface-type and interface-number arguments must belong to the VLAN.

Related Commands ■ reset arp

■ display arp

■ debugging arp packet

34 ● arp timer aging 3Com Switch 4200G Family Command Reference

arp timer aging

Purpose Use the arp timer aging command to configure the aging time for dynamic ARP mapping entries.

Use the undo arp timer aging command to restore the default aging time.

Syntax arp timer aging aging-time

undo arp timer aging

Parameters aging-time Specifies the aging time (in minutes) of the dynamic ARP mapping entries. Valid values are from 1 to 1,440.

Default The defaults is 20 minutes.

Example To Configure the aging time to be 10 minutes, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] arp timer aging 10


■ System view

Related Command arp timer aging

3Com Switch 4200G Family ascii ● 35 Command Reference

ascii

Purpose Use the ascii command to configure data transmission mode as ASCII mode.

Syntax ascii

Parameters None

Default By default, the file transmission mode is ASCII mode.

Example Enter FTP client view.

<S4200G> ftp 2.2.2.2 Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(none):switch 331 Give me your password, please Password:***** 230 Logged in successfully [ftp]

Specify to transfer files in ASCII mode.

[ftp] ascii200 Type set to A.


■ FTP Client view

Description Perform this command if the user needs to change the file transmission mode to default mode.

36 ● attribute 3Com Switch 4200G Family Command Reference

attribute

Purpose Use the attribute command to configure attributes of a user whose service type is lan-access.

Use the undo attribute command to cancel the attributes that have been defined for this user.

Syntax attribute { ip ip-address | mac mac-address | idle-cut second | access-limit max-user-number | vlan vlan-id | location { nas-ip ip-address port port-number | port port-number }

undo attribute { ip | mac | idle-cut | access-limit | vlan | location }

Parameters ip ip-address Specifies the IP address of a user.

mac mac-address Specifies the MAC address of a user. Where, mac-address takes on the hexadecimal format of HHHH-HHHH-HHHH-HHHH.

idle-cut second Allows the local users to enable the idle-cut function. The argument second defines the idle time before cutting down. Valid values are 60 to 7200 seconds.

access-limit max-user-number Specifies the maximum number of users who access

the switch using the current user name. Valid values for max-user-number are 1 to 1024.

vlan vlan-id Sets the VLAN attribute of user, in other words, the VLAN to which a user belongs. Valid values for vlan-id are 1 to 4094.

location Sets the port binding attribute of user.

nas-ip ip-address Sets the IP address of the access server to which the user is bound. ip-address is an IP address in dotted decimal format and defaults to 127.0.0.1. nas-ip must be defined for a user bound with a remote port.

port port-number Sets the port to which a user is bound. port-number is specified in the following format:

device ID/slot number/port number

The device ID ranges from 1 to 8. The slot number ranges from 0 to 15 (if the bound port has no slot number, input 0). The port number ranges from 1 to 255.

If any of these three items is absent, the value 0 will be used to replace it.

3Com Switch 4200G Family attribute ● 37 Command Reference

Example To set the IP address of user1 to 10.110.50.1, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] local-user user1 New local user added.[S4200G-luser-user1] attribute ip 10.110.50.1


■ Local User view

Related Command display local-user

38 ● authentication 3Com Switch 4200G Family Command Reference

authentication

Purpose Use the authentication command to configure an authentication scheme for the current ISP domain.

Use the undo authentication command to restore the default authentication scheme of the current ISP domain.

Syntax authentication { radius-scheme radius-scheme-name [ local ] | local | none }

undo authentication

Parameters radius-scheme radius-scheme-name Specifies a RADIUS authentication scheme.

local Specifies to use local authentication scheme.

none Specifies not to perform authentication.

Default By default, no separate authentication scheme is configured.

Example To Specify “radius” as the RADIUS authentication scheme to be referenced by the ISP domain aabbcc.net, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] domain aabbcc.netNew Domain added.[S4200G-isp-aabbcc.net] authentication radius-scheme radius

To specify “rd” as the RADIUS authentication scheme to be referenced by the ISP domain aabbcc, and the local scheme as the secondary authentication scheme, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] domain aabbccNew Domain added.[S4200G-isp-aabbcc] authentication radius-scheme rd local


■ ISP Domain view

3Com Switch 4200G Family authentication ● 39 Command Reference

Description Before you use the authentication command to specify a RADIUS scheme to be referenced by the current ISP domain, the specified RADIUS scheme must has already been defined.

■ After the authentication radius-scheme radius-scheme-name local command is executed, the local scheme is used as the secondary authentication scheme in case the RADIUS server does not respond normally. That is, if the communication between the switch and the RADIUS server is normal, no local authentication is performed; otherwise, local authentication is performed.

■ After the authentication local command is executed, the local scheme is used as the primary scheme. In this case, only local authentication is performed. After the authentication none command is executed, no authentication is performed.

■ After the authentication command is executed in an ISP domain view, the system uses the authentication scheme specified in the command to authenticate the users in the domain. Otherwise the system uses the scheme specified in the scheme command to authenticate the users.


■ radius scheme

40 ● authentication-mode 3Com Switch 4200G Family Command Reference

authentication-mode

Purpose Use the command authentication-mode to specify the authentication mode.

Use the command authentication-mode password to prompt a user for local password authentication at login.

To set the password, use set authentication password.

Use the command authentication-mode scheme to prompt a user to provide local or remote user name and password authentication at login.

Use the command authentication-mode none to allow a user to log in without username or password authentication.

Syntax authentication-mode { password | scheme | none }

Parameters password Authenticates users using the local password.

scheme Authenticates users locally or remotely using usernames and passwords.

none Does not authenticate users.

Default By default, users logging in through the Console port are not authenticated, whereas modem users and Telnet users are authenticated.

Example Configure to authenticate users using the local password.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] user-interface aux0[S4200G-ui-aux0] authentication-mode password



Description This command configures the authentication method for a user at log in.

■ If you specify the password keyword to authenticate users using the local password, remember to set the local password using the set authentication password { cipher | simple } password command.

■ If you specify the scheme keyword to authenticate users locally or remotely using usernames and passwords, the actual authentication mode depends on other related configuration. Refer to the Security module of this manual for more.

3Com Switch 4200G Family authentication-mode ● 41 Command Reference

The type of the authentication depends on your network configuration. For further information, see “AAA and RADIUS”.

42 ● authorization 3Com Switch 4200G Family Command Reference

authorization

Purpose Use the authorization none command to allow users in the current ISP domain to use network services without being authorized.

Use the undo authorization command to restore the default authorization scheme of the ISP domain.

Syntax authorization none

undo authorization

Parameters None

Default By default, no separate authorization scheme is configured.

Example Allow users in current ISP domain to access the network services without being authorized.

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] domain aabbcc.netNew Domain added.[S4200G-isp-aabbcc.net] authorization none


■ ISP Domain view


■ radius scheme

3Com Switch 4200G Family auto-build ● 43 Command Reference

auto-build

Purpose Use the auto-build command to create a cluster automatically.

Syntax auto-build [ recover ]

Parameters recover Establishes communication with all the member devices again.

Example Set up a cluster automatically.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z[S4200G] cluster[S4200G-cluster] auto-build


■ Cluster view

Description This command can be executed on a candidate device or a management device.

When you use this command on a candidate device, you are required to input a cluster name to create a cluster. Then the cluster collects candidates through NTDP and adds them to the cluster upon your confirmation.

When you use this command on a management device, the system will collect candidates directly.

Argument recover is used to recover a cluster. Using the auto-build recover command, you can find the members that left the member list and add them to the cluster again.

Note:

Ensure that NTDP is enabled, because it is the basis of candidate and member collection. The collection range is also decided through NTDP. You can use the hop command to modify the collection range.

If a member is configured with an enable-password different from the password of the management device, it cannot be added to a cluster automatically.

44 ● auto-execute command 3Com Switch 4200G Family Command Reference

auto-execute command

Purpose Use the auto-execute command command to set the command that is executed automatically after a user logs in.

Use the undo auto-execute command command to disable the specified command from being automatically executed

Syntax auto-execute command text

undo auto-execute command

Parameters text Specifies that the command be run automatically.

Default By default, auto-execute is disabled.

Example Configure the telnet 10.110.100.1 command to be executed automatically after users log into VTY 0.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] user-interface vty0[S4200G-ui-vty0] auto-execute command telnet 10.110.100.1



Description Normally, the telnet command is specified to be executed automatically to enable the user to Telnet to a specific network device automatically.

CAUTION:

■ The auto-execute command command may cause you unable to perform common configuration in the user interface, so use it with caution.

■ Before executing the auto-execute command command and save your configuration, make sure you can log into the switch in other modes and cancel the configuration.

3Com Switch 4200G Family binary ● 45 Command Reference

binary

Purpose Use the binary command to specify that files be transferred in binary mode. That is, data is transferred in binary streams.

Syntax binary

Parameters None



Specify to transfer files in binary mode.

[ftp] binary200 Type set to I.


■ FTP Client view

46 ● black-list add-mac 3Com Switch 4200G Family Command Reference

black-list add-mac

Purpose Use the black-list add-mac command to add a device into the blacklist.

Syntax black-list add-mac mac-address

Parameters mac-address The MAC address of the device that will be added into the blacklist, in the format of H-H-H.

Example Add a device into the blacklist.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z[S4200G] cluster[S4200G-cluster] black-list add-mac 0ec0-fc00-0001


■ Cluster view

Description This command can be executed only on the management device.

3Com Switch 4200G Family black-list delete-mac ● 47 Command Reference

black-list delete-mac

Purpose Use the black-list delete-mac command to delete a device from the blacklist.

Syntax black-list delete-mac { all | mac-address }

Parameters mac-address The MAC address of the device that will be deleted from the blacklist, in the format of H-H-H.

Example Delete a device from the blacklist.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z[S4200G] cluster[S4200G-cluster] black-list delete-mac 0ec0-fc00-0001

Delete all the devices from the blacklist.

[S4200G-cluster] black-list delete-mac all


■ Cluster view


48 ● boot attribute-switch 3Com Switch 4200G Family Command Reference

boot attribute-switch

Purpose Use the boot attribute-switch command to switch between the main and backup attribute for all the files or a specified type of files. This changes a file with the main attribute to one with the backup attribute, or vice versa.

Syntax boot attribute-switch { all | app | configuration | web }

Parameters all Specifies all files, including App, configuration, and Web files.

app Specifies App files.

configuration Specifies configuration files.

web Specifies Web files.

Example Switch the attributes of all the files on the switch.

<S4200G>boot attribute-switch all The boot, web and configuration file's backup-attribute and main-attribute will exchange. Are you sure? [Y/N]Before pressing ENTER you must choose 'YES' or 'NO'[Y/N]:y The boot, web and configuration file's backup-attribute and main-attribute exchanged successfully on unit 1!


■ User view

Description This command changes a file with the main attribute to one with the backup attribute, or vice versa.

Note:

■ An app file is an executable file, with bin as the extension.

■ A configuration file is used to store and restore configuration, with cfg as the extension.

■ A Web files is used for Web-based network management, with web as the extension.

3Com Switch 4200G Family boot boot-loader ● 49 Command Reference

boot boot-loader

Purpose Use the boot boot-loader command to configure an app file to be of the main attribute. The app file specified by this command becomes the main startup file when the device starts the next time.

Syntax boot boot-loader file-url

Parameters file-url Path name or file name of an App file in the flash memory, consisting of a character string from 1 to 64 characters long.

Example Configure the file named boot.bin to be of the main attribute.

<S4200G>boot boot-loader boot.binThe specified file will be booted next time on unit 1!


■ User view

Description The app file specified by this command becomes the main startup file when the device starts the next time.

CAUTION:

Make sure the app file to be specified as the most preferred startup file exists before executing this command.

50 ● boot boot-loader 3Com Switch 4200G Family Command Reference

boot boot-loader

Purpose Use the boot boot-loader command to specify the host software that will be adopted when the current switch or a specified switch in the fabric reboots next time.

Syntax boot boot-loader [ backup-attribute ] { file-url | device-name }

Parameters backup-attribute Sets the specified file to a backup file.

file-url Path name or file name of an App file in the flash memory, consisting of a character string from 1 to 64 characters long.

device-name File name, beginning with a device name in the form of unit[NO.]>flash, used to save the specified file to the Flash memory of a specified switch.

Example Specify the host software that will be adopted when the current switch reboots next time.

<S4200G> boot boot-loader PLATV100R002B09D002.binThe specified file will be booted next time on unit 1!<S4200G>


■ User view

Description You can use this command to specify a .bin file in the Flash memory as the host software to be adopted at reboot.

3Com Switch 4200G Family boot boot-loader backup-attribute ● 51 Command Reference

boot boot-loader backup-attribute

Purpose Use the boot boot-loader backup-attribute command to configure an app file to be of the backup attribute.

Syntax boot boot-loader backup-attribute file-url

Parameters file-url Path name or file name of an App file in the flash memory, consisting of a character string from 1 to 64 characters long.

Example Configure the file named backup.bin to be of the backup attribute.

<S4200G>boot boot-loader backup-attribute backup.bin Set boot file backup-attribute successfully on unit 1!


■ User view

Description The app file specified by this command becomes the backup startup file when the device starts up the next time. When the main startup file is unavailable, the backup startup file is used to start the switch.

CAUTION:

Make sure the app file to be specified as the backup startup file exists before executing this command.

52 ● boot bootrom 3Com Switch 4200G Family Command Reference

boot bootrom

Purpose Use the boot bootrom command to update the BootROM.

Syntax boot bootrom { file-url | device-name }

Parameters file-path File path and file name of Bootrom. This is a .btm file in the Flash memory.

device-name File name, beginning with a device name in the form of unit[NO.]>flash, used to save the specified file to the Flash memory of a specified switch.

Example Update the BootROM of the switch.

<S4200G> boot bootrom S4200G.btm


■ User view

3Com Switch 4200G Family boot web-package ● 53 Command Reference

boot web-package

Purpose Use the boot web-package command to configure a Web file to be of the main or backup attribute.

Syntax boot web-package webfile { backup | main }

Parameters webfile Name of a Web file, consisting of a character string from 5 to 127 characters long.

main Specifies the file to be of the main attribute.

backup Specifies the file to be of the backup attribute.

Example Configure the Web file named boot.web to be of the main attribute.

<S4200G>boot web-package http.web main


■ User view

Description CAUTION:

■ Make sure the Web file which the webfile argument identifies exists before executing this command.

■ The configuration of the main or backup attribute of a Web file takes effect immediately without restarting the device.

54 ● broadcast-suppression 3Com Switch 4200G Family Command Reference

broadcast-suppression

Purpose Use the broadcast-suppression command to define the broadcast traffic ratio allowed on one port or each of the ports.

Use the undo broadcast-suppression command to restore the default ratio.

Syntax broadcast-suppression { ratio | pps max-pps }

undo broadcast-suppression

Parameters ratio Specifies the allowed maximum ratio of the broadcast traffic to the total bandwidth on one or each port. Valid values for this argument are 1 to 100 (in increments of 1). The smaller the value of this argument, the smaller the allowed-to-pass broadcast traffic is. If not specified, the default is 100.

max-pps Maximum number of broadcast packets allowed to pass through each Ethernet port per second. Valid values are 200 to 14881000 in pps.

Default By default, broadcast suppression is disabled.

Example Allow the broadcast traffic passing through the Ethernet1/0/1 port to occupy at most 20% of the bandwidth.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface ethernet1/0/1[S4200G-Ethernet1/0/1] broadcast-suppression 20


■ System view

Description Once broadcast traffic exceeds the value set by the user, the system maintains an appropriate broadcast traffic ratio by discarding the overflow traffic, so as to suppress broadcast storm, avoid network congestion, and ensure normal network services.

3Com Switch 4200G Family build ● 55 Command Reference

build

Purpose Use the build command to configure a cluster with the current switch as the management device. Argument name specifies the name of the cluster.

Use the undo build command to configure the current management device as a candidate.

Syntax build name

undo build

Parameters name Cluster name with no more than 8 characters, including only alphanumeric characters, subtraction sign “-” and/or underline “_”.

Default By default, a switch is not a management device.

Example Configure the current switch to be a management device and specify the cluster name to be 3COM.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z[S4200G] cluster[S4200G-cluster] build 3COM


■ Cluster view

Description After a cluster is created, the device on which the command is executed becomes the management device and is assigned a member number of 0.

Executed this command on a management-capable device that does not belong to any clusters. Running this command on a cluster member will fail. If the current switch is already the management device of a cluster, whose name is different from that specified in the command, the command will only set the name of the cluster to the new one.

The member number of a management device is 0.

56 ● bye 3Com Switch 4200G Family Command Reference

bye

Purpose Use the bye command to terminate the connection to the remote SFTP server and return to system view.

Syntax bye

Parameters None

Example Terminate the connection to the remote SFTP server (assume that the server IP address is 10.1.1.2).

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] sftp 10.1.1.2sftp-client> bye[S4200G]


■ SFTP Client view

Description This command has the same function as the exit and quit commands.

3Com Switch 4200G Family bye ● 57 Command Reference

bye

Purpose Use the bye command to terminate the control connection and data connection with the remote FTP server and quit to user view.

Syntax bye

Parameters None



Terminate the connections with the remote FTP server and quit to user view.

[ftp] bye<S4200G>


■ FTP Client view

Description This command has the same effect as that of the quit command.

58 ● cd 3Com Switch 4200G Family Command Reference

cd

Purpose Use the cd command to change the current path on the remote SFTP server.

Syntax cd [ remote-path ]

Parameters remote-path Name of a path on the server. If you do not specify the remote-path argument, the current path is displayed.

Example Change current path to new1.

sftp-client> cd new1Current Directory is:flash:/new1



Description You can use the cd.. command to return to the upper level directory.

You can use the cd / command to return to the root directory of the system (that is, flash:/).

3Com Switch 4200G Family cd ● 59 Command Reference

cd

Purpose Use the cd command to enter a specified directory on the Ethernet switch.

Syntax cd directory

Parameters directory The target directory, comprised of a string from 1 to 142 characters long.

Default The default directory is the root directory of Flash.

Example Enter the directory named flash.

<S4200G> cd flash:<S4200G> pwdflash:


■ User view

60 ● cd 3Com Switch 4200G Family Command Reference

cd

Purpose Use the cd command to change the work path on the remote FTP server.

Syntax cd pathname

Parameters pathname The path name.



Change the work directory to flash:/temp.

[ftp] cd flash:/temp


■ FTP Client view

Description You can only use this command to enter authorized directories.

3Com Switch 4200G Family cdup ● 61 Command Reference

cdup

Purpose Use the cdup command to return to the upper directory.

Syntax cdup

Parameters None

Example Return to the upper directory.

sftp-client> cdup



62 ● cdup 3Com Switch 4200G Family Command Reference

cdup

Purpose Use the cdup command to enter the parent directory.

Syntax cdup

Parameters None



Enter the parent directory.

[ftp] cdup


■ FTP Client view

3Com Switch 4200G Family check region-configuration ● 63 Command Reference

check region-configuration

Purpose Use the check region-configuration command to display the configurations of the MST regions that are not activated.

Some of the region names included are:

■ revision level

■ VLAN mapping table

Syntax check region-configuration

Parameters None

Example To display the configuration of an MST region, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp region-configuration [S4200G-mst-region] check region-configurationAdmin Configuration Format selector :0 Region name :00e0fc005100-EI Revision level :0

Instance Vlans Mapped 0 1 to 9, 11 to 4094 16 10


■ MST Region view

Description You can use this command to find the MST region the switch currently belongs to or check to see whether or not the MST region-related configuration is correct.

MSTP-enabled switches are in the same region only when they have the same MST region-related configuration. A switch cannot be in a respected region if any one of the above three MST region-related settings does not be consistent with that of another switch in the region.

Table 3 Description on the fields of the check region-configuration command

Field Description

Format selector Selector specified by MSTP

Region name Name of the MST region

Revision level Revision level of the MST region

Instance Vlans Mapped Spanning tree instance-to-VLAN mappings in the MST region

64 ● check region-configuration 3Com Switch 4200G Family Command Reference

Related Commands ■ instance

■ region-name

■ revision-level


■ active region-configuration

3Com Switch 4200G Family clock datetime ● 65 Command Reference

clock datetime

Purpose Use the clock datetime command to set the current system time and date.

Syntax clock datetime time date

Parameters time Specifies the current time in HH:MM:SS format. Valid values for HH are 0 to 23. Valid values for MM and SS are 0 to 59. If not specified, the default is 23:55:52.

date Specifies the current year in MM/DD/YYYY or YYYY/MM/DD format. Valid values for YYYY are 2000 to 2099. Valid values for MM are 1 to 12. Valid values for DD are 1 to 31. If not specified, the default is 2000/4/1.

Example Set the current date and time of the Ethernet switch to 0:0:0 2001/01/01.

<S4200G> clock datetime 0:0:0 2001/01/01


■ User view

Related Command display clock

66 ● clock summer-time 3Com Switch 4200G Family Command Reference

clock summer-time

Purpose Use the clock summer-time command to set the name, time range, and offset of the daylight saving time.

Use the undo clock summer-time command to cancel the setting.

Syntax clock summer-time zone-name { one-off | repeating } start-time start-date end-time end-date offset-time

undo clock summer-time

Parameters zone-name Name of the daylight saving time, consisting of a character string 1 to 32 characters long.

one-off Sets the daylight saving time for only one year (the specified year).

repeating Sets the daylight saving time for every year starting from the specified year.

start-time Start time of the daylight saving time, in the format of HH:MM:SS.

start-date Start date of the daylight saving time, in the format of YYYY/MM/DD or MM/DD/YYYY.

end-time End time of the daylight saving time, in the format of HH:MM:SS.

end-date End date of the daylight saving time, in the format of YYYY/MM/DD or MM/DD/YYYY.

offset-time Offset of the daylight saving time relative to (ahead of) the standard time, in the format of HH:MM:SS.

Example Set the summer time named abc1, which starts from 06:00:00 2005/08/01, ends until 06:00:00 2005/09/01, and is one hour ahead of the standard time.

<S4200G> clock summer-time abc1 one-off 06:00:00 08/01/2005 06:00:00 09/01/2005 01:00:00

Set the summer time named abc2, which starts from 06:00:00 08/01, ends until 06:00:00 09/01, and is one hour ahead of the standard time every year from 2005 on.

<S4200G> clock summer-time abc2 repeating 06:00:00 08/01/2005 06:00:00 09/01/2005 01:00:00


■ User view

3Com Switch 4200G Family clock summer-time ● 67 Command Reference

Description After the setting, you can use the display clock command to check the result.

68 ● clock timezone 3Com Switch 4200G Family Command Reference

clock timezone

Purpose Use the clock timezone command to set local time zone information.

Use the undo clock timezone command to return to the default, which is Universal Time Coordinated (UTC).

Syntax clock timezone zone_name { add | minus } HH:MM:SS

undo clock timezone

Parameters zone_name Specifies the name of the time zone, which may be up to 32 characters long.

add Specifies that time is ahead of UTC.

minus Specifies that time is behind UTC.

HH:MM:SS Specifies the time difference between the time zone and UTC.

Example To set the local time zone as zone 5, and configure the local time to be 5 hours ahead of UTC, enter the following:

<S4200G>clock timezone z5 add 05:00:00


■ User view

Description Use the display clock command to check the summer time settings.

Related Command clock summer-time

3Com Switch 4200G Family close ● 69 Command Reference

close

Purpose Use the close command to terminate an FTP connection without quitting FTP client view.

Syntax close

Parameters None



Terminate the FTP connection without quitting FTP client view.

[ftp] close221 Server closing.[ftp]


■ FTP Client view

Description The close command has the same effect as that of the disconnect command.

70 ● cluster 3Com Switch 4200G Family Command Reference

cluster

Purpose Use the cluster command to enter cluster view.

Syntax cluster

Parameters None

Example Enter cluster view.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z[S4200G] cluster[S4200G-cluster]


■ System view

3Com Switch 4200G Family cluster enable ● 71 Command Reference

cluster enable

Purpose Use the cluster enable command to enable the cluster function on a switch.

Use the undo cluster enable command to disable the cluster function on a switch.

Syntax cluster enable

undo cluster enable

Parameters None

Default By default, the cluster function is enabled on all the devices supporting cluster.

Example Enable the cluster function on a switch.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z[S4200G] cluster enable


■ System view

Description You need to create a cluster with the build command before using the cluster enable command on the management device.

These two commands can be used on any device supporting the cluster function. When you execute the undo cluster enable command on a management device, the cluster is removed, and the switch stops operating as a management device. When you execute this command on a member device, the cluster function is disabled on the switch, and the switch quit the cluster. When you execute this command on a switch that belongs to no cluster, the cluster function is disabled on the switch.

72 ● cluster-local-user 3Com Switch 4200G Family Command Reference

cluster-local-user

Purpose Use the cluster-local-user command to configure a Web username and password for all cluster members.

Use the undo cluster-local-user command to remove the Web user configuration configured for all cluster members.

Syntax cluster-local-user username passward { cipher | simple } passwordstring

undo cluster-local-user username

Parameters username Specifies the username of a WEB user, consisting of a string from 1 to 55 characters long.

passwordstring Specifies the password of the WEB user, consisting of a string from 1 to 55 characters long.

Default By default, no Web user is configured.

Example Configure a Web user on the master switch.

[3Com_0.S4200G-cluster]cluster-local-user WEB0001 passward cipher 123456

Remove a Web user on the master switch.

[3Com_0.S4200G-cluster]undo cluster-local-user WEB0001


■ Cluster view

Description ■ This command can be executed only on master switches. The cluster-local-user command synchronizes the settings specified in it to all authenticated members, including those passing the authentication after the command is executed. The configuration applies to all the authenticated cluster members. You can configure only one such command.

■ This command is used to simplify user configuration. The Web username and password are configured for all the member devices of a cluster. This enables all the member switches in a cluster to login using the same Web username and password.

■ The configuration remains valid on a member device even if the latter quits the cluster.

3Com Switch 4200G Family cluster-mac ● 73 Command Reference

cluster-mac

Purpose Use the cluster-mac command to configure a multicast MAC address for cluster management. Run this command only on the management device only.

Syntax cluster-mac H-H-H

Parameters H-H-H Hexadecimal multicast MAC address, ranging 0180-C200-0000, 0180-C200-000A and 0180-C200-0020 to 0180-C200-002F.

Default By default, the cluster multicast MAC address is 0180-C200-000A.

Example Configure the multicast MAC address of the management device as 0180-C200-0028.

<aaa_0.S4200G> system-viewSystem View: return to User View with Ctrl+Z.[aaa_0.S4200G] cluster[aaa_0.S4200G-cluster] cluster-mac 0180-C200-0028


■ Cluster view

Description Multicast MAC addresses enable the member devices of a cluster to receive multicast information delivered by the management device, and thus multicast information sending function is implemented on the management device.

74 ● cluster-mac syn-interval 3Com Switch 4200G Family Command Reference

cluster-mac syn-interval

Purpose Use the cluster-mac syn-interval command to set the interval for the management device to send multicast packets. This command can be executed on the management device only.

Syntax cluster-mac syn-interval time-interval

Parameters time-interval Interval (in minutes) to send multicast packets.

Example Set the interval to send multicast packets to 1 minute.

<aaa_0.S4200G> system-viewSystem View: return to User View with Ctrl+Z.[aaa_0.S4200G] cluster[aaa_0.S4200G-cluster][aaa_0.S4200G-cluster] cluster-mac syn-interval 1


■ Cluster view

Description When the interval is set as 0, the management device does not send multicast packets to member devices.

3Com Switch 4200G Family cluster-snmp-agent community ● 75 Command Reference

cluster-snmp-agent community

Purpose Use the cluster-snmp-agent community command to configure a SNMP community for a cluster to enable SNMP access.

Use the undo cluster-snmp-agent community command to cancel the community name configuration

Syntax cluster-snmp-agent community { read | write } community-name [ mib-view view-name ]

undo cluster-snmp-agent community community-name

Parameters read Specifies that the SNMP community is a read-only community.

write Specifies that the SNMP community is a write-community.

community-name Community name, a string containing 1 to 27 characters.

view-name MIB view name, a string containing 1 to 32 characters. It is the MIB view that you can view. By default, the ViewDefault view is used.

Example In the cluster view of the master switch, set the community name to comaccess and set the community to be read-only.

[3Com_0.S4200G-cluster] cluster-snmp-agent community read comaccess

Set the community name to comacceswr and set the community as a write-community.

[3Com_0.S4200G-cluster]cluster-snmp-agent community write comacceswr

Remove the community name comaccess.

[3Com_0.S4200G-cluster]undo cluster-snmp-agent community comaccess


■ Cluster view

Description If you have configured a community name the same as the one configured by this command, the current one replaces the one originally configured on a member switch.

By default, no SNMP community is set for a cluster

76 ● cluster-snmp-agent community 3Com Switch 4200G Family Command Reference

■ Use cluster-snmp-agent community and undo cluster-snmp-agent community commands in the cluster view of the master switch. You can configure only one SNMP community for a cluster.

■ The cluster-snmp-agent community command synchronizes the settings specified in it to all authenticated members, including those passing the authentication after the command is executed. The configuration applies to all the authenticated cluster members.


3Com Switch 4200G Family cluster-snmp-agent group v3 ● 77 Command Reference

cluster-snmp-agent group v3

Purpose Use the cluster-snmp-agent group command to configure a SNMP group for a cluster to map SNMP users to the SNMP view.

Use the undo cluster-snmp-agent group command to remove the SNMP group configured for a cluster.

Syntax cluster-snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [notify-view notify-view ]

undo cluster-snmp-agent group v3 group-name [ authentication | privacy ]

Parameters v3 Uses SNMPV3 security mode.

group-name Specifies the group name, consisting of a string from 1 to 32 characters long.

authentication Authenticates packets without encrypting.

privacy Authenticates and encrypts packets.

read-view Sets the read-only view.

read-view Specifies the read-only view name, consisting of a string from 1 to 32 characters long.

write-view Sets the write view.

write-view Specifies the write view name, consisting of a string from 1 to 32 characters long.

notify-view Sets the notify view.

notify-view Specifies the notify view name, consisting of a string from 1 to 32 characters long.

Default By default, no SNMP group is configured for a cluster.

Example Create an SNMP group named snmpgroup.

[3Com_0.S4200G-cluster]cluster-snmp-agent group v3 snmpgroup


■ Cluster view

Description Use this command in the cluster view of the master switch. You can configure only one SNMP group for a cluster.

78 ● cluster-snmp-agent group v3 3Com Switch 4200G Family Command Reference

This command applies to all the authenticated cluster members.

■ Use this command in the cluster view of the master switch. You can configure only one SNMP group for a cluster.

■ The cluster-snmp-agent group command synchronizes the settings specified in it to all authenticated members, including those passing the authentication after the command is executed. The configuration applies to all the authenticated cluster members. If you have configured a group name the same as the one configured by this command, the current one replaces the one originally configured on a member switch.


Related Command snmp-agent group v3

3Com Switch 4200G Family cluster-snmp-agent mib-view included ● 79 Command Reference

cluster-snmp-agent mib-view included

Purpose Use the cluster-snmp-agent mib-view command to create or update the information about the MIB view configured for a cluster.

Use the undo cluster-snmp-agent mib-view command to remove the information about the MIB view configured for a cluster.

Syntax cluster-snmp-agent mib-view included view-name oid-tree

undo cluster-snmp-agent mib-view view-name

Parameters view-name Specifies the view name, consisting of a string from 1 to 32 characters long. The default view name is ViewDefault.

oid-tree Specifies the MIB object sub-tree. It can be OID or a variable name, containing 1 to 255 characters.

included Displays the MIB view containing SNMP attribute.

Default The default MIB view of a cluster is ViewDefault, in which the sub-tree with OID being 1 (that is, iso) can be accessed.

Example Create a view named "mib2" that contains all objects of mib-2.

[3Com_0.S4200G-cluster]cluster-snmp-agent mib-view included mib2 1.3.6.1.2.1

Remove mib-view named mib2.

[3Com_0.S4200G-cluster]undo cluster-snmp-agent mib-view mib2


■ Cluster view

Description ■ Use this command in the cluster view of a master switch. You must configure this command manually. By default, this command is not configured. You can configure only one such command.

■ The cluster-snmp-agent mib-view command synchronizes the settings specified in it to all authenticated members, including those passing the authentication after the command is executed. The configuration applies to all the authenticated cluster members.


80 ● cluster-snmp-agent mib-view included 3Com Switch 4200G Family Command Reference

■ At present, for the cluster-snmp-agent mib-view included and undo cluster-snmp-agent mib-view commands, both OID and node name are supported.

Related Command snmp-agent mib-view included

3Com Switch 4200G Family cluster-snmp-agent usm-user v3 ● 81 Command Reference

cluster-snmp-agent usm-user v3

Purpose Use the cluster-snmp-agent usm-user v3 command to add an account to the SNMPV3 group configured for a cluster.

Use the undo cluster-snmp-agent usm-user v3 command to remove an account from the SNMPV3 group configured for a cluster.

Syntax cluster-snmp-agent usm-user v3 username groupname [ authentication-mode { md5 | sha } authpassstring [ privacy-mode { des56 privpassstring } ] ]

undo cluster-snmp-agent usm-user v3 username groupname

Parameters v3 Uses V3 security mode.

username Specifies the username, consisting of a string from 1 to 32 characters long.

groupname Specifies the name of the SNMP group the user corresponds to, consisting of a string from 1 to 32 characters long.

authentication-mode Performs authentication.

md5 Uses MD5 authentication. The key used in MD5 is 128 bits in length. MD5 is faster than SHA.

sha Uses SHA authentication. The key used in SHA is 160 bits in length. SHA is slower than MD5 but is more secure.

authpassstring Authentication password consisting of a string from 1 to 16 characters long for a plain-text password or a string consisting of 1 to 24 characters for a ciphertext password.

privacy-mode Adopts encryption mode.

des56 Uses DES encryption protocol.

privpassstring Encryption password consisting of a string from 1 to 16 characters long for a plain-text password or a string consisting of 1 to 24 characters for a ciphertext password.

Default By default, no SNMPV3 account is configured for a cluster.

Example Add a user named "wang" to the SNMP group named "3Com", with authentication enabled, authentication protocol set to MD5, and authentication password set to "pass".

[3Com_0.S4200G-cluster] cluster-snmp-agent usm-user v3 wang 3Com authentication-mode md5 pass

82 ● cluster-snmp-agent usm-user v3 3Com Switch 4200G Family Command Reference


■ Cluster view

Description ■ Use the cluster-snmp-agent usm-user v3 and undo cluster-snmp-agent usm-user v3 commands in the cluster view of a master switch. You can configure only one such command.

■ The cluster-snmp-agent usm-user v3 command synchronizes the settings specified in it to all authenticated members, including those passing the authentication after the command is executed. The configuration applies to all the authenticated cluster members. If you have configured a user name the same as the one configured by this command, the original name is changed.


3Com Switch 4200G Family cluster switch-to ● 83 Command Reference

cluster switch-to

Purpose Use the cluster switch-to command to switch between the management device and member devices for configuration and management.

Syntax cluster switch-to { member-number | mac-address H-H-H | administrator }

Parameters member-number Member number of a switch in a cluster, ranging from 0 to 255.

mac-address H-H-H MAC address of a member device.

administrator Redirects from a member device to the management device.

Example Switch from the management device to the member device numbered 6 and then switch back to the management device.

<aaa_0.S4200G> cluster switch-to 6<aaa_6.S4200G> quit<aaa_0.S4200G>


■ User view

Description You can manage member devices in a cluster through the management device, on which you can switch to member view to configure or manage specified member devices, and then switch back to the management device.

Authentication is required when you switch from the management device to a member device. Upon passing the member device authentication, the switchover is allowed. If the password of the member device is different from that of the management device, the switchover is rejected.

The view is inherited from the management device when you switch to a member device from the management device. For example, the user view remains unchanged after you switch from the management device to a member device.

Authentication is also required when you switch from a member device to the management device. After passing the authentication, the system will enter user view automatically.

When you execute this command on the management device, if the specified member number n does not exist, an error message appears. Enter quit to stop the switchover operation.

84 ● cluster switch-to sysname 3Com Switch 4200G Family Command Reference

cluster switch-to sysname

Purpose Use the cluster switch-to sysname command to switch between the master device and a member device.

Syntax cluster switch-to sysname membersysname

Parameters membersysname System name of a member device, consisting of a string from 1 to 30 characters long.

Example Switch to the member switch with the system name being abc (assuming that the member number of the switch is 6) and then switch back to the master device by executing the quit command.

<3Com_0.S4200G>cluster switch-to sysname abc<3Com_6.S4200G>quit<3Com_0.S4200G>

Enter the member switch with the member number of 5 (assuming that member devices numbered 5 and 6 share the system name of switch).

<Cluster_0.S4200-3rd>dis cluster membersSN Device MAC Address Status Name

0 Switch4200G 12-Port 0016-e01f-7100 Admin Cluster_1.4200-3rd 1 Switch4200G 12-Port 0016-e01f-7180 UP Cluster_1.4200-2nd To connect to a member:

<Cluster_0.S4200-3rd>cluster switch-to-sysname 4200-2nd Trying ... Press CTRL +K to abort Connected ... . . .<Cluster_1.4200-2nd>


■ User view

Description This command can be executed only on master switches.

■ You can manage member devices through the master device. You can switch to a specific member device from the master device to manage the member device and then switch back to the master device.

■ When you execute this command, an error occurs if the member device to switch to does not exist. Enter “quit” to stop switching.

■ Authentication is performed when you switch to a member device. If the authentication succeeds, you can switch to the member device; otherwise, the switch fails.

3Com Switch 4200G Family cluster switch-to sysname ● 85 Command Reference

■ When you switch to a member device, the user level remains the same. For example, if you are in user view when switching to a member device, you are in user view after switching to the member device.

■ Authentication is also performed when you switch back to the master device. Once the authentication succeeds, you are in user view of the master device automatically.

86 ● command-privilege level 3Com Switch 4200G Family Command Reference

command-privilege level

Purpose Use the command-privilege level command to set the level of the specified command in a specified view.

Use the undo command-privilege view command to restore the level of the specified command in the specified view to the default.

Syntax command-privilege level level view view command

undo command-privilege view view command

Parameters level Command Level. Valid values are 0 to 3.

view Command view. This argument can be any command view the switch supports.

command The command to be specified.

Default By default, the ping, tracert, and telnet commands are at the visit level (level 0); the display and debugging commands are at the monitor level (level 1); all configuration commands are at the system level (level 2); and FTP/TFTP/XModem and file system related commands are at the manage level (level 3).

Example Specify the interface command in system view to be of level 0.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] command-privilege level 0 view system interface


■ System view

Description Commands fall into four command levels: visit, monitor, system, and manage, which are identified as 0, 1, 2, and 3, respectively. The administrator can change the level of a command to enable users of specific level to utilize the command.

3Com Switch 4200G Family copy ● 87 Command Reference

copy

Purpose Use the copy command to copy a file.

Syntax copy fileurl-source fileurl-dest

Parameters fileurl-source Path name or file name of the source file in the Flash, a string comprising 1 to 142 characters.

fileurl-dest Path name or file name of the destination file in the Flash, a string comprising 1 to 142 characters.

Example Copy the file named test.txt as the file named test.bak.

<S4200G> copy test.txt test.bakCopy flash:/test/test.txt to flash:/test/test.bak ?[confirm]:y% Copyed file flash:/test/test.txt flash:/test/test.bak

Copy the file from flash:/vrpcfg.cfg into flash:/test/1.cfg.

<S4200G> copy flash:/vrpcfg.cfg flash:/test/1.cfgCopy unit1>flash:/vrpcfg.cfg to unit1>flash:/test/1.cfg?[Y/N]:y..%Copy file unit1>flash:/vrpcfg.cfg to unit1>flash:/test/1.cfg...Done.


■ User view

Description If the fileurl-dest argument identifies an existing file, the system prompts you for the confirmation to overwrite the existing file.

88 ● copy configuration 3Com Switch 4200G Family Command Reference

copy configuration

Purpose Use the copy configuration command to copy the configuration of a specific port to other ports, to ensure consistent configuration.

Syntax copy configuration source { interface-type interface-number | aggregation-group source-agg-id } destination { interface-list [ aggregation-group destination-agg-id ] | aggregation-group destination-agg-id }

Parameters interface-type Source port type.

interface-number Source port number.

source-agg-id Source aggregation group number. Valid values are 1 to 208. The port with the smallest port number in the aggregation group is used as the source port.

interface-list Destination port list, interface-list1 = { interface-type interface-number } [ to interface-type interface-number ] &<1-10>. &<1-10> indicates that the former parameter can be input 10 times repeatedly at most.

destinatin-agg-id Destination aggregation group number. Valid values are 1 to 208.

Note:

■ If you specify the source aggregation group ID, the system uses the port with the smallest port number in the aggregation group as the source.

■ If you specify the destination aggregation ID, the configuration of the source port will be copied to all ports in the aggregation group.

■ The port that is in an aggregation group will be removed from the destination ports, that is, copy configuration cannot take effect on this port. If you need the port to keep consistent configuration with the source port, you should configure the aggregation group to which the port belongs as destination parameter.

■ The port that is enabled Voice VLAN feature will be removed from the destination ports, that is, copy configuration cannot take effect on this port.

Example Copy the configuration of aggregation group 1 to all ports in aggregation group 2.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] copy configuration source aggregation-group 1 destination aggregation-group


■ System view

3Com Switch 4200G Family cut connection ● 89 Command Reference

cut connection

Purpose Use the cut connection command to cut the connection a user or a category of users by force.

This command cannot cut the connections of Telnet and FTP users.

Syntax cut connection { all | access-type { dot1x | mac-authentication } | domain isp-name | interface interface-type interface-number | ip ip-address | mac mac-address | radius-scheme radius-scheme-name | vlan vlan-id | ucibindex ucib-index | user-name user-name }

Parameters all Cuts down all connection.

access-type{ dot1x | mac authentication } Configures to cut a category of connections according

to logon type.

■ dot1x specifies the 802.1x users.

■ mac authentication specifies the centralized MAC address authentication users.

domain isp-name Specifies the user connections to cut using the ISP domain. isp-name specifies the ISP domain name. The isp-name is a character string up to 24 characters inlength. The specified ISP domain must exist.

mac mac-address Specifies to the connections to cut using the MAC address. mac-address is specifies in the hexadecimal format (H-H-H).

radius-scheme radius-scheme-name Specifies the connections to cut according to RADIUS

server name. radius-scheme-name specifies the RADIUS server name with a character string up to 32 characters in length.

interface interface-type interface-number Specifies the connections to cut according to the port.

interface-type is the port type and interface-number is the port number.

ip ip-address Specifies the connections to cut according to IP address. ip-address is in the hexadecimal format (ip-address).

vlan vlan-id Specifies the connection to cut according to VLAN ID. vlan-id ranges from 1 to 4094.

ucibindex ucib-index Specifies the connections to cut according to ucib-index. Theucib-index ranges from 0 to 1047.

user-name user-name Specifies the connections to cut according to user name. user-name is a character string up to

90 ● cut connection 3Com Switch 4200G Family Command Reference

80 characters in length. The string cannot include the following characters:

■ /

■ :

■ *

■ ?

■ <

■ >

The @ character can only be used once in one username. The pure username (the characters before the @, namely the user ID) cannot exceed 55 characters and the domain name (the characters behind the @) cannot be longer than 24 characters.

Example To cut all user connections in the ISP domain named aabbcc.net.

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] cut connection domain aabbcc.net


■ System view

Related Command display connection

3Com Switch 4200G Family data-flow-format ● 91 Command Reference

data-flow-format

Purpose Use the data-flow-format command to set the units of measure for the data flow sent to the RADIUS Server.

Use the undo data-flow format command to restore the default unit of measure.

Syntax data-flow-format data { byte | giga-byte | kilo-byte | mega-byte } packet { giga-packet | kilo-byte | mega-byte | one-packet }

undo data-flow format

Parameters data Sets the unit of measure for data.

byte Specifies to measure data in bytes.

giga-byte Specifies to measure data in gigabytes.

kilo-byte Specifies to measure data in kilobytes.

mega-byte Specifies to measure data in megabytes.

packet Sets the unit of measure for packets.

giga-packet Specifies to measure packets in giga-packets.

kilo-packet Specifies to measure packets in kilo-packets.

mega-packet Specifies to measure packets in mega-packets.

one-packet Specifies to measure packets in packets.

Default By default, the unit of measure for data is byte and that for packets is one-packet.

Example To specify to measure data and packets in data flows sent to RADIUS server in kilobytes and kilo-packets respectively. enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] data-flow-format data kilo-byte packet kilo-packet



Description By default, the data unit is byte and the data packet unit is one-packet.

92 ● data-flow-format 3Com Switch 4200G Family Command Reference

Related Command display radius

3Com Switch 4200G Family databits ● 93 Command Reference

databits

Purpose Use the databits command to set the databits for the user interface.

Use the undo databits command to revert to the default data bits.

Syntax databits { 7 | 8 }

undo databits

Parameters 7 Sets the data bits to 7.

8 Sets the data bits to 8. If no value is specified, 8 is the default.

Example Set the data bits to 7.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] user-interface aux0[S4200G-ui-aux0] databits 7



Description This command can only be performed in the AUX user interface view.

94 ● debugging 3Com Switch 4200G Family Command Reference

debugging

Purpose Use the debugging command to enable the system debugging.

Use the undo debugging command to disable the system debugging.

Syntax debugging

undo debugging

Parameters None



Enable system debugging.

[ftp] debuggingDebug is on.


■ User view

3Com Switch 4200G Family debugging ● 95 Command Reference

debugging

Purpose Use the debugging command to enable the system debugging.

Use the undo debugging command to disable the system debugging.

Syntax debugging module-name [ debugging-option ]

undo debugging { all | module-name [ debugging-option ] }

Parameters all Disables all the debugging.

module-name Specifies the module name.

debugging-option Debugging option.

Default By default, all the debugging processes are disabled.

Example Enable IP Packet debugging.

<S4200G> debugging ip packetIP packet debugging switch is on.The above command output indicates that the IP packet debugging is enabled.


■ User view

Description Enabling debugging will generate a great deal of debugging information and thus will affect the efficiency of the system. Therefore, it is recommended not to enable debugging for multiple functional modules at the same time. The undo debugging all command brings great convenience for you to disable all debugging at a time instead of disabling them one by one.

Related Command display debugging

96 ● debugging arp packet 3Com Switch 4200G Family Command Reference

debugging arp packet

Purpose Use the debugging arp packet command to enable ARP debugging.

Use the undo debugging arp packet command to disable the corresponding ARP debugging.

Syntax debugging arp packet

undo debugging arp packet

Parameters error Specifies to enable ARP error debugging.

info Specifies to enable ARP mapping table and information management debugging.

packet Specifies to enable ARP packet debugging.

Description By default, undo ARP debugging is disabled.

Example To enable ARP packet debugging, enter the following:

<S4200G> debugging arp packet*0.946169229 5100_5 ARP/8/arp_send:- 1 -Send an ARP Packet, operation : 1, sender_eth_addr : 000f-e20f-c415, sender_ip_addr : 31.31.31.5, target_eth_addr : 0000-0000-0000, target_ip_addr : 31.31.31.1 *0.946169473 5100_5 ARP/8/arp_rcv:- 1 -Receive an ARP Packet, operation : 2, sender_eth_addr : 00e0-fc00-1751, sender_ip_addr : 31.31.31.1, target_eth_addr : 000f-e20f-c415, target_ip_addr : 31.31.31.5


■ User view

Related Commands ■ arp static

■ display arp

Table 4 Output description of the debugging arp packet command

Field Description

operation Type of ARP packets: ■ 1 ARP request packet

■ 2 ARP reply packet

sender_eth_addr Source MAC address

sender_ip_addr Source IP address

target_eth_addr MAC address of the target. For an ARP request packets, it is all zeros. This field is set to the target MAC address in the ARP reply packets.

target_ip_addr Target IP address

3Com Switch 4200G Family debugging dhcp client ● 97 Command Reference

debugging dhcp client

Purpose Use the debugging dhcp client command to enable debugging for the DHCP client/BOOTP client.

Use the undo debugging dhcp client command to disable debugging output.

Syntax debugging dhcp client { all | error | event | packet }

undo debugging dhcp client { all | error | event | packet }

Parameters all Enables all types of debugging for dynamic host configuration protocol (DHCP) client.

error Enables debugging for DHCP client error messages (including the information about unidentified packets).

event Enables debugging for DHCP client events (including address allocation and data update).

packet Enables debugging for packets received/transmitted by a DHCP client.

Default By default, all DHCP client debugging is disabled.

Example Enable debugging for DHCP client events.

<S4200G> debugging dhcp client event


■ User view

98 ● debugging dhcp-relay 3Com Switch 4200G Family Command Reference

debugging dhcp-relay

Purpose Use the debugging dhcp-relay command to enable DHCP relay debugging.

Use the undo debugging dhcp-relay command to disable DHCP relay debugging.

Syntax debugging dhcp-relay

undo debugging dhcp-relay

Parameters None

Default By default, DHCP relay debugging is disabled.

Example Enable DHCP relay debugging.

<S4200G> debugging dhcp-relay*0.7200205-DHCP-8-dhcp_debug:From client to server:Interface: VLAN-Interface 1ServerGroupNo: 0Type: dhcp-requestClientHardAddress: 0010-dc19-695d ServerIpAddress: 192.168.1.2

*0.7200230-DHCP-8-dhcp_debug:From server to client:Interface: VLAN-Interface 1ServerGroupNo: 0Type: dhcp-ackClientHardAddress: 0010-dc19-695d AllocatedIpAddress: 10.1.1.1

*0.7200580-DHCP-8-largehop:Discard DHCP request packet because of too large hop count!

*0.7200725-DHCP-8-invalidpkt:Wrong DHCP packet!

Table 5 Description on the fields of the debugging dhcp-relay command

Field Description

Interface VLAN interface carrying the DHCP relay function

ServerGroupNo DHCP server group number of the DHCP relay

Type DHCP packet type of the DHCP relay

ClientHardAddress MAC address of the DHCP client

ServerIpAddress IP address of the DHCP server

AllocatedIpAddress IP address assigned to the DHCP client

3Com Switch 4200G Family debugging dhcp-relay ● 99 Command Reference


■ User view

Related Commands ■ dhcp-server ip

■ dhcp-server

■ display dhcp-server

■ display dhcp-server interface vlan-interface

100 ● debugging DLDP 3Com Switch 4200G Family Command Reference

debugging DLDP

Purpose Use the debugging dldp command to enable specific debugging for DLDP on all ports with DLDP enabled.

Use the undo debugging dldp command to disable debugging for DLDP on all ports with DLDP enabled.

Syntax debugging dldp { error | neighbor | packet | state } }

undo debugging dldp { error | neighbor | packet | state }

Parameters error Debugging for DLDP error.

neighbor Debugging for DLDP neighbor.

packet Debugging for DLDP packets.

state Debugging for the DLDP status on ports.

Default By default, DLDP debugging is disabled.

Example Enable debugging for DLDP error.

<S4200G> debugging dldp error


■ User view

3Com Switch 4200G Family debugging ntp-service ● 101 Command Reference

debugging ntp-service

Purpose Use the debugging ntp-service command to debug different NTP (network time protocol) services.

Use the undo debugging ntp-service command to disable corresponding debugging function.

Syntax debugging ntp-service { access | adjustment | all | authentication | event | filter | packet | parameter | refclock | selection | synchronization | validity }

undo debugging ntp-service { access | adjustment | all | authentication | event | filter | packet | parameter | refclock | selection | synchronization | validity }

Parameters access NTP access control debugging.

adjustment NTP clock adjustment debugging.

all All NTP debugging functions.

authentication NTP authentication debugging.

event NTP event debugging.

filter NTP filter information debugging.

packet NTP packet debugging.

parameter NTP clock parameter debugging.

refclock NTP reference clock debugging.

selection NTP clock selection information debugging.

synchronization NTP clock synchronization information debugging.

validity NTP remote host validity debugging

Default By default, no debugging function is enabled.

Example Enable NTP access control debugging.

<S4200G>debugging ntp-service access


■ User view

102 ● debugging radius 3Com Switch 4200G Family Command Reference

debugging radius

Purpose Use the debugging radius command to enable the debugging for RADIUS protocol.

Use the undo debugging radius command to disable the debugging for RADIUS protocol.

Syntax debugging radius packet

undo debugging radius packet

Parameters packet Enables packet debugging.

Default By default, the debugging for RADIUS protocol is disabled.

Example To enable the debugging for RADIUS protocol, enter the following:

<S4200G> debugging radius packet


■ User view

3Com Switch 4200G Family debugging snmp-agent ● 103 Command Reference

debugging snmp-agent

Purpose Use the debugging snmp-agent command to enable SNMP Agent debugging.

Use the undo debugging snmp-agent command to cancel the current setting.

Syntax debugging snmp-agent { header | packet | process | trap }

undo debugging snmp-agent { header | packet | process | trap }

Parameters header Configures SNMP packet header debugging.

packet Configures SNMP packet debugging.

process Configures SNMP packet process debugging.

trap Configures Trap packet debugging.

Default By default, SNMP Agent debugging is disabled.

Example Enable SNMP packet header debugging.<S4200G> debugging snmp-agent header


■ User view

Description This command enables or disables SNMP Agent debugging.

104 ● debugging udp-helper 3Com Switch 4200G Family Command Reference

debugging udp-helper

Purpose Use the debugging udp-helper command to enable UDP Helper debugging.

Use the undo debugging udp-helper command to disable UDP Helper debugging.

Syntax debugging udp-helper { event | packet [ receive | send ] }

undo debugging udp-helper { event | packet [ receive | send ] }

Parameters event UDP Helper event debugging.

packet UDP Helper packet debugging.

receive UDP Helper inbound packet debugging.

send UDP Helper outbound packet debugging.

Default By default, UDP Helper debugging is disabled.

Example To enable UDP Helper packet debugging, enter the following:

<SW4200G>debugging udp-helper packet


■ User view

3Com Switch 4200G Family delete ● 105 Command Reference

delete

Purpose Use the delete command to delete a specified file stored on a switch.

Syntax delete [ /unreserved ] file-url

delete { running-files | standby-files } [ /unreserved ]

Parameters /unreserved Deletes a file completely.

file-url Path or the file name of a file in the Flash, a string comprising 1 to 142 characters. You can use the "*" character in this argument as a wildcard. For example, the delete *.txt command deletes all the files with txt as their extensions.

running-files Specifies all the files with the main attribute.

standby-files Specifies all the files with the backup attribute.

Example Delete the file test/test.txt in the local unit.

<S4200G>delete test/test.txtDelete unit1>flash:/test/test.txt?[Y/N]:y.%Delete file unit1>flash:/test/test.txt...Done.

Delete the files that are of the main attribute.

<S4200G>delete running-files Delete the running files ? [Y/N]:yStart deleting .......... Unit1 delete success! %Apr 4 11:25:40:973 2000 S4200G VFS/6/OPLOG:- 1 - Unit1 delete success!Deleting ... done


■ User view

Description Use the delete command to delete a specified file stored on a switch.

If you execute the delete command with the /unreserved keyword specified, the specified file is completely deleted. (That is, the file cannot be restored.)

If you execute the delete command with the /unreserved keyword not specified, the specified file is moved to the recycle bin. Following are the notes on deleted files:

■ The dir command cannot display the information about deleted files.

■ To display the information about deleted files, use the dir /all command.

106 ● delete 3Com Switch 4200G Family Command Reference

■ To restore a deleted file, use the undelete command.

■ To delete the files in the recycle bin, use the reset recycle-bin command.

You can also use the delete command to delete files by file attribute. The delete running-file command deletes all the files with the main attribute, and the delete standby-file command deletes all the files with the backup attribute.

CAUTION:

For deleted files whose names are the same, only the latest deleted file can be restored.

3Com Switch 4200G Family delete ● 107 Command Reference

delete

Purpose Use the delete command to delete the specified file from the server.

Syntax delete remote-file

Parameters remote-file Name of a file on the server.

Example Delete file temp from the server.

sftp-client> delete temp.c



Description This command has the same function as the remove command.

108 ● delete 3Com Switch 4200G Family Command Reference

delete

Purpose Use the delete command to delete the specified remote file.

Syntax delete remotefile

Parameters remotefile File name.


<S4200G> ftp 2.2.2.2 Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(none):switch331 Give me your password, please Password:***** 230 Logged in successfully [ftp]

Delete the file named temp.c.

[ftp] delete temp.c250 DELE command successful.


■ FTP Client view

3Com Switch 4200G Family delete-member ● 109 Command Reference

delete-member

Purpose Use the delete-member command to remove a member device from the cluster.

Syntax delete-member member-number


Example Remove the member device numbered 2 from the cluster.

<aaa_0.S4200G> system-viewSystem View: return to User View with Ctrl+Z.[aaa_0.S4200G] cluster[aaa_0.S4200G-cluster][aaa_0.S4200G-cluster] delete-member 2


■ Cluster view

Description This command can be performed on the management device only. Otherwise, an error message will appear.

110 ● delete static-routes all 3Com Switch 4200G Family Command Reference

delete static-routes all

Purpose Use the delete static-routes all command to delete all the static routes.

Syntax delete static-routes all

Parameters None

Example Delete all the static routes in the router.

<SW4200G>system-viewSystem View: return to User View with Ctrl+Z.[SW4200G]delete static-routes allAre you sure to delete all the static routes?[Y/N]


■ System view

Description The system requests your confirmation before it deletes all the configured static routes.

Related Commands ■ ip route-static

■ display ip routing-table

3Com Switch 4200G Family description ● 111 Command Reference

description

Purpose Use the description command to enter a description of an Ethernet port.

Use the undo description command to cancel the description.

Syntax description text

undo description

Parameters text Specifies a description of the Ethernet port. The description may be up to 80 characters long.

Default By default, an Ethernet port does not have a description.

Example Set the description of port Ethernet1/0/1 to be lanswitch-interface.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]interface ethernet 1/0/1[S4200G-Ethernet1/0/1]description lanswitch-interface[S4200G-Ethernet1/0/1]



112 ● description 3Com Switch 4200G Family Command Reference

description

Purpose Use the description command to assign a description string for the VLAN.

Use the undo description command to restore the default description string.

Syntax description string

undo description

Parameters string Description string to be assigned to a VLAN. This value is a string comprising 1 to 32 characters. The default description string of a VLAN is its VLAN ID, such as "VLAN 0001".

Example To give VLAN 1 the description “RESEARCH”, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] vlan 1[S4200G-vlan1] description research


■ VLAN view

3Com Switch 4200G Family description ● 113 Command Reference

description

Purpose Use the description command to assign a description string to a VLAN or a VLAN interface.

Use the undo description command to restore the default description string.

Syntax description string

undo description

Parameters string Specifies a description of the current VLAN or VLAN interface.

■ The description of a VLAN may be up to 32 characters and defaults to the ID of the VLAN (for example, VLAN 0001).

■ The description of a VLAN interface may be up to 80 characters and defaults to the name of the VLAN interface (for example, Vlan-interface1 Interface).

Example To configure VLAN 2 to be the management VLAN and give of the description “RESEARCH” to the VLAN 2 interface, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] vlan 2[S4200G-vlan2] quit[S4200G] management-vlan 2[S4200G] interface vlan-interface 2[S4200G-Vlan-interface2] description RESEARCH


■ VLAN view


114 ● description 3Com Switch 4200G Family Command Reference

description

Purpose Use the description command to define the description information of an ACL to describe the specific purpose of the ACL.

Use the undo description to delete the description information of an ACL.

Syntax description text undo description

Parameters text Description information of the ACL, a string of up to 127 characters.

Example Define the description information of ACL 3100.

<S4200G> system-view[S4200G] acl number 3100[S4200G-acl-adv-3100] description This acl is used in eth 0

Delete the description information of ACL 3100.

[S4200G-acl-adv-3100] undo description


■ Basic ACL view

■ Advanced ACL view

■ Layer 2 ACL view

3Com Switch 4200G Family dhcp relay information enable ● 115 Command Reference

dhcp relay information enable

Purpose Use the dhcp relay information enable command to enable option 82 supporting on a DHCP relay, through which you can enable the DHCP relay to insert option 82 into DHCP request packets sent to a DHCP server.

Use the undo dhcp relay information enable command to disable option 82 supporting on a DHCP relay, through which you can disable the DHCP relay from inserting option 82 into DHCP request packets sent to a DHCP server.

Syntax dhcp relay information enable

undo dhcp relay information enable

Parameters None

Default By default, this function is disabled.



Enable option 82 supporting on a DHCP relay.

[S4200G] dhcp relay information enable

Disable option 82 supporting on a DHCP relay.

[S4200G] undo dhcp relay information enable


■ System view

Related Command dhcp relay information strategy

116 ● dhcp relay information strategy 3Com Switch 4200G Family Command Reference

dhcp relay information strategy

Purpose Use the dhcp relay information strategy command to instruct a DHCP relay to perform specified operations to DHCP request packets that carry option 82.

Use the undo dhcp relay information strategy command to instruct a DHCP relay to perform the default operations to DHCP request packets that carry option 82.

Syntax dhcp relay information strategy { drop | keep | replace }

undo dhcp relay information strategy

Parameters drop Specifies to discard the DHCP request packets that carry option 82.

keep Specifies to remain the DHCP request packets that carry option 82 unchanged.

replace Specifies to replace the option 82 carried by a DHCP request packet with that of the DHCP relay.

Default By default, the DHCP relay replaces the option 82 carried by a DHCP request packet with its own option 82.



Instruct the DHCP relay to discard the DHCP request packets that carry option 82.

[S4200G] dhcp relay information strategy drop

Instruct the DHCP relay to perform the default operations to DHCP request packets that carry option 82.

[S4200G] undo dhcp relay information strategy


■ System view

Related Command dhcp relay information enable

3Com Switch 4200G Family dhcp-security static ● 117 Command Reference

dhcp-security static

Purpose Use the dhcp-security static command to configure a static user address entry.

Use the undo dhcp-security command to remove one or all user address entries, or all user address entries of a specified type.

Syntax dhcp-security static ip-address mac-address

undo dhcp-security { ip-address | all | dynamic | static }

Parameters ip-address User IP address.

mac-address User MAC address.

all Removes all user address entries.

dynamic Removes dynamic user address entries.

static Removes static user address entries.


<S4200G> system-viewSystem View: return to User View with Ctrl+Z

Configure a user address entry for the DHCP server group, with the user IP address being 1.1.1.1 and the user MAC address being 0005-5D02-F2B3.

[S4200G] dhcp-security static 1.1.1.1 0005-5D02-F2B3


■ System view

Related Command display dhcp-security

118 ● dhcp-server 3Com Switch 4200G Family Command Reference

dhcp-server

Purpose Use the dhcp-server command to map the current VLAN interface to a DHCP server group.

Use the undo dhcp-server command to cancel the mapping.

Syntax dhcp-server groupNo

undo dhcp-server

Parameters groupNo DHCP server group number. Valid values for this argument are 0 to 19.

Examples Enter system view.


Enter VLAN 1 interface view.

[S4200G] interface vlan-interface 1

Specify that VLAN 1 interface corresponds to DHCP server group 1.

[S4200G-Vlan-interface1] dhcp-server 1



Related Commands ■ dhcp-server ip



■ debugging dhcp-relay

3Com Switch 4200G Family dhcp-server ip ● 119 Command Reference

dhcp-server ip

Purpose Use the dhcp-server ip command to configure the DHCP server IP address(es) in a specified DHCP server group.

Use the undo dhcp-server command to remove all DHCP server IP addresses in a DHCP server group.

Syntax dhcp-server groupNo ip ip-address1 [ ipaddress-list ]

undo dhcp-server groupNo

Parameters groupNo DHCP server group number. Valid values are 0 to 19.

ipaddress-1 IP address of DHCP server 1 in the DHCP server group.

ipaddress-list IP addresses of other DHCP servers in the DHCP server group. You can provide up to seven other DHCP sever IP addresses.

Examples Enter system view.


Configure three DHCP server IP addresses 1.1.1.1, 2.2.2.2, and 3.3.3.3 for DHCP server group 1, so that this group contains three DHCP servers (server 1, server 2 and server 3).

[S4200G] dhcp-server 1 ip 1.1.1.1 2.2.2.2 3.3.3.3


■ System view

Related Commands ■ dhcp-server


■ debugging dhcp-relay

120 ● dir 3Com Switch 4200G Family Command Reference

dir

Purpose Use the dir command to display the information about the specified files or directories on a switch.

Syntax dir [ /all ] [ file-url ]

Parameters /all Displays the information about all the files, including those in the recycle bin.

file-url Path name or the name of a file in the Flash, a string comprising 1 to 142 characters. You can specify multiple files by inserting the "*" character as wildcards in this argument. For example, the dir *.txt command displays the information about all the files with the extension of txt in the current directory.

Example Display the information about all the normal files in the root directory of the file system on the local unit.

<S4200G> dirDirectory of unit1>flash:/ 1 (*) -rw- 5792495 Apr 02 2000 00:06:50 s5100.bin 2 (*) -rw- 1965 Apr 01 2000 23:59:13 3comoscfg.cfg 3 -rw- 5841301 Apr 02 2000 21:42:13 s5100d8.bin 4 -rw- 224 Apr 02 2000 01:36:30 s5100d9.bin 5 -rw- 279296 Apr 02 2000 00:22:01 test.abc15367 KB total (3720 KB free)(*) -with main attribute (b) -with backup attribute(*b) -with both main and backup attribute

Display the information about all the files in the root directory of the file system, including the files in the recycle bin.

<S4200G> dir /all Directory of unit1>flash:/ 1 (*) -rw- 5792495 Apr 02 2000 00:06:50 s5100.bin 2 -rwh 4 Apr 01 2000 23:55:26 snmpboots 3 -rwh 151 Apr 02 2000 00:05:53 private-data.txt 4 (*) -rw- 1965 Apr 01 2000 23:59:13 3comoscfg.cfg 5 -rw- 5841301 Apr 02 2000 21:42:13 s5100d8.bin 6 -rw- 224 Apr 02 2000 01:36:30 s5100d9.bin 7 -rw- 279296 Apr 02 2000 00:22:01 test.abc 8 -rw- 2370 Apr 02 2000 02:49:12 [1.cfg]15367 KB total (3720 KB free)Directory of unit2>flash:/ 0 -rwh 4 Apr 01 2000 23:55:24 snmpboots1 (*) -rw- 4724347 Apr 01 2000 23:59:45 s5100.bin 2 (*) -rw- 1475 Apr 01 2000 23:59:53 3comoscfg.cfg 3 -rw- 1737 Apr 02 2000 00:46:21 cfg.cfg 4 -rw- 279296 Apr 02 2000 00:21:55 love.rar 5 -rw- 428 Apr 02 2000 13:07:11 hostkey 6 -rwh 151 Apr 01 2000 23:58:39 private-data.txt

3Com Switch 4200G Family dir ● 121 Command Reference

7 -rw- 572 Apr 02 2000 13:07:20 serverkey 8 -rw- 1589 Apr 02 2000 00:58:20 1.cfg15367 KB total (10475 KB free)(*) -with main attribute (b) -with backup attribute(*b) -with both main and backup attribute

Display the information about all the files whose names begin with the character t (including those in the recycle bin) in the local directory unit1>flash:/test/.

<S4200G>dir /all test/t*Directory of unit1>flash:/test/ 0 -rw- 279296 Apr 04 2000 14:45:19 test.txt15367 KB total (3720 KB free)(*) -with main attribute (b) -with backup attribute(*b) -with both main and backup attribute


■ User view

Description In the output information, files with the main, backup or main/backup attribute are tagged. This command supports the wildcard of "*".

Note: In the output information of the dir /all command, deleted files (that is, those in the recycle bin) are embraced in brackets.


dir

Purpose Use the dir command to query specified files.

Syntax dir [ filename [ localfile ] ]

Parameters filename Name of the file to be queried.

localfile Name of the local file where the query result is to be saved.



Display the information about all the files in the current directory.

[ftp] dir200 PORT command okay7 File Listing Follows in ASCII mode-rwxrwxrwx 1 noone nogroup 430585 Dec 21 2004 4.bin-rwxrwxrwx 1 noone nogroup 430585 Dec 21 2004 5.bin-rwxrwxrwx 1 noone nogroup 430585 Dec 23 2004 6. bin-rwxrwxrwx 1 noone nogroup 430585 Dec 21 2004 6. bin.bak-rwxrwxrwx 1 noone nogroup 638912 Nov 15 2004 abc.BTMdrwxrwxrwx 1 noone nogroup 0 Dec 15 2004 TEST-rwxrwxrwx 1 noone nogroup 3212176 Jul 14 2004 21.bin226 Transfer finished successfully.FTP: 5346 byte(s) received in 6.782 second(s) 788.00 byte(s)/sec.

Display the information about the file named 4.app and save the output information in the file named temp1.

[ftp] dir 4.app temp1200 PORT command okay150 File Listing Follows in ASCII mode-rwxrwxrwx 1 noone nogroup 430585 Dec 21 2004 4. bin226 Transfer finished successfully.FTP: 70 byte(s) received in 0.122 second(s) 573.00 byte(s)/sec.


■ FTP Client view

3Com Switch 4200G Family dir ● 123 Command Reference

Description The output information includes the name, size and creation time of a file in the current directory.

If you do not specify the filename argument, the information about all the files in the current directory is displayed.


dir

Purpose Use the dir command to display the files in the specified directory.

Syntax dir [ remote-path ]

Parameters remote-path Name of the intended directory.

If the remote-path argument is not specified, the files in the current directory are displayed.

Example Display the files in directory flash:/.

sftp-client> dir flash:/-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 vrpcfg.cfg-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1drwxrwxrwx 1 noone nogroup 0 Sep 28 08:18 new2-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:30 pub2



Description This command has the same function as the ls command.

3Com Switch 4200G Family disconnect ● 125 Command Reference

disconnect

Purpose Use the disconnect command to terminate a FTP connection without quitting FTP client view.

Syntax disconnect

Parameters None


<S4200G> ftp 2.2.2.2 Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(none):switch 331 Give me your password, please Password: 230 Logged in successfully [ftp]

Terminate the FTP connection without quitting FTP Client view.

[ftp] disconnect221 Server closing.[ftp]


■ FTP Client view

Description The disconnect command has the same effect as that of the close command.

126 ● display acl 3Com Switch 4200G Family Command Reference

display acl

Purpose Use the display acl command to view the detailed configuration information of an ACL, including each rule and its number as well as the number and size in bytes of the data packets that match the statement.

Syntax display acl { all | acl-number }

Parameters all Displays all ACLs.

acl-number Specifies the number of the ACL to be displayed. Valid values are 2000 to 4999.

Example Display the contents of all ACLs.

<S4200G> display acl allBasic ACL 2000, 0 rule, match-order is autoAcl's step is 1

Advanced ACL 3000, 1 ruleAcl's step is 1 rule 1 permit ip (0 times matched)


■ Any view

Description The matched times displayed by this command are software matched times, namely, the matched times of the ACL to be processed by the Switch CPU. You can use the traffic-statistic command to calculate the matched times of hardware during packet-forwarding

3Com Switch 4200G Family display am user-bind ● 127 Command Reference

display am user-bind

Purpose Use the display am command to view whether address management is enabled and to display IP address pool configuration.

Syntax display am user-bind [ interface interface-type interface-number | mac-addr ip-addr]

Parameters interface Displays the binding information of a specified interface.

interface-type Specifies the interface type.

interface-number Specifies the interface number.

mac-addr Displays the binding information of the MAC address

ip-addr Displays the binding information of the IP address.

Example Display the information about port binding.

<S4200G> display am user-bindFollowing User address bind have been configured: Mac IP Port 0001-0001-0001 1.2.3.4 GigabitEthernet1/0/1 Unit 1:Total 1 found, 1 listed.

Total: 1 found.


■ Any view

Description By checking the output of this command, you can verify the current configuration.

128 ● display arp 3Com Switch 4200G Family Command Reference

display arp

Purpose Use the display arp command to display the ARP mapping table entries by entry type, or by a specified IP address.

Syntax display arp [ ip-address | [ dynamic | static ] | { begin | include | exclude } text

Parameters ip-address Specifies the IP address. The ARP mapping entries containing the IP address are to be displayed.

dynamic Displays the dynamic ARP entries in the ARP mapping table.

static Displays the static ARP entries in the ARP mapping table.

begin Specifies to start displaying from the first ARP entry that contains the specified character string text.

include Displays only the ARP entries that contain the specified character string text.

exclude Displays only the ARP entries that do not contain the specified character string text.

text Displays the ARP entries that contain this user-defined character string.

Example To display the ARP entries from the first ARP mapping entry that contains the string 1, enter the following:

<S4200G> display arp | begin 1 Type: S-Static D-DynamicIP Address MAC Address VLAN ID Port Name / AL ID Aging Type1.1.1.9 0010-5ce1-1ae6 1 GigabitEthernet1/0/12 17 D1.1.1.11 000f-1f9b-8ab2 1 GigabitEthernet1/0/1 18 D--- 2 entries found ---

Example2 To display all ARP entries in the mapping table, enter the following:

<S4200G> display arpIP Address MAC Address VLAN ID Port Name/AL ID Aging Type 10.1.1.2 00e0-fc01-0102 N/A N/A N/A Static 10.110.91.175 0050-ba22-6fd7 1 GigabitEthernet1/0/1 20 Dynamic

--- 2 entries found ---


■ Any view

3Com Switch 4200G Family display arp ● 129 Command Reference

Related Commands ■ arp static


■ reset arp

130 ● display arp count 3Com Switch 4200G Family Command Reference

display arp count

Purpose Use the display arp count command to display the number of the specified type of ARP mapping entries.

Syntax display arp count [ [ dynamic | static ] | { begin | include | exclude } text | ip-address ]

Parameters dynamic Counts the dynamic ARP mapping entries.

static Counts the static ARP mapping entries.

begin Counts the ARP mapping entries from the first ARP entry that contains the string given by the text argument.

Include Counts the ARP mapping entries that contain the string given by the text argument.

exclude Counts the ARP mapping entries that do not contain the string given by the text argument.

text Specifies the string used to filtered ARP mapping entries.

ip-address Specifies the IP address. The ARP mapping entries containing the IP address are to be counted in.

Default If no optional parameter is specified, the number of all types of ARP mapping entries is displayed.

Example To display the number of all types of ARP mapping entries, enter the following:

<S4200G> display arp count 1 entry found


■ Any view

Related Command ■ arp static


■ reset arp

3Com Switch 4200G Family display arp timer aging ● 131 Command Reference

display arp timer aging

Purpose Use the display arp timer aging command to view the current setting of the dynamic ARP aging timer.

Syntax display arp timer aging

Parameters None

Example To display the current setting of the ARP aging timer, enter the following:

<S4200G> display arp timer agingCurrent ARP aging time is 20 minute(s)(default)


■ Any view

Related Command arp timer aging

132 ● display boot-loader 3Com Switch 4200G Family Command Reference

display boot-loader

Purpose Use the display boot-loader command to display the information about the app startup files of a switch, including the current app startup file name, the main and backup app startup files to be used when the switch starts the next time.

Syntax display boot-loader [ unit unit-id ]

Parameters unit unit-id Unit ID of a switch.

Example Display the information about the app startup files of unit 1.

[S4200G]display boot-loader unit 1Unit 1 The current boot app is: S4200G.bin The main boot app is: S4200G.bin The backup boot app is: S4200G.bin


■ Any view

3Com Switch 4200G Family display boot-loader ● 133 Command Reference

display boot-loader

Purpose Use the display boot-loader command to display the host software (.bin file) that will be adopted when the switch reboots.

Syntax display boot-loader

Parameters None

Example Display the host software that will be adopted when the switch reboots.

<S4200G>display boot-loader

Unit 1:

The current boot app is: S4200G.bin

The main boot app is: S4200G.bin

The backup boot app is:


■ Any view

Table 6 Description on the fields of the display boot-loader command

Field Description

The current boot app is Current boot file of the system

The main boot app is Main boot file of the system

The backup boot app is Backup boot file of the system

134 ● display bootp client 3Com Switch 4200G Family Command Reference

display bootp client

Purpose Use the display bootp client command to display BOOTP client-related information, including the MAC address of the BOOTP client and the IP address obtained.

Syntax display bootp client [ interface vlan-interface vlan-id ]

Parameters vlan-id VLAN interface ID.

Example Display the BOOTP client-related information.

<S4200G> display bootp client interface vlan-interface 1Vlan-interface1:Allocated IP: 169.254.0.2 255.255.0.0Transaction ID = 0x3d8a7431Mac Address 00e0-fc0a-c3ef


■ Any view

Table 7 Description on the fields of the display bootp client command

Field Description

Vlan-interface1 VLAN interface 1 is configured to obtain an IP address through BOOTP.

Allocated IP IP address allocated to VLAN interface 1

Transaction ID Value of the XID field in BOOTP packets

Mac Address MAC address of the BOOTP client

3Com Switch 4200G Family display brief interface ● 135 Command Reference

display brief interface

Purpose Use the display brief interface command to display the configuration information about one specific or all ports in brief, including the port type, connection state, connection rate, duplex attribute, link type and default VLAN ID.

Syntax display brief interface [ interface-type interface-number ] [ | { begin | include | exclude } string ]

Parameters interface-type Port type.

interface-number Port number.

| Uses regular expression to specify the details in the port configuration information fields, so as to specify which port information entries will be displayed.

begin There is a port information field beginning with the specified character (string).

include There is a port information field containing the specified character (string).

exclude There is no port information field containing the specified character (string).

string A character string from 1 to 256 characters long.

Example Display the brief configuration information about the Ethernet1/0/3 port.

<S4200G> display brief interface ethernet 1/0/3Interface Link Speed Duplex Link-type PVID Ethernet1/0/3 DOWN auto auto access 1


■ Any view

Table 8 Description on the fields of the display brief interface command

Field Description

Interface Port type

Link Link state UP or DOWN

Speed Link rate

Duplex Duplex attribute

Link-type Link type access, hybrid or trunk

PVID Default VLAN ID

136 ● display brief interface 3Com Switch 4200G Family Command Reference

Description This command functions similarly to the display interface command but displays the port information in brief.

Currently, for a non-Ethernet port, the system only displays its connection state and displays "--" in other configuration information fields.

Related Command display interface

3Com Switch 4200G Family display channel ● 137 Command Reference

display channel

Purpose Use the display channel command to display the details about the information channel.

Syntax display channel [ channel-number | channel-name ]

Parameters channel-number Channel number, ranging from 0 to 9, corresponding to the 10 channels of the system.

channel-name Channel name, which can be channel6, channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent or trapbuffer.

Example Display the settings of information channel 0.

<S4200G> display channel 0channel number:0, channel name:consoleMODU_IDNAME ENABLE LOG LEVEL ENABLE TRAP LEVELENABLEDEBUGGING LEVELffff0000all Y warning Y debuggingYdebugging


■ Any view

Description Without a parameter, the display channel command shows the configurations of all the channels.

138 ● display clock 3Com Switch 4200G Family Command Reference

display clock

Purpose Use the display clock command to display the current date and time of the system, so that you can adjust them if they are wrong.

Syntax display clock

Parameters None

Example View the current system date and time.

<S4200G> display clock 18:36:31 beijing Sat 2002/02/02 Time Zone : beijing add 01:00:00 Summer-Time : bj one-off 01:00:00 2003/01/01 01:00:00 2003/08/08 01:00:00


■ Any view

Related Commands ■ clock datetime

■ clock summer-time

■ clock timezone

Field Description

18:36:31 beijing Sat 2002/02/02

Current date and time of the system

Time Zone Configured time zone information

Summer-Time Configured summer time information

3Com Switch 4200G Family display cluster ● 139 Command Reference

display cluster

Purpose Use the display cluster command to display the state and basic configuration information of the cluster that contains the current switch.

Syntax display cluster

Parameters None

Example Display cluster information (assuming that the current switch is a management device).

<S4200G> display clusterCluster name:"123"Role:AdministratorManagement-vlan:1(default vlan)

Handshake timer:10 secHandshake hold-time:60 secIP-Pool:33.33.33.1/29cluster-mac:0180-c200-000aNo logging host configuredNo SNMP host configuredNo FTP server configuredNo TFTP server configured

5 member(s) in the cluster, and 0 of them down.

Display cluster information (assuming that the current switch is a member device).

<S4200G> display clusterCluster name:"123"Role:MemberMember number:4Management-vlan:1(default vlan)

cluster-mac:0180-c200-000aHandshake timer:10 secHandshake hold-time:60 sec

Administrator device mac address:00e0-fc00-1751Administrator status:Up

Table 9 Description of cluster status and statistics

Field Description

Cluster name Name of the cluster

Role Cluster role of the switch

Member number Member number of the switch

Handshake timer Value of handshake timer

Handshake hold-time Value of handshake hold-time

140 ● display cluster 3Com Switch 4200G Family Command Reference


■ Any view

Description When being executed on a member device, this command displays the information such as cluster name, member number of the current switch, the MAC address and state of the management device, holdtime, and the interval to send packets.

When being executed on a management device, this command displays the information such as cluster name, the number of the member devices in the cluster, cluster state, holdtime and the interval to send packets.

Errors occur if you execute this command on a switch that does not belong to any cluster.

Administrator device mac address

MAC address of management device

Administrator status State of the management device

Table 9 Description of cluster status and statistics (continued)

Field Description

3Com Switch 4200G Family display cluster base-topology ● 141 Command Reference

display cluster base-topology

Purpose Use the display cluster topology command to display the standard topology view of the cluster.

Syntax display cluster base-topology [ mac-address mac-address | member-id member-number ]

Parameters mac-address Specifies a node according to a MAC address.

member-number Specifies the starting member number in the topology display.

Example Display the standard topology information of the cluster.

<S4200G> display cluster base-topology


■ Any view

Description You can create a standard topology view by using the build or auto-build command or save the current topology view as a standard topology view by using the topology accept command. This command can be executed only on the management device.

142 ● display cluster black-list 3Com Switch 4200G Family Command Reference

display cluster black-list

Purpose Use the display cluster black-list command to display the current blacklist of the cluster.

Syntax display cluster black-list

Parameters None

Example Display the current blacklist of the cluster.

<S4200G Sysname> display cluster black-list Device ID Access Device ID Access port 00e0-fc00-0010 00e0-fc00-3550 Ethernet1/0/1


■ Any view

Description You can create a standard topology view by using the build or auto-build command or save the current topology view as a standard topology view by using the topology accept command. This command can be executed only on the management device.

Table 10 Description on the fields of the display cluster black-list command

Field Description

Device ID ID of a device

Access Device ID ID of an access device

Access port Access port

3Com Switch 4200G Family display cluster candidates ● 143 Command Reference

display cluster candidates

Purpose Use the display cluster candidates command to display candidate devices of a cluster.

Syntax display cluster candidates [ mac-address H-H-H | verbose ]

Parameters mac-address H-H-H MAC address of the candidate device.

verbose Displays the detailed information about the candidate device.

Example Display the information about all the candidate devices.

<aaa_0.S4200G> display cluster candidatesMAC HOP IP PLATFORM000f-cbb8-9528 1 31.31.31.56/24 S5126C00e0-fc00-3199 3 S5150C

Display the information about a specified candidate device.

<aaa_0.S4200G> display cluster candidates mac-address 00e0-fc61-c4c0Hostname : LSW1 MAC : 00e0-fc61-c4c0 Hop : 1Platform : Switch 4200GIP: 1.5.6.9/16

Display the detailed information about all the candidate devices.

<aaa_0.S4200G> display cluster candidates verbose Hostname : 5100-EI_4 MAC : 00e0-fc00-3199 Hop : 3 Platform : S5100-EI IP : Hostname : S4200G MAC : 000f-cbb8-9528 Hop : 1 Platform : S5100-EI IP : 31.31.31.56/24

Table 11 Description of candidate list information

Field Description

MAC MAC address of a candidate device

Hop Hops from a candidate device to the management device

IP IP address of a candidate device

Platform Platform of a candidate device

144 ● display cluster candidates 3Com Switch 4200G Family Command Reference


■ Any view

Description This command can only be performed on the management device.

Table 12 Description of detailed candidate list information

Field Description

Hostname Name of the candidate device

MAC MAC address of a candidate device

Hop Hops from a candidate device to the management device

IP IP address of a candidate device

Platform Platform of a candidate device

3Com Switch 4200G Family display cluster current-topology ● 145 Command Reference

display cluster current-topology

Purpose Use the display cluster current topology command to display the current topology view or the topology path between two points.

Syntax display cluster current-topology [ mac-address mac-address [ to-mac-address mac-address ] | member-id member-number [ to-member-id member-number ]]

Parameters member-number Specifies the starting member number in the topology display or the member numbers a the starting point and ending point of a path.

mac-address Specifies a node according to a MAC address.

Example Display the current topology information of the cluster.

<123.Sysname> display cluster current-topology-------------------------------------------------------------------- (PeerPort) ConnectFlag (NativePort) [SysName:DeviceMac]--------------------------------------------------------------------ConnectFlag: <--> normal connect ---> odd connect **** in blacklist ???? lost device ++++ new device -||- STP discarding--------------------------------------------------------------------[123.abc:00e0-fc50-4200G] | |--(P_1/4)<-->(P_1/4)[123.abc1:00e0-fc00-3580] | | | |--(P_1/8)????(P_1/8)[00e0-fc00-5150] | |--(P_1/6)????(P_1/6)[00e0-fc00-5700]

Table 13 Description on the fields of the display cluster current-topology command

Field Description

PeerPort Port of the peer device

ConnectFlag Connection flag

NativePort Local port

SysName System name of the device

normal connect Normal connection

odd connect Unidirectional connection

in blacklist in the blacklist

lost device Lost device

new device Newly added device

STP discarding STP block

146 ● display cluster current-topology 3Com Switch 4200G Family Command Reference


■ Any view


3Com Switch 4200G Family display cluster members ● 147 Command Reference

display cluster members

Purpose Use the display cluster members command to display the information about cluster members.

Syntax display cluster members [ member-number | verbose ]

Parameters member-number Member number in the cluster, ranging from 0 to 255.

verbose Displays the detailed information about all the devices in a cluster.

Example Display the information about all the devices in the cluster.

<123_0.5100-EI_1> display cluster membersSN Device MAC Address Status Name0 S5100-EI 00e0-fc00-1751 Admin 123_0.5100-EI_12 S5100-EI 00e0-fc00-3199 Up 123_2.5100-EI_43 3Com S3528P 00e0-fd00-0043 Up 123_3.QX-S3528P4 S5100-EI 00e0-fc00-2579 Up 123_4.5100-EI_25 S5100-EI 000f-e20f-c415 Up 123_5.5100-EI_5

Display the detailed information about the management device and all member devices.

<123_0.5100-EI_1> display cluster members verboseMember number:0Name:123_0.5100-EI_1Device:S5100-EIMAC Address:00e0-fc00-1751Member status:AdminHops to administrator device:0IP: 31.31.31.1/24Version:3Com Versatile Routing Platform SoftwareVRP (tm) Software, Version 3.10Copyright (c) 2002-2005 By 3ComS5100-EI 5100-EI-001Member number:2Name:123_2.5100-EI_4Device:S5100-EIMAC Address:00e0-fc00-3199Member status:UpHops to administrator device:3

Table 14 Description of displayed information

Field Description

SN Member number

Device Device type

MAC Address MAC address of the device

Status State of a device

Name Name of a device

148 ● display cluster members 3Com Switch 4200G Family Command Reference

IP: 31.31.31.4/24Version:3Com Versatile Routing Platform SoftwareVRP (tm) Software, Version 3.10Copyright (c) 2002-2005 By 3ComS5100-EI 5100-EI-001

Description of displayed information


■ Any view

Description This command can only be performed on the management device.

Table 15 Description of detailed displayed information

Field Description

Member number Device member number

Name Name of a device

Device Device type

MAC Address MAC address of a device

Member status State of a device

Hops to administrator device

Hops from the current device to the management device

IP IP address of a device

Version Software version of the current device

3Com Switch 4200G Family display connection ● 149 Command Reference

display connection

Purpose Use the display connection command to view the information for a specified connection type.

Syntax display connection [ access-type { dot1x | mac-authentication } | domain isp-name | interface interface-type interface-number | ip ip-address | mac mac-address | radius-scheme radius-scheme-name | vlan vlan-id | ucibindex ucib-index | user-name user-name ]

Parameters access-type { dot1x | mac-authentication } Specifies the connections to display based on logon

type.

■ dot1x means the 802.1x users.

■ mac-authentication means the centralized mac address authentication users.

domain isp-name Specifies the connections to display according to ISP domain. isp-name specifies the ISP domain name with a character string up to 24 characters in length. The specified ISP domain must exist.

interface interface-type interface-number Specifies the connections to display according the port.

ip ip-address Specifies the connections to display according to IP address. ip-address is in the hexadecimal format (ip-address).

mac mac-address Specifies the connections to display according to MAC address. mac-address is in the hexadecimal format (H-H-H).

radius-scheme radius-scheme-name Specifies the connections to display according to

RADIUS scheme. radius-scheme-name specifies the RADIUS scheme with a character string up to 32 characters in length.

vlan vlan-id Specifies the connections to display using the VLAN ID. vlan-id ranges from 1 to 4094.

ucibindex ucib-index Specifies the connections to display using the ucib-index. The ucib-index ranges from 0 to 1047.

user-name user-name Specifies the connections to display using the user-name. The user-name is a character string up to 32 characters in length. The string cannot contain the following characters:

■ /

■ :

■ *

150 ● display connection 3Com Switch 4200G Family Command Reference

■ ?

■ <

■ >


Example Display information about all user connections.

<S4200G>display connection------------------unit 1------------------------On Unit 1: Total 0 connections matched, 0 listed.

Total 1 connections matched, 1 listed.

Display information about the user connection with index 0.

[S4200G]dis connection ucibindex 0Index=0 , Username=user1@systemMAC=000f-3d80-4ce5 , IP=192.168.0.3Access=8021X ,Auth=CHAP ,Port=Ether ,Port NO=0x10003001 Initial VLAN=1, Authorization VLAN=1ACL Group=DisableCAR=DisablePriority=DisableStart=2000-04-03 02:51:53 ,Current=2000-04-03 02:52:22 ,Online=00h00m29s On Unit 1:Total 1 connections matched, 1 listed. Total 1 connections matched, 1 listed.

Here, Port NO=0x10003001 means (by the binary bits):


■ Any view

Description The output can help with user connection diagnosis and troubleshooting.

If no parameter is specified, this command displays the related information about all connected users.

This command cannot display information about the connections of the FTP users.

Related Command cut connection

Table 16 Description of the Port NO field

31 to 28 27 to 24 23 to 20 19 to 12 11 to 0

UNIT ID Slot number Subslot number Port number VLAN ID

3Com Switch 4200G Family display cpu ● 151 Command Reference

display cpu

Purpose Use the display cpu command to display CPU usage of a specified switch.

Syntax display cpu [ unit unit-id ]

Parameters unit unit-id: Specify the Unit ID of the switch.

Example Display the CPU usage of this switch.

<S4200G>display cpuUnit 1Board 0 CPU busy status: 12% in last 5 seconds 12% in last 1 minute 12% in last 5 minutes


■ Any view

Table 17 Display information

Field Description

12% in last 5 seconds The CPU occupancy rate is 12% at last 5 seconds

12% in last 1 minute The CPU occupancy rate is 12% at last 1 minute

12% in last 5 minutes The CPU occupancy rate is 12% at last 5 minutes

152 ● display current-configuration 3Com Switch 4200G Family Command Reference

display current-configuration

Purpose Use the display current-configuration command to display the current configuration of a switch.

Syntax display current-configuration [ configuration [ configuration-type ] | interface [ interface-type ] [ interface-number ] | vlan [ vlan-id ] ] [ by-linenum ] [ | { begin | include | exclude } regular-expression ]

Parameters configuration Displays the specified type of configurations.

configuration-type Configuration type. You can select one of the following types:

■ isp: specifies the configuration of the internet service provider (ISP)

■ radius-template: specifies RADIUS template configuration

■ system: specifies the system configuration

■ user-interface: specifies user interface configuration

interface Displays the port configuration.

interface-type Interface type, which can be AUX, Ethernet, GigabitEthernet, or NULL.


vlan Displays the VLAN configuration.

vlan-id VLAN ID.

by-linenum Displays the number of each line.

| Uses a regular expression to filter the configurations of the device to be displayed.

begin Displays the configurations starting with the specified text (regular-expression).

include Displays the configurations that contain the specified text (regular-expression).

exclude Displays the configurations that do not contain the specified text (regular-expression).

regular-expression A Regular expression.

3Com Switch 4200G Family display current-configuration ● 153 Command Reference

Table 18 Special characters used in a regular expression

Display the currently valid configuration parameters on the Ethernet switch.

<S4200G> display current-configuration# sysname S4200G # radius scheme system # domain system # vlan 1 # vlan 2 # interface Vlan-interface2 # interface Aux1/0/0 # interface GigabitEthernet1/0/1 # interface GigabitEthernet1/0/2 # interface GigabitEthernet1/0/3 # interface GigabitEthernet1/0/4

Special Character Meaning Use

_ Underline. It is similar to a wildcard and can represent the following characters: (^|$|[,(){}]), space, start symbol and end symbol.

If the first character of the expression is not underline, the number of the underlines is not limited in theory (but is limited by the length of the com-mand line in practice).

If the first character of the expression is underline, there can be four suc-cessive underlines at most at the beginning of the expression.If the underlines are not successive, only the first group of successive underlines is matched. The subsequent groups of underlines are ignored.

( Left parenthesis. It represents the in-stack flag in programs.

It is recommended not to use this character in regular expression.

. Period. It is a wildcard which matches any character, including space.

-

* Asterisk. It means that the preceding sub-expression can be matched for zero or multiple times.

zo* can be matched by “z” and “zoo”.

+ Plus sign. It means that the preceding sub-expression can be matched for one or multiple times.

zo+ can be matched by "zo" and “zoo” but not "z".

154 ● display current-configuration 3Com Switch 4200G Family Command Reference

# interface GigabitEthernet1/0/5 # interface GigabitEthernet1/0/6 # interface GigabitEthernet1/0/7 # interface GigabitEthernet1/0/8 # interface GigabitEthernet1/0/9 # interface GigabitEthernet1/0/10 # interface GigabitEthernet1/0/11 # interface GigabitEthernet1/0/12 # interface GigabitEthernet1/0/13 # interface GigabitEthernet1/0/14 # interface GigabitEthernet1/0/15 # interface GigabitEthernet1/0/16 # interface GigabitEthernet1/0/17 # interface GigabitEthernet1/0/18 # interface GigabitEthernet1/0/19 # interface GigabitEthernet1/0/20 # interface GigabitEthernet1/0/21 # interface GigabitEthernet1/0/22 # interface GigabitEthernet1/0/23 # interface GigabitEthernet1/0/24 # interface NULL0 # management-vlan 2 # user-interface aux 0 7 user-interface vty 0 4 # return

Display the lines that include 10* in the configuration information. “*” means that the zero before it may not appear or appear multiple times continuously.

<S4200G> display current-configuration | include 10*primary authentication 127.0.0.1 1645 primary accounting 127.0.0.1 1646 local-server nas-ip 127.0.0.1 key easyKeyvlan 1interface Vlan-interface1 ip address 10.1.1.2 255.255.255.0interface GigabitEthernet1/0/1 speed 1000

3Com Switch 4200G Family display current-configuration ● 155 Command Reference

interface GigabitEthernet1/0/2interface GigabitEthernet1/0/3interface GigabitEthernet1/0/4 network 10.1.1.0 0.0.0.255

Display the configuration information starting with “user”.

<S4200G> display current-configuration | include ^useruser-interface aux 0user-interface vty 0 4


■ Any view

Description This command will not display those configuration parameters that have the same values with the corresponding default parameters.

After performing a group of configurations, you can use the display current-configuration command to verify the configuration results by checking the currently valid parameters in the display output. This command will not display the parameters whose corresponding functions do not take effect even though these parameters have been configured.

For example, although you can perform PPP-related configurations on an interface encapsulated with X.25, the display current-configuration command does not display the PPP configuration information.

Related Commands ■ display saved-configuration

■ reset saved-configuration

■ save

156 ● display debugging 3Com Switch 4200G Family Command Reference

display debugging

Purpose Use the display debugging command to display the enabled debugging on a specified device.

Syntax display debugging [ unit unit-id ] [ interface interface-type interface-number | module-name ]

Parameters unit-id Unit ID of a switch.

interface-type Specify the Ethernet port type.

interface-num Specify the Ethernet port number.

module-name Specify the functional module name.

Example Show all the enabled debugging.

<S4200G> display debugging unit 1IP icmp debugging is onRip packet debugging switch is onRip receive debugging switch is onRip send debugging switch is on


■ Any view

Description Executing this command without any parameter will display all enabled debugging.

Related Command debugging

3Com Switch 4200G Family display debugging habp ● 157 Command Reference

display debugging habp

Purpose Use the display debugging habp command to display the state of HABP debugging.

Syntax display debugging habp

Parameters None

Example To display the state of HABP debugging.

<S4200G> display debugging habpHABP Debugging switch is onThe information displayed indicates that HABP debugging is enabled.


■ Any view

158 ● display device 3Com Switch 4200G Family Command Reference

display device

Purpose Use the display device command to display the information, such as the module type and operating status, about each board (main board and sub-board) of a specified switch.

Syntax display device [ manuinfo [ unit unit-id ] | unit unit-id ]

Parameters manuinfo Displays the manufacture information of the specified switch.

unit unit-id Specifies the Unit ID of the switch.

Example Show device information.

<SW4200G>display device

Unit 1SlotNo SubSNo PortNum PCBVer FPGAVer CPLDVer BootRomVer AddrLM Type State0 0 24 REV.A NULL 000 200 IVLMAIN Norma


■ Any view

Description Displayed information can include slot number, sub-slot number, number of ports, versions of PCB, FPGA, CPLD and BootROM software, address learning mode, and interface board type.

3Com Switch 4200G Family display dhcp client ● 159 Command Reference

display dhcp client

Purpose Use the display dhcp client command to display the DHCP client-related information.

Syntax display dhcp client [ verbose ]

Parameters verbose Displays the detailed the DHCP client information about address allocation.

Example Display the DHCP client information about address allocation.

<S4200G> display dhcp client verboseDHCP client statistic information:Vlan-interface1:Current machine state: BOUNDAlloced IP: 169.254.0.2 255.255.0.0Alloced lease: 86400 seconds, T1: 43200 seconds, T2: 75600 secondsLease from 2002.09.20 01:05:03 to 2002.09.21 01:05:03Server IP: 169.254.0.1Transaction ID = 0x3d8a7431Default router: 2.2.2.2DNS server: 1.1.1.1Domain name: 3Com-3com.comClient ID: 00e0-fc0a-c3efNext timeout will happen after 0 days 11 hours 56 minutes 1 seconds


■ Any view

Table 19 Description on the fields of the display dhcp client command

Field Description

Vlan-interface1 VLAN interface operating as a DHCP client to obtain an IP address dynamically

Current machine state The state of the client state machine

Alloced IP IP address allocated to the DHCP client

lease Lease period

T1 Renewal timer readout

T2 Rebinding timer readout

Lease from….to…. The starting and end time of the lease period

Server IP IP address of the DHCP server

Transaction ID Transaction ID

Default router Gateway address

160 ● display dhcp-security 3Com Switch 4200G Family Command Reference

display dhcp-security

Purpose Use the display dhcp-security command to display one or all user address entries, or a specified type of user address entries in the valid user address table of a DHCP server group.

Syntax display dhcp-security [ ip-address | dynamic | static | tracker ]

Parameters ip-address IP address. This argument is used to display the user address entry with the specified IP address.

dynamic Displays the dynamic user address entries.

static Displays the static user address entries.

tracker Displays the interval to update the user address entries of a DHCP-security table.

Example Display all user address entries contained in the valid user address table of the DHCP server group.

<S4200G> display dhcp-securityIP Address MAC Address IP Address Type2.2.2.3 0005-5d02-f2b2 Static3.3.3.3 0005-5d02-f2b3 Dynamic--- 2 dhcp-security item(s) found ---


■ Any view

Table 20 Description on the fields of the display dhcp-security command

Field Description

IP Address IP address of a user of the DHCP server group

MAC Address MAC address of the user of the DHCP server group

IP Address Type Type of the user address entry (static/dynamic)

3Com Switch 4200G Family display dhcp-server ● 161 Command Reference

display dhcp-server

Purpose Use the display dhcp-server command to display information about a specified DHCP server group.

Syntax display dhcp-server groupNo

Parameters groupNo DHCP server group number. Valid values are 0 to 19.

Example Display information about DHCP server group 0.

<S4200G> display dhcp-server 0IP address of DHCP server group 0: 1.1.1.1IP address of DHCP server group 0: 2.2.2.2IP address of DHCP server group 0: 3.3.3.3IP address of DHCP server group 0: 4.4.4.4IP address of DHCP server group 0: 5.5.5.5IP address of DHCP server group 0: 6.6.6.6IP address of DHCP server group 0: 7.7.7.7IP address of DHCP server group 0: 8.8.8.8Messages from this server group: 0Messages to this server group: 0Messages from clients to this server group: 0Messages from this server group to clients: 0DHCP_OFFER messages: 0DHCP_ACK messages: 0DHCP_NAK messages: 0DHCP_DECLINE messages: 0DHCP_DISCOVER messages: 0DHCP_REQUEST messages: 0DHCP_INFORM messages: 0DHCP_RELEASE messages: 0BOOTP_REQUEST messages: 0BOOTP_REPLY messages: 0

Table 21 Description on the fields of the display dhcp-server command

Field Description

IP address of DHCP server group 0: DHCP server IP addresses of DHCP server group 0

Messages from this server group Number of the packets received from the DHCP server group

Messages to this server group Number of the packets sent to the DHCP server group

Messages from clients to this server group Number of the packets received from the DHCP clients

Messages from this server group to clients Number of the packets sent to the DHCP clients

DHCP_OFFER messages Number of the received DHCP-OFFER packets

DHCP_ACK messages Number of the received DHCP-ACK packets

162 ● display dhcp-server 3Com Switch 4200G Family Command Reference


■ Any view

Related Commands ■ debugging dhcp-relay

■ dhcp-server

■ dhcp-server ip


DHCP_NAK messages Number of the received DHCP-NAK packets

DHCP_DECLINE messages Number of the received DHCP-DECLINE packets

DHCP_DISCOVER messages Number of the received DHCP-DISCOVER packets

DHCP_REQUEST messages Number of the received DHCP-REQUEST packets

DHCP_INFORM messages Number of the received DHCP-INFORM packets

DHCP_RELEASE messages Number of the received DHCP-RELEASE packets

BOOTP_REQUEST messages Number of the BOOTP request packets

BOOTP_REPLY messages Number of the BOOTP response packets

Table 21 Description on the fields of the display dhcp-server command

Field Description

3Com Switch 4200G Family display dhcp-server interface vlan-interface ● 163 Command Reference

display dhcp-server interface vlan-interface

Purpose Use the display dhcp-server interface vlan-interface command to display information about the DHCP server group to which a VLAN interface is mapped.

Syntax display dhcp-server interface vlan-interface vlan-id

Parameters vlan-id VLAN ID.

Examples Display information about the DHCP server group to which VLAN 2 interface is mapped.

<S4200G> display dhcp-server interface vlan-interface 2.The DHCP server group of this interface is 0.The above display information indicates the VLAN 2 interface is mapped to DHCP server group 0.


■ Any view

Related Commands ■ debugging dhcp-relay

■ dhcp-server


164 ● display dhcp-snooping 3Com Switch 4200G Family Command Reference

display dhcp-snooping

Purpose Use the display dhcp-snooping command to display the user IP-MAC address mapping entries recorded by the DHCP snooping function.

Syntax display dhcp-snooping [ unit unit-id ]

Parameters unit-id ID of a unit in a fabric.

Example Display the user IP-MAC address mapping entries recorded by the DHCP snooping function.

<S4200G> display dhcp-snoopingDHCP-Snooping is enabled. Type : D--Dynamic , S--Static Unit ID : 1 Type IP Address MAC Address Lease VLAN Interface ==== =============== =============== ========= ==== =================--- 0 dhcp-snooping item(s) of unit 1 found ---


■ Any view

3Com Switch 4200G Family display dhcp-snooping ● 165 Command Reference


Purpose Use the display dhcp-snooping command to display the correspondence between user IP addresses and MAC addresses recorded by the DHCP snooping function.

Syntax display dhcp-snooping

Parameters None.

Example Display the correspondence between user IP addresses and MAC addresses recorded by the DHCP snooping function..

<S4200G> display dhcp-snoopingDHCP-Snooping is enabled.The client binding table for all untrusted ports. Type : D--Dynamic , S--Static Unit ID : 1 Type IP Address MAC Address Lease VLAN Interface ==== =============== =============== ========= ==== =================--- 0 dhcp-snooping item(s) of unit 1 found ---


■ Any view

166 ● display dhcp-snooping trust 3Com Switch 4200G Family Command Reference

display dhcp-snooping trust

Purpose Use the display dhcp-snooping trust command to display the (enabled/disabled) state of the DHCP snooping function and the trusted ports.

Syntax display dhcp-snooping trust

Parameters None

Example Display the state of the DHCP snooping function and the trusted ports.

<S4200G> display dhcp-snooping trustdhcp-snooping is enabled dhcp-snooping trust become effective

Interface Trusted ================================= Ethernet1/0/1 Trusted

The above display information indicates that the DHCP snooping function is enabled, and the Ethernet1/0/1 port is a trusted port.


■ Any view

3Com Switch 4200G Family display dhcp-snooping trust ● 167 Command Reference


Purpose Use the display dhcp-snooping trust command to display the DHCP-Snooping state and information on trusted ports.

Syntax display dhcp-snooping trust

Parameters None

Example Display DHCP-Snooping trust state and information on trusted ports.

<S4200G> display dhcp-snooping trustdhcp-snooping is enabled dhcp-snooping trust become effective

Interface Trusted ================================= GigabitEthernet1/0/1 Trusted

The above display indicates that DHCP-Snooping is enabled and that the rust function is effective with GigabitEthernet1/0/1 being the trusted port.


■ Any view

168 ● display diagnostic-information 3Com Switch 4200G Family Command Reference

display diagnostic-information

Purpose Use the display diagnostic-information command to display the system diagnostic information, or save the system diagnostic information to a file (with a suffix of "diag") in the flash memory.

Syntax display diagnostic-information

Parameters None

Example Save the system diagnostic information to the default.diag file.

<S4200G> display diagnostic-information This operation may take a few minutes, continue?[Y/N]y Diagnostic-information is saved to Flash or displayed(Y=save N=display)?[Y/N]y Please input the file name(*.diag)[flash:/default.diag]: The file is already existing, overwrite it? [Y/N]y

% Output information to file: flash:/default.diag.Please wait......


■ Any view

3Com Switch 4200G Family display domain ● 169 Command Reference

display domain

Purpose Use the display domain command to view the configuration information of a specified ISP domain or display the summary information of all ISP domains.

Syntax display domain [ isp-name ]

Parameters isp-name Specifies the ISP domain name with a character string up to 24 characters in length. The specified ISP domain must exist.

Example To display the configuration information about all ISP domains.

<S4200G> display domain0 Domain = system State = Active Scheme = LOCAL Access-limit = Disable Vlan-assignment-mode = Integer Domain User Template: Idle-cut = Disable Self-service = Disable Messenger Time = Disable

Default Domain Name: systemTotal 1 domain(s).1 listed.


■ Any view

Table 22 Description on the fields of the display domain command

Field Description

Domain Domain name

State State

Scheme AAA scheme

Access-Limit Limit on the number of access users

Vlan-assignment-mode VLAN assignment mode

Domain User Template Domain user template

Idle-Cut State of the idle-cut function

Self-service State of the self service

Messenger Time State of the messenger time service

170 ● display domain 3Com Switch 4200G Family Command Reference

Description This command is used to output the configuration of a specified ISP domain or display the summary information of all ISP domains. If an ISP domain is specified, the configuration information (content and format) will be displayed exactly the same as the displayed information of the display domain command. The output information can help with ISP domain diagnosis and troubleshooting. Note that the accounting scheme to be displayed should have been created.

Related Commands ■ access-limit

■ domain

■ radius-scheme

■ state

3Com Switch 4200G Family display dot1x ● 171 Command Reference

display dot1x

Purpose Use the display dot1x command to view the relevant information of 802.1x.

Displayed information includes:

■ Configuration information

■ Operation information (session information)

■ Relevant statistics

Syntax display dot1x [ sessions | statistics ] [ interface interface-list ]

Parameters sessions Displays the session connection information of 802.1x.

statistics Displays the relevant statistics information of 802.1x.

interface Displays the 802.1x information about a specific port.

interface-list Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the for:

interface-list = { interface-name [ to interface- name] & < 1-10 >

interface-name is the port index of an Ethernet port and can be specified in this form:

interface-name = { interface-type interface-num }

interface-type specifies the type of an Ethernet port and interface-num identifies the number of the port. Note that the interface name after the keyword to must have an interface-num that is greater than or equal to that of the interface-name before the keyword to. "&<1-10>" means that up to 10 port indexes/port index lists can be provided.

Default By default, all the relevant 802.1x information about each interface will be displayed.

Example To display 802.1x-related configuration information, enter the following:

<S4200G> display dot1xEquipment 802.1X protocol is enabled CHAP authentication is enabled DHCP-launch is enabled Proxy trap checker is disabled Proxy logoff checker is disabled

Configuration: Transmit Period 30 s, Handshake Period 15 s Quiet Period 60 s, Quiet Period Timer is disabledSupp Timeout 30 s, Server Timeout 100 s

172 ● display dot1x 3Com Switch 4200G Family Command Reference

Interval between version requests is 30sMaximal request times for version information is 3The maximal retransmitting times 2

Total maximum 802.1x user resource number is 1024 Total current used 802.1x resource number is 1

GigabitEthernet1/0/1 is link-down 802.1X protocol is disabled Proxy trap checker is disabled Proxy logoff checker is disabled Version-Check is disabled The port is an authenticator Authentication Mode is Auto Port Control Type is Mac-based Max number of on-line users is 256

Authentication Success: 0, Failed: 0 EAPOL Packets: Tx 0, Rx 0 Sent EAP Request/Identity Packets : 0 EAP Request/Challenge Packets: 0 Received EAPOL Start Packets : 0 EAPOL LogOff Packets: 0 EAP Response/Identity Packets : 0 EAP Response/Challenge Packets: 0 Error Packets: 0

Controlled User(s) amount to 0

GigabitEthernet1/0/2 is link-down 802.1X protocol is disabled Proxy trap checker is disabled Proxy logoff checker is disabled Version-Check is disabled The port is an authenticator Authentication Mode is Auto Port Control Type is Mac-based Max number of on-line users is 256

Authentication Success: 0, Failed: 0 EAPOL Packets: Tx 0, Rx 0 Sent EAP Request/Identity Packets : 0 EAP Request/Challenge Packets: 0 Received EAPOL Start Packets : 0 EAPOL LogOff Packets: 0 EAP Response/Identity Packets : 0 EAP Response/Challenge Packets: 0 Error Packets: 0

Controlled User(s) amount to 0

GigabitEthernet1/0/3 ……

Table 23 Description on the fields of the display dot1x command

Field Description

Equipment 802.1X protocol is enabled

802.1x protocol (802.1x for short) is enabled on the switch.

CHAP authentication is enabled CHAP authentication is enabled.

DHCP-launch is enabled DHCP-triggered.802.1x authentication is disabled.

3Com Switch 4200G Family display dot1x ● 173 Command Reference


■ Any view

Description When the interface-list argument is not provided, this command displays 802.1x-related information on all ports. The output information can be used to verify 802.1 x-related configurations and to troubleshoot.

Proxy trap checker is disabled The proxy trap checker is disabled here, which means the switch does not send Trap packets when it detects that a supplicant system logs in through a proxy. It can also be configured as enabled, in which case the switch sends Trap packets when it detects that a supplicant system logs in through a proxy.

Proxy logoff checker is disabled The proxy logoff checker is disabled here, which means that a switch does not disconnect a supplicant system when it detects that the latter logs in through a proxy. It can also be configured as enabled, in which case the switch disconnects a supplicant system when it detects that the latter logs in through a proxy.

Transmit Period Setting of the Transmission period timer (the tx-period)

Handshake Period Setting of the handshake period timer (the handshake-period)

Quiet Period Setting of the quiet period timer (the quiet-period)

Quiet Period Timer is disabled The quiet period timer is disabled here. It can also be configured as enabled when necessary.

Supp Timeout Setting of the supplicant timeout timer (supp-timeout)

Server Timeout Setting of the server-timeout timer (server-timeout)

The maximal retransmitting times

The maximum number of times that a switch can send authentication request packets to a supplicant system

Total maximum 802.1x user resource number

The maximum number of 802.1x users that a switch can accommodate

Total current used 802.1x resource number

The number of online supplicant systems

GigabitEthernet1/0/1 is link-down

GigabitEthernet1/0/1 port is in down state.

802.1X protocol is disabled 802.1x is disabled on the port

Proxy trap checker is disabled The proxy trap checker is disabled here. It can also be configured as enabled, in which case the switch sends Trap packets when it detects that a supplicant system logs in through a proxy.

Proxy logoff checker is disabled The proxy logoff checker is disabled here. It can also be configured as enabled, in which case the switch disconnects a supplicant system when it detects that the latter logs in through a proxy.

Version-Check is disabled The client version checking function is disabled here. It can also be configured as enabled, in which case the switch checks client version.

The port is an authenticator The port acts as an authenticator system.

Authentication Mode is Auto The port access control mode is Auto.

Port Control Type is Mac-based The port access control method is MAC-based. That is, supplicant systems are authenticated based on their MAC addresses.

Max number of on-line users The maximum number of online users that the port can accommodate

… Information omitted here

Table 23 Description on the fields of the display dot1x command (continued)

Field Description

174 ● display dot1x 3Com Switch 4200G Family Command Reference

Related Commands ■ dot1x

■ dot1x max-user

■ dot1x port-control

■ dot1x port-method

■ dot1x retry

■ reset dot1x statistics

■ dot1x timer

3Com Switch 4200G Family display fib ● 175 Command Reference

display fib

Purpose Use the display fib command to view the summary of the forwarding information base.

Syntax display fib

Parameters None

Example To display the summary of the Forwarding Information Base, enter the following:

<S4200G> display fibFlag: U:Usable G:Gateway H:Host B:Blackhole D:Dynamic S:Static R:Reject E:Equal cost multi-path L:Generated by ARP or ESISDestination/Mask Nexthop Flag TimeStamp Interface127.0.0.1/32 127.0.0.1 GHU t[50] InLoopBack0127.0.0.0/8 127.0.0.1 U t[50] InLoopBack0


■ Any view

Description The information includes: the destination address/mask length, next hop address, current flag, and forward interface

Table 24 Description of the output information of the display fib command

Field Description

Destination/Mask Destination address/mask length

Nexthop Forward address of the next hop

FlagThe flag options include:

B indicates this is a blacklist route.

D indicates this is a dynamic route.

E indicates this is an equal-cost route.

G indicates this is a gateway route.

H indicates this is a host route.

S indicates this is a static route.

U indicates this route is up and available.

R indicates this route is rejected and unavailable.

L indicates this route is generated by ARP or ESIS.

Interface Interface

176 ● display ftp-server 3Com Switch 4200G Family Command Reference

display ftp-server

Purpose Use the display ftp-server command to display the FTP server-related settings of a switch when it operates as an FTP server.

You can use this command to verify FTP server-related configurations.

Syntax display ftp-server

Parameters None

Example Display the FTP server-related settings of the switch (assuming that the switch is operating as an FTP server).

<S4200G> display ftp-server FTP server is running Max user number 1 User count 0 Timeout value (in minute) 30


■ Any view

Table 25 Description on the fields of the display ftp-server command

Field Description

FTP server is running The FTP server is started

Max user number 1 The FTP server can accommodate up to one user.

User count 0 The current login user number is 0.

Timeout value ( in minutes ) 30

The connection idle time is 30 minutes.

3Com Switch 4200G Family display ftp-user ● 177 Command Reference

display ftp-user

Purpose Use the display ftp-user command to display the settings of the current FTP user, including the user name, host IP address, port number, connection idle time, and authorized directory.

Syntax display ftp-user

Parameters None

Example Display FTP user settings.

<S4200G> display ftp-userUsernameHost IPPortIdleHomedirS4200G10.110.3.510742flash:/S4200G


■ Any view

178 ● display garp statistics 3Com Switch 4200G Family Command Reference

display garp statistics

Purpose Use the display garp statistics command to display the GARP statistics on specified (or all) ports.

Syntax display garp statistics [ interface interface-list ]

Parameters interface-list Ethernet port list, in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-10>. Where, interface-type is the port type, interface-number is the port number (refer to the parameter description of the port part in this document for the meanings and ranges of the two parameter), and &<1-10> means you can specify totally 1 to 10 ports and port ranges.

Example Display the GARP statistics on the port GigabitEthernet1/0/1.

<S4200G> display garp statistics interface GigabitEthernet1/0/1 GARP statistics on port GigabitEthernet1/0/1 Number Of GMRP Frames Received : 0 Number Of GVRP Frames Received : 0 Number Of GMRP Frames Transmitted : 0 Number Of GVRP Frames Transmitted : 0 Number Of Frames Discarded : 0


■ Any view

Description The displayed information includes:

■ Number of GMRP packets the port received

■ Number of GVRP packets the port received

■ Number of GMRP packets the port received

■ Number of GVRP packets the port received

■ Number of packets the port discarded

3Com Switch 4200G Family display garp timer ● 179 Command Reference

display garp timer

Purpose Use the display garp timer command to display the values of the GARP timers on specified or all ports.

Syntax display garp timer [ interface interface-list ]


Example Display the values of GARP timers of the port GigabitEthernet1/0/1.

<S4200G> display garp timer interface GigabitEthernet1/0/1 GARP timers on port GigabitEthernet1/0/1

Garp Join Time : 20 centiseconds Garp Leave Time : 60 centiseconds Garp LeaveAll Time : 1000 centiseconds Garp Hold Time : 10 centiseconds


■ Any view


■ Value of the Join timer

■ Value of the Leave timer

■ Value of the LeaveAll timer

■ Value of the Hold timer

Related Commands ■ garp timer

■ garp timer leaveall

180 ● display gvrp statistics 3Com Switch 4200G Family Command Reference

display gvrp statistics

Purpose Use the display gvrp statistics command to display the GVRP statistics about specified (or all) Trunk ports.

Syntax display gvrp statistics [ interface interface-list ]


Example Display the GVRP statistics about the port GigabitEthernet1/0/1.

<S4200G> display gvrp statistics interface ethernet1/0/1 GVRP statistics on port Ethernet1/0/1

GVRP Status : Enabled GVRP Running : YES GVRP Failed Registrations : 0 GVRP Last Pdu Origin : 0000-0000-0000 GVRP Registration Type : Normal


■ Any view


■ GVRP status

■ Whether GVRP is running

■ Number of the failed GVRP registrations

■ The source MAC address of the last GVRP PDU

■ GVRP registration type of the port

3Com Switch 4200G Family display gvrp status ● 181 Command Reference

display gvrp status

Purpose Use the display gvrp status command to display the enable/disable status of global GVRP.

Syntax display gvrp status

Parameters None

Example Display the enable/disable status of global GVRP.

<S4200G> display gvrp statusGVRP is enabledThe above information indicates GVRP is enabled globally.


■ Any view

182 ● display habp 3Com Switch 4200G Family Command Reference

display habp

Purpose Use the display habp command to display HABP configuration and status information.

Syntax display habp

Parameters None

Example To display HABP configuration and status information, enter the following:

<S4200>system-viewSystem View: return to User View with Ctrl+Z.[S4200] display habpGlobal HABP information: HABP Mode: Server Sending HABP request packets every 20 seconds Bypass VLAN: 2


■ Any view

Table 26 Description on the fields of the display habp command

Field Description

HABP Mode Indicates the HABP mode of the switch. A switch can operate as an HABP server (displayed as Server) or an HABP client (displayed as Client).

Sending HABP request packets every 20 seconds HABP request packets are sent once in every 20 seconds.

Bypass VLAN Indicates the ID(s) of the VALN(s) to which HABP request packets are sent

3Com Switch 4200G Family display habp table ● 183 Command Reference

display habp table

Purpose Use the display habp table command to display the MAC address table maintained by HABP.

Syntax display habp table

Parameters None

Default body

Example To display the MAC address table maintained by HABP, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] display habp tableMAC Holdtime Receive Port001f-3c00-0030 53 GigabitEthernet1/0/1


■ Any view

Table 27 Description on the fields of the display habp table command

Field Description

MAC MAC addresses listed in the HABP MAC address table.

Holdtime Hold time of the entries in the HABP MAC address table. An address will be removed from the table if it has not been updated during the hold time.

Receive Port The port from which a MAC address is learned

184 ● display habp traffic 3Com Switch 4200G Family Command Reference

display habp traffic

Purpose Use the display habp traffic command to display statistics on HABP packets.

Syntax display habp traffic

Parameters None

Example To display statistics on HABP packets, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] display habp trafficHABP counters : Packets output: 0, Input: 0 ID error: 0, Type error: 0, Version error: 0 Sent failed: 0


■ Any view

Table 28 Description on the fields of the display habp traffic command

Field Description

Packets output Number of the HABP packets sent

Input Number of the HABP packets received

ID error Number of HABP packets with ID errors

Type error Number of HABP packets with type errors

Version error Number of HABP packets with version errors

Sent failed Number of HABP packets that failed to be sent

3Com Switch 4200G Family display history-command ● 185 Command Reference

display history-command

Purpose Use the display history-command command to display history commands.

Syntax display history-command

Parameters None

Example Display history commands.

<S4200G> display history-command sys quit display his


■ Any view

Related Command history-command max-size

186 ● display icmp statistics 3Com Switch 4200G Family Command Reference

display icmp statistics

Purpose Use the display icmp statistics command to view the statistics information about ICMP packets.

Syntax display icmp statistics

Parameters None

Example To view statistics about ICMP packets, enter the following:

<S4200G> display icmp statistics Input: bad formats 0 bad checksum 0 echo 5 destination unreachable 0 source quench 0 redirects 0 echo reply 10 parameter problem 0 timestamp 0 information request 0 mask requests 0 mask replies 0 time exceeded 0 Output:echo 10 destination unreachable 0 source quench 0 redirects 0 echo reply 5 parameter problem 0 timestamp 0 information reply 0 mask requests 0 mask replies 0 time exceeded 0


■ Any view

Table 29 Output Description of the display icmp statistics command

Field Description

bad formats Number of input packets in bad format

bad checksum Number of input packets with wrong checksum

echo Number of input/output echo request packets

destination unreachable Number of input/output packets with unreachable destination

source quench Number of input/output source quench packets

redirects Number of input/output redirected packets

echo reply Number of input/output echo reply packets

parameter problem Number of input/output packets with parameter problem

timestamp Number of input/output timestamp packets

information request Number of input information request packets

mask requests Number of input/output mask request packets

mask replies Number of input/output mask reply packets

information reply Number of output information reply packets

time exceeded Number of time exceeded packets

3Com Switch 4200G Family display icmp statistics ● 187 Command Reference

Related Commands ■ display interface VLAN-interface

■ reset ip statistics

188 ● display igmp-snooping configuration 3Com Switch 4200G Family Command Reference

display igmp-snooping configuration

Purpose Use the display igmp-snooping configuration command to display the configuration information about IGMP Snooping.

Syntax display igmp-snooping configuration

Parameters None

Example Display the configuration information about IGMP Snooping on the switch.

<S4200G> display igmp-snooping configurationEnable IGMP-Snooping.The router port timeout is 105 second(s).The max response timeout is 1 second(s).The host port timeout is 260 second(s).

The above information shows: IGMP Snooping has already been enabled, the aging time of the router port is 105 seconds, the maximum query response time is one second, and the aging time of multicast member ports is 260 seconds.


■ Any view

Description When IGMP Snooping is enabled on the switch, this command displays the following information: IGMP Snooping status, aging time of the router port, query response timeout time, and aging time of multicast member ports.

Related Command igmp-snooping

3Com Switch 4200G Family display igmp-snooping group ● 189 Command Reference

display igmp-snooping group

Purpose Use the display igmp-snooping group command to display information about the IP and MAC multicast groups under one VLAN (with vlan vlan-id) or all VLANs (without vlan vlan-id).

Syntax display igmp-snooping group [ vlan vlan-id ]

Parameters vlan vlan-id Specifies a VLAN ID.

Example Display information about the multicast groups under VLAN 2.

<S4200G> display igmp-snooping group vlan 2***************Multicast group table***************Vlan(id):2.Router port(s):GigabitEthernet1/0/1IP group(s):the following ip group(s) match to one mac group.IP group address:230.45.45.1Member port(s):GigabitEthernet1/0/2MAC group(s):MAC group address:01-00-5e-2d-2d-01Member port(s):GigabitEthernet1/0/2

The above information shows:

■ There exist multicast groups under VLAN 2.

■ GigabitEthernet 1/0/1 is the router port.

■ The IP multicast group address is 230.45.45.1.

■ GigabitEthernet 1/0/2 is a member port of the IP multicast group.

■ The MAC multicast group address is 0100-5e2d-2d01.

■ GigabitEthernet 1/0/2 is a member port of the MAC multicast group.


■ Any view

Description This command displays the following information: VLAN ID, router port, IP multicast group address, member ports included in IP multicast group, MAC multicast group, MAC multicast group address, member ports included in MAC multicast group.

190 ● display igmp-snooping statistics 3Com Switch 4200G Family Command Reference

display igmp-snooping statistics

Purpose Use the display igmp-snooping statistics command to display the message statistics about IGMP Snooping.

Syntax display igmp-snooping statistics

Parameters None

Example Display the message statistics about IGMP Snooping.

<4200G> display igmp-snooping statisticsReceived IGMP general query packet(s) number:0.Received IGMP specific query packet(s) number:0.Received IGMP V1 report packet(s) number:0.Received IGMP V2 report packet(s) number:0.Received IGMP leave packet(s) number:0.Received error IGMP packet(s) number:0.Sent IGMP specific query packet(s) number:0.

The above information shows that IGMP Snooping has received:

■ Zero IGMP general query message

■ Zero IGMP group-specific query message

■ Zero IGMP V1 report message

■ Zero IGMP V2 report message

■ Zero IGMP leave message

■ Zero IGMP error message

And IGMP Snooping has sent:

■ Zero IGMP group-specific query message


■ Any view

Description This command displays the following information: the numbers of the IGMP general query messages, IGMP group-specific query messages, IGMP V1 report messages, IGMP V2 report messages, IGMP leave messages and error IGMP messages received, and the number of the IGMP group-specific query messages sent.


3Com Switch 4200G Family display info-center ● 191 Command Reference

display info-center

Purpose Use the display info-center command to display system log settings and memory buffer record statistics.

Syntax display info-center [ unit unit-id ]

Parameters unit-id Unit identification

Example Display system log settings.

<S4200G> display info-centerInformation Center:enabledLog host:Console: channel number:0, channel name:consoleMonitor: channel number:1, channel name:monitorSNMP Agent: channel number:5, channel name:snmpagentLog buffer: enabled, max buffer size:1024, current buffer size:256 current messages:2, channel number:4, channel name:logbuffer dropped messages:0, overwrote messages:0Trap buffer: enabled, max buffer size:1024, current buffer size:256 current messages:0, channel number:3, channel name:trapbuffer dropped messages:0, overwrote messages:0Information timestamp setting: log - date, trap - date, debug - bootSWITCH OF Device--Unit>1: LOG = disable; TRAP = disable; DEBUG = enable

Table 30 Description on the fields of the display info-center command

Field Description

Information Center: Whether the information center is enabled.

Log host: Status of the log host, including its IP address, used channel numbers, channel names, language and level.

Console: Usage status of the control port, including the channel number and channel name it uses.

Monitor: Usage status of the monitor port, including the channel number and channel name it uses.

SNMP Agent: Usage status of the network proxy, including the channel number and channel name it uses.

Log buffer: Usage status of the log buffer, including whether it is enabled, the utmost capacity, the current capacity, the current item number, channel name, channel number, discarded item number and covered item number.

Trap buffer: Usage status of the trap buffer, including whether it is enabled, the utmost capacity, the current capacity, the current item number, channel name, channel number, discarded item number and cover item number.

192 ● display info-center 3Com Switch 4200G Family Command Reference


■ Any view

Description If the information in the current log/trap buffer is less than the specified sizeval, display the actual log/trap information.

Related Commands ■ info-center enable

■ info-center logbuffer

■ info-center console channel

■ info-center monitor channel

Information timestamp setting Time stamp settings, describing the time stamp types of log information, trap information and debug information.

SWITCH OF Device--Unit>1 Device switch status, describing the switch status of log, trap and debug information.

Table 30 Description on the fields of the display info-center command (continued)

Field Description

3Com Switch 4200G Family display interface ● 193 Command Reference

display interface

Purpose Use the display interface command to view the configuration information on the selected interface.

Syntax display interface [ interface-type |

interface-type interface-number ]

Parameters interface-type Specifies the port (interface) type. This can be either Aux, Ethernet, GigabitEthernet, NULL, Vlan-interface.

interface-number Specifies the port (interface) number in the format unit-number/0/port-number.

Valid values for the port number are 1 to 16, 1 to 28, or 1 to 52, depending on the number of ports you have on your unit.

You can use the interface_name at this command. This consists of the interface_type and the interface_number combined as a single parameter. For example, Ethernet1/0/1.

Example To display configuration information on Ethernet port 1/0/1, enter the following:

<S4200G>display interface GigabitEthernet 1/0/1

The information displays in the following format:

GigabitEthernet1/0/1 current state : ADMINISTRATIVELY DOWN IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0- fc00-5104Media type is twisted pair, loopback not set Port hardware type is 1000_BASE_T 1000Mbps-speed mode, full-duplex mode Link speed type is force link, link duplex type is force link Flow-control is not enabled The Maximum Frame Length is 9216 Broadcast-suppression ratio(%): 100% Unknown Multicast Packet drop: Disable Unknown Unicast Packet drop: DisableAllow jumbo frame to pass PVID: 1 Mdi type: auto Port link-type: access Tagged VLAN ID : none Untagged VLAN ID : 1 Last 300 seconds input: 0 packets/sec 0 bytes/sec Last 300 seconds output: 0 packets/sec 0 bytes/secInput(total): - packets, - bytes - broadcasts, - multicasts, - pauses Input(normal): 0 packets, 0 bytes 0 broadcasts, 0 multicasts, - pauses Input: 0 input errors, 0 runts, 0 giants, 0 throttles, 0 CRC

194 ● display interface 3Com Switch 4200G Family Command Reference

0 frame, 0 overruns, 0 aborts, - ignored, - parity errors Output(total): - packets, - bytes - broadcasts, - multicasts, - pauses Output(normal): 0 packets, 0 bytes 0 broadcasts, 0 multicasts, 0 pauses Output: 0 output errors, - underruns, - buffer failures 0 aborts, 0 deferred, 0 collisions, 0 late collisions - lost carrier, - no carrier0 broadcasts, 0 multicasts, 0 pauses Output: 0 output errors, - underruns, - buffer failures - aborts, 0 deferred, 0 collisions, 0 late collisions - lost carrier, - no carrier


■ Any view

Description Along with others, this interface could be a specific port's interface (for example, Ethernet1/0/1) or a specific VLAN interface (for example, vlan-interface 1).

Table 31 Output Description of the display interface command

Field Description

GigabitEthernet1/0/1 current state Indicates the current state of the Ethernet port (up or down)

IP Sending frames’ format Displays the Ethernet frame format

Hardware address Displays the port hardware address

The Maximum Transmit Unit Indicates the maximum transmit unit

Media type Indicates the type of media

loopback not set Displays the port loopback test state

Port hardware type Displays the port hardware type

1000Mbps-speed mode, full-duplex mode

1000Mbps-speed mode, full-duplex mode

Link speed type is force link, link duplex type is force link

Link speed type is force link, link duplex type is force link

Flow control is not enabled Port flow control state

The Maximum Frame Length Indicates the maximum length of the Ethernet frames that can pass through the port

Broadcast MAX ratio Port broadcast storm suppression ratio

Unknown Multicast Packet drop: Disable The unknown multicast packet dropping function is disabled

Unknown Unicast Packet drop: Disable The unknown multicast packet dropping function is disabled

Allow jumbo frame to pass Indicates that jumbo frame are allowed to pass through the port

PVID Indicates the port default VLAN ID.

Mdi type Indicates the cable type

Port link-type Indicates the port link type

3Com Switch 4200G Family display interface ● 195 Command Reference

Description Use the display interface command to display port configuration.

■ If you specify neither port type nor port number, the command displays information about all ports.

■ If you specify only port type, the command displays information about all ports of this type.

■ If you specify both port type and port number, the command displays information about the specified port.

Tagged VLAN ID Indicates the VLANs with packets tagged

Untagged VLAN ID Indicates the VLANs with packets untagged

Last 300 minutes input rate: 0 packets/sec, 0 bytes/sec

Last 300 minutes output rate: 0 packets/sec, 0 bytes/sec

Displays the input/output rate and the number of packets that were passed on this port in the last 300 seconds

Input(total): 0 packets, 0 bytes

- broadcasts, - multicasts

Input(normal): 0 packets, 0 bytes

0 broadcasts, 0 multicasts

Input: 0 input errors, 0 runts, 0 giants, 0 throttles, 0 CRC

0 frame, - overruns, - aborts, - ignored, - parity errors

Output(total): 0 packets, 0 bytes

- broadcasts, - multicasts, - pauses

Output(normal): 0 packets, 0 bytes

0 broadcasts, 0 multicasts, 0 pauses

Output: 0 output errors, - underruns, - buffer failures

- aborts, 0 deferred, 0 collisions, 0 late collisions

- lost carrier, - no carrier

The statistics information of input/output packets and errors on this port. A “-” indicates that the item isn't supported by the switch.

Table 31 Output Description of the display interface command (continued)

Field Description

196 ● display interface VLAN-interface 3Com Switch 4200G Family Command Reference

display interface VLAN-interface

Purpose Use the display interface vlan-interface command to display the information about the management VLAN interface, including the physical and link status, the format of the sent frames, the MAC address, IP address (and subnet mask), description string and MTU (maximum transmit unit) of the management VLAN.

Syntax display interface vlan-interface [ vlan_id ]

Parameters vlan_id Specifies the ID of the management VLAN interface.

Example To display information about the management VLAN interface (assume that VLAN 1 is the management VLAN) type the following:

<S4200G> display interface vlan-interface 1Vlan-interface1 current state : DOWNLine protocol current state : DOWNIP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 00e0-fc07-4101Internet protocol processing : disabled Description : 3COM, S4200G Series, Vlan-interface1 InterfaceThe Maximum Transmit Unit is 1500


■ Any view

Description The information displayed about the management VLAN interface includes:

■ Physical and link status

■ Format of the sent frames

■ MAC hardware address

■ IP address and subnet mask

■ Description string

■ Maximum Transmit Unit (MTU)

Related Command interface VLAN-interface

3Com Switch 4200G Family display ip host ● 197 Command Reference

display ip host

Purpose Use the display ip host command to display all host names and their corresponding IP addresses.

Syntax display ip host

Parameters None.

Example To display all host names and their corresponding IP addresses, type the following:

<S4200G> display ip hostHost Age Flags Address(es)My 0 static 1.1.1.1Aa 0 static 2.2.2.4


■ Any view

Table 32 Description on the fields of the display ip host command

Field Description

Host Host name

Age Valid duration of the host address

Flags Flag

Address(es) Host IP address

198 ● display ip interface vlan-interface 3Com Switch 4200G Family Command Reference

display ip interface vlan-interface

Purpose Use the display ip interface vlan-interface command to view information on the specified interface.

Syntax display ip interface [ brief ] interface-type interface-number

Parameters brief Displays the configuration information about the specified interface in brief.

interface-type Specifies the interface type. The interface type can be either Aux, Ethernet, GigabitEthernet, NULL, Vlan-interface.

interface-number Specifies the interface number in the format unit-number/0/port-number.

Specifies the unit number. Valid values are 1 to 8.

Specifies the port number. Valid values are 1 to 28 or 1 to 52, depending on the number of ports you have on your unit.

Example Display the information about VLAN 1 interface.

<S4200G> display ip interface vlan-interface 1Vlan-interface1 current state : DOWNLine protocol current state : DOWNInternet Address is 1.1.1.1/8 PrimaryBroadcast address : 1.255.255.255The Maximum Transmit Unit : 1500 bytesinput packets : 0, bytes : 0, multicasts : 0output packets : 0, bytes : 0, multicasts : 0TTL invalid packet number: 0ICMP packet input number: 0 Echo reply: 0 Unreachable: 0 Source quench: 0 Routing redirect: 0 Echo request: 0 Router advert: 0 Router solicit: 0 Time exceed: 0 IP header bad: 0 Timestamp request: 0 Timestamp reply: 0 Information request: 0 Information reply: 0 Netmask request: 0 Netmask reply: 0 Unknown type: 0

3Com Switch 4200G Family display ip interface vlan-interface ● 199 Command Reference


■ Any view

200 ● display ip routing-table 3Com Switch 4200G Family Command Reference

display ip routing-table

Purpose Use the display ip routing-table command to display the summary information about the routing table.

Syntax display ip routing-table

Parameters None

Example Display the summary information about the routing table.

<S4200G> display ip routing-tableRouting Table: public netDestination/Mask Protocol Pre Cost Nexthop Interface1.1.1.0/24 DIRECT 0 0 1.1.1.1 Vlan-interface11.1.1.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0127.0.0.0/8 DIRECT 0 0 127.0.0.1 InLoopBack0127.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0

Each line in the table represents one route. The displayed information includes destination address/mask length, protocol, preference, cost, next hop and output interface.


■ Any view

Description This command displays the summary information about a routing table, with the items of a routing entry contained in one line. The information displayed includes destination IP address/mask length, protocol, preference, cost, next hop and outbound interface.

The display ip routing-table command only displays the routes currently in use, that is, the optimal routes

Table 33 Description of the fields for the display ip routing-table command

Field Description

Destination/Mask Destination IP address/Mask length

Protocol Routing protocol that discovers the route

Pre Routing preference

Cost Route cost

Nexthop Next hop IP address of the route

Interface Output interface, through which packets destined for the destination network segment are to be transmitted

3Com Switch 4200G Family display ip routing-table acl ● 201 Command Reference

display ip routing-table acl

Purpose Use the display ip routing-table acl command to display the routes permitted by the specified basic ACL.

Syntax display ip routing-table acl acl_number [ verbose ]

Parameters acl-number Specifies the number of the basic access control list (ACL). Valid values are 2000 to 2999.

verbose Displays the detailed information about the active and inactive routes filtered by the specified ACL. If you do not specify this keyword, the summary information about the active routes filtered by the specified ACL is displayed.

Example Display the summary information about the active routes permitted by ACL 2000.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] acl number 2000[S4200G-acl-basic-2000] rule permit source 10.1.1.1 0.0.0.255[S4200G-acl-basic-2000] rule deny source any[S4200G-acl-basic-2000] display ip routing-table acl 2000Routes matched by access-list 2000: Summary count: 2Destination/Mask Protocol Pre Cost Nexthop Interface10.1.1.0/24 DIRECT 0 0 10.1.1.2 Vlan-interface110.1.1.2/32 DIRECT 0 0 127.0.0.1 InLoopBack0

The output information shown above is described in the following table.

Display the detailed information about the active and inactive routes permitted by ACL 2000.

<S4200G> display ip routing-table acl 2000 verboseRoutes matched by access-list 2000: + = Active Route, - = Last Active, # = Both * = Next hop in use

Summary count: 2


Field Description




Cost Route cost



202 ● display ip routing-table acl 3Com Switch 4200G Family Command Reference

**Destination: 10.1.1.0 Mask: 255.255.255.0 Protocol: #DIRECT Preference: 0 *NextHop: 10.1.1.2 Interface: 10.1.1.2(Vlan-interface1) Vlinkindex: 0 State: <Int ActiveU Retain Unicast> Age: 7:24 Cost: 0/0

**Destination: 10.1.1.2 Mask: 255.255.255.255 Protocol: #DIRECT Preference: 0 *NextHop: 127.0.0.1 Interface: 127.0.0.1(InLoopBack0) Vlinkindex: 0 State: <NoAdvise Int ActiveU Retain Gateway Unicast> Age: 7:24 Cost: 0/0

Table 35 Output description of the ip routing-table acl verbose command

Field Description

Destination Destination address

Mask Mask


Preference Routing preference

Nexthop Next hop IP address

Interface Outbound interface, through which the data packets destined for the destination network segment are to be transmitted

Vlinkindex Virtual link index

State Descriptions on the route state are as follows:

ActiveU — Valid unicast route. "U" stands for unicast.

Blackhole — Blackhole route is the same as reject route except that a router drops a packet traveling along a blackhole route without sending ICMP unreachable messages to the source of the packets.

Delete — The route is deleted.

Gateway — The route is not a direct route.

Hidden — The route is a hidden route. For routes that are temporarily unavailable for some reasons (such as the policy configured or the interface is down), you can hide them for later use.

Holddown — The route is held down. Holddown is a kind of route advertisement policy used in some D-V (distance vector) routing protocols (such as RIP) to avoid the propagation of some incorrect routes and improve the transmission speed of route-unreachable information. For details, refer to corresponding routing protocols.

Int — The route is discovered by the internal gateway protocol (IGP).

NoAdvise — The route is not advertised when the router advertises routes based on policies.

NotInstall — The route are not loaded to the core routing table but can be advertised. Normally, the routes with the highest preference in the routing table are loaded to the core routing table and are advertised.

Reject — The packets travel along the route will be dropped. Besides, the router sends ICMP unreachable messages to the source of the dropped packets. The Reject routes are usually used for network testing.

Retain — The route is not deleted when the routes read from the core routing table are deleted. You can enable static routes to remain in the core routing table by configure them to be in retain state.

Static — The route is not lost when you perform the save operation and then restart the router. Routes marked as Static are configured manually.

Unicast — The route is a unicast route.

3Com Switch 4200G Family display ip routing-table acl ● 203 Command Reference


■ Any view.

Description This command is used to display the routes that passed the filtering rules in the specified ACL.

The command only displays routes that passed basic ACL filtering rules.

Age The time period during which the route is allowed in the routing table, in the form of hh:mm:ss.

Cost Cost of the route

Table 35 Output description of the ip routing-table acl verbose command

Field Description

204 ● display ip routing-table ip-address 3Com Switch 4200G Family Command Reference

display ip routing-table ip-address

Purpose Use the display ip routing-table ip-address command to display the information about the routes leading to the destination.

Syntax display ip routing-table ip-address [ mask ] [ longer-match ] [ verbose ]

Parameters ip-address Specifies the destination IP address, in dotted decimal notation.

mask Specifies either the mask of the destination IP address, which can be in dotted decimal notation or be an integer ranging from 0 to 32.

longer-match Displays all the routes leading to the destination coupled with the default mask.

verbose Displays the detailed information about the active and inactive routes leading to the destination. If this keyword is not specified, only the summary information about the active routes is displayed.

Example Display the summary information of the corresponding routes with destination addresses matched within the natural mask range.

<S4200G> display ip routing-table 169.0.0.0Destination/Mask Protocol Pre Cost Nexthop Interface169.0.0.0/16 Static 60 0 2.1.1.1 LoopBack1

For the explanations of the displayed information, see Table 36.

Display the summary information the longest matched routes.

<S4200G> display ip routing-table 169.253.0.0Destination/MaskProtocolPreCost NexthopInterface169.0.0.0/8Static6002.1.1.1LoopBack1

Display the detailed information of the routes with destination addresses matched within the natural mask range.


Field Description




Cost Route cost



3Com Switch 4200G Family display ip routing-table ip-address ● 205 Command Reference

<S4200G> display ip routing-table 169.0.0.0 verboseRouting Tables:Generate Default: no+ = Active Route, - = Last Active, # = Both* = Next hop in useSummary count:2**Destination: 169.0.0.0Mask: 255.0.0.0

Protocol: #StaticPreference: 60*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)Vlinkindex: 0State: <Int ActiveU Static Unicast>Age: 3:47Cost: 0/0Tag: 0

**Destination: 169.0.0.0Mask: 255.254.0.0Protocol: #StaticPreference: 60*NextHop: 2.1.1.1Interface: 2.1.1.1(LoopBack1)Vlinkindex: 0State: <Int ActiveU Static Unicast>Age: 3:47Cost: 0/0Tag: 0

Display the detailed information of the longest matched routes.

<S4200G> display ip routing-table 169.253.0.0 verboseRouting Tables:Generate Default: no+ = Active Route, - = Last Active, # = Both* = Next hop in useSummary count:1**Destination: 169.0.0.0Mask: 255.0.0.0

Protocol: #StaticPreference: -60*NextHop: 2.1.1.1Vlinkindex: 0State: <Int ActiveU Static Unicast>Age: 3:47Cost: 0/0Tag: 0

Refer to Table 37 for the description on the output fields.

Table 37 Output Description of the ip routing-table acl verbose command

Field Description


Mask Mask






206 ● display ip routing-table ip-address 3Com Switch 4200G Family Command Reference


■ Any view

Description The output information of this command differs with the arguments/keywords specified as follows:

■ display ip routing-table ip-address

For the destination address ip-address, if there are some routes matched within the natural mask range, all subnet routes will be displayed. Otherwise, only the active routes which match ip-address longest will be displayed.

■ display ip routing-table ip-address mask


















Field Description

3Com Switch 4200G Family display ip routing-table ip-address ● 207 Command Reference

Only the routes that match exactly the specified destination address and mask are displayed.

■ display ip routing-table ip-address longer-match

All routes with destination addresses matched within the natural mask range will be displayed.

If the destination address, ip_address, has a corresponding route in natural mask range, this command will display all subnet routes or only the route best matching the destination address, ip_address, is displayed. And only the active matching route is displayed.

208 ● display ip routing-table ip-address1 ip-address2 3Com Switch 4200G Family Command Reference

display ip routing-table ip-address1 ip-address2

Purpose Use the display ip routing-table ip-address1 ip-address2 command to display the information about the routes with their destinations within the specified destination IP address range.

Syntax display ip routing-table ip-address1 mask1 ip-address2 mask2

[ verbose ]

Parameters ip-address1 ip-address2 Specifies the destination IP addresses in dotted decimal notation.

ip-address1 and mask1 Together with ip-address2 and mask2 determine an IP address range. The starting address of the IP address range is obtained by performing an AND operation between the ip-address1 and mask1 arguments, and the end address of the IP address range is obtained by permorming an AND operation between the ip-address2 and mask2 arguments.

ip-address2 and mask2 Specifies the IP address masks. These two arguments can be in dotted decimal notation or two integers ranging from 0 to 32.

verbose Displays the detailed information about the active and inactive routes. If you do not specify this keyword, only the summary information about the active routes is displayed.

Example Display the information about the routes with their destinations within the range of 1.1.1.0 to 2.2.2.0.

<S4200G> display ip routing-table 1.1.1.0 24 2.2.2.0 24Routing tables: Summary count: 3Destination/Mask Protocol Pre Cost Nexthop Interface1.1.1.0/24 DIRECT 0 0 1.1.1.1 Vlan-interface1

For detailed description of output information, refer to Table 33.


Field Description




Cost Route cost


3Com Switch 4200G Family display ip routing-table ip-address1 ip-address2 ● 209 Command Reference


■ Any view



Field Description

210 ● display ip routing-table ip-prefix 3Com Switch 4200G Family Command Reference

display ip routing-table ip-prefix

Purpose Use the display ip routing-table ip-prefix command to display the information about the routes matching a specified IP prefix list.

Syntax display ip routing-table ip-prefix ip-prefix-name [ verbose ]

Parameters ip-prefix-name Specifies the name of an ip prefix list, consisting of a string from 1 to 19 characters long.

verbose Displays the detailed information about the active and inactive routes matching a specified IP prefix list. If you do not specify this keyword, only the summary information about the active routes matching the IP prefix list is displayed.

Example Display the summary information about the active routes matching the IP prefix list named abc2 (assuming that the IP prefix list permits the routes with their prefix being 10.1.1.0 and the mask length in the range of 24 to 32).

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ip ip-prefix abc2 permit 10.1.1.0 24 less-equal 32[S4200G] display ip routing-table ip-prefix abc2Routes matched by ip-prefix abc2: Summary count: 2Destination/Mask Protocol Pre Cost Nexthop Interface10.1.1.0/24 DIRECT 0 0 10.1.1.2 Vlan-interface110.1.1.2/32 DIRECT 0 0 127.0.0.1 InLoopBack0


Display the detailed information about the active and inactive routes matching the IP prefix list named abc2.

<S4200G> display ip routing-table ip-prefix abc2 verboseRoutes matched by ip-prefix abc2: + = Active Route, - = Last Active, # = Both * = Next hop in use


Field Description




Cost Route cost



3Com Switch 4200G Family display ip routing-table ip-prefix ● 211 Command Reference

Summary count: 2

**Destination: 10.1.1.0 Mask: 255.255.255.0 Protocol: #DIRECT Preference: 0 *NextHop: 10.1.1.2 Interface: 10.1.1.2(Vlan-interface1) Vlinkindex: 0 State: <Int ActiveU Retain Unicast> Age: 3:23:44 Cost: 0/0 Tag: 0

**Destination: 10.1.1.2 Mask: 255.255.255.255 Protocol: #DIRECT Preference: 0 *NextHop: 127.0.0.1 Interface: 127.0.0.1(InLoopBack0) Vlinkindex: 0 State: <NoAdvise Int ActiveU Retain Gateway Unicast> Age: 3:23:44 Cost: 0/0 Tag: 0



Field Description


Mask Mask






212 ● display ip routing-table ip-prefix 3Com Switch 4200G Family Command Reference


■ Any view

Description You can use this command to trace routing policies and display the routes matching a specified IP prefix list.

If the specified IP prefix list does not exist, the detailed information about all the active and inactive routes is displayed when you execute this command with the verbose keyword specified, and only the summary information about all the active routes is displayed if you execute this command with the verbose keyword not specified.

Without the verbose parameter, this command displays the summary of the active routes that passed filtering rules.


















Field Description

3Com Switch 4200G Family display ip routing-table protocol ● 213 Command Reference

display ip routing-table protocol

Purpose Use the display ip routing-table protocol command to display the information about specific routes.

Syntax display ip routing-table protocol protocol [ inactive | verbose ]

Parameters protocol Enter one of the following:

■ direct: Displays the direct connection route information

■ static: Displays the static route information.

inactive Displays inactive route information. If you do not specify this keyword, the information about both active and inactive routes is displayed.

verbose Displays the detailed route information. If you do not specify this keyword, only the summary route information is displayed.

Example To display a summary of all direct connection routes, enter the following:

Display the summary information about all the direct routes.<S4200G> display ip routing-table protocol directDIRECT Routing tables:Summary count: 4DIRECT Routing tables status:<active>:Summary count: 3Destination/MaskProtocol Pre Cost Nexthop Interface20.1.1.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0127.0.0.0/8 DIRECT 0 0 127.0.0.1 InLoopBack0127.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0DIRECT Routing tables status:<inactive>:Summary count: 1Destination/Mask Protocol Pre Cost Nexthop Interface210.0.0.1/32 DIRECT 0 0 127.0.0.1 InLoopBack0

Display the information about the static routs.

<S4200G> display ip routing-table protocol staticSTATIC Routing tables: Summary count: 1STATIC Routing tables status:<active>: Summary count: 0STATIC Routing tables status:<inactive>: Summary count: 1Destination/Mask Protocol Pre Cost Nexthop Interface1.2.3.0/24 STATIC 60 0 1.2.4.5 Vlan-interface1

For detailed description of output information, refer to Table 33.

214 ● display ip routing-table protocol 3Com Switch 4200G Family Command Reference


■ Any view


Field Description




Cost Route cost



3Com Switch 4200G Family display ip routing-table radix ● 215 Command Reference

display ip routing-table radix

Purpose Use the display ip routing-table radix command to view the route information in a hierarchical (tree) structure.

Syntax display ip routing-table radix

Parameters None

Example To display the route information, enter the following:

<S4200G> display ip routing-table radixRadix tree for INET (2) inodes 2 routes 2:

+--8+--{127.0.0.0 +-32+--{127.0.0.1


■ Any view

Table 42 Output description of the display ip routing-table radix command

Field Description

INET Address family

Inodes Number of nodes

Routes Number of routes

216 ● display ip routing-table statistics 3Com Switch 4200G Family Command Reference

display ip routing-table statistics

Purpose Use the display ip routing-table statistics command to display the statistics of a routing table.

Syntax display ip routing-table statistics

Parameters None

Example Display the statistics information about the routing table.

<S4200G> display ip routing-table statisticsRouting tables:Proto route active added deletedDIRECT 2 2 2 0STATIC 0 0 0 0Total 2 2 2 0


■ Any view

Description The statistics information displayed by this command includes:

■ The total number of routes

■ The number of the routes added/removed through protocols

■ The number of the routes with deleted flags

■ The number of the active/inactive routes

Table 43 Output description of the display ip routing-table statistics command

Field Description

Proto Routing protocol: O_ASE indicates OSPF_ASE routes, O_NSSA indicates OSPF NSSA routes, and AGGRE indicates the aggregated routes.

route Total number of routes .

active Number of active routes that are in currently in use.

added Number of the routes that are added to the routing table after the switch starts or the routing table is cleared last time.

deleted Number of the routes with deleted flags (this type of routes will be freed after a period of time).

Total Total of different types of routes.

3Com Switch 4200G Family display ip routing-table verbose ● 217 Command Reference

display ip routing-table verbose

Purpose Use the display ip routing-table verbose command to display the detailed information about a routing table.

Syntax display ip routing-table verbose

Parameters None

Example Display the detailed information about the routing table.

<S4200G> display ip routing-table verboseRouting Tables: + = Active Route, - = Last Active, # = Both * = Next hop in use

Destinations: 2 Routes: 2 Holddown: 0 Delete: 0 Hidden: 0

**Destination: 127.0.0.0 Mask: 255.0.0.0 Protocol: #DIRECT Preference: 0 *NextHop: 127.0.0.1 Interface: 127.0.0.1(InLoopBack0) State: <NoAdvise Int ActiveU Retain Unicast> Age: 57:12 Cost: 0/0

**Destination: 127.0.0.1 Mask: 255.255.255.255 Protocol: #DIRECT Preference: 0 *NextHop: 127.0.0.1 Interface: 127.0.0.1(InLoopBack0) State: <NotInstall NoAdvise Int ActiveU Retain Gateway Unicast> Age: 57:12 Cost: 0/0

The statistics of the routing table are displayed first, and then the detailed descriptions of each route. Other generated information is described in Table 44.


■ Any view

Description This command displays the detailed information about the routing table, in the order of route state, statistics of the routing table, and the information about each route.

You can use this command to display all the routes, including the inactive and invalid routes

Table 44 Output description of the display ip routing-table verbose command

Descriptor Meaning

Holddown The number of the routes that are held down.

Delete The number of deleted routes.

Hidden The number of hidden routes.

218 ● display ip socket 3Com Switch 4200G Family Command Reference

display ip socket

Purpose Use the display ip socket command to display the information about the sockets in the current system.

Syntax display ip socket [ socktype sock-type ] [ task-id socket-id ]

Parameters sock-type Specifies the type of a socket. The value can be 1, 2, and 3 corresponding to TCP, UDP, and raw IP respectively.

task-id Specifies the ID of a task, with the value ranging from 1 to 100.

socket-id Specifies the ID of a socket, with the value ranging from 0 to 3072.

Example To display the information about the socket of TCP type, enter the following:

<S4200G>display ip socket socktype 1SOCK_STREAM:Task = VTYD(18), socketid = 1, Proto = 6,LA = 0.0.0.0:23, FA = 0.0.0.0:0,sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,socket option = SO_ACCEPTCONN SO_KEEPALIVE SO_SENDVPNID SO_SETKEEPALIVE,socket state = SS_PRIV SS_ASYNC

Task = VTYD(18), socketid = 2, Proto = 6,LA = 10.153.17.99:23, FA = 10.153.17.56:1161,sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE,socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC

Task = VTYD(18), socketid = 3, Proto = 6,LA = 10.153.17.99:23, FA = 10.153.17.82:1121,sndbuf = 8192, rcvbuf = 8192, sb_cc = 0, rb_cc = 0,socket option = SO_KEEPALIVE SO_OOBINLINE SO_SENDVPNID SO_SETKEEPALIVE,socket state = SS_ISCONNECTED SS_PRIV SS_ASYNC

Table 45 Output description of the display ip socket command

Field Description

SOCK_STREAM The socket type

Task The ID of a task

socketid The ID of a socket

Proto The protocol number used by the socket

sndbuf The sending buffer size of the socket

rcvbuf The receiving buffer size of the socket

sb_cc The current data size in the sending buffer. The value makes sense only for the socket of TCP type, because only TCP is able to cache data

rb_cc The current data size in the receiving buffer

3Com Switch 4200G Family display ip socket ● 219 Command Reference


■ Any view

socket option The option of the socket

socket state The state of the socket

Table 45 Output description of the display ip socket command (continued)

Field Description

220 ● display ip statistics 3Com Switch 4200G Family Command Reference

display ip statistics

Purpose Use the display ip statistics command to view the statistics information about IP packets.

Syntax display ip statistics

Parameters None

Example To view statistics about IP packets, enter the following:

<S4200G>display ip statistics Input: sum 7120 local 112 bad protocol 0 bad format 0 bad checksum 0 bad options 0 Output: forwarding 0 local 27 dropped 0 no route 2 compress fails 0 Fragment:input 0 output 0 dropped 0 fragmented 0 couldn't fragment 0 Reassembling:sum 0 timeouts 0

Table 46 Output Description of the display ip statistics command

Field Description

Input: sum Sum of input packets

local Number of received packets whose destination is the local device

bad protocol Number of packets with wrong protocol number

bad format Number of packets in bad format

bad checksum Number of packets with wrong checksum

bad options Number of packets that has wrong options

Output: forwarding Number of forwarded packets

local Number of packets that are sent by the local device

dropped Number of dropped packets during transmission

no route Number of packets that cannot be routed

compress fails Number of packets that cannot be compressed

Fragment: input Number of input fragments

output Number of output fragments

dropped Number of dropped fragments

fragmented Number of packets that are fragmented

couldn't fragment Number of packets that cannot be fragmented

Reassembling: sum Number of packets that are reassembled

timeouts Number of packets that time out

3Com Switch 4200G Family display ip statistics ● 221 Command Reference


■ Any view

Related Commands ■ display ip interface vlan-interface

■ reset ip statistics

222 ● display isolate port 3Com Switch 4200G Family Command Reference

display isolate port

Purpose Use the display isolate port command to display the information about the Ethernet ports added to an isolation group.

Syntax display isolate port

Parameters None

Example Display the information about the Ethernet ports added to the isolation group.

<S4200G>display isolate portIsolated port(s) on UNIT 1: GigabitEthernet1/0/2, GigabitEthernet1/0/3, GigabitEthernet1/0/4


■ Any view

3Com Switch 4200G Family display lacp system-id ● 223 Command Reference

display lacp system-id

Purpose Use the display lacp system-id command to view actor system ID, including system priority and system MAC address.

Syntax display lacp system-id

Parameters None

Example To display the local system ID.

<S4200G> display lacp system-idActor System ID: 0x8000, 00e0-fc00-0100


■ Any view

Related Commands ■ link-aggregation group description

■ link-aggregation group mode

224 ● display link-aggregation interface 3Com Switch 4200G Family Command Reference

display link-aggregation interface

Purpose Use the display link-aggregation interface command to display the link aggregation details about a specified port or port range.

Syntax display link-aggregation interface { interface-type interface-number [ to { interface-type interface-number ]

Parameters interface-type Specifies the port type. You can specify multiple sequential ports with the to parameter, instead of specifying only one port.

interface-name Specifies the port name

to Specifies a port range.

Example Display the link aggregation details on the GigabitEthernet1/0/1 port.

<S4200G> display link-aggregation interface GigabitEthernet1/0/1 GigabitEthernet1/0/1: Selected AggID: 1 Local: Port-Priority: 32768, Oper key: 2, Flag: 0x45 Remote: System ID: 0x8000, 0000-0000-0000 Port Number: 0, Port-Priority: 32768 , Oper-key: 0, Flag: 0x38 Received LACP Packets: 0 packet(s), Illegal: 0 packet(s) Sent LACP Packets: 0 packet(s)


■ Any view

Table 47 Description on the fields of the display link-aggregation interface command

Field Description

Selected AggID ID of the aggregation group to which the specified port belongs

Local:

Port-Priority: 32768, Oper key: 1, Flag: 0x00

Port priority, operation key and status flag of the local end

Remote:

System ID: 0x0, 0000-0000-0000

Port Number: 0, Port-Priority: 0, Oper-key: 0, Flag: 0x00

Device ID, MAC address, port number, port priority, operation key and status flag of the remote end

3Com Switch 4200G Family display link-aggregation interface ● 225 Command Reference

Description Use the display link-aggregation interface command to display the link aggregation details about a specified port or port range, including:

■ Link aggregation group ID, port priority, operation key and protocol status flag of the port at the local end,

■ Device ID, port number, port priority, operation key and protocol status flag at the remote end, and,

■ LACP protocol packet statistics

For a manual aggregation group, value 0 is displayed for all the above items of the remote end (which does not indicate the real information of the remote end), since information about the remote end cannot be obtained for a manual aggregation group.

Related Command display link-aggregation verbose

226 ● display link-aggregation summary 3Com Switch 4200G Family Command Reference

display link-aggregation summary

Purpose Use the display link-aggregation summary command to display summary information of all aggregation groups, including device ID of the local end, aggregation group ID, aggregation group type, device ID of the remote end, number of the selected ports, number of the unselected ports, load sharing type and master port number.

Syntax display link-aggregation summary

Parameters None

Example To display summary information of all aggregation information, enter the following:

<S4200G> display link-aggregation summary

Aggregation Group Type:D -- Dynamic, S -- Static , M -- ManualLoadsharing Type: Shar -- Loadsharing, NonS -- Non-LoadsharingActor ID: 0x8000, 00e0-fc00-5104

AL AL Partner ID Select Unselect Share Master ID Type Ports Ports Type Port------------------------------------------------------------------------------- 1 S 0x8000,0000-0000-0000 0 1 NonS GigabitEthernet1/0/2 2 M none 0 1 NonS GigabitEthernet1/0/3


■ Any view

Table 48 Description of the fields of the display link -aggregation summary command

Field Description

Actor ID Device ID and MAC address of the local end

AL ID Aggregation group ID

AL Type Aggregation group type: D (dynamic), S (static), or M (manual)

Partner ID Device ID and MAC address of the remote end

Select Ports Number of the selected ports

Unselect Ports Number of the unselected ports

Share Type Load sharing type: Shar (load-sharing), or NonS (non-load-sharing)

Master Port Number of the master port

3Com Switch 4200G Family display link-aggregation verbose ● 227 Command Reference

display link-aggregation verbose

Purpose Use the display link-aggregation verbose command to display the details about a specified aggregation group.

Syntax display link-aggregation verbose [ agg-id ]

Parameters agg-id Aggregation group ID, which must be the valid ID of an existing aggregation group. Valid values are 1 to 50.

Example To display detailed information about aggregation group 1, enter the following:

<S4200G> display link-aggregation verbose 1Loadsharing Type: Shar -- Loadsharing, NonS -- Non-LoadsharingFlags: A -- LACP_Activity, B -- LACP_timeout, C -- Aggregation, D -- Synchronization, E -- Collecting, F -- Distributing, G -- Defaulted, H -- Expired

Aggregation ID: 1, AggregationType: Static, Loadsharing Type: NonSAggregation Description:System ID: 0x8000, 00e0-fc00-5104Port Status: S -- Selected, U -- UnselectedLocal:Port Status Priority Key Flag------------------------------------------------------------------------------GigabitEthernet1/0/2 U 32768 2 {ACG}GigabitEthernet1/0/5 U 1 2 {ACG}

Remote:Actor Partner Priority Key SystemID Flag------------------------------------------------------------------------------GigabitEthernet1/0/2 0 32768 0 0x8000,0000-0000-0000 {DEF}GigabitEthernet1/0/5 0 32768 0 0x8000,0000-0000-0000 {DEF}


■ Any view

Description Use the display link-aggregation verbose command to display the details about a specified aggregation group, including:

■ Aggregation group ID, aggregation group type, load sharing type, aggregation group description,

■ Local end details: device ID, member port, port status, port priority, operation key and protocol status flag, and

■ Remote end details: local end port, and corresponding port index, port priority, operation key, device ID and protocol status flag of the remote end.

For a manual aggregation group, value 0 is displayed for all the above items of the remote end (which does not indicate the real information of the remote end), since

228 ● display link-aggregation verbose 3Com Switch 4200G Family Command Reference

information about the remote end cannot be obtained for a manual aggregation group.

3Com Switch 4200G Family display local-server statistics ● 229 Command Reference

display local-server statistics

Purpose Use the display local-server statistics command to view the statistics of all local RADIUS authentication server.

Syntax display local-server statistics

Parameters None

Example To display the statistics about local RADIUS authentication server, enter the following:

<S4200G> display local-server statisticsThe localserver packet statistics:Receive: 30 Send: 30Discard: 0 Receive Packet Error: 0Auth Receive: 10 Auth Send: 10Acct Receive: 20 Acct Send: 20


■ Any view

Related Command local-server

230 ● display local-user 3Com Switch 4200G Family Command Reference

display local-user

Purpose Use the display local-user command to view information about all the local users or the specified one(s).

Syntax display local-user [ domain isp-name | idle-cut { enable | disable } | vlan vlanid | service-type { ftp | lan-access | ssh | telnet | terminal } | state { active | block } | user-name user-name ]

Parameters domain isp-name Specifies that all the local users in the specified ISP domain are displayed.isp-name specifies the ISP domain name with a character string up to 24 characters in length. The specified ISP domain must exist.

idle-cut Displays the local users who are inhibited from enabling the idle-cut function, or the local users who are allowed to enable the idle-cut function.

■ enable displays local users that are allowed.

■ disable displays local users that are prohibited.

vlan vlan-id Displays the local users belonging to the specified VLAN. vlan-id is an integer ranging from 1 to 4094.

service-type Displays the local users of a specified type. One of the following user types can be specified:

■ ftp

■ lan-access (Ethernet accessing users, 802.1x application for example)

■ ssh

■ telnet

■ terminal (users who log into the switch through the Console port)

state Displays the local users in the specified state.

■ active means that the system allows the user requesting network service

■ block means the system does not allow the user requesting network service.

user-name user-name Specifies the connections to display using the user-name. The user-name is a character string up to 32 characters in length. The string cannot contain the following characters:

■ /

■ :

■ *

3Com Switch 4200G Family display local-user ● 231 Command Reference

■ ?

■ <

■ >


Example Display information about all local users.

<S4200G> display local-userThe contents of local user user1: State: Active ServiceType Mask: None Idle-cut: Disable Access-limit: Disable Current AccessNum: 0 Bind location: Disable Vlan ID: Disable IP address: Disable MAC address: Disable

Total 1 local user(s) Matched, 1 listed.ServiceType Mask Meaning: C--Terminal F--FTP L--LanAccess S--SSH T-Telnet

The following table describes the fields in the display output.


■ Any view

Description This command displays the relevant information about a specified or all the local users. The output can help you with the fault diagnosis and troubleshooting related to local user.

Related Command local-user

Table 49 Description on the fields of the display local-user command

Field Description

State State of the local user

ServiceType Mask Service type mark

Idle-Cut State of the idle-cut function

Access-Limit Limit on the number of access users

Current AccessNum Number of current access users

Bind location Whether or not bound to a port

Vlan ID VLAN of the user

IP address IP address of the user

MAC address MAC address of the user

232 ● display logbuffer 3Com Switch 4200G Family Command Reference

display logbuffer

Purpose Use the display logbuffer command to display the status of the log buffer and the records in the log buffer.

Syntax display logbuffer [ unit unit-id ] [ level severity | size buffersize ]* [ | { begin | exclude | include } regular-expression ]

Parameters unit-id Unit identification

level Specifies an information severity level.

severity Information severity, ranging from 1 to 8.

size Specifies the size of the memory buffer you want to display.

buffersize Size of the memory buffer, represented by the number of messages it holds. It ranges from 1 to 1024 and defaults to 256.

| Filters output configuration information with a regular expression.

begin Displays configurations with the specified starting characters.

exclude Displays configurations excluding the specified characters.

include Displays configurations including the specified characters.

regular-expression Regular expression.

Example Display the status of the log buffer and the records in the log buffer.

screen display <S4200G> display logbufferLogging buffer configuration and contents:enabledAllowed max buffer size : 1024

Table 50 Severity definitions made on the information center

Severity Value Description

emergencies 1 Emergent errors

alerts 2 Errors that need to be corrected immediately

critical 3 Critical errors

errors 4 Errors that need to be considered but are not critical

warnings 5 Warnings that prompt possible errors

notifications 6 Information that needs to be noticed

informational 7 Normal prompting information

debugging 8 Debug information

3Com Switch 4200G Family display logbuffer ● 233 Command Reference

Actual buffer size : 512Channel number : 4 , Channel name : logbufferDropped messages : 0Overwritten messages : 0Current messages : 91


■ Any view

234 ● display logbuffer summary 3Com Switch 4200G Family Command Reference

display logbuffer summary

Purpose Use the display logbuffer summary command to display the summary of the log buffer.

Syntax display logbuffer summary [ level severity ]

Parameters Level severity Specifies an information severity level. Valid values are 1 to 8.

Example Display the summary of the log buffer.

<S4200G> display logbuffer summaryEMERG ALERT CRIT ERROR WARN NOTIF INFO DEBUG0 0 0 0 94 0 1 0


■ Any view

3Com Switch 4200G Family display-loopback-detection ● 235 Command Reference

display-loopback-detection

Purpose Use the display loopback-detection command to display the loopback detection status on the port.

Syntax display loopback-detection

Parameters None

Example Display whether loopback detection function is enabled or not.

<S4200G> display loopback-detectionPort GigabitEthernet1/0/1 loopback-detection is runningSystem Loopback-detection is runningDetection interval time is 30 secondsThere is no port existing loopback link


■ Any view

Description If loopback detection is enabled, the time interval for loopback detection and the loopback ports will also be displayed.

Table 51 Explanation of fields involved in loopback detection function

Fields Explanation

Port GigabitEthernet1/0/1 loopback-detection is running.

Loopback detection function for GigabitEthernet1/0/1 is enabled.

System Loopback-detection is running. System loopback detection function is enabled.

Detection interval time is 30 seconds. Detection time interval is set to be 30 seconds.

There is no port existing loopback link. Currently no port is detected with loopback.

236 ● display mac-address 3Com Switch 4200G Family Command Reference

display mac-address

Purpose Use the display mac-address command to display MAC address table information.

Syntax display mac-address [ display-option ]

Parameters display-option Option used to display specific MAC address table information, as described in Table 52.

mac-addr Specifies the MAC address.

static Displays static MAC address entries. (A static MAC address entry does not age.)

dynamic Displays dynamic MAC address entries. (A dynamic MAC address entry ages with time.)

blackhole Displays blackhole MAC address entries. (A blackhole MAC address entry does not age.)

interface-type Specifies the port type.

interface-number Specifies the port number.

vlan-id Specifies the VLAN ID. Valid values are 1 to 4094.

count Displays only the total number of MAC address entries. in the MAC address table if the user enters this parameter when using this command.

statistics Displays the statistics on the MAC address entries.

Example Display the MAC address table information about the MAC address of 00e0-fc01-0101.

<S4200G> display mac-address 00e0-fc01-0101MAC ADDR VLAN ID STATEPORT INDEX AGING TIME(s)00

Table 52 Descriptions for the display-option argument

Value Description

mac-address [ vlan vlan-id ] Displays information about a specified MAC address entry.

{ static | dynamic | blackhole } [ interface interface-type interface-number ] [ vlan vlan-id ] [ count ]

Displays information about dynamic, static, or blackhole MAC address entries.

interface interface-type interface-number [ vlan vlan-id ] [ count ]

Displays information about the MAC address entries concerning a specified port.

vlan vlan-id [ count ] Displays information about the MAC address entries concerning a specified VLAN.

count Displays the total number of the MAC address entries of the switch.

statistics Displays the statistics on the MAC address entries.

3Com Switch 4200G Family display mac-address ● 237 Command Reference


■ Any view

Description Use the display mac-address command to display information about MAC address entries in a MAC address table, including: MAC address, VLAN and port corresponding to the MAC address, the type (static or dynamic) of a MAC address entry, aging time and so on.

Related Commands ■ mac-address

■ mac-address timer

Table 53 Description of the fields for the display mac-address command

Field Description

MAC ADDR MAC address

VLAN ID ID of the VLAN to which the network device identified by the MAC address belongs

STATE The state of the MAC address. The value of this field can be "Static", "Learned", and so on.

PORT INDEX Port index (including port type and port number)

AGING TIME(s) Aging time

238 ● display mac-address aging-time 3Com Switch 4200G Family Command Reference

display mac-address aging-time

Purpose Use the display mac-address aging-time command to display the aging time of the dynamic entry in the MAC address table.

Syntax display mac-address aging-time

Parameters None

Example Display the aging time of the dynamic MAC address entries.

<S4200G> display mac-address aging-timeMAC address aging time:300s.

The output information indicates that the aging time of the dynamic MAC address entries is 300 second.


■ Any view

Related Commands ■ display mac-address

■ mac-address

■ mac-address timer

3Com Switch 4200G Family display mac-address multicast static ● 239 Command Reference

display mac-address multicast static

Purpose Use the display mac-address multicast static command to display the multicast MAC address entries manually configured on the switch, with each entry containing the following information: multicast MAC address, VLAN ID, MAC address state, port number(s), and aging time of each port.

Syntax display mac-address multicast static [ count | mac-address vlan vlan-id | vlan vlan-id ]

Parameters mac-address vlan vlan-id Multicast MAC address entry in a specified VLAN.

Example Display all the multicast MAC address entries manually configured in VLAN 1.

<S4200G>display mac-address multicast static vlan 1MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)0100-0000-0001 1 Config static GigabitEthernet1/0/1 NOAGED000f-e207-f2e0 1 Learned GigabitEthernet1/0/28 AGING--- 2 mac address(es) found ---


■ Any view

Description ■ Executing this command with neither mac-address vlan vlan-id nor vlan vlan-id will display all the multicast MAC address entries added on the switch.

■ Executing this command with vlan vlan-id but without mac-address will display all the multicast MAC address entries manually added in the specified VLAN.

■ Executing this command with both mac-address and vlan vlan-id will display the multicast MAC address entry manually added in the specified VLAN with the specified multicast MAC address.

240 ● display mac-address security 3Com Switch 4200G Family Command Reference

display mac-address security

Purpose Use the display mac-address security command to display the information about Security MAC address.

Syntax display mac-address security [ interface interface-type interface-number ] [ vlan ] [ count ]

Parameters interface-type Specifies the interface type.


vlan-id Specifies the VLAN ID.

count Displays the number of the Security MAC address.

Example Display the Security MAC address configuration on GigabitEthernet1/0/1 port.

<S4200G> display mac-address security interface GigabitEthernet1/0/1MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)0001-0001-0001 1 Security GigabitEthernet1/0/2 NOAGED

--- 1 mac address(es) found on port GigabitEthernet1/0/1 ---


■ Any view

Description By checking the output of this command, you can verify the current configuration.

3Com Switch 4200G Family display mac-authentication ● 241 Command Reference

display mac-authentication

Purpose Use the display mac-authentication command to display global information about centralized MAC address authentication

The information shown includes:

■ The state of centralized MAC address authentication (enabled/disabled)

■ Timer settings

■ The number of online users

■ The MAC addresses in quiet period

■ MAC authentication information about each port

Syntax display mac-authentication [ interface interface-list ]

Parameters interface-list Specifies the list of Ethernet ports. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } where <1–10 means that you can provide up to 10 port indexes/port index lists for this argument.

Example To display the global information about centralized MAC address authentication, enter the following:

<S4200G> display mac-authenticationmac address authentication is Enabled. authentication mode is UsernameAsMacAddress Fixed username:mac Fixed password:not configured offline detect period is 300s quiet period is 1 minute(s). server response timeout value is 100s max allowed user number is 1024 current user number amounts to 0 current domain: not configured, use default domainSilent Mac User info: MAC ADDR From Port Port IndexGigabitEthernet1/0/1 is link-up MAC address authentication is Enabled Authenticate success: 0, failed: 0 Current online user number is 1MAC ADDR Authenticate state AuthIndex000d-88f8-4e71 MAC_AUTHENTICATOR_SUCCESS 0……

242 ● display mac-authentication 3Com Switch 4200G Family Command Reference


■ Any view

Table 54 Description on the fields of the display mac-authentication command

Field Description

mac address authentication is Enabled

Centralized MAC address authentication is enabled.

authentication mode Centralized MAC address authentication mode. The default is the MAC address mode.

the Fixed username User name used in the fixed mode, which defaults to mac.

the Fixed password Password used in the fixed mode, which is not configured by default.

offline detect period Setting of the offline detect timer, which sets the time interval to check whether a user goes offline and defaults to 300 seconds.

quiet period Setting of the quiet timer, which sets the quiet period. A switch goes through a quiet period if a user fails to pass the MAC address authentication. The default value is 1 minute.

server response timeout value Setting of the server timeout timer, which sets the timeout time for the connection between a switch and the RADIUS server. By default, it is 100 seconds.

max allowed user number The maximum number of users supported by the switch. It is 1,024 by default.

current user number amounts to The current number of users

current domain The current domain. It is not configured by default.

Silent Mac User info The information about the silent user. When the user fails to pass MAC address authentication because of inputting error user name and password, the switch sets the user to be in quiet state. During quiet period, the switch does not authenticate this user.

GigabitEthernet1/0/1 is link-up The link connected to GigabitEthernet1/0/1 port is up.

MAC address authentication is Enabled

MAC address authentication is enabled for GigabitEthernet1/0/1 port.

Authenticate success: 0, failed: 0 Statistics of the MAC address authentications performed on the port, including the numbers of successful and failed authentication operations.

Current online user number The number of the users current access the network through the port

Authenticate state The state of the users accessing the network through the port, which can be:

■ CONNECTING: Connecting

■ SUCCESS: Authentication passed

■ FAILURE: Fail to pass authentication

■ LOGOFF: Offline

MAC ADDR Peer MAC address

Authenticate state State of the current MAC address authentication

AuthIndex Index of the current MAC address with regard to the authentication port

3Com Switch 4200G Family display memory ● 243 Command Reference

display memory

Purpose Use the display memory command to display the memory usage of a specified switch.

Syntax display memory [ unit unit-id ]

Parameters unit-id Specifies the unit ID.

Example Display the memory usage of this switch.

<S4200G>display memoryUnit 1System Available Memory(bytes): 37238784System Used Memory(bytes): 8201352Used Rate: 22%

The displayed information is defined in Table 55.


■ Any view

Table 55 Memory status

Field Description

System Available Memory(bytes) Available memory size of the system, in unit of bytes.

System Used Memory(bytes) Used memory size of the system, in unit of bytes.

Used Rate Percentage of the used memory.

244 ● display mirroring-group 3Com Switch 4200G Family Command Reference

display mirroring-group

Purpose Use the display mirroring-group command to display the parameter settings of a port mirroring group.

Syntax display mirroring-group { group-id | all | local | remote-destination | remote-source }

Parameters group-id The group number of a port mirroring group. Valid values are 1 to 20.

local Signifies that the specified mirroring group is a local port mirroring group.

remote-destination Signifies that the specified mirroring group is the destination group for remote mirroring.

remote-source Signifies that the specified mirroring group is the source group for remote mirroring.

all All mirroring groups.

Example Display the parameter settings of the port mirroring group.

<S4200G> display mirroring-group allmirroring-group 2: type: local status: active mirroring port: GigabitEthernet1/0/20 both mirroring mac: mirroring vlan: monitor port: GigabitEthernet1/0/22


■ Any view

Description Local mirroring group information includes:

■ Group number

■ Group type: local

■ Group status

■ Information of the monitored port

■ Information of the monitored MAC address

■ Information of the monitored VLAN

■ Information of the monitoring port

Information displayed on the destination mirroring group of remote mirroring includes:

■ Group number

■ Group type: remote-destination

3Com Switch 4200G Family display mirroring-group ● 245 Command Reference

■ Group status

■ Information of the destination port

■ Remote-probe vlan information

Information displayed on the source mirroring group of remote mirroring includes:

■ Group number

■ Group type: remote-source

■ Group status

■ Information of the source port

■ Information of the monitored MAC address

■ Information of the monitored VLAN

■ Information of the reflector port

■ Remote-probe vlan information

246 ● display ndp 3Com Switch 4200G Family Command Reference

display ndp

Purpose Use the display ndp command to display global NDP configuration information, including the interval to send NDP packets, the holdtime of NDP information, and the information about the neighbors of all the ports.

Syntax display ndp [ interface port-list ]

Parameters interface port-list Specifies a list of ports. The list can contain consecutive or separated ports, or the combination of the both. You need to provide the port-list argument in the form of { interface-type interface-number | interface-name } [ to { interface-type interface-number | interface-name } ] } &<1-10>, where interface-type specifies the port type, and interface-number specifies the port number (in the form of slot number/port number).

Example Display NDP configuration information.

<S4200G> display ndpNeighbor Discovery Protocol is enabled. Neighbor Discovery Protocol Ver: 1, Hello Timer: 60(s), Aging Timer: 180(s) Interface: GigabitEthernet1/0/1 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/2 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/3 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/4 Status: Enabled, Pkts Snd: 28440, Pkts Rvd: 27347, Pkts Err: 0 Neighbor 1: Aging Time: 122(s) MAC Address : 00e0-fc00-2579 Port Name : GigabitEthernet1/0/4 Software Ver: V200R001B01D015 Device Name : S5126C Port Duplex : AUTO Product Ver : 5100-EI-001 Interface: GigabitEthernet1/0/5 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/6 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/7 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/8 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/9 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/10 Status: Enabled, Pkts Snd: 28450, Pkts Rvd: 26520, Pkts Err: 0 Neighbor 1: Aging Time: 134(s) MAC Address : 00e0-fc00-3133 Port Name : GigabitEthernet1/0/11

3Com Switch 4200G Family display ndp ● 247 Command Reference

Software Ver: V200R001B01D015 Device Name : S5126C Port Duplex : AUTO Product Ver : 5100-EI-001 Interface: GigabitEthernet1/0/11 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/12 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/13 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/14 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/15 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/16 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/17 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/18 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/19 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/20 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/21 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/22 Status: Enabled, Pkts Snd: 0, Pkts Rvd: 0, Pkts Err: 0 Interface: GigabitEthernet1/0/23 Status: Enabled, Pkts Snd: 28438, Pkts Rvd: 54160, Pkts Err: 0 Neighbor 1: Aging Time: 176(s) MAC Address : 000f-cbb8-9528 Port Name : GigabitEthernet1/0/20 Software Ver: V200R001B01D015 Device Name : Switch 4200G 24-Port Port Duplex : AUTO Product Ver : 5100-EI-001 Interface: GigabitEthernet1/0/24Status: Enabled, Pkts Snd: 1, Pkts Rvd: 1, Pkts Err: 0

Table 56 Description on the fields of the display ndp command

Field Description

Neighbor Discovery Protocol is enabled

The system NDP is enabled globally on the switch.

Neighbor Discovery Protocol Ver: 1

The NDP version 1 is running.

Hello Timer: The interval to send NDP packets is 60 seconds.

Aging Timer: The holdtime of the NDP information sent by the local switch is 180 seconds.

Interface: Port number that specifies a port.

Status: Enabled NDP is enabled on the port.

Pkts Snd: Number of NDP packets transmitted from a port.

Pkts Rvd: Number of NDP packets received by a port.

Pkts Err: Number of error NDP packets received by a port.

Neighbor 1: Aging Time:

The holdtime of the NDP information received from the neighbors connected to the port.

MAC Address MAC address of a neighbor device.

Port Name Port name of a neighbor device.

248 ● display ndp 3Com Switch 4200G Family Command Reference


■ Any view

Software Ver Software version of a neighbor device.

Device Name Device name of a neighbor device.

Port Duplex Port duplex mode of a neighbor device.

Product Ver Product version of a neighbor device.

Table 56 Description on the fields of the display ndp command (continued)

Field Description

3Com Switch 4200G Family display ntdp ● 249 Command Reference

display ntdp

Purpose Use the display ntdp command to display the global NTDP information. The information includes the range (in hop count) within which topology information is collected, the interval to collect topology information (the NTDP timer), the delay time for a device to forward topology-collection requests, the delay time for a topology-collection request to be forwarded through a port, and the time cost during the last topology collection.

Syntax display ntdp

Parameters None

Example Display the global NTDP information.

<S4200G>display ntdp NTDP is running. Hops : 3 Timer : 1 min (disable) Hop Delay : 200 ms Port Delay: 20 msLast collection total time: 3473ms


■ Any view

Table 57 Description of global NTDP configuration information

Field Description

NTDP is running. The global NTDP is enabled on the local device.

Hops Hops for topology collection.

Timer Interval of periodic topology collection.

Hop Delay Delay that the device forwards topology collection request.

Port Delay Delay that the port forwards topology collection request.

Last collection total time Time taken by last collection.

250 ● display ntdp device-list 3Com Switch 4200G Family Command Reference

display ntdp device-list

Purpose Use the display ntdp device-list command to display the device information collected through NTDP.

Syntax display ntdp device-list [ verbose ]

Parameters verbose Displays the detailed information about the device.

Example Display the device list collected through NTDP.

<S4200G> display ntdp device-listMAC HOP IP PLATFORM 00e0-fc00-3133 2 S5100-EI 000f-e20f-c415 2 31.31.31.5/24 S5100-EI 00e0-fc00-2579 1 S5100-EI 00e0-fc00-1751 0 31.31.31.1/24 S5100-EI 00e0-fd00-0043 2 3Com S3528P 00e0-fc00-3199 3 S5100-EI


■ Any view

Table 58 Description of device list information collected through NTD

Field Description

MAC MAC address of the device

HOP Hops to the collecting device

PLATFORM Platform information about device

IP IP address and mask length of the management VLAN interface on the device

3Com Switch 4200G Family display ntdp single-device mac-address ● 251 Command Reference

display ntdp single-device mac-address

Purpose Use the display ntdp single-device mac-address h-h-h command to display the information about a specific device in detail.

Syntax display ntdp single-device mac-address h-h-h

Parameters h-h-h MAC address of the device to be displayed.

Example Display the information about the switch whose MAC address is 00e0-fc00-5111 in detail.

[aaa_0.42-4]dis ntdp single-device mac-address 00e0-fc00-5111

Hostname : aaa_1.42-com2 MAC : 00e0-fc00-5111 Hop : 1 Platform : Switch 4200G IP : 16.168.1.2/24Version :3Com Versatile Routing Platform SoftwareVRP (R) Software, Version V3.01.00s168c03Copyright (c) Reserved.4200G 24-Port 4200G

Cluster : Member switch of cluster aaa , Administrator MAC: 00e0-fc00-5175 Stack : Independent switch

Peer MAC Peer Port ID Native Port ID Speed Duplex 00e0-fc00-5175 TenGigabitEthernet1/2/1 TenGigabitEthernet1/1/1 10000 FULL 00e0-fc00-5175 GigabitEthernet1/0/5 GigabitEthernet1/0/7 1000 FULL

Table 59 Description on the fields of the display ntdp single-device command

Field Description

Hostname System name of the device

MAC MAC address of the device

Hop Number of hops away from the collector

Platform Platform information of the device

IP IP address and mask length of VLAN 1 interface on the device

Version Version information

Cluster Cluster information

Administrator MAC MAC address of the master switch

Stack Stack information

Peer MAC MAC address of the neighboring devices

Peer Port ID ID of the neighboring device port to which the device is connected

Native Port ID ID of the local port used to connect to the neighboring device

252 ● display ntdp single-device mac-address 3Com Switch 4200G Family Command Reference


■ Cluster view

Speed Speed of the local port used to connect to the neighboring device

Duplex Operation state of the local port used to connect to the neighboring

Table 59 Description on the fields of the display ntdp single-device command

Field Description

3Com Switch 4200G Family display ntp-service sessions ● 253 Command Reference

display ntp-service sessions

Purpose Use the display ntp-service sessions command to display the status of all the sessions maintained by NTP (Network Time Protocol) service provided by the local equipment.

Syntax display ntp-service sessions [ verbose ]

Parameters verbose Displays detailed information about the NTP sessions.

Default By default, the status of all the sessions maintained by NTP service provided by the local equipment will be displayed.

Example Display the status of all the sessions maintained by NTP service.

<S4200G> display ntp-service sessions source reference stra reach pollnowoffsetdelay disper********************************************************************[12345]1.1.1.1LOCAL(0)3 377 512 178 0.040.1 22.8note: 1 source(master),2 source(peer),3 selected,4 candidate,5 configured

Description The following table describes the outputs.


■ Any view

Description When you configure this command without the verbose parameter, the Switch will only display brief information about all the sessions it maintains.

Table 60 Description on the fields of the display ntp-service sessions command

Field Description

source IP address of the synchronization source (device to be synchronized)

reference Reference clock ID of the synchronization source

stra Stratum of the clock of the synchronization source

reach Indicates whether or not the synchronization source is reachable.

poll Polling interval in seconds, that is, the maximum interval between two successive messages

now The time elapsed since the latest NTP packet is sent

offset Clock offset

delay Network delay

disper The maximum offset of the local clock with regard to the reference clock

254 ● display ntp-service sessions 3Com Switch 4200G Family Command Reference

With the verbose parameter configured, the Switch will display detailed information about all the sessions it maintains.

3Com Switch 4200G Family display ntp-service status ● 255 Command Reference

display ntp-service status

Purpose Use the command display ntp-service status to display the NTP service status.

Syntax display ntp-service status

Parameters None

Example Display NTP service status:

<S4200G> display ntp-service status Clock status: unsynchronized Clock stratum: 16 Reference clock ID: none Nominal frequency: 100.0000 Hz Actual frequency: 100.0000 Hz Clock precision: 2^17 Clock offset: 0.0000 ms


■ Any view.

Description The following table describes the outputs:

Table 61 NTP service status information

Output Meaning

clock status:unsynchronized Local clock status: do not synchronize to any remote NTP server.

clock stratum: 16 Indicates the NTP stratum of local clock

reference clock ID Address of the remote server or the ID of the reference clock after the local system is synchronized to a remote NTP server or a reference clock

nominal frequency Nominal frequency of the local system hardware clock.

actual frequency Actual frequency of the local system hardware clock.

clock precision Precision of local system clock

clock offset Offsets of the local clock to the NTP server clock.

root delay Roundtrip delay between the local system and the server that serves as the primary reference clock

root dispersion The maximum dispersion of the local clock with regard to the primary reference clock

peer dispersion The maximum dispersion of the remote NTP server

reference time Reference timestamp.

256 ● display ntp-service trace 3Com Switch 4200G Family Command Reference

display ntp-service trace

Purpose Use the display ntp-service trace command to display the brief information of each NTP time server along the time synchronization chain from the local device to the reference clock source.

Syntax display ntp-service trace

Parameters None

Example Display the brief information of each NTP time server

<S4200G> display ntp-service traceserver4: stratum 4, offset 0.0019529, synch distance 0.144135server3: stratum 3, offset 0.0124263, synch distance 0.115784server2: stratum 2, offset 0.0019298, synch distance 0.011993server1: stratum 1, offset 0.0019298, synch distance 0.011993 refid 'GPS Receiver' The above information displays the time synchronization chain of server4: serve4 is synchronized to server3, server3 is synchronized to server2, server2 is synchronized to server1, and server1 is synchronized to the reference clock source GPS Receiver.


■ Any view

3Com Switch 4200G Family display packet-filter ● 257 Command Reference

display packet-filter

Purpose Use the display packet-filter command to view the application information of packet filtering, including the ACL name, rule names, and application status.

Syntax display packet-filter { interface interface-type interface-num | unitid unit-id }

Parameters interface-type interface-num } Port of the switch.

unit-id Unit ID, used to specify to display the information of a specific unit.

Example Display the application information of packet filtering on Unit 1.

<S4200G> display packet-filter unitid 1


■ Any view

258 ● display port 3Com Switch 4200G Family Command Reference

display port

Purpose Use the display port command to display all current ports with their type indicated.

Syntax display port { hybrid | trunk | combo | vlan-vpn }

Parameters hybrid Displays the current hybrid ports.

trunk Displays the current trunked ports.

combo Displays the current combo ports.

vlan-vpn Displays all ports that have VLAN VPN enabled.

Example To display the currently configured hybrid ports, enter the following:

<S4200G>display port hybridThe following hybrid ports exist:GigabitEthernet1/0/1 Ethernet1/0/2

The example above indicates that the current configuration has two hybrid ports, Ethernet1/0/1 and Ethernet1/0/2.


■ Any view

3Com Switch 4200G Family display port-security ● 259 Command Reference

display port-security

Purpose Use the display port-security command to display the information about port security configuration (including global configuration and all or specific port configuration).

Syntax display port-security [ interface interface-list ]

Parameters interface interface-list Specifies an Ethernet port list, which can contain multiple Ethernet ports. The interface-list argument is in the format of { interface-type interface-number [ to interface-type interface-number ] } & < 1-10 >, where interface-type represents a port type, interface-number represents a port number, and & < 1-10 > means you can specify up to 10 ports or port ranges.

Example Display the security configuration on GigabitEthernet1/0/1 port.

<S4200G> display port-security interface GigabitEthernet1/0/1 Equipment port-security is enabled AddressLearn trap is Enabled Intrusion trap is Enabled Dot1x logon trap is Enabled Dot1x logoff trap is Enabled Dot1x logfailure trap is Enabled RALM logon trap is Enabled RALM logoff trap is Enabled RALM logfailure trap is EnabledVlan id assigned is NULLDisableport Timeout: 20 s OUI value:

GigabitEthernet1/0/1 is link-up Port mode is Userlogin NeedtoKnow mode is disabled Intrusion mode is disableportTemporarily max mac-address num is not configured Stored mac-address num is 0

260 ● display port-security 3Com Switch 4200G Family Command Reference


■ Any view

Description Use the display port-security command to display the information about port security configuration (including global configuration and all or specific port configuration).

By checking the output of this command, you can verify the current configuration.

CAUTION:

■ This command will display global and all ports' security configuration information if the interface-list argument is not specified.

■ This command will display global and particular port's security configuration information if the interface-list argument is specified.

Table 62 Description of the output displayed above

Field Description

Equipment port security is enabled The port security function is enabled on the switch.

addressLearn trap is Enabled Enable the sending of address-learning trap information.

Intrusion trap is Enabled Enable the sending of intrusion-detection trap information.

Dot1x logon trap is Enabled Enable the sending of 802.1x user logon (authentication success) trap information.

Dot1x logoff trap is Enabled Enable the sending of 802.1x user logoff trap information.

Dot1x logfailure trap is Enabled Enable the sending of 802.1x user authentication failure trap information.

RALM logon trap is Enabled Enable the sending of RALM logon trap information.

RALM logoff trap is Enabled Enable the sending of RALM logoff trap information.

RALM logfailure trap is Enabled Enable the sending of RALM logfailure trap information.

Vlan id assigned is NULL The delivered VLAN ID is Null.

Disableport Timeout: 20 s The temporary port-disabling time is 20 seconds.

OUI value The OUI value

GigabitEthernet1/0/1 is link-up The link state of port GigabitEthernet 1/0/1 is link-up.

Port mode is Userlogin The security mode of the port is Userlogin.

NeedtoKnow mode is disabled The NTK mode is disabled.

Intrusion mode is disableportTemporarily

The intrusion detection mode is disableportTemporarily.

Max mac-address num is not configured

The maximum number of MAC addresses allowed to access the port is not configured here.

Stored mac-address num is 0 The number of current users is zero.

3Com Switch 4200G Family display port vlan-vpn ● 261 Command Reference

display port vlan-vpn

Purpose Use the display port vlan-vpn command to display the information about the VLAN VPN configuration of the current system, including current TPID value, VLAN-VPN ports, and VLAN-VPN uplink ports.

Syntax display port vlan-vpn

Parameters None

Example Display the VLAN-VPN configuration of the system.

<S4200G> display port vlan-vpn VLAN-VPN TPID: 8100GigabitEthernet1/0/1VLAN-VPN status: enabledVLAN-VPN VLAN: 1 GigabitEthernet1/0/2VLAN-VPN status: enabledVLAN-VPN VLAN: 1 GigabitEthernet1/0/3VLAN-VPN status: enabledVLAN-VPN VLAN: 1 GigabitEthernet1/0/4…………………………(Omitted)


■ Any view

262 ● display protocol-priority 3Com Switch 4200G Family Command Reference

display protocol-priority

Purpose Use the display protocol-priority command to display the priority of protocol packets.

Syntax display protocol-priority

Parameters None

Example To display the priority of protocol packets, enter the following:

<S4200G> display protocol-priority


■ Any view

3Com Switch 4200G Family display qos cos-drop-precedence-map ● 263 Command Reference

display qos cos-drop-precedence-map

Purpose Use the display qos cos-drop-precedence-map command to display the "COS->Drop-precedence" mapping relationship.

Syntax display qos cos-drop-precedence-map

Parameters None

Example To display the "COS->Drop-precedence" mapping relationship, enter the following:

<S4200G> display qos cos-drop-precedence-mapcos-drop-precedence-map:

cos : 0 1 2 3 4 5 6 7-------------------------------------------------------------------drop-precedence : 2 2 1 1 1 1 0 0


■ Any view

264 ● display qos cos-dscp-map 3Com Switch 4200G Family Command Reference

display qos cos-dscp-map

Purpose Use the display qos cos-dscp-map command to display the "COS->DSCP" mapping relationship.

Syntax display qos cos-drop-precedence-map

Parameters None

Example To display the "COS->DSCP" mapping relationship, enter the following:

<S4200G> display qos cos-dscp-map:cos : 0 1 2 3 4 5 6 7

-------------------------------------------------------------------dscp : 16 0 8 24 32 40 48 56


■ Any view

3Com Switch 4200G Family display qos cos-local-precedence-map ● 265 Command Reference

display qos cos-local-precedence-map

Purpose Use the display qos cos-local-precedence-map command to view the COS–>Local-precedence map.

Syntax display qos cos-local-precedence-map

Parameters None

Example To display COS and Local-precedence map, enter the following:

<S4200G> display qos cos-local-precedence-mapcos-local-precedence-map: 802.1p & local precedence : 0 1 2 3 4 5 6 7--------------------------------------------------------------------

queue: 2 0 1 3 4 5 6 7


■ Any view

266 ● display qos dscp-cos-map 3Com Switch 4200G Family Command Reference

display qos dscp-cos-map

Purpose Use the display qos dscp-cos-map command to display the "DSCP->802.1 priority" mapping relationship.

Syntax display qos dscp-cos-map

Parameters None

Example To display the "DSCP->801.1p priority" mapping relationship, enter the following:

<S4200G> display qos dscp-cos-mapdscp-cos-map: dscp : cos ---------------------------------------------- 0 : 1 1 : 1 2 : 1 3 : 1 4 : 1 5 : 1 6 : 1 7 : 1 8 : 2 9 : 2 10 : 2 11 : 2 12 : 2 13 : 2 14 : 2 15 : 2 16 : 0 17 : 0 18 : 0 19 : 0 20 : 0 ---- More ----


■ Any view

3Com Switch 4200G Family display qos dscp-drop-precedence-map ● 267 Command Reference

display qos dscp-drop-precedence-map

Purpose Use the display qos dscp-drop-precedence-map command to display the "DSCP->Drop-precedence" mapping relationship.

Syntax display qos dscp-drop-precedence-map

Parameters None

Example Display the "DSCP->Drop-precedence" mapping relationship.

<S4200G> display qos dscp-drop-precedence-mapdscp-drop-precedence-map dscp : drop-precedence ---------------------------------------------- 0 : 1 1 : 1 2 : 1 3 : 1 4 : 1 5 : 1 6 : 1 7 : 1 8 : 1 9 : 1 10 : 1 11 : 1 12 : 1 13 : 1 14 : 1 15 : 1 16 : 1 17 : 1 18 : 1 19 : 1 20 : 1 ---- More ----


■ Any view

268 ● display qos dscp-dscp-map 3Com Switch 4200G Family Command Reference

display qos dscp-dscp-map

Purpose Use the display qos dscp-cos-map command to display the "DSCP->DSCP" mapping relationship.

Syntax display qos dscp-dscp-map

Parameters None

Example To display the "DSCP->DSCP" mapping relationship, enter the following:

<S4200G> display qos dscp-dscp-mapdscp-dscp-map dscp : dscp ---------------------------------------------- 0 : 0 1 : 1 2 : 2 3 : 3 4 : 4 5 : 5 6 : 6 7 : 7 8 : 8 9 : 9 10 : 10 11 : 11 12 : 12 13 : 13 14 : 14 15 : 15 16 : 16 17 : 17 18 : 18 19 : 19 20 : 20 ---- More ----


■ Any view

3Com Switch 4200G Family display qos dscp-local-precedence-map ● 269 Command Reference

display qos dscp-local-precedence-map

Purpose Use the display qos dscp-local-precedence-map command to display the "DSCP->Local-precedence" mapping relationship.

Syntax display qos dscp-local-precedence-map

Parameters None

Example To display the "DSCP->Local-precedence" mapping relationship, enter the following:

<S4200G> display qos dscp-local-precedence-mapdscp-local-precedence-map dscp : local-precedence(queue) ---------------------------------------------- 0 : 0 1 : 0 2 : 0 3 : 0 4 : 0 5 : 0 6 : 0 7 : 0 8 : 1 9 : 1 10 : 1 11 : 1 12 : 1 13 : 1 14 : 1 15 : 1 16 : 2 17 : 2 18 : 2 19 : 2 20 : 2 ---- More ----


■ Any view

270 ● display qos-interface all 3Com Switch 4200G Family Command Reference

display qos-interface all

Purpose Use the display qos-interface all command to display all the QoS settings of the port.

Syntax display qos-interface { interface-name | interface-type interface-num | unit-id } all

Parameters interface-name | interface-type interface-num Specifies the port of the switch. Specify this parameter

and the switch will display the parameter configurations of the specified port.

unit-id Specifies the unit ID. Specify this parameter and the switch will display the parameter configurations of the specified unit. If the unit ID parameter is specified, the QoS parameter settings of all the ports on the specified switch will be displayed.

Example To display all the QoS settings on Gigabitethernt1/0/1, enter the following:

<S4200G> display qos-interface gigabitethernet1/0/1 all

GigabitEthernet1/0/1: priority-trust port

GigabitEthernet1/0/1 Port Shaping: Disable 0 kbps, 0 burst QID: status max-rate(kbps) burst-size(byte)---------------------------------------------------- 0 : Disable 0 0 1 : Disable 0 0 2 : Disable 0 0 3 : Disable 0 0 4 : Disable 0 0 5 : Disable 0 0 6 : Disable 0 0 7 : Disable 0 0


■ Any view

Description The switch displays the following information according to its configurations:

■ Traffic policing configurations

■ Priority remark configurations

■ Redirect configurations

■ Traffic statistics configurations

3Com Switch 4200G Family display qos-interface all ● 271 Command Reference

■ Traffic mirroring configurations

■ Precedence mapping configurations

■ Traffic shaping configurations

■ VLAN tag remark configurations

Related Commands ■ port

■ traffic-limit

272 ● display qos-interface priority-trust 3Com Switch 4200G Family Command Reference

display qos-interface priority-trust

Purpose Use the display qos-interface priority-trust command to display the precedence mapping mode of the switch.

Syntax display qos-interface { interface-type interface-num | unit-id } priority-trust

Parameters interface-type interface-num Specifies the port of the switch. Input this parameter


unit-id Specifies the unit ID. Input this parameter and the switch will display the parameter configurations of the specified unit.

Example To display the precedence mapping mode configuration on Gigabitethernt1/0/1, enter the following:

<S4200G> display qos-interface gigabitethernet 1/0/1 priority-trustGigabitEthernet1/0/1: priority-trust port


■ Any view

Description This command displays the name and priority-trust mode of the port.

Related Command priority trust

3Com Switch 4200G Family display qos-interface traffic-limit ● 273 Command Reference

display qos-interface traffic-limit

Purpose Use the display qos-interface traffic-limit command to view the traffic limit settings.

Syntax display qos-interface { interface-name | interface-type interface-num | unit-id } traffic-limit

Parameters interface-name | interface-type interface-num Specifies the port of the switch. Input this parameter



Example To display the parameter configurations of traffic policing on Gigabitethernt1/0/1, enter the following:

<S4200G> display qos-interface gigabitethernet1/0/1 traffic-limitGigabitEthernet1/0/1: traffic-limit Inbound: Matches: Acl 2000 rule 0 running Target rate: 1 Kbps


■ Any view

Description Use this command to display:

■ The name of the port and the name of the traffic policing action

■ The application direction of the function on the port

■ Referenced ACL

■ Committed average rate

■ Settings for related policing actions

■ The running state of traffic policing statistics


274 ● display qos-interface traffic-shape 3Com Switch 4200G Family Command Reference

display qos-interface traffic-shape

Purpose Use the display qos-interface traffic-shape command to view the parameter configurations of traffic shaping on the port.

Syntax display qos-interface { interface-type interface-num | unit-id } traffic-shape

Parameters interface-type interface-num Specifies the port of the switch. Input this parameter



Example To display the parameter configurations of traffic limit on the port, enter the following:

<S4200G> display qos-interface gigabitethernet1/0/1 traffic-shape

GigabitEthernet1/0/1 Port Shaping: Enable 20 kbps, 4 burst QID: status max-rate(kbps) burst-size(byte)---------------------------------------------------- 0 : Disable 0 0 1 : Disable 0 0 2 : Disable 0 0 3 : Disable 0 0 4 : Disable 0 0 5 : Disable 0 0 6 : Disable 0 0 7 : Disable 0 0


■ Any view


■ Whether traffic shaping is enabled

■ Parameter configurations of the port-based traffic shaping: maximum traffic rate and burst size (in kbyte)

■ Parameter configurations of the queue-based traffic shaping: queue ID, status, maximum rate and burst size

Related Command traffic shape

3Com Switch 4200G Family display qos-interface traffic-statistic ● 275 Command Reference

display qos-interface traffic-statistic

Purpose Use the display qos-interface traffic-statistic command to view the traffic statistics.

Syntax display qos-interface { interface-name |interface-type interface-num | unit-id } traffic-statistic

Parameters interface-name | interface-type interface-num Specifies the port of the switch. Input this parameter



Example To display the traffic statistics, enter the following:

<S4200G> display qos-interface gigabitethernet1/0/1 traffic-statisticGigabitEthernet1/0/1: traffic-statistic Inbound: Matches: Acl 2000 rule 0 running 0 packet


■ Any view


■ The name of the port and the name of the traffic statistics

■ The application direction of the function on the port

■ Referenced ACL

■ The number of packets matching with the ACL rules


■ traffic-statistic

276 ● display qos-profile 3Com Switch 4200G Family Command Reference

display qos-profile

Purpose Use the display qos-profile command to view the configurations of the QoS profile.

Syntax display qos-profile { all | name profile-name | interface { interface-name | interface-type interface-num } | user user-name }

Parameters all Displays all QoS profiles.

name profile-name Displays the QoS profile with the specified name. The name is a string in the range of 1 to 32 characters and it cannot be reserved key words, such as all, interface, user, undo, user-based, port-based and so on.

interface { interface-name | interface-type interface-num } Displays QoS profiles applied on the specified port.

user user-name Displays QoS profiles corresponding to the specified user.user-name is the user name in the range of 1 to 80 characters.

Example To display the configurations of all the QoS profiles, enter the following:

<S4200G> display qos-profile allqos-profile: test, 2 actions packet-filter inbound ip-group 2000 rule 0 traffic-limit inbound ip-group 2000 rule 0 1


■ Any view


■ The name of the QoS profile and the number of configured actions

■ The definition of each action

3Com Switch 4200G Family display queue-scheduler ● 277 Command Reference

display queue-scheduler

Purpose Use the display queue-scheduler command to view queue scheduling mode and corresponding parameters.

Syntax display queue-scheduler

Parameters None

Default The default is Weighted Round Robin.

Example To display the queue-scheduling mode and the related parameters, enter the following:

<S4200G> display queue-schedulerQID: scheduling-group weight----------------------------------- 0 : sp 0 1 : sp 0 2 : sp 0 3 : sp 0 4 : sp 0 5 : sp 0 6 : sp 0 7 : sp 0


■ Any view


■ Queue ID

■ The scheduling group of the queue

■ The weight of the queue

Related Command queue-scheduler

278 ● display radius 3Com Switch 4200G Family Command Reference

display radius

Purpose Use the display radius command to view the configuration information about all RADIUS schemes or a specified scheme.

Syntax display radius [ radius-scheme-name ]

Parameters radius-scheme-name Specifies the RADIUS scheme name with a character string up to 32 characters in length. If not specified, all RADIUS schemes are displayed by default.

Example To display the configuration information about all RADIUS schemes, enter the following:

<S4200G> display radius------------------------------------------------------------------SchemeName =system Index=0 Type=3ComPrimary Auth IP =127.0.0.1 Port=1645Primary Acct IP =127.0.0.1 Port=1646Second Auth IP =0.0.0.0 Port=1812Second Acct IP =0.0.0.0 Port=1813Auth Server Encryption Key= 3ComAcct Server Encryption Key= 3ComAccounting method = requiredAccounting-On packet enable, send times = 15 , interval = 3sTimeOutValue(in second)=3 RetryTimes=3 RealtimeACCT(in minute)=12Permitted send realtime PKT failed counts =5Retry sending times of noresponse acct-stop-PKT =500Quiet-interval(min) =5Username format =without-domainData flow unit =BytePacket unit =1unit 1 :Primary Auth State=active, Second Auth State=blockPrimary Acc State=active, Second Acc State=block

------------------------------------------------------------------Total 1 RADIUS scheme(s). 1 listed

Table 63 Description on the fields of the display radius command

Field Description

SchemeName Name of the RADIUS scheme

Index Index number of the RADIUS scheme

Type Type of the RADIUS servers

Primary Auth IP/ Port IP address/access port number of the primary authentication server

Primary Acct IP/ Port IP address/access port number of the primary accounting server

Second Auth IP/ Port IP address/access port number of the secondary authentication server

Second Acct IP/ Port IP address/access port number of the secondary accounting server

3Com Switch 4200G Family display radius ● 279 Command Reference


■ Any view

Related Command radius-scheme

Auth Server Encryption Key Shared key of the authentication servers

Acct Server Encryption Key Shared key of the accounting servers

Accounting method Accounting method

Accounting-On packet enable, send times = 15 , interval = 3s

The system sends up to 15 Accounting-on packets at intervals of 3 seconds after restarting.

TimeOutValue (seconds) RADIUS server response timeout time

RetryTimes Maximum number of transmission attempts

RealtimeACCT(in minute) Real-time accounting interval in minutes

Permitted send realtime PKT failed counts

Maximum allowed number of continuous no-response real-time accounting requests

Retry sending times of nonresponse acct-stop-PKT

Maximum number of transmission attempts of the buffered stop-accounting requests

Quiet-interval(min) Wait time for the primary servers to restore the active state

Username format User name format

Data flow unit Unit of measure for data in data flows

Packet unit Unit of measure for packets

Primary Auth State Status of the primary authentication server

Second Auth State Status of the secondary authentication server

Primary Acc State Status of the primary accounting server

Second Acc State Status of the secondary accounting server

Table 63 Description on the fields of the display radius command (continued)

Field Description

280 ● display radius statistics 3Com Switch 4200G Family Command Reference

display radius statistics

Purpose Use the display radius statistics command to view the statistics information about RADIUS packet.

Syntax display radius statistics

Parameters None

Example To display the statistics about RADIUS packets, enter the following:

<S4200G> display radius statisticsstate statistic(total=1048): DEAD=1048 AuthProc=0 AuthSucc=0AcctStart=0 RLTSend=0 RLTWait=0 AcctStop=0 OnLine=0 Stop=0 StateErr=0

Received and Sent packets statistic:Unit 1........................................Sent PKT total :0 Received PKT total:0RADIUS received packets statistic:Code= 2,Num=0 ,Err=0Code= 3,Num=0 ,Err=0Code= 5,Num=0 ,Err=0Code=11,Num=0 ,Err=0

Running statistic:RADIUS received messages statistic:Normal auth request , Num=0 , Err=0 , Succ=0EAP auth request , Num=0 , Err=0 , Succ=0Account request , Num=0 , Err=0 , Succ=0Account off request , Num=0 , Err=0 , Succ=0PKT auth timeout , Num=0 , Err=0 , Succ=0PKT acct_timeout , Num=0 , Err=0 , Succ=0Realtime Account timer , Num=0 , Err=0 , Succ=0PKT response , Num=0 , Err=0 , Succ=0EAP reauth_request , Num=0 , Err=0 , Succ=0PORTAL access , Num=0 , Err=0 , Succ=0Update ack , Num=0 , Err=0 , Succ=0PORTAL access ack , Num=0 , Err=0 , Succ=0Session ctrl pkt , Num=0 , Err=0 , Succ=0Set policy result , Num=0 , Err=0 , Succ=0RADIUS sent messages statistic:Auth accept , Num=0Auth reject , Num=0EAP auth replying , Num=0Account success , Num=0Account failure , Num=0Cut req , Num=0Set policy result , Num=0RecError_MSG_sum:0 SndMSG_Fail_sum :0Timer_Err :0 Alloc_Mem_Err :0State Mismatch :0 Other_Error :0

3Com Switch 4200G Family display radius statistics ● 281 Command Reference

No-response-acct-stop packet =0Discarded No-response-acct-stop packet for buffer overflow =00


■ Any view


282 ● display rmon alarm 3Com Switch 4200G Family Command Reference

display rmon alarm

Purpose Use the display rmon alarm command to display the configuration of a specified alarm entry or all the alarm entries.

Syntax display rmon alarm [ entry-number ]

Parameters alarm-table-entry Alarm entry index, in the range of 1 to 65535. If you do not specify this argument, the configuration of all alarm entries is displayed.

Example Display the configuration of all the alarm entries.

<S4200G> display rmon alarmAlarm table 1 owned by user1 is Valid. Samples type : absolute Variable formula : 1.3.6.1.2.1.2.2.1.10.4228009<ifInOctets.4228009> Sampling interval : 6(sec) Rising threshold : 10000(linked with event 1) Falling threshold : 2000(linked with event 1) When startup enables : risingOrFallingAlarm Latest value : 0


■ Any view

Related Command rmon alarm

Table 64 Description on the fields of the display rmon alarm command

Field Description

Samples type Indicates the type of a sample. This field can be delta, which indicates the sample is an increment, or absolute, which indicates the sample is an absolute value.

When startup enables Indicates the condition to trigger the alarm.

3Com Switch 4200G Family display rmon event ● 283 Command Reference

display rmon event

Purpose Use the display rmon event command to display the configuration of a specified event entry or all the event entries.

Syntax display rmon event [ event-entry ]

Parameters event-entry Event entry index, in the range of 1 to 65535. If you do not specify this argument, the configuration of all the event entries is displayed.

Example Display the configuration of all the event entries.

<S4200G> display rmon eventEvent table 1 owned by user1 is VALID. Description: null. Will cause log-trap when triggered, last triggered at 0days 00h:02m:27s.


■ Any view

Description The displayed information includes: event entry index, event entry owner, event description, the action triggered by the event (log or alarm messages), and the time (in seconds) when the latest event is triggered (in terms of the time elapsed since the system is started/initialized).

Related Command rmon event

Table 65 Output information of the display rmon event command

Field Description

Event table 1 Event entry with index 1

VALID The state of the entry is valid

cause log-trap when triggered Logging and trapping triggered by events

Description Event description

last triggered at 0days 00h:02m:27s Time when the last event is triggered

284 ● display rmon eventlog 3Com Switch 4200G Family Command Reference

display rmon eventlog

Purpose Use the display rmon eventlog command to display the log of a specified event entry or all the event entries.

Syntax display rmon eventlog [ event-entry ]

Parameters event-entry Event entry index, in the range of 1 to 65535. If you do not specify this argument, the log of all the event entries is displayed.

Example Display the log generated by the event entry numbered 1.

<S4200G> display rmon eventlog 1Event table 1 owned by user1 is VALID.Generates eventLog 1.1 at 0days 00h:01m:39s.Description: The 1.3.6.1.2.1.16.1.1.1.4.1 defined in alarm table 1,less than(or =) 100 with alarm value 0. Alarm sample type is absolute.Generates eventLog 1.2 at 0days 00h:02m:27s.Description: The alarm formula defined in private alarm table 1,less than(or =) 100 with alarm value 0. Alarm sample type is absolute.


■ Any view

Description The displayed information includes: the indexes and status of the event entries in the event table, the time (in seconds) when an event log is generated (in terms of the time elapsed since the system is started or initialized), and the event description.

3Com Switch 4200G Family display rmon history ● 285 Command Reference

display rmon history

Purpose Use the display rmon history command to display the RMON history information about a specified port. The information about the latest sample, including utilization, the number of errors, the total number of packets and so on, is also displayed.

Syntax display rmon history [ interface-type interface-number | unit unit-number ]

Parameters interface-type Interface type, refers to GigabitEthernet here.

interface-number Interface number

unit unit-number Specifies a unit number.

Example Display the RMON history information about GigabitEthernet1/0/1.

<S4200G> display rmon history GigabitEthernet 1/0/1History control entry 1 owned by user1 is VALID Samples interface : GigabitEthernet1/0/1<ifIndex.4227817> Sampling interval : 5(sec) with 10 buckets max Latest sampled values : dropevents : 0 , octets : 0 packets : 0 , broadcast packets : 0 multicast packets : 0 , CRC alignment errors : 0 undersize packets : 0 , oversize packets : 0 fragments : 0 , jabbers : 0 collisions : 0 , utilization : 0


■ Any view

Related Command rmon history

286 ● display rmon prialarm 3Com Switch 4200G Family Command Reference

display rmon prialarm

Purpose Use the display rmon prialarm command to display the configuration of a specified extended alarm entry or all the extended alarm entries.

Syntax display rmon prialarm [ prialarm-entry-number]

Parameters prialarm-entry-number Extended alarm entry Index, in the range of 1 to 65535. If you do not specify this argument, the configuration of all the extended alarm entries is displayed.

Example Display the configuration of all the extended RMON alarm entries.

<S4200G> display rmon prialarmPrialarm table 1 owned by user1 is VALID. Samples type : absolute Variable formula : .1.3.6.1.2.1.16.1.1.1.4.1 Description : Sampling interval : 10(sec) Rising threshold : 10000(linked with event 1) Falling threshold : 2000(linked with event 1) When startup enables : risingOrFallingAlarm This entry will exist : forever. Latest value : 0


■ Any view

Related Command rmon prialarm

3Com Switch 4200G Family display rmon statistics ● 287 Command Reference

display rmon statistics

Purpose Use the display rmon statistics command to display the RMON statistics of a specified port.

Syntax display rmon statistics [ interface-type interface-number | unit unit-number ]

Parameters interface-type Interface type.

interface-number Interface number.

unit unit-number Specifies a unit number.

Example Display the RMON statistics information about GigabitEthernet1/0/1

<S4200G> display rmon statistics GigabitEthernet 1/0/1Statistics entry 1 owned by user1-rmon is VALID. Interface : GigabitEthernet1/0/1<ifIndex.4227817> etherStatsOctets : 0 , etherStatsPkts : 0 etherStatsBroadcastPkts : 0 , etherStatsMulticastPkts : 0 etherStatsUndersizePkts : 0 , etherStatsOversizePkts : 0 etherStatsFragments : 0 , etherStatsJabbers : 0 etherStatsCRCAlignErrors : 0 , etherStatsCollisions : 0 etherStatsDropEvents (insufficient resources): 0 Packets received according to length: 64 : 0 , 65-127 : 0 , 128-255 : 0 256-511: 0 , 512-1023: 0 , 1024-1518: 0


■ Any view

Description The displayed information include the number of the following items: collisions, packets with CRC errors, undersize or oversize packets, broadcast packets, multicast packets, received bytes, and received packets.

Related Command rmon statistics

288 ● display rsa local-key-pair public 3Com Switch 4200G Family Command Reference

display rsa local-key-pair public

Purpose Use the display rsa local-key-pair public command to display the public key of the server host key pair. If no key pair is generated, the system prompts “%RSA keys not found”.

Syntax display rsa local-key-pair public

Parameters None

Example Display the public key of the server host key pair:

<S4200G> display rsa local-key-pair public=====================================================Time of Key pair created: 02:15:56 2000/04/02Key name: S4200G_HostKey type: RSA encryption Key=====================================================Key code:3047 0240 C968B224 D3DD880B 65758B4F AD281531 8BC8A91548D30D34 F29B9BE3 4F35DFD6 C8AB3135 0727590B 80700BA1 6D62CF05 DF9960A4 59466486 E0A36F95 A76B28C7 0203 010001

Host public key for PEM format code:---- BEGIN SSH2 PUBLIC KEY ---- AAAAB3NzaC1yc2EAAAADAQABAAAAhADX9/Nk0pXI2n9A58Yt9+IGbssAdzN28FGktfHKrzw6MU8a57DYhETGhFmaVrqVG9COBn3Kk0RI2GsUUuI/ujN6tM1lzf0h/eZsCaZfB6BnaTHH9X1A/Qc+WCa5jmWyB5u3V1CpTUWVd8smXZg8wHuOsd4DK6zcp48Hl1KgSYCK69A87Q==---- END SSH2 PUBLIC KEY ----

Public key code for pasting into OpenSSH authorized_keys file:ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAAhADX9/Nk0pXI2n9A58Yt9+IGbssAdzN28FGktfHKrzw6MU8a57DYhETGhFmaVrqVG9COBn3Kk0RI2GsUUuI/ujN6tM1lzf0h/eZsCaZfB6BnaTHH9X1A/Qc+WCa5 jmWyB5u3V1CpTUWVd8smXZg8wHuOsd4DK6zcp48Hl1KgSYCK69A87Q== rsa-key


■ Any view

Related Command rsa local-key-pair create

3Com Switch 4200G Family display rsa peer-public-key ● 289 Command Reference

display rsa peer-public-key

Purpose Use the display rsa peer-public-key command to display the client public key of the specified RSA key pair. If no key name is specified, the command displays all public keys of the client

Syntax display rsa peer-public-key [ brief | name keyname ]

Parameters brief Displays brief information about all public keys on the client.

keyname Name of the client public key, consisting of a string 1 to 64 characters long.

Example Display all public keys on the client.

<S4200G> display rsa peer-public-key briefAddress Bits Name--------------------------- 1023 abcd 1024 hq

Display the public key of the client key pair abcd.

<S4200G> display rsa peer-public-key name abcd===================================== Key name: abcd Key address:=====================================Key Code:308186 028180 739A291A BDA704F5 D93DC8FD F84C4274 631991C1 64B0DF17 8C55FA83 3591C7D4 7D5381D0 9CE82913 D7EDF9C0 8511D83C A4ED2B30 B809808E B0D1F52D 045DE408 61B74A0E 135523CC D74CAC61 F8E58C45 2B2F3F2D A0DCC48E 3306367F E187BDD9 44018B3B 69F3CBB0 A573202C 16BB2FC1 ACF3EC8F 828D55A3 6F1CDDC4 BB45504F 0201 25


■ Any view

290 ● display saved-configuration 3Com Switch 4200G Family Command Reference

display saved-configuration

Purpose Use the display saved-configuration command to display the content of the main configuration file in the flash memory of a switch.

Syntax display saved-configuration [ unit unit-id ] [ by-linenum ]

Parameters unit unit-id Specifies the unit ID of a switch.

by-linenum Displays the number of each line.

Example Display the content of the main configuration file in the Flash.

<S4200G> display current-configuration# sysname S4200G # radius scheme system # domain system # vlan 1 # vlan 2 # interface Vlan-interface2 # interface Aux1/0/0 # interface Ethernet1/0/1 # interface Ethernet1/0/2 # interface Ethernet1/0/3 # interface Ethernet1/0/4 # interface Ethernet1/0/5 # interface Ethernet1/0/6 # interface Ethernet1/0/7 # interface Ethernet1/0/8 # interface Ethernet1/0/9 # interface Ethernet1/0/10 # interface Ethernet1/0/11 # interface Ethernet1/0/12 # interface Ethernet1/0/13

3Com Switch 4200G Family display saved-configuration ● 291 Command Reference

# interface Ethernet1/0/14 # interface Ethernet1/0/15 # interface Ethernet1/0/16 # interface Ethernet1/0/17 # interface Ethernet1/0/18 # interface Ethernet1/0/19 # interface Ethernet1/0/20 # interface Ethernet1/0/21 # interface Ethernet1/0/22 # interface Ethernet1/0/23 # interface Ethernet1/0/24 # interface GigabitEthernet1/1/1 # interface GigabitEthernet1/2/1 # interface NULL0 # management-vlan 2 # user-interface aux 0 7 user-interface vty 0 4 # return

The configurations above are listed in the following order: global, port configuration, and user interface configurations.


■ Any view

Description If an Ethernet switch does not work normally after it is powered on, you can use the display saved-configuration command to view the startup configurations of the switch.

292 ● display schedule reboot 3Com Switch 4200G Family Command Reference

display schedule reboot

Purpose Use the display schedule reboot command to display information about scheduled reboot.

Syntax display schedule reboot

Parameters None

Example Display the information about scheduled reboot.

<S4200G> display schedule rebootSystem will reboot at 16:00:00 2002/11/1 (in 2 hours and 5 minutes).


■ Any view

Related Command ■ reboot

■ schedule reboot at

3Com Switch 4200G Family display snmp-agent ● 293 Command Reference

display snmp-agent

Purpose Use the display snmp-agent command to view engine ID of the local or remote SNMP entity.

Syntax display snmp-agent { local-engineid | remote-engineid }

Parameters local-engineid Engine ID of a local SNMP entity.

remote-engineid Engine ID of a remote SNMP entity.

Example Display the engine ID of a local device.

<S4200G>display snmp-agent local-engineidSNMP Local EngineID: 800007DB00E0FC0031006877

SNMP local EngineID in the above information represents the engine ID of the local SNMP entity.


■ Any view

Description The SNMP engine is a unique identifier of an SNMP entity in the SNMP domain. It performs the function of sending, receiving and authenticating SNMP messages, extracting PDUs, packet encapsulations, and communication with SNMP applications.

294 ● display snmp-agent community 3Com Switch 4200G Family Command Reference

display snmp-agent community

Purpose Use the display snmp-agent community command to view the information about the currently configured community names for SNMPv1 or SNMPv2c.

display snmp-agent community [ read | write ]

Parameters read Displays read-only community information.

write Displays read-write community information.

Example Display the currently configured community names.

<S4200G>display snmp-agent communitycommunity name:publicgroup name:publicstorage-type: nonVolatile

community name:privategroup name:privatestorage-type: nonVolatile

The following table describes the output fields


■ Any view

Table 66 Description on the fields of the display snmp-agent community command

Field Description

community name community name

Group name Group name

storage-type Storage type, including volatile, nonVolatile, permanent, readOnly and other.

3Com Switch 4200G Family display snmp-agent group ● 295 Command Reference

display snmp-agent group

Purpose Use the display snmp-agent group command to view group name, security model, state of various views and storage models.

Syntax display snmp-agent group [ group-name ]

Parameters groupname Group name. Valid values are 1 to 32 bytes.

Example Display SNMP group name and security model.

<S4200G>display snmp-agent groupGroup name: v3r2 Security model: v3 noAuthnoPriv Readview: ViewDefault Writeview: <no specified> Notifyview :<no specified> Storage-type: nonvolatile

The following table describes the output fields.


■ Any view

Table 67 Output description of the display snmp-agent group command

Field Description

groupname SNMP Group name of the user

Security model Security model of that group, including authorization and encryption, authorization and no encryption, no authorization and no encryption.

readview Read-only MIB view name corresponding to that group

writeview Writable MIB view corresponding to that group

notifyview The name of the notify MIB view corresponding to that group

storage-type Storage type, including volatile, nonVolatile, permanent, readOnly and other.

296 ● display snmp-agent mib-view 3Com Switch 4200G Family Command Reference

display snmp-agent mib-view

Purpose The display snmp-agent mib-view command is used to view the MIB view configuration information of the current Ethernet switch.

Syntax display snmp-agent mib-view [ exclude | include | viewname view-name]

Parameters exclude Displays the SNMP mib view excluded.

include Displays the SNMP mib view included.

viewname Displays the SNMP mib view according to the view name.

view-name Specifies the mib view name.

Example Display the information about the currently configured MIB view.

<S4200G>display snmp-agent mib-viewView name:ViewDefault MIB Subtree:internet Subtree mask: Storage-type: nonVolatile View Type:included View status:active

View name:ViewDefault MIB Subtree:snmpUsmMIB Subtree mask: Storage-type: nonVolatile View Type:excluded View status:active

View name:ViewDefault MIB Subtree:snmpVacmMIB Subtree mask: Storage-type: nonVolatile View Type:excluded View status:active

View name:ViewDefault MIB Subtree:snmpModules.18 Subtree mask: Storage-type: nonVolatile View Type:excluded View status:active

3Com Switch 4200G Family display snmp-agent mib-view ● 297 Command Reference



■ Any view

Description The display snmp-agent mib-view command is used to view the MIB view configuration information of the Switch.

If the SNMP Agent is disabled, "SNMP Agent disabled" will be displayed after you execute the above display commands.

Table 68 Output description of the display snmp-agent group command

Field Description

View name View name

MIB Subtree MIB Subtree

Storage-type Storage type

ViewType: included/excluded Permit or forbid access to an MIB object

View status Indicate the line state in the table

298 ● display snmp-agent statistics 3Com Switch 4200G Family Command Reference

display snmp-agent statistics

Purpose Use the display snmp-agent statistics command to view the statistics information about SNMP packets.

Syntax display snmp-agent statistics

Parameters None

Example Display the statistics information about SNMP packets.

<S4200G> display snmp-agent statistics 1276 Messages delivered to the SNMP entity 0 Messages which were for an unsupported version 0 Messages which used a SNMP community name not known 0 Messages which represented an illegal operation for the community supplied 0 ASN.1 or BER errors in the process of decoding 1291 Messages passed from the SNMP entity 0 SNMP PDUs which had badValue error-status 0 SNMP PDUs which had genErr error-status 7 SNMP PDUs which had noSuchName error-status 0 SNMP PDUs which had tooBig error-status (Maximum packet size 1500) 3669 MIB objects retrieved successfully 26 MIB objects altered successfully 420 GetRequest-PDU accepted and processed 832 GetNextRequest-PDU accepted and processed 0 GetBulkRequest-PDU accepted and processed 1276 GetResponse-PDU accepted and processed 24 SetRequest-PDU accepted and processed 15 Trap PDUs accepted and processed 0 Alternate Response Class PDUs droped silently 0 Forwarded Confirmed Class PDUs droped silently


Table 69 Output description of the display snmp-agent statistics command

Field Description

0 Messages delivered to the SNMP entity Total number of the input SNMP packets

0 Messages which were for an unsupported version

Number of packets with version information error

0 Messages which used a SNMP community name not known

Number of packets with community name error

0 Messages which represented an illegal operation for the community supplied

Number of packets with authority error corresponding to the community name

0 ASN.1 or BER errors in the process of decoding

Number of SNMP packets with encoding error

0 Messages passed from the SNMP entity

Total number of the output SNMP packets

0 SNMP PDUs which had a badValue error

Number of SNMP packets with Bad_values error

3Com Switch 4200G Family display snmp-agent statistics ● 299 Command Reference


■ Any view

Description This command provides a counter for SNMP operations.

0 SNMP PDUs which had a general error Number of SNMP packets with General_errors

0 SNMP PDUs which had a noSuchName error

Number of the packets requesting nonexistent MIB objects

0 SNMP PDUs which had a tooBig error (Maximum packet size 1500)

Number SNMP packet with too_big error

0 MIB objects retrieved successfully Number of variables requested by NMS

0 MIB objects altered successfully The number of variables set by NMS

0 Get-request PDUs accepted and processed

Number of the received packets requested by get

0 Get-next request PDUs accepted and processed

Number of the received packets requested by get-next

0 GetBulkRequest-PDU accepted and processed

Number of PDUs requested by GetBulk.

0 GetResponse-PDU accepted and processed

Number of PDUs requested by GetResponse.

0 Set-request PDUs accepted and processed

Number of the received packets requested by set

3 Trap PDUs accepted and processed Number of the sent Trap packets

0 Alternate Response Class PDUs droped silently

Number of dropped PDUs.

0 Forwarded Confirmed Class PDUs droped silently

Number of dropped forwarded PDUs.

Table 69 Output description of the display snmp-agent statistics command

Field Description

300 ● display snmp-agent sys-info 3Com Switch 4200G Family Command Reference

display snmp-agent sys-info

Purpose Use the display snmp-agent sys-info command to view the system information of SNMP configuration.

Syntax display snmp-agent sys-info [ contact | location | version ]*

Parameters contact Displays the contact information of the current device.

location Displays the physical location of the current device.

version Displays the version information about the SNMP running in the system.

Example Display the system information about the SNMP device.

<S4200G> display snmp-agent sys-info The contact person for this managed node: R&D 3Com CorporationThe physical location of this node: Beijing ChinaSNMP version running in the system: SNMPv1 SNMPv2c SNMPv3

This command can be used in the following views:

■ Any view

Description The information includes the character string sysContact (system contact), the character string describing the system location, the version information about the running SNMP in the system.

3Com Switch 4200G Family display snmp-agent trap-list ● 301 Command Reference

display snmp-agent trap-list

Purpose Use the display snmp-agent trap-list command to display trap list information.

Syntax display snmp-agent trap-list

Parameters None

Example Display trap list information.

<S4200G> display snmp-agent trap-list configuration trap enable flash trap enable standard trap enable system trap enable

Enable traps :4; Disable traps 0


■ Any view

Related Command snmp-agent trap enable

302 ● display snmp-agent usm-user 3Com Switch 4200G Family Command Reference

display snmp-agent usm-user

Purpose Use the display snmp-agent usm-user command to view SNMP user information.

Syntax display snmp-agent usm-user [ engineid engineid | group groupname | username username ]

Parameters engineid Displays the SNMPv3 user information of the specified engine ID, which ranges from 10 to 64 hexadecimal numerals.

username Displays information about the specified SNMPv3 user, which ranges from 1 to 32 bytes.

groupname Displays information about users in the specified group name, which ranges from 1 to 32 bytes.

Example Display all user information.

<S4200G>display snmp-agent usm-userUser name: usm-user Group name: usm-group Engine ID: 800007DB00E0FC0031006877 Storage-type: nonVolatile UserStatus: active


■ Any view

Table 70 Description on the fields of the display snmp-agent usm-user command

Field Description

User name SNMP user name

Group name The group name which the SNMP user name belongs to

Engine ID The character string identifying the SNMP device

Storage type Storage type, including volatile, nonVolatile, permanent, readOnly and other.

userStatus SNMP user status

3Com Switch 4200G Family display ssh server ● 303 Command Reference

display ssh server

Purpose Use the display ssh server command to display the status or session information about the SSH server

Syntax display ssh server { status | session }

Parameters status Displays SSH status information.

session Displays SSH session information.

Example Display the status information about the SSH server.

<S4200G> display ssh server statusSSH version : 1.99 SSH connection timeout : 60 seconds SSH Authentication retries : 3 times SFTP Server: Enable

Display the session information about the SSH server.

<S4200G> display ssh server session Conn Ver Encry State Retry Username VTY 0 2.0 AES started 0 1


■ Any view

Related Commands ■ ssh server authentication-retries

■ ssh server timeout

304 ● display ssh server-info 3Com Switch 4200G Family Command Reference

display ssh server-info

Purpose Use the display ssh server-info command to display the association between the server public keys configured on the client and the servers.

Syntax display ssh server-info

Parameters None

Example Display the association between the server public keys and the servers.

<S4200G> display ssh server-infoServer Name(IP) Server public key name______________________________________________________192.168.0.1 abc_key01192.168.0.2 abc_key02


■ Any view

3Com Switch 4200G Family display ssh user-information ● 305 Command Reference

display ssh user-information

Purpose Use the display ssh user-information command to display information about the current SSH users, including user name, authentication mode, key name and authorized service types. If the username is specified, the command displays information about the specified user.

Syntax display ssh user-information [ username ]

Parameters username SSH user name, consisting of a string 1 to 80 characters long.

Example Display information about the current user.

<S4200G> display ssh user-informationUsername Authentication-type User-public-key-name Service-type kj rsa null stelnet|sftp


■ Any view

Related Commands ■ ssh user assign rsa-key

■ ssh user service-type

■ ssh user authentication-type

306 ● display startup 3Com Switch 4200G Family Command Reference

display startup

Purpose Use the display startup command to display the startup configuration of a switch, including the name of the current startup configuration file, the names of the main startup configuration file, and backup startup configuration file to be used when the switch starts the next time, and so on.

Syntax display startup [ unit unit-id ]

Parameters unit unit-id Unit ID of a switch.

Example Display the startup configuration of unit 1.

<S4300G> display startup unit 1MainBoard: Current Startup saved-configuration file: NULL Next main startup saved-configuration file: flash:/123.cfg Next backup startup saved-configuration file: flash:/back.cfg Bootrom-access enable state: enabled


■ Any view

Related Command startup saved-configuration

3Com Switch 4200G Family display stop-accounting-buffer ● 307 Command Reference

display stop-accounting-buffer

Purpose Use the display stop-accounting-buffer command to view the no-response stop-accounting request packets buffered in the device.

Syntax display stop-accounting-buffer { radius-scheme radius-scheme-name | session-id session-id | time-range start-time stop-time | user-name user-name }

Parameters radius-scheme radius-scheme-name Displays the buffered stop-accounting requests of the

specified RADIUS scheme. radius-scheme-name is a character up to 32 characters in length.

session-id session-id Displays the buffered stop-accounting requests of the specified session ID. session-id is a character string up to 50 characters in length.

time-range start-time stop-time Displays the buffered stop-accounting requests in the

specified time range.

■ start-time specifies the beginning time of the request time range.

■ stop-time specifies the end time of the saving time range.

The time is expressed in the format hh:mm:ss-yyyy/mm/dd or hh:mm:ss-yyyy/mm/dd.

user-name user-name Displays the buffered stop-accounting requests for the specified username. user-name specifies the username, a character string up to 32 characters in length. This string cannot contain the following characters:

■ /

■ *

■ <

■ >

The @ character can only be used once in one username. The pure username (the part before @, namely the user ID) cannot exceed 24 characters.

Example To Display the buffered stop-accounting requests from 0:0:0 08/31/2002 to 23:59:59 08/31/2002, enter the following:

308 ● display stop-accounting-buffer 3Com Switch 4200G Family Command Reference

<S4200G> display stop-accounting-buffer time-range 0:0:0-08/31/2002 23:59:59-08/31/2002Total find 0 record


■ Any views

Description You can choose to display the buffered stop-accounting packets of a specified RADIUS scheme, session ID, or user name. You can also specify a time range to display those which are sent within the specified time range. The displayed packet information helps you to diagnose and resolve problems relevant to RADIUS.

When the switch sends out a stop-accounting packet but gets no response from the RADIUS server, it first buffers the packet and then retransmits it until the maximum number of retransmission attempts (set by the retry stop-accounting command) is reached.

Related Command ■ reset stop-accounting-buffer

■ stop-accounting-buffer enable

■ retry stop-accounting

3Com Switch 4200G Family display stp ● 309 Command Reference

display stp

Purpose Use the display stp command to display the state and statistical information about one or all spanning trees.

Syntax display stp [ instance instance-id ] [ interface interface-list | slot slot-number ] [ brief ]

Parameters instance-id ID of the spanning tree instance. Valid values are 0 to 16. A value of 0 specifies the common and internal spanning tree (CIST).

interface-list Specifies the Ethernet port list. You can specify multiple ports by providing this argument in the form:

interface-list = { interface-name [ to interface-name] & < 1-10 >.

The interface-name is the port index of a port and can be specified in this form:


■ interface-type specifies the type of a port

■ interface-num identifies the port number.

Note that the interface name after the keyword to must have an interface-num that is greater than or equal to that of the interface-name before to.

■ &<1-10>means that up to 10 port indexes/port index lists can be provided.

slot slot-number Specifies the slot number whose spanning tree protocol (STP) information is to be displayed.

brief Displays only port status and protection measures taken for the ports.

Example To display the state and statistical information about a spanning tree, enter the following:

<S4200G> display stp instance 0 interface GigabitEthernet 1/0/1 to GigabitEthernet 1/0/4 brief MSTID Port Role STP State Protection 0 GigabitEthernet1/0/1 ALTE DISCARDING LOOP 0 GigabitEthernet1/0/2 DESI FORWARDING NONE 0 GigabitEthernet1/0/3 DESI FORWARDING NONE 0 GigabitEthernet1/0/4 DESI FORWARDING NONE

310 ● display stp 3Com Switch 4200G Family Command Reference


■ Any view

Description The state and statistical information about MSTP can be used to analyze and maintain the topology of a network. It also can be used to make MSTP operating properly.

■ If neither spanning tree instance nor port list is specified, the command displays spanning tree information about all spanning tree instances on all ports in order of port number.

■ If only a spanning tree instance is specified, the command displays information about the specified spanning tree instance on all ports in order of port number.

■ If only a port list is specified, the command displays information about all spanning tree instances on these ports in order of port number.

■ If both a spanning tree instance and a port list are specified, the command displays spanning tree information about the specified spanning tree instance and the specified ports in order of spanning tree instance ID.

MSTP status information includes the following:

■ Global CIST parameters: Protocol operation mode, switch priority in the CIST instance, MAC address, Hello time, Max Age, Forward delay, Max hop count, the common root bridge of the CIST, the external path cost for the switch to reach the CIST common root bridge, the region root, the internal path cost for the switch to reach the region root, CIST root port of the switch, and the status of the BPDU protection function (enabled or disabled).

■ CIST port parameters: Port protocol, port role, port priority, path cost, the designated bridge, the designated port, edge port/non-edge port, connected/not connected to a point-to-point link, the maximum transmission speed, the type of the root protection feature, VLAN mappings, Hello time, Max age, Forward delay, Message-age time, and Remaining-hops.

■ Global MSTI parameters: MSTI ID, bridge priority of the instance, region root, internal path cost, MSTI root port, and Master bridge.

■ MSTI port parameters: Port status, role, priority, path cost, the designated bridge, the designated port, and Remaining Hops.

The statistics includes the number of the TCN BPDUs, the configuration BPDUs, the RST BPDUs, and the MST BPDUs transmitted/received by the port.

Related Command reset stp

Table 71 Description on the fields of the display stp command

Field Description

MSTID The ID of a spanning tree instance in the MST region

Port Port number corresponding to the spanning tree instance

Role Port role

STP State STP state of the port, which can be forwarding or discarding.

Protection Protection type of the port

3Com Switch 4200G Family display stp region-configuration ● 311 Command Reference

display stp region-configuration

Purpose Use the display stp region-configuration command to display the MST region configuration.

Information displayed includes:

■ the region name

■ region revision level

■ spanning tree instance-to-VLAN mappings configured for the switch

Syntax display stp region-configuration

Parameters None

Example To display the configurations of the MST regions, enter the following:

<S4200G> display stp region-configurationOper Configuration Format selector :0 Region name :hello Revision level :0

Instance Vlans Mapped 0 21 to 4094 1 1 to 10 2 11 to 20


■ Any view

Related Command stp region-configuration

Table 72 Description on the fields of the display stp region-configuration command

Field Description

Format selector Selector specified by MSTP

Region name Name of the MST region

Revision level Revision level of the MST region

Instance Vlans Mapped Spanning tree instance-to-VLAN mappings in the MST region

312 ● display tcp statistics 3Com Switch 4200G Family Command Reference

display tcp statistics

Purpose Use the display tcp statistics command to view the statistics information about TCP packets.

Syntax display tcp statistics

Parameters None

Example To view statistics about TCP packets, enter the following:

<S4200G> display tcp statisticsReceived packets:Total: 753packets in sequence: 412 (11032 bytes)window probe packets: 0, window update packets: 0checksum error: 0, offset error: 0, short error: 0duplicate packets: 4 (88 bytes), partially duplicate packets: 5 (7 bytes)out-of-order packets: 0 (0 bytes)packets of data after window: 0 (0 bytes)packets received after close: 0ACK packets: 481 (8776 bytes)duplicate ACK packets: 7, too much ACK packets: 0

Sent packets:Total: 665urgent packets: 0control packets: 5 (including 1 RST)window probe packets: 0, window update packets: 2data packets: 618 (8770 bytes) data packets retransmitted: 0 (0 bytes)ACK-only packets: 40 (28 delayed)

Retransmitted timeout: 0, connections dropped in retransmitted timeout: 0Keepalive timeout: 0, keepalive probe: 0, keepalive timeout, so connections disconnected : 0Initiated connections: 0, accepted connections: 0, established connections: Closed connections: 0 (dropped: 0, initiated dropped: 0

Table 73 Description on the fields of the display tcp statistics command

Field Description

Received packets Indicates that the following is the statistics for the received packets.

Total Total number of received packets

packets in sequence Number of packets reached in sequence

window probe packets Number of window probe packets

checksum error Number of checksum error packets

offset error Number of length error packets

short error Number of too short packets

duplicate packets Number of completely duplicate packets

3Com Switch 4200G Family display tcp statistics ● 313 Command Reference


■ Any view

Description The statistics are mainly divided into two parts: those for received packets, and those for sent packets. Each part contains information about different types of packets, such as duplicate packets and checksum error packets in received packets. At the end of the display output are the statistics relevant to the connections, such as the accepted connections, the number of the retransmitted packets, and the number of keepalive probe packets. Most of the above statistics are offered in packets; several ones are offered in bytes.

Related Commands ■ display tcp status

■ reset tcp statistics

partially duplicate packets

Number of partly duplicate packets

out-of-order packets Number of out-of-order packets

packets of data after window

Number of after-window packets

packets received after close

Number of packets reached after the connection is closed

ACK packets Number of ACK packets

duplicate ACK packets Number of duplicate ACK packets

Sent packets Indicates that the following is the statistics for the sent packets.

Total Total number of sent packets

urgent packets Number of urgent data packets

control packets Number of control packets

window probe packets Number of window probe packets

window update packets Number of window update packets

data packets Number of data packets

ACK-only packets Number of ACK packets

Retransmitted timeout Timeout times of the retransmission timer

connections dropped in retransmitted timeout

Number of connections dropped due to out-of-limit retransmission times

Keepalive timeout Timeout times of the keepalive timer

keepalive probe Number of sent keepalive probe packets

keepalive timeout, so connections disconnected

Number of connections torn down due to keepalive probe failure

Initiated connections Number of initiated connections

accepted connections Number of accepted connections

established connections Number of established connections

Closed connections Number of closed connections

Table 73 Description on the fields of the display tcp statistics command

Field Description

314 ● display tcp status 3Com Switch 4200G Family Command Reference

display tcp status

Purpose Use the display tcp status command to view the TCP connection state.

Syntax display tcp status

Parameters None

Example To display the state of all TCP connections, enter the following:

<S4200G> display tcp status

TCPCB Local Add:port Foreign Add:port State03e37dc4 0.0.0.0:4001 0.0.0.0:0 Listening04217174 100.0.0.204:23 100.0.0.253:65508 Established


■ Any view

Table 74 Description of the display tcp status command

Field Description

Local Add:port Local IP address: local port

Foreign Add:port Remote IP address; remote port

State State of the TCP link

3Com Switch 4200G Family display this ● 315 Command Reference

display this

Purpose Use the display this command to display the current configuration performed in the current view of the system.

Syntax display this [ by-linenum ]

Parameters by-linenum Displays the number of each line.

Example Display the running configuration parameters in the current view of the system with each line number.

<S4200G> display this#return


■ Any view

Description After performing a group of configurations in a view, you can use the display this command to verify the configuration results by checking the currently valid parameters.

■ This command does not display the currently valid configuration parameters which have the same values with the corresponding default working parameters.

■ This command does not display the parameters whose corresponding functions do not take effect even though these parameters have been configured.

■ Executing this command in different interface views display the configurations on the corresponding interfaces.

■ Executing this command in different protocol views display the configurations in the corresponding protocol views.

■ Executing this command in different protocol sub-views display the configurations in the corresponding protocol sub-views.

316 ● display time-range 3Com Switch 4200G Family Command Reference

display time-range

Purpose Use the display time-range command to view the configuration and status of the current time range. You will see the active or inactive state outputs respectively.

Syntax display time-range { all | name }

Parameters all Specifies to display all time ranges.

name Specifies the name of the time range. Valid values are a character string that starts with a letter (a-z or A-Z), and is 1 to 32 characters long.

Example Display all the time ranges.

<S4200G> display time-range allCurrent time is 14:36:36 Apr/2/2003 Thursday

Time-range : hhy ( Inactive ) from 08:30 2/5/2005 to 18:00 2/19/2005

Time-range : hhy1 ( Inactive )

from 08:30 2/5/2003 to 18:00 2/19/2003

Display the time range named "tm1".

<S4200G> display time-range tm1Current time is 14:37:31 Apr/3/2003 Thursday

Time-range : tm1 ( Inactive ) from 08:30 2/5/2005 to 18:00 2/19/2005

Table 75 Field Descriptions for All Time Ranges

Field Description

Current time is 14:36:36 Apr/3/2003 Thursday

The current time of the system.

Time-range : hhy ( Inactive ) from 08:30 2/5/2005 to 18:00 2-19-2005

Time range hhy. "Inactive" indicates that this time range is currently in the inactive state (while "Active" indicates that the time range is in the active state), and the time range is from 8:30 February 5, 2005 to 18:00 February 19 2005.

Table 76 Field Descriptions for Specific Time Range

Field Description

Current time is 14:36:36 Apr/3/2003 Thursday

The current time of the system

Time-range : tm1 ( Inactive ) from 08:30 2/5/2005 to 18:00 2/19/2005

Time range tm1. "Inactive" indicates that this time range is currently in the inactive state (while "Active" indicates that the time range is in the active state), and the time range is from 8:30 February 5, 2005 to 18:00 February 19 2005

3Com Switch 4200G Family display time-range ● 317 Command Reference


■ Any view

Related Command time-range

318 ● display trapbuffer 3Com Switch 4200G Family Command Reference

display trapbuffer

Purpose Use the display trapbuffer command to display the status of the trap buffer and the records in the trap buffer.

Syntax display trapbuffer [ unit unit-id ] [ size buffersize ]

Parameters unit-id Unit identification.

size Specifies the size of the trap buffer.

buffersize Size of the memory buffer, represented by the number of messages it holds. It ranges from 1 to 1024 and defaults to 256.

Example Display the status of the trap buffer and the records in the trap buffer.

<S4200G> display trapbufferTrapping Buffer Configuration and contents:enabledallowed max buffer size : 1024actual buffer size : 256channel number : 3 , channel name : trapbufferdropped messages : 0overwrote messages : 0current messages : 6

#Dec 31 14:01:25 2004 S4200G DEV/2/LOAD FINISHED: Trap 1.3.6.1.4.1.2011.2.23.1.12.1.20: frameIndex is 0, slotIndex 0.4

#Dec 31 14:01:33 2004 S4200G DEV/2/BOARD STATE CHANGE TO NORMAL: Trap 1.3.6.1.4.1.2011.2.23.1.12.1.11: frameIndex is 0, slotIndex 0.2

#Dec 31 14:01:40 2004 S4200G DEV/2/BOARD STATE CHANGE TO NORMAL: Trap 1.3.6.1.4.1.2011.2.23.1.12.1.11: frameIndex is 0, slotIndex 0.……


■ Any view

Description Executing the command with the size buffersize parameters will display the latest trap records, with the number of the records being the specified size at most.

3Com Switch 4200G Family display udp-helper server ● 319 Command Reference

display udp-helper server

Purpose Use the display udp-helper server command to view the information of destination Helper server corresponding to the VLAN interface.

Syntax display udp-helper server [ interface vlan-interface vlan_id ]

Parameters vlan_id VLAN interface ID.

Example To display the information of destination Helper server corresponding to the VLAN interface 1, enter the following:

<SW4200G>display udp-helper server interface vlan-interface 1interface name server addresspackets sent VLAN-interface1 192.1.1.20


■ Any view

320 ● display user-interface 3Com Switch 4200G Family Command Reference

display user-interface

Purpose Use the display user-interface command to view information on a user interface.

Syntax display user-interface [ type number | number ] [summary]

Parameters type number Specifies the type and number of the user interface you want to display details on, for example VTY 3.

number Specifies the index number of the user interface you want to display details on.

summary Displays the summary of a user interface.

Example Display the information about user interface 0.

<S4200G> display user-interface 0 Idx Type Tx/Rx Modem Privi Auth IntF 0 AUX 0 9600 - 3 N -

+ : Current user-interface is active. F : Current user-interface is active and work in async mode. Idx : Absolute index of user-interface. Type : Type and relative index of user-interface. Privi: The privilege of user-interface. Auth : The authentication mode of user-interface. Int : The physical location of UIs. A : Authenticate use AAA. N: Current UI need not authentication. P: Authenticate use current UI's password.

Table 77 Output description of the display user-interface command

Field Description

+ Indicates that the user interface is in use

F Indicates that the current user interface is in use and working in asynchronous mode

Idx Displays the absolute index number of the user interface

Type Displays the user interface type and relative index of the user interface

Tx/Rx Displays the transmission speed of the user interface

Modem Indicates whether or not a modem is used

Privi Indicates the command level that can be accessed from this user interface

Auth Indicates the user interface authentication method

Int Indicates the physical location of the user interface

3Com Switch 4200G Family display user-interface ● 321 Command Reference

Display the summary information of user interface 0.

<SW4200G>dis user-interface summary User interface type : [AUX]

0:UUser interface type : [VTY]

1:XXXX X

1 character mode users. (U) 5 UI never used. (X)1 total UIs in use.


■ Any view

Description Use the display user-interface command to display the information about a specified user interface or all user interfaces, including user interface type, absolute/relative user interface number, transmission speed, available command level, authentication mode, and physical position.

You can choose to access this information by user interface type and type number, or by user interface index number. The information displayed is the same whichever access method you use.

This command without the summary parameter displays user interface type, absolute/relative index, transmission speed, priority, authentication methods, and physical location. This command with the summary parameter displays one user interface in use with user interface name and other user interface information.

Table 78 Output Description of the display user-interface summary command

Field Description

0: U User interface type

1 character mode users One type of user interface

1 total UIs in use The total number of user interfaces in use

UI’s name User interface name

322 ● display users 3Com Switch 4200G Family Command Reference

display users

Purpose Use the display users command to display the information about user interfaces. If you do not specify the all keyword, only the information about the current user interface is displayed.

Syntax display users [ all ]

Parameters all Displays information on all user interfaces.

Example To display information on the current user interface, enter the following

<S4200G> display users UI Delay Type Ipaddress Username UserlevelF 0 AUX 0 00:00:00 3

+ : Current operation user. F : Current operation user work in async mode.F 0 AUX 0 00:00:00

The categories of information displayed are as follows:


■ Any view

Table 79 Output description of the display users command

Field Description

F Indicates that the user interface is in use and is working in asynchronous mode

UI The numbers in the left sub-column are the absolute user interface indexes, and those in the right sub-column are the relative user interface indexes.

Delay Indicates the interval from the latest input until now, in seconds.

Type Indicates the user interface type.

IPaddress Displays the IP address form which the user logs in.

Username Display the login name of the user who is using this interface

Userlevel Display the level of the user using this user interface

3Com Switch 4200G Family display users ● 323 Command Reference

display users

Purpose Use the display users command to display the status and configuration information about user terminal interfaces. Use the display users all command to view the information on all user terminal interfaces.

Syntax display users [ all ]

Parameters all Displays the information about all user terminal interfaces (including the inactive user terminal interfaces).

Example To display the status and configuration information about user terminal interfaces.

<S4200G> [S4200G] display users UI Delay Type Ipaddress Username UserlevelF 0 AUX 0 00:00:00 3

+ : Current operation user. F : Current operation user work in async mode.


■ Any view

324 ● display version 3Com Switch 4200G Family Command Reference

display version

Purpose Use the display version command to view the software version, issue date and the basic hardware configuration information.

Syntax display version

Parameters None

Example Display the information about the system version.

<S4200G> display versionCopyright Notice: All rights reserved (Sep 23 2005). Without the owner's prior written consent, no decompiling nor reverse-engineering shall be allowed. 3Com Versatile Routing Platform Software VRP(R) software, Version V2.11, Release 0001 Copyright (c) 2003-2005 3Com Corporation All rights reserved. Copyright (c) 2000-2003 3Com Corporation All rights reserved. Switch 4200G 24-Port uptime is 0 week, 0 day, 4 hours, 5 minutes

Switch 4200G 24-Port with 1 MIPS Processor 64M bytes DRAM 8M bytes Flash Memory Config Register points to FLASH

Hardware Version is VER.A Bootrom Version is 291 [Subslot 0] 24 GE Hardware Version is VER.A


■ Any view

3Com Switch 4200G Family display vlan ● 325 Command Reference

display vlan

Purpose Use the display vlan command to display the ports operating in the manual/automatic mode in the current voice VLAN.

Syntax display vlan vlan-id

Parameters vlan-id Voice VLAN ID. Valid values are 1 to 4,094.

Example Display the ports included in the current voice VLAN, assuming that the current voice VLAN is VLAN 6.

<S4200G> dis vlan 6 VLAN ID: 6 VLAN Type: static Route Interface: not configured Description: VLAN 0006 Name: VLAN 0006 Tagged Ports: Ethernet1/0/5 Untagged Ports: Ethernet1/0/6

The output indicates that Ethernet1/0/5 and Ethernet1/0/6 ports are in the current voice VLAN.


■ Any view

Related Command voice vlan enable

326 ● display vlan 3Com Switch 4200G Family Command Reference

display vlan

Purpose Use the display vlan command to view related information about specified VLANs or all VLANs.

Syntax display vlan [ vlan-id1 [ to vlan-id2 ] | all | static | dynamic ]

Parameters vlan-id1 Specifies the beginning VLAN ID of the VLAN ID range. Displays information about the VLANs with their ID within this range. This value ranges from 1 to 4,094.

to Specifies a VLAN ID range.

vlan-id2 Specifies the ending VLAN ID of the VLAN ID range. This value ranges from 1 to 4,094 and must be larger than vlan-id1.

all Displays information on all VLANs.

static Displays information on VLANs created statically by the system.

dynamic Displays information on VLANs created dynamically by the system.

Example To display information about VLAN 2:

<S4200G> display vlan 2 VLAN ID: 2 VLAN Type: static Route interface: not configured Description: VLAN 0001 Name: VLAN 0003 Tagged Ports: none Untagged Ports: GigabitEthernet1/0/1 GigabitEthernet1/0/2 GigabitEthernet1/0/3


■ Any view

Table 80 Description on the fields of the display vlan command

Field Description

VLAN ID VLAN ID

VLAN Type VLAN type (dynamic or static)

Route interface Whether the routing function is enable for this VLAN

Description Description string

Name VLAN name

Tagged Ports The ports that tag packets

Untagged Ports The ports that do not tag packets

3Com Switch 4200G Family display vlan ● 327 Command Reference

Description The information displayed includes:

■ VLAN ID

■ VLAN type (dynamic or static)

■ Whether the routing function is enabled (If yes, the primary IP address and mask are displayed.)

■ VLAN description

■ Member ports

If no value or keyword is specified, this command displays the list of all the existing VLANs. If the dynamic or static keyword is specified, this command displays the list of the VLANs that are created dynamically or statically.

Related Command vlan

328 ● display voice vlan oui 3Com Switch 4200G Family Command Reference

display voice vlan oui

Purpose Use the display voice vlan oui command to display the currently supported OUI addresses and the related information.

Syntax display voice vlan oui

Parameters None

Examples Display the OUI addresses and the related information of the voice VLAN.

<S4200G> display voice vlan ouiOui Address Mask Description00e0-bb00-0000 ffff-ff00-0000 3com phone0003-6b00-0000 ffff-ff00-0000 Cisco phone00e0-7500-0000 ffff-ff00-0000 Polycom phone00d0-1e00-0000 ffff-ff00-0000 Pingtel phone 00aa-bb00-0000 ffff-ff00-0000 ABC


■ Any view

Related Command ■ voice vlan enable

3Com Switch 4200G Family display voice vlan status ● 329 Command Reference

display voice vlan status

Purpose Use the display voice vlan status command to display voice VLAN-related information, including voice VLAN operation mode, port mode (manual mode or automatic mode), and so on.

Syntax display voice vlan status

Parameters None

Example Display the information about the voice VLAN.

[S4200G] display voice vlan statusVoice Vlan status: ENABLEVoice Vlan ID: 2Voice Vlan security mode: SecurityVoice Vlan aging time: 100 minutesCurrent voice vlan enabled port mode:PORT MODE--------------------------------Ethernet1/0/2 AUTOEthernet1/0/3 MANUAL

CAUTION: The "Current voice vlan enable port mode" field lists the ports with the voice VLAN function enabled. Note that a port listed in this field may not currently operate in a voice VLAN.


■ Any view

Related Commands ■ display vlan

■ voice vlan enable

Table 81 Description on the fields of the display voice vlan status command

Field Description

Voice Vlan status: ENABLE The voice VLAN function is enabled globally.

Voice Vlan ID: 2 The voice VLAN function is currently enabled on VLAN 2.

Voice Vlan security mode: Security The voice VLAN security mode is enabled.

Voice Vlan aging time: 100 minutes The voice VLAN aging time is 100 minutes.

Current voice vlan enable port mode The ports with the voice VLAN function enabled

330 ● domain 3Com Switch 4200G Family Command Reference

domain

Purpose Use the domain command to create an ISP domain and enter its view, or enter the view of an existing ISP domain, or configure the default ISP domain.

Use the undo domain command to delete a specified ISP domain.

Syntax domain { isp-name | default { disable | enable isp-name } }

undo domain isp-name

Parameters isp-name Specifies an ISP domain name. The name is character string up to 24 characters in length, excluding:

■ /

■ :

■ *

■ ?

■ <

■ >

default Configures the default ISP domain, which is system by default. There is one and only one default ISP domain.

■ enable: Enables the default ISP domain specified by isp-name.

■ disable: Disables the default ISP domain.

Default By default, a domain named system has been created in the system. The attributes of system are all default values. There is one and only one default ISP domain.

Example To create a new ISP domain, aabbcc.net, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] domain aabbcc.netNew Domain added.[S4200G-isp-aabbcc.net]


■ System view

3Com Switch 4200G Family domain ● 331 Command Reference

Description After you execute the domain command, the system creates a new ISP domain if the specified ISP domain does not exist. Once an ISP domain is created, it is in the active state. You can manually configure the default domain only when it already exists.

ISP domain is a group of users belonging to the same ISP. Generally, for a username in the userid@isp-name format, taking [email protected] as an example, the isp-name (that is, 3Com163.net) following the @ is the ISP domain name. When 3Com 4200G Series Ethernet Switches control user access, as for an ISP user whose username is in userid@isp-name format, the system will take userid part as username for identification and take isp-name part as domain name.

The purpose of introducing ISP domain settings is to support the application environment with several ISP domains. In this case, an access device may have supplicants from different ISP domains. Because the attributes of ISP users, such as username and password structures, service types, may be different, it is necessary to separate them by setting ISP domains. In ISP Domain View, you can configure a complete set of exclusive ISP domain attributes for each ISP domain, which includes AAA schemes (RADIUS scheme applied and so forth.)

For a Switch, each supplicant belongs to an ISP domain. The system supports up to 16 ISP domains. If a user has not reported its ISP domain name, the system will put it into the default domain.

When this command is used, if the specified ISP domain does not exist, the system will create a new ISP domain. All the ISP domains are in the active state when they are created.

Related Commands ■ access-limit

■ display domain

■ radius-scheme

■ state

332 ● dot1x 3Com Switch 4200G Family Command Reference

dot1x

Purpose Use the dot1x command to enable 802.1x on the specified port or globally, (that is on the current device).

Use the undo dot1x command to disable the 802.1x on the specified port or globally.

Syntax dot1x [ interface interface-list ]

undo dot1x [ interface interface-list ]

Parameters interface interface-list Ethernet port list. You can specify multiple Ethernet ports by providing this argument in the form:

interface-list = { interface-name [ to interface- name] & < 1-10 >.

The interface-name argument is the port index of an Ethernet port and can be specified in this form:


interface-type specifies the type of a port

interface-num identifies the port number. Note that the interface name after the keyword to must have an interface-num that is greater than or equal to that of the interface-name before to.

&<1-10> means that up to 10 port indexes/port index lists can be provided,

Default By default, 802.1x is disabled on all the ports and globally on the device.

Example To enable 802.1x for GigabitEthernet1/0/1 port, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] dot1x interface GigabitEthernet 1/0/1

To enable 802.1x globally, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] dot1x


■ System view

3Com Switch 4200G Family dot1x ● 333 Command Reference


Description When being executed in system view, the dot1x command enables 802.1x globally if you do not provide the interface-list argument. And if you specify the interface-list argument, the command enables 802.1x for the specified Ethernet ports. When being executed in Ethernet port view, this command enables 802.1x for the current Ethernet port only. In this case, the interface-list argument is not needed.

You can perform 802.1x-related configurations (globally or on specified ports) either before or after 802.1x is enabled. If you do not previously perform other 802.1x-related configurations when enabling 802.1x globally, the switch adopts the default 802.1x settings.

802.1x-related configurations take effect on a port only after 802.1x is enabled both globally and on the port.

Configurations of 8021.x and the maximum number of MAX addresses that can be learnt are mutually exclusive. This means that when 802.1x is enabled for a port, it cannot also have the maximum number of MAX addresses to be learned configured at the same time. And if you configure the maximum number of MAX addresses that can be learnt for a port, 802.1x is unavailable to it.

Related Command display dot1x

334 ● dot1x authentication-method 3Com Switch 4200G Family Command Reference

dot1x authentication-method

Purpose Use the dot1x authentication-method command to set 802.1x authentication mode.

Use the undo dot1x authentication-method command to revert to the default 802.1x authentication mode.

Syntax dot1x authentication-method { chap | pap | eap }

undo dot1x authentication-method

Parameters chap Authenticates with the help of challenge handshake authentication protocol (CHAP). CHAP applies a three-way handshaking procedure. In this method, user names are transmitted rather than passwords. Therefore this method is safer.

pap Authenticates with the help of password authentication protocol (PAP). PAP applies a two-way handshaking procedure. In this method, passwords are transmitted in plain text.

eap Authenticates with the help of extensible authentication protocol (EAP). In an EAP authentication method, a switch sends 802.1x authentication information directly to the RADIUS server in EAP packets, instead of having to convert them into RADIUS packets before forwarding to the RADIUS server. EAP authentication can be realized in one of the three sub-methods: PEAP, EAP-TLS, and EAP-MD5.

Default The default 802.1x authentication method is CHAP.

Example To specify the authentication method to be PAP, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] dot1x authentication-method pap


■ System view


3Com Switch 4200G Family dot1x dhcp-launch ● 335 Command Reference

dot1x dhcp-launch

Purpose Use the dot1x dhcp-launch command to specify an 802.1x-enabled switch to launch the process to authenticate a supplicant system when the supplicant system applies for a dynamic IP address through DHCP.

Use the undo dot1x dhcp-launch command to disable an 802.1x-enabled switch from authenticating a supplicant system when the supplicant system applies for a dynamic IP address through DHCP.

Syntax dot1x dhcp-launch

undo dot1x dhcp-launch

Parameters None

Default By default, an 802.1x-enabled switch does not authenticate a supplicant system when the latter applies for a dynamic IP address through DHCP.

Example To configure to authenticate a supplicant system when it applies for a dynamic IP address through DHCP, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] dot1x dhcp-launch


■ System view

Related Command dot1x

336 ● dot1x guest-vlan 3Com Switch 4200G Family Command Reference

dot1x guest-vlan

Purpose Use the dot1x guest-vlan command to enable the Guest VLAN function for specified ports.

Use the undo dot1x guest-vlan command to disable the Guest VLAN function for specified ports.

Syntax dot1x guest-vlan vlan-id [ interface interface-list ]

undo dot1x guest-vlan vlan-id [ interface interface-list ]

Parameters vlan-id VLAN ID to be assigned to the Guest VLAN. This argument ranges from 1 to 4,094. If not specified, the default is 1.









Example To specify the authentication method to be port-based authentication, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] dot1x port-method portbased

To enable the Guest VLAN function for all ports, enter the following:

[S4200G] dot1x guest-vlan 1


■ System view


3Com Switch 4200G Family dot1x guest-vlan ● 337 Command Reference

Description When being executed in system view, these two commands apply to all ports if you do not provide the interface-list argument. If you provide this argument, these two commands apply to the specified ports.

When being executed in Ethernet port view, these two commands apply to the current port and the interface-list argument is not needed.

CAUTION:

The Guest VLAN function is available only when the switch operates in the port-based authentication mode.

Only one Guest VLAN can be configured for a switch.

Supplicant systems that are not authenticated, fail to pass the authentication, or are offline belong to Guest VLANs.

Before configuring the Guest VLAN function, make sure the VLAN to be specified as the Guest VLAN already exists.

Related Command ■ name

■ vlan-assignment-mode

338 ● dot1x max-user 3Com Switch 4200G Family Command Reference

dot1x max-user

Purpose Use the dot1x max-user command to set the maximum number of systems an Ethernet port can accommodate.

Use the undo dot1x max-user command to restore the default value.

Syntax dot1x max-user user-number [ interface interface-list ]

undo dot1x max-user [ interface interface-list ]

Parameters user-number Maximum number of users a port can accommodate, ranging from 1 to 256. The default number is 256.









Example To configure the maximum number of users that GigabitEthernet1/01 can accommodate to be 32, enter the following;

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] dot1x max-user 32 interface GigabitEthernet 1/0/1


■ System view


Description When being executed in system view, these two commands apply to all Ethernet ports of the switch if you do not provide the interface-list argument. And if you

3Com Switch 4200G Family dot1x max-user ● 339 Command Reference

specify the interface-list argument, these commands apply to the specified Ethernet ports.

When being executed in Ethernet port view, these two commands apply to the current Ethernet port only. In this case, the interface-list argument is not needed.


340 ● dot1x port-control 3Com Switch 4200G Family Command Reference

dot1x port-control

Purpose Use the dot1x port-control command to specify the access control method for specified Ethernet ports.

Use the undo dot1x port-control command to revert to the default access control method.

Syntax dot1x port-control { auto | authorized-force | unauthorized-force } [ interface interface-list ]

undo dot1x port-control [ interface interface-list ]

Parameters auto Specifies to operate in auto access control mode. In this mode, a port is initialized to take all users as unauthorized:

It only allows EAPoL packets to pass through and grants users no permission to network resources.

Only after the users have passed the authentication will the port classify them as authorized and allow them access to the network resources, which is often the case.

authorized-force Specifies to operate in authorized-force access control mode.

unauthorized-force Specifies to operate in unauthorized-force access control mode. Ports in this mode are constantly in unauthorized state. Supplicant systems connected to them cannot access the network.









3Com Switch 4200G Family dot1x port-control ● 341 Command Reference

Default The default access control method is auto.

Example To specify GigabitEthernet1/0/1 port to operate in unauthorized-force access control mode, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] dot1x port-control unauthorized-force interface GigabitEthernet 1/0/1


■ System view


Description When being executed in system view, these two commands apply to all Ethernet ports of the switch if you do not provide the interface-list argument. And if you specify the interface-list argument, these commands apply to the specified Ethernet ports.

When being executed in Ethernet port view, these two commands apply to the current Ethernet port only. In this case, the interface-list argument is not needed.


342 ● dot1x port-method 3Com Switch 4200G Family Command Reference

dot1x port-method

Purpose Use the dot1x port-method command to specify the access control method for specified Ethernet ports.

Use the undo dot1x port-method command to restore the default access control base.

Syntax dot1x port-method { macbased | portbased } [ interface interface-list ]

undo dot1x port-method [ interface interface-list ]

Parameters macbased Configures the 802.1x authentication system to perform authentication on the supplicant based on MAC address.

portbased Configures the 802.1x authentication system to perform authentication on the supplicant based on port number.









Default The default access control method is MAC address-based. That is, the macbased keyword is specified by default.



3Com Switch 4200G Family dot1x port-method ● 343 Command Reference

Example To specify to authenticate supplicant systems connected to Ethernet1/0/1 port by port numbers, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] dot1x port-method portbased interface Ethernet 1/0/1

Description Note:

■ If you specify to authenticate supplicant systems by MAC addresses (that is, the macbased keyword is specified), all supplicant systems connected to the specified Ethernet ports are authenticated separately. And if an online user logs off, others are not affected.

■ If you specify to authenticate supplicant systems by port numbers (that is, the portbased keyword is specified), all supplicant systems connected to a specified Ethernet port are able to access the network without being authenticated if a supplicant system among them passes the authentication. And when the supplicant system logs off, the network is inaccessible to all other supplicant systems either.

■ When being executed in system view, these two commands apply to all Ethernet ports of the switch if you do not provide the interface-list argument. And if you specify the interface-list argument, these commands apply to the specified Ethernet ports.

■ When being executed in Ethernet port view, these two commands apply to the current Ethernet port only. In this case, the interface-list argument is not needed.


344 ● dot1x quiet-period 3Com Switch 4200G Family Command Reference

dot1x quiet-period

Purpose Use the dot1x quiet-period command to enable the quiet-period timer.

Use the undo dot1x quiet-period command to disable this timer.

Syntax dot1x quiet-period

undo dot1x quiet-period

Parameters None

Default By default, the quiet-period timer is disabled.

Example To enable the quiet-period timer, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] dot1x quiet-period


■ System view

Description When a supplicant system fails to pass the authentication, the authenticator system (such as a S4200G Ethernet switch) will stay quiet for a period (determined by the quiet-period timer) before it performs another authentication. During the quiet period, the authenticator system performs no 802.1x authentication.

Related Commands ■ display dot1x

■ dot1x timer

3Com Switch 4200G Family dot1x retry ● 345 Command Reference

dot1x retry

Purpose Use the dot1x retry command to specify the maximum number of times a switch can transmit the authentication request frame to supplicant systems.

Use the undo dot1x retry command to restore the default.

Syntax dot1x retry max-retry-value

undo dot1x retry

Parameters max-retry-value Maximum number of times that a switch sends authentication request packets to online supplicant systems. This argument ranges from 1 to 10 and defaults to 2.

Example To specify the maximum number of times that the switch will re-send authentication request packets to be 9, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] dot1x retry 9


■ System view

Description After the Switch has transmitted an authentication request frame to the user for the first time, if no user response is received during the specified time-range, the Switch will re-transmit authentication request to the user. This command is used to specify how many times the Switch can re-transmit the authentication request frame to the supplicant. When the time is 1, the Switch is configured to transmit the authentication request frame only once. 2 indicates that the Switch is configured to transmit authentication request frame once again when no response is received for the first time and so on. This command has an effect on all the ports after configuration.


346 ● dot1x retry-version-max 3Com Switch 4200G Family Command Reference

dot1x retry-version-max

Purpose Use the dot1x retry-version-max command to set the maximum number of retries for a switch to send version request packets to an online supplicant system.

Use the undo dot1x retry-version-max command to restore the default.

Syntax dot1x retry-version-max max-retry-version-value

undo dot1x retry-version-max

Parameters max-retry-version-value Specifies the maximum number of times that a switch will send version request packets to a supplicant system. This argument ranges from 1 to 10.

Default The default is 3.

Example To configure the maximum number of times that the switch will re-send version request packets to be 6, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] dot1x retry-version-max 6


■ System view

Description Having sent a version request packet to the supplicant system, the switch will re-send the packet if within a preset period (as determined by the client version timer) it still has not received any response from the supplicant system. When the number set by this command has reached and there is still no response from the supplicant system, the switch will continue its following authentication without sending further version requests. This command applies to all ports.

Related Commands ■ display dot1x

■ dot1x timer

3Com Switch 4200G Family dot1x timer ● 347 Command Reference

dot1x timer

Purpose Use the dot1x timer command to set the 802.1x timers.

Use the undo dot1x timer command to restore the default values.

Syntax‘ dot1x timer { handshake-period handshake-period-value | quiet-period quiet-period-value | tx-period tx-period-value | supp-timeout supp-timeout-value | server-timeout server-timeout-value |ver-period ver-period-value }

undo dot1x timer { handshake-period | quiet-period | tx-period | supp-timeout | server-timeout | ver-period }

Parameters handshake-period Handshake period timer, triggered when the user has successfully passed the authentication. It sets the time interval for the switch to re-send handshake request packets to check whether the user is still online. If after N times (as specified by the dot1x retry command) of retries, the switch still has not received any response packet from the supplicant system, it will assume that the user is offline.

handshake-period-value Specifies the value of the handshake timer, in seconds. This value can range from 1 to 1024 with a default value of 15.

quiet-period Specifies the quiet timer. If an 802.1x user has not passed the authentication, the Authenticator will keep quiet for a while (which is specified by quiet-period timer) before launching the authentication again. During the quiet period, the Authenticator does not do anything related to 802.1x authentication.

quiet-period-value Specifies how long the quiet period is. Valid values are 10 to 120 seconds. If not specified, the default is 60 seconds.

server-timeout Specifies the timeout timer of an Authentication Server. If an Authentication Server has not responded before the specified period expires, the Authenticator will re-send the authentication request.

server-timeout-value Specifies how long the duration of a timeout timer of an Authentication Server is. Valid values are 100 to 300 seconds. If not specified, the default is 100 seconds.

supp-timeout Specifies the authentication timeout timer of a Supplicant. After the Authenticator sends Request/Challenge request packet which requests the MD5 encrypted text, the supp-timeout timer of the Authenticator begins to run. If the Supplicant does not respond back successfully within the time range set by

348 ● dot1x timer 3Com Switch 4200G Family Command Reference

this timer, the Authenticator will re-send the above packet.

supp-timeout-value Specifies how long the duration of an authentication timeout timer of a Supplicant is. Valid values are 10 to 120 seconds. If not specified, the default is 30 seconds.

tx-period Specifies the transmission timeout timer. After the Authenticator sends the Request/Identity request packet which requests the user name or user name and password together, timer of the Authenticator begins to run. If the Supplicant does not respond back with authentication reply packet successfully, then the Authenticator will re-send the authentication request packet.

tx-period-value Specifies how long the duration of the transmission timeout timer is. Valid values are 10 to 120 seconds. If not specified, the default is 30 seconds.

ver-period Client-version-checking period timer, if within the period, no response packet has been sent back from the supplicant system, the switch will re-send the client version checking request packet.

ver-period-value Value of the client-version-checking period timer, in seconds. This value can range from 1 to 30 with a default value of 30.

Example To set the Authentication Server timeout timer to 150s, enter the following:

<SW4200G> system-viewSystem View: return to User View with Ctrl+Z.[SW4200G]dot1x timer server-timeout 150.


■ System view

Description During an 802.1x authentication process, multiple timers are triggered to ensure that the supplicant systems, the authenticator systems, and the Authenticator servers interact with each other in an arranged way. To make authentications being processed in a desired way, you can use the dot1x timer command to set values for these timers as needed. This may be necessary in certain situations or for some tough network environments. Normally, the defaults are recommended. (Note that some timers cannot be adjusted.)


3Com Switch 4200G Family dot1x version-check ● 349 Command Reference

dot1x version-check

Purpose Use the dot1x version-check command to enable 802.1x client version checking for specified Ethernet ports.

Use the undo dot1x version-check command to disable 802.1x client version checking for specified Ethernet ports.

Syntax dot1x version-check [ interface interface-list ]

undo dot1x version-check [ interface interface-list ]

Parameters interface-list Specifies the Ethernet port list. You can specify multiple ports by providing this argument in the form:








Default By default, 802.1x client version checking is disabled on all Ethernet ports.

Example To configure GigabitEthernet1/0/1 port to check the version of the 802.1x client upon receiving authentication packets, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] dot1x version-check


■ System view


350 ● dot1x version-check 3Com Switch 4200G Family Command Reference

Description In system view, execution of the dot1x version-check command enables the client version checking function for specified ports if the interface-list argument is specified, otherwise it enables the function globally. In Ethernet port view, only the current port can have their client version checking function enabled by executing this command and the interface-list argument is not needed.

3Com Switch 4200G Family duplex ● 351 Command Reference

duplex

Purpose Use the duplex command to set the port duplex attribute.

Use the undo duplex command to restore the default duplex mode (auto).

Syntax duplex { auto | full | half }

undo duplex

Parameters auto Sets the port to auto-negotiation mode. If not specified, auto is the default duplex mode.

full Sets the port to full-duplex mode.

half Sets the port to half-duplex mode.

Example SEt the GigabitEthernet 1/0/1 port in auto duplex mode

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]interface GigabitEthernet 1/0/1[S4200G-GigabitEthernet1/0/1]duplex auto



Related Command speed

352 ● enable snmp trap updown 3Com Switch 4200G Family Command Reference

enable snmp trap updown

Purpose Use the enable snmp trap updown command to enable the port to send LINK UP and LINK DOWN Trap information.

Use the undo enable snmp trap command to disable the port to send LINK UP and LINK DOWN Trap information.

Syntax enable snmp trap updown

undo enable snmp trap updown

Parameters None

Default By default, the port is enabled to send Trap information.

Example Enable port GigabitEthernet1/0/1 to send LINK UP and LINK DOWN Trap information. The community name public is used.

<S4200G> system-view[S4200G] snmp-agent trap enable[S4200G] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public[S4200G] interface GigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] enable snmp trap updown


■ System view

Description The enable snmp trap and snmp-agent target-host commands are used at the same time. You can use the snmp-agent target-host command to specify the hosts receiving Trap information. To send Trap information, you must configure at least one snmp-agent target-host command.

Related Command None

3Com Switch 4200G Family end-station polling ip-address ● 353 Command Reference

end-station polling ip-address

Purpose Use the end-station polling ip-address command to configure the IP address requiring periodic testing.

Use the undo end-station polling ip-address command to delete the IP address requiring periodic testing.

Syntax end-station polling ip-address ip-address

undo end-station polling ip-address ip-address

Parameters ip-address Specifies the IP address.

Example Configure 202.38.160.244 requiring periodical testing.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]end-station polling ip-address 202.38.160.244


■ System view

Description The switch can ping an IP address every one minute to test if it is reachable. Three PING packets can be sent at most for every IP address in every testing with a time interval of five seconds. If the switch cannot ping successfully the IP address after the three PING packets, it assumes that the IP address is unreachable.

You can configure up to 50 IP addresses by using the command repeatedly.

Related Commands ■ ping

■ tracert

354 ● execute 3Com Switch 4200G Family Command Reference

execute

Purpose Use the execute command to execute the specified batch file.

Syntax execute filename

Parameters filename Name of the batch file, consisting of a string up to 256 characters in length, with a suffix of “.bat”.

Example To execute the batch file “test.bat” in the directory of “flash:/”, enter the following:

<S4200G>sysSystem View: return to User View with Ctrl+Z.[S4200G]execute test.bat


■ System view

Description The batch command executes the command lines in the batch file one by one. There should be no invisible character in the batch file. If invisible characters are found, the batch command will quit the current execution. The forms and contents of the commands are not restricted in the batch file.

3Com Switch 4200G Family exit ● 355 Command Reference

exit

Purpose Use the exit command to terminate the connection to the remote SFTP server and return to system view.

This command has the same function as the bye and quit commands.

Syntax exit

Parameters None

Example Terminate the connection to the remote SFTP server.

sftp-client> exit[S4200G]



356 ● file prompt 3Com Switch 4200G Family Command Reference

file prompt

Purpose Use the file prompt command to modify the prompt mode of file operations on the Switch.

Syntax file prompt { alert | quiet }

Parameters alert Select confirmation on dangerous file operations. If not specified, the default value is alert.

quiet No confirmation prompt on file operations.

Example Configure the prompt mode of file operation as quiet.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z. [S4200G] file prompt quiet


■ System view

Description If the prompt mode is set as quiet, so no prompts are shown for file operations, some non-recoverable operations may lead to system damage.

3Com Switch 4200G Family flow-control ● 357 Command Reference

flow-control

Purpose Use the flow-control command to enable port flow control, to avoid packet loss in the event of network congestion.

Use the undo flow-control command to disable flow control on the port.

Syntax flow-control

undo flow-control

Parameters None

Default By default, flow control is disabled.

Example Enable flow control on the GigabitEthernet1/0/1 port.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]interface GigabitEthernet 1/0/1[S4200G-GigabitEthernet1/0/1]flow-control



358 ● format 3Com Switch 4200G Family Command Reference

format

Purpose Use the format command to format a storage device.

Syntax format device

Parameters device Device name.

Example Format flash:

<S4200G> format flash:All data on Flash will be lost , proceed with format ? [Y/N] y% Now begin to format flash, please wait for a while...Format winc: completed


■ User view


■ Formatting a storage device causes all the files on the storage device to get lost. The operation is irretrievable.

■ The format operation on the Flash leads to the loss of the configuration files.

3Com Switch 4200G Family free user-interface ● 359 Command Reference

free user-interface

Purpose Use the free user-interface command to reset a specified user interface to its default settings. The user interface will be disconnected after the reset.

Use free user-interface type to reset the interface with the specified type and type number to its default settings.

Use free user-interface number to reset the interface with the specified index number to its default settings.

Syntax free user-interface [type ] number

Parameters type Specifies the user interface type:

■ aux (auxilliary user terminal interface

■ vty (virtual user terminal interface)

number Specifies the index number of the user interface. This argument can be an absolute user interface index (if you do not provide the type argument) or a relative user interface index (if you provide the type argument).

Example Log into user interface 0 and clear user interface 1.

<S4200G> free user-interface 1

After you execute this command, user interface 1 will be disconnected. The user in it must log in again to connect to the switch.


■ User view

Description Note that the current user interface can not be cleared.

360 ● free web-users 3Com Switch 4200G Family Command Reference

free web-users

Purpose Use the free web-users command to disconnect a specified Web user or all Web users by force.

Syntax free web-users { all | user-id userid | user-name username }

Parameters userid Web user ID.

username User name of the Web user. This argument can contain 1 to 80 characters.

all Specifies all Web users.

Example Disconnect all Web users by force.

<S4200G> free web-users all


■ User view

3Com Switch 4200G Family ftp ● 361 Command Reference

ftp

Purpose Use the ftp command to establish a control connection with an FTP server and enter FTP client view.

Syntax ftp [ ipaddress [ port-number ] ]

Parameters ipaddress Host name or the IP address of an FTP server. The host name can be a string comprising 1 to 20 characters.

port-number Port number of the FTP server, ranging from 0 to 65535. The default is 21.

Example Connect to the FTP server whose IP address is 2.2.2.2.

<S4200G> ftp 2.2.2.2 Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(none):switch 331 Give me your password, please Password: 230 Logged in successfully [ftp]


■ User view

362 ● ftp cluster 3Com Switch 4200G Family Command Reference

ftp cluster

Purpose Use the ftp cluster command to establish a control connection with a cluster FTP server. This command also leads you to FTP client view.

Syntax ftp cluster

Parameters None

Example Connect to the cluster FTP server.

<123_1.S4200G> ftp clusterTrying ...Press CTRL+K to abortConnected.220 FTP service ready.User(none):hello331 Password required for hello.Password:230 User logged in.


■ User view

3Com Switch 4200G Family ftp server ● 363 Command Reference

ftp server

Purpose Use the ftp server command to configure an FTP server on the management device for the member devices in the cluster.

Use the undo ftp server command to remove the FTP server configured for the member devices in the cluster.

Syntax ftp server ip-address

undo ftp server

Parameters ip-address IP address of the FTP server to be configured for the cluster.

Default By default, the management device acts as the FTP Server.

Example Configure the IP address of an FTP server on the management device.

<aaa_0.S4200G>system-viewSystem View: return to User View with Ctrl+Z.[aaa_0.S4200G]cluster[aaa_0.S4200G-cluster] ftp-server 1.0.0.9


■ System view

Description You need to configure the IP address of an FTP server first for the member devices in a cluster to access the FTP server through the management device.

364 ● ftp server enable 3Com Switch 4200G Family Command Reference

ftp server enable

Purpose Use the ftp server enable command to enable FTP server and allow FTP users to log in.

Use the undo ftp server command to disable FTP server and inhibit FTP users from logging in.

Syntax ftp sever enable

undo ftp sever

Parameters None

Default By default, FTP server is disabled.

Example Enable the FTP server.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ftp server enable% Start FTP server


■ System view

3Com Switch 4200G Family ftp timeout ● 365 Command Reference

ftp timeout

Purpose Use the ftp timeout command to configure connection timeout interval.

Use the undo ftp timeout command to restore the default connection timeout interval.

Syntax ftp timeout minute

undo ftp timeout

Parameters minute Connection idle time (in minutes) ranging from 1 to 35,791. The default connection idle time is 30 minutes.

Example Set the connection idle time to 36 minutes.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z. [S4200G] ftp timeout 36


■ System view

Description An FTP server considers an FTP connection to be invalid and terminates the FTP connection if no data exchange occurs between it and the FTP client for a specific period of time known as connection idle time.

366 ● garp timer 3Com Switch 4200G Family Command Reference

garp timer

Purpose Use the garp timer command to set the GARP Hold, Join or Leaver timer value on the current port.

Use the undo garp timer command to restore the default value of the GARP Hold, Join or Leaver timer on the current port.

Syntax garp timer { hold | join | leave } timer-value

undo garp timer { hold | join | leave }

Parameters hold GARP Hold timer. When a GARP entity receives a piece of registration information, it does not send out the Join message immediately. Instead, it starts the Hold timer, and sends out a Join message after the timer times out, so that all the registration information received before the timer times out can be put into the same frame that will be sent to save the bandwidth resources.

join To transmit the Join messages reliably to other entities, a GARP entity sends each Join message two times. The Join timer is used to define the interval between the two sending operations of each Join message.

leave GARP Leave timer. When a GARP entity expects to unregister a piece of attribute information, it sends out a Leave message. Any GARP entity receives this message starts its Leave timer, and unregister the attribute information after the timer times out if it does not receives a Join message again before the timeout.

timer-value Value of the specified GARP timer (Hold, Join or Leave) in centiseconds, with a step size of five. If no values are specified, the default values are 10, 20, and 60 for Hold, Join and Leave timers respectively.

Example Set the timeout time of the GARP Join timer on the port GigabitEthernet1/0/1 to 20 centiseconds.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/1 [S4200G-GigabitEthernet1/0/1] garp timer join 20



3Com Switch 4200G Family garp timer ● 367 Command Reference

Description The ranges of the timers vary depending on the values of other timers. You can set a timer to a value out of the current range by set the associated timer to another value.

The following table describes the relations between the timers:

Related Command display garp timer

Table 82 Relations between the timers

Timer Lower threshold Upper threshold

Hold 10 centiseconds This upper threshold is less than or equal to one-half of the value of the Join timer. You can change the threshold by changing the value of the Join timer.

Join This lower threshold is greater than or equal to twice the value of the Hold timer. You can change the threshold by changing the value of the Hold timer.

This upper threshold is less than one-half of the value of the Leave timer. You can change the threshold by changing the value of the Leave timer.

Leave This lower threshold is greater than twice the value of the Join timer. You can change the threshold by changing the value of the Join timer.

This upper threshold is less than the value of the LeaveAll timer. You can change the threshold by changing the value of the LeaveAll timer.

LeaveAll This lower threshold is greater than the value of the Leave timer. You can change threshold by changing the value of the Leave timer.

32,765 centiseconds

368 ● garp timer leaveall 3Com Switch 4200G Family Command Reference

garp timer leaveall

Purpose Use the garp timer leaveall command to set the GARP LeaveAll timer to a specified value.

Use the undo garp timer leaveall command to restore the default value of the GARP LeaveAll timer.

Syntax garp timer leaveall timer-value

undo garp timer leaveall

Parameters timer-value Value of the GARP LeaveAll timer (in centiseconds). Valid values are 65 to 32,765 seconds, with a step size of five. This value must be greater than the value of the Leave timer. If not specified, the default is 1,000 centiseconds (that is, 10 seconds).

Example Set the value of the GARP LeaveAll timer to 100 centiseconds.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] garp timer leaveall 100


■ System view

Description Once a GARP entity starts up, it starts the LeaveAll timer, and sends out a LeaveALL message after the timer times out, so that other GARP entities can re-register all the attribute information on this entity. After that, the entity restarts the LeaveAll timer to begin a new cycle.

Related Command display garp timer

3Com Switch 4200G Family get ● 369 Command Reference

get

Purpose Use the get command to download a remote file and save the file to the local device.

Syntax get remotefile [ localfile ]

Parameters localfile Name assigned to the file to be saved at the local end.

remotefile Name of the source file on the remote SFTP server.

Example Download file temp1.c and save it with name temp.c.

sftp-client> get temp1.c temp.c



Description If no local file name is specified, the switch will save the remote file locally with the same file name as that on the remote FTP server

370 ● get 3Com Switch 4200G Family Command Reference

get

Purpose Use the get command to download a remote file and save it as a local file.

Syntax get remotefile [ localfile ]

Parameters localfile Local file name.

remotefile File name on the FTP server.



Download the file named temp.c.

[ftp] get temp.c 200 Port command okay.150 Opening ASCII mode data connection for temp.c................226 Transfer complete.FTP: 749881 byte(s) received in 17.186 second(s) 43.00K byte(s)/sec.


■ FTP Client view

Description If you do not specify the localfile argument, the downloaded file is saved using its original name.

3Com Switch 4200G Family gratuitous-arp learning enable ● 371 Command Reference

gratuitous-arp learning enable

Purpose Use the gratuitous-arp-learning enable command to enable the gratuitous ARP packet learning function.

Use the undo gratuitous-arp-learning enable command to disable the gratuitous ARP packet learning function.

Syntax gratuitous-arp-learning enable

undo gratuitous-arp-learning enable

Parameters None

Default By default, the gratuitous ARP packet learning function is enabled.

Example To enable the gratuitous ARP packet learning function on the switch named S4200GA, enter the following:

<S4200GA> system-viewSystem View: return to User View with Ctrl+Z.[S4200GA] gratuitous-arp-learning enable


■ System view

Description When the gratuitous ARP packet learning function is enabled on a switch and the switch receives a gratuitous ARP packet, the switch updates the corresponding ARP entry (if available in the cache of the switch) using the hardware address of the sender carried in the gratuitous ARP packet. A switch operates like this whenever it receives a gratuitous ARP packet.

372 ● gvrp 3Com Switch 4200G Family Command Reference

gvrp

Purpose Use the gvrp command to enable GVRP globally (in system view) or on a port (in Ethernet port view).

Use the undo gvrp command to disable GVRP globally (in system view) or on a port (in Ethernet port view).

Syntax gvrp

undo gvrp

Parameters None

Default By default, GVRP is disabled both globally and on ports.

Example Enable GVRP globally.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] gvrp


■ System view


Description Note:

■ Before enabling GVRP on a port, you must first enable GVRP globally.

■ If GVRP is disabled globally, it is also disabled on ports and you are not allowed to enable it on any port.

■ You can enable/disable GVRP only on Trunk port.

■ After enabling GVRP on the Trunk port, you are not allowed to change the port to a different type.

Related Command display gvrp status

3Com Switch 4200G Family gvrp registration ● 373 Command Reference

gvrp registration

Purpose Use the gvrp registration command to configure the GVRP registration type on a port.

Use the undo gvrp registration command to restore the default GVRP registration type on a port.

Syntax gvrp registration { fixed | forbidden | normal }

undo gvrp registration

Parameters fixed Allows the manual creation and registration of VLAN on the current port, and inhibits the dynamic registration and unregistration of VLAN on the current port.

forbidden Unregisters all the VLANs except VLAN 1 on the current port, and inhibits the creation and registration of any other VLAN on the current port.

normal Allows both manual and dynamic creation, registration, and unregistration of VLANs on the current port.

Default By default, the registration type is normal.

Example Configure the GVRP registration type on the port Ethernet1/0/1 to fixed.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface Ethernet1/0/1 [S4200G-Ethernet1/0/1] gvrp registration fixed



Description These commands can be operated only on Trunk port.

Related Command display gvrp statistics

374 ● habp enable 3Com Switch 4200G Family Command Reference

habp enable

Purpose Use the habp enable command to enable HABP for a switch.

Use the undo habp enable command to disable HABP for a switch.

Syntax habp enable

undo habp enable

Parameters None

Default By default, HABP is enabled on a switch.

Example To enable HABP, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] habp enable


■ System view

Description If an 802.1x-enabled switch does not have HABP enabled, it cannot manage the switches attached to it.

3Com Switch 4200G Family habp server vlan ● 375 Command Reference

habp server vlan

Purpose Use the habp server vlan command to configure a switch to operate as an HABP server and HABP packets to be broadcast in specified VLAN.

Use the undo habp server vlan command to revert to the default HABP mode.

Syntax habp server vlan vlan-id

undo habp server

Parameters vlan-id VLAN ID, ranging from 1 to 4,094.

Default By default, a switch operates as an HABP client.

Example To specify the switch to operate as an HABP server and the HABP packets to be broadcast in VLAN 2, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] habp server vlan 2


■ System view

Description To specify a switch to operate as an HABP server, you need to enable HABP (using the habp enable command) for the switch first. Even if HABP is not enabled, the client can still configure the switch to work as an HABP client, although this has no effect.

376 ● habp timer 3Com Switch 4200G Family Command Reference

habp timer

Purpose Use the habp timer command to set the interval for a switch to send HABP request packets.

Use the undo habp timer command to revert to the default interval.

Syntax habp timer interval

undo habp timer

Parameters interval Interval (in seconds) to send HABP request packets. This argument ranges from 5 to 600 and defaults to 20.

Example To configure the switch to send HABP request packets once in every 50 seconds (assuming that the switch operates as an HABP server), enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] habp timer 50


■ System view

Description Use these two commands on switches operating as HABP servers only.

3Com Switch 4200G Family header ● 377 Command Reference

header

Purpose Use the header command to set the banners that are displayed when a user logs into a switch. The login banner is displayed on the terminal when the connection is established. And the session banner is displayed on the terminal if a user successfully logs in.

Use the undo header command to disable displaying a specific banner or all banners.

Syntax header [ shell | incoming | login ] text

undo header [ shell | incoming | login ]

Parameters login Sets the login banner. The banner set by this keyword is valid only when users are authenticated before they log into the switch and appears while the switch prompts for user name and password.

shell Sets the session banner, which appears after a session is established. If you specify to authenticate login users, the banner appears after a user passes the authentication.

Also sets the login banner for users that log in through modems. If you specify to authenticate login users, the banner appears after a user passes the authentication. (The session does not appear in this case.)

text Banner to be displayed. If no keyword is specified, this argument is the login banner. You can provide this argument in two ways. One is to enter the banner in the same line as the command (A command line can accept up to 256 characters.) The other is to enter the banner in multiple lines (you can start a new line by pressing <Enter>,) where you can enter a banner that can contain more than 256 characters. Note that the CLI expects a character the same as the first character of the banner as the end of the banner. After finishing entering the banner, you can press <Enter> to exit the interaction.

Example Set the session banner.

Option 1: Enter the banner in the same line as the command.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] header shell %SHELL: Hello! Welcome%(Make sure the beginning and end characters of the banner are the same.)

When you log in again, the session banner appears on the terminal as the following:

378 ● header 3Com Switch 4200G Family Command Reference

[S4200G] quit<S4200G> quitPlease press ENTERSHELL: Hello! Welcome(The beginning and end characters of the banner are not displayed.)<Quidway>

Option 2: Enter the banner in new lines.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] header shell %SHELL: (Following appears when you press <Enter>:)Input banner text, and quit with the character '%'.

Continue entering the banner and end the banner with the character identical with the beginning character of the banner.

Hello! Welcome % (Press <Enter>.)[S4200G]

When you log in again, the session banner appears on the terminal as the following:

[S4200G] quit<S4200G> quitPlease press ENTER%SHELL: (Note that the beginning character of the banner appears.)Hello! Welcome <S4200G>purpose_body


■ System view

Description Note:

If you specify any one of the three keywords without providing the text argument, the specified keyword will be regarded as the login banner.

As for the beginning character of a banner, note that:

■ If you only type one character in the first line of a banner, the character is regarded as the beginning mark and is not displayed.

■ If you type multiple characters in the first line of a banner and the beginning and the end characters of the banner in this line are not the same, the character is displayed.

■ If you type multiple characters in the first line for the banner and the beginning and the end character are the same, the beginning character is not displayed.

3Com Switch 4200G Family help ● 379 Command Reference

help

Purpose Use the help command to get the help information about the specified or all SFTP client commands.

Syntax help [ command ]

Parameters command Specifies the name of a command.

Example Display the help information about the get command.

sftp-client> help getget remote-path [local-path] Download fileDefault local-path is the same with remote-path



Description If the command argument is not specified, the help information about all commands is displayed.

380 ● history-command max-size 3Com Switch 4200G Family Command Reference

history-command max-size

Purpose Use the history-command max-size command to set the size of the history command buffer.

Use the undo history-command max-size command to revert to the default history command buffer size.

Syntax history-command max-size value

undo history-command max-size

Parameters value Size of the history command buffer. Valid values for this argument range from 0 to 256. If no value is specified, the default to 10. That is, the history command buffer can store 10 commands by default.

Example Set the size of the history command buffer to 20 to enable it to store up to 20 commands.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] user-interface aux0[S4200G-ui-aux0] history-command max-size 20



3Com Switch 4200G Family holdtime ● 381 Command Reference

holdtime

Purpose Use the holdtime command to configure the holdtime of a switch.

Use the undo holdtime command to restore the default holdtime value.

Syntax holdtime seconds

undo holdtime

Parameters seconds Holdtime (in seconds) ranging from 1 to 255. If not specified, the default holdtime is 60 seconds.

Example Set the holdtime to 30 seconds.

<aaa_0.S4200G>system-viewSystem View: return to User View with Ctrl+Z.[aaa_0.S4200G]cluster[aaa_0.S4200G-cluster] holdtime 30


■ Cluster view

Description If a switch does not receive any information of a peer device during the holdtime, it sets the state of the peer device to "down". When the communication between the two resumes, the corresponding member device is re-added to the cluster (automatically). If the downtime does not exceed the holdtime, the member device stays in the normal state and needs not to be added again.

Execute these two commands on management devices only. The member devices in a cluster acquire the holdtime setting from the management device.

382 ● idle-cut 3Com Switch 4200G Family Command Reference

idle-cut

Purpose Use the idle-cut command to set the user idle-cut function in current ISP domain.

Syntax idle-cut { disable | enable minute flow }

Parameters disable Inhibits users from enabling the idle-cut function.

enable Allows users to enable the idle-cut function.

minute Specifies the maximum idle time. Valid values are 1 to 120 minutes.

flow Specifies the minimum data flow. Valid values are 1 to 10,240,000 bytes.


Example To allow users in ISP domain aabbcc.net to enable the idle-cut attribute in user template (that is, allow the user to use the idle-cut function), with the maximum idle time of 50 minutes and the minimum data flow of 500 bytes, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] domain aabbcc.netNew Domain added.[S4200G-isp-aabbcc.net] idle-cut enable 50 500


■ ISP Domain view

Description The user template is a set of default user attributes. If a user requesting for the network service does not have some required attributes, the corresponding attributes in the template will be endeavored to him as default ones. The user template of the Switch you are using may only provide user idle-cut settings. After a user is authenticated, if the idle-cut is configured to enable or disable by neither the user nor the RADIUS server, the user will adopt the idle-cut state in the template.

Because a user template only works in one ISP domain, it is necessary to configure user template attributes for users from different ISP domain respectively.

Related Command domain

3Com Switch 4200G Family idle-timeout ● 383 Command Reference

idle-timeout

Purpose Use the idle-timeout command to configure the amount of time you want to allow a user interface to remain idle before it is disconnected.

Use the undo idle-timeout command to revert to the default timeout time.

Syntax idle-timeout minutes [ seconds ]

undo idle-timeout

Parameters minutes Specifies the number of minutes you want to allow a user interface to remain idle before it is disconnected. Valid values are 0 to 35,791. If not specified, the default is 10 minutes.

seconds Specifies the number of seconds in addition to the number of minutes. Valid values are 0 to 59. This parameter is optional.

Example To configure the timeout value to 1 minute on the AUX user interface, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]user-interface aux 0[S4200G-ui-aux0]idle-timeout 1 0



Description The connection to a user interface is terminated if no operation is performed in the user interface within the specified period.

You can use the idle-timeout 0 command to disable the timeout function.

384 ● igmp host-join vlan 3Com Switch 4200G Family Command Reference

igmp host-join vlan

Purpose Use the igmp host-join vlan command to configure a routing port to join to a multicast group.

Use the undo igmp host-join vlan command to remove the configuration.

Syntax igmp host-join group-address vlan vlan-id

undo igmp host-join group-address vlan vlan-id

Parameters group-address Address of the target multicast group

Default By default, a switch port does not belong to any multicast group.

Example Configure GigabitEthernet 1/0/1 port to join to the multicast group 225.0.0.1.

<S4200G> system-view[S4200G] interface GigabitEthernet 1/0/1[S4200G-GigabitEthernet1/0/1] port access vlan 10[S4200G-GigabitEthernet1/0/1] igmp host-join 225.0.0.1 vlan 10



Description Use this command to configure a routing port to join or remove from a multicast group.

Related Command igmp group-policy

3Com Switch 4200G Family igmp-snooping ● 385 Command Reference

igmp-snooping

Purpose Use the igmp-snooping command to enable or disable the IGMP Snooping.

Syntax igmp-snooping { enable | disable }

Parameters enable Enables IGMP Snooping.

disable Disables IGMP Snooping.

Default By default, IGMP Snooping is disabled on the switch.

Example Enable IGMP Snooping on the switch.

<4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] igmp-snooping enable


■ System view

■ VLAN view

386 ● igmp-snooping fast-leave 3Com Switch 4200G Family Command Reference

igmp-snooping fast-leave

Purpose Use the igmp-snooping fast-leave command to enable IGMP fast leave processing.

Use the undo igmp-snooping fast-leave command to cancel the configuration.

Syntax igmp-snooping fast-leave

undo igmp-snooping fast-leave

Parameters None

Default By default, IGMP fast leave processing is disabled.

Example Enable IGMP fast leave processing on the GigabitEthernet1/0/1 port.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet 1/0/1[S4200G-GigabitEthernet1/0/1] igmp-snooping fast-leave



Description Normally, when receiving an IGMP Leave message, IGMP Snooping does not immediately remove the port from the multicast group, but sends a group-specific query message. If no response is received in a given period, it then removes the port from the multicast group.

If this command is executed, when receiving an IGMP Leave message, IGMP Snooping removes the port from the multicast group immediately. When the port has only one user, enabling IGMP fast leave processing can save bandwidth.

Note: If the client(s) under the port are IGMP V2–enabled, this feature operates normally (that is, it functions only when the port has only one user). Otherwise, when the port has multiple users, the leave of one user may disrupt the multicast to every other user under the port in the same multicast group.

3Com Switch 4200G Family igmp-snooping group-limit ● 387 Command Reference

igmp-snooping group-limit

Purpose Use the igmp-snooping group-limit command to set the maximum number of multicast groups the port can join.

Use the undo igmp-snooping group-limit command to restore the default setting.

Syntax igmp-snooping group-limit [ vlan vlan-list | overflow-replace ]

undo igmp-snooping group-limit [ vlan vlan-list ]

Parameters limit Maximum number of multicast groups the port can join. Valid values are 1 to 256.

overflow-replace Allows new multicast groups to replace existing multicast groups in this order: the multicast group with the least IP address will be replaced first.

vlan-list VLAN list, in the format of { vlan-id [ to vlan-id ] }&<1-10>, where vlan-id ranges from 1 to 4,094, and &<1-10> represents you can input at most 10 VLAN IDs/ VLAN ID ranges.

Default By default, there is no limit on the number of multicast groups the port can join.

Example Allow the GigabitEthernet1/0/1 port to join at most 200 multicast groups.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet 1/0/1[S4200G-GigabitEthernet1/0/1] igmp-snooping group-limit 200



388 ● igmp-snooping group-policy 3Com Switch 4200G Family Command Reference

igmp-snooping group-policy

Purpose Use the igmp-snooping group-policy command to configure an IGMP Snooping filter ACL.

Use the undo igmp-snooping group-policy command to remove the IGMP Snooping filter ACL.

Syntax igmp-snooping group-policy acl-number vlan vlan-id

undo igmp-snooping group-policy vlan vlan-id

Parameters acl-number Basic ACL number, in the range of 2000 to 2999.

vlan-id ID of the VLAN for the Ethernet port, in the range of 1 to 4094.

Default By default, no IGMP Snooping filter ACL is configured on the switch.

Example Configure ACL 2000 to allow users under port Ethernet 1/0/1 to access the multicast streams in groups 225.0.0.0 to 225.255.255.255.

■ Configure ACL 2000.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] acl number 2000[S4200G-acl-basic-2000] rule permit source 225.0.0.0 0.255.255.255

■ Create VLAN 2 and add GigabitEthernet 1/0/1 port to VLAN 2.

[S4200G] vlan 2[S4200G-vlan2] port GigabitEthernet 1/0/1

■ Configure ACL 2000 on the GigabitEthernet 1/0/1 port to allow this VLAN 2 port to join only the IGMP multicast groups defined in the rule of ACL 2000.

[S4200G] interface GigabitEthernet 1/0/1[S4200G-GigabitEthernet1/0/1] igmp-snooping group-policy 2000 vlan 2

Configure ACL 2001 to allow users under GigabitEthernet 1/0/2 port to access the multicast streams in any groups except groups 225.0.0.0 to 225.0.0.255.

■ Configure ACL 2001.

[S4200G] acl number 2001[S4200G-acl-basic-2001] rule deny source 225.0.0.0 0.0.0.255[S4200G-acl-basic-2001] rule permit source any

■ Create VLAN 2 and add GigabitEthernet 1/0/2 port to VLAN 2.

[S4200G] vlan 2[S4200G-vlan2] port GigabitEthernet 1/0/2

■ Configure ACL 2001 on the GigabitEthernet 1/0/2 port to allow this VLAN 2 port to join any IGMP multicast groups except those defined in the deny rule of ACL 2001.

3Com Switch 4200G Family igmp-snooping group-policy ● 389 Command Reference

[S4200G] interface GigabitEthernet 1/0/2[S4200G-GigabitEthernet1/0/2] igmp-snooping group-policy 2001 vlan 2


■ System view


Description You can configure some multicast filter ACLs globally or on the switch ports connected to user ends so as to use the IGMP Snooping filter function to limit the multicast programs that the users can access. With this function, you can treat different VoD users in different ways by allowing them to access the multicast streams in different multicast groups.

In practice, when a user orders a multicast program, an IGMP report message is generated. When the message arrives at the switch, the switch examines the multicast filter ACL configured on the access port to determine if the port can join the corresponding multicast group or not. If yes, it adds the port to the forward port list of the multicast group. If not, it drops the IGMP report message and does not forward the corresponding data stream to the port. In this way, you can control the multicast programs that users can access.

An ACL rule defines a multicast address or a multicast address range (for example 224.0.0.1 to 239.255.255.255) and is used to:

■ Allow the port(s) to join only the multicast group(s) defined in the rule by a permit statement.

■ Inhibit the port(s) from joining the multicast group(s) defined in the rule by a deny statement.

■ One port can belong to multiple VLANs. But for each VLAN on the port, you can configure only one ACL.

■ If no ACL rule is configured or the port does not belong to the specified VLAN, the filter ACL you configured does not take effect on the port.

■ Since most devices broadcast unknown multicast packets, this function is often used together with the unknown multicast packet drop function to prevent multicast streams from being broadcasted to a filtered port as unknown multicast.

390 ● igmp-snooping host-aging-time 3Com Switch 4200G Family Command Reference

igmp-snooping host-aging-time

Purpose Use the igmp-snooping host-aging-time command to set the aging time of multicast member ports.

Use the undo igmp-snooping host-aging-time command to restore the default aging time.

Syntax igmp-snooping host-aging-time seconds

undo igmp-snooping host-aging-time

Parameters seconds Aging time of multicast member ports. Valid values are 200 to 1000 (in seconds).

Default By default, the aging time of multicast member ports is 260 seconds.

Example Set the aging time of multicast member ports to 300 seconds.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] igmp-snooping host-aging-time 300


■ System view

Description The aging time of multicast member ports determines the refresh frequency of multicast group members. In an environment where multicast group members change frequently, you should set a relatively short aging time, and vice versa.


3Com Switch 4200G Family igmp-snooping max-response-time ● 391 Command Reference

igmp-snooping max-response-time

Purpose Use the igmp-snooping max-response-time command to configure the maximum query response time.

Use the undo igmp-snooping max-response-time command to restore the default maximum time.

Syntax igmp-snooping max-response-time seconds

undo igmp-snooping max-response-time

Parameters seconds Maximum query response time. Valid values are 1 to 25 (in seconds).

Default By default, the maximum query response time is 10 seconds.

Example Set the maximum response time to an IGMP Snooping query message to 15 seconds.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] igmp-snooping max-response-time 15


■ System view

Description The maximum response time you configured determines how long the switch can wait for a response to an IGMP Snooping query message.

Related Commands ■ igmp-snooping

■ igmp-snooping router-aging-time

392 ● igmp-snooping router-aging-time 3Com Switch 4200G Family Command Reference

igmp-snooping router-aging-time

Purpose Use the igmp-snooping router-aging-time command to configure the aging time of the router port.

Use the undo igmp-snooping router-aging-time command to restore the default aging time.

Syntax igmp-snooping router-aging-time seconds

undo igmp-snooping router-aging-time

Parameters seconds Aging time of the router port. Valid values are 1 to 1000 (in seconds).

Default By default, the aging time of the router port is 260 seconds.

Example Set the aging time of the router port to 500 seconds.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] igmp-snooping router-aging-time 500


■ System view

Description The router port here refers to the port connecting the Layer 2 switch to the router. The Layer 2 switch receives IGMP general query messages from the router through this port. The aging time of the router port should be a value about 2.5 times of the general query interval.

Related Commands ■ igmp-snooping

■ igmp-snooping max-response-time

3Com Switch 4200G Family info-center channel name ● 393 Command Reference

info-center channel name

Purpose Use the info-center channel name command to name the channel of the specified number.

Syntax info-center channel channel-number name channel-name


channel-name Channel name. Valid values are a character string not exceeding 30 characters, excluding "-", "/" or "\".

Example Rename channel 0 as execconsole.

<S4200G> system-view[S4200G] info-center channel 0 name execconsole


■ System view

Description Note: The channel name cannot be duplicated.

394 ● info-center console channel 3Com Switch 4200G Family Command Reference

info-center console channel

Purpose Use the info-center console channel command to enable information output to the console through a specified channel.

Use the undo info-center console channel command to disable the information output.

Syntax info-center console channel { channel-number | channel-name }

undo info-center console channel


channel-name Channel name. The name can be channel6, channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, or trapbuffer.

Default By default, the switch does not output log information to the console.

Example Configure channel 0 to output log information to the console.

<S4200G> system-view[S4200G] info-center console channel 0


■ System view

Description This command works only when the information center is enabled for the system.

Related Command ■ display info-center

■ info-center enable

3Com Switch 4200G Family info-center enable ● 395 Command Reference

info-center enable

Purpose Use the info-center enable command to enable the information center.

Use the undo info-center enable command to disable the information center.

Syntax info-center enable

undo info-center enable

Parameters None

Default By default, the information center is enabled.

Example Enable the information center.

<S4200G> system-view[S4200G] info-center enable


■ System view

Description The switch can output system log information to the log host, the console, and other destinations only when the information center is enabled.

Related Commands ■ display info-center

■ info-center console channel

■ info-center logbuffer

■ info-center monitor channel

396 ● info-center logbuffer 3Com Switch 4200G Family Command Reference

info-center logbuffer

Purpose Use the info-center logbuffer command to enable information output to the log buffer through the specified channel (you can also set the size of the log buffer in this command).

Use the undo info-center logbuffer command to disable the information output.

Syntax info-center logbuffer [ channel { channel-number | channel-name } | [size buffersize ]

undo info-center logbuffer [ channel | size ]

Parameters channel Sets the channel through which output information goes to the memory buffer.

channel-number Channel number, ranging from 0 to 9, corresponding to the 10 channels of the system.

channel-name Channel name, which can be channel6, channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent or trapbuffer.

size Configures the size of buffer.

buffersize Size of the memory buffer, represented by the number of messages it holds. This argument ranges from 0 to 1024 and defaults to 512.

Default By default, the switch outputs information to the log buffer, which holds 512 records by default.

Example Configure the switch to output information to the log buffer with the size of 50.

<S4200G> system-view[S4200G] info-center logbuffer size 50


■ System view

Description This command takes effect only after system logging is enabled.

Related Command ■ info-center enable

■ display info-center

3Com Switch 4200G Family info-center monitor channel ● 397 Command Reference

info-center monitor channel

Purpose Use the info-center monitor channel command to enable information output to terminals through a specified channel.

Use undo info-center monitor channel command to disable the information output.

Syntax info-center monitor channel { channel-number | channel-name }

undo info-center monitor channel


channel-name Channel name. Valid values are channel6, channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, and trapbuffer.

Default By default, switches do not output log information to user terminal.

Example Set channel 0 to send log information to user terminal.

<S4200G> system-view[S4200G] info-center monitor channel 0


■ System view

Description This command works only when the information center is enabled for the system



398 ● info-center snmp channel 3Com Switch 4200G Family Command Reference

info-center snmp channel

Purpose Use the info-center snmp channel command to enable information output to the SNMP through a specified channel.

Use undo info-center snmp channel command to restore the default SNMP channel, that is, channel 5.

Syntax info-center snmp channel { channel-number | channel-name }

undo info-center snmp channel


channel-name Channel name. Valid values are channel6, channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, and trapbuffer.

Example Set channel 6 as the SNMP information channel.

<S4200G> system-view[S4200G] info-center snmp channel 6


■ System view

Related Command ■ snmp-agent

■ display info-center

3Com Switch 4200G Family info-center source ● 399 Command Reference

info-center source

Purpose Use the info-center source command to add a record (that is, an information source) to an information channel.

Use the undo info-center source command to delete an information source from an information channel.

Syntax info-center source { modu-name | default } channel { channel-number | channel-name } [ debug { level severity | state state }* | log { level severity | state state }* | trap { level severity | state state } ] *

undo info-center source { modu-name | default } channel { channel-number | channel-name }

Parameters modu-name Module name. See Table 83.

default All the modules.

log Specifies to output log information.

trap Specifies to output trap information.

debugging Specifies to output debug information.

level Specifies an information severity level.

severity Information severity level. The information with severity level greater than this level will not be output.

If not specified, the default log information level is warnings; the default trap information level is debugging; and the default debugging information level is debugging.

Note: If you only specify the level for one or two of the three types of information, the level(s) of the unspecified type(s) return to the default. For example, if you only define the level of the log information, then the levels of the trap and debugging information return to the defaults.

You may specify any of the following severity levels:

emergencies

Level 1 information, which cannot be used by the system.

alerts

Level 2 information, to be reacted immediately.

critical

Level 3 information, critical information.

errors

Level 4 information, error information.

warnings

level 5 information, warning information.

notifications

400 ● info-center source 3Com Switch 4200G Family Command Reference

Level 6 information, showed normally and important.

informational

Level 7 information, notice to be recorded.

debugging

Level 8 information, generated during the debugging progress.

channel-number Channel number to be set.

channel-name Channel name to be set. Valid values are channel6, channel7, channel8, channel9, console, logbuffer, loghost, monitor, snmpagent, and trapbuffer.

state Set the state of the information.

state Specify the state as on or off.

By default, the log information level is warnings, the trap information level is debugging, the debugging information level is debugging.

Table 83 Module names in logging information

Module name Description

8021X 802.1X module

ACL Access control list module

AM Access management module

ARP Address resolution protocol module

CFAX Configuration proxy module

CFG Configuration management platform module

CFM Configuration file management module

CMD Command line module

COMMONSY Common system MIB module

DEV Device management module

DHCC DHCP Client module

DHCP Dynamic host configuration protocol module

DRV Driver module

DRV_MNT Driver maintenance module

ESP End-station polling module

ETH Ethernet module

FIB Forwarding module

FTM Fabric topology management module

FTMCMD Fabric topology management command line module

FTPS FTP server module

HA High availability module

HTTPD HTTP server module

IFNET Interface management module

IGSP IGMP snooping module

IP IP module

IPC Inter-process communication module

IPMC IP multicast module

L2INF Interface management module

3Com Switch 4200G Family info-center source ● 401 Command Reference

Example Configure to output the log information of the VLAN module on the snmp channel, and only output the log information above the "emergencies" severity.

<S4200G> system-view[S4200G] info-center source vlan channel snmpagent log level emergencies


■ System view

Description This command can be used for filtering of log, trap, or debug information. For example, it can control log output from the IP module to any direction. You can configure IP module log information above the "warning" severity to be output to the log host, and those above the "informational" severity output to the log buffer. You can also configure IP module trap information to be output to a specific trap host.

LACL LANswitch ACL module

LQOS LANswitch QoS module

LS Local server module

MPM Multicast port management module

NTP Network time protocol module

PPRDT Protocol packet redirection module

PTVL Driver port, VLAN (Port & VLAN) module

QACL QoS/ACL module

QOSF Qos profile module

RDS Radius module

RM Routing management

RMON Remote monitor module

RSA Revest, shamir and adleman encryption system

RTPRO Routing protocol

SHELL User interface

SNMP Simple network management protocol

SOCKET Socket

SSH Secure shell module

STP Spanning tree protocol module

SYSMIB System MIB module

TELNET Telnet module

UDPH UDP helper module

VFS Virtual file system module

VTY Virtual type terminal module

WCN Web management module

XM XModem module

Table 83 Module names in logging information (continued)

Module name Description

402 ● info-center source 3Com Switch 4200G Family Command Reference

In addition, you can use this command to specify the filtering channel for each output direction. Information is sent to the proper direction after being filtered through the specified channel. Therefore, in this command, you can set the channel to be used for an output direction and the filter of the channel for information filtering and redirection.

Each output direction is assigned with a default information channel at present, shown as follows:

Each information channel is configured with a default record, whose module name is "all" and module number is 0xffff0000. In the record, the default settings for log, trap and debug information may differ with channels. If no record is configured for a channel, this default record is adopted.

Table 84 Information channel in each output direction by default

Output direction Information channel name

Console console

Monitor terminal monitor

Log buffer logbuffer

Trap buffer trapbuffer

snmp snmpagent

3Com Switch 4200G Family info-center synchronous ● 403 Command Reference

info-center synchronous

Purpose Use the info-center synchronous command to enable synchronous terminal output.

Use the undo info-center synchronous command to disable synchronous terminal output.

Syntax info-center synchronous

undo info-center synchronous

Parameters None

Default By default, the synchronous terminal output function is disabled.

Example Enable synchronous terminal output.

<S4200G> system-view[S4200G]info-center synchronous Current IC terminal output sync is on


■ System view

Description Use the info-center synchronous command to enable synchronous terminal output, so that if system information (such as log information) is output when the user is inputting, the command prompt and input information are echoed after the output (note that, the command prompt is echoed in command edit state but is not echoed in interactive state).

While enabled, the synchronous information output function allows the system to display command line prompts and users’ input so far after each system output, helping users continue with their input.

Note:

■ Use the info-center synchronous command to prevent users’ input from being interrupted by system output and to realize synchronous information output.

■ It is recommended that you disable this function during debugging, as the info-center synchronous command produces unnecessary output by displaying command line prompts after each piece of debugging information.

404 ● info-center timestamp 3Com Switch 4200G Family Command Reference

info-center timestamp

Purpose Use the info-center timestamp command to set the format of time stamp included in the log/trap/debug information or specify not to include time stamp in the information.

Use the undo info-center timestamp command to restore the default time stamp format.

Syntax info-center timestamp { log | trap | debugging } { boot | date | none }

undo info-center timestamp { log | trap | debugging }

Parameters log Specifies log information.

trap Specifies trap information.

debugging Specifies debug information.

boot Specifies to adopt the time elapsed since system boot, which is in the format of "xxxxxx.yyyyyy", where xxxxxx is the high 32 bits and yyyyyy the low 32 bits of the elapsed milliseconds.

date Specifies to adopt the current system date and time, which is in format "yyyy/mm/dd-hh:mm:ss" for Chinese environment and "mm/dd/yyyy-hh:mm:ss" for English environment.

None Specifies not to include time stamp in specified output information.

Default By default, the date time stamp is adopted for all types of information.

Example Set the boot time stamp for debug information.

<S4200G> system-view[S4200G] info-center timestamp debugging boot


■ System view

3Com Switch 4200G Family info-center trapbuffer ● 405 Command Reference

info-center trapbuffer

Purpose Use the info-center trapbuffer command to enable information output to the trap buffer.

Use the undo info-center trapbuffer command to disable information output to the trap buffer.

Syntax info-center trapbuffer [ size buffersize ][ channel { channel-number | channel-name } ]

undo info-center trapbuffer [ channel | size ]

Parameters size Sets the size of the trap buffer.

buffersize Size of the trap buffer, represented by the number of messages it holds, ranging from 0 to 1024 and defaulting to 256.

channel Sets the channel through which information is sent to the trap buffer.

channel-number Channel number, ranging from 0 to 9, corresponding to the 10 channels of the system.

channel-name Channel name.

Example Enable the switch to send information to the trap buffer, whose size is set to 30.

<S4200G> system-view[S4200G] info-center trapbuffer size 30


■ System view

Description This command takes effect only after system logging is enabled.



406 ● instance 3Com Switch 4200G Family Command Reference

instance

Purpose Use the instance command to map specified VLANs to a specified spanning tree instance.

Use the undo instance command to remove the mappings from specified VLANs to a specified spanning tree instance.

Syntax instance instance-id vlan vlan-list

undo instance instance-id [ vlan vlan-list ]

Parameters instance-id Specifies the ID of a spanning tree instance. Valid values are 0 to 16. A value of 0 specifies the CIST.

vlan-list Specifies the list of VLANs. You must provide this argument in the form:

vlan-list = { vlan-id [ to vlan-id ] }&<1-10>

&<1-10> means that you can provide up to 10 VLAN IDs/VLAN ID lists for this argument. Normally, a VLAN ID can be a number ranging from 1 to 4094. VLANs with their IDs beyond this range (if the switch supports this kind VLAN IDs), such as VLAN 4095 and VLAN 4096, can only be mapped to the CIST (spanning tree instance 0).

Default By default, all VLANs are mapped to the CIST.

Example To map VLAN 2 to spanning tree instance 1, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp region-configuration [S4200G-mst-region] instance 1 vlan 2


■ MST Region view

Description VLAN-to-spanning tree instance mappings are recorded in the VLAN mapping table of an MSTP switch. So these two commands are actually used to manipulate the VLAN mapping table. You can add/remove a VLAN to/from the VLAN mapping table of a specific spanning tree instance by using these two commands.

Note that a VLAN cannot be mapped to multiple spanning tree instances at the same time. A VLAN-to-spanning tree instance mapping is automatically removed if you map the VLAN to another spanning tree instance.

3Com Switch 4200G Family instance ● 407 Command Reference

Related Commands ■ active region-configuration

■ check region-configuration

■ region-name

■ revision-level


408 ● interface 3Com Switch 4200G Family Command Reference

interface

Purpose Use the command interface command to enter Ethernet port view. To configure parameters for a port, you must enter the port view first.

Syntax interface interface-type interface-number

interface-type Specifies the port (interface) type. The interface type can be either Aux, Ethernet, GigabitEthernet , NULL, Vlan-interface.

interface-number Specifies the port (interface) number in the format unit-number/0/port-number.

Specifies the unit number. Valid values are 1 to 8.

Specifies the port number. Valid values are 1 to 28 or 1 to 52, depending on the number of ports you have on your unit.

Example Enter GigabitEthernet1/0/1 port view.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]interface GigabitEthernet1/0/1


■ System view

3Com Switch 4200G Family interface VLAN-interface ● 409 Command Reference

interface VLAN-interface

Purpose Use the interface vlan-interface command to create a management VLAN interface and enter management VLAN interface view.

Use the undo interface vlan-interface command to remove the management VLAN interface.

Syntax interface vlan-interface vlan-id

undo interface vlan-interface vlan-id

Parameters vlan-id The ID of the management VLAN interface you want to configure. Valid values are 1 to 4094. If not specified, the default is VLAN1, which cannot be deleted.

Example Create VLAN 10 and configure it to be the management VLAN. Enter VLAN 10 interface view.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] vlan 10[S4200G-vlan10] quit[S4200G] management-vlan 10[S4200G] interface vlan-interface 10[S4200G-Vlan-interface10]


■ System view

Description Before creating a management VLAN interface, make sure the VLAN identified by the vlan-id argument is created and is configured to be the management VLAN.

Note:

To configure the management VLAN of a switch operating as a cluster management device to be a cluster management VLAN (using the management-vlan vlan-id command) successfully, make sure the vlan-id argument provided in the management-vlan vlan-id command is consistent with that of the management VLAN.

Related Command display interface VLAN-interface

410 ● ip address 3Com Switch 4200G Family Command Reference

ip address

Purpose Use the ip address command to assign an IP address (and mask) to a management VLAN interface.

Use the undo ip address command to remove the IP address assigned to a management VLAN interface.

Syntax ip address ip-address net-mask

undo ip address [ ip-address netmask ]

Parameters ip-address Specifies the IP address to be assigned to the management VLAN interface. If not specified, the default IP address is Null.

net-mask Specifies the mask of the IP address to be assigned to the management VLAN interface.

Example Assign an IP address (and the mask) to the management VLAN interface. (Assume that VLAN 1 is the management VLAN.)

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface vlan-interface 1[S4200G-Vlan-interface1] ip address 1.1.1.1 255.0.0.0



Description Usually, only one IP address is required for each interface. If you want to connect the interface to several subnets, you can configure an IP addresses for each subnet.

Before you can cancel the primary IP address of an interface, you must cancel any secondary IP addresses.

The subnet address of an IP address can be identified by subnet mask. For instance, the IP address of an interface is 202.38.10.102, and the mask is 255.255.0.0. You can confirm that the subnet address is 202.38.0.0 by performing the logic operation “AND” on the IP address and mask.

Note: The VLAN interface cannot be configured with the secondary IP address if its IP address is set to be allocated by BOOTP or DHCP.

Related Command display interface VLAN-interface

3Com Switch 4200G Family ip address bootp-alloc ● 411 Command Reference

ip address bootp-alloc

Purpose Use the ip address bootp-alloc command to configure VLAN interface to obtain IP address using BOOTP.

Use the undo ip address bootp-alloc command to cancel the configuration.

Syntax ip address bootp-alloc

undo ip address bootp-alloc

Parameters None

Default By default, the VLAN interface does not use BOOTP to obtain an IP address.

Example Configure the management VLAN interface to obtain an IP address through BOOTP. (Assume that VLAN 1 is the management VLAN.):

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface vlan-interface 1[S4200G-Vlan-interface1] ip address bootp-alloc



Related Command display bootp client

412 ● ip address dhcp-alloc 3Com Switch 4200G Family Command Reference

ip address dhcp-alloc

Purpose Use the ip address dhcp-alloc command to configure VLAN interface to obtain an IP address using DHCP.

Use the undo ip address dhcp-alloc command to cancel the configuration.

Syntax ip address dhcp-alloc

undo ip address dhcp-alloc

Parameters None

Default By default, the VLAN interface does not use DHCP to obtain an IP address.

Example Configure the management VLAN interface to obtain an IP address through DHCP. (Assume that VLAN 1 is the management VLAN.)

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface vlan-interface 1[S4200G-Vlan-interface1] ip address dhcp-alloc



3Com Switch 4200G Family ip host ● 413 Command Reference

ip host

Purpose Use the ip host command to configure a host name and the corresponding IP address for a switch.

Use the undo ip host command to remove the host name and the corresponding IP address of a switch.

Syntax ip host hostname ip-address

undo ip host hostname [ ip-address ]

Parameters hostname Specifies the host name of the connecting device, which may be up to 20 characters long. The character string can include letters, numbers, "_", and ",", and must contain at least one letter. If not specified, the default host name is Null.

ip-address Specifies the host’s IP address, in dotted decimal notation. If not specified, the default IP address is Null.

Example Configure the host name and the corresponding IP address of a switch to be Lanswitch2 and 10.110.0.2

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ip host Lanswitch2 10.110.0.2


■ System view

Related Command display ip host

414 ● ip http acl 3Com Switch 4200G Family Command Reference

ip http acl

Purpose Use the ip http acl command to apply an ACL to filter Web users.

Use the undo ip http acl command to disable the switch from filtering Web users using the ACL.

Syntax ip http acl acl-number

undo ip http acl

Parameters acl-number Specifies a basic ACL. Valid values are a number from 2000 to 2999.

Example Apply ACL 2000 to filter Web users (assuming that ACL 2,000 already exists.)

<S4200G> system-view[S4200G] ip http acl 2000


■ System view


3Com Switch 4200G Family ip-pool ● 415 Command Reference

ip-pool

Purpose Use the ip-pool command to configure a private IP address range for cluster members on the switch to be set as the management device.

Use the undo ip-pool command to cancel the IP address configurations of the cluster.

Syntax ip-pool administrator-ip-address { ip-mask | ip-mask-length }

undo ip-pool

Parameters administrator-ip- address IP address of the management device of a cluster.

ip-mask Mask of the cluster IP address pool.

ip-mask-length Mask length of the cluster IP address pool.

Example Configure the IP address range of a cluster.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]cluster[S4200G-cluster] ip-pool 10.200.0.1 20


■ Cluster view

Description Before setting up a cluster, the user should configure a private IP address pool for cluster member devices. When a candidate device is added, the management device will dynamically assign a private IP address, which can be used for communication inside the cluster. In this way, the user can use the management device to manage and maintain the member devices.

The commands can only be executed on a non-cluster-member switch. The IP address range of an existing cluster cannot be modified.

416 ● ip route-static 3Com Switch 4200G Family Command Reference

ip route-static

Purpose Use the ip route-static command to configure a static route.

Use the ip route-static command to configure a static route, whose validity depends on detecting results as follows: valid when the detecting result is reachable or invalid when the detecting result is unreachable.

Use the undo ip route-static command to remove an existing static route.

Syntax ip route-static ip-address { mask | mask-length } { null null-interface-number | gateway-address } [ preference preference-value ] [ reject | blackhole ] description text ]

undo ip route-static ip-address { mask | mask-length } { null null-interface-number | gateway-address } [ preference preference-value ]

Parameters ip-address Destination IP address in dotted decimal notation.

mask IP address mask.

mask-length Mask length, consisting of an integer from 0 to 32.

null null-interface-number Specifies a null interface. A null interface is a virtual interface. Packets destined for a null interface is discarded. Null interface helps to reduce system load.

gateway-address IP address of the next hop of this route, in dotted decimal notation.

preference-value Preference value of the route. Valid values are 1 to 255.

reject Specifies the route to be an unreachable route.

blackhole Specifies the route to be a blackhole route.

description text Specifies a descriptive string for the static route. The text argument is a string comprised of 1 to 60 characters.

Default By default, the system can obtain the routes to the subnets directly connected to a router.

Example Configure the next hop of the default route to be 129.102.0.2.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ip route-static 0.0.0.0 0.0.0.0 129.102.0.2


3Com Switch 4200G Family ip route-static ● 417 Command Reference

■ System view

Description If you do not specify the preference when configuring a static route, the value specified by the ip route-static default-preference command (which defaults to 60) is adopted. Note that routes with the same destinations, the same next hops, but different preferences are different routes. Among these routes, the one with least preference (which means the highest preference) is chosen to be the current route. A route configured using the ip route-static command is a reachable route if neither of the reject and blackhole keywords is specified.

Note the following when configuring a static route:

■ The next hop address of a static route cannot be the VLAN interface address of the local switch.

■ A static route with both its destination IP address and mask both being 0.0.0.0 is the default route. When no matched entry is found in the routing table, a received packet is forwarded according to the default route.

Related Command ■ display ip routing-table

■ ip route-static default-preference

418 ● ip route-static 3Com Switch 4200G Family Command Reference

ip route-static

Purpose Use the ip route-static command to configure a static route, whose validity depends on detecting results as follows: valid when the detecting result is reachable or invalid when the detecting result is unreachable.

Use the undo ip route-static command to remove the configured static route.

Syntax ip route-static ip-address { mask | mask-length } [ interface-type interface-number | next-hop [ preference preference-value ] [ reject | blackhole ]

undo ip route-static ip-address { mask | mask-length }[interface-type interface-number ] [ next-hop ] [ preference preference-value ][ reject | blackhole ]

Parameters ip-address Destination IP address in dotted decimal notation.

mask Subnet mask.

mask-length Length of the subnet mask, that is, the number of successive bits in the subnet mask whose values are 1.

interface-type interface-number Specifies the interface of the route. The packets that

are sent to a NULL interface, a kind of virtual interface, will be discarded immediately. This can decrease the system load.

next-hop Next hop IP address in dotted decimal notation.

preference-value Preference value of the route. This argument ranges from 1 to 255. The default preference is 60.

reject Specifies the route to be unreachable. If you specify this keyword when executing this command, any packet destined for the specified IP address is discarded, and the system informs the source that the destination is unreachable.

blackhole Specifies the route to be a black hole. If you specify this keyword when executing this command, all outbound interfaces of the static route are the Null 0 interfaces regardless of the next hop. In addition, the system discards any packet transmitted along this route without informing the source.

Example Configure the next hop of the default route as 129.102.0.2.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ip route-static 0.0.0.0 0.0.0.0 129.102.0.2

3Com Switch 4200G Family ip route-static ● 419 Command Reference


■ System view

420 ● jumboframe enable 3Com Switch 4200G Family Command Reference

jumboframe enable

Purpose Use this command to allow jumbo frames to pass through the Ethernet port.

Syntax jumboframe enable

undo jumboframe enable

Example To allow jumbo frames to pass through GigabitEthernet1/0/3.

[4200G] interface GigabitEthernet 1/0/3[4200G-GigabitEthernet1/0/3]dis this#interface GigabitEthernet1/0/3 undo jumboframe enable#return[4200G-GigabitEthernet1/0/3]jumboframe enable[4200G-GigabitEthernet1/0/3]dis this#interface GigabitEthernet1/0/3#return[4200G-GigabitEthernet1/0/3]q[4200G]


■ Ethernet port view

Description Use the jumboframe enable command to allow jumbo frames to pass through the current Ethernet port. The maximum frame size supported is 9216 bytes.

Use the undo jumboframe enable command to inhibit jumbo frames from passing through the current Ethernet port.

3Com Switch 4200G Family key ● 421 Command Reference

key

Purpose Use the key command to specify a shared key for the RADIUS authentication/authorization packets or accounting packets.

Use the undo key command to restore the corresponding default shared key.

Syntax key { accounting | authentication } string

undo key { accounting | authentication }

Parameters accounting Specifies the shared key for the RADIUS accounting packets.

authentication Specifies a shared the encryption key for RADIUS authentication/authorization packet.

string Specifies the key with a character string not exceeding 16 characters. If not specified, the default key is “3Com”.

Example To set the shared key for the RADIUS accounting packets in RADIUS scheme radius1 to ok.

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] key authentication hello

To set the shared key for the RADIUS accounting packets in RADIUS scheme radius1 to ok.

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] key accounting ok



Description The RADIUS client and server adopt MD5 algorithm to encrypt the RADIUS packets exchanged with each other. The two parties verify the validity of the exchanged packets by using the shared keys that have been set on them, and can accept and respond to the packets sent from each other only if both of them have the same shared keys. If the authentication/authorization server and the accounting server are

422 ● key 3Com Switch 4200G Family Command Reference

two separate devices and the two servers have different shared keys, you must set the shared keys for authentication/authorization packets and accounting packets respectively on the switch.

Related Commands ■ primary accounting

■ primary authentication

■ radius scheme.

3Com Switch 4200G Family lacp enable ● 423 Command Reference

lacp enable

Purpose Use the lacp enable command to enable the LACP protocol on the current port.

Use the undo lacp enable command to disable the LACP protocol on the current port.

Syntax lacp enable

undo lacp enable

Parameters None

Example Enable LACP protocol on the port GigabitEthernet1/0/1.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] lacp enable



Description The Switch will select the lowest port number as the master port for the link aggregation. This applies to all types of link aggregation. If the aggregation spans a stack of units and the same ports are used, the unit number will be the tie-breaker. For example, 1/0/1 and 2/0/1 are in an aggregation. Port 1/0/1 will be the master port.

424 ● lacp port-priority 3Com Switch 4200G Family Command Reference

lacp port-priority

Purpose Use the lacp port priority command to configure port priority value.

Use the undo lacp port-priority command to restore the default port priority value.

Syntax lacp port-priority port-priority

undo lacp port-priority

Parameters port-priority Port priority value. Valid values are 0 to 65,535. If not specified, the default value set is 32,768.

Example Set the priority of the port GigabitEthernet1/0/1 to 64.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] lacp port-priority 64



Related Commands ■ display link-aggregation interface

■ display link-aggregation verbose

3Com Switch 4200G Family lacp system-priority ● 425 Command Reference

lacp system-priority

Purpose Use the lacp system-priority command to configure system priority value.

Use the undo lacp system-priority command to restore the default system priority value.

Syntax lacp system-priority system-priority

undo lacp system-priority

Parameters system-priority System priority value. Valid values are 0 to 65,535. If not specified, the default is 32,768.

Example Set the system priority to 64.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] lacp system-priority 64


■ System view

Related Command display lacp system-id

426 ● language-mode 3Com Switch 4200G Family Command Reference

language-mode

Purpose Use the language-mode command to toggle between the language modes (that is, language environments) of the command line interface (CLI) to meet your requirement.

Syntax language-mode { chinese | english }

Parameters chinese Sets the CLI language environment to Chinese.

english Sets the CLI language environment to English.

Default By default, the CLI language mode is english.

Example Toggle from the english mode to the chinese mode.

<S4200G> language-mode chinese


■ User view

3Com Switch 4200G Family lcd ● 427 Command Reference

lcd

Purpose Use the lcd command to display the local work directory on the FTP client.

Syntax lcd

Parameters None



Display the local work directory.

[ftp] lcd% Local directory now flash:/temp


■ FTP Client view

428 ● level 3Com Switch 4200G Family Command Reference

level

Purpose Use the level command to set the priority level of the user.

Use the undo level command to restore the default priority level of the user.

Syntax level level

undo level

Parameters level Specifies the priority level of the user. level is an integer ranging from 0 to 3.

Default The default user priority level is 0.

Example To set the level of user1 to 3, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] local-user user1 New local user added.[S4200G-luser-user1] level 3


■ Local User view

Description The priority level of the user corresponds to the command level of the user. Refer to the description of the command-privilege level command in the command line interface module.

If the configured authentication mode is none authentication or password authentication, the command level that a user can access after login depends on the priority of user interface. In the case of authentication requiring both username and password, however, the accessible command level depends on user priority level.

lIf the configured authentication method requires a user name and a password, the command level that a user can access after login is determined by the priority level of the user. For SSH users, when they use RSA shared keys for authentication, the commands they can access are determined by the levels sets on the user interfaces.

Related Command local-user

3Com Switch 4200G Family link-aggregation group description ● 429 Command Reference

link-aggregation group description

Purpose Use the link-aggregation group description command to set a description for an aggregation group.

Use the undo link-aggregation group agg-id description command to remove the description of an aggregation group.

Syntax link-aggregation group agg-id description agg-name

undo link-aggregation group agg-id description

Parameters agg-id Aggregation group ID. Valid values are 1 to 50.

agg-name Aggregation group name, consisting of a character string from 1 to 32 characters long.

Example Set the description "abc" for aggregation group 22.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] link-aggregation group 22 description abc


■ System view

Description If you have saved the current configuration with the save command, after system reboot, the manual and static aggregation groups and their descriptions still exist, but the dynamic aggregation groups and their descriptions disappear.


430 ● link-aggregation group mode 3Com Switch 4200G Family Command Reference

link-aggregation group mode

Purpose Use the link-aggregation group mode command to create a manual or static aggregation group.

Use the undo link-aggregation group command to delete an aggregation group.

Syntax link-aggregation group agg-id mode { manual | static }

undo link-aggregation group agg-id


manual Creates a manual aggregation group.

static Creates a static aggregation group.

Example To create manual aggregation group 22, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] link-aggregation group 22 mode manual


■ System view

Description The Switch will select the lowest port number as the master port for the link aggregation. This applies to all types of link aggregation. If the aggregation spans a stack of units and the same ports are used, the unit number will be the tie-breaker. For example, 1/0/1 and 2/0/1 are in an aggregation. Port 1/0/1 will be the master port.

A manual or static aggregation group can have up to eight ports. You can use the link-aggregation group agg-id mode command to change an existing dynamic aggregation group into a manual or static one. If the port number in a group exceeds eight, this operation fails and the system prompts you about the configuration failure.

Related Command display link-aggregation summary

3Com Switch 4200G Family local-server ● 431 Command Reference

local-server

Purpose Use the local-server command to configure the parameters of local RADIUS server.

Use the undo local-server command to cancel a local RADIUS server.

Syntax local-server nas-ip ip-address key password

undo local-server nas-ip ip-address

Parameters nas-ip ip-address Specifies the IP address of the local RADIUS server. ip-address is expressed in the format of dotted decimal.

key password Specifies the shared key of the local RADIUS server. password is a character string up to 16 characters in length.

Default By default, a local RADIUS authentication server has already been created with the NAS-IP and key set to 127.0.0.1 and 3Com respectively.

Example To create a local RADIUS authentication server with an IP address of 10.110.1.2 and a shared key of aabbcc, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] local-server nas-ip 10.110.1.2 key aabbcc


■ System view

Description Note:

■ The switch not only supports the traditional RADIUS client service to accomplish user AAA management through foreign authentication/authorization server and accounting server, but also provides a simple local RADIUS server function for authentication and authorization. This function is called local RADIUS authentication server function.

■ When you use the local RADIUS authentication server function, the UDP port number for the authentication/authorization service must be 1645, the UDP port number for the accounting service is 1646.

■ The packet encryption key set by the local-server command with the key password parameter must be identical with the authentication/authorization packet encryption key set by the key command in RADIUS scheme view.

■ The switch supports at most 16 local RADIUS authentication servers (including the default local RADIUS authentication server).

432 ● local-server 3Com Switch 4200G Family Command Reference

Related Commands ■ key

■ radius-scheme

■ state

3Com Switch 4200G Family local-user ● 433 Command Reference

local-user

Purpose Use the local-user command to add a local user and enter local user view.

Use the undo local-user command to delete the specified local users.

Syntax local-user user-name

undo local-user { user-name | all [ service-type { ftp | lan-access | ssh | telnet | terminal } ] }

Parameters user-name user-name Specifies the connections to display using the user-name. The user-name is a character string up to 32 characters in length. The string cannot contain the following characters:

■ /

■ :

■ *

■ ?

■ <

■ >


all Specifies all users.

service-type Specifies local users of a specific type. You can specify one of the following user types:

■ ftp

■ lan-access (users are mainly Ethernet access users, for example, 802.1x users)

■ ssh

■ telnet

■ terminal (users can log into the switch through the Console port)

Example To add a local user named user1, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] local-user user1 New local user added.[S4200G-luser-user1]

434 ● local-user 3Com Switch 4200G Family Command Reference


■ System view

Related Command ■ display local-user

■ service-type

3Com Switch 4200G Family local-user password-display mode ● 435 Command Reference

local-user password-display mode

Purpose Use the local-user password-display-mode command to set the password display mode of all users.

Use the undo local-user password-display-mode command to restore the default password display mode.

Syntax local-user password-display-mode { auto | cipher-force }

undo local-user password-display-mode

Parameters auto Adopts the forcible cipher mode so that the passwords of all the access users must be displayed in cipher text.

cipher-force Adopts the automatic mode so that the passwords of access users are displayed in the modes set with the password command.

Default By default, the password display mode of all access users is auto.

Example To display all access user passwords in cipher text forcibly, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] local-user password-display-mode cipher-force


■ System view

Description When the cipher-force mode is adopted, all passwords will be displayed in cipher text even through some users have specified to display their passwords in plain text by using the password command with the simple keyword.

Related Command ■ display local-user

■ password

436 ● lock 3Com Switch 4200G Family Command Reference

lock

Purpose Use the lock command to lock the current user interface and prevent unauthorized users from accessing it.

Syntax lock

Parameters None

Example To lock the current user interface, enter the following:

<S4200G>lockPassword: xxxxAgain: xxxx


■ User view

Description An authorized user must enter a valid password to access the interface.

3Com Switch 4200G Family logging-host ● 437 Command Reference

logging-host

Purpose Use the logging-host command to configure a public logging host on the management device for member devices.

Use the undo logging-host command to cancel the logging host configuration.

Syntax logging-host ip-address

undo logging-host

Parameters ip-address IP address of the logging host configured for the cluster.

Default By default, no public logging host is configured.

Example Configure the IP address of the logging host on the management device.

<aaa_0.S4200G>system-viewSystem View: return to User View with Ctrl+Z.[aaa_0.S4200G]cluster[aaa_0.S4200G-cluster] logging-host 10.10.10.9


■ Cluster view

Description Only after you assign an IP address for the logging host of the cluster, member devices can send log information to the logging host through the management device.

438 ● loopback-detection control enable 3Com Switch 4200G Family Command Reference

loopback-detection control enable

Purpose Use the loopback-detection control enable command to enable loopback detection and control function for Trunk ports and Hybrid ports.

Use the undo loopback-detection control enable command to disable loopback detection and control function for Trunk ports and Hybrid ports.

Syntax loopback-detection control enable

undo loopback-detection control enable

Parameters None

Default By default, the loopback detection and control function is disabled for both the Trunk and Hybrid ports.

Example Enable loopback port control on the GigabitEthernet1/0/1 trunk port.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] loopback-detection enable[S4200G] interface GigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] loopback-detection enable[S4200G-GigabitEthernet1/0/1] loopback-detection control enable



Description Note:

■ When the loopback port control function is enabled on the trunk or hybrid port and loopback is found on the port, the system disables the port, sends a Trap message to the client and removes the corresponding MAC forwarding entry.

■ When the loopback port control function is disabled, the system sends a Trap message to the client if a loopback port is found. The port still operates normally.

CAUTION:

This command is invalid for the access port, since the loopback port control function is always enabled on the access port.

3Com Switch 4200G Family loopback-detection enable ● 439 Command Reference

loopback-detection enable

Purpose Use the loopback-detection enable command to enable the loopback detection function globally or for a specific port.

Use the undo loopback-detection enable command to disable the loopback detection function globally or for a specific port.

Syntax loopback-detection enable

undo loopback-detection enable

Parameters None

Default By default, the loopback detection function is disabled.

Example Enable the loopback detection function for Ethernet1/0/1 port.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] loopback-detection enable[S4200G] interface ethernet1/0/1[S4200G-Ethernet1/0/1] loopback-detection enable


■ System view



■ Loopback detection for a port is enabled only when the loopback-detection enable command is enabled under both system view and port view.

■ When the undo loopback-detection enable command is used under system view, the loopback detection function will be disabled for all ports.

Note:

■ For Access port: If system detects loopback for a port, it will shut down that port, send a Trap message to the terminal, and delete the corresponding MAC address forwarding entry.

■ For Trunk ports and Hybrid ports: If system detects loopback for a port, it will send a Trap message to the terminal. If the loopback detection and control function for that port is enabled at the same time, the system will then shut down the given port, send a Trap message to the terminal, and delete the corresponding MAC address forwarding entry.

440 ● loopback-detection enable 3Com Switch 4200G Family Command Reference

Related Command loopback-detection control enable

3Com Switch 4200G Family loopback-detection interval-time ● 441 Command Reference

loopback-detection interval-time

Purpose Use the loopback-detection interval-time command to set the time interval for detecting the external loopback for a port.

Use the undo loopback-detection interval-time command to restore the time interval to default value.

Syntax loopback-detection interval-time time

undo loopback-detection interval-time

Parameters Time Time interval for detecting the external loopback for a port, in seconds. Valid values are 5 to 300. If not specified, the default is 30 seconds.

Example Set the time interval for regular external loopback detection to 10 seconds.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] loopback-detection interval-time 10


■ System view

Related Command display-loopback-detection

442 ● loopback-detection per-vlan enable 3Com Switch 4200G Family Command Reference

loopback-detection per-vlan enable

Purpose Use the loopback-detection per-vlan enable command to configure the system to run loopback detection on all VLANs for the Trunk and Hybrid ports.

Use the undo loopback-detection per-vlan enable command to restore the default setting, that is, to enable loopback detection function only for the default VLANs with Trunk and Hybrid ports.

Syntax loopback-detection per-vlan enable

undo loopback-detection per-vlan enable

Parameters None

Default By default, system runs loopback detection only on the default VLAN for the trunk and hybrid ports.

Example Configure the system to run loopback detection on all VLANs for the GigabitEthernet1/0/1 trunk port.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] loopback-detection per-vlan enable




This command is invalid for the Access ports.

3Com Switch 4200G Family ls ● 443 Command Reference

ls

Purpose Use the ls command to display the files in the specified directory.

Syntax ls [ remote-path ]

Parameters remote-path Name of the intended directory.

Example Display the files in directory flash:/.

sftp-client> ls flash:/-rwxrwxrwx 1 noone nogroup 1759 Aug 23 06:52 vrpcfg.cfg-rwxrwxrwx 1 noone nogroup 225 Aug 24 08:01 pubkey2-rwxrwxrwx 1 noone nogroup 283 Aug 24 07:39 pubkey1-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:28 pub1drwxrwxrwx 1 noone nogroup 0 Sep 28 08:24 new1drwxrwxrwx 1 noone nogroup 0 Sep 28 08:18 new2-rwxrwxrwx 1 noone nogroup 225 Sep 28 08:30 pub2



Description If the remote-path argument is not specified, the files in the current directory are displayed.

This command has the same function as the dir command.

444 ● ls 3Com Switch 4200G Family Command Reference

ls

Purpose Use the ls command to display the information about a specified remote file.

Syntax ls [ remotefile [ localfile ] ]

Parameters remotefile Name of the remote file to be queried.

Localfile Name of the local file where the querying result is to be saved.



Display the names of all the files in the current directory.

[ftp] ls 200 PORT command okay7 File Listing Follows in ASCII mode4.app5.app6.app6.app.bakabc.BTMTEST21.bin226 Transfer finished successfully.FTP: 1235 byte(s) received in 1.595 second(s) 774.00byte(s)/sec.


■ FTP Client view

Description If you do not specify the remotefile argument, the names of all the files in the current directory are displayed.

The ls command only displays file names, while the dir command displays file information in more detail, including file size, creation date and so on.

3Com Switch 4200G Family mac-address ● 445 Command Reference

mac-address

Purpose Use the mac-address command to add/modify the MAC address table entry.

Use the undo mac-address command to delete MAC address table entry

Syntax In System view:

mac-address { static | dynamic | blackhole } mac-address interface interface-type interface-number } vlan vlan-id

undo mac-address [ mac-address-attribute ]

In Port view:

mac-address { static | dynamic | blackhole } mac-address vlan vlan-id

undo mac-address [ { static | dynamic | blackhole } mac-address vlan vlan-id

Parameters static Specifies that the MAC address entry to be added/updated is of static type.

dynamic Specifies that the MAC address entry to be added/updated is of dynamic type.

blackhole Specifies the MAC address entry to be added/updated is of blackhole type.

mac-address Specifies the MAC address.

interface-type Specifies the port type.


vlan-id Specifies the VLAN ID. Valid values are 1 to 4094.

mac-address-attribute Specifies the string used to specify the MAC address entries to be removed, as described in Table 85

Table 85 Description on the mac-address-attribute argument

Value Description

{ static | dynamic | blackhole } interface interface-type interface-number

Remove the static, dynamic, or blackhole MAC address entries concerning a specified port.

{ static | dynamic | blackhole } vlan vlan-id

Remove the static, dynamic, or blackhole MAC address entries concerning a specified VLAN.

{ static | dynamic | blackhole } mac-address [ interface interface-type interface-number ] vlan vlan-id

Remove a specified static, dynamic, or blackhole MAC address entry.

interface interface-type interface-number

Remove all the MAC address entries concerning a specified port.

vlan vlan-id Remove all the MAC address entries concerning a specified VLAN.

446 ● mac-address 3Com Switch 4200G Family Command Reference

Example Configure a static MAC address entry with the following settings:

■ MAC address: 00e0-fc01-0101

■ Outbound port: GigabitEthernet1/0/1 port

■ GigabitEthernet1/0/1 port belongs to VLAN 2.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] mac-address static 00e0-fc01-0101 interface GigabitEthernet 1/0/1 vlan 2


■ System view

■ Port view

Description If the MAC address you input in the mac-address command already exists in the MAC address table, the system will modify the attributes of the corresponding MAC address entry according to your settings in the command.

When being executed in port view, these two commands only apply to the current port. In this case, the interface keyword is unnecessary.

Related Command display mac-address

mac-address [ interface interface-type interface-number ] vlan vlan-id

Remove a specified MAC address entry.

Table 85 Description on the mac-address-attribute argument (continued)

Value Description

3Com Switch 4200G Family mac-address max-mac-count ● 447 Command Reference

mac-address max-mac-count

Purpose Use the mac-address max-mac-count command to configure the maximum number of MAC addresses an Ethernet port can learn.

Use the undo mac-address-table max-mac-count command to cancel the limitation on the number of MAC addresses an Ethernet port can learn.

Syntax mac-address max-mac-count count

undo mac-address max-mac-count

Parameters count The maximum number of MAC addresses a port can learn. Valid values are 0 to 4,096. A value of 0 disables the port from learning MAC addresses. If no maximum limit is set, the MAC address table controls the number of MAC addresses a port can learn.

Default By default, the number of MAC addresses an Ethernet port can learn is unlimited.

Example Set the maximum number of MAC addresses GgiabitEthernet1/0/3 port can learn to 600.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/3[S4200G-GigabitEthernet1/0/3] mac-address max-mac-count 600



Description These mac-address max-mac-count and undo mac-address-table max-mac-count commands are not applicable to upstream ports.

The port stops learning MAC addresses when the specified limit is reached.

448 ● mac-address max-mac-count 0 3Com Switch 4200G Family Command Reference

mac-address max-mac-count 0

Purpose Use the mac-address max-mac-count0 command to disable a switch from learning MAC address in a VLAN.

Use the undo mac-address-table max-mac-count0 command to enable a switch to learn MAC address in a VLAN.

Syntax mac-address max-mac-count 0

undo mac-address max-mac-count

Parameters None

Default By default, a switch learns MAC addresses in any VLAN.

Example Disable the switch from learning MAC address in VLAN 3.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] vlan 3[S4200G-vlan3] mac-address max-mac-count 0


■ VLAN view

3Com Switch 4200G Family mac-address multicast interface vlan ● 449 Command Reference

mac-address multicast interface vlan

Purpose Use the mac-address multicast command to add a multicast MAC address entry.

Use the undo mac-address multicast command to remove a multicast MAC address entry.

Syntax mac-address multicast mac-address interface interface-list vlan vlan-id

undo mac-address multicast [ mac-address [ interface interface-list ] vlan vlan-id ]

Parameters mac-address Multicast MAC address.

interface-list Forward port list, in the format of { { interface-type interface-num | interface-name } [ to { interface-type interface-num | interface-name } ] }&<1-10>. Where, interface-type and interface-num is the type and number of a port, interface-name is the name of a port, and &<1-10> means you can specify up to 10 ports/port ranges. For the value ranges of the three arguments, refer to the command parameter description in the Port Configuration module of this document.

vlan-id VLAN ID.

Example Add a multicast MAC address entry, with multicast address 0100-5e0a-0805, forward port GigabitEthernet 1/0/1, and VLAN 1 to which the entry belongs.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] mac-address multicast 0100-5e0a-0805 interface GigabitEthernet 1/0/1 vlan 1


■ System view

Description A multicast address entry contains the following information: multicast MAC address, Forward port, and VLAN ID.

Related Command display mac-address multicast static

450 ● mac-address multicast vlan 3Com Switch 4200G Family Command Reference

mac-address multicast vlan

Purpose Use the mac-address multicast vlan command to add a multicast MAC address entry.

Use the undo mac-address multicast vlan command to remove a multicast MAC address entry.

Syntax mac-address multicast mac-address vlan vlan-id

undo mac-address multicast [ [ mac-address ] vlan vlan-id ]

Parameters mac-address Multicast MAC address.

vlan-id VLAN ID.

Example Add a multicast MAC address entry on the GigabitEthernet1/0/1 port, with multicast address 0100-1000-1000 and VLAN 1 to which the entry belongs.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1]mac-address multicast 0100-1000-1000 vlan 1



Description A multicast MAC address entry contains a multicast MAC address, a VLAN ID, and other information.

Related Command display mac-address multicast static

3Com Switch 4200G Family mac-address security ● 451 Command Reference

mac-address security

Purpose Use the mac-address security command to add Security MAC address manually.

Use the undo mac-address security command to delete Security MAC address.

Syntax mac-address security mac-address [ interface interface-type interface-number ] vlan vlan-id



vlan-id Specifies the VLAN ID.

Default By default, no Security MAC address is added.


<S4200G> system-view

Enable port-security feature globally.

[S4200G] port-security enable

Configure the maximum number of MAC addresses allowed to access the port to 100.

[S4200G-GigabitEthernet1/0/1] port-security max-mac-count 100

Configure the port mode to autolearn.

[S4200G-GigabitEthernet1/0/1] port-security port-mode autolearn

Add the Security MAC address 0001-0001-0001 to VLAN 1.

[S4200G-GigabitEthernet1/0/1] mac-address security 0001-0001-0001 vlan 1



■ System view

Description You can add Security MAC address only when the port-security is enabled globally and the port-security port-mode autolearn command is configured on the port.

452 ● mac-address timer 3Com Switch 4200G Family Command Reference

mac-address timer

Purpose Use the mac-address timer command to set the aging time for dynamic MAC address entries.

Use the undo mac-address timer command to revert to the default aging time.

Syntax mac-address timer { aging age-time | no-aging }

undo mac-address timer aging

Parameters aging age-time Specifies the aging time (measured in seconds) for dynamic MAC address entries. Valid values for age-time are 10 to 630. If not specified, the default aging time is 300 seconds.

no-aging Specifies not to age dynamic MAC address entries.

Example Set the aging time of MAC address entries to 500 seconds.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] mac-address timer aging 500


■ System view

Description Setting the aging time on the switch to be too long or too short will cause the switch to broadcast data packets without MAC addresses, this will affect the operational performance of the switch.

If the aging time is set too long, the switch will store out-of-date MAC address tables. This will consume MAC address table resources and the switch will not be able to update MAC address table according to the network change.

If aging time is set too short, the switch may delete valid MAC address table entries.

3Com Switch 4200G Family mac-authentication ● 453 Command Reference

mac-authentication

Purpose Use the mac-authentication command to enable centralized MAC address authentication globally (current device) or on specified ports.

Use the undo mac-authentication command to disable centralized MAC address authentication globally or on specified ports.

Syntax mac-authentication [ interface interface-list ]

undo mac-authentication [ interface interface-list ]

Parameters interface-list Specifies the list of Ethernet ports. You can specify multiple Ethernet ports by providing this argument in the form of interface-list = { interface-type interface-number [ to interface-type interface-number ] } where <1–10> means that you can provide up to 10 port indexes/port index lists for this argument.

Default By default, centralized MAC address authentication is disabled both globally and on any port.

Example To enable centralized MAC address authentication for GigabitEthernet 1/0/1 port, enter the following:

<S4200G> system-view[S4200G] mac-authentication interface GigabitEthernet 1/0/1

Enable centralized MAC address authentication globally.

[S4200G] mac-authentication


■ System view


Description When being executed in system view, the mac-authentication command enables centralized MAC address authentication globally if you do not provide the interface-list argument, otherwise, the command enables centralized MAC address authentication on the specified ports.

When being executed in Ethernet port view, the command enables centralized MAC address authentication on the current port only. In this case, the interface-list is unnecessary.

454 ● mac-authentication 3Com Switch 4200G Family Command Reference

You can configure centralized MAC address authentication-related parameters no matter whether or not centralized MAC authentication is enabled. If you do not configure the parameters before enabling centralized MAC address authentication globally, the default parameters are adopted.

Note:

■ Centralized MAC address authentication configuration takes effect on a port only after you enable centralized MAC address authentication globally.

■ The configuration of the maximum number of learned MAC addresses (refer to the mac-address max-mac-count command) is unavailable for the ports with centralized MAC address authentication enabled. Similarly, the centralized MAC address authentication is unavailable for the ports with the maximum number of learned MAC addresses configured.

3Com Switch 4200G Family mac-authentication authmode ● 455 Command Reference

mac-authentication authmode

Purpose Use the mac-authentication authmode command to set MAC address authentication mode.

Use the undo mac-authentication authmode command to cancel the configured MAC address authentication mode.

Syntax mac-authentication authmode { usernameasmacaddress | usernamefixed }

undo mac-authentication authmode

Parameters usernameasmacaddress Authenticates users in MAC address mode. The usernameasmacaddress keyword specifies to adopt the MAC address mode, where user the MAC address is used as both user name and password.

usernamefixed Authenticates users in fixed mode. The usernamefixed keyword specifies to adopt the fix mode, where user name and password are configured previously.

Default By default, the MAC address mode is adopted.

Example To specify to perform MAC address authentication in the fixed mode, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] mac-authentication authmode usernamefixed


■ System view

456 ● mac-authentication authpassword 3Com Switch 4200G Family Command Reference

mac-authentication authpassword

Purpose Use the mac-authentication authpassword command to set a password for MAC address authentication when the fixed mode is adopted.

Use the undo mac-authentication authpassword command to cancel the configured password.

Syntax mac-authentication authpassword password

undo mac-authentication authpassword

Parameters password Specifies the password used for authentication. The password consists of a character string from 1 to 63 characters long.

Default By default, no password is configured for the fixed mode of MAC address authentication.

Example To Set the password to mac, enter the following:

<S4200G> system-view[S4200G] mac-authentication authpassword mac


■ System view

3Com Switch 4200G Family mac-authentication authusername ● 457 Command Reference

mac-authentication authusername

Purpose Use the mac-authentication authusername command to set a user name when a switch authenticates users in fixed mode.

Use the undo mac-authentication authusername command to restore the default user name.

Syntax mac-authentication authusername username

undo mac-authentication authusername

Parameters username User name for authentication consisting of a character string from1 to 55 characters long.

Default By default, the user name used in MAC address authentication (in the fixed mode) is mac.

Example To set the user name to vipuser for MAC addresses authentication (in the fixed mode), enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] mac-authentication authusername vipuser

Restore the default user name for fixed mode.

[S4200G] undo mac-authentication authusername


■ System view

458 ● mac-authentication domain 3Com Switch 4200G Family Command Reference

mac-authentication domain

Purpose Use the mac-authentication domain command to configure an ISP domain for centralized MAC address authentication users.

Use the undo mac-authentication domain command to restore the default ISP domain.

Syntax mac-authentication domain isp-name

undo mac-authentication domain

Parameters isp-name ISP domain name consisting of a string up to 24 characters long. Note that this argument cannot contain “/”, “:”, “*”, “?”, “<”, and “>”.

Default By default, the domain for centralized MAC address authentication users is not configured.

Example To configure the domain for centralized MAC address authentication to be Cams, enter the following:

<S4200G> system-view[S4200G] mac-authentication domain Cams


■ System view

3Com Switch 4200G Family mac-authentication timer ● 459 Command Reference

mac-authentication timer

Purpose Use the mac-authentication timer command to configure the timers used in centralized MAC address authentication.

Use the undo mac-authentication timer command to restore the default timer setting.

Syntax mac-authentication timer { offline-detect offline-detect-value | quiet quiet-value | server-timeout server-timeout-value }

undo mac-authentication timer { offline-detect | quiet | server-timeout }

Parameters offline-detect offline-detect-value Sets the offline-detect timer (in seconds). This timer

sets the interval for a switch to test whether or not a user goes offline. Valid values for the offline-detect-value argument are 1 to 65,535. If not specified, the default is 300.

quiet quiet-value Sets the quiet timer. If a user fails to pass the authentication performed by a switch, the switch stops authenticating users for a period specified by the quiet-value before it authenticates users again. Valid values for the quiet-value argument are 1 to 65,535 (in minutes). If not specified, the default is 1.

server-timeout server-timeout-value Sets the server-timeout timer. If the connection

between a switch and a RADIUS server times out when the switch authenticates a user on one of its ports, the switch turns down the user. Valid values for the server-timeout-value argument are 1 to 65,535 (in seconds). If not specified, the default is 100.

Example To set the server timeout timer to 150 seconds, enter the following:

<S4200G> system-view[S4200G] mac-authentication timer server-timeout 150


■ System view

Related Command display mac-authentication

460 ● management-vlan 3Com Switch 4200G Family Command Reference

management-vlan

Purpose Use the management-vlan command to specify the management VLAN on the switch.

Use the undo management-vlan command to restore the default management VLAN.

Syntax management-vlan vlan-id

undo management-vlan

Parameters vlanid ID of the VLAN to be specified as the management VLAN.

Default By default, VLAN 1 is set as the management VLAN.

Example Specify VLAN 2 as the management VLAN of the current switch.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] management-vlan 2


■ System view

Description Follow these items when you configure the management VLAN:

■ The management VLAN specified for devices in the same cluster must be the same VLAN.

■ The management VLAN must be specified before the cluster is set up. You cannot change the management VLAN of an existing VLAN. If necessary, you can delete the cluster, re-specify the management VLAN and then re-create the cluster.

3Com Switch 4200G Family management-vlan synchronization enable ● 461 Command Reference

management-vlan synchronization enable

Purpose Use the management-vlan synchronization enable command to enable the management VLANs of the member devices of a cluster to be synchronized.

Use the undo management-vlan synchronization enable command to disable the management VLANs of the member devices of a cluster from being synchronized.

Syntax management-vlan synchronization enable

undo management-vlan synchronization enable

Parameters None

Default By default, the management VLAN of a member device is not synchronized.

Example Enable management VLAN synchronization on the master switch.

[3Com_0.S4200G-cluster]management-vlan synchronization enable

Disable management VLAN synchronization on the master switch.

[3Com_0.S4200G-cluster]undo management-vlan synchronization enable


■ Cluster view

Description This command can be executed only on master switches.

After enabling management VLAN synchronization, the master device advertises packets synchronizing the management VLANs to the attached switches regularly for the latter to configure their management VLANs, so that the management VLAN of the master device and those of the attached switches are synchronized. After the management VLANs are synchronized, the attached switch can join the cluster.

462 ● mdi 3Com Switch 4200G Family Command Reference

mdi

Purpose Use the mdi command to set port MDI attribute.

Use the undo mdi command to restore the default type.

Syntax mdi { across | auto | normal }

undo mdi

Parameters across Sets the port to support MDIX.

auto Sets the port to support auto-MDI/MDIX. If no parameter is specified, the port MDI attribute is set to auto.

normal Sets the port to support MDI.

Default By default, the network cable type is recognized automatically (the mdi auto command).

Example Set the port to support auto-MDI/MDIX.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[SW4200G]interface GigabitEthernet 1/0/1[SW4200G-GigabitEthernet1/0/1]mdi auto



Description Note: The mdi and undo mdi commands cannot be configured on the combo ports.

3Com Switch 4200G Family messenger ● 463 Command Reference

messenger

Purpose Use the messenger time command to enable or disable the messenger alert and configure the related parameters.

Use the undo messenger time command to restore messenger alert to default settings.

Syntax messenger time { enable limit interval | disable }

undo messenger time

Parameters limit Remaining-online-time threshold in minutes. Valid values are 1 to 60. When the remaining online time of a user is equal to this threshold, the Switch begins to send alert messages to the client.

interval Specifies the sending interval of prompts in minutes. Valid values are of 5 to 60 and must be specifies in intervals of 5.

Default By default, the messenger alert is disabled on the Switch.

Example To enable the switch to send prompt messages at intervals of 5 minutes to the users in the ISP domain system after the remaining online time is less than 30 minutes.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] domain system[S4200G-isp-system] messenger time enable 30 5


■ ISP Domain view

Description This function allows the clients to inform the online users about their remaining online time through a message dialog.

You can use messenger time enable command to set a remaining online time limit and the interval to send prompt messages. After that, the switch regularly sends prompt messages at the set interval to the clients of the users whose remaining online time is less than the set limit, and the clients inform the users of their remaining online time in the form of message dialog.

464 ● mirroring group 3Com Switch 4200G Family Command Reference

mirroring group

Purpose Use the mirroring-group command to configure the port mirroring group.

Use the undo mirroring-group command to delete the port mirroring group.

Syntax mirroring-group group-id { local | remote-destination | remote-source }

undo mirroring-group { group-id | all | local | remote-destination | remote-source }

Parameters group-id Group number of a port mirroring group. Valid values are 1 to 20.

local Specifies the mirroring group as a local port mirroring group.

remote-destination Specifies the mirroring group as the destination mirroring group for remote port mirroring.

remote-source Specifies the mirroring group as the source mirroring group for remote mirroring.

all Deletes all mirroring groups.

Example Configure the mirroring group on the local switch.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] mirroring-group 1 local


■ System view

3Com Switch 4200G Family mirroring-group mirroring-port ● 465 Command Reference

mirroring-group mirroring-port

Purpose Use the mirroring-group mirroring-port command to configure the monitored port.

Use the undo mirroring-group mirroring-port command to remove the configuration of the monitored port.

Syntax mirroring-group group-id mirroring-port mirroring-port-list { both | inbound | outbound }

undo mirroring-group group-id mirroring-port mirroring-port-list { both | inbound | outbound }


mirroring-port mirroring-port-list Specifies a list of mirrored ports.

mirroring-port-list is available in System view only, but not in Ethernet Port view.

both Mirrors packets both received and sent via the port.

inbound Mirrors only packets received via the port.

outbound Mirrors only packets sent via the port.

Example Configure GigabitEthernet1/0/1 as the source port and monitor all packets received via this port.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] mirroring-group 1 mirroring-port Gigabitethernet1/0/1 inbound


■ System view

466 ● mirroring-group reflector-port 3Com Switch 4200G Family Command Reference

mirroring-group reflector-port

Purpose Use the mirroring-group reflector-port command to configure a reflector port.

Use the undo mirroring-group reflector-port command to remove the configuration of a reflector port.

Syntax mirroring-group group-id reflector-port reflector-port

undo mirroring-group group-id reflector-port reflector-port


reflector-port reflector-port Specifies a reflector port. reflector-port is

available in System view only, but not in Ethernet Port view.

Example Configure GigabitEthernet1/0/1 as a reflector port and monitor all packets received and sent via this port.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] mirroring-group 1 reflector-port Ethernet1/0/1


■ System view

3Com Switch 4200G Family mirroring-group remote-probe vlan ● 467 Command Reference

mirroring-group remote-probe vlan

Purpose Use the mirroring-group remote-probe vlan command to specify the remote-probe VLAN for a given mirroring group.

Use the undo mirroring-group remote-probe vlan command to delete the remote-probe VLAN configuration for a given mirroring group.

Syntax mirroring-group group-id remote-probe vlan remote-probe-vlan-id

undo mirroring-group group-id remote-probe vlan remote-probe-vlan-id

Parameters group-id The group number of a mirroring group. Valid values are 1 to 20.

remote-probe vlan remote-probe-vlan-id Specifies a remote-probe VLAN for a specified

mirroring group.

Example Configure the remote-probe VLAN of mirroring group to be VLAN 100.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] mirroring-group 1 remote-probe vlan 100


■ System view

468 ● mirroring-port 3Com Switch 4200G Family Command Reference

mirroring-port

Purpose Use the mirroring-port command to configure a mirroring port.

Use the undo mirroring-port command to remove the configuration of a source port.

Syntax mirroring-port { inbound | outbound | both }

undo mirroring-port

Parameters inbound| outbound | both Direction of mirrored packets:

■ inbound; only mirrors the packets received via the port

■ outbound; only mirrors the packets sent by the port

■ both; mirrors all packets received and sent by the port

Example Configure GigabitEthernet1/0/1 as the source port and mirror all packets received and sent and via this port.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface gigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] mirroring-port both



Description The Switch supports one monitor port and one mirroring port. If several Switches form a Fabric, only one monitor port and one mirroring port can be configured in the Fabric. You need to configure the monitor port before configuring the monitored port.

Related Command display mirroring-group

3Com Switch 4200G Family mkdir ● 469 Command Reference

mkdir

Purpose Use the mkdir command to create a directory on the remote SFTP server.

Syntax mkdir remote-path

Parameters remote-path Name of a directory on the remote SFTP server.

Example Create directory test on the remote SFTP server.

sftp-client> mkdir test



470 ● mkdir 3Com Switch 4200G Family Command Reference

mkdir

Purpose Use the mkdir command to create a directory in a specified directory of a specified storage device.

Syntax mkdir directory

Parameters directory Name of the directory, comprised of a string from 1 to 142 characters longS.

Example Create a directory in the current directory, with the name being dd.

<S4200G> mkdir dd% Created dir flash:/dd


■ User view

Description When using the mkdir command to create a directory, the names of the directories and files in the same directory must be unique.

3Com Switch 4200G Family mkdir ● 471 Command Reference

mkdir

Purpose Use the mkdir command to create a directory on the remote SFTP server.

Syntax mkdir pathname

Parameters Pathname Path name.



Create the directory flash:/lanswitch on the FTP server.

[ftp] mkdir flash:/lanswitch257 "flash:/ lanswitch" new directory created.


■ FTP Client view

Description The mkdir command is only available to the FTP clients that are assigned the permission to create directories on FTP servers.

472 ● monitor-port 3Com Switch 4200G Family Command Reference

monitor-port

Purpose Use the monitor-port command to configure the destination monitor port.

Use the undo monitor-port command to remove the configuration of a destination port monitor.

Syntax monitor-port

undo monitor-port

Parameters None

Example Configure GigabitEthernet1/0/1 as the destination port.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface gigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] monitor-port



Description You can configure only one destination port on the switch; all mirrored packets will be sent to the destination port.

The Switch supports one monitor port and one mirroring port. If several Switches form a Fabric, only one monitor port and one mirroring port can be configured in the Fabric. You need to configure monitor port before configuring monitored port.

Related Command display mirroring-group

3Com Switch 4200G Family more ● 473 Command Reference

more

Purpose Use the more command to display the content of a specified file.

Syntax more file-url

Parameters file-url The path name or file name of a file in the Flash, comprised of a string from 1 to 142 characters long.

Example Display contents of file test.txt.

<S4200G> more test.txtAppWizard has created this test application for you. This file contains a summary of what you will find in each of the files that make up your test application.Test.dspThis file (the project file) contains information at the project level and is used to build a single project or subproject. Other users can share the project (.dsp) file, but they should export the makefiles locally.


■ User view

Description Currently, the content of a file can only be displayed in text.

474 ● move 3Com Switch 4200G Family Command Reference

move

Purpose Use the move command to move a file to a specified directory. You can also assign a new name for the file.

Syntax move fileirl-source fileurl-dest

Parameters fileurl-source Path name or file name of the source file in the Flash, a string comprising 1 to 142 characters.

fileurl-dest Path name or file name of the target file in the Flash, a string comprising 1 to 142 characters.

Example Move the file named sample.txt from flash:/test/ to flash:/, with the name not changed.

<S4200G> move flash:/test/sample.txt flash:/sample.txtMove flash:/test/sample.txt to flash:/sample.txt ?[Y/N]:y% Moved file flash:/test/sample.txt to flash:/sample.txt


■ User view

Description When the destination filename is the same as that of an existing file, the system will ask whether to overwrite the existing file.

3Com Switch 4200G Family name ● 475 Command Reference

name

Purpose Use the name command to set a name for the assigned VLAN.

Use the undo name command to restore to the default VLAN name.

Syntax name string

undo name

Parameters string Name of the assigned VLAN, consisting of a character string from 1 to 32 characters long.

Default By default, the VLAN ID (like VLAN 0001) is used as the name of the assigned VLAN.

Example Set the name of VLAN 2 to abc.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] vlan 2[S4200G-vlan2] name abc


■ VLAN view

476 ● name 3Com Switch 4200G Family Command Reference

name

Purpose Use the name command to set a name for the assigned VLAN.

Use the undo name command to delete the name of the assigned VLAN.

Syntax name string

undo name

Parameters string Name of the assigned VLAN. string is a character string from 1 to 32 characters long.

Default By default, a VLAn uses its VLAN ID (like VLAN 0001) as its name.

Example To set the name of VLAN 100 to test, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] vlan 100[S4200G-vlan100] name test


■ VLAN view

Description This command is used for the dynamic VLAN assignment function. For details about this function, refer to the vlan-assignment-mode command.

Related Commands ■ dot1x guest-vlan

■ vlan-assignment-mode

3Com Switch 4200G Family nas-ip ● 477 Command Reference

nas-ip

Purpose Use the nas-ip command to set the source IP address used by the switch to send RADIUS packets.

Use the undo nas-ip command to remove the source IP address setting.

Syntax nas-ip ip-address

undo nas-ip

Parameters ip-address Specifies the source IP address for RADIUS packets. This address cannot be the all zero address or the Class-D address.

Default By default, the IP address of the outbound interface is used as the source IP address of the packet.

Example To set the source IP address used by the switch to send the RADIUS packets to 10.1.1.1, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] nas-ip 10.1.1.1



Description You can specify the source IP address used to send RADIUS packets to prevent the unreachability of the packets returned from the server due to physical interface trouble. It is recommended to use the loopback interface address as the source IP address.

Related Commands ■ display radius

■ radius nas-ip

478 ● ndp enable 3Com Switch 4200G Family Command Reference

ndp enable

Purpose Use the ndp enable command in system view to enable NDP globally on the switch. When being executed in Ethernet port view, this command enables NDP for an Ethernet port.

Use the undo ndp enable command in system view to disable NDP globally on the switch. When being executed in Ethernet port view, this command disables NDP for an Ethernet port.

Syntax ndp enable [ interface port-list ]

undo ndp enable [ interface port-list ]

Parameters port-list Specifies a list of ports. The list can contain consecutive or separated ports, or the combination of the both. You need to provide the port-list argument in the form of { interface-type interface-number | interface-name } [ to { interface-type interface-number | interface-name } ] } &<1-10>, where interface-type specifies the port type, and interface-number specifies the port number (in the form of slot number/port number). Using “to” specifies a range of ports.

Default By default, NDP is enabled both globally on the switch and on an Ethernet port.

Example Enable NDP globally on the system.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ndp enable


■ System view


3Com Switch 4200G Family ndp timer aging ● 479 Command Reference

ndp timer aging

Purpose Use the ndp timer aging command to set how long a device will hold the NDP packets received from the local device. After the aging timer expires, the device will discard the received NDP neighbor node information.

Use the undo timer aging command to restore the default NDP information aging time (180 seconds).

Syntax ndp timer aging aging-in-seconds

undo ndp timer aging

Parameters aging-in-seconds Time to hold the NDP information on the neighbor node in seconds. Valid values are 5 to 255 seconds If not specified, the NDP is aged in 180 seconds, by default.

Example Configure the holdtime of the NDP information sent by the local switch to be 60 seconds.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ndp timer aging 60


■ System view

Description A user can specify how long an adjacent device will hold the NDP information sent by the local device. An adjacent device holds the NDP information of the local switch according to the holdtime carried in the NDP packets received from the local switch and removes the NDP information when the aging timer expires.

Normally, NDP information holdtime is longer than the interval to send NDP packets. Otherwise, the neighbor information table of an NDP port becomes unstable.

480 ● ndp timer hello 3Com Switch 4200G Family Command Reference

ndp timer hello

Purpose Use the ndp timer hello command to define how often to transmit the NDP packets.

Use the undo ndp timer hello command to restore the default NDP packet interval (60 seconds).

Syntax ndp timer hello timer-in-seconds

undo ndp timer hello

Parameters timer-in-seconds Interval (in seconds) to send NDP packets ranging from 5 to 254. If not specified, NDP packets are transmitted every 60 seconds, by default.

Default By default, NDP packets are transmitted every 60 seconds.

Example Configure the interval to send NDP packets to be 80 seconds.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ndp timer hello 80


■ System view

Description NDP information in a neighbor information table is updated regularly. This enables neighbor information table to contain the actual network topology information. You can use these two commands to adjust the updating frequency of NDP information.

3Com Switch 4200G Family nm-interface vlan-interface ● 481 Command Reference

nm-interface vlan-interface

Purpose Use the nm-interface vlan-interface command to configure an NMS interface of the management device.

Syntax nm-interface vlan-interface vlan-id

Parameters vlan-id ID of a VLAN. It is an existing virtual interface ID.

Example Configure VLAN-interface 2 as an NMS interface.

<123> system-viewSystem View: return to User View with Ctrl+Z[123] cluster[123-cluster] nm-interface Vlan-interface 2


■ Cluster view

Description Note:

■ In an NAT-enabled cluster network, the NAT server is configured on the management VLAN interface of the management device by default. The NAT server can perform address translation between an internal IP address and a public IP address. NMS devices outside the cluster network can use SNMP, FTP, and HTTP to manage the devices inside the cluster through NAT.

■ If the VLAN where the port connected with the NMS device resides is not a management VLAN, since no NAT server is configured on this interface by default, IP addresses cannot be translated. In this case, the network administrator of the external network is unable to access the management device, so he cannot manage internal devices of the cluster.

■ By specifying an NMS interface on the management device, you can enable the NAT server configuration on the NMS interface instead of the management VLAN interface. In this case, the network administrator can access the management device through the NMS interface to manage internal devices of this cluster.

482 ● ntdp enable 3Com Switch 4200G Family Command Reference

ntdp enable

Purpose Use the ntdp enable command in system view to enable NTDP globally. When being executed in Ethernet port view, this command enables NTDP for an Ethernet port.

Use the undo ntdp enable command in system view to disable NTDP globally. When being executed in Ethernet port view, this command disables NTDP for an Ethernet port.

Syntax ntdp enable

undo ntdp enable

Parameters None

Default By default, NTDP is enabled globally on the switch and the ports supporting NDP. For a port that does not support NDP, NTDP cannot operate even if NTDP is enabled on it.

Example Enable NTDP globally on the switch.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ntdp enable


■ System view


3Com Switch 4200G Family ntdp explore ● 483 Command Reference

ntdp explore

Purpose Use the ntdp explore command to start topology information collection manually.

Syntax ntdp explore

Parameters None

Example Start the topology collection.

<S4200G> ntdp explore


■ User view

Description Normally, NTDP collects network topology information periodically. You can also start topology information collection manually whenever needed by executing this command. When you execute this command, NTDP collects the NDP information of every device and the information about the connections between the local switch and all of its neighbor switches in the specified network scope. The information is useful for the management device or network management system to acquire the network topology and to manage and monitor the devices.

484 ● ntdp hop 3Com Switch 4200G Family Command Reference

ntdp hop

Purpose Use the ntdp hop command to set a range (in terms of hop count) for topology information collection.

Use the undo ntdp hop command to restore the default range for topology information collection.

Syntax ntdp hop hop-value

undo ntdp hop

Parameters hop-value Maximum hops for collecting topology information, ranging from 1 to 16. By default, the value is 3.

Example Set the hop count for topology information collection to 5.

<aaa_0.S4200G> system-viewSystem View: return to User View with Ctrl+Z.[aaa_0.S4200G] ntdp hop 5


■ System view

Description With the ntdp hop command, you can specify to collect the topology information of the devices within a specified range to avoid infinitive collection. The limit is performed by controlling the permitted hops from collection origination. For example, if you set the hop number limit to 2, only the switches less than 2 hops away from the switch starting the topology collection are collected.

This command is only applicable to the topology-collecting device. A broader collection scope requires more memory of the topology-collecting device.

3Com Switch 4200G Family ntdp timer ● 485 Command Reference

ntdp timer

Purpose Use the ntdp timer command to configure the interval to collect topology information.

Use the undo ntdp timer command to restore the default topology collection interval.

Syntax ntdp timer interval-in- minutes

undo ntdp timer

Parameters Interval-in-minutes Interval (in minutes) to collect topology information, ranging from 0 to 65,535. This argument defaults to 0, which specifies not to collect topology information.

Example Set the interval to collect topology information to 30 minutes.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ntdp timer 30


■ System view

Description A switch collects topology information once in each period set by the ntdp timer command.

486 ● ntdp timer hop-delay 3Com Switch 4200G Family Command Reference

ntdp timer hop-delay

Purpose Use the ntdp timer hop-delay command to set the delay time for a switch to forward topology-collection request packets.

Use the undo ntdp timer hop-delay command to restore the default delay value.

Syntax ntdp timer hop-delay time

undo ntdp timer hop-delay

Parameters time Delay time (in milliseconds) for a switch to forward topology-collection request packets. This argument ranges from 1 to 1,000 and defaults to 200.

Example Set the delay time for the switch to forward topology-collection request packets through the first port to 300 ms.

<aaa_0.S4200G> system-viewSystem View: return to User View with Ctrl+Z.[aaa_0.S4200G] ntdp timer hop-delay 300


■ System view

Description To avoid network congestion caused by large amount of topology response packets received in short periods, a switch delays for specific period before it forwards a received topology-collection request packet through its first ports. You can use the ntdp timer hop-delay command to set the delay time.

These two commands are intended for switches that collect topology information. They actually set the hop-delay value for topology-collection request packets sent by these switches. The hop-delay value determines the delay time for a switch receiving topology-collection request packets to forward them through its first port.

3Com Switch 4200G Family ntdp timer port-delay ● 487 Command Reference

ntdp timer port-delay

Purpose Use the ntdp timer port-delay command to set the delay time for a switch to forward a received topology-collection request packet through its successive ports.

Use the undo ntdp timer port-delay command to restore the default delay time.

Syntax ntdp timer port-delay time

undo ntdp timer port-delay

Parameters time Delay time (in milliseconds) for a switch to forward a topology-collection request packet through its successive ports. This argument ranges from 1 to 100 and defaults to 20.

Example Set the delay time for the switch to forward topology-collection request packets through the successive ports to 40 ms.

<aaa_0.S4200G> system-viewSystem View: return to User View with Ctrl+Z.[aaa_0.S4200G] ntdp timer port-delay 40


■ System view

Description Use the ntdp timer port-delay command to set the delay time for a switch to forward a received topology-collection request packet through its successive ports. A switch forwards received topology request packets to all its ports in turn. After forwarding a received topology-collection request packet through one port, the switch delays for specific period before it forwards the packet through the next port.

To avoid network congestion caused by large amount of topology response packets received in short periods, a switch delays for specific period before it forwards a received topology-collection request packet through the next port. You can use the ntdp timer port-delay command to set the delay time.

These two commands are intended for switches that collect topology information. They actually set the port-delay value for topology-collection request packets sent by these switches. The port-delay value determines the delay time for a switch receiving topology-collection request packets to forward them through the next port.

488 ● ntp-service access 3Com Switch 4200G Family Command Reference

ntp-service access

Purpose Use the ntp-service access command to set the authority to access the local equipment.

Use the undo ntp-service access command to cancel the access authority settings.

Syntax ntp-service access { peer | server | synchronization | query } acl-number

undo ntp-service access { peer | server | synchronization | query }

Parameters peer Allows time request and query on the local NTP server. The local clock can also be synchronized to the remote server.

server Allows time request and query on the local NTP server. The local clock cannot be synchronized to the remote server.

synchronization Allows only time request on the local NTP server.

query Allows only query on the local NTP server.

acl-number Basic access control list (ACL) number, in the range of 2000 to 2999.

Default By default, the access permission to the local NTP server is peer.

Example Configure the access permission of the peer defined in ACL 2076 to be peer.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z. [S4200G] ntp-service access peer 2076

Configure the access permission of the peer defined in ACL 2028 to be server.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z. [S4200G] ntp-service access server 2028


■ System view

Description Configuring access control permission to the NTP server only provides a least security measure. Performing authentication is a more reliable way to improve security.

A received access is matched in this order: peer, server, synchronization, and query.

3Com Switch 4200G Family ntp-service access ● 489 Command Reference

490 ● ntp-service authentication enable 3Com Switch 4200G Family Command Reference

ntp-service authentication enable

Purpose Use the ntp-service authentication enable command to enable the NTP-service authentication function.

Use the undo ntp-service authentication enable command to disable this function.

Syntax ntp-service authentication enable

undo ntp-service authentication enable

Parameters None

Default By default, the authentication is disabled.

Example Enable NTP authentication function.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z. [S4200G] ntp-service authentication enable


■ System view

3Com Switch 4200G Family ntp-service authentication-keyid ● 491 Command Reference

ntp-service authentication-keyid

Purpose Use the ntp-service authentication-keyid command to configure an NTP authentication key.

Use the undo ntp-service authentication-keyid command to remove an NTP authentication key.

Syntax ntp-service authentication-keyid keyid authentication-mode md5 value

undo ntp-service authentication-keyid keyid

Parameters keyid Authentication key ID, in the range of 1 to 4294967295.

value Authentication key, a string comprising 1 to 32 characters. Up to 1024 keys can be configured.

Default By default, no NTP authentication key is configured.

For the encryption algorithm, only message digest 5 (MD5) is currently supported.

Example Configure an MD5 authentication key, with the key ID being 10 and the key being BetterKey.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z. [S4200G] ntp-service authentication-keyid 10 authentication-mode md5 BetterKey


■ System view

492 ● ntp-service broadcast-client 3Com Switch 4200G Family Command Reference

ntp-service broadcast-client

Purpose Use the ntp-service broadcast-client command to configure an Ethernet switch to operate in NTP broadcast client mode.

Use the undo ntp-service broadcast-client command to disable the NTP broadcast client mode.

Syntax ntp-service broadcast-client

undo ntp-service broadcast-client

Parameters None

Default By default, the NTP broadcast client mode is disabled.

Example Configure to receive NTP broadcast packets via Vlan-Interface1.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z. [S4200G] interface vlan-interface1[S4200G-Vlan-Interface1] ntp-service broadcast-client



Description Designate an interface on the local Switch to receive NTP broadcast messages and operate in broadcast client mode. The local Switch listens to the broadcast from the server. When it receives the first broadcast packet, it starts a brief client/server mode to switch messages with a remote server for estimating the network delay. Thereafter, the local Switch enters broadcast client mode and continues listening to the broadcast and synchronizes the local clock according to the arrived broadcast message.

3Com Switch 4200G Family ntp-service broadcast-server ● 493 Command Reference

ntp-service broadcast-server

Purpose Use the ntp-service broadcast-server command to configure NTP broadcast server mode.

Use the undo ntp-service broadcast-server command to disable the NTP broadcast server mode.

Syntax ntp-service broadcast-server [ authentication-keyid keyid ] [ version number ]

undo ntp-service broadcast-server

Parameters authentication-keyid Specifies the authentication key.

keyid Specifies the Key ID used in broadcast. Valid values are 1 to 4294967295.

version Defines the NTP version.

number Defines the NTP version number. Valid values are 1 to 3. If not specified, the default is 3.

Default By default, the broadcast service is disabled.

Example Configure to send NTP broadcast packets through VLAN interface 1, using the key numbered 4 for encryption and setting the NTP version number to 3.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z. [S4200G] interface vlan-interface1[S4200G-Vlan-Interface1] ntp-service broadcast-server authentication-key 4 version 3



Description Designate an interface on the local equipment to broadcast NTP packets. The local equipment runs in broadcast-server mode and regularly broadcasts packets to its clients.

494 ● ntp-service in-interface disable 3Com Switch 4200G Family Command Reference

ntp-service in-interface disable

Purpose Use the ntp-service in-interface disable command to disable an interface to receive NTP message.

Use the undo ntp-service in-interface disable command to enable an interface to receive NTP message.

Syntax ntp-service in-interface disable

undo ntp-service in-interface disable

Parameters None

Default By default, an interface is enabled to receive NTP message.

Example Disable Vlan-Interface1 to receive NTP message.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z. [S4200G] interface vlan-interface1[S4200G-Vlan-Interface1] ntp-service in-interface disable



3Com Switch 4200G Family ntp-service max-dynamic sessions ● 495 Command Reference

ntp-service max-dynamic sessions

Purpose Use the ntp-service max-dynamic-sessions command to set how many sessions can be created locally.

Use the undo ntp-service max-dynamic-sessions command to resume the default maximum session number

Syntax ntp-service max-dynamic-sessions number

undo ntp-service max-dynamic-sessions

Parameters number The maximum of the NTP sessions that can be created locally. Valid values are 0 to 100. If not specified, the default is 100.

Example Set the local equipment to allow up to 50 sessions.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z. [S4200G] ntp-service max-dynamic-sessions 50


■ System view

496 ● ntp-service multicast-client 3Com Switch 4200G Family Command Reference

ntp-service multicast-client

Purpose Use the ntp-service multicast-client command to configure an Ethernet switch to operate in NTP multicast client mode.

Use the undo ntp-service multicast-client command to disable the NTP multicast client mode.

Syntax ntp-service multicast-client [ ip-address ]

undo ntp-service multicast-client [ ip-address ]

Parameters ip-address Multicast IP address. If not specified, it defaults to 224.0.1.1.

Default By default, the multicast client service is disabled.

Example Configure to receive NTP multicast packets through VLAN interface 1, with the corresponding multicast group address being 224.0.1.1.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z. [S4200G] interface vlan-interface 1[S4200G-Vlan-Interface1] ntp-service multicast-client 224.0.1.1



Description Designate an interface on the local Switch to receive NTP multicast messages and operate in multicast client mode. The local Switch listens to the multicast from the server. When it receives the first multicast packet, it starts a brief client/server mode to switch messages with a remote server for estimating the network delay. Thereafter, the local Switch enters multicast client mode and continues listening to the multicast and synchronizes the local clock according to the arrived multicast message.

3Com Switch 4200G Family ntp-service multicast-server ● 497 Command Reference

ntp-service multicast-server

Purpose Use the ntp-service multicast-server command to configure an Ethernet switch to operate in NTP multicast server mode.

Use the undo ntp-service multicast-server command to disable NTP multicast server mode.

Syntax ntp-service multicast-server [ ip-address ] [ authentication-keyid keyid ] [ ttl ttl-number ] [ version number ]*

undo ntp-service multicast-server [ ip-address ]

Parameters ip-address Multicast IP address, which defaults to 224.0.1.1.

authentication-keyid Specifies authentication key.

keyid Specifies Key ID used in multicast. Valid values are 1 to 4294967295.

ttl Defines the time to live of a multicast packet.

ttl-number Specifies the ttl of a multicast packet. Valid values are 1 to 255 and defaults to 16.

version Defines the NTP version.

number Specifies the NTP version number. Valid values are 1 to 3. If not specified, the default is 3.

Default By default, an Ethernet switch does not operate in multicast server mode.

Example Configure to send NTP multicast packets through VLAN interface 1, with the multicast group address being 224.0.1.1, the key numbered 4 used for encryption, and the NTP version number set to 3.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z. [S4200G] interface vlan-interface 1[S4200G-Vlan-Interface1]ntp-service multicast-server 224.0.1.1 authentication-keyid 4 version 3



Description Designate an interface on the local equipment to transmit NTP multicast packet. The local equipment operates in multicast-server mode and multicasts packets regularly to its clients.

498 ● ntp-service reliable authentication-keyid 3Com Switch 4200G Family Command Reference

ntp-service reliable authentication-keyid

Purpose Use the ntp-service reliable authentication-keyid command to specify an authentication key to be a trusted key.

Use the undo ntp-service reliable authentication-keyid command to cancel the configuration.

Syntax ntp-service reliable authentication-keyid key-id undo ntp-service reliable authentication-keyid key-id

Parameters key-id Authentication key ID. Valid values are 1 to 4294967295.

Default By default, an authentication key is not a trusted key.

Example Enable NTP authentication, with MD5 algorithm adopted, key ID being 37, the key of BetterKey and being a trusted key.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z. [S4200G] ntp-service authentication enable[S4200G] ntp-service authentication-keyid 37 authentication-mode md5 BetterKey [S4200G] ntp-service reliable authentication-keyid 37


■ System view

Description If authentication is enabled, a client can only be synchronized to a server that can provide a trusted key.

3Com Switch 4200G Family ntp-service source-interface ● 499 Command Reference

ntp-service source-interface

Purpose Use the ntp-service source-interface command to designate an interface to transmit NTP message.

Use the undo ntp-service source-interface command to cancel the current setting.

Syntax ntp-service source-interface { interface-name | interface-type interface-number }

undo ntp-service source-interface

Parameters vlan-interface VLAN interface through which NTP packets are to be sent.

Example Specify the source IP addresses of all the NTP packets sent to be the IP address of VLAN interface 1.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z. [S4200G] ntp-service source-interface Vlan-Interface 1


■ System view

Description The source address specifies where the packets are transmitted from.

You can use this command to designate an interface to transmit all the NTP packets and take the source address of these packets from its IP address. If you do not want any other interface to receive the acknowledgement packets, use this command to specify one interface to send all the NTP packets.

500 ● ntp-service unicast-peer 3Com Switch 4200G Family Command Reference

ntp-service unicast-peer

Purpose Use the ntp-service unicast-peer command to be an active NTP peer.

Use the undo ntp-service unicast-peer command to cancel NTP peer mode.

Syntax ntp-service unicast-peer { remote-ip | string } [ authentication-keyid key-id | priority | source-interface Vlan-interface vlan-interface-number | version number ]

undo ntp-service unicast-peer { remote-ip | string }

Parameters remote-ip IP address of the peer. This argument can only be a host address instead of a broadcast address, a multicast address or the IP address of a reference clock.

string Peer name, a string comprising 1 to 20 characters.

version number Defines the NTP version number. Valid values are 1 to 3. If not specified, the default is 3.

authentication-keyid Defines authentication key. By default, the authentication is not enabled.

keyid Defines the key ID used for transmitting messages to a remote server. Valid values are 1 to 4294967295.

source-interface Vlan-interface Specifies an interface whose IP address is to be

used as the IP addresses of the NTP packets sent to the peer.

vlan-interface-number Number of the VLAN interface.

priority Specified the peer identified by the remote-ip argument to be the preferred peer for synchronization. By default, a peer is not a preferred peer.

Default By default, an Ethernet switch is not an active NTP peer.

Example Configure the switch to obtain time information from the peer with the IP of 128.108.22.44. The local peer can also provide time information to the remote peer. Set the NTP version number to 3. The source IP addresses of NTP packets sent are that of VLAN interface 1.


3Com Switch 4200G Family ntp-service unicast-peer ● 501 Command Reference

[S4200G] ntp-service unicast-peer 128.108.22.44 version 3 source-interface Vlan-Interface 1


■ System view

Description This command sets the remote server at ip-address as a peer of the local equipment, which operates in symmetric active mode. ip-address specifies a host address other than an IP address of broadcast, multicast, or reference clock. By operating in this mode, a local device can synchronize and be synchronized by a remote server.

Note:

If you specify a remote server to be the peer of the local Ethernet switch by providing the remote-ip argument in the ntp-service unicast-peer command, the local switch operates in the active peer mode. In this case, the local switch and the remote server can be synchronized to each other.

502 ● ntp-service unicast-server 3Com Switch 4200G Family Command Reference

ntp-service unicast-server

Purpose Use the ntp-service unicast-server command to configure an Ethernet switch to operate in NTP server mode.

Use the undo ntp-service unicast-server command to disable NTP server mode.

Syntax ntp-service unicast-server { remote-ip | string } [ authentication-keyid key-id | priority | source-interface Vlan- interface vlaninterface-number | version number ]

undo ntp-service unicast-server { remote-ip | string }

Parameters remote-ip IP address of an NTP server. This argument can only be a host address instead of a broadcast address, multicast group address or the IP address of a reference clock.

string Peer host name, a string comprising 1 to 20 characters.

number Defines the NTP version number. Valid values are 1 to 3. If not specified, the default is 3.

authentication-keyid Specifies the key ID used when sending messages to the NTP server

keyid The key-id argument ranges from 1 to 4294967295. By default, the authentication is enabled.

priority Specifies the server identified by the remote-ip argument is the preferred server. By default, a server is not preferred.

source-interface Specifies an interface whose IP address is to be used as the source IP addresses of the NTP packets sent by the local device to the server.

vlan-interface-number Interface number.

version Specifies the NTP version.

number The version number argument ranges from 1 to 3 and defaults to 3.

Default By default, an Ethernet switch does not operate in NTP server mode.

Example Configure the local device to be synchronized to the NTP server using the IP address of 128.108.22.44, with the version number set to 3.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z. [S4200G] ntp-service unicast-server 128.108.22.44 version 3

3Com Switch 4200G Family ntp-service unicast-server ● 503 Command Reference


■ System view

Description An Ethernet can operate as a client and be synchronized to the remote NTP server identified by the remote-ip argument. Note that an NTP server will not be synchronized to the local switch.

504 ● open 3Com Switch 4200G Family Command Reference

open

Purpose Use the open command to establish a control connection with an FTP server.

Syntax open { ip-address | server-name } [ port ]

Parameters ip-address IP address of an FTP server

server-name Host name of the FTP server, a string comprising 1 to 20 characters

port Port number on the remote FTP server, ranging from 0 to 65535. The default value is 21.



Establish a control connection with the FTP server whose IP address is 1.1.1.1.

[ftp]open 1.1.1.1Trying ...Press CTRL+K to abortConnected.220-220 WFTPD 2.0 service (by Texas Imperial Software) ready for new userUser(none):abc331 Give me your password, pleasePassword:230 Logged in successfully


■ FTP Client view

Related Command close

3Com Switch 4200G Family packet-filter ● 505 Command Reference

packet-filter

Purpose Use the packet-filter command to define the packet filter function in the QoS profile.

Use the undo packet-filter command to disable the definition of the packet filter function in the QoS profile.

Syntax packet-filter inbound acl-rule

undo packet-filter inbound acl-rule

Parameters inbound Indicates that filter is performed on the packets received on the port.

acl-rule Specifies the issued ACL rules which can be the combination of various ACL rules. The way of combination is described in the following table:

Example To add the packet filter function in the QoS profile named h3c to filter the received packets matching with ACL 4000 rules, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] qos-profile h3c[S4200G-qos-profile-h3c] packet-filter inbound link-group 4000


■ QoS Profile view

Table 86 The ways of issuing combined ACLs

The way of combination The form of acl-rule

Issue all the rules in an IP ACL separately ip-group acl-number

Issue a rule in an IP ACL separately ip-group acl-number rule rule

Issue all the rules in a Link ACL separately link-group acl-number

Issue a rule in a Link ACL separately link-group acl-number rule rule

Issue a rule in an IP ACL and a rule in a Link ACL at the same time

ip-group acl-number rule rule link-group acl-number rule rule

506 ● packet-filter 3Com Switch 4200G Family Command Reference

packet-filter

Purpose Use the packet-filter command to apply ACL rules on the port to filter packets.

Use the undo packet-filter command to remove the ACL rules applied on the port.

Syntax packet-filter inbound acl-rule

undo packet-filter inbound acl-rule

Parameters inbound Applied ACL rules, which can be the combination of different types of ACL

acl-rule The following table describes the ACL combinations.

Example Apply ACL 2100 on GigabitEthernet 1/0/1 to filter packets.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface gigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] packet-filter inbound ip-group 2000



Table 87 Combined Application of ACLs

Combination mode Form of acl-rule

Apply all rules in an IP type ACL separately ip-group acl-number

Apply one rule in an IP type ACL separately ip-group acl-number rule rule

Apply all rules in a Link type ACL separately link-group acl-number

Apply one rule in a Link type ACL separately link-group acl-number rule rule

Apply one rule in an IP type ACL and one rule in a Link type ACL simultaneously


3Com Switch 4200G Family parity ● 507 Command Reference

parity

Purpose Use the parity command to set the check mode of the user interface.

Use the undo parity command to revert to the default check mode.

Syntax parity { even | mark | none | odd | space }

undo parity

Parameters even Performs even checks.

mark Performs mark checks.

none Does not check.

odd Performs odd checks.

space Performs space checks.

Default By default, no check is performed.

Example Set to perform mark checks.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] user-interface aux0[S4200G-ui-aux0] parity mark



Description The parity and undo parity commands can only be used in AUX User Interface view.

508 ● passive 3Com Switch 4200G Family Command Reference

passive

Purpose Use the passive command to set the data transmission mode to be passive mode.

Use the undo passive command to set the data transmission mode to be active mode.

Syntax passive

undo passive

Parameters None

Default By default, the data transmission mode is passive mode

Example Set the data transmission to passive mode.

<S4200G> ftp 2.2.2.2 Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(none):switch 331 Give me your password, please Password:***** 230 Logged in successfully [ftp] passive% Passive is on


■ FTP Client view

3Com Switch 4200G Family password ● 509 Command Reference

password

Purpose Use the password command to configure or change the system login password for a user.

Syntax password

Parameters None.

Example Configure the system login password for the user test to 9876543210.

S4200G<S4200G> system-viewSystem View: return to User View with Ctrl+Z.S4200G[S4200G] local-user test New local user added.[S4200G-luser-test] passwordPassword:**********confirm:**********

Change the system login password for the user test to 0123456789.

[S4200G-luser-test]passwordPassword:**********Confirm :**********Updating the password file ,please wait ...


n Local User view

510 ● password 3Com Switch 4200G Family Command Reference

password

Purpose Use the password command to set a password for the local users.

Use the undo password command to cancel the specified password display mode.

Syntax password { simple | cipher } password

undo password

Parameters simple Specifies to display passwords in simple text.

cipher Specifies to display passwords in cipher text

password ■ For simple mode, the password must be in plain text. A password in plain text can be a string with no more than 63 consecutive characters, for example, aabbcc.

■ For cipher mode, the password can be either in cipher text or in plain text, which it is depends on your input. A password in cipher text can be a string with 1 to 63 characters, or 88 characters, for example, _(TT8F]Y\5SQ=^Q`MAF4<1!!.

Example To set the password of user1 to 20030422 and to specify that the password be displayed in plain text, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] local-user user1 New local user added.[S4200G-luser-user1] password simple 20030422 22


■ Local User View

Description After the local-user password-display-mode cipher-force command is executed, the password will be displayed in cipher text even though you use the password command to set the display mode of the password to simple.

Related Command display local-user

3Com Switch 4200G Family peer-public-key end ● 511 Command Reference

peer-public-key end

Purpose Use the peer-public-key end command to return to system view from public key view.

Syntax peer-public-key end

Parameters None

Example Exit from public key view.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] rsa peer-public-key S4200G003[S4200G-rsa-public-key] peer-public-key end[S4200G]


■ Public Key view

Related Commands ■ public-key-code begin

■ rsa peer-public-key

512 ● ping 3Com Switch 4200G Family Command Reference

ping

Purpose Use the ping command to check the IP network connection and the reachability of the host.

Syntax ping [ -a ip-address ] [-c count ] [ -d ] [ -f ] [ -h ttl ] [ -i [ null null-interface-number ] | [ Vlan-interface vlan-interface-number ] ] [ ip ] [ -n ] [ - p pattern ] [ -q ] [ -r ] [ -s packetsize ] [ -t timeout ] [ -tos tos ] [ -v ] host

Parameters -a ip-address Specifies the source IP address to transmit ICMP ECHO-REQUEST.

-c: count Specifies how many times the ICMP ECHO-REQUEST packet will be transmitted, ranging from 1 to 4294967295.

-d Configures the socket to be in DEBUGGING mode. By default, it is non-DEBUGGING mode.

-f Specifies to discard a packet directly instead of fragmenting it if its length is greater than the MTU (maximum transmission unit) of the interface.

-h ttl Configures TTL value for echo requests to be sent, range from 1 to 255. By default, the TTL value is 255.

-i Selects the port to send the packets.null-interface- number Null interface number.

vlan-interface- number VLAN interface number. interface-name Specifies the interface name.

ip Chooses IP ICMP packet.

-n Specifies to regard the host argument as an IP address without performing domain name resolution. By default, the host argument is first regarded as an IP address. If it is not an IP address, domain name resolution is performed.

-p Pattern - Specifies the padding byte pattern of the ICMP ECHO-REQUEST packets. The pattern argument is a byte in hexadecimal. For example, -p ff fills a packet with only ff. By default, the system fills a packet with 0x01, 0x02, and so on, until 0x09; then it repeats this procedure from 0x01 again.

-q Specifies to display only the statistics and not to display the details. By default, all the information including the details and statistics will be displayed.

-r Specifies to record the routes. By default, the system does not record any routes.

3Com Switch 4200G Family ping ● 513 Command Reference

-s packetsize Specifies the size (in bytes) of each ICMP ECHO-REQUEST packet (excluding the IP and ICMP headers). The packetsize argument ranges from 20 to 32,000 and defaults to 56 bytes.

-t timeout Sets the timeout time (in ms) waiting for an ICMP ECHO-REPLY packet after an ICMP ECHO-REQUEST packet is sent. The timeout argument ranges from 0 to 65535 and defaults to 2,000 ms.

-tos tos Sets the ToS value of the ICMP ECHO-REQUEST packets in the range of 0 to 255. By default, this value is 0.

-v Specifies to display other ICMP packets received (that is, non-ECHO-REPLY packets) as well as the ECHO-REPLY packets. By default, except for the ECHO-REPLY packets, other ICMP packets are not displayed.

host Destination host domain name or IP address.

Default By default, when the parameters are not specified:

■ the ECHO-REQUEST message will be sent for 5 times

■ socket is not in DEBUGGING mode

■ the TTL value for echo requests is 255

■ host will be treated as IP address first. If it is not an IP address, perform domain name resolution

■ the default padding operation starts from 0x01 and ends on 0x09 (progressively), then performs again,

■ show all the information including statistics

■ routes are not recorded

■ send ECHO-REQUEST according to route selection

■ default length of ECHO-REQUEST is 56 bytes

■ default timeout of ECHO-RESPONSE is 2000 ms

■ do not display other ICMP packets (non ECHO-RESPONSE)

■ the TOS value of echo requests is 0

Example Check whether the host 202.38.160.244 is reachable.

<S4200G>ping 202.38.160.244ping 202.38.160.244 : 56 data bytesReply from 202.38.160.244 : bytes=56 sequence=1 ttl=255 time = 1msReply from 202.38.160.244 : bytes=56 sequence=2 ttl=255 time = 2msReply from 202.38.160.244 : bytes=56 sequence=3 ttl=255 time = 1msReply from 202.38.160.244 : bytes=56 sequence=4 ttl=255 time = 3msReply from 202.38.160.244 : bytes=56 sequence=5 ttl=255 time = 2ms--202.38.160.244 ping statistics--5 packets transmitted5 packets received

514 ● ping 3Com Switch 4200G Family Command Reference

0% packet lossround-trip min/avg/max = 1/2/3 ms


■ Any view

Description By default, when the parameters are not specified:

■ the ECHO-REQUEST message will be sent for 5 times

■ socket is not in DEBUGGING mode

■ the TTL value for echo requests is 255

■ host will be treated as IP address first. If it is not an IP address, perform domain name resolution

■ the default padding operation starts from 0x01 and ends on 0x09 (progressively), then performs again,

■ show all the information including statistics

■ routes are not recorded

■ send ECHO-REQUEST according to route selection

■ default length of ECHO-REQUEST is 56 bytes

■ default timeout of ECHO-RESPONSE is 2000 ms

■ do not display other ICMP packets (non ECHO-RESPONSE)

■ the TOS value of echo requests is 0

Description The executing procedure of the ping command is as follows: First, the source host sends an ICMP ECHO-REQUEST packet to the destination host. If the connection to the destination network is normal, the destination host receives this packet and responds with an ICMP ECHO-REPLY packet.

You can use the ping command to check the network connectivity and the quality of a network line. This command can output the following information:

■ Response status of the destination to each ICMP ECHO-REQUEST packet. If no response packet is received within the timeout time, including the number of bytes, packet sequence number, TTL and response time of the response packet. If no response packet is received within the timeout time, the message "Request time out" is displayed instead.

■ Final statistics, including the numbers of sent packets and received response packets, the irresponsive packet percentage, and the minimum, average and maximum values of response time.

You can set a relatively long timeout time waiting for response packet if the network transmission is slow.

Related Command tracert

3Com Switch 4200G Family port ● 515 Command Reference

port

Purpose Using the port command, you can add one port or one group of ports to a VLAN.

Using the undo port command, you can cancel one port or one group of ports from a VLAN.

Syntax port interface-list

undo port interface-list

Parameters interface-list List of Ethernet ports to be added to or deleted from a certain VLAN, expressed as interface-list = { interface-type interface-num [ to interface-type interface-num ] }&<1-10>.

■ interface-type is the port type.

■ interface-num is the port number

■ to is the keyword that specifies a group of successive ports. The port number to the right of the to keyword must be larger than or equal to the one to the left of the keyword.

&<1-10> Represents the repeatable times of parameters. A value of 1 is the minimum and 10 is the maximum.

CAUTION: The port command is only applicable to access ports. To add trunk ports and hybrid ports to a VLAN, use the port trunk permit vlan and port hybrid vlan commands in Ethernet port view.

Default By default, all the ports belong to the default VLAN.

Example Add GigabitEthernet1/0/1 through GigabitEthernet1/0/4 ports to VLAN 2.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] vlan 2[S4200G-vlan2] port GigabitEthernet1/0/1 to GigabitEthernet1/0/4


■ VLAN view

516 ● port access vlan 3Com Switch 4200G Family Command Reference

port access vlan

Purpose Use the port access vlan command to assign the access port to a specified VLAN.

Use the undo port access vlan command to remove the access port from the specified VLAN.

Syntax port access vlan vlan_id

undo port access vlan

Parameters vlan_id Specifies a VLAN ID. Valid values are 1 to 4094. (You must specify the ID of an existing VLAN.)

Example Add the GigabitEthernet port 1/0/1 to VLAN3.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]vlan 3[S4200G-vlan3]quit[S4200G]interface GigabitEthernet 1/0/1[S4200G-GigabitEthernet1/0/1]port access vlan 3



3Com Switch 4200G Family port hybrid pvid vlan ● 517 Command Reference

port hybrid pvid vlan

Purpose Use the port hybrid pvid vlan command to configure the default VLAN ID of the hybrid port.

Use the undo port hybrid pvid command to restore the default VLAN ID of the hybrid port.

Syntax port hybrid pvid vlan vlan_id

undo port hybrid pvid

Parameters vlan_id Specifies a VLAN ID. Valid values are 1 to 4094. If not specified, the default value is 1.

Default To guarantee the proper packet transmission, the default VLAN ID of the local hybrid port should be identical with that of the hybrid port on the peer switch.

Example Set the default VLAN ID for the GigabitEthernet1/0/1 hybrid port as 100.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]interface GigabitEthernet 1/0/1[S4200G-GigabitEthernet1/0/1]port hybrid pvid vlan 100



Related Command port link-type

518 ● port hybrid vlan 3Com Switch 4200G Family Command Reference

port hybrid vlan

Purpose Use the port hybrid vlan command to add the port to the specified VLAN(s). The port needs to have been made a hybrid port before you can do this. See the related command below.

Use the undo port hybrid vlan command to remove the port from the specified VLAN(s).

Syntax port hybrid vlan vlan-id-list { tagged | untagged }

undo port hybrid vlan vlan-id-list

Parameters vlan-id-list vlan-id-list = [ vlan-id1 [ to vlan-id2 ] ]&<1-10>, specifies the VLAN range to which the hybrid ports are added. vlan-id is in the range of 1 to 4094 and can be discrete. &<1-10> means you can enter the parameter for ten times, at most.

You can enter up to ten vlan_id parameters in one port hybrid vlan command.

tagged Specifies to tag the port for the specified VLAN.

untagged Specifies to leave the port untagged for the specified VLAN.

Example Add the GigabitEthernet1/0/1 hybrid port to VLAN 2, VLAN 5 and VLAN 50 through VLAN 100, with tags assigned to their packets.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]interface GigabitEthernet 1/0/1[S4200G-GigabitEthernet1/0/1]port hybrid vlan 2 4 50 to 100 tagged



Description A hybrid port can belong to multiple VLANs. A port can only be added to a VLAN if the VLAN has already been created. When you use the command several times, all VLANs specified in the commands will be allowed to pass the port.


3Com Switch 4200G Family port isolate ● 519 Command Reference

port isolate

Purpose Use the port isolate command to add an Ethernet port to the isolation group.

Use the undo port isolate command to remove an Ethernet port from an isolation group.

Syntax port isolate

undo port isolate

Parameters None

Default By default, a port is not in an isolation group, namely Layer 2 forwarding is achievable between this port and other ports.

Example Add GigabitEthernet1/0/1 port to the isolation group.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] port isolate

Remove GigabitEthernet1/0/1 port from the isolation group.

[S4200G-GigabitEthernet1/0/1] undo port isolate



520 ● port link-aggregation group 3Com Switch 4200G Family Command Reference

port link-aggregation group

Purpose Use the port link-aggregation group agg_id command to add an Ethernet port to a manual or static aggregation group.

Use the undo port link-aggregation group command to delete an Ethernet port from a manual or static aggregation group

Syntax port link-aggregation group agg-id

undo port link-aggregation group


Example Add the port GigabitEthernet 1/0/1 to aggregation group 22.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] port link-aggregation group 22




3Com Switch 4200G Family port link-type ● 521 Command Reference

port link-type

Purpose Use the port link-type command to configure the link type of the Ethernet port.

Use the undo port link-type command to restore the default link type, that is, access.

Syntax port link-type { access | hybrid | trunk }

undo port link-type

Parameters access Specifies to configure the port as an access port.

hybrid Specifies to configure the port as a hybrid port

trunk Specifies to configure the port as a trunk port.

Default By default, the link type for all ports is access.

Example To configure the Ethernet port Ethernet1/0/1 as a trunk port, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]interface GigabitEthernet 1/0/1[S4200G-Ethernet1/0/1]port link-type trunk



Description You can configure the three types of ports on the same device. However, note that you cannot directly switch a port between trunk and hybrid and you must set the port as access before the switching. For example, to change a trunk port to hybrid, you must first set it as access and then hybrid.

522 ● port-security enable 3Com Switch 4200G Family Command Reference

port-security enable

Purpose Use the port-security enable command to enable port security.

Use the undo port-security enable command to disable port security.

Syntax port-security enable

undo port-security enable

Parameters None

Default By default, port security is disabled.



Enable port security.

[S4200G] port-security enableNotice: the port-control of 802.1x will be restricted to auto when port-security enabled. Please wait... Done.


■ System view

Description CAUTION: To avoid confliction, the following limitation on the 802.1x and the MAC address authentication will be taken after port security is enabled:

■ The access control mode (set by the dot1x port-control command) automatically changes to auto.

■ The dot1x port-method command can be successfully executed only when no user is online.

■ The dot1x, dot1x port-method, dot1x port-control and mac-authentication commands cannot be used.

3Com Switch 4200G Family port-security intrusion-mode ● 523 Command Reference

port-security intrusion-mode

Purpose Use the port-security intrusion-mode command to set the action mode of the Intrusion Protection feature.

Use the undo port-security intrusion-mode command to cancel the set action mode.

Syntax port-security intrusion-mode { disableport | disableport-temporarily | blockmac }

undo port-security intrusion-mode

Parameters disableport Represents permanently disabling the port and sending trap message.

disableport-temporarily Represents temporarily disabling the port, re-enabling the port after a prescribed period, and sending trap message.

blockmac Represents discarding the packets with illegal source MAC addresses, and sending trap messages.

Default By default, no security mode is configured.





Enter GigabitEthernet1/0/1 port view.

[[S4200G] interface GigabitEthernet1/0/1

Set the action mode of the Intrusion Protection feature on GigabitEthernet1/0/1 port to disableport.

[S4200G-GigabitEthernet1/0/1] port-security intrusion-mode disableport



Description In the disableport-temporarily mode, users can configure a temporary port by disconnecting time with the port-security timer disableport command.

524 ● port-security intrusion-mode 3Com Switch 4200G Family Command Reference

By way of checking the source MAC addresses of the data frames received on a port, the Intrusion Protection feature discovers illegal packets and takes appropriate action (temporarily/permanently disabling the port, or filtering out the packets with these source MAC addresses) to guarantees the security on the port.

The illegal packets include:

■ Packets with unknown source MAC addresses received when MAC address learning is disabled on the port

■ Packets with unknown source MAC addresses received when the number of MAC addresses on the port has reached the set maximum number of MAC addresses allowed to access the port.

■ Packets received from users who fail the authentication.

The action mode of the Intrusion Protection feature can be set to disableport, disableport-temporarily or blockmac. For the disableport-temporarily mode, you can set the time during which the system temporarily disables a port by using the port-security timer disableport command.

Related Command port-security timer disableport

3Com Switch 4200G Family port-security max-mac-count ● 525 Command Reference

port-security max-mac-count

Purpose Use the port-security max-mac-count command to set the maximum number of MAC addresses allowed to access the port.

Use the undo port-security max-mac-count command to cancel this limit.

Syntax port-security max-mac-count count-value

undo port-security max-mac-count

Parameters count-value Maximum number of MAC addresses. This argument is 0 by default, which represents there is no limit on the number of MAC addresses.

Default By default, there is no limit on the number of MAC addresses allowed to access the port.

Example Enter system view





[S4200G] interface ethernet1/0/1

Set the maximum number of MAC addresses allowed to access the port to 100.

[S4200G-GigabitEthernet1/0/1] port-security max-mac-count 100



Description Use the port-security max-mac-count command to set the maximum number of MAC addresses allowed to access the port. The number is the sum of the following:

■ The MAC address which pass the 802.1x authentication

■ The MAC address which pass the MAC address authentication

■ Security MAC address

CAUTION: The maximum number of MAC addresses set by this command does not include the number of the static MAC address entries set manually.

526 ● port-security max-mac-count 3Com Switch 4200G Family Command Reference

Related Commands ■ port-security enable

■ port-security port-mode

3Com Switch 4200G Family port-security ntk-mode ● 527 Command Reference

port-security ntk-mode

Purpose Use the port-security ntk-mode command to set the packet transmission mode of the Need to Know (NTK) feature.

Use the undo port-security ntk-mode command to cancel the setting.

Syntax port-security ntk-mode { ntkonly | ntk-withbroadcasts | ntk-withmulticasts }

undo port-security ntk-mode

Parameters ntkonly Allows the system to transmit only unicast packets with successfully authenticated destination MAC addresses.

ntk-withbroadcasts Allows the system to transmit the broadcast packets and the unicast packets with successfully authenticated destination MAC addresses.

ntk-withmulticasts Allows the system to transmit the multicast packets, broadcast packets and the unicast packets with successfully authenticated destination MAC addresses.

Default By default, no packet transmission mode of the NTK feature is set on the port.






[S4200G] interface GigabitEthernet1/0/1

Set the packet transmission mode of the NTK feature to ntkonly on the current port.

[S4200G-GigabitEthernet1/0/1] port-security ntk-mode ntkonly



Description By way of checking the destination MAC addresses of the data frames to be sent from a port, this feature ensures that only successfully authenticated devices can

528 ● port-security ntk-mode 3Com Switch 4200G Family Command Reference

obtain data frames from the port so as to prevent illegal devices from filching network data.

The packet transmission mode of the NTK feature can be set to ntkonly, ntk-withbroadcasts or ntk-withmulticasts.

CAUTION: The port-security ntk-mode command and the unknown-multicast drop enable command (which enables the unknown multicast packet drop function), cannot be used together. Or else, the system prompts a failure.

3Com Switch 4200G Family port-security OUI ● 529 Command Reference

port-security OUI

Purpose Use the port-security OUI command to set an OUI value for authentication.

Use the undo port-security OUI command to cancel an OUI value setting.

Syntax port-security OUI OUI-value index index-value

undo port-security OUI index id-value

Parameters OUI-value OUI value. You can input a complete MAC address (in hexadecimal) for this argument and the system will calculate the OUI value from your input.

index-value OUI index. Valid values are 1 to 16.

The organizationally unique identifiers (OUIs) are assigned by IEEE to different equipment providers. Each OUI uniquely identifies an equipment provider in the world and is the higher 24 bits of MAC address.

You need only to input a complete hexadecimal MAC address in this command, and the system will automatically convert the address to binary format and then take the higher 24 bits of the resulting binary data as the OUI value.



Set an OUI value by specifying the MAC address 00ef-ec00-0000, and set the OUI index to five.

[S4200G] port-security oui 00ef-ec00-0000 index 5


■ System view

Description CAUTION: The OUI value set by this command takes effect only when the security mode of the port is set to userlogin-withoui (by the port-security port-mode command).

Related Command port-security port-mode

530 ● port-security port-mode 3Com Switch 4200G Family Command Reference

port-security port-mode

Purpose Use the port-security port-mode command to set the security mode of the port.

Use the undo port-security port-mode command to restore the normal operating mode of the port.

Syntax port-security port-mode mode

undo port-security port-mode

Parameters mode Security mode of the port. See Table 88for the values of this argument.

Default By default, no security mode is set on the port.







Set the security mode on GigabitEthernet1/0/1 port to userlogin.

[S4200G-GigabitEthernet1/0/1] port-security port-mode userlogin



Description Table 88describes the available security modes in details:

3Com Switch 4200G Family port-security port-mode ● 531 Command Reference

Table 88 Description of the port security modes

Security mode Description Feature

autolearn the learned MAC addresses will be changed to Security MAC addresses.

This security mode will automatically change to the secure mode after the system has learned the maximum number of Security MAC from this port, and new Security MAC cannot be added.

The packets whose original MAC addresses are not the current Security MAC addresses cannot pass the port.

In this mode, only the NTK and Intrusion Protection features take effect.

secure In this mode, the system is disabled from learning MAC addresses from this port.

Only the packets whose original MAC addresses are the configured static MAC addresses can pass the port.

userlogin In this mode, port-based 802.1x authentication is performed for connected users.

In this mode, the NTK and Intrusion Protection features do not take effect.

userlogin-secure The port opens only after the access user passes the 802.1x authentication. Even after the port opens, only the packets of the successfully authenticated user can pass through the port.

In this mode, only one 802.1x-authenticated user is allowed to access the port.

When the port changes from the normal mode to this security mode, the system automatically removes the already existing dynamic MAC address entries and authenticated MAC address entries on the port.

In these modes, only the NTK and Intrusion Protection features take effect.

userlogin-withoui This mode is similar to the userlogin-secure mode, except that there can be one OUI-carried MAC address being successfully authenticated in addition to the single 802.1x-authenticated user who is allowed to access the port.

When the port changes from the normal mode to this security mode, the system automatically removes the already existing dynamic/authenticated MAC address entries on the port.

mac-authentication In this mode, MAC address–based authentication is performed for access users.

userlogin-secure-or-mac In this mode, the two kinds of authentication in mac-authentication and userlogin-secure modes can be performed simultaneously. If both kinds of authentication succeed, the userlogin-secure mode takes precedence over the mac-authentication mode.

userlogin-secure-else-mac In this mode, first the MAC-based authentication is performed. If this authentication succeeds, the mac-authentication mode is adopted, or else, the authentication in userlogin-secure mode is performed.

532 ● port-security port-mode 3Com Switch 4200G Family Command Reference

userlogin-secure-ext This mode is similar to the userlogin-secure mode, except that there can be more than one 802.1x-authenticated user on the port.

userlogin-secure-or-mac-ext This mode is similar to the userlogin-secure-or-mac mode, except that there can be more than one 802.1x-authenticated user on the port.

userlogin-secure-else-mac-ext This mode is similar to the userlogin-secure-else-mac mode, except that there can be more than one 802.1x-authenticated user on the port.

Table 88 Description of the port security modes (continued)

Security mode Description Feature

3Com Switch 4200G Family port-security timer disableport ● 533 Command Reference

port-security timer disableport

Purpose Use the port-security timer disableport command to set the time during which the system temporarily disables a port.

Use undo port-security timer disableport command restore the default time.

Syntax port-security timer disableport timer

undo port-security timer disableport

Parameters timer Valid values for this argument are 20 to 300. If not specified, the default is 20 seconds.

Example Set the time during which the system temporarily disables a port to 50 seconds.

<S4200G> system-view[S4200G] port-security timer disableport 50


■ System view

Description The time set by the port-security timer disableport command takes effect when the disableport-temporarily mode is set by the port-security intrusion-mode command.

534 ● port-security trap 3Com Switch 4200G Family Command Reference

port-security trap

Purpose Use the port-security trap command to enable the sending of the specified type(s) of trap messages.

Use the undo port-security trap command to disable the sending of the specified type(s) of trap messages.

Syntax port-security trap { addresslearned | intrusion | dot1xlogon | dot1xlogoff | dot1xlogfailure | ralmlogon | ralmlogoff | ralmlogfailure }*

undo port-security trap { addresslearned | intrusion | dot1xlogon | dot1xlogoff | dot1xlogfailure | ralmlogon | ralmlogoff | ralmlogfailure }*

Parameters addresslearned Enables/disables the sending of MAC address learning trap messages.

intrusion Enables/disables the sending of intrusion packet discovery trap messages.

dot1xlogon Enables/disables the sending of 802.1x user logon trap messages.

dot1xlogoff Enables/disables the sending of 802.1x user logoff trap messages.

dot1xlogfailure Enables/disables the sending of 802.1x user authentication failure trap messages.

ralmlogon Enables/disables the sending of RALM user logon trap messages.

ralmlogoff Enables/disables the sending of RALM user logoff trap messages.

ralmlogfailure Enables/disables the sending of RALM user authentication failure trap messages.

RADIUS authenticated login using MAC-address (RALM) refers to MAC address-based RADIUS authentication.

Default By default, the system disables the sending of any types of trap messages.



Allow the sending of the intrusion packet discovery trap messages.

[S4200G] port-security trap intrusion

3Com Switch 4200G Family port-security trap ● 535 Command Reference


■ System view

Description This command is designed based on the Device Tracking feature. The Device Tracking feature enables the switch to send trap messages in case special data packets (generated by special actions such as illegal intrusion, and abnormal user logon/logoff) pass through a port for the convenience of network administrator to monitor these special actions.

536 ● port trunk pvid vlan 3Com Switch 4200G Family Command Reference

port trunk pvid vlan

Purpose Use the port trunk pvid vlan command to configure the default VLAN ID for a trunk port.

Use the undo port trunk pvid command to restore the default VLAN ID for a trunk port.

Syntax port trunk pvid vlan vlan_id

undo port trunk pvid

Parameters vlan_id Specifies a VLAN ID. Valid values are 1 to 4094. If not specified, the default is 1.

Default The default VLAN ID of local trunk port should be consistent with that of the trunk port on the peer switch, otherwise packets cannot be properly transmitted.

Example To configure the trunk port Ethernet1/0/1 to the default VLAN of 100, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[SW4200G]interface GigabitEthernet 1/0/1[SW4200G-GigabitEthernet1/0/1]port trunk pvid vlan 100




3Com Switch 4200G Family port trunk permit vlan ● 537 Command Reference

port trunk permit vlan

Purpose Use the port trunk permit vlan command to add a trunk port to one VLAN, a selection of VLANs, or all VLANs.

Use the undo port trunk permit vlan command to remove the hybrid port from one VLAN, a selection of VLANs or all VLANs.

Syntax port trunk permit vlan {vlan-id-list | all}

undo port trunk permit vlan {vlan-id-list| all}

Parameters vlan-id vlan-id-list = [ vlan-id1 [ to vlan-id2 ] ]&,1-10., specifies the VLAN range to which the trunk ports are added. vlan-id is in the range of 1 to 4094 and can be discrete &,1-10. means you can enter the parameter for ten times at most.

all Adds the trunk port to all VLANs.

Example Add the GigabitEthernet1/0/1 trunk port to VLAN 2, VLAN 5 and VLAN 50 through VLAN 100.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]interface GigabitEthernet 1/0/1[SW4200G-GigabitEthernet1/0/1]port trunk permit vlan 2 4 50 to 100Please wait... Done.



Description A trunk port can belong to multiple VLANs. If the port trunk permit vlan command is used many times, then the VLAN enabled to pass on trunk port is the set of these vlan_id_list.


538 ● primary accounting 3Com Switch 4200G Family Command Reference

primary accounting

Purpose Use the primary accounting command to set the IP address and port number for the primary accounting server.

Use the undo primary accounting command to restore the default IP address and port number of the primary RADIUS accounting server.

Syntax primary accounting ip-address [ port-number ]

undo primary accounting

Parameters ip-address Specifies the IP address in dotted decimal format.

port-number Specifies the UDP port number. ranging from 1 to 65535.

Default By default, the IP address of the primary accounting server is 0.0.0.0 and the UDP port number of the primary accounting service is 1813.

The IP address and UDP port number of the primary accounting server used by the default RADIUS scheme system are 127.0.0.1 and 1646.

Example To set the IP address and UDP port number of the primary accounting server of the RADIUS scheme radius1 to 10.110.1.2 and 1813, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] primary accounting 10.110.1.2 1813



Description After creating a RADIUS scheme, you are supposed to set IP addresses and UDP port numbers for the RADIUS servers, including primary/second authentication/authorization servers and accounting servers. In real networking environments, the above parameters shall be set according to the specific requirements. However, you must set at least one authentication/authorization server and an accounting server. Besides, ensure that the RADIUS service port settings on the Switch is consistent with the port settings on the RADIUS server.

3Com Switch 4200G Family primary accounting ● 539 Command Reference


■ radius scheme

■ state

540 ● primary authentication 3Com Switch 4200G Family Command Reference

primary authentication

Purpose Use the primary authentication command to configure the IP address and port number for the primary RADIUS authentication/authorization server.

Use the undo primary authentication command to restore the default IP address and port number of the primary RADIUS authentication/authorization server.

Syntax primary authentication ip-address [ port-number ]

undo primary authentication


port-number Specifies UDP port number ranging from 1 to 65535.

Default By default, the IP addresses of the primary authentication/authorization is at 0.0.0.0 and the UDP port for authentication/authorization service is 1812.

Example To set the IP address and UDP port number of the primary authentication/authorization server used by the RADIUS scheme radius1 to 10.110.1.1 and 1812, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] primary authentication 10.110.1.1 1812


■ RADIUS Server Group view

Description Note:

■ After creating a new RADIUS scheme, you should configure the IP address and UDP port number of each RADIUS server you want to use in this scheme. These RADIUS servers fall into two types: authentication/authorization, and accounting. And for each kind of server, you can configure two servers in a RADIUS scheme: primary and secondary servers. A RADIUS scheme has the following attributes: IP addresses of the primary and secondary servers, shared keys, and types of the RADIUS servers.

■ In an actual network environment, you can configure the above parameters as required. But you should configure at least one authentication/authorization server and one accounting server, and at the same time, you should keep the RADIUS service port settings on the switch consistent with those on the RADIUS servers.

3Com Switch 4200G Family primary authentication ● 541 Command Reference


■ radius scheme

■ state

542 ● priority 3Com Switch 4200G Family Command Reference

priority

Purpose Use the priority command to set the priority of Ethernet port.

Use the undo priority command to restore the default value.

Syntax priority priority-level

undo priority

Parameters priority-level Specifies the priority level of the port. Valid values are 0 to 7.

Default The default priority level of a port is 0.

Example To set the priority of the GigabitEthernet1/0/1 port to 7, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface gigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] priority 7



Description This command is used to set the priority of Ethernet ports. After the command is configured, the switch replaces the 802.1p priority carried in the packet with the priority of the port receiving the packet. Then the switch places the packet in the corresponding port output queue according to the new priority of the packet.

3Com Switch 4200G Family priority trust ● 543 Command Reference

priority trust

Purpose Use the priority trust command to configure the precedence mapping mode on the port of the switch.

Syntax priority trust { cos [ automap ] | dscp [ automap | remap ] }

Parameters cos [ automap ] The mapping is performed based on 802.1p priority and the mapping modes are as follows:

■ If automap is not input, it is the default mode in which the switch does not replace the priority carried in the packet with the mapped priority.

■ If automap is input, it is the automap mode in which the switch replaces the priority carried in the packet with the mapped priority.

dscp [ automap | remap] The mapping is performed based on DSCP precedence, and the mapping modes are as follows:

■ If keywords are not input after DSCP, it is the default mode in which the switch does not replace the priority carried in the packet with the mapped priority.

■ If automap is input, it is the automap mode in which the switch replaces the priority carried in the packet with the mapped priority.

■ If remap is input, it is the remap mode. In this mode, the switch firstly gets new DSCP precedence by the "DSCP-> DSCP" mapping relationship, and then searches "DSCP->other precedence" mapping relationship through the new DSCP precedence, and replaces the precedence carried in the packet with the mapped precedence.

Default By default, the switch trusts the port priority.

Example To configure to map in remap mode on GigabitEthernet1/0/1 according to DSCP precedence, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface gigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] priority-trust dscp remap


544 ● priority trust 3Com Switch 4200G Family Command Reference


Related Command priority

3Com Switch 4200G Family protocol inbound ● 545 Command Reference

protocol inbound

Purpose Use the protocol inbound command to configure the protocols supported in the current user interface.

Syntax protocol inbound { all | ssh | telnet }

Parameters all Supports all protocols, including Telnet and SSH.

ssh Supports only SSH.

telnet Supports only Telnet.

Default By default, both SSH and Telnet are supported.

Example Configure vty0 through vty4 to support SSH only.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] user-interface vty 0 4[S4200G-ui-vty0-4] protocol inbound ssh


■ VTY User Interface view

Description After you use this command with SSH enabled, your configuration cannot take effect till next login if no RSA key pair is configured.

CAUTION:

■ When SSH protocol is specified, to ensure a successful login, you must configure the AAA authentication using the authentication-mode scheme command.

■ The protocol inbound ssh configuration fails if you configured authentication-mode password and authentication-mode none. When you configured SSH protocol successfully for the user interface, then you cannot configure authentication-mode password and authentication-mode none any more.

546 ● protocol inbound 3Com Switch 4200G Family Command Reference

protocol inbound

Purpose Use the protocol inbound command to specify the protocols supported by the user interface.

Syntax protocol inbound { all | ssh | telnet }

Parameters all Supports all protocols, including Telnet and SSH.

ssh Supports SSH protocol.

telnet Supports Telnet protocol.

Default Both Telnet protocol and SSH protocol are supported by default.

Example Configure that only SSH protocol is supported in VTY 0.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] user-interface vty0[S4200G-ui-vty0] protocol inbound ssh



Description Use the protocol inbound command in VTY User Interface view only.

Related Command user-interface vty

3Com Switch 4200G Family protocol-priority protocol-type ● 547 Command Reference

protocol-priority protocol-type

Purpose Use the protocol-priority command to set the global traffic priority that applies to a given protocol.

Use the undo protocol-priority command to remove such a configuration.

Syntax protocol-priority protocol-type protocol-type { ip-precedence ip-precedence | dscp dscp-value }

undo protocol-priority protocol-type protocol-type

Parameters protocol-type protocol-type Specifies the type of the protocol. Only TELNET, SNMP,

and ICMP are supported currently.

ip-precedence ip-precedence Specifies the value of IP precedence. Valid values are 0

to 7.

dscp dscp-value Specifies the value of DSCP precedence. Valid values are 0 to 63.

Example To set the IP precedence of SNMP protocols to 3, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] protocol-priority protocol-type snmp ip-precedence 3


■ System view

548 ● public-key-code begin 3Com Switch 4200G Family Command Reference

public-key-code begin

Purpose Use the public-key-code begin command to enter public key edit view and input the client public key.

Syntax public-key-code begin

Parameters None

Example Enter public key edit view and input client public keys.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] rsa peer-public-key S4200G003[S4200G-rsa-public-key] public-key-code begin[S4200G-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463[S4200G-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913[S4200G-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4[S4200G-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC[S4200G-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16[S4200G-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125[S4200G-key-code] public-key-code end[S4200G-rsa-public-key]


■ Public Key view

Description You can key in a blank space between characters (since the system can remove the blank space automatically), or press <Enter> to continue your input at the next line. But the public key, which is generated randomly by the SSH 2.0-supported client software, should be composed of hexadecimal characters.

Related Commands ■ public-key-code end


3Com Switch 4200G Family public-key-code begin ● 549 Command Reference


Purpose Use the public-key-code begin command to enter public key edit view and set server public keys.

Syntax public-key-code begin

Parameters None

Example Enter public key edit view and set server public keys.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] rsa peer-public-key S4200G003[S4200G-rsa-public-key] public-key-code begin[S4200G-key-code] 308186028180739A291ABDA704F5D93DC8FDF84C427463[S4200G-key-code] 1991C164B0DF178C55FA833591C7D47D5381D09CE82913[S4200G-key-code] D7EDF9C08511D83CA4ED2B30B809808EB0D1F52D045DE4[S4200G-key-code] 0861B74A0E135523CCD74CAC61F8E58C452B2F3F2DA0DC[S4200G-key-code] C48E3306367FE187BDD944018B3B69F3CBB0A573202C16[S4200G-key-code] BB2FC1ACF3EC8F828D55A36F1CDDC4BB45504F020125[S4200G-key-code] public-key-code end[S4200G-rsa-public-key]


■ Public Key view

Description You can key in a blank space between characters (since the system can remove the blank space automatically), or press <Enter> to continue your input at the next line. But the public key, which are generated randomly after you use the rsa local-key-pair create command on the server, should be composed of hexadecimal characters.

Related Commands ■ public-key-code end

■ rsa local-key-pair create


550 ● public-key-code end 3Com Switch 4200G Family Command Reference

public-key-code end

Purpose Use the public-key-code end command to return from public key edit view to public key view and save the public keys you set.

Syntax public-key-code end

Parameters None

Example Exit from public key edit view and save the public keys.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G]rsa peer-public-key zhangshan[S4200G-rsa-public-key]public-key-code begin[S4200G-rsa-key-code] public-key-code end[S4200G-rsa-public-key]


■ Public Key Edit view

Description After you use this command to terminate the public key editing, public key validity will be checked before the keys are saved. If there are illegal characters in the keys, the prompt will be given and the keys will be discarded. Your configuration this time fails. If the keys are valid, they will be saved in the public key list of the client.

Related Command ■ public-key-code begin


3Com Switch 4200G Family public-key-code end ● 551 Command Reference

public-key-code end

Purpose Use the public-key-code end command to return from public key edit view to public key view and save the public keys you set.

Syntax public-key-code end

Parameters None

Example Exit from public key edit view and save the public keys.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] rsa peer-public-key S4200G003[S4200G-rsa-public-key] public-key-code begin[S4200G-rsa-key-code] public-key-code end[S4200G-rsa-public-key]


■ Public Key Edit view

Description After you use this command to terminate the public key editing, public key validity will be checked before the keys are saved. If there are illegal characters in the keys, the prompt will be given and the keys will be discarded. Your configuration this time fails. If the keys are valid, they will be saved in the public key list of the client.



552 ● put 3Com Switch 4200G Family Command Reference

put

Purpose Use the put command to upload a local file to the remote SFTP server.

Syntax put local-file [ remote-file ]

Parameters local-file Name of the source file at the local end.

remote-file Name assigned to the file to be saved on the remote SFTP server.

Example Upload local file temp.c to the remote SFTP server and save it with the name temp1.c.

sftp-client> put temp.c temp1.c



Description If no name is specified for the file to be saved on the remote SFTP server, the name of the source file is used.

3Com Switch 4200G Family put ● 553 Command Reference

put

Purpose Use the put command to upload a local file to the remote FTP server.

Syntax put localfile [ remotefile ]

Parameters local-file Name of the source file at the local end.

remote-file Name assigned to the file to be saved on the remote FTP server.

Example Upload local file temp.c to the remote STP server and save it with the name temp1.c.


Upload the local file named temp.c to the FTP server.

[ftp] put temp.c temp1.c200 Port command okay.150 Opening ASCII mode data connection for temp.c.226 Transfer complete.FTP: 749881 byte(s) sent in 17.691 second(s) 42.00Kbyte(s)/sec.


■ FTP Client view

Description If no name is specified for the file to be saved on the remote FTP server, the name of the source file is used.

554 ● pwd 3Com Switch 4200G Family Command Reference

pwd

Purpose Use the pwd command to display the current directory on the SFTP server.

Syntax pwd

Parameters None

Example Display the current directory on the SFTP server.

sftp-client> pwdflash:/



3Com Switch 4200G Family pwd ● 555 Command Reference

pwd

Purpose Use the pwd command to display the current path. If the current path is not configured, an error occurs when you execute this command.

Syntax pwd

Parameters None

Example Display the current path.

<S4200G> pwdunit1>flash:


■ User view

556 ● pwd 3Com Switch 4200G Family Command Reference

pwd

Purpose Use the pwd command to display the current directory on the remote FTP Server.

Syntax pwd

Parameters None

Example Show the current directory on the remote FTP Server.

<S4200G> ftp 2.2.2.2 Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(none):switch 331 Give me your password, please Password:***** 230 Logged in successfully [ftp] pwd 257 "flash:/temp" is current directory.


■ FTP Client view

3Com Switch 4200G Family qos cos-drop-precedence-map ● 557 Command Reference

qos cos-drop-precedence-map

Purpose Use the qos cos-drop-precedence-map command to configure the "COS->Drop-precedence" mapping relationship.

Use the undo qos cos-drop-precedence-map command to restore the "COS->Drop-precedence" mapping relationship to the default value.

Syntax qos cos-drop-precedence-map cos0-map-drop-prec cos1-map-drop-prec cos2-map-drop-prec cos3-map-drop-prec cos4-map-drop-prec cos5-map-drop-prec cos6-map-drop-prec cos7-map-drop-prec

undo qos cos-drop-precedence-map

Parameters cos0-map-drop-prec Specifies the mapped value from COS 0 to the drop precedence. Valid values are 0 to 1.

cos0-map-drop-prec Specifies the mapped value from COS 1 to the drop precedence. Valid values are 0 to 1.







Default By default, the system provides the default "COS->Drop-precedence" mapping relationship.

Table 89 The default "COS->Drop-precedence" mapping relationship

COS Value Drop-precedence

0 0

1 0

2 0

3 0

4 0

5 0

6 0

7 0

558 ● qos cos-drop-precedence-map 3Com Switch 4200G Family Command Reference

Example The configuration of the "COS->Drop-precedence" mapping relationship is described in the following table.

The configuration procedure is as follows:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] qos cos-drop-precedence-map 1 1 1 1 1 0 0 0


■ System view

Description The switch will assign a set of service parameters to one packet according to a certain rule when it receives the packet. Service parameters include CoS value, local precedence and drop precedence. Service parameters are assigned according to the 802.1p priority of the packet. COS value is the 802.1p priority of the packet, and local precedence and drop precedence are obtained through the "COS ->Local-precedence" mapping relationship and the "COS ->Drop-precedence" mapping relationship respectively. You can use this command to modify the "COS->Drop-precedence" mapping relationship as required.

Table 90 The "COS->Drop-precedence" mapping relationship

COS Value Drop-precedence

0 1

1 1

2 1

3 1

4 1

5 0

6 0

7 0

3Com Switch 4200G Family qos cos-dscp-map ● 559 Command Reference

qos cos-dscp-map

Purpose Use the qos cos-dscp-map command to configure the "COS->DSCP" mapping relationship.

Use the undo qos cos-dscp-map command to restore the "COS->DSCP" mapping relationship to the default value.

Syntax qos cos-dscp-map cos0-map-dscp cos1-map-dscp cos2-map-dscp cos3-map-dscp cos4-map-dscp cos5-map-dscp cos6-map-dscp cos7-map-dscp

undo qos cos-dscp-map

Parameters cos0-map-dscp Sets the mapped value from COS 0 to DSCP. Valid values are 0 to 63.

cos0-map-dscp Sets the mapped value from COS 1 to DSCP. Valid values are 0 to 63.







Default By default, the system provides the default "COS->DSCP" mapping relationship.

Table 91 The default "COS->DSCP" mapping relationship

COS Value DSCP

0 16

1 0

2 8

3 24

4 32

5 40

6 48

7 56

560 ● qos cos-dscp-map 3Com Switch 4200G Family Command Reference

Example The configuration of "COS->DSCP" mapping relationship is described in the following table.


<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] qos cos-dscp-map 0 1 2 3 4 5 6 7


■ System view

Table 92 The "COS->DSCP" mapping relationship

COS Value DSCP

0 0

1 1

2 2

3 3

4 4

5 5

6 6

7 7

3Com Switch 4200G Family qos cos-local-precedence-map ● 561 Command Reference

qos cos-local-precedence-map

Purpose Use the qos cos-local-precedence-map command to configure the "COS->Local-precedence" mapping relationship.

Use the undo qos cos-local-precedence-map command to restore the "COS->Local-precedence" mapping relationship to the default value.

Syntax qos cos-local-precedence-map cos0-map-local-prec cos1-map-local-prec cos2-map-local-prec cos3-map-local-prec cos4-map-local-prec cos5-map-local-prec cos6-map-local-prec cos7-map-local-prec

undo qos cos-local-precedence-map

Parameters cos0-map-local-prec Sets the mapped value from COS 0 to local-precedence. Valid values are 0 to 7.

cos1-map-local-prec Sets the mapped value from COS 1 to local-precedence. Valid values are 0 to 7.







Default By default, the system provides the default "COS->Local-precedence" mapping relationship.

Table 93 The default "COS->Local-precedence" mapping relationship

COS Value DSCP

0 2

1 0

2 1

3 3

4 4

5 5

6 6

7 7

562 ● qos cos-local-precedence-map 3Com Switch 4200G Family Command Reference

Example The configuration of "COS->Local-precedence" mapping relationship is described in the following table.


<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] qos cos-local-precedence-map 0 1 2 3 4 5 6 7


■ System view

Table 94 The default "COS->Local-precedence" mapping relationship

COS Value DSCP

0 0

1 1

2 2

3 3

4 4

5 5

6 6

7 7

3Com Switch 4200G Family qos dscp-cos-map ● 563 Command Reference

qos dscp-cos-map

Purpose Use the qos dscp-cos-map command to configure the "COS->802.1p priority" mapping relationship.

Use the undo qos dscp-cos-map command to restore the "DSCP->802.1p priority" mapping relationship to the default value.

Syntax qos dscp-cos-map dscp-list : cos-value

undo qos dscp-cos-map [ dscp-list ]

Parameters dscp-list Specifies the list of DSCP values. It can include only one DSCP value or many DSCP values. DSCP values are separated by space. dscp-list is connected with cos-value by the ":" after it to indicate the mapping relationship between them. Valid values for the dscp-list are 0 to 63.

cos-value Specifies the 802.1p priority corresponding to the DSCP list. Valid values for the cos-value are 0 to 7.

Default By default, the system provides the default "DSCP->802.1p priority" mapping relationship.

Table 95 The default "COS->801.1p precedence" mapping relationship

DSCP 802.1p priority

0 to 7 1

8 to 15 2

16 to 23 0

24 to 31 3

32 to 39 4

40 to 47 5

48 to 55 6

56 to 63 7

564 ● qos dscp-cos-map 3Com Switch 4200G Family Command Reference

Example Modify the "DSCP->802.1p priority" mapping relationship according to the following table.


<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] qos dscp-cos-map 0 1 2 3 4 5 6 7 : 1


■ System view

Table 96 The "DSCP->802.1p priority" mapping relationship

DSCP 802.1p priority

0 1

1 1

2 1

3 1

4 1

5 1

6 1

7 1

3Com Switch 4200G Family qos dscp-drop-precedence-map ● 565 Command Reference

qos dscp-drop-precedence-map

Purpose Use the qos dscp-drop-precedence-map command to configure the "DSCP->Drop-precedence" mapping relationship.

Use the undo qos dscp-drop-precedence-map command to restore the "DSCP->Drop-precedence" mapping relationship to the default value.

Syntax qos dscp-drop-precedence-map dscp-list : drop-precedence

undo qos dscp-drop-precedence-map [ dscp-list ]

Parameters dscp-list Specifies the list of DSCP values. It can include only one DSCP value or many DSCP values. DSCP values are separated by space. dscp-list is connected with cos-value by the ":" after it to indicate the mapping relationship between them. Valid values for the dscp-list are 0 to 63.

drop-precedence Specifies the drop precedence corresponding to the DSCP list. Valid values for the drop-precedence are 0 to 1.

Default By default, the system provides the default "DSCP->Drop-precedence" mapping relationship.

Table 97 The default "DSCP->Drop-precedence" mapping relationship

DSCP Drop Precedence

0 to 7 1

8 to 15 1

16 to 23 1

24 to 31 1

32 to 39 0

40 to 47 0

48 to 55 0

56 to 63 0

566 ● qos dscp-drop-precedence-map 3Com Switch 4200G Family Command Reference

Example Modify the "DSCP->Drop-precedence" mapping relationship according to the following table.


<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] qos dscp-drop-precedence-map 0 1 2 3 4 5 6 7 : 1


■ System view

Table 98 The "DSCP->Drop-precedence" mapping relationship

DSCP Drop Precedence

0 1

1 1

2 1

3 1

4 1

5 1

6 1

7 1

3Com Switch 4200G Family qos dscp-dscp-map ● 567 Command Reference

qos dscp-dscp-map

Purpose Use the qos dscp-dscp-map command to configure the "DSCP->DSCP" mapping relationship.

Use the undo qos dscp-dscp-map command to restore the "DSCP->DSCP" mapping relationship to the default value.

Syntax qos dscp-dscp-map dscp-list : dscp-value

undo qos dscp-dscp-map [ dscp-list ]

Parameters dscp-list Specifies the list of DSCP values. It can include only one DSCP value or many DSCP values. DSCP values are separated by space. dscp-list is connected with dscp-value by the ":" after it to indicate the mapping relationship between them. Valid values for the dscp-list are 0 to 63.

dscp-value Specifies the DSCP precedence corresponding to the DSCP list. Valid values for the dscp-value are 0 to 63.

Default By default, the system provides the default "DSCP->DSCP" mapping relationship.

Example Modify the "DSCP->DSCP" mapping relationship according to the following table.

Table 99 The "DSCP->DSCP" mapping relationship and its default value

DSCP New DSCP

0 0

1 1

… …

61 61

62 62

63 63

Table 100 The "DSCP->DSCP" mapping relationship

DSCP New DSCP

0 1

1 1

2 1

3 1

4 1

5 1

6 1

7 1

568 ● qos dscp-dscp-map 3Com Switch 4200G Family Command Reference


<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] qos dscp-dscp-map 0 1 2 3 4 5 6 7 : 1


■ System view

3Com Switch 4200G Family qos dscp-local-precedence-map ● 569 Command Reference

qos dscp-local-precedence-map

Purpose Use the qos dscp-local-precedence-map command to configure the "DSCP->Local-precedence" mapping relationship.

Use the undo qos dscp-local-precedence-map command to restore the "DSCP->Local-precedence" mapping relationship to the default value.

Syntax qos dscp-local-precedence-map dscp-list : local-precedence

undo qos dscp-local-precedence-map [dscp-list ]

Parameters dscp-list Specifies the list of DSCP values. It can include only one DSCP value or many DSCP values. DSCP values are separated by space. dscp-list is connected with local-precedence by the ":" after it to indicate the mapping relationship between them. Valid values for the dscp-list are 0 to 63.

local-precedence Specifies the local precedence corresponding to the DSCP list. Valid values for the local-precedence are 0 to 7.

Default By default, the system provides the default "DSCP->Local-precedence" mapping relationship.

Table 101 The default "DSCP->Local-precedence" mapping relationship

DSCP Local Precedence

0 to 7 0

8 to 15 1

16 to 23 2

24 to 31 3

32 to 39 4

40 to 47 5

48 to 55 6

56 to 63 7

570 ● qos dscp-local-precedence-map 3Com Switch 4200G Family Command Reference

Example Modify the "DSCP->Local-precedence" mapping relationship according to the following table.


<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] qos dscp-local-precedence-map 0 1 2 3 4 5 6 7 : 1


■ System view

Table 102 The "DSCP->Local-precedence" mapping relationship

DSCP Local Precedence

0 1

1 1

2 1

3 1

4 1

5 1

6 1

7 1

3Com Switch 4200G Family qos-profile ● 571 Command Reference

qos-profile

Purpose Use the qos-profile command to create a QoS profile and enter the corresponding view.

If this profile has existed, use the qos-profile command to enter view of this profile.

Use the undo qos-profile command to delete a specific QoS profile or all QoS profiles.

Syntax qos-profile profile-name

undo qos-profile { profile-name | all }

Parameters profile-name Specifies the QoS profile name, consisting of a string of one to 32 characters, starting with letters [a-z, A-Z] and excluding all, interface, and user which are reserved as keywords.

all Deletes all the QoS profiles.

Example To create a profile named h3c, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] qos-profile h3c[S4200G-qos-profile-h3c]


■ System view

Description The switch does not allow your deletion of QoS profiles applied to ports.

572 ● qos-profile port-based 3Com Switch 4200G Family Command Reference

qos-profile port-based

Purpose Use the qos-profile port-based command to configure the port-based application mode of QoS profiles on ports.

Use the undo qos-profile port-based command to restore the default application mode of QoS profiles on ports.

Syntax qos-profile port-based

undo qos-profile port-based

Parameters None

Default By default, the application mode of QoS profiles is user-based.

■ If MAC-address-based authentication mode is configured in 802.1x, the application mode of QoS profiles must be user-based.

■ If port-based authentication mode is configured in 802.1x, the application mode of QoS profiles must be port-based.

Example To configure the port-based application mode of QoS profiles on ports, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface gigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] qos-profile port-based



Description After the QoS profile function is configured, the switch will apply the QoS profiles corresponding to you to your access port when you pass the authentication. The processing procedures of the switches of different application modes are as follows respectively:

■ User-based mode: If the source information (source MAC, source IP, or source MAC + source IP) is defined in the traffic rule adopted by the QoS profile, the QoS profile cannot be applied dynamically successfully. If the source information is not defined, the switch will create a new traffic rule by adding the source MAC and source IP information of the user into the former rule, and then apply all the traffic actions in the QoS profile to the user access port.

■ Port-based mode: The switch will apply all the actions in the QoS profile to the user access port directly. When the mode is used, all the users with the same access port must use the same QoS profile.

3Com Switch 4200G Family queue-scheduler ● 573 Command Reference

queue-scheduler

Purpose Use the queue-scheduler command to set the queue-scheduling algorithm and parameters.

Use the undo queue-scheduler command to restore the default values.

Syntax queue-scheduler wrr { group1 { queue-id queue-weight } &<1-8> | group2 { queue-id queue-weight } &<1-8> }*

undo queue-scheduler [ queue-id ] &<1-8>

Parameters wrr Indicates SDWRR scheduling algorithm is adopted in the queue.

group1 Adds the queue into WRR scheduling group1.

group2 Adds the queue into WRR scheduling group2.

queue-id ID of the output queue on the port, in the range of 0 to 7.

queue-weight Weight of the queue, in the range of 1 to 255.

&<1-8> Indicates that the queue-id and queue-weight arguments can be input up to 8 times.

Default By default, all the output queues on the ports of the switch adopt SP queue-scheduling algorith.

Example To:

■ Set the scheduling mode of queue0 through queue5 to SDWRR scheduling

■ Add queue3, queue4, and queue5 into WRR scheduling group1 and their weights are 20, 20, and 30 respectively.

■ Add queue0, queue1, and queue2 into WRR scheduling group2, and their weights are 20, 20, and 40 respectively.

■ Queue6 and queue7 are scheduled according the default strict priority.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] queue-scheduler wrr group1 3 20 4 20 5 30 group2 0 20 1 20 2 40


■ System view

Description One port of the switch supports 8 output queues. Different queues can adopt different queue-scheduling algorithms in the switch. You can respectively set the

574 ● queue-scheduler 3Com Switch 4200G Family Command Reference

queue-scheduling group that each queue belongs to as required: SP group, WRR group1, and WRR group2. During the queue scheduling, the scheduling sequence is:

1. Each scheduling group is scheduled according to its strict priority, and the scheduling group with the highest queue priority is scheduled firstly.

2. The scheduling group with the second highest priority is scheduled after the scheduling group with the highest priority is scheduled.

Note: The 8 output queues are divided into groups in the following principle:

■ The queues in each group must be consecutive. For example, queue3, queue4, and queue5 are consecutive queues.

■ Each can be allocated to the same queue-scheduling group, while queue3, queue4, and queue7 cannot be allocated to the same queue-scheduling group.

Related Command display queue-scheduler

3Com Switch 4200G Family quit ● 575 Command Reference

quit

Purpose Use the quit command to terminate the connection to the remote SSH server.

Syntax quit

Parameters None

Example Terminate the connection to the remote SSH server.

<S4200G> quit


■ User view

576 ● quit 3Com Switch 4200G Family Command Reference

quit

Purpose Use the quit command to terminate the connection to the remote SFTP server and exit to system view.

Syntax quit

Parameters None

Example Terminate the connection to the remote SFTP server.

sftp-client> quit[S4200G]



Description This command has the same function as the bye and exit commands.

3Com Switch 4200G Family quit ● 577 Command Reference

quit

Purpose Use the quit command to terminate FTP control connection and FTP data connection and quit to user view. This command has the same effect as that of the bye command.

Syntax quit

Parameters None.

Example Terminate the FTP control connection and FTP data connection and quit to user view.

[ftp] quit<S4200G>


■ FTP Client view

578 ● quit 3Com Switch 4200G Family Command Reference

quit

Purpose Use the quit command to return from current view to lower level view, or exit the system if current view is user view.

Syntax quit

Parameters None.

Example Return from system view to user view.

<S4200G> system-view[S4200G] quit<S4200G>


■ Any view

Description The following lists the three levels of views available (from lower level to higher level):

■ User view

■ System view

■ VLAN view, Ethernet port view, and so on

Related Command return and system-view

3Com Switch 4200G Family radius nas-ip ● 579 Command Reference

radius nas-ip

Purpose Use the radius nas-ip command to set the source IP address used by the switch to send RADIUS packets.

Use the undo radius nas-ip command to restore the default setting.

Syntax radius nas-ip ip-address

undo radius nas-ip

Parameters ip-address IP address in dotted decimal format.

Default By default, no source IP address is specified, and the IP address of the outbound interface is used as the source IP address of the packet.

Example To set the source IP address used by the switch to send the RADIUS packets to 129.10.10.1, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius nas-ip 129.10.10.1


■ System view

Description Note:

■ By specifying the source address of the RADIUS packet, you can avoid unreachable packets as returned from the server upon interface failure. The source address is normally recommended to be a loopback interface address.

■ This command specifies only one source address; therefore, the newly configured source address may overwrite the original one.

Related Command nas-ip

580 ● radius-scheme 3Com Switch 4200G Family Command Reference

radius-scheme

Purpose Use the radius-scheme command to specify the RADIUS scheme to be used by the current ISP domain.

Syntax radius-scheme radius-scheme-name

Parameters radius-scheme-name Specifies a RADIUS scheme, consisting of a character string up to 32 characters in length.

Example To specify the scheme 3Com as the RADIUS scheme to be used by current ISP domain 3Com163.net, enter the following.

[S4200G-isp-3Com163.net] radius-scheme 3Com


■ ISP Domain view

Description The RADIUS scheme specified in the radius-scheme command must exist. This command is equivalent to the scheme radius-scheme command.

Related Commands ■ display radius

■ radius scheme

■ scheme

3Com Switch 4200G Family radius scheme ● 581 Command Reference

radius scheme

Purpose Use the radius scheme command to create a RADIUS scheme and enter its view.

Use the undo radius scheme command to delete the specified RADIUS scheme.

Syntax radius scheme radius-scheme-name

undo radius scheme radius-scheme-name

Parameters radius-scheme-name Specifies the Radius scheme name with a character string up to 32 characters in length.

Default By default, a RADIUS scheme named system exists in the system.

Example To create a RADIUS scheme named radius1 and enter its view, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1]


■ System view

Description Note:

■ A default RADIUS scheme named system has been created in the system. The attributes of system are all default values.

■ RADIUS protocol configuration is performed on a per-RADIUS-scheme basis. Every RADIUS scheme shall at least have the specified IP address and UDP port number of the RADIUS authentication/authorization/accounting server and some necessary parameters exchanged with the RADIUS client end (Switch). It is necessary to create the RADIUS scheme and enter its view before performing other RADIUS protocol configurations.

■ A RADIUS scheme can be used by multiple ISP domains simultaneously. You can configure up to 16 RADIUS schemes, including the default RADIUS scheme named as System.

■ Although undo radius scheme can remove a specified RADIUS scheme, the default one cannot be removed. Note that a scheme currently in use by the online user cannot be removed.

582 ● radius scheme 3Com Switch 4200G Family Command Reference


■ retry realtime-accounting

■ radius-scheme

■ timer realtime-accounting

■ stop-accounting-buffer enable


■ server-type

■ state

■ user-name-format

■ retry

■ display radius

■ display radius statistics.

3Com Switch 4200G Family radius trap ● 583 Command Reference

radius trap

Purpose Use the radius trap command to enable the switch to send trap messages when its RADIUS authentication or accounting server turns down.

Use the undo radius trap command to disable the switch from sending trap messages when its RADIUS authentication or accounting server turns down.

Syntax radius trap { authentication-server-down | accounting-server-down }

undo radius trap { authentication-server-down | accounting-server-down }

Parameters authentication-server-downSends trap message when the RADIUS authentication server turns down.

accounting-server-down Sends trap message when the RADIUS accounting server turns down.


Example To enable the switch to send trap messages when its RADIUS authentication server turns down, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G]radius trap authentication-server-down


■ System view

Description This configuration effects all RADIUS schemes.

A device considers its RADIUS server as being down if it has tried the configured maximum times to send packets to the RADIUS server but does not receive any response.

584 ● reboot 3Com Switch 4200G Family Command Reference

reboot

Purpose Use the reboot command to restart an Ethernet switch.

Syntax reboot [ unit unit-id ]

Parameters unit-id Unit ID of a switch.

Example Directly restart the switch without saving the current configuration.

<S4200G> reboot This will reboot device. Continue? [Y/N] y Start to check configuration with next startup configuration file, please wait...... This command will reboot the device. Current configuration may be lost in nextstartup if you continue. Continue? [Y/N] y

<S4200G>%Apr 2 00:06:01:148 2000 S4200G DEV/5/DEV_LOG:- 1 -Switch is rebooted.Starting......

Description The system will check whether there is any configuration change before it restarts, and will ask whether you want to proceed or not if there is any change, to prevent you from losing your original configuration due to forgetting after the restart.


■ User view

3Com Switch 4200G Family reboot member ● 585 Command Reference

reboot member

Purpose Use the reboot member command to reboot a specified member device on the management device.

Syntax reboot member { member-number | mac-address H-H-H } [ eraseflash ]


mac-address H-H-H MAC address of the member device to be rebooted.

eraseflash Deletes the configuration file when the member device reboots.

Example Reboot the member device numbered 2.

<aaa_0.S4200G>system-viewSystem View: return to User View with Ctrl+Z.[aaa_0.S4200G]cluster[aaa_0.S4200G-cluster] reboot member 2


■ Cluster view

Description Communication between the management and member devices may be interrupted due to some configuration errors. Through the remote control function of member devices, you can control them remotely on the management device. For example, you can reboot a member device that operates improperly and specify to delete the booting configuration file when the member device reboots, and thus restore normal communication between the management and member devices.

The eraseflash keyword specifies to delete the booting configuration file when the member device reboots.

586 ● region-name 3Com Switch 4200G Family Command Reference

region-name

Purpose Use the region-name command to set an MST region name to a switch.

Use the undo region-name command to restore the default MST region name.

Syntax region-name name

undo region-name

Parameters name Specifies the MST region name for a switch with a string that is 1 to 32 characters in length.

Default The default MST region name of a switch is its MAC address.

Example To set the MST region name of the switch to hello, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp region-configuration [S4200G-mst-region] region-name hello


■ MST Region view

Description The MST region name, along with MST region VLAN mapping table and MSTP revision level, determines the MST region to which a switch belongs.



■ instance

■ revision-level


3Com Switch 4200G Family remote-probe vlan ● 587 Command Reference

remote-probe vlan

Purpose Use the remote-probe vlan enable command to enable the remote-probe port mirror port feature on the VLAN of the switch.

Use the undo remote-probe vlan enable command to disable the remote-probe port mirror port feature on the VLAN of the switch.

Syntax remote-probe vlan enable

undo remote-probe vlan enable

Parameters None

Example Configure VLAN 5 to be remote-probe VLAN.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] vlan 5[S4200G-vlan5] remote-probe vlan enable


■ VLAN view

Description After setting a VLAN as remote-probe VLAN, you cannot add any more access port to the VLAN.

588 ● remotehelp 3Com Switch 4200G Family Command Reference

remotehelp

Purpose Use the remotehelp command to display help information about the FTP protocol command.

Syntax remotehelp [ protocol-command ]

Parameters protocol-command FTP protocol command.

Example Show the syntax of the protocol command user.

<SW4200G>ftp 1.1.1.1Trying ...Press CTRL+K to abortConnected.220 FTP service ready.User(none):hello331 Password required for hello.Password:230 User logged in [ftp]remotehelp user 214 Syntax: USER <sp> <username>[ftp]

Description This command works only when the FTP server provides the help information about FTP protocol commands. CAUTION:

■ This command is always valid when a S4200G series switch operates as the FTP server.

■ Common FTP software does not support this command.


■ FTP Client view

3Com Switch 4200G Family remove ● 589 Command Reference

remove

Purpose Use the remove command to delete the specified file from the server.

Syntax remove remote-file

Parameters remote-file Name of a file on the server.

Example Delete file temp.c from the server.

sftp-client> remove temp.c



Description This command has the same function as the delete command.

590 ● rename 3Com Switch 4200G Family Command Reference

rename

Purpose Use the rename command to change the name of the specified file on the SFTP server.

Syntax rename old name new name

Parameters old name Original file name.

new name New file name.

Example Change the name of file temp1 on the SFTP server to temp2.

sftp-client> rename temp1 temp2



3Com Switch 4200G Family rename ● 591 Command Reference

rename

Purpose Use the rename command to rename a file or a directory. If the target file name or directory name is the same with any existing file name or directory name, you will fail to rename a file.

Syntax rename fileurl-source fileurl-dest

Parameters fileurl-source Path name or file name of a file in the Flash, comprised of a string from 1 to 142 characters long.

fileurl-dest Path name or a file name, comprised of a string from 1 to 142 characters long.

Example Rename the file named sample.txt as sample.bak.

<S4200G> rename sample.txt sample.bakRename flash:/sample.txt to flash:/sample.bak ?[Y/N]:y


■ User view

592 ● rename 3Com Switch 4200G Family Command Reference

rename

Purpose Use the rename command to rename a file on a remote host.

Syntax rename remote-source remote-dest

Parameters remote-source Name of a file on a remote host.

remote-dest Destination file name.

Example Rename the file named temp.c as forever.c.

<S4200G> ftp 2.2.2.2 Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(none):switch 331 Give me your password, please Password:***** 230 Logged in successfully [ftp] [ftp] rename temp.c forever.c350 Enter the name to rename it to...250 File renamed successfully


■ FTP Client view

Description If when renaming a file the destination file name conflicts with the name of an existing file or directory, you will fail to rename the file.

3Com Switch 4200G Family reset arp ● 593 Command Reference

reset arp

Purpose Use the reset arp command to remove information that is no longer required from the ARP mapping table.

Syntax reset arp [ dynamic | static | interface interface_name interface_type interface_num ]

Parameters dynamic Clears the dynamic ARP mapping entries.

static Clears the static ARP mapping entries. Note that static ARP entries are deleted permanently.

interface_name Specifies the interface name.

interface_type Specifies the interface type.

interface_num Specifies the interface number.

Example To clear static ARP entries, enter the following:

<S4200G> reset arp static


■ User view

Related Command ■ arp static

■ display arp

594 ● reset counters interface 3Com Switch 4200G Family Command Reference

reset counters interface

Purpose Use the reset counters interface command to clear the statistics of the port, preparing for a new statistics collection.

Syntax reset counters interface [ interface-type | interface-type interface-number ]

Parameters interface-type Specifies the port type.


Example Clear the statistics of the GigabitEthernet1/0/1 port.

<4200G>reset counters interface GigabitEthernet1/0/1


■ User view

Description ■ If you specify neither port type nor port number, the command clears statistics of all ports.

■ If specify only port type, the command clears statistics of all ports of this type.

■ If specify both port type and port number, the command clears statistics of the specified port

3Com Switch 4200G Family reset dot1x statistics ● 595 Command Reference

reset dot1x statistics

Purpose Use the reset dot1x statistics command to clear the statistics of 802.1x.

Syntax reset dot1x statistics [ interface interface-list ]









Example Clear the 802.1x statistics on Ethernet 1/0/2.

<SW4200G>reset dot1x statistics interface ethernet 1/0/2


■ User view

Description Execution of the reset dot1x statistics command clears statistics globally and on all ports if the interface-list argument is not provided, otherwise only resets statistics on ports specified by the interface-list argument.


596 ● reset garp statistics 3Com Switch 4200G Family Command Reference

reset garp statistics

Purpose Use the reset garp statistics command to clear the GARP statistics (such as the information about the packets received/sent/discarded by GVRP/GMRP) on specified (or all) ports.

Use the reset garp statistics command without parameters to clear the GARP statistics on specified (or all) ports.

Syntax reset garp statistics [ interface interface-list ]

Parameters interface-list Ethernet port list, in the format of interface-list = { interface-type interface-number [ to interface-type interface-number ] }&<1-10>. Where, interface-type is the port type, interface-number is the port number (refer to the parameter description of the port part in this document for the meanings and ranges of the two parameters), and &<1-10> means you can specify totally 1 to 10 ports and port ranges.

Example Clear GARP statistics about all ports.

<S4200G> reset garp statistics


■ User view

Related Command display garp statistics

3Com Switch 4200G Family reset igmp-snooping statistics ● 597 Command Reference

reset igmp-snooping statistics

Purpose Use the reset igmp-snooping statistics command to clear the IGMP Snooping statistics.

Syntax reset igmp-snooping statistics

Parameters None

Example Clear the IGMP Snooping statistics.

<S4200G> reset igmp-snooping statistics


■ User view


598 ● reset ip statistics 3Com Switch 4200G Family Command Reference

reset ip statistics

Purpose Use the reset ip statistics command to clear the IP statistics information.

Syntax reset ip statistics

Parameters None

Example To clear the IP statistics information, enter the following:

<S4200G>reset ip statistics


■ User view

Related Commands ■ display ip interface vlan-interface

■ display ip statistics

3Com Switch 4200G Family reset logbuffer ● 599 Command Reference

reset logbuffer

Purpose Use the reset logbuffer command to clear information in the log buffer.

Syntax reset logbuffer [ unit unit-id ]

Parameters unit-id Unit ID

Example Clear information in log buffer.

<S4200G>reset logbuffer


■ User view

600 ● reset ndp statistics 3Com Switch 4200G Family Command Reference

reset ndp statistics

Purpose Use the reset ndp statistics command to reset the NDP counters to clear the NDP statistics.

Syntax reset ndp statistics [ interface port-list ]

Parameters interface port-list Specifies a list of ports connected with the specified port. A list may contain consecutive or separated ports, or the combination of consecutive and separated ports. The argument is expressed as {interface-type interface-number | interface-name } [ to { interface-type interface-number | interface-name } ] } &<1-10>, where interface-type specifies the port type, and interface-number specifies the port number, expressed as slot number/port number.

Example Clear NDP statistics.

<S4200G> reset ndp statistics


■ User view

3Com Switch 4200G Family reset radius statistics ● 601 Command Reference

reset radius statistics

Purpose Use the reset radius statistics command to clear the statistics information about the RADIUS protocol.

Syntax reset radius statistics

Parameters None

Example To clear the RADIUS protocol statistics, enter the following:

<S4200G> reset radius statistics


■ User view


602 ● reset recycle-bin 3Com Switch 4200G Family Command Reference

reset recycle-bin

Purpose Use the reset recycle-bin command to completely delete file(s) in the recycle bin in the Flash.

Syntax reset recycle-bin [ file-url ] [ /force ]

Parameters file-url Path name or file name of a file in the Flash, a string comprising 1 to 142 characters. This argument supports the wildcard "*".

/force Gives no prompt for the delete operation.

Example Clear the recycle bin.

<S4200G> reset recycle-bin Clear flash:/sunday.diag ?[Y/N]:Before pressing ENTER you must choose 'YES' or 'NO'[Y/N]:yClearing files from flash may take a long time. Please wait......%Cleared file unit1>flash:/~/sunday.diag.


■ User view

Description The files that are deleted using the delete command are still stored in the recycle bin. To delete them completely, use the reset recycle-bin command.

3Com Switch 4200G Family reset saved-configuration ● 603 Command Reference

reset saved-configuration

Purpose Use the reset saved-configuration command to delete the configuration file that is of the specified attribute from the Flash, including the main and backup configuration files to be used when the switch starts the next startup.

Syntax reset saved-configuration [ backup | main ]

Parameters main Main backup configuration file.

backup Backup configuration file.

Example Delete the main configuration file to be used for next startup.

<S4200G>reset saved-configuration mainThe saved configuration will be erased. Are you sure?[Y/N]y Configuration in flash is being cleared. Please wait ... ... Configuration in flash is cleared.


■ User view

Description Executing the reset saved-configuration command with neither backup nor main keyword deletes the main configuration file in the Flash.

Generally, the reset saved-configuration command is used in the following cases:

■ The configuration files in the Flash are not compatible with the system software. (This may occur after you upgrade the software of the switch.)

■ The network where the switch operates changes. In this case, the existing configuration files may conflict with the new network. You need to delete the existing configuration files and configure the switch again.

CAUTION:

■ Use the reset saved-configuration command with caution. You are recommended to use this command under the guidance of technical support personnel.

■ Upon powered on, a switch initiates using the default parameters if the Flash contains no configuration file.

Related Command save

604 ● reset saved-configuration 3Com Switch 4200G Family Command Reference

3Com Switch 4200G Family reset stop-accounting-buffer ● 605 Command Reference

reset stop-accounting-buffer

Purpose Use the reset stop-accounting-buffer command to delete the buffered no-response stop-accounting request packets.

Syntax reset stop-accounting-buffer { radius-scheme radius-scheme-name | session-id session-id | time-range start-time stop-time | user-name user-name }

Parameters radius-scheme radius-scheme-name Specifies the buffered stop-accounting requests to

delete based on the specified RADIUS scheme. radius-scheme-name is the name of a RADIUS scheme. This name is a character string up to 32 characters in length.

session-id session-id Specifies the buffered stop-accounting requests to delete based on the specified session ID. session-id is a character string up to 50 characters in length.

time-range start-time stop-time Specifies the buffered stop-accounting requests to

delete based on the time of the stop-accounting request. Where, start-time is the start time of the request period, the stop-time is the end time of the request period, and both are in the format hh:mm:ss-mm/dd/yyyy or hh:mm:ss-yyyy/mm/dd.

user-name user-name

user-name user-name Specifies the buffered stop-accounting request packets to delete based on the specified user name. user-name is a character string up to 80 characters in length. The string cannot include the following characters:

■ /

■ :

■ *

■ ?

■ <

■ >


606 ● reset stop-accounting-buffer 3Com Switch 4200G Family Command Reference

Example To delete the stop-accounting request packets buffered in the system for the user [email protected], enter the following:

<S4200G> reset stop-accounting-buffer user-name [email protected]

Delete the stop-accounting request packets buffered from 0:0:0 08/31/2002 to 23:59:59 08/31/2002 in the system.

<S4200G> reset stop-accounting-buffer time-range 0:0:0-08/31/2002 23:59:59-08/31/2002


■ User view

Example By default, after transmitting the stopping accounting requests, if there is no response from the RADIUS server, the Switch will save the packet in the buffer and retransmit it several times, which is set through the retry realtime-accounting command.

You can select to delete the packets transmitted to a specified RADIUS server, or according to the session-id or username, or delete the packets transmitted during the specified time-range.

Related Commands ■ stop-accounting-buffer enable


■ display stop-accounting-buffer

3Com Switch 4200G Family reset stp ● 607 Command Reference

reset stp

Purpose Use the reset stp command to clear the STP statistics of specified Ethernet ports.

Syntax reset stp [ interface interface-list ]









Example To clear the spanning tree-related statistics on ports GigabitEthernet1/0/1 through GigabitEthernet1/0/3, enter the following:

<S4200G> reset stp interface GigabitEthernet 1/0/1 to GigabitEthernet 1/0/3


■ User view

Description The spanning tree statistics include the numbers of the TCN BPDUs, configuration BPDUs, RST BPDUs, and MST BPDUs sent/received through one or more specified ports or all ports (note that STP BPDUs and TCN BPDUs are counted only for CISTs.)

This command clears the spanning tree-related statistics on specified ports if you specify the interface-list argument. If you do not specify the interface-list argument, this command clears the spanning tree-related statistics on all ports.

Related Command display stp

608 ● reset tcp statistics 3Com Switch 4200G Family Command Reference

reset tcp statistics

Purpose Use the reset tcp statistics command to clear the TCP statistics information.

Syntax reset tcp statistics

Parameters None

Example To clear the TCP statistics information, enter the following:

<S4200G>reset tcp statistics


■ User view

Related Command display tcp statistics

3Com Switch 4200G Family reset traffic-limit ● 609 Command Reference

reset traffic-limit

Purpose Use the reset traffic-limit command to clear the statistics of the traffic policing matching with the specified ACL rules.

Syntax reset traffic-limit inbound acl-rule

Parameters inbound Indicates that statistics of the packets received on the port is cleared.

acl-rule Specifies the ACL rules which can be the combination of various ACL rules. The way of combination is described in the following table:

Example To clear the statistics of the traffic policing matching with ACL 2000, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface gigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] reset traffic-limit inbound ip-group 2000











610 ● reset traffic-statistic 3Com Switch 4200G Family Command Reference

reset traffic-statistic

Purpose Use the reset traffic-statistic command to clear the traffic statistics of the packets matching with the specified ACL rules.

Syntax reset traffic-statistic inbound acl-rule

Parameters inbound Indicates that statistics of the packets received on the port is cleared.


Example To clear the traffic statistics of the packets matching with ACL 2000 rules, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface gigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] reset traffic-statistic inbound ip-group 2000











3Com Switch 4200G Family reset trapbuffer ● 611 Command Reference

reset trapbuffer

Purpose Use the reset trapbuffer command to clear information in the trap buffer.

Syntax reset trapbuffer [ unit unit-id ]

Parameters unit-id Unit ID

Example Clear information in the trap buffer.

<S4200G>reset trapbuffer


■ User view

612 ● retry 3Com Switch 4200G Family Command Reference

retry

Purpose Use the retry command to set the maximum number of transmission attempts of RADIUS requests.

Use the undo retry command to restore the default maximum number of transmission attempts.

Syntax retry retry-times

Parameters retry-times Retry times during a detect operation. Valid values are 1 to 20. If not specified, the default number of retries is 3.

Example To set the maximum transmission times of RADIUS requests in the RADIUS scheme radius1 to five, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] retry 5


■ Detecting Group view

Description Note:

■ The communication in RADIUS is unreliable because this protocol adopts UDP packets to carry data. Therefore, it is necessary for the switch to retransmit a RADIUS request if it gets no response from the RADIUS server after the response timeout timer expires. If the maximum number of transmission attempts is reached but the switch still receives no response, the switch considers that the request fails.

■ Appropriately set this maximum number of transmission attempts according to the network situation can improve the reacting speed of the system.

Related Command radius scheme

3Com Switch 4200G Family retry realtime-accounting ● 613 Command Reference

retry realtime-accounting

Purpose Use the retry realtime-accounting command to set the maximum allowed number of continuous no-response real-time accounting requests.

Use the undo retry realtime-accounting command to restore the default maximum allowed number of continuous no-response real-time accounting requests.

Syntax retry realtime-accounting retry-times

undo retry realtime-accounting

Parameters retry-times Specifies the maximum number of continuous no-response real-time accounting requests. Valid values are 1 to 255.

Default This function defaults 5.

Example To allow the switch to continuously send at most 10 real-time accounting requests if it gets no response for the RADIUS scheme radius1, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] retry realtime-accounting 10



Description Note:

■ Generally, the RADIUS server uses the connection timeout timer to determine whether a user is online or not. If the RADIUS server receives no real-time accounting packet for a specified period of time, it will consider that the line or the switch is in trouble and stop the accounting of the user. To make the switch cooperate with this feature on the RADIUS server, it is necessary to cut down the user connection on the switch as soon as possible after the RADIUS server terminates the charging and connection of the user in the case of unforeseen trouble. For this purpose, you can limit the number of continuous real-time no-response accounting requests, and the switch will cut down the user connection if it sends out the maximum number of real-time accounting requests but does not receive any response.

■ Suppose that the response timeout time of the RADIUS server is T (three seconds for example), the real-time accounting interval is t (12 minutes for example), and the maximum number of continuous no-response real-time accounting requests is retry-times (five for example). In this case, the switch sends an accounting request

614 ● retry realtime-accounting 3Com Switch 4200G Family Command Reference

every 12 minutes; if the switch does not receive a response within 3 seconds after it sends out an accounting request, it re-sends the request; If the switch continuously sends five accounting requests but does not receive any response, it considers this real-time accounting a failure. Generally, T x retry-times should be less than t.


timer realtime-accounting

3Com Switch 4200G Family retry stop-accounting ● 615 Command Reference

retry stop-accounting

Purpose Use the retry stop-accounting command to set the maximum number of transmission attempts of the stop-accounting requests buffered due to no response.

Use the undo retry stop-accounting command to restore the default maximum number of transmission attempts of the buffered stop-accounting requests.

Syntax retry stop-accounting retry-times

undo retry stop-accounting

Parameters retry-times Specifies the number of transmission attempts of the buffered stop-accounting requests. Valid values are 10 to 65535.

Default The default is 500.

Example To indicate that, when stopping accounting request for the server “3Com” in the RADIUS server group, the Switch will retransmit the packets for up to 1000 times, enter the following:

To specify that the switch can transmit a buffered stop-accounting request at most 1000 times in RADIUS scheme radius1, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] retry stop-accounting 1000



Description Stop-accounting requests are critical to billing and will eventually affect the charges of the users; they are important for both the users and the ISP. Therefore, the switch should do its best to transmit them to the RADIUS accounting server. If the RADIUS server does not respond to such a request, the switch should first buffer the request on itself, and then retransmit the request to the RADIUS accounting server until it gets a response, or the maximum number of transmission attempts is reached (in this case, it discards the request).

Related Commands ■ display stop-accounting-buffer

■ radius-scheme

■ reset stop-accounting-buffer

616 ● return 3Com Switch 4200G Family Command Reference

return

Purpose Use the return command to return to user view from any other view.

Syntax return

Parameters None

Example To return to user view from any other view (the example below shows the command entered from the system view), enter the following.

<S4200G> system-view[S4200G] return<S4200G>

Description Performs the same function as Ctrl+Z.

To return to the next highest level of view, use quit.


■ System view or higher level views

3Com Switch 4200G Family revision-level ● 617 Command Reference

revision-level

Purpose Use the revision-level command to set the MSTP revision level for a switch.

Use the undo revision-level command to restore the default revision level.

Syntax revision-level level

undo revision-level

Parameters level MSTP revision level for the switch. Valid values are 0 to 65535.

Default By default, the MSTP revision level of a switch is 0.

Example To set the MSTP revision level of the MST region to 5, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp region-configuration [S4200G-mst-region] revision-level 5


■ MST Region view

Description MSTP revision level, along with MST region name and VLAN mapping table, determines the MST region to which a switch belongs.



■ instance

■ region-name


618 ● rmdir 3Com Switch 4200G Family Command Reference

rmdir

Purpose Use the rmdir command to delete the specified directory from the remote SFTP server.

Syntax rmdir remote-path

Parameters remote-path Name of a directory on the remote SFTP server.

Example Delete directory D:/temp1 from the remote SFTP server.

sftp-client> rmdir D:/temp1



3Com Switch 4200G Family rmdir ● 619 Command Reference

rmdir

Purpose Use the rmdir command to delete a directory.

Syntax rmdir directory

Parameters directory Name of a directory, a string comprising 1 to 142 characters.

Example Delete the directory named MyDoc.

<S4200G> rmdir MyDocRmdir MyDoc?[Y/N]:y% Removed directory MyDoc


■ User view

Description Because only empty directories can be deleted, you need to delete the files in a directory before deleting it.

620 ● rmdir 3Com Switch 4200G Family Command Reference

rmdir

Purpose Use the rmdir command to delete the specified directory from the remote FTP server.

Syntax rmdir pathname

Parameters pathname Name of a directory on an FTP server.

Example Remove the directory flash:/temp1 on the FTP server. (Assume that the

directory is empty.)

<S4200G> ftp 2.2.2.2 Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(none):switch 331 Give me your password, please Password:***** 230 Logged in successfully [ftp] rmdir flash:/temp1200 RMD command successful.


■ FTP Client view

Description You can only use this command to remove directories that are empty.

3Com Switch 4200G Family rmon alarm ● 621 Command Reference

rmon alarm

Purpose Use the rmon alarm command to add an entry to the alarm table.

Use the undo rmon alarm command to delete an entry from this table.

Syntax rmon alarm entry-number alarm-variable sampling-time { delta | absolute } rising-threshold threshold-value1 event-entry1 falling-threshold threshold-value2 event-entry2 [ owner text ]

undo rmon alarm entry-number

Parameters entry-number Number of the entry to be added/deleted. Valid values are 1 to 65535.

alarm-variable Alarm variable, a string comprising 1 to 256 characters in dotted node OID format (such as 1.3.6.1.2.1.2.1.10.1). Only the variables that can be resolved to ASN.1 INTEGER data type (that is, INTEGER, Counter, Gauge, or TimeTicks) can be used as alarm variables.

sampling-time Specifies the sampling interval. Valid values are 5 to 65535 (measured in seconds).

delta Specifies to sample increments (that is, the current increment with regard to the latest sample)

absolute Specifies to sample absolute values.

rising-threshold threshold-value1 Specifies the upper threshold. The threshold-value1

argument ranges from 0 to 2,147,483,647.

event-entry1 Index of the event entry corresponding to the upper threshold, in the range of 0 to 65535.

falling-threshold threshold-value2 Specifies the lower threshold. The threshold-value2

argument ranges from 0 to 2,147,483,647.

event-entry2 Index of the event entry corresponding to the lower threshold, in the range of 0 to 65535.

owner text Specifies the owner of the entry. The text argument is a string comprising 1 to 127 characters.

Example Add the alarm entry numbered 1 as follows:

■ The node to be monitored: 1.3.6.1.2.1.16.1.1.1.4.1

■ Sampling interval: 10 seconds

■ Upper threshold: 50

■ The event-entry1 argument identifies event 1.

■ Lower threshold: 5

622 ● rmon alarm 3Com Switch 4200G Family Command Reference

■ The event-entry2 argument identifies event 2

■ Owner: user1.

<S4200G> system-view[S4200G] rmon event 1 log[S4200G] rmon event 2 none[S4200G]rmon alarm 1 1.3.6.1.2.1.16.1.1.1.4.1 10 absolute rising_threshold 50 1 falling_threshold 5 2 owner user1

Delete the alarm entry numbered 15 from the alarm table.

[S4200G] undo rmon alarm 15


■ System view

Description You can use the rmon alarm command to define an alarm entry so that a specific alarm event can be triggered under specific circumstances. The act (such as logging and sending trap messages to NMS) taken after an alarm event occurs is determined by the corresponding alarm entry.

With an alarm entry is defined in an alarm group, a network device performs the following operations accordingly:

■ Sample the defined alarm variables (alarm-variable) once in each specified period, which is specified by the sampling-time argument.

■ Comparing the sampled value with the set threshold and performing the corresponding operations, as described in “Error! Reference source not found”.

Note:

■ Before adding an alarm entry, you need to use the rmon event command to define the events to be referenced by the alarm entry.

■ Make sure the node to be monitored exists before executing the rmon alarm command.

Table 105 Sample value and the corresponding operation

Comparison Operation

The sample value is larger than or equal to the set upper threshold (threshold-value1)

Triggering the event identified by the event-entry1 argument

The sample value is smaller than the set lower threshold (threshold-value2)


3Com Switch 4200G Family rmon event ● 623 Command Reference

rmon event

Purpose Use the rmon event command to add an entry to the event table.

Use the undo rmon event command to delete an entry from this table.

Syntax rmon event event-entry [ description string ] { log | trap trap-community | log-trap log-trapcommunity | none } [ owner text ]

undo rmon event event-entry

Parameters event-entry Number of the entry to be added/deleted. Valid values are 1 to 65535.

description string Specifies the event description, consisting of a string from1 to 127 characters long.

log Logs events.

trap Sends trap message to the NMS.

trap-community Community name of the NMS that receives the trap messages, comprised of a string from 1 to 127 characters long.

log-trap Logs the event and sends trap messages to NMS.

log-trapcommunity Community name of the NMS that receives the log messages, comprised of a character string from 1 to 127 characters long.

none Specifies that the event triggers no action.

owner rmon-station Specifies the owner of the event entry. The argument may be any text string from 1 to 127 characters long.

Example Add the event entry numbered 10 to the event table and configure it to be a log event.

<S4200G> system-view[S4200G] rmon event 10 log


■ System view

Description When adding an event entry to an event table, you need to specify the event index. You need also to specify the corresponding actions, including logging the event, sending trap messages to the NMS, or both, for the network device to perform corresponding operation when an alarm referencing the event is triggered.

624 ● rmon history 3Com Switch 4200G Family Command Reference

rmon history

Purpose Use the rmon history command to add an entry to the history control table.

Use the undo rmon history command to delete an entry from history control table.

Syntax rmon history entry-number buckets number interval sampling-interval [owner text ]

undo rmon history entry-number

Parameters entry-number Number of the entry to be added/deleted. Valid values are from 1 to 65535.

buckets number Capacity of the history table corresponding to the control line.

interval sampling-intervalSampling interval. Valid values are from 5 to 3600 (measured in seconds).

owner text Specifies the owner of the entry, a string comprising 1 to 127 characters in length.

Example Create the history entry numbered 1 for Ethernet1/0/1 port, with the table size being 10, the sampling interval being 5 seconds, and the owner being user1.

<S4200G> system-view[S4200G]interface GigabitEthernet 1/0/1[S4200G-GigabitEthernet1/0/1]rmon history 1 buckets 10 interval 5 owner user1

Remove the history entry numbered 15.

[S4200G-GigabitEthernet1/0/1] undo rmon history 15



Description You can use the rmon history command to sample a specific port. You can also set the sampling interval and the number of the samples that can be saved. After you execute this command, the RMON system samples the port periodically and stores the samples for later retrieval. The sampled information includes utilization, the number of errors, and total number of packets.

You can use the display rmon history command to display the statistics of the history control table.

3Com Switch 4200G Family rmon prialarm ● 625 Command Reference

rmon prialarm

Purpose Use the rmon prialarm command to add an entry to the extended RMON alarm table.

Use the undo rmon prialarm command to delete an entry from the extended RMON alarm table.

Syntax rmon prialarm entry-number prialarm-formula prialarm-des sampling-timer { delta | absolute | changeratio } rising_threshold threshold-value1 event-entry1 falling_threshold threshold-value2 event-entry2 entrytype { forever | cycle cycle-period } [ owner text ]

undo rmon prialarm entry-number

Parameters entry-number Extended alarm entry index. Valid values are 1 to 65535.

prialarm-formula Expression used to perform operations on the alarm variables, a string comprising 1 to 256 characters. The alarm variables in the expression must be represented by OIDs, for example, (.1.3.6.1.2.1.2.1.10.1)*8. The operations available are addition, subtraction, multiplication and division operations. The operation results are rounded to values that are of long integer type. To prevent invalid operation results, make sure the operation results of each step are valid long integers.

prialarm-des Alarm description, comprised of a string from 1 to 256 characters long.

sampling-timer Sets the sampling interval (in seconds). Valid values are 10 to 65535 seconds.

delta | absolute | changeratio Specifies sample type, which can be deltas, absolute

values, or change ratios.

threshold-value1 Upper threshold. Valid values are 0 to 4,294,967,295.

event-entry1 Index of the event entry that corresponds to the upper threshold. Valid values are 0 to 65535.

threshold-value2 Lower threshold. Valid values are 0 to 4,294,967,295.

event-entry2 Index of the event entry that corresponds to the lower threshold. Valid values are 0 to 65535.

forever Specifies the alarm entry is valid indefinitely.

| cycle cycle-period

Specifies the type of the alarm instance line.

cycle-period specifies the functional cycle of the instance.

626 ● rmon prialarm 3Com Switch 4200G Family Command Reference

cycle Specifies the alarm entry is valid periodically.

cycle-period Cycle period (in seconds). Valid values are 0 to 2,147,483,647.

owner text Specifies the owner of the alarm entry, consisting of a string from 1 to 127 characters long.

Example Add the extended alarm entry numbered 2 as follows:

■ Perform operations on the corresponding alarm variables using the expression ((1.3.6.1.2.1.16.1.1.1.4.1)*100).

■ Sampling interval: 10 seconds

■ Upper threshold: 50

■ Lower threshold: 5

■ Event 1 is triggered when the change ratio is larger than the upper threshold.

■ Event 2 is triggered when the change ratio is less than the lower threshold.

■ The alarm entry is valid forever.

■ Entry owner: user1

<S4200G> system-view[S4200G]interface GigabitEthernet 1/0/1[S4200G-GigabitEthernet1/0/1] rmon statistics 1[S4200G-GigabitEthernet1/0/1] quit[S4200G] rmon prialarm 2 ((.1.3.6.1.2.1.16.1.1.1.4.1)*100) test 10 changeratio rising_threshold 50 1 falling_threshold 5 2 entrytype forever owner user1

Remove the extended alarm entry numbered 2 from the extended alarm table.

[S4200G] undo rmon prialarm 2


■ System view

Description With an extended alarm entry defined in an extended alarm group, the network devices perform the following operations accordingly:

■ Sampling the alarm variables referenced in the defined extended alarm expressions (prialarm-formula) once in each period specified by the sampling-timer argument.

■ Performing operations on sampled values according to the defined extended alarm expressions (prialarm-formula)

■ Comparing the operation result with the set thresholds and perform corresponding operations, as described in the following Table.

Table 106 Operation result and corresponding operation

Comparison Operation

The operation result is larger than or equal to the set upper threshold (threshold-value1)


The operation result is smaller than or equal to the set lower threshold (threshold-value2)


3Com Switch 4200G Family rmon prialarm ● 627 Command Reference

Note:

■ Before adding an extended alarm entry, you need to use the rmon event command to define the events to be referenced by the entry.

■ Make sure the node to be monitored exists before executing the rmon event command.

■ You can define up to 50 extended alarm entries.

628 ● rmon statistics 3Com Switch 4200G Family Command Reference

rmon statistics

Purpose Use the rmon statistics command to add an entry to the statistic table.

Use the undo rmon statistics command to delete an entry from statistic table.

Syntax rmon statistics entry-number [ owner text ]

undo rmon statistics entry-number

Parameters entry-number Number of the entry to be added/deleted. Valid values are 1 to 65535.

owner text Creator of the entry. The length of the character string can be from 1 to127 characters.

Example Add the statistics entry numbered 20 to take statistics of GigabitEthernet1/0/1 port.

<S4200G> system-view[S4200G]interface GigabitEthernet 1/0/1[S4200G-GigabitEthernet1/0/1] rmon statistics 20



Description The RMON statistics management function is used to take statistics of the usage of the monitored ports and errors occurred to them. The statistics include the number of the following items: collisions, packet with CRC errors, undersize (or oversize) packets, broadcast and multicast packets, received packets and bytes.

You can use the display rmon statistics command to display the statistics entries.

Note:

For each port, only one rmon alarm table entry can be created, that is to say, if one RMON alarm table entry was already created for a given port, creation of another entry with a different index number for the same port will not succeed.

3Com Switch 4200G Family rsa local-key-pair create ● 629 Command Reference

rsa local-key-pair create

Purpose Use the rsa local-key-pair create command to generate RSA key pairs, whose names are in the format of switch name plus _host, for example, S4200G_host.

Syntax rsa local-key-pair create

Parameters None

Example Generate a local RSA key pair.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] rsa local-key-pair createThe key name will be: S4200G_HostThe range of public key size is (512 ~ 2048).NOTES: If the key modulus is greater than 512, It will take a few minutes.Input the bits in the modulus[default = 512]:Generating keys..................++++++++++++...............++++++++++++.................................++++++++.......................++++++++....


■ System view

Description After you use the command, the system prompts you to define the key length.

■ In SSH1.x, the key length is in the range of 512 to 2,048 (bits).

■ In SSH 2.0, the key length is in the range of 1024 to 2048 (bits). To make SSH 1.x compatible, 512- to 2,048-bit keys are allowed on clients, but the length of server keys must be more than 1,024 bits. Otherwise, clients cannot be authenticated.

CAUTION:

■ If you use this command to generate an RSA key provided an old one exits, the system will prompt you to replace the previous one or not.

For a successful SSH login, you must generate the local RSA key pairs first. You just need to execute the command once, with no further action required even after the system is rebooted.

Related Commands ■ display rsa local-key-pair public

630 ● rsa local-key-pair create 3Com Switch 4200G Family Command Reference

■ rsa local-key-pair destroy

3Com Switch 4200G Family rsa local-key-pair destroy ● 631 Command Reference

rsa local-key-pair destroy

Purpose Use the rsa local-key-pair destroy command to destroy all existing RSA key pairs at the server end.

Syntax rsa local-key-pair destroy

Parameters None

Example Destroy all existing RSA key pairs at the server end.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] rsa local-key-pair destroy% The name for the keys which will be destroyed is S4200G_Host .% Confirm to destroy these keys? [Y/N]:y............


■ System view

Related Command rsa local-key-pair create

632 ● rsa peer-public-key 3Com Switch 4200G Family Command Reference

rsa peer-public-key

Purpose Use the rsa peer-public-key command to enter public key view.

Syntax rsa peer-public-key key-name

Parameters key-name Client public key name, consisting of a string from 1 to 64 characters long.

Examples Enter S4200G002 public key view.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] rsa peer-public-key S4200G002[S4200G-rsa-public-key]


■ System view

Description You can use this command along with the public-key-code begin command to configure on the server client public keys, which are generated randomly by the SSH 2.0-supported client software.


■ public-key-code end

3Com Switch 4200G Family rsa peer-public-key ● 633 Command Reference

rsa peer-public-key

Purpose Use the rsa peer-public-key command to enter public key view.

Syntax rsa peer-public-key key-name

Parameters key-name Server public key name, consisting of a string from 1 to 64 characters long.

Examples Enter S4200G002 public key view.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] rsa peer-public-key S4200G002[S4200G-rsa-public-key]


■ System view

Description You can use this command along with the public-key-code begin command to configure on the client the server public keys, which are generated randomly after you use the rsa local-key-pair create command.


■ public-key-code end

■ rsa local-key-pair create

634 ● rule (Advanced ACL) 3Com Switch 4200G Family Command Reference

rule (Advanced ACL)

Purpose Use the rule command to define an ACL rule.

Use the undo rule command to delete an ACL rule or the attribute information of an ACL rule.

Syntax rule [ rule-id ] { permit | deny } rule-string

undo rule rule-id [ destination ] [ destination-port ] [ dscp ] [ fragment ] [ icmp-type ] [ precedence ] [ source ] [ source-port ] [ time-range ] [ tos ]

Parameters Parameters of the rule command:

rule-id The ACL rule ID. Valid values are 0 to 65,534.

deny Drops packets that satisfy the condition.

permit Permits packets that satisfy the condition to pass.

rule-string Rule information, which can be combination of the parameters given in the table below. The following table describes the specific parameters. You must configure the protocol argument in the rule information before you can configure other arguments.

Table 107 Rule information

Parameter Type Function Description

protocol Protocol type Type of protocol over IP

When expressed in numerals, the value range is 1 to 255. When expressed with a name, the value can be GRE, ICMP, IGMP, IP, IPinIP, OSPF, TCP, and UDP

source { sour-addr sour-wildcard | any }

Source address information

Specifies the source address information in the rule

sour-addr sour-wildcard is used to specify the source address of the packet, expressed in dotted decimal notation. any represents any source address.

destination { dest-addr dest-wildcard | any }

Destination address information

Specifies the destination address information in the rule

dest-addr dest-wildcard is used to specify the destination address of the packet, expressed in dotted decimal notation. any represents any destination address

precedence precedence

Packet precedence

Packet priority Value range: 0 to 7

tos tos Packet precedence

ToS priority Value range: 0 to 15

dscp dscp Packet precedence

DSCP priority Value range: 0 to 63

fragment Fragment information

Specifies that the rule is effective for non-initial fragment packets

-

3Com Switch 4200G Family rule (Advanced ACL) ● 635 Command Reference

If the protocol type is TCP or UDP, you can also define the following information:

If the protocol type is ICMP, you can also define the following information:

If the protocol type is ICMP, you can also directly input the ICMP message name after the icmp-type argument. The following table describes some common ICMP messages.

time-range time-name

Time range information

Specifies the time range in which the rule is active

-

Table 108 TCP/UDP-specific rule information


source-port operator port1 [ port2 ]

Source port(s) Defines the source port information of UDP/TCP packets

The value of operator can be lt (less than), gt (greater than), eq (equal to), neq (not equal to), or range (within the range of). Only the range requires two port numbers as the operands, and other operators require only one port number as the operand port1 and port2: TCP/UDP port number(s), expressed with name(s) or numerals; when expressed with numerals, the value range is 0 to 65,535.

destination-port operator port1 [ port2 ]

Destination port(s)

Defines the destination port information of UDP/TCP packets

established "TCP connection established" flag

Specifies that the rule will match TCP connection packets with the ack or rst flag

TCP-specific argument

Table 109 ICMP-Specific Rule Information


icmp-type icmp-type icmp-code

Type and message code information of ICMP packets

Specifies the type and message code information of ICMP packets in the rule

icmp-type: ICMP message type, ranging 0 to 255.

icmp-code: ICMP message code, ranging 0 to 255.

Table 110 ICMP messages

Name ICMP TYPE ICMP CODE

echo Type=8 Code=0

echo-reply Type=0 Code=0

fragmentneed-DFset Type=3 Code=4

host-redirect Type=5 Code=1

host-tos-redirect Type=5 Code=3

host-unreachable Type=3 Code=1

information-reply Type=16 Code=0

Table 107 Rule information (continued)


636 ● rule (Advanced ACL) 3Com Switch 4200G Family Command Reference

II. Parameters of the undo rule command:

source Deletes the settings of the source address part in the rule corresponding to the rule ID

source-port Deletes the settings of the source port part in the rule corresponding to the rule ID. This keyword is available only when TCP or UDP is defined in the rule.

destination Deletes the settings of the destination address part in the rule corresponding to the rule ID.

destination-port Deletes the settings of the destination port part in the rule corresponding to the rule ID. This keyword is available only when TCP or UDP is defined in the rule.

icmp-type Deletes the settings of the ICMP type and message code part in the rule corresponding to the rule ID. This keyword is available only when ICMP is defined in the rule.

precedence Deletes the precedence-related settings in the rule corresponding to the rule ID.

tos Deletes the ToS-related settings in the rule corresponding to the rule ID.

dscp Deletes the DSCP-related settings in the rule corresponding to the rule ID.

time-range Deletes the time range settings in the rule corresponding to the rule ID.

fragment Deletes the settings effective for non-initial fragment packets in the rule corresponding to the rule ID.

Example Define a rule to permit packets from hosts in the network segment of 129.9.0.0 to hosts in the network of 202.38.160.0 and with the port number of 80 to pass.

information-request Type=15 Code=0

net-redirect Type=5 Code=0

net-tos-redirect Type=5 Code=2

net-unreachable Type=3 Code=0

parameter-problem Type=12 Code=0

port-unreachable Type=3 Code=3

protocol-unreachable Type=3 Code=2

reassembly-timeout Type=11 Code=1

source-quench Type=4 Code=0

source-route-failed Type=3 Code=5

timestamp-reply Type=14 Code=0

timestamp-request Type=13 Code=0

ttl-exceeded Type=11 Code=0

Table 110 ICMP messages (continued)

Name ICMP TYPE ICMP CODE

3Com Switch 4200G Family rule (Advanced ACL) ● 637 Command Reference

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] acl number 3101[S4200G-acl-adv-3101] rule permit tcp source 129.9.0.0 0.0.255.255 destination 202.38.160.0 0.0.0.255 destination-port eq 80


■ Advanced ACL view

Description Before you can delete a rule, you must specify the rule ID. If you do not know the rule ID, you can view it by using the display acl command.

In the case that you specify the rule ID when defining a rule:

■ If the rule corresponding to the specified rule ID already exists, you will edit the rule, and the modified part in the rule will replace the original content, while other parts remain unchanged.

■ If the rule corresponding to the specified rule ID does not exists, you will create and define a new rule.

■ The content of a modified or created rule must not be identical with the content of any existing rule; otherwise the rule modification or creation will fail, and the system will prompt that the rule already exists.

If you do not specify a rule ID, you will create and define a new rule, and the system will assign an ID for the rule automatically.

638 ● rule (Basic ACL) 3Com Switch 4200G Family Command Reference

rule (Basic ACL)


Use the undo rule command to delete an ACL rule or the attribute information of an ACL rule.

Syntax rule [ rule-id ] { permit | deny } [ fragment ] [ source { sour-addr sour-wildcard | any } ] [ time-range time-name ]

undo rule rule-id [ fragment ] [ source ] [ time-range ]

Parameters I. Parameters of the rule command:




fragment Specifies that the rule is effective for non-initial fragment packets.

source { sour-addr sour-wildcard | any } { sour-addr sour-wildcard | any }: Specifies the source

address information in the rule. If the source keyword is not included in the command, any source address of packets will be matched. sour-addr sour-wildcard is used to specify the source address of the packet, expressed in dotted decimal notation. The any parameter refers to any address.

time-range time-name Specifies that this ACL rule is effective only in this time range.


rule-id Rule ID, which must the ID of an existing ACL rule. If no other arguments are specified, the system will completely delete this ACL rule. If any argument is given, the system will delete only the specified information of the ACL rule.

fragment Deletes the settings effective for non-initial fragment packets in the rule corresponding to the rule ID.

source Deletes the settings of the source address part in the rule corresponding to the rule ID.

time-range Deletes the time range settings in the rule corresponding to the rule ID.

3Com Switch 4200G Family rule (Basic ACL) ● 639 Command Reference

Example Define a rule to deny packets whose source IP address is 1.1.1.1.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] acl number 2000[S4200G-acl-basic-2000] rule deny source 1.1.1.1 0


■ Basic ACL view

Description Use the undo rule command to delete an ACL rule or the attribute information of an ACL rule.

Before you can delete a rule, you must specify the rule ID. If you do not know the rule ID, you can view it by using the display acl command.






640 ● rule comment 3Com Switch 4200G Family Command Reference

rule comment

Purpose Use the rule comment command to define the comment string for an ACL rule.

Use the undo rule comment command to delete the comment string for an ACL rule.

Syntax rule rule-id comment text

undo rule rule-id comment

Parameters comment text Specifies the comment string for an ACL rule, which must a string of up to 127 characters.

Example Define the comment string of Rule 0 of ACL 3000 as "test".

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] acl number 3000[S4200G-acl-adv-3000] rule 0 comment test


■ Advanced ACL view / Layer 2 ACL view

Description Before defining the comment string for an ACL rule, make sure that this ACL rule exists.

3Com Switch 4200G Family rule (Layer 2 ACL) ● 641 Command Reference

rule (Layer 2 ACL)


Use the undo rule command to delete an ACL rule.

Syntax rule [ rule-id ] { permit | deny } [ rule-string ]

undo rule rule-id

Parameters I. Parameters of the rule command:




rule-string Rule information, which can be combination of the parameters given in the table below. The following table describes the specific parameters.

Table 111 Rule information


format-type Link layer encapsulation type

Defines the link layer encapsulation type in the rule

format-type: the value can be 802.3/802.2, 802.3, ether_ii, or snap

lsap lsap-code lsap-wildcard

lsap field Defines the lsap field in the rule

lsap-code: the encapsulation format of data frames, a 16-bit hexadecimal number lsap-wildcard: mask of the lsap value, a 16-bit hexadecimal number used to specify the mask bit

source { source-addr source-mask | vlan-id }*

Source MAC address information

Specifies the source MAC address range in the rule

source-addr: source MAC address, in the format of H-H-Hsource- mask: source MAC address mask, in the format of H-H-Hvlan-id: source VLAN ID, in the range of 1 to 4,094

dest dest-addr dest-mask

Destination MAC address information

Specifies the destination MAC address range in the rule

dest-addr: destination MAC address, in the format of H-H-H dest- mask: destination MAC address mask, in the format of H-H-H

cos vlan-pri Priority Defines the 802.1p priority of the rule

vlan-pri: VLAN priority, in the range of 0 to 7

time-range time-name Time range information

Specifies the time range in which the rule is active

time-name: specifies the name of the time range in which the rule is active; a string of 1 to 32 characters

type protocol-type protocol-mask

Protocol type of Ethernet frames

Defines the protocol type of Ethernet frames

protocol-type: protocol type protocol-mask: protocol type mask

642 ● rule (Layer 2 ACL) 3Com Switch 4200G Family Command Reference


rule-id The Rule ID, which must the ID of an existing ACL rule.

Example Define a rule to deny packets whose 802.1p priority is 3.

<S4200G> system-view[S4200G] acl number 4000[S4200G-acl-ethernetframe-4000] rule deny cos 3


■ Layer 2 ACL view

Description Before you can delete a rule, you must specify the rule ID. If you do not know the rule ID, you can view it by using the display acl command.






3Com Switch 4200G Family save ● 643 Command Reference

save

Purpose Use the save command to save the current configuration to a configuration file in the flash memory.

Syntax save [ cfgfile | [ safely ] [ backup | main ] ]

Parameters cfgfile Path name or file name of the configuration file in the flash memory to which the current configurations will be saved. Valid values are a character string from 5 to 56 characters long.

safely Safe mode. Saving the current configuration in this mode is relatively slow, but the configuration file still remains in the flash without being lost even if the switch restarts or powers down during the saving.

backup Assigns the backup attribute to the configuration file.

main Assigns the main attribute to the configuration file.

Example Save the current configuration to the main configuration file.

<S4200G>save mainThe configuration will be written to the device. Are you sure?[Y/N]y Please input the file name(*.cfg)(To leave the existing filename unchanged press the enter key):123.cfg Now saving current configuration to the device. Saving configuration. Please wait... ............ Unit1 save configuration flash:/123.cfg successfully Unit2 save configuration flash:/123.cfg successfully %Apr 2 02:58:01:682 2000 S4200G CFM/3/CFM_LOG:- 1 -Unit1 save configuration successfully. %Apr 2 02:58:01:783 2000 S4200G CFM/3/CFM_LOG:- 1 -Unit2 save configuration successfully.

Save the current configuration to the configuration file 234.cfg on unit 1.

<S4200G> save unit1>flash:/234.cfgThe current configuration will be saved to unit1>flash:/234.cfg [Y/N]:yNow saving current configuration to the device.Saving configuration. Please wait.............. Unit1 save configuration unit1>flash:/234.cfg successfully<S4200G>%Apr 2 04:07:21:805 2000 4200G-EI CFM/3/CFM_LOG:- 1 -Unit1 save configuration successfully.

644 ● save 3Com Switch 4200G Family Command Reference


■ Any view

Description Executing the save command with neither backup nor main assigns the main attribute to the file to which the current configurations are saved.

The system provides two methods to save the current configurations.

■ If the safely keyword is not used, the system saves the current configurations in fast mode. This mode is fast, but the configuration file may be lost if the switch restarts or powers down.

■ If the safely keyword is used, the system saves the current configurations in safe mode. This mode is relatively slow, but the configuration file still remains in the flash memory without being lost even if the switch restarts or powers down during the saving.

The fast mode is recommended under the circumstances with stable power system, while the safe mode is recommended under the circumstances with bad power system or in the case of remote maintenance.

■ If the cfgfile argument is not specified, the system saves the current configuration to the configuration file used in this startup, or saves the current configuration with the default configuration file name if the default configuration is used in this startup.

■ To make a switch to adopt the current configuration when it starts the next time, save the current configuration using the save command before restarting the switch.

3Com Switch 4200G Family schedule reboot at ● 645 Command Reference

schedule reboot at

Purpose Use the schedule reboot at command to schedule a reboot on the current switch and set the reboot date and time.

Use the undo schedule reboot command to cancel the scheduled reboot.

Syntax schedule reboot at hh:mm [ mm/dd/yyyy | yyyy/mm/dd ] undo schedule reboot

Parameters hh:mm Reboot time, where hh (hour) ranges from 0 to 23, and mm (minute) ranges from 0 to 59.

mm/dd/yyyy or yyyy/mm/dd Reboot date, where yyyy (year) ranges from 2,000 to 2,099, mm (month) ranges from 1 to 12, and the range of dd (day) depends on the specific month.

Default By default, no scheduled reboot is set on the switch.

Example Suppose the current time is 05:06, schedule a reboot so that the switch reboots at 22:00 on the current day.

<S4200G> schedule reboot at 22:00Reboot system at 22:00 2000/04/02(in 16 hours and 53 minutes)confirm?[Y/N]:y<S4200G>


■ User view

Description After you execute the schedule reboot at command with a future date specified, the switch will reboot at the specified time with at most one minute delay.

After you execute the schedule reboot at command without specifying a date, the switch will:

lReboot at the specified time on the current day if the specified time is later than the current time.

lReboot at the specified time on the next day if the specified time is earlier than the current time.

After you execute the command, the system will prompt you to confirm. Enter "Y" or "y" for your setting to take effect, and your setting will overwrite the old one (if available).

646 ● schedule reboot at 3Com Switch 4200G Family Command Reference

If you adjust the system time by the clock command after executing the schedule reboot at command, the schedule reboot at command will be invalid and the scheduled reboot will not happen.

Related Command ■ reboot

■ display schedule reboot

3Com Switch 4200G Family schedule reboot delay ● 647 Command Reference

schedule reboot delay

Purpose Use the schedule reboot delay command to schedule a reboot on the switch, and set the reboot waiting delay.

Use the undo schedule reboot command to cancel the scheduled reboot.

Syntax schedule reboot delay { hhh:mm | mmm } undo schedule reboot

Parameters hhh:mmm Reboot waiting delay, where hhh ranges from 0 to 720, and mm ranges from 0 to 59.

mmm Reboot waiting delay (in minutes). Valid values are 0 to 43,200 minutes.

Default By default, no scheduled reboot is set on the switch.

Example Suppose the current time is 05:02, schedule a reboot so that the switch reboots after 70 minutes.

<S4200G> schedule reboot delay 70Reboot system at 06:12 2000/04/02(in 1 hours and 10 minutes)confirm?[Y/N]:y<S4200G>


■ User view

Description After you execute the schedule reboot at command with a future date specified, the switch will reboot at the specified time with at most one minute delay.

You can set the reboot waiting delay in two formats: hhh:mm and mmm. The former is hours:minutes, the latter is the absolute minutes, and both must be less than or equal to 30×24×60 (that is, 30 days).

After you execute the command, the system will prompt you to confirm. Enter "Y" or "y" for your setting to take effect. Your setting will overwrite the old one (if available).

If you adjust the system time by the clock command after executing the schedule reboot delay command, the schedule reboot delay command will be invalid and the scheduled reboot will not happen.

Related command: reboot, schedule reboot at, undo schedule reboot, and display schedule reboot.

648 ● scheme 3Com Switch 4200G Family Command Reference

scheme

Purpose Use the scheme command to configure the AAA scheme to used by the current ISP domain.

Use the undo scheme command to restore the default AAA scheme used by the ISP domain.

Syntax scheme { local | none | radius-scheme radius-scheme-name [ local ] }

undo scheme { radius-scheme | none }

Parameters radius-scheme-name Specifies the name of the RADIUS scheme. This name is a character string from 1 to 32 characters long.

local Specifies to use local authentication.

none Specifies not to perform authentication.

Default By default, the ISP domain uses the local AAA scheme.

Example To specify the RADIUS scheme radius1 as the primary AAA scheme referenced by the ISP domain aabbcc.net and specify the local scheme as the secondary authentication scheme, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] domain aabbcc.netNew Domain added. [S4200G-isp-aabbcc.net] scheme radius-scheme raduis1 local


■ ISP Domain view

Description When the scheme command is used to specify the RADIUS scheme to be referenced by current ISP domain, the specified RADIUS scheme must has already been configured.

If you execute the scheme radius-scheme radius-scheme-name local command, the local scheme becomes the secondary scheme in case the RADIUS server does not response normally. That is, if the communication between the switch and the RADIUS server is normal, no local authentication is performed; otherwise, local authentication is performed.

3Com Switch 4200G Family scheme ● 649 Command Reference

If you execute the scheme local command, the local scheme is adopted as the primary scheme. In this case, only local authentication is performed, no RADIUS authentication is performed. If you execute the scheme none command, no authentication is performed.


650 ● screen-length 3Com Switch 4200G Family Command Reference

screen-length

Purpose Use the screen-length command to set the number of lines the terminal screen can contain.

Use the undo screen-length command to revert to the default number of lines.

Syntax screen-length screen-length

undo screen-length

Parameters screen-length The maximum number of information lines that you can display on a terminal screen. Valid values are 0 to 512. If not specified, the default is 24.

Set the number of lines the terminal screen can contain to 20.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] user-interface aux0[S4200G-ui-aux0] screen-length 20



Description You can use the screen-length 0 command to disable the function to display information in pages.

3Com Switch 4200G Family secondary accounting ● 651 Command Reference

secondary accounting

Purpose Use the secondary accounting command to set the IP address and port number of the secondary RADIUS accounting server.

Use the undo secondary accounting command to restore the default IP address and port number of the secondary RADIUS accounting server.

Syntax secondary accounting ip-address [ port-number ]

undo secondary accounting


port-number Specifies the UDP port number. Valid values are 1 to 65535.

Default By default, the IP addresses of secondary accounting server is at 0.0.0.0 and the port number is 1813.

Example To set the IP address and UDP port number of the secondary accounting server of the RADIUS scheme radius1 to 10.110.1.1 and 1813, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] secondary accounting 10.110.1.1 1813




■ radius scheme

■ state

652 ● secondary authentication 3Com Switch 4200G Family Command Reference

secondary authentication

Purpose Use the secondary authentication command to set the IP address and port number of the secondary RADIUS authentication/authorization server.

Use the undo secondary authentication command to restore the default IP address and port number of the secondary RADIUS authentication/authorization server.

Syntax secondary authentication ip-address [ port-number ]

undo secondary authentication

Parameters ip-address Specifies the IP address in dotted decimal notation.

port-number Specifies the UDP port number. Valid values are 1 to 65535.

Default By default, the IP addresses of secondary authentication/authorization server is 0.0.0.0 and the port number is 1812.

Example To set the IP address of the second authentication/authorization server of RADIUS scheme, “3Com”, to 10.110.1.2 and the UDP port 1812 to provide RADIUS authentication/authorization service, enter the following:

To set the IP address and UDP port number of the secondary authentication/authorization server used by the RADIUS scheme radius1 to 10.110.1.2 and 1812, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] secondary authentication 10.110.1.2 1812




■ radius scheme

■ state

3Com Switch 4200G Family security-policy-server ● 653 Command Reference

security-policy-server

Purpose Use the security-policy-server command to set the IP address of a security policy server.

Use the undo security-policy-server command to remove the IP address configuration of a security policy server.

Syntax security-policy-server ip-address

undo security-policy-server [ ip-address | all ]

Parameters ip-address The IP address of security policy server.

all The IP addresses of all the security policy servers.

Example Configure the IP address of the security policy server to be 192.168.0.1.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G] radius scheme S4200G[S4200G-radius-S4200G] security-policy-server 192.168.0.1[S4200G-radius-S4200G] display current-configuration…radius scheme S4200Gprimary authentication 1.1.11.29 1812secondary authentication 127.0.0.1 1645



Description For each RADIUS scheme, a maximum of eight security policy servers with different IP addresses can be configured. While users are surfing the Internet, the switch will only respond to the session control packets sent from the authentication server and the security policy server.

654 ● self-service-url 3Com Switch 4200G Family Command Reference

self-service-url

Purpose Use the self-service-url command to either enable or disable the self-service server location function.

Use the undo self-service-url command to restore the default state of this function.

Syntax self-service-url { disable | enable url-string }

undo self-service-url

Parameters url-string Specifies the URL address of the page used to modify the user password on the self-service server. url-string is a string that is 1 to 64 characters long. The string cannot contain the ? character. If the ? is contained in the URL address, replace it with a | when inputting the URL address in the command line.


Example Using the default ISP domain system, set the URL of the web page used to modify user password on the self-service server to http://10.153.89.94/selfservice/modPasswd1x.jsp|userName, by entering the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] domain system[S4200G-isp-system] self-service-url enable http://10.153.89.94/selfservice/modPasswd1x.jsp|userName


■ ISP Domain view

Description Note: 3Com's CAMS Server is a service management system used to manage networks and secure networks and user information. Cooperating with other network devices (such as switches) in a network, the CAMS Server accomplishes the AAA (authentication, authorization and accounting) services and rights management.

This command must be used with the cooperation of a self-service-supported RADIUS server (such as CAMS). Through self-service, users can manage and control their accounts or card numbers by themselves. A server installed with the self-service software is called a self-service server.

After this command is executed on the switch, users can locate the self-service server through the following operation: choose [change user password] on the 802.1x

3Com Switch 4200G Family self-service-url ● 655 Command Reference

client, the client opens the default browser (for example, IE or NetScape) and locates the specified URL page used to change user password on the self-service server. Then, the user can change the password.

A user can choose the [change user password] option on the client only after passing the authentication. If the user fails the authentication, this option is in grey and is unavailable.

656 ● send 3Com Switch 4200G Family Command Reference

send

Purpose Use the send command to send messages to a specified user interface or all user interfaces.

Syntax send { all | number | type }

Parameters all Specifies to send a message to all user interfaces.

number Specifies the absolute/relative number of the interface that you want to send a message to.

type Specifies the type and type number of the user interface that you want to send a message to.

Example To send a message to all the user interfaces, enter the following:

<S4200G>send all


■ User view

3Com Switch 4200G Family server-type ● 657 Command Reference

server-type

Purpose Use the server-type command to configure the RADIUS server type supported by the Switch.

Use the undo server-type to restore the RADIUS server type to the default value.

Syntax server-type { 3com | standard }

undo server-type

Parameters 3Com Specifies the 3Com private RADIUS protocol (such as the procedure and packet format) to interact with the 3Com RADIUS server, which is generally the CAMS.

standard Specifies to use the standard RADIUS protocol. That is, it is required that the RADIUS client (on the switch) and the RADIUS server interact with each other following the procedure and packet format of the standard RADIUS protocol (RFC2138/2139 or above).

Default By default, the switch supports the standard type of RADIUS server. The type of RADIUS server in the default RADIUS scheme "system" is 3Com.

Example To set the RADIUS server type in RADIUS scheme radius1 to 3Com, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] server-type 3Com



Description The Switch 4200G supports standard RADIUS protocol and the extended RADIUS service platform independently developed by 3Com.


658 ● service-type 3Com Switch 4200G Family Command Reference

service-type

Purpose Use the command service-type to authorize a user access to the specified services.

Use the command undo service-type to inhibit the user for accessing the specified services.

Syntax service-type { ftp [ ftp-directory directory ] | lan-access |{ssh | telnet | terminal }* [ level level ]}

undo service-type { ftp [ ftp-directory directory ] | lan-access |{ssh | telnet | terminal }* [ level level ]}

Parameters ftp Specifies the user type as ftp.

lan-access Specifies the user type as lan-access. For example Ethernet accessing users using 802.1x applications.

telnet Authorizes the user to access the Telnet.

ssh Specifies user type as SSH.

terminal Authorizes the user to use the terminal service (login from the Console port).

level level Specifies the level of Telnet, SSH, or terminal users. Valid values are integers from 0 to 3. If no value is specified, the default is 0.

ftp-directory directory Specifies the directory of ftp users. Valid values for directory are a character string up to 64 characters long.

Default By default, the user is inhibited from accessing any type of service.

Example To authorize user1 to access the Telnet service, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] local-user user1 New local user added.[S4200G-luser-user1] service-type telnet


■ Local User view

3Com Switch 4200G Family service-type ● 659 Command Reference

Description Commands are classified into four levels, as follows:

■ 0 - Visit level. Users at this level have access to network diagnosis tools (such as ping and tracert), and the Telnet commands. A user at this level cannot save the configuration file.

■ 1 - Monitoring level. Users at this level can perform system maintenance, service fault diagnosis, and so on. A user at this level cannot save the configuration file.

■ 2 - System level. Users at this level can perform service configuration operations, including routing, and can enter commands that affect each network layer. Configuration level commands are used to provide direct network service to the user.

■ 3 - Management level. Users at this level can perform basic system operations, and can use file system commands, FTP commands, TFTP commands, XModem downloading commands, user management commands and level setting commands.

660 ● service-type 3Com Switch 4200G Family Command Reference

service-type

Purpose Use the service-type command to specify the login type and the corresponding available command level.

Use the undo service-type command to cancel login type configuration.

Syntax service-type { ftp | lan-access | { ssh | telnet | terminal }* [ level level ] }

undo service-type { ftp | lan-access | { ssh | telnet | terminal }* }

Parameters ftp Specifies the users to be of FTP type.

lan-access Specifies the users to be of LAN-access type, which normally means Ethernet users, such as 802.1x users.

ssh Specifies the users to be of SSH type.

telnet Specifies the users to be of Telnet type.

terminal Makes terminal services available to users logging in through the Console port.

level level Specifies the user level for Telnet users, Terminal users, or SSH users. The level argument ranges from 0 to 3 and defaults to 0.

Example Configure commands of level 0 are available to the users logging in using the user name of “zbr”.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] local-user zbr[S4200G-luser-zbr] service-type telnet level 0

To verify the above configuration, you can quit the system, log in again using the user name of “zbr”, and then list the available commands, as listed in the following.

[S4200G] quit<S4200G> ? User view commands: cluster Run cluster command language-mode Specify the language environment ping Ping function quit Exit from current command view super Privilege specified user priority level telnet Establish one TELNET connection tracert Trace route function undo Negate a command or set its default

3Com Switch 4200G Family service-type ● 661 Command Reference


■ Local User view

Description Commands fall into four command levels: access, monitor, system, and administration, which are described as follows:

■ Access level: Commands of this level are used to diagnose network and change the language mode of user interface, such as the ping, tracert, and language-mode command. The Telnet command is also of this level. Commands of this level cannot be saved in configuration files.

■ Monitor level: Commands of this level are used to maintain the system, to debug service problems, and so on. The display and debugging command are of monitor level. Commands of this level cannot be saved in configuration files.

■ System level: Commands of this level are used to configure services. Commands concerning routing and network layers are of system level. You can utilize network services by using these commands.

■ Administration level: Commands of this level are for the operation of the entire system and the system supporting modules. Services are supported by these commands. Commands concerning file system, file transfer protocol (FTP), trivial file transfer protocol (TFTP), downloading using XModem, user management, and level setting are of administration level.

662 ● service-type multicast 3Com Switch 4200G Family Command Reference

service-type multicast

Purpose Use the service-type multicast command to set the current VLAN as a multicast VLAN.

Use the undo service-type multicast command to cancel the multicast VLAN setting.

Syntax service-type multicast

undo service-type multicast

Parameters None

Default By default, no VLAN is a multicast VLAN.

Example Configure VLAN 2 as a multicast VLAN.

<S4200G> system-view[S4200G] vlan 2[S4200G-vlan2] service-type multicast


■ VLAN view

Description By configuring a multicast VLAN, adding corresponding switch ports to the multicast VLAN and enabling IGMP Snooping, you can make users in different VLANs share the same multicast VLAN. This saves bandwidth since multicast stream is transmitted only within the multicast VLAN, and also guarantees the security because the multicast VLAN is completely isolated from the user VLANs.

3Com Switch 4200G Family set authentication password ● 663 Command Reference

set authentication password

Purpose Use the set authentication password command to set the local password.

Use the undo set authentication password command to remove the local password.

Syntax set authentication password { cipher | simple } password

undo set authentication password

Parameters cipher Specifies to display the local password in encrypted text when you display the current configuration.

simple Specifies to display the local password in plain text when you display the current configuration.

password If the authentication is in the simple mode, the password must be in plain text. If the authentication is in the cipher mode, the password can be either in encrypted text or in plain text. Whether the password is in encrypted text or plain text depends on the password string entered. Strings containing up to 16 characters (such as 123) are regarded as plain text passwords and are converted to the corresponding 24-character encrypted password (such as !TP<\*EMUHL,408`W7TH!Q!!). A encrypted password must contain 24 characters and must be in ciphered text (such as !TP<\*EMUHL,408`W7TH!Q!!).

Default By default, a password is required for users connecting over Modem or Telnet. If a password has not been set, the following prompt is displayed: Login password has not been set!

Example Set the local password of VTY 0 to "3Com".

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]user-interface vty 0[S4200G-ui-vty0]set authentication password simple 3com



Description The password in plain text is required when performing authentication, regardless of whether the configuration is plain text or cipher text.

664 ● sftp 3Com Switch 4200G Family Command Reference

sftp

Purpose Use the sftp command to establish a connection to the SFTP server and enter SFTP client view.

Syntax sftp { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | aes128 } ] [ prefer_stoc_cipher { des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ]

Parameters host-ip IP address of the server.

host-name Name of the server, consisting of a string from 1 to 20 characters long.

port-num Port number of the server. Valid values are 0 to 65,535. If not specified, the default port number is 22.

prefer_kex Key exchange algorithm preference. Choose one of the two algorithms available.

dh_group1 Diffie-Hellman-group1-sha1 key exchange algorithm. It is the default key exchange algorithm.

dh_exchange_group Diffie-Hellman-group-exchange-sha1 key exchange algorithm.

prefer_ctos_cipher Encryption algorithm preference from the client to server. It defaults to AES128.

prefer_stoc_cipher Encryption algorithm preference from the server to client. It defaults to AES128.

des DES_cbc encryption algorithm.

aes128 AES_128 encryption algorithm.

prefer_ctos_hmac HMAC algorithm preference from the client to server. It defaults to SHA1_96.

prefer_stoc_hmac HMAC algorithm preference from the server to client. It defaults to SHA1_96.

sha1 HMAC-SHA1 algorithm.

sha1_96 HMAC-SHA1_96 algorithm.

md5 HMAC-MD5 algorithm.

md5_96 HMAC-MD5-96 algorithm.

Example Establish a connection to the SFTP server with IP address 10.1.1.2 and use the default encryption algorithms.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] sftp 10.1.1.2

3Com Switch 4200G Family sftp ● 665 Command Reference


■ System view

666 ● sftp server enable 3Com Switch 4200G Family Command Reference

sftp server enable

Purpose Use the sftp server enable command to enable the secure FTP (SFTP) server.

Use the undo sftp server enable command to disable the SFTP server.

Syntax sftp server enable

undo sftp server

Parameters None

Default By default, the SFTP server is disabled.

Example Enable the SFTP server.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] sftp server enable

Disable the SFTP server.

[S4200G] undo sftp server


■ System view

3Com Switch 4200G Family sftp time-out ● 667 Command Reference

sftp time-out

Purpose Use the sftp time-out command to set the timeout time for the SFTP user connection.

Use the undo sftp time-out command to restore the default timeout time.

Syntax sftp time-out time-out-value

undo sftp time-out

Parameters time-out-value Timeout time. Valid values are 1 to 35,791 minutes. If not specified, the default is 10 minutes.

Example Set the timeout time for the SFTP user connection to 500 minutes.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] sftp timeout 500


■ System view

Description After you set the timeout time for the SFTP user connection, the system will automatically release the connection when the time is up.

668 ● shell 3Com Switch 4200G Family Command Reference

shell

Purpose Use the shell command to make terminal services available for the user interface.

Use the undo shell command to make terminal services unavailable to the user interface.

Syntax shell

undo shell

Parameters None

Default By default, terminal services are available in all user interfaces.

Example Log into user interface 0 and make terminal services unavailable in VTY 0 through VTY 4.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]user-interface vty 0 4[S4200G-ui-vty0-4]undo shell



Description When using the undo shell command, note the following points.

■ For reasons of security, the undo shell command can only be used on user interfaces other than the AUX user interface. The AUX port (also the Console) is exclusively used for configuring the switch.

■ You cannot use this command on the current user interface.

■ This command prompts for confirmation when being executed in any valid user interface.

3Com Switch 4200G Family shutdown ● 669 Command Reference

shutdown

Purpose Use the shutdown command to disable an Ethernet port.

Use the undo shutdown command to enable an Ethernet port.

Syntax shutdown

undo shutdown

Parameters None

Default By default, the Ethernet port is enabled.

Example Enable the GigabitEthernet1/0/1 port.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]interface GigabitEthernet 1/0/1[S4200G-GigabitEthernet1/0/1]undo shutdown



670 ● shutdown 3Com Switch 4200G Family Command Reference

shutdown

Purpose Use the shutdown command to disable the VLAN interface.

Use the undo shutdown command to enable the VLAN interface.

Syntax shutdown

undo shutdown

Parameters None

Default By default, a management VLAN interface is down if all the Ethernet ports in the management VLAN are down, and the management VLAN interface is up if one or more Ethernet ports in the management VLAN are up.

Example Bring up the management VLAN interface. (Assume that VLAN 1 is the management VLAN.)

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface vlan-interface 1[S4200G-Vlan-interface1] undo shutdown



Description This command can be used to start the interface after the related parameters and protocols of VLAN interface are set. Or when the VLAN interface fails, the interface can be shut down first and then restarted, in this way, the interface may be restored to normal status. Shutting down or starting VLAN interface will not take any effect on any Ethernet port of this VLAN.

3Com Switch 4200G Family smarton ● 671 Command Reference

smarton

Purpose Use the smarton command to enable the SmartOn function for an Ethernet port with supplicant systems attached.

Use the undo smarton command to disable the SmartOn function.

Syntax smarton

undo smarton

Parameters None

Default By default, the SmartOn function is disabled.

Example To enter system view, enter the following:


To enter GigabitEthernet1/0/2 port view, enter the following:


To enable 802.1x authentication and the SmartOn function, enter the following:

[S4200G-GigabitEthernet1/0/2] dot1x802.1X is enabled on port GigabitEthernet1/0/2



Description Caution: When executing the smarton command, make sure 802.1x authentication is enabled on the port.

672 ● smarton password 3Com Switch 4200G Family Command Reference

smarton password

Purpose Use the smarton password command to set the password to be used by the SmartOn function.

Use the undo smarton password command to revert to the default password.

Syntax smarton password { cipher password | simple password }

undo smarton password

Parameters cipher Specifies to enter ciphered password.

simple Specifies to enter password in plain text.

Password Password to be set. This argument is a string comprising up to 16 characters.

Default The default password is NULL.

Example To Enter system view. enter the following:


To set the password to be used by the SmartOn function to Test, enter the following:

[S4200G] smarton password Test


■ System view

3Com Switch 4200G Family smarton switchid ● 673 Command Reference

smarton switchid

Purpose Use the smarton switchid command to set the switch ID.

Use the undo smarton switchid command to revert to the default switch ID.

Syntax smarton switchid switch-ID

undo smarton switchid

Parameters switch-ID Specifies the switch ID. This argument is a string comprised of up to 30 characters.

Default The default switch ID is NULL.

Example To enter system view and set the switch ID to Switch, enter the following:

<S4200G> system-view[S4200G] smarton switchid Switch


■ System view

674 ● smarton timer 3Com Switch 4200G Family Command Reference

smarton timer

Purpose Use the smarton timer command to set the supplicant timeout timer for SmartOn-enabled supplicant systems.

Use the undo smarton timer command to revert to the default supplicant timeout timer setting.

Syntax smarton timer { supp-timeout supp-timeout-value | max-tx value }

undo smarton timer { supp-timeout | max-tx }

Parameters supp-timeout Sets the supplicant timeout timer.

supp-timeout-value Value of the supplicant timeout timer (in seconds). This argument ranges from 10 to 120 and defaults to 30. After sending an authentication request packet to an 802.1x client, a switch sends another authentication request packet if the switch does not receive responses from the SmartOn-enabled 802.1x client when the supplicant timeout timer expires.

max-tx value Specifies the maximum number of retries to send authentication request packets. The value argument ranges from 1 to 10 and defaults to 3. The SmartOn checking ends if the maximum number of retries to send authentication request packets is reached.

Default Normally, the default supplicant timeout timer setting is recommended.

Example To enter system view and set the supplicant timeout timer to 50 seconds, enter the following:

<S4200G> system-view[S4200G] smarton timer supp-timeout 50


■ System view

3Com Switch 4200G Family snmp-agent ● 675 Command Reference

snmp-agent

Purpose Use the snmp-agent command to enable SNMP Agent.

Use the undo snmp-agent command to disable SNMP Agent.

Syntax snmp-agent

undo snmp-agent

Parameters None

Default By default, SNMP Agent is disabled.

Example Disable running SNMP Agent.<S4200G> system-view[S4200G] undo snmp-agent


■ System view

Related Command None

676 ● snmp-agent community 3Com Switch 4200G Family Command Reference

snmp-agent community

Purpose Use the snmp-agent community command to set a community name and to enable users to access the switch through SNMP. You can also optionally use this command to apply an ACL to filter network management users.

Use the undo snmp-agent community command to cancel community-related configuration for the specified community.

Syntax snmp-agent community { read | write } community-name [ mib-view view-name ] [ acl acl-number ] ]

undo snmp-agent community community-name

Parameters read Specifies that the community has read-only permission in the specified view.

write Specifies that the community has read/write permission in the specified view.

community-name Community name character string.

mib-view Sets the name of the MIB view accessible to the community.

view-name MIB view name.

acl acl-number Specifies the ACL number. The acl-number argument ranges from 2,000 to 2,999.

Default By default, SNMPV1 and SNMPV2C access a switch by community names

Example Set the community name to "3Com", enable users to access the switch in the name of the community (with read-only permission), and apply ACL 2,000 to filter network management users (assuming that ACL 2000 already exists.).

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] snmp-agent community read 3Com acl 2000


■ System view

3Com Switch 4200G Family snmp-agent community ● 677 Command Reference


Purpose Use the snmp-agent community command to set the community access name and enable access to SNMP.

Use the undo snmp-agent community command to cancel the settings of community access name.

Syntax snmp-agent community { read | write } community-name [ mib-view view-name ] [ acl acl-list ] ]

undo snmp-agent community community-name

Parameters read Indicates that MIB object can only be read. Only the read-only community can query device information.

write Indicates that MIB object can be read and written. The read-write community can configure the device.

community-name The community name, a character string of 1 to 32 characters.

view-name The MIB view name, a character string of 1 to 32 characters.

acl acl-list The basic access control list (ACL) number specified by the community, ranging from 2,000 to 2,999.

Example Configure community name as comaccess and permit read-only access by this community name.

<S4200G> system-view[S4200G] snmp-agent community read comaccess

Configure community name as mgr and permit read-write access.

[S4200G] snmp-agent community write mgr

Remove community name comaccess.

[S4200G] undo snmp-agent community comaccess


■ System view

678 ● snmp-agent group 3Com Switch 4200G Family Command Reference

snmp-agent group

Purpose Use the snmp-agent group command to configure a SNMP group. You can also optionally use this command to apply an ACL to filter network management users.

Use the undo snmp-agent group command to delete a specified SNMP group.

Syntax snmp-agent group { v1 | v2c } group-name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number]

undo snmp-agent group { v1 | v2c } group-name

snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-number ]

undo snmp-agent group v3 group-name [ authentication | privacy ]

Parameters v1 Specifies to adopt V1 security scheme.

v2 Specifies to adopt V2 security scheme.

v3 Specifies to adopt V3 security scheme.

group-name Specifies a group name, up to 32 characters in length.

authentication Specifies to authenticate SNMP data without encrypting the data.

privacy Specifies that the packet is authenticated and encrypted.

read-view Sets a read-only view.

read-view Name of the view to be set to read-only, up to 32 characters in length.

write-view Sets a readable & writable views.

write-view Name of the view to be set to readable and writable, up to 32 characters in length.

notify-view Sets a notifying view.

notify-view Name of the view to be set to a notifying view, up to 32 characters in length.

acl acl-number Specifies an ACL. The acl-number argument ranges from 2,000 to 2,999.

Example Create a SNMP group named "3Com" and apply ACL 2001 to filter network management users (assuming that ACL 2001 already exists).

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] snmp-agent group v1 3Com acl 2001

3Com Switch 4200G Family snmp-agent group ● 679 Command Reference


■ System view

Description 3Com recommends that you do not use the notify-view parameter when configuring an SNMP group, for the following reasons:

■ The snmp-agent target-host command automatically generates a notify-view for a user, and adds it to the corresponding group.

■ Any change of the SNMP group notify-view will affect all the users related to this group.

680 ● snmp-agent group 3Com Switch 4200G Family Command Reference

snmp-agent group

Purpose Use the snmp-agent group command to configure a new SNMP group, that is, to map SNMP user to SNMP view.

Use the undo snmp-agent group command to cancel a specified SNMP group.

Syntax For Versions V1 and V2C:

snmp-agent group { v1 | v2c } group_name [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-list ]

undo snmp-agent group { v1 | v2c } group-name

For Version V3:

snmp-agent group v3 group-name [ authentication | privacy ] [ read-view read-view ] [ write-view write-view ] [ notify-view notify-view ] [ acl acl-list ]

undo snmp-agent group v3 group-name [ authentication | privacy ]

Parameters v1 Specifies to use version V1.

v2c Specifies to use version V2c.

v3 Specifies to use version V3.

group-name Enter a group name, up to 32 characters in length.

authentication Configures to authenticate the packet without encryption.

privacy Configures to authenticate and encrypt the packet.

read-view Configures read-only view settings.

read-view Enter a read-only view name, up to 32 characters in length.

write-view Configures read and write view settings.

write-view Enter a read and write view name, up to 32 characters in length.

notify-view Configures notify view settings.

notify-view Enter a notify view name, up to 32 characters in length.

acl acl-list Enter the access control list for this group name.

Example Create SNMP group 1.


3Com Switch 4200G Family snmp-agent group ● 681 Command Reference

[S4200G] snmp-agent group v3 group1


System view

Description 3Com recommends that you do not use the notify-view parameter when configuring an SNMP group, for the following reasons:

■ The snmp-agent target-host command automatically generates a notify-view for a user, and adds it to the corresponding group.

■ Any change of the SNMP group notify-view will affect all the users related to this group.

Related Command ■ snmp-agent mib-view

■ snmp-agent usm-user

682 ● snmp-agent local-engineid 3Com Switch 4200G Family Command Reference

snmp-agent local-engineid

Purpose Use the snmp-agent local-engineid command to set the engine ID of the local SNMP entity.

Use the undo snmp-agent local-engineid command to restore the default setting of engine ID.

Syntax snmp-agent local-engineid engineid

undo snmp-agent local-engineid

Parameters engineid Specifies the engine ID with a character string, only composed of hexadecimal numbers between 10 and 64 inclusive.

Example Configure the local device name as 123456789A.

<S4200G> system-view[S4200G] snmp-agent local-engineid 123456789A


■ System view

Description By default, the device engine ID is "Enterprise Number + device information". Device information is determined according to different products. It can be IP address, MAC address or user-defined hexadecimal numeral string.

Related Command ■ snmp-agent usm-user

3Com Switch 4200G Family snmp-agent log ● 683 Command Reference

snmp-agent log

Purpose Use the snmp-agent log command to enable the logging function for network management.

Use the undo snmp-agent log command to disable the logging function.

Syntax snmp-agent log { set-operation | get-operation | all }

undo snmp-agent log { set-operation | get-operation | all }

Parameters set-operation Logs the information about the set operation.

get-operation Logs the information about the get operation.

all Logs the information about both the get and set operations.

Default By default, the logging function is disabled.

Example Enable the logging function for both the get and the set operations.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] snmp-agent log all


■ System view

Description You can use the display logbuffer command to display logging information for the get and the set operations sent from network management station (NMS).

■ In a network that contains no fabric, you can use the display logbuffer command to view the logs of the get and set operations performed by the network administrator.

■ As for a fabric, you can execute the display logbuffer command on the master device to view the logs of the set operations performed by the network administrator, and execute the display logbuffer command on the devices to which the get operations are performed to view the logs of corresponding get operations.

684 ● snmp-agent mib-view 3Com Switch 4200G Family Command Reference

snmp-agent mib-view

Purpose Use the snmp-agent mib-view command to create or update the view information, limiting the MIB objects to be accessed by the NMS.

Use the undo snmp-agent mib-view command to cancel the current setting.

Syntax snmp-agent mib-view { included | excluded } view-name oid-tree

undo snmp-agent mib-view view-name

Parameters included Includes this MIB subtree.

excluded Excludes this MIB subtree.

view-name Specifies the view name, consisting of a character string from 1 to 32 characters long.

oid-tree The OID MIB subtree of the MIB object subtree. It can be a character string of the variable OID (such as 1.4.5.3.1), or a variable name (such as system). The character string can include wildcards (such as 1.4.5.*.*.1).

Default By default, the view name is viewDefault. OID is 1.

Example Create a view that consists of all the objects of MIB2.

<S4200G> system-view[S4200G] snmp-agent mib-view included mib2 1.3.6.1


■ System view

Related Command snmp-agent group

3Com Switch 4200G Family snmp-agent packet max-size ● 685 Command Reference

snmp-agent packet max-size

Purpose Use the snmp-agent packet max-size command to set the maximum size of SNMP packet that the Agent can send/receive.

Use the undo snmp-agent packet max-size command to restore the default size of SNMP packet.

Syntax snmp-agent packet max-size max-size

undo snmp-agent packet max-size

Parameters max-size Specifies the maximum size of SNMP packet (measured in bytes) that the agent can send or receive. Valid values are 484 to 17940 bytes. If not specified, the default size is 1500 bytes.

Example Set the maximum size of SNMP packet that the Agent can send/receive to 1,042 bytes.

<S4200G> system-view[S4200G] snmp-agent packet max-size 1042


■ System view

Description The sizes of the SNMP packets received/sent by the Agent are different in different network environments.

686 ● snmp-agent sys-info 3Com Switch 4200G Family Command Reference

snmp-agent sys-info

Purpose Use the snmp-agent sys-info command to configure system information such as geographical location of the device, contact information for system maintenance and version information of running SNMP.

Use the undo snmp-agent sys-info location command to restore the default value.

Syntax snmp-agent sys-info { contact sys-contact | location sys-location | version { { v1 | v2c | v3 } * | all } }

undo snmp-agent sys-info {{ contact | location | version { { v1 | v2c | v3 }* | all }}

Parameters sys-contact A character string describing the system maintenance contact. Valid values are 1 to 255 characters long. If not specified, the default contact information is "3Com Marlborough USA".

sys-location A character string to describe the system location. If not specified, the default character string is "Marlborough USA".

version Version of running SNMP.

v1 SNMP V1.

v2c SNMP V2C.

v3 SNMP V3.

all All SNMP version (includes SNMP V1, SNMP V2C, SNMP V3).

Example Set contact information for system maintenance as Dial System Operator # 1234.

<S4200G> system-view[S4200G] snmp-agent sys-info contact Dial System Operator # 1234


■ System view

Related Command diplay snmp-agent sys-info

3Com Switch 4200G Family snmp-agent target-host ● 687 Command Reference

snmp-agent target-host

Purpose Use the snmp-agent target-host command to command to configure destination of SNMP Trap packets.

Use the undo snmp-agent target-host command to cancel the host currently configured to receive SNMP notification.

Syntax snmp-agent target-host trap address udp-domain ip-addr [ udp-port udp-port-number ] params securityname security-string [ v1 | v2c | v3 [ authentication | privacy ] ]

undo snmp-agent target-host ip-addr securityname security-string

Parameters trap Specifies the host to receive traps or notifications

address Specifies the transport address to be used in the generation of SNMP messages.

udp-domain Specifies the transport domain over UDP for the target address.

ip-addr The IPv4 address of the host receiving Trap packets.

udp-port udp-port-number Specifies the UDP port number of the host to receive the SNMP notification.

params Specifies the SNMP target host information to be used in the generation of SNMP messages.

security-string The community name of SNMP V1 and SNMP V2C, or SNMP V3 user name, ranging from 1 to 32 characters.

v1 Specifies SNMP version 1.

v2c Specifies SNMP version 2C.

v3 Specifies SNMP version 3.

authentication Specifies that the packet is authenticated without encryption.

privacy Specifies that the packet is authenticated and encrypted.

Example Enable sending SNMP Trap packets to 10.1.1.1 with community name public.

<S4200G> system-view[S4200G] snmp-agent trap enable standard[S4200G] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public

688 ● snmp-agent target-host 3Com Switch 4200G Family Command Reference

Description The snmp-agent target-host command and the snmp-agent trap enable or enable snmp trap updown command must be used at the same time on the device to send Trap packets.

■ Use the snmp-agent trap enable or enable snmp trap updown command to set Trap packets allowed to send (all Trap packets can be sent by default).

■ Use the snmp-agent target-host command to set the address of the destination host receiving SNMP Trap packets.


■ System view

Related Command ■ snmp-agent trap enable

■ snmp-agent trap source

■ snmp-agent trap life

3Com Switch 4200G Family snmp-agent trap enable ● 689 Command Reference

snmp-agent trap enable

Purpose Use the snmp-agent trap enable command to enable the device to send Trap packets.

Use the undo snmp-agent trap enable command to disable Trap package sending.

Syntax snmp-agent trap enable [ configuration | flash | standard [ authentication | coldstart | linkdown | linkup | warmstart ]* | system ]

undo snmp-agent trap enable [ configuration | flash | standard [ authentication | coldstart | linkdown | linkup | warmstart ]* | system ]

Parameters configuration Configure to send SNMP configuration Trap packets.

flash Configure to send SNMP flash Trap packets.

standard Configures to send SNMP standard notification or Trap messages.

authentication Sends SNMP authentication failure Trap messages in cases of authentication failures.

coldstart Configures to send SNMP cold start Trap messages when the device is rebooted.

linkdown Configures to send SNMP link down Trap messages when the port is down.

linkup Configures to send SNMP link up Trap messages when the port is up.

warmstart Configures to send SNMP warm start Trap messages when SNMP is rebooted.

system Configures to send sysMIB (private MIB) Trap messages.

Default By default, Trap message sending is enabled.

Example Enable to send the Trap packet of SNMP authentication failure to 10.1.1.1. The community name is public.

<S4200G> system-view[S4200G] snmp-agent trap enable authentication[S4200G] snmp-agent target-host trap address udp-domain 10.1.1.1 params securityname public


■ System view

690 ● snmp-agent trap enable 3Com Switch 4200G Family Command Reference

Description The snmp-agent trap enable and snmp-agent target-host commands must be used at the same time. The snmp-agent target-host command specifies which hosts can receive Trap message. However, to send Trap message, you must configure snmp-agent target-host command.

3Com Switch 4200G Family snmp-agent trap life ● 691 Command Reference

snmp-agent trap life

Purpose Use the snmp-agent trap life command to set aging time for Trap packets.

Use the undo snmp-agent trap life command to restore the default aging time for Trap packets.

Syntax snmp-agent trap life seconds

undo snmp-agent trap life

Parameters seconds Specifies the timeouts (in seconds). Valid values are 1 to 2,592,000. If not specified, the default timeout interval is 120 seconds.

Example Configure the timeout interval of Trap packet as 60 seconds.

<S4200G>system-view<S4200G> system-view[S4200G] snmp-agent trap life 60


■ System view

Description The Trap packets exceeding the aging time are discarded.

Related Commands ■ snmp-agent trap enable

■ snmp-agent target-host

692 ● snmp-agent trap queue-size 3Com Switch 4200G Family Command Reference

snmp-agent trap queue-size

Purpose Use the snmp-agent trap queue-size command to configure the information queue length of a Trap packet sent to the destination host.

Use the undo snmp-agent trap queue-size command to restore the default value.

Syntax snmp-agent trap queue-size size

undo snmp-agent trap queue-size

Parameters size Length of queue. Valid values are 1 to 1000. If not specified, the default length is 100.

Example Configure the queue length to 200.

<S4200G> system-view[S4200G] snmp-agent trap queue-size 200


■ System view

Related Commands ■ snmp-agent trap enable

■ snmp-agent trap life

3Com Switch 4200G Family snmp-agent trap source ● 693 Command Reference

snmp-agent trap source

Purpose Use the snmp-agent trap source command to configure the source address for sending Trap messages.

Use the undo snmp-agent trap source command to cancel the source address for sending Trap messages.

Syntax snmp-agent trap source interface-type interface-number

undo snmp-agent trap source



Default By default, SNMP chooses an outgoing interface.

Example Configure the IP address of the VLAN interface 1 as the source address for transmitting the Trap packets.

<S4200G> system-view[S4200G] snmp-agent trap source Vlan-interface 1


■ System view

Description The SNMP Trap message sent from a server has a source IP address no matter which interface the Trap message is sent from.

You can configure this command to trace a specific event using the source address of a Trap packet

Note: Before setting the IP address of an interface address as the source address of the sent Trap packet, you must configure an IP address for the interface.

694 ● snmp-agent usm-user 3Com Switch 4200G Family Command Reference

snmp-agent usm-user

Purpose Use the snmp-agent usm-user command to add a new community name or, if you use the V3 parameter, a new user to an SNMP group.

Use the undo snmp-agent usm-user command to delete a user from an SNMP group.

Syntax snmp-agent usm-user { v1 | v2c } username groupname [ acl acl-list ]

undo snmp-agent usm-user { v1 | v2c } username groupname

snmp-agent usm-user v3 username groupname [ authentication-mode { md5 | sha } authpassstring [ privacy-mode { des56 privpassstring }]] [ acl acl-list ]

undo snmp-agent usm-user v3 username groupname { local | engineid engine-id }

Parameters username Enter the user name, up to 32 characters in length.

groupname Enter the group name corresponding to that user, up to 32 characters in length.

v1 Specifies the use of V1 safe mode.

v2c Specifies the use of V2c safe mode.


authentication-mode Specifies the use of authentication.

md5 Specifies that the MD5 algorithm is used in authentication. MD5 authentication uses a128-bit password. The computation speed of MD5 is faster than that of SHA

sha Specifies that the SHA algorithm is used in authentication. SHA authentication uses a 160-bit password. The computation speed of SHA is slower than that of MD5, but SHA offers higher security.

authpassstring Enter the authentication password, up to 64 characters in length.

privacy-mode Specifies the use of authentication and encryption.

des 56 Specifies that the DES encryption algorithm is used. Must be entered if you enter the privacy-mode parameter.

privpassstring Enter the encryption password with a character string, ranging from 1 to 64 bytes.

acl acl-list Enter the access control list for this user, based on USM name.

3Com Switch 4200G Family snmp-agent usm-user ● 695 Command Reference

Example To add a user named “JohnQ” to the SNMP group “3Com”, then configure the use of MD5, and set the authentication password to “pass”, enter the following:

<SW4200G>system-viewSystem View: return to User View with Ctrl+Z.[SW4200G]snmp-agent usm-user v3 JohnQ 3Com authentication-mode md5 pass[SW4200G]


■ System view

Description Note:

■ SNMP engineID (for authentication) is required when configuring remote users. This command will not be effective if engineID is not configured.

■ For V1 and V2C, this command will add a new community name. For V3, it will add a new user for an SNMP group. See Related Commands below.

Related Commands ■ display snmp-agent

■ snmp-agent local engineid


snmp-agent usm-user

Purpose Use the snmp-agent usm-user command to add a new user to an SNMP group. You can also optionally use this command to apply an ACL to filter network management users.

Use the undo snmp-agent usm-user command to remove the user from the corresponding SNMP group. The operation also frees the user from the corresponding ACL-related configuration.

Syntax snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]

undo snmp-agent usm-user { v1 | v2c } user-name group-name

snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha } auth-password ] [ acl acl-number ]

undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-string }

Parameters v1 Specifies to adopt V 1 security mode.

v2c Specifies to adopt V 2 security mode.

v3 Specifies to adopt V 3 security mode.

user-name The user name. Valid values are from 1 to 32 bytes.

group-name The corresponding group name of the user. Valid values are from 1 to 32 bytes.

authentication-mode Specifies the security level to "to be authenticated"

md5 Specifies the authentication protocol as HMAC-MD5-96.

sha Specifies the authentication protocol as HMAC-SHA-96.

auth-password Authentication password, consisting of a character string from 1 to 64 bytes.

privacy Specifies the security level as encryption.

des56 Specifies the DES encryption protocol.

priv-password Encryption password, character string, ranging from 1 to 64 bytes.

acl acl-number The number identifier of basic number-based ACLs, ranging from 2000 to 2999.

local Local entity user.

engineid Specifies the engine ID related to the user.

engineid-string Engine ID character string, comprised of 10 to 64 characters.


Example Add the user named "3Com" to the SNMP group named "3Comgroup", specifying to authenticate the user, specifying the authentication protocol to be HMAC-MD5-96, the authentication password to be "S4200G", and applying ACL 2002 to filter network management users (assuming that ACL 2002 already exists).

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] snmp-agent usm-user v3 3Com 3Comgroup authentication-mode md5 S4200G acl 2002


■ System view


snmp-agent usm-user

Purpose Use the snmp-agent usm-user command to add a new user to an SNMP group.

Use the undo snmp-agent usm-user command to remove the user from the related SNMP group.

Syntax For Versions V1 and V2C:

snmp-agent usm-user { v1 | v2c } user-name group-name [ acl acl-number ]

undo snmp-agent usm-user { v1 | v2c } user-name group-name

For Version V3:

snmp-agent usm-user v3 user-name group-name [ authentication-mode { md5 | sha } auth-password ] [ privacy-mode des56 priv-password ][ acl acl-number ]

undo snmp-agent usm-user v3 user-name group-name { local | engineid engineid-string }

Parameters v1 V 1 security mode.

v2c V 2 security mode.

v3 V 3 security mode.

user-name The user name. Valid values are from 1 to 32 characters.

group-name The corresponding group name of the user. Valid values are from 1 to 32 characters.

authentication-mode Specifies the security level to "to be authenticated." Absence of this parameter indicates that neither authentication nor encryption is required.

md5 Specifies the authentication protocol as HMAC-MD5-96 algorithm.

sha Specifies the authentication protocol as HMAC-SHA-96 algorithm.

auth-password Authentication password, consisting of a character string from 1 to 64 characters long.

privacy Specifies the security level as encryption.

des56 Specifies the DES encryption protocol.

priv-password Encryption password, character string, ranging from 1 to 64 bytes.

acl-number The number identifier of basic number-based ACLs, ranging from 2000 to 2999.

local Represents a local entity user.


engineid Specifies the engine ID related to the user.

engineid-string Specifies the engine ID character string, ranging from 10 to 64 hexadecimal numerals.

Example Add a user John to SNMP group Johngroup. Configure to authenticate using HMAC-MD5-96 algorithm, require authentication and set authentication password as hello.

<S4200G> system-view[S4200G] snmp-agent group v3 Johngroup[S4200G] snmp-agent usm-user v3 John Johngroup authentication-mode md5 hello


■ System view

Description The snmp-agent usm-user command is used to delete the stopping accounting requests from the Switch buffer.

While using SNMPV3, SNMP engineID (for authentication) is required when you configure a remote user for an agent. If you change engineID after configuring a user, the user corresponding to the original engineID is not effective.

For V1 and V2C, this command will add a new community name. For V3, it will add a new user for an SNMP group.

Related Commands ■ snmp-agent group

■ snmp-agent community

■ snmp-agent local-enginid


snmp-agent usm-user

Purpose Use the snmp-agent usm-user command to add a new community name or, if you use the V3 parameter, a new user to an SNMP group.

Use the undo snmp-agent usm-user command to delete a user from an SNMP group.

Syntax snmp-agent usm-user { v1 | v2c } username groupname [ acl acl-list ]

undo snmp-agent usm-user { v1 | v2c } username groupname

snmp-agent usm-user v3 username groupname [ authentication-mode { md5 | sha } authpassstring [ privacy-mode { des56 privpassstring }]] [ acl acl-list ]

undo snmp-agent usm-user v3 username groupname { local | engineid engine-id }

Parameters username Specifies the user name, consisting of a character string from 1 to 32 characters in length.

groupname Specifies the group name corresponding to that user, consisting of a character string from 1 to 32 characters in length.


v2c Specifies the use of V2c safe mode.


authentication-mode Specifies the use of authentication.

md5 Specifies that the MD5 algorithm is used in authentication. MD5 authentication uses a128-bit password. The computation speed of MD5 is faster than that of SHA

sha Specifies that the SHA algorithm is used in authentication. SHA authentication uses a 160-bit password. The computation speed of SHA is slower than that of MD5, but SHA offers higher security.

authpassstring Enter the authentication password, up to 64 characters in length.

privacy-mode Specifies the use of authentication and encryption.

des 56 Specifies that the DES encryption algorithm is used. Must be entered if you enter the privacy-mode parameter.

privpassstring Specifies the encryption password with a character string from 1 to 64 bytes.

acl acl-list Specifies the access control list for this user, based on USM name.


Example To add a user named “JohnQ” to the SNMP group “3Com”, then configure the use of MD5, and set the authentication password to “pass”, enter the following:

<SW4200G>system-viewSystem View: return to User View with Ctrl+Z.[SW4200G]snmp-agent usm-user v3 JohnQ 3Com authentication-mode md5 pass[SW4200G]


■ System view

Description Note:

■ SNMP engineID (for authentication) is required when configuring remote users. This command will not be effective if engineID is not configured.

■ For V1 and V2C, this command will add a new community name. For V3, it will add a new user for an SNMP group. See Related Commands below.

Related Commands ■ display snmp-agent

■ snmp-agent usm-user

702 ● snmp-host 3Com Switch 4200G Family Command Reference

snmp-host

Purpose Use the snmp-host command to configure an SNMP host for the member devices inside a cluster on the management device.

Use the undo snmp-host command to cancel the SNMP host configuration.

Syntax snmp-host ip-address

undo snmp-host

Parameters ip-address IP address of the SNMP host configured for the cluster.

Default By default, no public SNMP host is configured.

Example Configure an SNMP host for the cluster on the management device.

<aaa_0.S4200G>system-viewSystem View: return to User View with Ctrl+Z.[aaa_0.S4200G]cluster[aaa_0.S4200G-cluster] snmp-host 1.0.0.9


■ Cluster view

Description Only after you configure the IP address of the network management site for the cluster, cluster members can send the trap information to the site through the management device.

These commands can only be executed on the management device.

3Com Switch 4200G Family speed ● 703 Command Reference

speed

Purpose Use the speed command to set the transmission speed of the user interface.

Use the undo speed command to revert to the default transmission speed.

Syntax speed speed-value

undo speed

Parameters speed-value Specifies the transmission rate on the AUX (Console) port in bits per second (bps). Valid values are any of the following: 300, 600, 1200, 2400, 4800, 9600, 19200, 38400, 57600, or 115200. If not specified, the default rate is 9,600 bps.

Example To configure the transmission speed on the AUX (Console) port as 9600 b/s, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]user-interface aux 0[S4200G-ui-aux0]speed 9600



Description Note: The speed and undo speed commands can only be performed in AUX User Interface view

704 ● speed 3Com Switch 4200G Family Command Reference

speed

Purpose Use the speed command to configure the port rate.

Use the undo speed command to restore the default port rate.

Syntax speed { 10 | 100 | 1000 | auto }

undo speed

Parameters 10 Sets the port rate to 10 Mbps.

100 Sets the port rate to 100 Mbps.

1000 Sets the port rate to 1000 Mbps. (Only available on Gigabit ports).

auto Sets the port speed to auto-negotiation rate mode.

Default By default, the port is in auto-negotiation rate mode.

Example Set the rate of the GigabitEthernet1/0/1 port to 10 Mbps.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]interface GigabitEthernet 1/0/1[S4200G-Ethernet1/0/1]speed 10



Description Note: The speed and undo speed commands cannot be configured on a combo port.

Related Command duplex

3Com Switch 4200G Family ssh client assign rsa-key ● 705 Command Reference

ssh client assign rsa-key

Purpose Use the ssh client assign rsa-key command to specify on the client the public key for the server to be connected to guarantee the client can be connected to a reliable server.

Use the undo ssh client assign rsa-key command to remove the association between the public keys and servers.

Syntax ssh client { server-ip | server-name } assign rsa-key keyname

undo ssh client server-ip assign rsa-key

Parameters server-ip Server IP address.

server-name Server name, consisting of a string from 1 to 80 characters long.

keyname Server public key name, consisting of a string from 1 to 64 characters long.

Example Specify on the client the public key of the server (with IP address 192.168.0.1) as abc.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ssh client 192.168.0.1 assign rsa-key abc


■ System view

706 ● ssh client first-time enable 3Com Switch 4200G Family Command Reference

ssh client first-time enable

Purpose Use the ssh client first-time enable command to configure the client to run the initial authentication.

Use the undo ssh client first-time command to remove the configuration.

Syntax ssh client first-time enable

undo ssh client first-time

Parameters None

Default By default, the client runs the initial authentication.

Example Configure the client to run the initial authentication.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ssh client first-time enable


■ System view

Description In the initial authentication, if the SSH client does not have the public key for the server which it accesses for the first time, the client continues to access the server and save locally the public key of the server. Then at the next access, the client can authenticate the server with the public key saved locally.

When the initial authentication function is not available, the client does not access the server if it does not have the public key of the server locally. In this case, you need first to save the public key of the target server to the client in other ways.

3Com Switch 4200G Family ssh server authentication-retries ● 707 Command Reference

ssh server authentication-retries

Purpose Use the ssh server authentication-retries command to set authentication retry number for SSH connections.

Use the undo ssh server authentication-retries command to restore the default authentication retry number. The default value takes effect at next login.

Syntax ssh server authentication-retries times

undo ssh server authentication-retries

Parameters times Authentication retry number. Valid values are 1 to 5. If not specified, the default is 3.

Example Set the authentication retry number to 4.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ssh server authentication-retries 4


■ System view

Description Note: If you have used the ssh user authentication-type command to configure the authentication type to password-publickey, you must set the authentication retry times to a number greater than or equal to 2, for one is counted when a client sends a public key to the server.

Related Command display ssh server

708 ● ssh server timeout 3Com Switch 4200G Family Command Reference

ssh server timeout

Purpose Use the ssh server timeout command to set authentication timeout time for SSH connections.

Use the undo ssh server timeout command to restore the default timeout time. The default value takes effect at next login.

Syntax ssh server timeout seconds

undo ssh server timeout

Parameters seconds Authentication timeout time (in seconds). Valid values are 1 to 120. If not specified, the default is 60 seconds.

Example Set the authentication timeout time to 80 seconds.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ssh server timeout 80


■ System view

Related Command display ssh server

3Com Switch 4200G Family ssh user assign rsa-key ● 709 Command Reference

ssh user assign rsa-key

Purpose Use the ssh user assign rsa-key command to allocate public keys to SSH users.

Use the undo ssh user assign rsa-key command to remove the association between the public keys and SSH users. The configuration takes effect at the next login.

Syntax ssh user username assign rsa-key keyname

undo ssh user username assign rsa-key

Parameters username SSH user name, consisting of a string from 1 to 80 characters long.

keyname Client public key name, consisting of a string from 1 to 64 characters long.

Example Set the client public key for the zhangsan user to key1.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ssh user zhangsan assign rsa-key key1[S4200G]


■ System view

Description If the user already has a public key, the new public key overrides the old one.

Related Command display ssh user-information

710 ● ssh user authentication-type 3Com Switch 4200G Family Command Reference

ssh user authentication-type

Purpose Use the ssh user authentication-type command to define on the server the available authentication type for an SSH user.

Use the undo ssh user authentication-type command to restore the default setting.

Syntax ssh user username authentication-type { password | rsa | password-publickey | all }

undo ssh user username authentication-type

Parameters username Valid SSH user name, consisting of a string from 1 to 80 characters long.

password Specifies the authentication type as password.

rsa Specifies the authentication type as RSA public key.

password-publickey Specifies the authentication type as both password and RSA public key. That is, the user can pass the authentication only if both the password and RSA public key are correct.

For the authentication type specified by the password-publickey keyword,

■ SSHv1 client users can access the switch as long as they pass one of the two authentications.

■ SSHv2 client users can access the switch only when they pass both the authentications.

all Specifies the authentication type as either password or RSA public key. That is, the user can pass the authentication if either the password or RSA public key is correct.

Default By default, no authentication type is specified for new users, so they cannot access the switch.

New users must specify authentication type. Otherwise, they cannot access the switch. The new authentication type configured takes effect at the next login.

Example Set the authentication type for the zhangsan user as password.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ssh user zhangsan authentication-type password


3Com Switch 4200G Family ssh user authentication-type ● 711 Command Reference

■ System view

Description This command defines available authentication type on the server. The actual authentication type, however, is determined by the client.


712 ● ssh user service-type 3Com Switch 4200G Family Command Reference

ssh user service-type

Purpose Use the ssh user service-type command to specify service type for a user.

Use the undo ssh user service-type command to restore the default service type for the SSH user in the system.

Syntax ssh user username service-type { stelnet | sftp | all }

undo ssh user username service-type

Parameters username Local user name or the user name defined on the remote RADIUS server, consisting of a string from 1 to 80 characters long.

stelnet Sets the service type to Telnet. If no service type is specified, Telnet is used as the default.

sftp Sets the service type to SFTP.

all Includes Telnet and SFTP two services types.

Example Specify SFTP service for SSH user zhangsan.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ssh user zhangsan service-type sftp


■ System view


3Com Switch 4200G Family ssh2 ● 713 Command Reference

ssh2

Purpose Use the ssh2 command to enable the connection between SSH client and server, define key exchange algorithm preference, encryption algorithm preference and HMAC algorithm preference on the server and client.

Syntax ssh2 { host-ip | host-name } [ port-num ] [ prefer_kex { dh_group1 | dh_exchange_group } ] [ prefer_ctos_cipher { des | aes128 } ] [ prefer_stoc_cipher { des | aes128 } ] [ prefer_ctos_hmac { sha1 | sha1_96 | md5 | md5_96 } ] [ prefer_stoc_hmac { sha1 | sha1_96 | md5 | md5_96 } ]

Parameters host-ip Server IP address.

host-name Server name, consisting of a string from 1 to 20 characters long.

port-num Server port number. Valid values are 0 to 65,535. If not specified, the default is 22.

prefer_kex Key exchange algorithm preference. Choose one of the two algorithms available.

dh_group1 Diffie-Hellman-group1-sha1 key exchange algorithm. If not specified, Diffie-Hellman-group1-sha1 key exchange is the default algorithm.

dh_exchange_group Diffie-Hellman-group-exchange-sha1 key exchange algorithm.

prefer_ctos_cipher Encryption algorithm preference from the client to server. If not specified, the default is AES128.

prefer_stoc_cipher Encryption algorithm preference from the server to client. If not specified, the default is AES128.

des DES_cbc encryption algorithm.

aes128 AES_128 encryption algorithm.

prefer_ctos_hmac HMAC algorithm preference from the client to server. If not specified, the default is SHA1_96.

prefer_stoc_hmac HMAC algorithm preference from the server to client. If not specified, the default is SHA1_96.

sha1 HMAC-SHA1 algorithm.

sha1_96 HMAC-SHA1_96 algorithm.

md5 HMAC-MD5 algorithm.

md5_96 HMAC-MD5-96 algorithm.

714 ● ssh2 3Com Switch 4200G Family Command Reference

Example Log into the SSH 2.0 server with IP address 10.214.50.51 and make these settings:

■ Key exchange algorithm preference as dh_exchange_group

■ encryption algorithm preference from the server to client as aes128

■ HMAC algorithm preference from the client to server as md5

■ HMAC algorithm preference from the server to client as sha1_96

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] ssh2 10.214.50.51 prefer_kex dh_exchange_group prefer_stoc_cipher aes128 prefer_ctos_hmac md5 prefer_stoc_hmac sha1_96


■ System view

3Com Switch 4200G Family startup bootrom-access enable ● 715 Command Reference

startup bootrom-access enable

Purpose Use the startup bootrom-access enable command to specify a switch to prompt for the customized password before entering the BOOT menu.

Use the undo startup bootrom-access enable to disable the user from entering the main Boot Menu with customized password.

Syntax startup bootrom-access enable

undo startup bootrom-access enable

Parameters None

Default By default, the user is disabled from entering the main Boot Menu with customized password.

Example Specify to prompt for the customized password before entering the BOOT menu.

<S4200G> startup bootrom-access enable


■ User view

Related Command You can use the display startup command to check the executing results of the above commands.

716 ● startup saved-configuration 3Com Switch 4200G Family Command Reference

startup saved-configuration

Purpose Use the startup saved-configuration command to specify the main or backup configuration file for a switch to start the next time.

Use the undo startup saved-configuration command to specify a switch to start without loading the configuration file.

Syntax startup saved-configuration cfgfile [ backup | main ]

undo startup saved-configuration [ unit unit-id ]

Parameters cfgfile Path name or file name of a configuration file in the flash memory, consisting of a character string from 5 to 56 characters long.

backup Assigns the backup attribute to the file.

main Assigns the main attribute to the file.

unit unit-id Unit ID of a switch.

CAUTION: To make a switch to start without loading the configuration file, do not execute the save command after executing the undo startup saved-configuration command.

Example Configure the file named vrpcfg.cfg to be the main configuration file for the switch to start the next time.

<S4200G>startup saved-configuration vrpcfg.cfg mainPlease wait......Done! %Apr 2 02:55:10:025 2000 S4200G CFM/3/CFM_LOG:- 1 -Unit1 set the configuration successfully.


■ User view

Description Executing the startup saved-configuration command with neither backup nor main parameter assigns the main attribute to the file.

Related Command display startup

3Com Switch 4200G Family state ● 717 Command Reference

state

Purpose Use the state command to configure the state of the current ISP domain/current user.

In ISP Domain view or Local User view, use the state command to configure the state of the current ISP domain/current user.

In RADIUS view, use the state command to set the status of a RADIUS server.

Syntax In ISP Domain view or Local User view:

state { active | block }

In RADIUS view:

state { block | active } { primary | secondary } { accounting | authentication }

Parameters active ■ In ISP Domain view or Local User view:

Sets the current ISP domain in ISP Domain View or local user in Local User View. In other words, allow users in the current ISP domain or the current local user to access the network.

■ In RADIUS view:

Sets the status of the specified RADIUS server to active (that is, the normal working state).

block ■ In ISP Domain view or Local User view:

Inhibits the current ISP domain in ISP domain view or local user in Local User view. In other words, blocks users in current ISP domain or current local user from accessing the network.

■ In RADIUS view:

Sets the status of the specified RADIUS server to block (that is, the down state).

primary Specifies the server to be set is a primary RADIUS server.

secondary Specifies the server to be set is a secondary RADIUS server.

accounting Specifies the server to be set is a RADIUS accounting server.

authentication Specifies the server to be set is a RADIUS authentication/authorization server.

Default In ISP Domain view or Local User view, an ISP domain and the local user are in the active state upon creation.

718 ● state 3Com Switch 4200G Family Command Reference

In RADIUS view, all the RADIUS servers in a user-defined RADIUS scheme are in the active state; and the RADIUS servers in the default RADIUS scheme "system" are in the block state.

Example In ISP Domain view or Local User view to set the ISP domain aabbcc.net to the block state, so that all its offline users cannot access the network, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] domain aabbcc.netNew Domain added.[S4200G-isp-aabbcc.net] state block

In ISP Domain view or Local User view to set user1 to the block state.

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] local-user user1 [S4200G-user-user1] state block

In RADIUS view to set the timeout time of the response timeout timer for the RADIUS scheme radius1 to 5 seconds, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] timer 5


■ ISP Domain view

■ Local User view

■ RADIUS view

Description In ISP Domain view or Local User view:

■ After an ISP domain is set to the block state, except the online users, the users under this domain are not allowed to access the network.

■ After the local user is set to the block state, the user is not allowed to access the network.

In RADIUS view for the primary and secondary servers (authentication/authorization servers, or accounting servers) in a RADIUS scheme, note that:

■ If the switch gets no response from the RADIUS server after sending out a RADIUS request (authentication/authorization request or accounting request) and waiting for a time, it should retransmit the packet to ensure that the user can obtain the RADIUS service. This wait time is called response timeout time of RADIUS server; and the timer in the switch system that is used to control this time is called the response timeout timer of RADIUS server. You can use the timer command to set the timeout time of this timer.

■ Appropriately setting the timeout time of this timer according to the network situation can improve the performance of the system.


■ The timer command has the same effect with the timer response-timeout command.

Related Command For ISP Domain view or Local User view)

■ domain

For RADIUS view:

■ radius scheme

■ retry

720 ● state 3Com Switch 4200G Family Command Reference

state

Purpose Use the state command to configure the state of RADIUS server.

Syntax state { primary | secondary } { accounting | authentication } { block | active }

Parameters primary Configures to set the state of the primary RADIUS server.

secondary Configures to set the state of the second RADIUS server.

accounting Configures to set the state of RADIUS accounting server.

authentication Configures to set the state of RADIUS authentication/authorization.

block Configures the RADIUS server to be in the state of block.

active Configures the RADIUS server to be active, namely the normal operation state.

Default By default, as for the newly created RADIUS scheme, the primary and secondary accounting/authentication servers are in the state of block; as for the "system" RADIUS scheme created by the system, the primary accounting/authentication servers are in the state of active, and the secondary accounting/authentication servers are in the state of block.

Example To set the second authentication server of RADIUS scheme, “3Com”, to be active, enter the following:

<SW4200G>system-viewSystem View: return to User View with Ctrl+Z.[SW4200G]radius scheme 3Com[SW4200G-radius-3Com]state secondary authentication active



Description For the primary and second servers (no matter an authentication/authorization or an accounting server), if the primary server is disconnected to NAS for some fault, NAS will automatically turn to exchange packets with the second server. However, after the primary one recovers, NAS will not resume the communication with it at once, instead, it continues communicating with the second one. When the second one fails to communicate, NAS will turn to the primary one again. This command is used to set


the primary server to be active manually, in order that NAS can communicate with it right after the troubleshooting.

When the primary and second servers are all active or block, NAS will send the packets to the primary server only.

Related Commands ■ primary accounting

■ primary authentication

■ radius-scheme

■ secondary accounting

■ secondary authentication

722 ● stop-accounting-buffer enable 3Com Switch 4200G Family Command Reference

stop-accounting-buffer enable

Purpose Use the stop-accounting-buffer enable command to enable the switch to buffer the stop-accounting requests that bring no response.

Use the undo stop-accounting-buffer enable command to disable the switch from buffering the stop-accounting requests that bring no response.

Syntax stop-accounting-buffer enable

undo stop-accounting-buffer enable

Parameters None

Default By default, the switch is enabled to buffer the stop-accounting requests that bring no response.

Example To enable the switch to buffer the stop-accounting requests that bring no response from the servers in RADIUS scheme radius1, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] stop-accounting-buffer enable



Description Stop-accounting requests are critical to billing and will eventually affect the charges; they are important for both the users and the ISP. Therefore, the switch should do its best to transmit them to the RADIUS server. If the RADIUS accounting server does not respond to such a request, the switch should first buffer the request on itself, and then retransmit the request to the RADIUS accounting server until it gets a response, or the maximum number of transmission attempts is reached (in this case, it discards the request).

Related Commands ■ display stop-accounting-buffer

■ radius scheme

■ reset stop-accounting-buffer

3Com Switch 4200G Family stopbits ● 723 Command Reference

stopbits

Purpose Use the stopbits command to set the stop bits of the user interface.

Use the undo stopbits command to revert to the default stop bits.

Syntax stopbits { 1 | 1.5 | 2 }

undo stopbits

Parameters 1 Sets the stop bits to 1. If no value is specified, 1 is the default.

1.5 Sets the stop bits to 1.5.

2 Sets the stop bits to 2.

Example Set the stop bits to 2.

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]user-interface aux 0[S4200G-ui-aux0]stopbits 2



Description This command can only be performed in AUX User Interface view.

724 ● stp 3Com Switch 4200G Family Command Reference

stp

Purpose Use the stp command to enable or disable MSTP globally or for a port.

Use the undo stp command to restore the default MSTP status globally or for a port.

Syntax stp { enable | disable }

undo stp

Parameters enable Enables MSTP globally or for a port.

disable Disables MSTP globally or for a port.

Default By default, MSTP is disabled.

Example To enable MSTP globally, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp enable

To disable MSTP for port Ethernet1/0/1, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet 1/0/1[S4200G-GigabitEthernet1/0/1] stp disable


■ System view


Description With MSTP enable, a switch determines whether to operate in STP mode, RSTP mode, or MSTP mode according to your configuration. A switch becomes a transparent bridge if you disable MSTP.

With MSTP enabled, a switch dynamically maintains the status of spanning trees by processing BPDUs of the corresponding VLANs. After MSTP is disabled, the switch stops doing so.

Related Commands ■ stp interface

■ stp mode

3Com Switch 4200G Family stp bpdu-protection ● 725 Command Reference

stp bpdu-protection

Purpose Use the stp bpdu-protection command to enable the BPDU protection function.

Use the undo stp bpdu-protection command to restore the default operation mode of the BPDU protection function,

Syntax stp bpdu-protection

undo stp bpdu-protection

Parameters None

Default By default, the BPDU protection function is disabled.

Example To enable the BPDU protection function, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp bpdu-protection


■ System view

Description Normally, access ports of access layer devices have terminals (such as PCs) or file servers directly connected to them. These ports are usually configured to be edge ports to achieve rapid transition. When they receive BPDUs, however, they are set as non-edge ports automatically, which causes MSTP to recalculate the spanning trees, resulting in network topology jitters.

In normal cases, edge ports are free of BPDUs. But malicious users may attack the switches by sending forged BPDUs to the edge ports to create network jitters. You can prevent this type of attack by utilizing the BPDU protection function. With this function enabled on a switch, once an edge port receives a BPDU, the system automatically shut it down and notifies the network administrator of the situation. Only the administrator can restore edge ports that are shut down.

CAUTION:

As 1000 Mbps ports of a 3Com Switch 4200G Family switch cannot be shut down, the BPDU protection function is not applicable to these ports even you enable the BPDU protection function and specify these ports to be MSTP edge ports.

726 ● stp bridge-diameter 3Com Switch 4200G Family Command Reference

stp bridge-diameter

Purpose Use the stp bridge-diameter command to set the network diameter of a switched network, which is represented in terms of the maximum number of switches between any two terminals in a switched network.

Use the undo stp bridge-diameter command to restore the default network diameter.

Syntax stp bridge-diameter bridgenum

undo stp bridge-diameter

Parameters bridgenum Sets the network diameter for the switched network. Valid values are 2 to 7.

Default By default, the network diameter of a switched network is 7.

Example To set the network diameter to 5, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp bridge-diameter 5


■ System view

Description An MSTP-enabled switch adjusts its Hello time, Forward delay, and Max age settings accordingly after you configure the network diameter on the switch. With the network diameter set to 7 (the default), the three time settings are set to their defaults as well.

The stp bridge-diameter command applies to CISTs only; it is invalid for MSTIs.

Related Commands ■ stp timer forward-delay

■ stp timer hello

■ stp timer max-age

3Com Switch 4200G Family stp config-digest-snooping ● 727 Command Reference

stp config-digest-snooping

Purpose Use the stp config-digest-snooping command to enable the digest snooping feature.

Use the undo stp config-digest-snooping command to disable the digest snooping feature.

Syntax stp config-digest-snooping

undo stp config-digest-snooping

Parameters None

Default The digest snooping feature is disabled by default.

Example To enable the digest snooping feature for GigabitEthernet1/0/1 port, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] stp config-digest-snooping[S4200G-GigabitEthernet1/0/1] quit[S4200G]stp config-digest-snooping



Description According to IEEE 802.1s, two connected switches can interwork with each other through MSTIs in an MST region only when the two switches have the same MST region-related configuration. With MSTP employed, interconnected switches determine whether or not they are in the same MST region by checking the configuration IDs of the BPDUs between them. (A configuration ID contains information such as region ID and configuration digest.)

As some partners' switches adopt proprietary spanning tree protocols, they cannot interwork with other switches in an MST region even if they are configured with the same MST region-related settings as other switches in the MST region.

This kind of problems can be overcome by implementing the digest snooping feature. If a switch port is connected to a partner's switch that has the same MST region-related settings but adopts a proprietary spanning tree protocol, you can enable digest snooping on the port. Then the switch regards the peer switch connected to the port as in the same region and records the configuration digests carried in the BPDUs received from the switch, which will be put in the BPDUs to be

728 ● stp config-digest-snooping 3Com Switch 4200G Family Command Reference

send to the peer switch.. In this way, the switch can interwork with the partners' switches in an MST region.

Note:

■ The digest snooping feature is needed only when your S5100-EI series switch is connected to partner's proprietary protocol-adopted switches.

■ To enable the digest snooping feature successfully, you must first enable it on all the switch ports that connect to partner's proprietary protocol-adopted switches and then enable it globally.

■ To enable the digest snooping feature, the interconnected switches must be configured with exactly the same MST settings.

■ The digest snooping feature must be enabled on all the switch ports that connect to partners' proprietary protocol-adopted switches in the same MST region..

■ To change MST region-related configuration, be sure to disable the digest snooping feature first to prevent possible broadcast storms.

3Com Switch 4200G Family stp cost ● 729 Command Reference

stp cost

Purpose Use the stp cost command to set the path cost of a port in a spanning tree instance.

Use the undo stp cost command to restore the default.

Syntax stp [ instance instance-id ] cost cost

undo stp [ instance instance-id ] cost

Parameters instance-id Specifies the ID of a spanning tree instance. Valid values are 0 to 16. A value of 0 specifies the CIST.

cost Specifies the path cost for the port. Valid values are 1 to 200,000,000.

Default By default, a switch automatically calculates the path costs of a port in different spanning tree instances based on a specified standard.

Example To set the path cost of GigabitEthernet1/0/3 port in spanning tree instance 2 to 200.

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/3[S4200G-GigabitEthernet1/0/3] stp instance 2 cost 200



Description The path cost of a port affects the role of the port. By configuring the same ports to have different path costs in different MSTIs, you can enable flows of different VLANs to travel along different physical links, implementing VLAN-based load balancing. Path cost changes for ports of an MSTP-enabled switch can cause MSTP to redetermine the roles of the ports and to perform state transitions.

If you specify the instance-id argument to be 0 or do not specify this argument, the stp cost command sets the path cost of the port in the CIST.

Related Command stp interface cost

730 ● stp edged-port 3Com Switch 4200G Family Command Reference

stp edged-port

Purpose Use the stp edged-port command to configure the current Ethernet port as either an edge port or a non-edge port.

Use the undo stp edged-port command to restore the current Ethernet port to its default state.

Syntax stp edged-port { enable | disable }

undo stp edged-port

Parameters enable Configures the current Ethernet port to be an edge port.

disable Configures the current Ethernet port to be a non-edge port.

Default By default, all Ethernet ports of a switch are non-edge ports.

Example To Configure GigabitEthernet1/0/1 port as a non-edge port, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] stp edged-port disable



Description An edge port is a port that is directly connected to a user terminal instead of another switch or a network segment. Rapid transition is applied to edge ports because, on these ports, no loops can be incurred by network topology changes. You can enable a port to transit to the forwarding state rapidly by setting it to an edge port. And you are recommended to configure the Ethernet ports directly connected to user terminals as edge ports to enable them to transit to the forwarding state rapidly.

Normally, configuration BPDUs cannot reach an edge port because the port is not connected to another switch. But when the BPDU protection function is disabled on an edge port, configuration BPDUs sent deliberately by a malicious user may reach the port. If an edge port receives a BPDU, it turns to a non-edge port.

CAUTION:

Among loop prevention function, root protection function and edge port setting, only one can be valid on the same port.

3Com Switch 4200G Family stp edged-port ● 731 Command Reference

Related Command stp interface edged-port

732 ● stp interface 3Com Switch 4200G Family Command Reference

stp interface

Purpose Use the stp interface command in system view to enable or disable MSTP for specified ports.

Syntax stp interface interface-list { enable | disable }









enable Enables MSTP on the specified ports.

disable Disables MSTP on the specified ports.

Default By default, MSTP is enabled on ports of a switch if MSTP is globally enabled; and MSTP is disabled on ports of a switch if MSTP is disabled globally.

An MSTP-disabled port does not participate in any calculation of spanning trees and is always in forwarding state.

Example To Enable MSTP on GigabitEthernet1/0/1 port in system view, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp interface GigabitEthernet 1/0/1 enable


■ System view

3Com Switch 4200G Family stp interface ● 733 Command Reference


Disabling MSTP on ports may result in loops.

Related Command ■ stp

■ stp mode

734 ● stp interface config-digest-snooping 3Com Switch 4200G Family Command Reference

stp interface config-digest-snooping

Purpose Use the stp interface config-digest-snooping command to enable the digest snooping feature.

Use the undo stp interface config-digest-snooping command to disable the digest snooping feature.

Syntax stp interface interface-list config-digest-snooping

undo stp interface interface-list config-digest-snooping









Default By default, the digest snooping feature is disabled.

Example To enable the digest snooping feature on GigabitEthernet1/0/1 port in system view, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] stp interface GigabitEthernet 1/0/1 config-digest-snooping


■ System view

Description According to IEEE 802.1s, two interconnected MSTP switches can interwork with each other through MSTIs in an MST region only when the two switches have the same MST region-related configuration. Interconnected MSTP switches determine

3Com Switch 4200G Family stp interface config-digest-snooping ● 735 Command Reference

whether or not they are in the same MST region by checking the configuration IDs of the BPDUs between them. (A configuration ID contains information such as region ID and configuration digest.)

As some partners' switches adopt proprietary spanning tree protocols, they cannot interwork with other switches in an MST region even if they are configured with the same MST region-related settings as other switches in the MST region.

This problem can be overcome by implementing the digest snooping feature. If a port on an S5100-EI series switch is connected to a partner's switch that has the same MST region-related settings as its own but adopts a proprietary spanning tree protocol, you can enable digest snooping on the port. Then the S5100-EI switch regards the partner's switch as in the same region; it records the configuration digests carried in the BPDUs received from the partner's switch, and put them in the BPDUs to be send to the partner's switch. In this way, the S5100-EI switches can interwork with the partners' switches in the same MST region.

Note:

■ The digest snooping feature is needed only when your S5100-EI series switch is connected to partner's proprietary protocol-adopted switches.

■ To enable the digest snooping feature successfully, you must first enable it on all the ports of your S5100-EI series switch that are connected to partner's proprietary protocol-adopted switches and then enable it globally.

■ To enable the digest snooping feature, the interconnected switches must be configured with exactly the same MST region-related configuration.

■ The digest snooping feature must be enabled on all the ports of your S5100-EI series switch that are connected to partners' proprietary protocol-adopted switches in the same MST region.

■ To change MST region-related configuration, be sure to disable the digest snooping feature first to prevent possible broadcast storms.

736 ● stp interface cost 3Com Switch 4200G Family Command Reference

stp interface cost

Purpose Use the stp interface cost command to set the path cost of specified ports in a specified spanning tree instance.

Use the undo stp interface cost command to restore the default path costs.

Syntax stp interface interface-list [ instance instance-id ] cost cost

undo stp interface interface-list [ instance instance-id ] cost









instance-id Specifies the spanning tree instance ID. Valid values are 0 to 16. A value of 0 specifies the CIST.

cost Specifies the path cost for the ports. Valid values are 1 to 200,000,000.

Default By default, a switch calculates the path costs of ports in each spanning tree instance automatically according to the specified standard.

If you specify the instance-id argument to be 0 or do not specify this argument, the stp interface cost command sets the path cost of the port in the CIST.

Example To set the path cost of GigabitEthernet1/0/3 port in spanning tree instance 2 to 400 in system view, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp instance 2 interface GigabitEthernet 1/0/3 cost 400

3Com Switch 4200G Family stp interface cost ● 737 Command Reference


■ System view

Description The path cost of a port affects the role of the port. By configuring the same ports to have different path costs in different MSTIs, you can enable flows of different VLANs to travel along different physical links, implementing VLAN-based load balancing. Path cost changes for ports of an MSTP-enabled switch can cause MSTP to recalculate the roles of the ports and to perform state transitions.

Related Command stp cost

738 ● stp interface edged-port 3Com Switch 4200G Family Command Reference

stp interface edged-port

Purpose Use the stp interface edged-port command to configure the specified Ethernet ports to be either edge ports or non-edge ports.

Use the stp interface edged-port enable command to configure the specified Ethernet port(s) as edge ports.

Use the stp interface edged-port disable command to configure the specified Ethernet port(s) as non-edge ports.

Use the undo stp interface edged-port command to restore the specified Ethernet ports to their default states.

Syntax stp interface interface-list edged-port { enable | disable }

undo stp interface interface-list edged-port









enable Configures the specified Ethernet ports to be edge ports.

disable Configures the specified Ethernet ports to be non-edge ports.

Default By default, all Ethernet ports of a switch are non-edge ports.

3Com Switch 4200G Family stp interface edged-port ● 739 Command Reference

Example To configure GigabitEthernet1/0/3 port as an edge port in system view, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp interface GigabitEthernet 1/0/3 edged-port enable


■ System view

Description An edge port is a port that is directly connected to a user terminal instead of another switch or a network segment. Rapid transition is applied to edge ports because, on these ports, no loops can be incurred by network topology changes. You can enable a port to transit to the forwarding state rapidly by setting it to an edge port. And you are recommended to configure the Ethernet ports directly connected to user terminals as edge ports to enable them to transit to the forwarding state rapidly.

Normally, configuration BPDUs cannot reach an edge port because the port is not connected to another switch. But when the BPDU protection function is disabled on an edge port, configuration BPDUs sent deliberately by a malicious user may reach the port. If an edge port receives a BPDU, it turns to a non-edge port.

CAUTION:

Only one function among loop prevention, root protection, and edge port can be valid at a time.

Related Command stp edged-port

740 ● stp interface loop protection 3Com Switch 4200G Family Command Reference

stp interface loop protection

Purpose Use the stp interface loop-protection command to enable the loop prevention function.

Use the undo stp interface loop-protection command to restore the default state of the loop prevention function.

Syntax stp interface interface-list loop-protection

undo stp interface interface-list loop-protection









Default The loop prevention function is disabled by default.

Example To enable the loop prevention function on GigabitEthernet1/0/1 port, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp interface GigabitEthernet 1/0/1 loop-protection


■ System view

3Com Switch 4200G Family stp interface loop protection ● 741 Command Reference


Only one function among loop prevention, root protection, and edge port can be valid at a given time.

Related Command stp loop-protection

742 ● stp interface mcheck 3Com Switch 4200G Family Command Reference

stp interface mcheck

Purpose Use the stp interface mcheck command to perform the mCheck operation for specified ports.

Syntax stp [ interface interface-list ] mcheck









Example To perform the mCheck operation on GigabitEthernet1/0/3 port, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp interface GigabitEthernet 1/0/3 mcheck


■ System view

Description A port on an MSTP-enabled switch toggles to the STP/RSTP mode automatically if an STP-/RSTP-enabled switch is connected to it. But when the STP-/RSTP-enabled switch is disconnected from the port, the port cannot toggle back to the MSTP mode automatically. In this case, you can force the port to toggle to the MSTP mode by performing the mCheck operation on the port.

Related Commands ■ stp mcheck

■ stp mode

3Com Switch 4200G Family stp interface no-agreement-check ● 743 Command Reference

stp interface no-agreement-check

Purpose Use the stp interface no-agreement-check command to enable the rapid transition feature on a specified port.

Use the undo stp interface no-agreement-check command to disable the rapid transition feature on a specified port.

Syntax stp interface interface-type interface-number no-agreement-check

undo stp interface interface-type interface-number no-agreement-check

Parameters interface-type Port type.


Default The rapid transition feature is disabled on any port by default.

Example To enable the rapid transition feature for GigabitEthernet1/0/1 port, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G]stp interface GigabitEthernet1/0/1 no-agreement-check


■ System view

Description Some partners' switches adopt proprietary spanning tree protocols that are similar to RSTP in the way to implement rapid transition on designated ports. When a switch of this kind operates as the upstream switch of the 4200G series switch running MSTP, the upstream designated port fails to change their states rapidly.

The rapid transition feature is developed to avoid this case. When the 4200G series switch running MSTP is connected in the upstream direction to a partner's switch running proprietary spanning tree protocol, you can enable the rapid transition feature on the ports of the 4200G series switch operating as the downstream switch. Among these ports, those operating as the root ports will then send agreement packets to their upstream ports after they receive proposal packets from the upstream designated ports, instead of waiting for agreement packets from the upstream switch. This enables designated ports of the upstream switch to change their states rapidly.

Note: Enable the rapid transition feature on root ports or alternate ports only.

Related Command stp interface no-agreement-check

744 ● stp interface point-to-point 3Com Switch 4200G Family Command Reference

stp interface point-to-point

Purpose Use the stp interface point-to-point command to specify whether the specified Ethernet ports are point-to-point links.

Use the undo stp interface point-to-point command to restore the default setting.

Syntax stp interface interface-list point-to-point { force-true | force-false | auto }

undo stp interface interface-list point-to-point









force-true Specifies that the links connected to the specified Ethernet ports are point-to-point links.

force-false Specifies that the links connected to the specified Ethernet ports are not point-to-point links.

auto Specifies to automatically determine whether or not the links connected to the specified Ethernet ports are point-to-point links.

Default If no keyword is specified in the stp interface point-to-point command, the auto keyword is used by default, and so MSTP automatically determines the types of the links connected to the specified ports.

3Com Switch 4200G Family stp interface point-to-point ● 745 Command Reference

Example To configure the link connected to GigabitEthernet1/0/3 port as a point-to-point link in system view, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp interface GigabitEthernet 1/0/3 point-to-point force-true


■ System view

Description The rapid transition feature is not applicable to ports on non-point-to-point links.

If an Ethernet port is the master port of an aggregated port or operates in full-duplex mode, the link connected to the port is a point-to-point link.

You are recommended to let MSTP automatically determine the link types.

These two commands only apply to CIST and MSTIs. If you configure the link to which a port is connected to be a point-to-point link (or a non-point-to-point link), the configuration applies to all spanning tree instances (that is, the port is configured to connect to a point-to-point link (or a non-point-to-point link) in all spanning tree instances). If the actual physical link is not a point-to-point link and you configure the link to which the port is connected to be a point-to-point link, loops may temporarily occur.

Related Command stp point-to-point

746 ● stp interface port priority 3Com Switch 4200G Family Command Reference

stp interface port priority

Purpose Use the stp interface port priority command to set the port priority of specified ports in a spanning tree instance.

Use the undo stp interface port priority command to restore the default port priority of the specified ports in the spanning tree instance.

Syntax stp interface interface-list instance instance-id port priority priority

undo stp interface interface-list instance instance-id port priority









instance-id Specifies the spanning tree instance ID. Valid values are 0 to 16. A value of 0 specifies the CIST.

priority Specifies the priority for the ports. Valid values are 0 to 240 but must be a multiple of 16 (such as 0, 16 or 32). If not specified, the default port priority is 128.

Example To set the port priority of GigabitEthernet1/0/3 port (with regard to spanning tree instance 2) to 16, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp interface GigabitEthernet 1/0/3 instance 2 port priority 16

3Com Switch 4200G Family stp interface port priority ● 747 Command Reference


■ System view

Description If you specify the instance-id argument to be 0, the configured priorities apply to the CIST. The role a port plays in a spanning tree instance can be affected by its priority. A port on an MSTP-enabled switch can have different port priorities and play different roles in different MSTIs. This enables packets of different VLANs to be forwarded along different physical paths, implementing VLAN-based load balancing. Changes of port priorities can cause MSTP to redetermine the roles of ports, resulting in state transition of ports.

Related Command stp port priority

748 ● stp interface root-protection 3Com Switch 4200G Family Command Reference

stp interface root-protection

Purpose Use the stp interface root-protection command to enable the root protection function for specified ports.

Use the undo stp interface root-protection command to restore the default operation state of the root protection function.

Syntax stp interface interface-list root-protection

undo stp interface interface-list root-protection









Default By default, the root protection function is disabled.

Example To enable the root protection function on GigabitEthernet1/0/1 port, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp interface GigabitEthernet 1/0/1 root-protection


■ System view

3Com Switch 4200G Family stp interface root-protection ● 749 Command Reference

Description Configuration errors and malicious attacks may cause legal root bridges to receive BPDUs of higher priorities, and give up their roles as root bridges, which means network topology jitters. In this case, flows that should travel along high-speed links may be led to low-speed links, and network congestions may occur.

You can avoid this problem by utilizing the root protection function. Ports with this function enabled can retain their roles in all spanning tree instances. When such a port receives BPDUs of higher priorities, its state is set to discarding and it stops forwarding any packets as if the connected link were down. Only when it receives no BPDUs of higher priorities in a specified period, does it resumes its normal state.

CAUTION:

Only one function among loop prevention, root protection, and edge port can be valid at a time.

Related Command stp root-protection

750 ● stp interface transmit-limit 3Com Switch 4200G Family Command Reference

stp interface transmit-limit

Purpose Use the stp interface transmit-limit command to set the maximum number of BPDUs that each specified port can send within a Hello time interval.

Use the undo stp interface transmit-limit command to restore the default.

Syntax stp interface interface-list transmit-limit packetnum

undo stp interface interface-list transmit-limit









packetnum Specifies the maximum number of BPDUs that the ports can send within a Hello time interval, also known as maximum transmission speed. Valid values are 1 to 255. If not specified, the default is 3.

Example To set the maximum transmitting speed of GigabitEthernet1/0/3 port to 5, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp interface GigabitEthernet 1/0/3 transmit-limit 5


■ System view

3Com Switch 4200G Family stp interface transmit-limit ● 751 Command Reference

Description A larger packetnum value means a greater number of packets can be transmitted in each Hello time interval and more switch resources will be consumed. Configure the packetnum argument to a proper value to limit the number of BPDUs sent in each Hello time interval, preventing MSTP from occupying too much network resources when network topology jitters occur.

Related Command stp transmit-limit

752 ● stp loop-protection 3Com Switch 4200G Family Command Reference

stp loop-protection

Purpose Use the stp loop-protection command to enable the loop prevention function for the current port.

Use the undo stp loop-protection command to restore the default operation state of the loop prevention function.

Syntax stp loop-protection

undo stp loop-protection

Parameters None

Default By default, the loop prevention function is disabled.

Example To enable the loop prevention function on GigabitEthernet1/0/1 port, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] stp loop-protection



3Com Switch 4200G Family stp max-hops ● 753 Command Reference

stp max-hops

Purpose Use the stp max-hops command to set the maximum hop count of the MST region to which the switch belongs.

Use the undo stp max-hops command to restore the default.

Syntax stp max-hops hops

undo stp max-hops

Parameters hops Specifies the maximum hop count. Valid values are 1 to 40. If not specified, the default is 20.

Default . The default maximum hops value of an MST region is 20.

Example To set the maximum hops of the current MST region to 35, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp max-hops 35


■ System view

Description The maximum hop count configured on the region root for an MST region is used to limit the size of the MST region.

A BPDU contains a hop counter field. In a MST region, after a BPDU leaves the root bridge, its hop counter decreases by 1 whenever it is forwarded by a switch; once its hop counter reaches 0, it is dropped. Such a mechanism disables the switches that are beyond the maximum hop count from participating in spanning tree calculation, and thus limits the size of an MST region.

With such a mechanism, once a switch becomes the root bridge of a CIST or MSTI, the maximum hop count configured on it determines the network diameter of the spanning tree and limits the size of the spanning tree. The switches that are not the root bridge in an MST region adopts the maximum hop count configured on the root bridge.

754 ● stp mcheck 3Com Switch 4200G Family Command Reference

stp mcheck

Purpose Use the stp mcheck command to perform the mCheck operation for the current port.

Syntax stp mcheck

Parameters None

Example To perform the mCheck operation on GigabitEthernet1/0/1 port, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] stp mcheck



■ System view

Description A port on an MSTP-enabled switch automatically toggles to the STP/RSTP mode when an STP-/RSTP-enabled switch is connected to it. But when the STP-/RSTP-enabled switch is disconnected from the port, the port cannot automatically toggle back to the MSTP mode and still remains in the STP/RSTP mode.

In this case, you can force the port to toggle to the MSTP mode by performing the mCheck operation on the port.

Related Commands ■ stp interface mcheck

■ stp mode

3Com Switch 4200G Family stp mode ● 755 Command Reference

stp mode

Purpose Use the stp mode command to set the MSTP operation mode of the switch.

Use the undo stp mode command to restore the default MSTP operation mode.

Syntax stp mode { stp | rstp | mstp }

undo stp mode

Parameters stp Specifies the MSTP to operate in STP mode.

mstp Specifies the MSTP to operate in MSTP mode.

rstp Specifies the MSTP to operate in RSTP mode.

Default By default, a switch operates in MSTP mode.

Example To configure the switch to operate in STP mode, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp mode stp


■ System view

Description To make a switch compatible with STP/RSTP, MSTP provides another two operation modes besides the MSTP mode: STP and RSTP. When a switch operates in STP mode, the packets sent by the ports of the switch are STP BPDUs. When a switch operates in RSTP mode, the packets sent by the ports of the switch are RSTP BPDUs. And when a switch operates in MSTP mode, the packets sent by the ports of the switch are MSTP BPDUs. When a switch detects that STP-/RSTP-enabled switches are connected to its ports, the corresponding ports change to operate in STP/RSTP mode automatically.

Related Commands ■ stp

■ stp interface

■ stp interface mcheck

■ stp mcheck

756 ● stp no-agreement-check 3Com Switch 4200G Family Command Reference

stp no-agreement-check

Purpose Use the stp no-agreement-check command to enable the rapid transition feature on the current port.

Use the stp no-agreement-check command to disable the rapid transition feature.

Syntax stp no-agreement-check

undo stp no-agreement-check

Parameters None

Default By default, the rapid transition feature is disabled on any port.

Example To enable the rapid transition feature on GigabitEthernet1/0/1 port, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G]interface GigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1]stp no-agreement-check



Description Some partners' switches adopt proprietary spanning tree protocols that are similar to RSTP in the way to implement rapid transition on designated ports. When a switch of this kind operates as the upstream switch of an S5100-EI series switch running MSTP, the upstream designated port fails to change their states rapidly.

The rapid transition feature is developed to resolve this problem. When an S5100-EI series switch running MSTP is connected in the upstream direction to a partner's switch running proprietary spanning tree protocol, you can enable the rapid transition feature on the ports of the S5100-EI series switch operating as the downstream switch. Among these ports, those operating as the root ports will then send agreement packets to their upstream ports after they receive proposal packets from the upstream designated ports, instead of waiting for agreement packets from the upstream switch. This enables designated ports of the upstream switch to change their states rapidly.

Note: Enable the rapid transition feature on root ports or alternate ports only.

Related Command stp interface no-agreement-check

3Com Switch 4200G Family stp pathcost-standard ● 757 Command Reference

stp pathcost-standard

Purpose Use the stp pathcost-standard command to set the standard used for calculating the default path costs of ports.

Use the undo stp pathcost-standard command to restore the default standard.

Syntax stp pathcost-standard { dot1d-1998 | dot1t | legacy }

undo stp pathcost-standard

Parameters dot1d-1998 Specifies the IEEE 802.1D-1998 standard to calculate the default path costs for ports.

dot1t Specifies the IEEE 802.1t standard to calculate the default path costs for ports.

legacy Specifies the standard defined by 3Com to calculate the default path costs for ports.

Default By default, the switch uses the legacy standard to calculate the default path costs of ports

Example To configure the switch to use the IEEE 802.1D-1998 standard to calculate the default path costs of its ports, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp pathcost-standard dot1d-1998

To configure the switch to use the IEEE 802.1t standard to calculate the default path costs of its ports, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp pathcost-standard dot1t


■ System view

758 ● stp pathcost-standard 3Com Switch 4200G Family Command Reference

Description The following table lists transmission speeds and their corresponding path costs.

Normally, the path cost of a port in full-duplex mode is slightly less than that of the port in half-duplex mode.

When calculating the path cost of an aggregate link, the 802.1D-1998 standard does not take the number of the aggregated links into account, whereas the 802.1T standard does so by using the following equation:

Path cost = 200,000,000/link transmission speed

Where, the link transmission speed is the sum of the speeds of the unblocked ports for the aggregate link measured in 100 kbps units.

Table 112 Transmission speeds and the corresponding path costs

Transmission speed

Operation mode (half-/full-duplex) 802.1D-1998 IEEE 802. 1t

Standard defined by 3Com

0 - 65,535 200,000,000 200,00010 Mbps Half-Duplex

Full-Duplex

Aggregated Link 2 Ports

Aggregated Link 3 PortsAggregated Link 4 Ports

100

99

95

9595

2,000,000

1,999,999

1,000,000

666,666500,000

2,000

2,000

1,800

1,6001,400

100 Mbps Half-Duplex

Full-Duplex



19

18

15

1515

200,000

199,999

100,000

66,66650,000

200

200

180

160140

1,000 Mbps Full-Duplex



4

3

33

20,000

10,000

6,6665,000

20

18

1614

10 Gbps Full-Duplex



2

1

11

2,000

1,000

666500

2

1

11

3Com Switch 4200G Family stp point-to-point ● 759 Command Reference

stp point-to-point

Purpose Use the stp point-to-point command to specify whether the port must connect to point-to-point link.

Use the undo stp point-to-point command to restore the default setting.

Syntax stp point-to-point { force-true | force-false | auto }

undo stp point-to-point

Parameters force-true Specifies that the link connected to the current Ethernet port is a point-to-point link

force-false Specifies that the link connected to the current Ethernet port is not a point-to-point link.

auto Specifies to automatically determine whether or not the link connected to the current Ethernet port is a point-to-point link

Default If no keyword is specified in the stp point-to-point command, the auto keyword is used by default, and so MSTP automatically determines the type of the link connected to the current port.

Example To configure the link connected to GigabitEthernet1/0/3 port as a point-to-point link, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/3[S4200G-GigabitEthernet1/0/3] stp point-to-point force-true



Description The rapid transition feature is not applicable to ports that are connected to non-point-to-point links.

If an Ethernet port is the master port of an aggregation port or operates in full-duplex mode, then the link to which the port is connected is a point-to-point link. It is recommended that you specify the auto keyword in the stp interface point-to-point command for links of this kind to enable the type of the links being automatically determined by MSTP.

These two commands only apply to CISTs and MSTIs. If you configure the link to which a port is connected is a point-to-point link (or a non-point-to-point link), the configuration applies to all spanning tree instances (that is, the port is configured to

760 ● stp point-to-point 3Com Switch 4200G Family Command Reference

connect to a point-to-point link [or a non-point-to-point link] in all spanning tree instances). If the actual physical link is not a point-to-point link and you configure the link to which the port is connected to be a point-to-point link, loops may temporarily occur.

Related Command stp interface point-to-point

3Com Switch 4200G Family stp port priority ● 761 Command Reference

stp port priority

Purpose Use the stp port priority command to set the priority of the current port in a specified spanning tree instance.

Use the undo stp port priority command to restore the default priority.

Syntax stp [ instance instance-id ] port priority priority

undo stp [ instance instance-id ] port priority

Parameters instance-id Specifies the spanning tree instance ID. Valid values are 0 to 16. A value of 0 specifies the CIST.

port priority priority Specifies the priority for the port. Valid values are 0 to 240 but must be a multiple of 16 (such as 0, 16, and 32). If not specified, the default port priority is 128.

Example To set the port priority of GigabitEthernet1/0/3 port in spanning tree instance 2 to 16, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/3[S4200G-GigabitEthernet1/0/3] stp instance 2 port priority 16



Description If you specify the instance-id argument to be 0 or do not specify the argument, these two commands apply to the port priorities on the CIST. The role a port plays in a spanning tree instance is determined by the port priority in the instance. A port on a MSTP-enabled switch can have different port priorities and play different roles in different MSTIs. This enables packets of different VLANs to be forwarded along different physical paths, so as to achieve load balancing by VLANs. Changing port priorities result in port roles being re-determined and may cause state transitions.

Related Command stp interface port priority

762 ● stp priority 3Com Switch 4200G Family Command Reference

stp priority

Purpose Use the stp priority command to set the priority of a switch in a spanning tree instance.

Use the undo stp priority command to restore the default priority of a switch.

Syntax stp [ instance instance-id ] priority priority

undo stp [ instance instance-id ] priority


priority Specifies t he priority for the switch. Valid values are 0 to 61,440 but must be a multiple of 4,096 (such as 0, 4096, and 8192). The total number of switch priorities is 16.

Default The default priority of a switch is 32,768.

Example To set the priority of the switch in spanning tree instance 1 to 4,096, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp instance 1 priority 4096


■ System view

Description The priorities of switches are used for spanning tree generation. Switch priorities are spanning tree-specific. That is, you can set different priorities for the same switch in different spanning tree instances.

If you do not specify the instance-id argument, the configuration applies to the CIST.

3Com Switch 4200G Family stp region-configuration ● 763 Command Reference

stp region-configuration

Purpose Use the stp region-configuration command to enter MST region view.

Use the undo stp region-configuration command to restore the default MST region settings.

Syntax stp region-configuration

undo stp region-configuration

Parameters None

Default The three MST region settings default to:

■ MST region name: the first MAC address of the switch.

■ All VLANs are mapped to the CIST.

■ MSTP revision level: 0.

Example To enter MST region view, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp region-configuration[S4200G-mst-region]


■ System view

Description MST region-related settings include: region name, revision level, and VLAN mapping table. The three MST region-related settings default to:

■ MST region name: The first MAC address of the switch

■ VLAN mapping table: All VLANs are mapped to the CIST.

■ MSTP revision level: 0

And you can modify the three settings after entering MST region view by using the stp region-configuration command.

764 ● stp root primary 3Com Switch 4200G Family Command Reference

stp root primary

Purpose Use the stp root primary command to configure the current switch to be the root bridge of a specified spanning tree instance.

Use the undo stp root command to cancel the configuration.

Syntax stp [ instance instance-id ] root primary [ bridge-diameter bridgenum ] [ hello-time centi-seconds ]

undo stp [ instance instance-id ] root


bridgenum Specifies the network diameter of the specified spanning tree. Valid values are 2 to 7. If not specified, the default is 7.

centi-seconds Specifies the hello time of the specified spanning tree in centiseconds. Valid values are 100 to 1,000. If not specified, the default is 200.

Default By default, a switch does not operate as a root bridge.


Example To configure the current switch as the root bridge of spanning tree instance 1, setting the network diameter of the switched network to 4, and the Hello time to 500 centiseconds, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp instance 1 root primary bridge-diameter 4 hello-time 500


■ System view

Description You can specify the current switch as the root bridge of a spanning tree instance regardless of the priority of the switch. You can also specify the network diameter of the switched network by using the stp root primary command. The switch will then figure out the following three time parameters: Hello time, Forward delay, and Max age. As the Hello time figured out by the network diameter is not always the optimal one, you can set it manually through the hello-time keyword. Normally, you are recommended to set the network diameter and leave the Forward delay and Max age parameters being automatically determined by the network diameter you set.

3Com Switch 4200G Family stp root primary ● 765 Command Reference

CAUTION:

■ You can configure only one root bridge for a spanning tree instance and can configure one or more secondary root bridges for a spanning tree instance. Configuring multiple root bridges for a spanning tree instance causes unpredictable results.

■ Once a switch is configured to be the root bridge or a secondary root bridge, its priority cannot be modified.

766 ● stp root-protection 3Com Switch 4200G Family Command Reference

stp root-protection

Purpose Use the stp root-protection command to enable the root protection function for the current port.

Use the undo stp root-protection command to restore the default operation state of the root protection function.

Syntax stp root-protection

undo stp root-protection

Parameters None

Default By default, the root protection function is disabled.

Example To enable the root protection function on GigabitEthernet1/0/1 port, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] stp root-protection



Description Configuration errors and malicious attacks may cause legal root bridges to receive BPDUs of higher priorities, and give up their roles as root bridges, which means network topology jitters. In this case, flows that should travel along high-speed links may be led to low-speed links, and network congestions may occur.

You can avoid this problem by utilizing the root protection function. Ports with this function enabled can retain their roles in all spanning tree instances. When such a port receives BPDUs of higher priorities, its state is set to discarding and it stops forwarding any packets as if the connected link were down. Only when it receives no BPDUs of higher priorities in a specified period, does it resumes its normal state.

Related Command stp interface root-protection

3Com Switch 4200G Family stp root secondary ● 767 Command Reference

stp root secondary

Purpose Use the stp root secondary command to configure the current switch as a secondary root bridge of a specified spanning tree instance.

Use the undo stp root command to cancel the configuration.

Syntax stp [ instance instance-id ] root secondary [ bridge-diameter bridgenum ] [ hello-time centi-seconds ]

undo stp [ instance instance-id ] root


bridgenum Specifies the network diameter of the specified spanning tree. Valid values are 2 to 7. If not specified, the default is 7.

centi-seconds Specifies the hello time of the specified spanning tree in centiseconds. Valid values are 100 to 1,000. If not specified, the default is 200.

Default By default, a switch does not operate as a secondary root bridge.


Example To configure the current switch to be a secondary root bridge of spanning tree instance 4, setting the network diameter of the switched network to 5 and the Hello time to 300 centiseconds, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp instance 4 root secondary bridge-diameter 5 hello-time 300


■ System view

Description You can configure one or more secondary root bridges for a spanning tree instance. If the switch operating as the root bridge fails or is turned off, the secondary root bridge with the smallest MAC address becomes the root bridge.

You can also specify the network diameter and the Hello time of the switch while specifying a switch to be a secondary root bridge. The switch will then figures out the other two correlated settings (that is, the Forward delay and Max age). You can configure only one root bridge for a spanning tree instance and can configure one or more secondary root bridges for a spanning tree instance.

768 ● stp root secondary 3Com Switch 4200G Family Command Reference

Once a switch is configured to be the root bridge or a secondary root bridge, its priority cannot be modified.

3Com Switch 4200G Family stp tc-protection ● 769 Command Reference

stp tc-protection

Purpose Use the stp tc-protection command to enable or disable the TC-BPDU attack prevention function for the switch.

Syntax stp tc-protection { enable | disable }

Parameters None

Default By default, the TC-BPDU attack prevention function is enabled.

Example To enable the TC-BPDU attack prevention function for the switch, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp tc-protection enable


■ System view

Description A switch removes MAC address entries and ARP entries upon receiving TC-BPDUs. If a malicious user sends large amounts of TC-BPDUs to a switch in a short period, the switch may be busy removing MAC address entries and ARP entries, which may decrease the performance of the switch and introduce potential stability risks.

With the TC-BPDU attack prevention function enabled, a switch performs removing operation only once in a specified period (10 seconds by default) after it receives a TC-BPDU. The switch also checks to see if other TC-BPDUs arrive and performs another removing operation in the next period if a TC-BPDU is received. Such a mechanism prevents a switch from being busy removing address entries and ARP entries.

770 ● stp timer-factor 3Com Switch 4200G Family Command Reference

stp timer-factor

Purpose Use the stp timer-factor command to set the timeout time of a switch in terms of the multiple of the Hello time.

For example, with the number argument set to 3, the timeout time is three times of the Hello time.

Use the undo stp timer-factor command to restore the default.

Syntax stp timer-factor number

undo stp timer-factor

Parameters number Specifies the timeout time factor. Valid values are 1 to 10. If not specified, the default is 3.

Example To set the Hello time factor to 7, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp timer-factor 7


■ System view

Description A switch sends protocol packets to its neighboring devices in the specified Hello time interval to test the connectivity of links. Normally, if a switch does not receive any protocol packets from its upstream switch in a period three times of the Hello time, it assumes that the upstream switch is down and recalculates the spanning trees.

Spanning tree recalculation may also occur in a very stable network where certain upstream switches are busy. In this case, you can increase the timeout time to four or more times of the Hello time. For stable networks, a timeout time of five to seven times of the Hello time is recommended.

3Com Switch 4200G Family stp timer forward-delay ● 771 Command Reference

stp timer forward-delay

Purpose Use the stp timer forward-delay command to set the Forward delay for a switch.

Use the undo stp timer forward-delay command to restore the default.

Syntax stp timer forward-delay centi-seconds

undo stp timer forward-delay

Parameters centi-seconds Forward delay in centiseconds. Valid values are 400 to 3,000. If not specified, the default is 1,500.

Example To set the Forward delay to 2,000 centiseconds, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp timer forward-delay 2000


■ System view

Description To prevent temporary loops while ports change their states, each port undergoes an intermediate period when it changes from the discarding state to the forwarding state to allow for synchronizing with the remote switches. This intermediate period is determined by the Forward delay configured on the root bridge.

The Forward delay setting configured for a root bridge applies to all switches operating in the spanning tree instance, including the root bridge.

As for the configuration of the three time-related parameters (that is, the Hello time, Forward delay, and Max age parameters), you can refer to the following expressions to prevent networks from jittering frequently.

2 * (Forward delay – 1 second) >= Max age,

Max age >= 2 * (Hello time + 1 second).

It is recommended that you specify the network diameter and the Hello time parameter by using the stp root primary or stp root secondary command in a network with MSTP employed, after which the three optimized time-related parameters are automatically determined.

772 ● stp timer forward-delay 3Com Switch 4200G Family Command Reference

Related Commands ■ stp bridge-diameter

■ stp timer hello


3Com Switch 4200G Family stp timer hello ● 773 Command Reference

stp timer hello

Purpose Use the stp timer hello command to set the Hello time for a switch.

Use the undo stp timer hello command to restore the default Hello time.

Syntax stp timer hello centi-seconds

undo stp timer hello

Parameters centi-seconds Integer for the Hello time in centiseconds. Valid values are 100 to 1,000. If not specified, the default is 200.

Example To set the Hello time to 400 centiseconds, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp timer hello 400


■ System view

Description A root bridge regularly sends out configuration BPDUs to maintain the existing spanning trees. The Hello time is used to set the sending interval. When a switch becomes a root bridge, it regularly sends BPDUs at the interval specified by the hello time you have configured on it. While, the other none-root-bridge switches listen to the BPDUs; if they do not receive a BPDU in a specific period, spanning trees will be regenerated.

As for the configuration of the three time-related parameters (that is, the Hello time, Forward delay, and Max age parameters), the following formulas must be met to prevent network jitter.

2 * (Forward delay 1 second) >= Max age

Max age >= 2 * (Hello time + 1 second)

It is recommended that you specify the network diameter and the Hello time by using the stp root primary or stp root secondary command. MSTP will then automatically calculate the optimal values of the three parameters.


■ stp timer forward-delay


774 ● stp timer max-age 3Com Switch 4200G Family Command Reference

stp timer max-age

Purpose Use the stp timer max-age command to set the maximum age of a switch.

Use the undo stp timer max-age command to restore the default.

Syntax stp timer max-age centi-seconds

undo stp timer max-age

Parameters centi-seconds Specifies the maximum age in centiseconds. Valid values are 600 to 4,000. If not specified, the default is 2,000.

Example To set the maximum age to 1,000 centiseconds, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp timer max-age 1000


■ System view

Description MSTP is capable of detecting link problems and automatically setting redundant links to forwarding state. In a CIST, the Max age is the criterion for switches to judge whether or not a received BPDU is timed out. And spanning trees will be regenerated if a BPDU received by a port is timed out.

The Max age argument is meaningless to MSTIs. All switches in a CIST uses the Max age configured for the root bridge of the CIST to judge whether a BPDU is timed out.

The settings of the three MSTP time parameters must satisfy the following expressions to prevent frequent network jitters:

2 * (Forward delay 1 second) >= Max age

Max age >= 2 * (Hello time + 1 second)

It is recommended that you specify the network diameter and the Hello time by using the stp root primary or stp root secondary command. MSTP will then automatically calculate the optimal values of the three parameters.


■ stp timer forward-delay

■ stp timer hello

3Com Switch 4200G Family stp transmit-limit ● 775 Command Reference

stp transmit-limit

Purpose Use the stp transmit-limit command to set the maximum number of configuration BPDUs the current port can transmit within a Hello time.

Use the undo stp transmit-limit command to restore the default.

Syntax stp transmit-limit packetnum

undo stp transmit-limit

Parameters packetnum Specifies the maximum number of BPDUs that the port can transmit within a Hello time interval. Valid values are 1 to 255. If not specified, the default is 3.

Example To set the maximum number of configuration BPDUs that can be transmitted by the GigabitEthernet1/0/1 port in each Hello time to 5, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] stp transmit-limit 5



Description A larger number configured by the stp transmit-limit command allows more configuration BPDUs can be transmitted in each Hello time, which may occupy more switch resources. So configure it to a proper value to avoid MSTP from occupying too many network resources.

Related Command stp interface transmit-limit

776 ● super 3Com Switch 4200G Family Command Reference

super

Purpose Use the super command to switch the current user level to the one identified by the level argument.

Syntax super [ level ]

Parameters level Specifies a user level. Valid values are 0 to 3.

If not specified, the default is 3.

Example Switch to user level 3.

<S4200G> super 3Password:


■ User view

Description If a password is previously set by using the super password [ level level ] { simple | cipher } password command, you need to provide the password, as well, to switch to the higher user level. You will remain in the original user level if you fail to provide the correct password.

Note:

■ Users logging into a switch also fall into four levels, each of which corresponding to one of the command levels. Users at a specific level can only use the commands at the same level and the commands at the lower levels.

■ You can specify an AUX user to provide a password when he switches from a lower user level to a higher user level and specify the password by using the super password [ level level ] { simple | cipher } password command. With a password configured, an AUX user remains in the original user level if the password provided is incorrect when the AUX user attempts to switch to a higher user level. If the password is not configured, an AUX user can switch to a higher user level directly.

■ A password is necessary for a VTY user to switch to a higher user level. You can use the super password [ level level ] { simple | cipher } password command to set the password. With the password not configured, a VTY user fails to switch to a higher user level and is prompted the message reading “Password is not set”.

■ An AUX user or a VTY user can switch to a lower user level directly regardless of the password.

Related Command super password

3Com Switch 4200G Family super ● 777 Command Reference

778 ● super password 3Com Switch 4200G Family Command Reference

super password

Purpose Use the super password command to set the password for users to switch to a higher user level.

Use the undo super password command to cancel the configuration.

Syntax super password [ level level ] { simple | cipher } password

undo super password [ level level ]

Parameters level User level. Valid values for this argument are 1 to 3. If not specified, the is 3. If you execute this command with the level argument not provided, this command sets the password to switch to level 3.

simple Specifies to provide the password in plain text.

cipher Specifies to provide the password in encrypted text.

password Password to be set. If you specify the simple keyword, provide this argument in plain text. If you specify the cipher keyword, you can provide this argument in either encrypted text or plain text. In this case, a password containing no more than 16 characters (such as 123) is regarded to be in plain text and is converted to the corresponding 24-character encrypted form ( such as !TP<\*EMUHL,408`W7TH!Q!!) automatically. You can also provide a 24-character encrypted password directly if you are aware of the actual password.

No matter what form of the password (plain text or encrypted text) is in, the password entered for verification must be in plain text.

Example Set the password to switch from the current user level to user level 3 to “zbr”.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] super password level 3 simple zbr


■ System view

Description To prevent unauthorized accesses, you can use this command to require users to provide the password when they switch to a higher user level. For security purpose, the password a user enters when switching to a higher user level is not displayed. A user will remain at the original user level if the user has tried three times to enter the correct password but fails to do this.

3Com Switch 4200G Family super password ● 779 Command Reference

780 ● sysname 3Com Switch 4200G Family Command Reference

sysname

Purpose Use the sysname command to set a domain name for the switch.

Use the undo sysname command to restore the default domain name.

Syntax sysname text

undo sysname

Parameters text Specifies the host/domain name of the switch. The host/domain name must be no more than 30 characters long. If not specified, the default host name is S4200G.

Example Set the domain name of the switch to "ABC".

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]sysname ABC[ABC]


■ System view

Description The CLI prompt reflects the domain name of a switch. For example, if the domain name of a switch is "S4200G", then the prompt of user view is <S4200G>.

3Com Switch 4200G Family sysname ● 781 Command Reference

sysname

Purpose Use the sysname command to set the system name of the Switch.

Use the undo sysname command to restore the default value of the system name.

Syntax sysname sysname

undo sysname

Parameters sysname Specifies the system name, comprised of a character string from1 to 30 characters long.

Default By default, the system name of the Switch is 3Com.

Example Set the system name of the Ethernet switch to S4200GLANSwitch.

<S4200G> system-view[S4200G] sysname S4200GLANSwitch[S4200GLANSwitch]


■ System view

Description Changing the system name of the Switch will affect the prompt of the command line interface. For example, the system name of the Switch is 4200G, and the prompt in user view is <S4200G>.

782 ● system-view 3Com Switch 4200G Family Command Reference

system-view

Purpose Enter system-view to enter the system view from the user view.

Syntax system-view

Parameters None

Example To enter system view from user view, enter the following:

<S4200G> system-view[S4200G]


■ User view

Related Commands ■ quit

■ return

3Com Switch 4200G Family tcp timer fin-timeout ● 783 Command Reference

tcp timer fin-timeout

Purpose Use the tcp timer fin-timeout command to configure the TCP finwait timer.

Use the undo tcp timer fin-timeout command to restore the default value of the TCP finwait timer.

Syntax tcp timer fin-timeout time-value

undo tcp timer fin-timeout

Parameters time-value Specifies the TCP finwait timer value in seconds. Valid values are 76 to 3600. If not specified, the default is 675 seconds.

Example To configure the TCP finwait timer value as 800 seconds, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]tcp timer fin-timeout 800


■ System view

Description When the TCP connection state changes from FIN_WATI_1 to FIN_WAIT_2, the finwait timer is enabled. If the switch does not receive FIN packet before finwait timer timeouts, the TCP connection is terminated.

Related Commands ■ tcp timer syn-timeout

■ tcp window

784 ● tcp timer syn-timeout 3Com Switch 4200G Family Command Reference

tcp timer syn-timeout

Purpose Use the tcp timer syn-timeout command to configure the TCP synwait timer.

Use the undo tcp timer syn-timeout command to restore the default value of the timer.

Syntax tcp timer syn-timeout time-value

undo tcp timer syn-timeout

Parameters time-value Specifies the TCP synwait timer value measured in seconds. Valid values are 2 to 600. If not specified, the default time-value is 75 seconds.

Example To configure the TCP synwait timer value as 80 seconds, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]tcp timer syn-timeout 80


■ System view

Description When a SYN packet is sent, TCP starts the synwait timer. If no response packet is received before the synwait timer times out, the TCP connection is terminated.

Related Commands ■ tcp timer fin-timeout

■ tcp window

3Com Switch 4200G Family tcp window ● 785 Command Reference

tcp window

Purpose Use the tcp window command to configure the size of the transmission and receiving buffers of the connection-oriented socket.

Use the undo tcp window command to restore the default size of the buffer.

Syntax tcp window window-size

undo tcp window

Parameters window-size Specifies the size of the transmission and receiving buffers measured in kilobytes (KB). Valid values are 1 to 32. If not specified, the default window-size is 8 KB.

Example To configure the size of the transmission and receiving buffers as 3 KB, enter the following:

<S4200G>system-viewSystem View: return to User View with Ctrl+Z.[S4200G]tcp window 3


■ System view

Related Commands ■ tcp timer fin-timeout

■ tcp timer syn-timeout

786 ● telnet 3Com Switch 4200G Family Command Reference

telnet

Purpose Use the telnet command to log in to another Ethernet switch from the current switch via Telnet for remote management.

Syntax telnet { hostname | ip-address } [ service-port ]

Parameters hostname Specifies the host name of the remote Switch. You can use the ip host command to assign a host name to a switch.

ip-address Specifies the IP address or the host name of the remote Switch.

If you enter the host name, the Switch must be set to static resolution.

service-port Designates the TCP port number of the port that provides Telnet service on the switch. Valid values are 0 to 65535. If not specified, the default Telnet port number of 23 is used.

Example Telnet to the switch with the host name of S4200G2 and IP address of 129.102.0.1 from the current switch (with the host name of S4200G1).

<S4200G1> telnet 129.102.0.1<S4200G2>


■ User view

Description Use the telnet command to Telnet to another switch from the current switch to manage the former remotely. You can terminate a Telnet connection by pressing <Ctrl+K> or <Ctrl+]>.

Related Command display tcp status

3Com Switch 4200G Family terminal debugging ● 787 Command Reference

terminal debugging

Purpose Use the terminal debugging command to configure to display the debugging information on the terminal.

Use the undo terminal debugging command to configure not to display the debugging information on the terminal.

Syntax terminal debugging

undo terminal debugging

Parameters None

Default By default, the debug displaying function is disabled.

Example Enable debug terminal display.

<S4200G> terminal debugging


■ User view


788 ● terminal debugging 3Com Switch 4200G Family Command Reference

terminal debugging

Purpose Use the terminal debugging command to configure to display the debugging information on the terminal.

Use the undo terminal debugging command to configure not to display the debugging information on the terminal.

Syntax terminal debugging

undo terminal debugging

Parameters None

Default By default, the displaying function is disabled.

Example Enable the terminal display debugging.

<S4200G> terminal debugging


■ User view


3Com Switch 4200G Family terminal logging ● 789 Command Reference

terminal logging

Purpose Use the terminal logging command to enable log terminal display.

Use the undo terminal logging command to disable log terminal display.

Syntax terminal logging

undo terminal logging

Parameters None

Default By default, log terminal display is enabled for console users and disabled for terminal users.

Example Disable log terminal display.

<S4200G> undo terminal logging


■ User view

790 ● terminal monitor 3Com Switch 4200G Family Command Reference

terminal monitor

Purpose Use the terminal monitor command to enable the debug/log/trap terminal display function.

Use the undo terminal monitor command to disable the function.

Syntax terminal monitor

undo terminal monitor

Parameters None

Default By default, this function is enabled for the console user but disabled for terminal users.

Example Disable terminal display.

<S4200G> undo terminal monitor


■ User view

Description This command works only on the current terminal. Only after the command has been executed in user view, can the debug/log/trap information be output on the current terminal. Disabling the function has the same effect as executing the following three commands: undo terminal debugging, undo terminal logging and undo terminal trapping. That is, no debug/log/trap information will be displayed on the current terminal. If the function is enabled, you can run the terminal debugging/undo terminal debugging, terminal logging/undo terminal logging or terminal trapping/undo terminal trapping command to enable or disable debug/log/trap terminal output respectively.

3Com Switch 4200G Family terminal trapping ● 791 Command Reference

terminal trapping

Purpose Use the terminal trapping command to enable terminal trap information display.

Use the undo terminal trapping command to disable trap terminal display.

Syntax terminal trapping

undo terminal trapping

Parameters None

Default By default, this function is enabled.

Example Enable trap terminal display.

<S4200G> terminal trapping


■ User view

792 ● tftp 3Com Switch 4200G Family Command Reference

tftp

Purpose Use the tftp command to set the TFTP data transfer mode.

Syntax tftp { ascii | binary }

Parameters ascii Transfers data in the ASCII mode.

binary Transfers data in the binary mode.

Default By default, the binary mode is adopted.

Example Specify to adopt the ASCII mode.

<S4200G> system-view[S4200G] tftp asciiTFTP transfer mode changed to ASCII.


■ System view

3Com Switch 4200G Family tftp cluster get ● 793 Command Reference

tftp cluster get

Purpose Use the tftp cluster get command to download a specified file from a cluster TFTP server.

Syntax tftp cluster get source-file [ destination-file ]

Parameters source-file Directory and the name of the file to be downloaded on the cluster TFTP server.

destination-file Local directory and the file name which the downloaded file is to be saved as.

Example Download the file named LANSwitch.app from the cluster TFTP server and save it as vs.app.

<123_1.S4200G> tftp cluster get LANSwitch.app vs.app


■ User view

Related Command tftp cluster put

794 ● tftp cluster put 3Com Switch 4200G Family Command Reference

tftp cluster put

Purpose Use the tftp put command to upload a specified file to a specified directory of a cluster TFTP server.

Syntax tftp cluster put source-file [ destination-file ]

Parameters source-file Directory and the name of the file to be uploaded.

destination-file Remote directory and the file name which the uploaded file is to be saved as.

Example Upload the local file named vrpcfg.txt to the cluster TFTP server and save it as Temp.txt.

<123_1.S4200G> tftp cluster put vrpcfg.txt temp.txt


■ User view

Related Command tftp cluster get

3Com Switch 4200G Family tftp get ● 795 Command Reference

tftp get

Purpose Use the tftp get command to download a file from a TFTP server to this switch.

Syntax tftp tftp-server get source-file [ dest-file ]

Parameters tftp-server IP address or host name of a TFTP server.

source-file Name of the file which will be downloaded from the TFTP server.

dest-file Name of the file to which the downloaded file will be saved on the switch.

Example Download the file named abc.txt from the TFTP server whose IP address is 1.1.1.1 and save it as efg.txt.

<S4200G>tftp 1.1.1.1 get abc.txt efg.txt File will be transferred in binary mode. Downloading file from remote tftp server, please wait...... TFTP: 35 bytes received in 0 second(s). File downloaded successfully.


■ User view

Related Command tftp put

796 ● tftp put 3Com Switch 4200G Family Command Reference

tftp put

Purpose Use the tftp put command to upload a file from the switch to the specified directory on the TFTP server.

Syntax tftp tftp-server put source-file [ dest-file ]

Parameters tftp-server IP address or host name of the TFTP server. The name of the TFTP server should be a string from 1 to 20 characters long.

source-file Name of the file to be uploaded to the TFTP server.

dest-file Specifies the file name of the destination file that will be saved on the TFTP server.

Example Upload the file named vrpcfg.txt to the TFTP server whose IP address is 1.1.1.1 and save it as temp.txt.

<S4200G>tftp 1.1.1.1 put vrpcfg.cfg temp.cfg

File will be transferred in binary mode. Copying file to remote tftp server. Please wait... / TFTP: 962 bytes sent in 0 second(s). File uploaded successfully.


■ User view

Related Command tftp get

3Com Switch 4200G Family tftp-server ● 797 Command Reference

tftp-server

Purpose Use the tftp-server command to configure a TFTP server for cluster members on the management device.

Use the undo tftp-server command to cancel the TFTP server configuration.

Syntax tftp-server ip-address

undo tftp-server

Parameters ip-address IP address of TFTP server configured for the cluster.

Default By default, no TFTP server is configured.

Only after you assign an IP address for TFTP server of the cluster, member devices can access it through the management device.

Example Configure a TFTP server on the management device.

<aaa_0.S4200G>system-viewSystem View: return to User View with Ctrl+Z.[aaa_0.S4200G]cluster[aaa_0.S4200G-cluster] tftp-server 1.0.0.9


■ Cluster view

Description You need to configure the IP address of a TFTP server first for the member devices in a cluster to access the TFTP server through the management device.

Execute these two commands on management devices only.

798 ● tftp-server acl 3Com Switch 4200G Family Command Reference

tftp-server acl

Purpose Use the tftp-server acl command to specify the ACL (Access Control List) adopted for the connection between a TFTP client and a TFTP server.

Use the undo tftp-server acl command to cancel all ACLs adopted.

Syntax tftp-server acl acl-number undo tftp-server acl

Parameters acl-number The Basic ACL number. Valid values are 2000 to 2999.

Example Specify to adopt ACL 2000 on the TFTP client.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] tftp-server acl 2000The ACL number is not existent or contains no rule. Continue? [Y/N] y[S4200G]


■ System view

3Com Switch 4200G Family time-range ● 799 Command Reference

time-range

Purpose Use the time-range command to define a time range.

Use the undo time-range command to delete a time range.

Use the undo time-range all command to delete all time ranges.

Syntax time-range time-name { start-time to end-time days-of-the-week [ from start-time start-date ] [ to end-time end-date ] | from start-time start-date [ to end-time end-date ] | to end-time end-date }

undo time-range {time-name [ start-time to end-time days-of-the-week [ from start-time start-date ] [ to end-time end-date ] | from start-time start-date [ to end-time end-date ] | to end-time end-date ] | all }

Parameters time-name Name of a special time range to be referenced.

start-time Start time of the special time range, format as hh:mm. Optional argument.

end-time End time of the special time range, format as hh:mm. Optional argument.

days-of-the-week Means the special time is effective on a specified day every week. You can input the following parameters:

■ Numbers (ranging from 0 to 6)

■ Monday, Tuesday, Wednesday, Thursday, Friday, Saturday or Sunday

■ Working-day, representing 5 working days, from Monday to Friday

■ Off-days, representing Saturday and Sunday;

■ Daily, namely everyday of the week

from start-time start-dateSpecifies the start date of a special time range, optional. In the form of hh:mm MM/DD/ YYYY, start-time start-date and end-time end-date jointly define a date in which the special time range takes effect.

to end-time end-date Specifies the end date of a special time range, optional. In the form of hh:mm MM/DD/ YYYY, start-time start-date and end-time end-date jointly define a date on which the special time range takes effect.

all Deletes all time ranges.

If the two parameters above are not configured, it means there is no restriction to time-range.

800 ● time-range 3Com Switch 4200G Family Command Reference

Example Define a time range that is effective from 12:00 January 1, 2000 to 12:00 January 1, 2001.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] time-range test from 12:00 1/1/2000 to 12:00 1/1/2001


■ System view

Description The time range defined by means of the time-range command can include absolute time sections and periodic time sections. The start-time and end-time days-of-the-week jointly define a periodic time section, while start-time start-date and end-time end-date jointly define an absolute time section.

If only a periodic time section is defined in a time range, the time range is active only within the defined periodic time section.

If only an absolute time section is defined in a time, the time range is active only within the defined absolute time section.

If both a periodic time section and an absolute time section are defined in a time range, the time range is active only when the periodic time range and the absolute time range are both matched. Assume that a time range defines an absolute time section from 00:00 January 1, 2004 to 23:59 December 31, 2004, and a periodic time section from 12:00 to 14:00 every Wednesday. This time range is active only from 12:00 to 14:00 every Wednesday in 2004.

If you include any argument with the undo time-range command, the system will delete only the content defined by the argument from the time range.

3Com Switch 4200G Family timer ● 801 Command Reference

timer

Purpose Use the timer command to set the interval to send handshake packets.

Use the undo timer command to restore the default interval value.

Syntax timer interval

undo timer

Parameters Interval Handshake packet interval. Valid values are 1 to 255 seconds. If not specified, the default is 10 seconds.

Example Configure the interval to send handshake packets to be 3 seconds.

<aaa_0.S4200G>system-viewSystem View: return to User View with Ctrl+Z.[aaa_0.S4200G]cluster[aaa_0.S4200G-cluster] timer 3


■ Cluster view

Description Inside a cluster, the connections between member devices and the management device are kept through transmitting handshake packets. Handshake packets in a cluster enable the management device to acquire the information about member states link states.

Execute these two commands on management devices only. All the member devices in a cluster acquire the handshake interval setting from the management device.

802 ● timer 3Com Switch 4200G Family Command Reference

timer

Purpose Use the timer command to set the response timeout time of RADIUS server (that is, the timeout time of the response timeout timer of RADIUS server).

Use the undo timer command to restore the default response timeout timer of RADIUS server.

Syntax timer seconds

undo timer

Parameters seconds Sets the response timeout time (in seconds) of RADIUS server. Valid values are 1 to 10 seconds. If not specified, the default is 3 seconds.

Example To set the timeout time of the response timeout timer for the RADIUS scheme radius1 to 5 seconds, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] timer 5



Description Note:

■ If the switch gets no response from the RADIUS server after sending out a RADIUS request (authentication/authorization request or accounting request) and waiting for a time, it should retransmit the packet to ensure that the user can obtain the RADIUS service. This wait time is called response timeout time of RADIUS server; and the timer in the switch system that is used to control this time is called the response timeout timer of RADIUS server. You can use the timer command to set the timeout time of this timer.


■ The timer command has the same effect with the timer response-timeout command.

Related Commands ■ radius scheme

■ retry

3Com Switch 4200G Family timer quiet ● 803 Command Reference

timer quiet

Purpose Use the timer quiet command to set the wait time for the primary server to restore the active state.

Use the undo timer quiet command to restore the default wait time.

Syntax timer quiet minutes

undo timer quiet

Parameters minutes Specifies the wait time (in minutes) the primary server waits before restoring the active state. Valid values are 1 to 255 minutes. If not specified, the default is 5 minutes.

Example To set the wait time for the primary server to restore the active state to 10 minutes, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] timer quiet 10




804 ● timer realtime-accounting 3Com Switch 4200G Family Command Reference


Purpose Use the timer realtime-accounting command to set the real-time accounting interval.

Use the undo timer realtime-accounting command to restore the default real-time accounting interval.

Syntax timer realtime-accounting minutes

undo timer realtime-accounting

Parameters minutes Specifies the real-time accounting interval (in minutes). Valid values are 3 to 60 minutes in multiples of 3. If not specified, the default interval is 12 minutes.

Example To set the real-time accounting interval of the RADIUS scheme radius1 to 51 minutes. enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] timer realtime-accounting 51



Description Note:

■ To charge the users in real time, you should set the interval of real-time accounting. After the setting, the switch sends the accounting information of online users to the RADIUS server at regular intervals.

■ The setting of the real-time accounting interval depends to some degree on the performance of the switch and the RADIUS server. The higher the performance of the switch and the RADIUS server is, the shorter the interval can be. You are recommended to set the interval as long as possible when the number of users is relatively great (f1000). Table 113 lists the numbers of users and the corresponding recommended intervals.

Table 113 Numbers of users and corresponding recommended intervals

Number of usersReal-time accounting interval (minute)

1 to 99 3

100 to 499 6

500 to 999 12

f1000 f15

3Com Switch 4200G Family timer realtime-accounting ● 805 Command Reference

Related Commands ■ retry realtime-accounting

■ radius scheme

806 ● timer response-timeout 3Com Switch 4200G Family Command Reference

timer response-timeout

Purpose Use the timer response-timeout command to set the response timeout time of RADIUS servers.

Use the undo timer command to restore the default response timeout timer of RADIUS servers.

Syntax timer response-timeout seconds

undo timer response-timeout

Parameters seconds Sets the response timeout time (in seconds) of RADIUS servers. Valid values are 1 to 10 seconds. If not specified, the default timeout time is 3 seconds.

Example To set the response timeout time in the RADIUS scheme radius1 to five seconds, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1New Radius scheme[S4200G-radius-radius1] timer response-timeout 5



Description Note:

■ If the switch gets no response from the RADIUS server after sending out a RADIUS request (authentication/authorization request or accounting request) and waiting for a time, it should retransmit the packet to ensure that the user can obtain the RADIUS service. This wait time is called response timeout time of RADIUS servers; and the timer in the switch system that is used to control this time is called the response timeout timer of RADIUS servers. You can use the timer response-timeout command to set the timeout time of this timer.


■ This command has the same effect with the timer command.

Related Commands ■ radius scheme

■ retry

3Com Switch 4200G Family topology accept ● 807 Command Reference

topology accept

Purpose Use the topology accept command to confirm the current topology information of the cluster and save that as a standard topology.

Use the undo topology accept command to delete the current topology information of the cluster.

Syntax topology accept { all [ save-to { administrator | local-flash } ] | mac-address mac-address | member-id member-number }

undo topology accept { all | mac-address mac-address | member-id member-number }

Parameters mac-address Specifies a bridge MAC address of the device while the device authenticates the topology authenticated by the topology, in the format of H-H-H.

member-number Specifies the member number from which the topology displays or the member numbers at the starting point and ending point of a specified path.

save-to Configures to save a standard topology to the FTP server or the flash while saving the standard topology. This file is named topology.top universally.

Example Accept the current topology as a standard topology.

<123> system-viewSystem View: return to User View with Ctrl+Z[123] cluster[123.abc-cluster] topology accept all


■ Cluster view


The topology.top file is used to save standard topology information on the FTP server or the local flash. The saved information includes information of the white list and blacklist. The blacklist is a list of devices that are not allowed to join the cluster. The white list is a list of devices that can join the cluster.

808 ● topology restore-from 3Com Switch 4200G Family Command Reference

topology restore-from

Purpose Use the topology restore-from command to obtain and restore the standard topology information from the local flash.

Syntax topology restore-from local flash

Parameters None

Example Obtain and restore the standard topology information.

<123> system-viewSystem View: return to User View with Ctrl+Z[123] cluster[123.abc-cluster] topology restore-from local-flash


■ Cluster view


3Com Switch 4200G Family topology save-to ● 809 Command Reference

topology save-to

Purpose Use the topology save-to command to save the standard topology information into the local flash.

Syntax topology save-to local flash

Parameters None

Example Save the standard topology information into the local flash.

<123> system-viewSystem View: return to User View with Ctrl+Z[123] cluster[123.abc-cluster] topology save-to local-flash


■ Cluster view

Description The topology includes white list and blacklist. The file is named topology.top universally.

This command can be executed only on the management device.

810 ● tracemac 3Com Switch 4200G Family Command Reference

tracemac

Purpose Use the tracemac command to locate a device by MAC address or IP address.

Syntax tracemac { by-mac mac-address vlan vlan-id | by-ip ip-address } [ nondp ]

Parameters by-mac Configures to locate a device by MAC address.

mac-address Specifies a MAC address of the device to be traced, in the format of H-H-H.

vlan-id Configures to trace a device by a specified VLAN ID, ranging from 1 to 4094.

by-ip Configures to locate a device by IP address.

ip-address Specifies the IP address of a device to be traced.

nondp Configures not to use neighboring information of the NDP protocol.

Example Locate a device by MAC address.

<123> system-viewSystem View: return to User View with Ctrl+Z[123] tracemac by-mac 000f-3232-0005 vlan 1Tracing MAC address 000f-3232-0005 in vlan 11 000f-3232-0001abc01 ethernet1/0/22 000f-3232-0002abc02 ethernet1/0/73 000f-3232-0003abc03 ethernet1/0/44 000f-3232-0005abc05 Local

Locate a device by IP address.

[123] tracemac by-ip 1922.168.1.5Tracing MAC address 000f-3232-0005 in vlan 11 000f-3232-0001abc01 ethernet0/22 000f-3232-0002abc02 ethernet0/73 000f-3232-0003abc03 ethernet0/44 000f-3232-0005abc05 Local


■ Any view

3Com Switch 4200G Family tracert ● 811 Command Reference

tracert

Purpose Use the tracert command to trace the gateways the test packets passes through during its journey from the source to the destination.

tracert [[ -a source-ip] -f first-TTL ] [ -m max-TTL ] [ -p port ] [ -q num-packet ] [ -w timeout ] string

Parameters -a source-IP Configures the source IP address used by tracert command.

-f Sets the initial TTL of the packets to be sent, so that this command displays the addresses of only those gateways on the path whose hop counts are not smaller than the hop count specified by the first-TTL argument. The first-TTL argument ranges from 1 to 255 and defaults to 1.

-m Sets the maximum TTL value of the packets to be sent, so that this command displays the addresses of only those gateways on the path whose hop counts are not greater than the hop count specified by the max-TTL argument. After the command sends a packet with the maximum TTL, it will not send any more packets. The max-TTL argument ranges from 1 to 255 and defaults to 30.

-p Sets the destination port of the packets to be sent. The port argument ranges from 0 to 65535 and defaults to 33434. Generally, you need not change the argument.

-q Sets the number of packets to be sent every time. The nqueries argument ranges from 0 to 65,535 and defaults to 3.

-w Sets the timeout time to wait for ICMP error packets. The timeout argument ranges from 0 to 65,535 and defaults to 5,000 (in milliseconds).

string IP address of the destination host, or host name of the remote system with 1 to 20 characters.

Default By default, when the parameters are not specified,

■ first-TTL is 1,

■ max-TTL is 30,

■ port is 33434,

■ nqueries is 3

■ timeout is 5000 ms.

Example Test the gateways passed by the packets to the destination host at 18.26.0.115.

812 ● tracert 3Com Switch 4200G Family Command Reference

<S4200G>tracert 18.26.0.115tracert to allspice.lcs.mit.edu (18.26.0.115), 30 hops max1 helios.ee.lbl.gov (128.3.112.1) 0 ms 0 ms 0 ms2 lilac-dmc.Berkeley.EDU (128.32.216.1) 19 ms 19 ms 19 ms3 lilac-dmc.Berkeley.EDU (128.32.216.1) 39 ms 19 ms 19 ms4 ccngw-ner-cc.Berkeley.EDU (128.32.136.23) 19 ms 39 ms 39 ms5 ccn-nerif22.Berkeley.EDU (128.32.168.22) 20 ms 39 ms 39 ms6 128.32.197.4 (128.32.197.4) 59 ms 119 ms 39 ms7 131.119.2.5 (131.119.2.5) 59 ms 59 ms 39 ms8 129.140.70.13 (129.140.70.13) 80 ms 79 ms 99 ms9 129.140.71.6 (129.140.71.6) 139 ms 139 ms 159 ms10 129.140.81.7 (129.140.81.7) 199 ms 180 ms 300 ms11 129.140.72.17 (129.140.72.17) 300 ms 239 ms 239 ms12 * * *13 128.121.54.72 (128.121.54.72) 259 ms 499 ms 279 ms14 * * *15 * * *16 * * *17 * * *18 ALLSPICE.LCS.MIT.EDU (18.26.0.115) 339 ms 279 ms 279 ms


■ Any view

Description The tracert command is primarily used to check the network connectivity. It can also help you locate the trouble spot of the network.

If you find that the network is in trouble by using the ping command, you can use the tracert command to find where the trouble is in the network.

The executing procedure of the tracert command is as follows. First, the source sends a packet with the TTL of 1, and the first hop device returns an ICMP error message indicating that it cannot forward this packet because of TTL timeout. Then, the source re-sends a packet with the TTL of 2, and the second hop device also returns an ICMP TTL timeout message. This procedure continues until a packet gets to the destination or the maximum TTL is reached. During the procedure, the system records the source address of each ICMP TTL timeout message in order to offer the path that the packets pass through to the destination.

The tracert command can output the IP addresses of all the gateways the packets pass through to the destination. You will see the string "***" if a gateway times out.

3Com Switch 4200G Family traffic-limit ● 813 Command Reference

traffic-limit

Purpose Use the traffic-limit command to use ACL rules in traffic identifying and traffic policing for the packet matching with the ACL rules and to set traffic policing parameters.

Use the undo traffic-limit command to disable traffic policing.

Syntax traffic-limit inbound acl-rule target-rate

undo traffic-limit inbound acl-rule

Parameters inbound Indicates that traffic policing is performed on the packets received on the port.


target-rate Specifies the rate at which to limit the packets received on the port in kbps. Its value range varies with different ports as follows:

■ Gigabit port: In the rang of 1 to 1000000

■ 10G port: In the rang of 1 to 100000000

Example To perform traffic policing for packets matching with ACL 4000 rules. Limit the rate within 128 kbps and drop the packets exceeding the traffic limit, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface gigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] traffic-limit inbound link-group 4000 128











814 ● traffic-limit 3Com Switch 4200G Family Command Reference

Description The command is used in traffic policing for packets matching with the specified ACL rules. It is applicable only to ACL rules with permit action.

The granularity of traffic policing is described in the following table:

Table 115 The granularity of traffic policing

The rang of total rate Granularity (bps)

0 to 1M 1K

0 to 10M 10K

0 to 100M 100K

0 to 1G 1M

0 to 10G 10M

3Com Switch 4200G Family traffic shape ● 815 Command Reference

traffic shape

Purpose Use the traffic-shape command to enable traffic shaping and send the packets out at an even rate.

Use the undo traffic-shape command to disable traffic shaping.

Syntax traffic-shape [ queue queue-id ] max-rate burst-size

undo traffic-shape [ queue queue-id ]

Parameters queue queue-id Specifies the ID of a queue. Valid values are 1 to 7.

max-rate Specifies the maximum traffic rate on a port, in kbps.

burst-size Specifies the burst size measured in kbyte. Valid values are 12 to 16000. The value must be in multiples of 4 kbytes.

Example To perform traffic shaping on the current port. Set the max rate to 650kbps and the burst size to 12kbytes, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface gigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] traffic-shape 650 12



Description The switch supports two forms of traffic shaping:

■ Traffic shaping for all the traffic of a port. The function can be implemented when queue queue-id in the traffic-shape command is not specified.

■ Traffic shaping for the specified output queues. The function can be implemented when queue queue-id in the traffic-shape command is specified.

Table 116 The granularity of traffic shaping

Port classThe set traffic shaping value Granularity (bps)

GE ports 0 to 80M 20K

GE ports 80M to 1G 260K

10GE ports 0 to 10G 2500K

816 ● traffic-statistic 3Com Switch 4200G Family Command Reference

traffic-statistic

Purpose Use the traffic-statistic command to use ACL rules in traffic identifying and perform traffic statistics on the packets matching with the ACL rules.

Use the undo traffic-statistic command to disable traffic statistics.

Syntax traffic-statistic inbound acl-rule

undo traffic-statistic inbound acl-rule

Parameters inbound Indicates that traffic redirect is performed on the packets received on the port.


Example To perform traffic statistics on packets matching with ACL 2000 rules, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface gigabitEthernet1/0/1[S4200G-GigabitEthernet1/0/1] traffic-statistic inbound ip-group 2000


■ System view

Description Use the display qos-interface traffic-statistic command to display the times of hardware matching in packet forwarding.

Related Command display qos-interface traffic-statistic









3Com Switch 4200G Family udp-helper enable ● 817 Command Reference

udp-helper enable

Purpose Use the udp-helper enable command to enable the UDP Helper function.

Use the undo udp-helper enable command to disable the UDP Helper function.

Syntax udp-helper enable

undo udp-helper enable

Parameters None

Default By default, UDP Helper function is disabled.

Example To enable the UDP Helper function.

<SW4200G>system-viewSystem View: return to User View with Ctrl+Z.[SW4200G]udp-helper enable


■ System view

818 ● udp-helper port 3Com Switch 4200G Family Command Reference

udp-helper port

Purpose Use the udp-helper port command to configure the UDP port with relay function.

Use the undo udp-helper port command to remove the UDP configuration.

Syntax udp-helper port { port | dns | netbios-ds | netbios-ns | tacacs | tftp | time }

undo udp-helper port { port | dns | netbios-ds | netbios-ns | tacacs | tftp | time }

Parameters port Specifies the ID of the UDP port with relay function to be enabled. Valid values are 1 to 65535.

dns Domain name service, corresponding to UDP port 53.

netbios-ds NetBios datagram service, corresponding to UDP port 138.

netbios-ns NetBios name service, corresponding to UDP port 137.

tacacs TAC access control system, corresponding to UDP port 49.

tftp Trivial file transfer protocol, corresponding to UDP port 69.

time Time service, corresponding to UDP port 37.

Example To configure the UDP port with relay function as the UDP port corresponding to DNS, enter the following:

<SW4200G>system-viewSystem View: return to User View with Ctrl+Z.[SW4200G]udp-helper port dns


■ System view

3Com Switch 4200G Family udp-helper server ● 819 Command Reference

udp-helper server

Purpose Use the udp-helper server command to configure the relay destination server for UDP broadcast packets.

Use the undo udp-helper server command to delete the relay destination server.

Syntax udp-helper server ip-address

undo udp-helper server [ ip-address ]

Parameters ip-address Specifies the IP address of the destination server.

Default By default, no relay destination server is configured.

Example To configure the relay destination server with IP address 192.1.1.2, enter the following:

<SW4200G>system-viewSystem View: return to User View with Ctrl+Z.[SW4200G]interface vlan-interface 1[SW4200G-Vlan-interface1]udp-helper server 192.1.1.2



Related Command display udp-helper server

820 ● undelete 3Com Switch 4200G Family Command Reference

undelete

Purpose Use the undelete command to restore a deleted file.

Syntax undelete file-url

Parameters file-url Path name or the file name of a file in the Flash, comprised of a string from1 to 142 characters long.

Example Restore the deleted file named sample.bak.

<S4200G> undelete sample.bakUndelete flash:/sample.bak ?[Y/N]:y% Undeleted file flash:/sample.bak


■ User view

Description The file name to be recovered cannot be the same as an existing directory name. If the destination file name is the same as an existing file name, a prompt will be displayed asking whether to overwrite the existing file.

3Com Switch 4200G Family user ● 821 Command Reference

user

Purpose Use the user command to switch to a specified user.

Syntax user username [ password ]

Parameters username User name used to log into an FTP server.

password Password used to log into an FTP server.

Example Log into the FTP server using the user account with the user name being

tom and the password being 111.

<S4200G> ftp 2.2.2.2 Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(none):switch 331 Give me your password, please Password:***** 230 Logged in successfully [ftp] user tom 111331 Give me your password, please230 Logged in successfully


■ FTP Client view

Description After logging into an FTP server, you can switch to another user by using the user command.

822 ● user-interface 3Com Switch 4200G Family Command Reference

user-interface

Purpose Using user-interface command to enter one or more user interface views to perform configuration.

Syntax user-interface [ type ] first-number [ last-number ]

Parameters type Specifies the user interface type, which can be aux or vty.

first-number Specifies the user interface index, which identifies the first user interface to be configured.

last-number Specifies the user interface index, which identifies the last user interface to be configured.

Example Enter VTY 0 user interface view.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] user-interface vty 0[S4200G-ui-vty0]


■ System view

3Com Switch 4200G Family user-name-format ● 823 Command Reference

user-name-format

Purpose Use the user-name-format command to set the format of the user names to be sent to RADIUS server.

Syntax user-name-format { with-domain | without-domain }

Parameters with-domain Specifies to include ISP domain names in the user names to be sent to RADIUS servers.

without-domain Specifies to exclude ISP domain names from the user names to be sent to RADIUS servers.

Default By default, except for the default RADIUS scheme "system", the user names sent to RADIUS servers in any RADIUS scheme carry ISP domain names.

Example To specify that the user names sent to a RADIUS server in RADIUS scheme radius1 does not carry ISP domain names, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] radius scheme radius1



Description Note:

■ Generally, an access user is named in the userid@isp-name format. Where, isp-name behind the @ character represents the ISP domain name, by which the device determines which ISP domain it should ascribe the user to. However, some old RADIUS servers cannot accept the user names that carry ISP domain names. In this case, it is necessary to remove the domain names carried in the user names before sending the user names to the RADIUS server. For this reason, the user-name-format command is designed for you to specify whether or not ISP domain names are carried in the user names sent to the RADIUS server.

■ For a RADIUS scheme, if you have specified that no ISP domain names are carried in the user names, you should not use this RADIUS scheme in more than one ISP domain. Otherwise, such errors may occur: the RADIUS server regards two different users having the same name but belonging to different ISP domains as the same user (because the user names sent to it are the same).


824 ● user privilege level 3Com Switch 4200G Family Command Reference

user privilege level

Purpose Use the user privilege level level command to configure the command level that a user can access from the specified user interface.

Use the undo user privilege level command to restore the default command level.

Syntax user privilege level level

undo user privilege level

Parameters level Specifies the level of command that a user can access. Valid values are 0 to 3.

Default By default, a user can access all commands at Level 3 after logging in through the AUX user interface, and all commands at Level 0 after logging in through a VTY user interface.

Example Configure that commands of level 0 are available to the users logging into VTY 0.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] user-interface vty0[S4200G-ui-vty0] user privilege level 0

You can verify the above configuration by Telneting to VTY 0 and displaying the available commands, as listed in the following.

<S4200G> ?User view commands: cluster Run cluster command language-mode Specify the language environment ping Ping function quit Exit from current command view super Privilege specified user priority level telnet Establish one TELNET connection tracert Trace route function



Description The user can use all the available commands at this command level.

3Com Switch 4200G Family verbose ● 825 Command Reference

verbose

Purpose Use the verbose command to enable the verbose function, which displays execution and response information of other related commands.

Use the undo verbose command to disable verbose.

Syntax verbose

undo verbose

Parameters None

Default By default, verbose is disabled.

Example Enable verbose.

<S4200G> ftp 2.2.2.2 Trying ... Press CTRL+K to abort Connected. 220 WFTPD 2.0 service (by Texas Imperial Software) ready for new user User(none):switch 331 Give me your password, please Password:***** 230 Logged in successfully [ftp] verbose


■ FTP Client view

826 ● virtual-cable-test 3Com Switch 4200G Family Command Reference

virtual-cable-test

Purpose Use the virtual-cable-test command to enable the system to test the cable connected to a specific port and to display the results.

Syntax virtual-cable-test

Parameters None

Default By default, the test of the connection cable of the Ethernet port is closed, that is, the system does not test the cable connected to the Ethernet port.

Example Enable the system to test the cable connected.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet1/0/1[S4200G-GigabitEthernet0/1] virtual-cable-testCable status: abnormal(open), 7 metresPair Impedance mismatch: yesPair skew: 4294967294 nsPair swap: swapPair polarity: normalInsertion loss: 7 dbReturn loss: 7 dbNear-end crosstalk: 7 db



Description The system can test these attributes of the cable:

■ Cable status, including normal, abnormal, abnormal-open, abnormal-short and failure

■ Cable length

■ Pair Impedance mismatch

■ Pair skew

■ Pair swap

■ Pair polarity

■ Insertion loss

■ Return loss

■ Near-end crosstalk

3Com Switch 4200G Family virtual-cable-test ● 827 Command Reference

Note:

■ If the cable is in normal state, the displayed length value is the total length of the cable.

■ If the cable is in any other state, the displayed length value is the length from the port to the faulty point.

The speed and undo speed commands cannot be configured on a combo port.

828 ● vlan 3Com Switch 4200G Family Command Reference

vlan

Purpose Use the vlan command to enter the VLAN view.

Use the undo vlan command to remove a VLAN.

Syntax vlan vlan-id

undo vlan { vlan-id1 to vlan-id2 | all }

Parameters vlan-id Specifies the ID of the VLAN you want to configure. Valid values are 1 to 4094.

vlan-id1 Beginning VLAN ID. Valid values are 1 to 4094.

to Specifies a VLAN ID range.

vlan-id2 Ending VLAN ID. Valid values are 1 to 4094. Note that this value cannot be less than the vlan-id2 argument.

all Delete all VLANs.

CAUTION: The undo vlan all command cannot be used to remove the VLANs kept by protocols, voice VLANs, the default VLANs (VLAN 1), management VLANs, and the remote probe VLANs.

Default VLAN 1 is the default VLAN and cannot be deleted.

If the VLAN to be removed is the management VLAN, but not the default management VLAN, VLAN 1 becomes the management VLAN after the VLAN is removed.

Example To enter VLAN 1 view, enter the following:

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] vlan 1[S4200G-vlan1]

Remove VLAN 2 through VLAN 9, assuming that VLAN 5 is a voice VLAN.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] undo vlan 2 to 9This may delete all static VLAN except the VLAN kept by protocol, the voice VLAN, the default VLAN, the management VLAN and the remote probe VLAN.[S4200G] display vlanThe following VLANs exist: 1(default), 5

3Com Switch 4200G Family vlan ● 829 Command Reference


■ System view

Description If the VLAN identified by the vlan-id argument does not exist, this command creates the VLAN and then enters VLAN view.

830 ● vlan-assignment-mode 3Com Switch 4200G Family Command Reference

vlan-assignment-mode

Purpose Use the vlan-assignment-mode command to set the VLAN assignment mode on the switch.

Syntax vlan-assignment-mode { integer | string }

Parameters integer Sets the VLAN assignment mode to integer.

string Sets the VLAN assignment mode to string.

Default By default, the VLAN assignment mode is integer. That is, the switch supports the integer type of VLAN IDs assigned by RADIUS authentication server.

Example To set the VLAN assignment mode to string, enter the following:

[S4200G-isp-3Com163.net] vlan-assignment-mode string


■ ISP Domain view

Description Through dynamic VLAN assignment, the Ethernet switch dynamically adds the ports of the successfully authenticated users to different VLANs depending on the attribute values assigned by RADIUS server, so as to control the network resources the users can access.

In actual application, to cooperate with Guest VLAN, port control is usually set to the port-based mode. If it is set to the MAC address–based mode, each port can have only one user end connected.

Currently, the switch supports the following two data types of VLAN ID assigned by RADIUS authentication server:

■ Integer: If the RADIUS server assigns integer type of VLAN IDs, you can set the VLAN assignment mode to integer on the switch (this is also the default mode on the switch). Then, upon receiving an integer ID assigned by the RADIUS authentication server, the switch adds the port to the VLAN whose VLAN ID is equal to the assigned integer ID. If no such a VLAN exists, the switch first creates a VLAN with the assigned ID, and then adds the port to the newly created VLAN.

■ String: If the RADIUS server assigns string type of VLAN IDs, you can set the VLAN assignment mode to string on the switch. Then, upon receiving a string ID assigned by the RADIUS authentication server, the switch compares the ID with existing VLAN names on the switch. If it finds a match, it adds the port to the corresponding VLAN. Otherwise, the VLAN assignment fails and the user cannot pass the authentication.

3Com Switch 4200G Family vlan-assignment-mode ● 831 Command Reference

Note: In string mode, if the VLAN ID assigned by the RADIUS server is a character string containing only digits (for example, 1024), the switch first regards it as an integer VLAN ID: the switch transforms the string to an integer value and judges if the value is in the valid VLAN ID range; if it is, the switch adds the authenticated port to the VLAN with the value as the VLAN ID (VLAN 1024, for example).

Related Commands ■ dot1x guest-vlan

■ name

832 ● vlan-mapping modulo 3Com Switch 4200G Family Command Reference

vlan-mapping modulo

Purpose Use the vlan-mapping modulo command to map VLANs to specific spanning tree instances.

Syntax vlan-mapping modulo modulo

Parameters modulo Specifies the modulo. Valid values are 1 to 16.

Default By default, all VLANs in a network are mapped to the CIST (spanning tree instance 0).

Example To map VLANs to spanning tree instances using the modulo of 16, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] stp region-configuration [S4200G-mst-region] vlan-mapping modulo 16


■ MST Region view

Description MSTP uses VLAN mapping tables to describe VLAN-to-spanning tree instance mappings. You can use this command to establish VLAN mapping tables and to map VLANs to specific spanning tree instances.

Note that a VLAN cannot be mapped to multiple spanning tree instances at a time. A VLAN-to-spanning tree instance mapping becomes invalid when you map the VLAN to another spanning tree instance.

You can map large amounts of VLANs to specific spanning tree instances quickly by using the vlan-mapping modulo modulo command. The ID of the spanning tree instance to which a VLAN is mapped can be figured out by using the following expression:

(VLAN ID-1) % modulo + 1

where (VLAN ID-1) % modulo yields the module of (VLAN ID-1) with regards to modulo. For example, if you set the modulo argument to 16, VLAN 1 is mapped to spanning tree instance 1, VLAN 2 is mapped to spanning tree instance 2, …, VLAN 16 is mapped to spanning tree instance 16, VLAN 17 is mapped to spanning tree instance 1, and so on.

3Com Switch 4200G Family vlan-mapping modulo ● 833 Command Reference



■ region-name

■ revision-level

834 ● vlan-vpn enable 3Com Switch 4200G Family Command Reference

vlan-vpn enable

Purpose Use the vlan-vpn enable command to enable the VLAN-VPN function for a port.

Use the undo vlan-vpn command to disable the VLAN-VPN function for a port.

Syntax vlan-vpn enable

undo vlan-vpn

Parameters None

Default By default, the VLAN-VPN function is disabled.

Example Enable the VLAN-VPN function for Ethernet1/0/1 port.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G]interface Ethernet 1/0/1[S4200G-Ethernet1/0/1] vlan-vpn enable



Description With the VLAN VPN function enabled, a received packet is tagged with the default VLAN tag of the receiving port no matter whether or not the packet already carries a VLAN tag. If the packet already carries a VLAN tag, the packet becomes a dual-tagged packet. Otherwise, the packet becomes a packet carrying the default VLAN tag of the port.

CAUTION: The VLAN-VPN function is unavailable if the port has any of the protocols among GVRP, GMRP, STP, IRF, NTDP and 802.1x enabled.

CAUTION: If this port is a remote mirror reflection port, the VLAN-VPN function cannot be enabled on the port.

3Com Switch 4200G Family vlan-vpn tpid ● 835 Command Reference

vlan-vpn tpid

Purpose Use the vlan-vpn tpid command to set a TPID value for a port. The setting takes effect only when the VLAN-VPN or VLAN-VPN uplink function is enabled.

Use the undo vlan-vpn tpid command to restore the default TPID value.

Syntax vlan-vpn tpid value

undo vlan-vpn tpid

Parameters value TPID value (in hexadecimal format) to be set. Valid values for this argument are from 1 to 0xFFFF.

Default The default TPID value is 0x8100.

Example Set the TPID value to 0x12 for Ethernet1/0/2 port.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface GigabitEthernet 1/0/2[S4200G-GigabitEthernet 1/0/2] vlan-vpn tpid 12



Description Do not set the TPID value to a value that conflicts with the known protocol type values (such as 0x0806, which is that of ARP packets). Otherwise, the packet may be discarded.

Table 118 Common Ethernet frame protocol type values

Protocol type Value

ARP 0x0806

IP 0x0800

MPLS 0x8847/0x8848

IPX 0x8137

IS-IS 0x8000

LACP 0x8809

802.1x 0x888E

836 ● vlan-vpn tunnel 3Com Switch 4200G Family Command Reference

vlan-vpn tunnel

Purpose Use the vlan-vpn tunnel command to enable the BPDU tunnel function.

Use the undo vlan-vpn tunnel command to disable the BPDU tunnel function.

Syntax vlan-vpn tunnel

undo vlan-vpn tunnel

Parameters None

Default By default, the BPDU tunnel function is disabled.

Example To enable the BPDU tunnel function for the switch, enter the following:

<S4200G> system-view System View: return to User View with Ctrl+Z.[S4200G] vlan-vpn tunnel

Note:

■ You must enable STP on a device before enabling the BPDU tunnel function on it.

■ The BPDU tunnel function is only available to access ports.

■ To implement the BPDU tunnel function, the links between operator networks must be trunk links.

■ As the VLAN VPN function is unavailable to the ports with 802.1x, GVRP, GMRP, STP, or NTDP employed, the BPDU tunnel function is unavailable to these ports.


■ System view

Description The BPDU tunnel function enables BPDUs to be transparently transmitted between geographically dispersed user networks through specified VLAN VPNs in operator’s networks, allowing spanning trees to be generated across these user networks and keep independent of those of the operator’s networks.

3Com Switch 4200G Family vlan-vpn uplink enable ● 837 Command Reference

vlan-vpn uplink enable

Purpose Use the vlan-vpn uplink enable command to configure a port to be a VLAN-VPN uplink port.

Use the undo vlan-vpn uplink command to remove the configuration.

Syntax vlan-vpn uplink enable

undo vlan-vpn uplink

Parameters None

Example Configure Ethernet1/0/2 port to be a VLAN-VPN uplink port.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G]interface Ethernet 1/0/2[S4200G-Ethernet1/0/2] vlan-vpn uplink enable VLAN-VPN uplink status: enabled



Description When sending a VLAN-VPN packet, a VLAN-VPN uplink port replaces the TPID value in the outer VLAN tag of the packet with the customized TPID value. You can use the vlan-vpn tpid command to set the TPID value used by the VLAN-VPN uplink port.

CAUTION: The vlan-vpn uplink enable command and the vlan-vpn enable command are mutually exclusive. That is, if you execute the vlan-vpn

enable command on a port, you will fail to execute the vlan-vpn uplink

enable command on the same port. Similarly, if you execute the vlan-vpn

uplink enable command on a port, you will fail to execute the vlan-vpn

enable command on the same port.

838 ● voice vlan 3Com Switch 4200G Family Command Reference

voice vlan

Purpose Use the voice vlan command to enable the voice VLAN function globally.

Use the undo voice vlan enable command to disable the voice VLAN function globally.

Syntax voice vlan vlan-id enable

undo voice vlan enable

Parameters vlan-id ID of the VLAN for which the voice VLAN function is to be enabled. Valid values for this argument are from 2 to 4,094.

Example Enable the voice VLAN function for VLAN 2.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] vlan 2[S4200G-vlan2] quit[S4200G] voice vlan 2 enable

With the voice VLAN function enabled for VLAN 2, the following message appears if you enable the voice VLAN function for another VLAN, for example, VLAN 4.

[S4200G] voice vlan 4 enableCan't change voice vlan configuration when other voice vlan is running


■ System view

Description Use the voice vlan command to enable the voice VLAN function globally.

Use the undo voice vlan enable command to disable the voice VLAN function globally.

CAUTION:

■ Before enabling the voice VLAN function, make sure the VLAN for which the voice VLAN function is to be enabled exists. Otherwise, you will fail to perform the operation.

■ To remove a VLAN with the voice VLAN function enabled, you need to disable the voice VLAN function first.

■ Only one VLAN can have the voice VLAN function enabled at a time.

Related Command display voice vlan status

3Com Switch 4200G Family voice vlan aging ● 839 Command Reference

voice vlan aging

Purpose Use the voice vlan aging command to set the aging time for a voice VLAN.

Use the undo voice vlan aging command to restore the default aging time for a voice VLAN.

Syntax voice vlan aging minutes

undo voice vlan aging

Parameters minutes Aging time (in minutes) to be set for a voice VLAN. Valid values for this argument are from 5 to 43,200. If not specified, the default is 1,440.

Example Set the aging time of the voice VLAN to 100 minutes.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] voice vlan aging 100


■ System view


840 ● voice vlan enable 3Com Switch 4200G Family Command Reference

voice vlan enable

Purpose Use the voice vlan enable command to enable the voice VLAN function for a port.

Use the undo voice vlan enable command to disable the voice VLAN function for a port.

Syntax voice vlan enable

undo voice vlan enable

Parameters None

Example Enable the voice VLAN function for GigabitEthernet1/0/2 port.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface ethernet1/0/2[S4200G-Ethernet1/0/2] voice vlan enable



Description The voice VLAN function takes effect on a port only when it is enabled in both system view and port view. Note that the operation to enable the voice VLAN function for a port is independent of that to enable the function globally.


3Com Switch 4200G Family voice vlan mac-address ● 841 Command Reference

voice vlan mac-address

Purpose Use the voice vlan mac-address command to set a MAC address used for a voice VLAN to identify voice devices.

Use the undo voice vlan mac-address command to remove a MAC address used to identify voice devices.

Syntax voice vlan mac-address oui mask oui-mask [ description string ]

undo voice vlan mac-address oui

Parameters oui MAC address to be set. You need to provide this argument in the format of H-H-H.

oui-mask MAC address mask in the format of H-H-H. This argument specifies the valid bits of the MAC address.

string Description of the MAC address, consisting of a string from 1 to 30 characters long.

Example Set 00aa-bb00-0000 as an OUI address, with a description of "ABC".

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] voice vlan mac-address 00aa-bb00-0000 mask ffff-ff00-0000 description ABC


■ System view

Description A switch can use up to 16 MAC addresses to identify voice devices, including the four default MAC addresses (as listed in Table 2-2). When the number of MAC addresses reaches 16, you will fail to add new MAC addresses.s

Related Command display voice vlan oui

Table 119 Default OUI address

Number OUI Description

1 00e0-bb00-0000 3com phone

2 0003-6b00-0000 Cisco phone

3 00e0-7500-0000 Polycom phone

4 00d0-1e00-0000 Pingtel phone

842 ● voice vlan mode 3Com Switch 4200G Family Command Reference

voice vlan mode

Purpose Use the voice vlan mode auto command to configure an Ethernet port to operate in the automatic voice VLAN mode.

Use the undo voice vlan mode auto command to configure an Ethernet port to operate in the manual voice VLAN mode.

Syntax voice vlan mode auto

undo voice vlan mode auto

Parameters None

Default By default, an Ethernet port operates in the automatic voice VLAN mode.

Example Configure Ethernet 1/0/2 port to operate in the manual voice VLAN mode.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] interface ethernet 1/0/2[S4200G-Ethernet1/0/2] undo voice vlan mode auto



Description Use the voice vlan mode auto command to configure an Ethernet port to operate in the automatic voice VLAN mode.

Use the undo voice vlan mode auto command to configure an Ethernet port to operate in the manual voice VLAN mode.

These two commands are valid only before you enable the voice VLAN function globally.


3Com Switch 4200G Family voice vlan security enable ● 843 Command Reference

voice vlan security enable

Purpose Use the voice vlan security enable command to enable the voice VLAN security mode.

Use the undo voice vlan security enable command to disable the voice VLAN security mode.

Syntax voice vlan security enable

undo voice vlan security enable

Parameters None

Default By default, the voice VLAN security mode is enabled.

Example Disable the voice VLAN security mode.

<S4200G> system-viewSystem View: return to User View with Ctrl+Z.[S4200G] undo voice vlan security enable


■ System view

Description In the voice VLAN security mode, the ports in a voice VLAN and with voice devices attached to can only forward voice data. Data packets with their MAC addresses not among the OUI addresses that can be identified by the system will be dropped. This mode has no effects on other VLANs.

These two commands are valid only before you enable the voice VLAN function globally.


844 ● voice vlan security enable 3Com Switch 4200G Family Command Reference

3Com Switch 4200G Family ● 845 Command Reference

NumericsCOMMANDS BY FUNCTION

Commands by Function

This section lists all commands by function.

Numerics

802.1xdisplay debugging habp 157display dot1x 171display habp 182display habp table 183display habp traffic 184dot1x 332dot1x authentication-method 334dot1x dhcp-launch 335dot1x guest-vlan 336dot1x max-user 338dot1x port-control 340dot1x port-method 342dot1x quiet-period 344dot1x retry 345dot1x retry-version-max 346dot1x timer 347dot1x version-check 349habp enable 374habp server vlan 375habp timer 376reset dot1x statistics 595smarton 671smarton password 672smarton switchid 673smarton timer 674

A

AAA and Radiusaccess-limit 14accounting 15accounting optional 19accounting-on enable 17attribute 36authentication 38authorization 42cut connection 89data-flow-format 91debugging radius 102display connection 149display domain 169display local-server statistics 229display local-user 230display radius 278display radius statistics 280display stop-accounting-buffer 307domain 330


key 421level 428local-server 431messenger 463name 476nas-ip 477primary accounting 538primary authentication 540radius nas-ip 579radius trap 583radius-scheme 580reset radius statistics 601reset stop-accounting-buffer 605retry realtime-accounting 613retry stop-accounting 615scheme 648secondary accounting 651secondary authentication 652self-service-url 654server-type 657state 717, 720stop-accounting-buffer enable 722timer 802timer quiet 803timer realtime-accounting 804timer response-timeout 806user-name-format 823vlan-assignment-mode 830

ACLacl 22description 114display acl 126display packet-filter 257display time-range 316packet-filter 506rule (Advanced ACL) 634rule (Basic ACL) 638rule (Layer 2 ACL) 641rule comment 640time-range 799

ARParp check enable 31arp static 32arp timer aging 34debugging arp packet 96display arp 128display arp count 130display arp timer aging 131gratuitous-arp learning enable 371reset arp 593

Auto-detectip route-static 418retry 612


C

Centralized MACdisplay mac-authentication 241mac-authentication 453mac-authentication authmode 455mac-authentication authpassword 456mac-authentication authusername 457mac-authentication domain 458mac-authentication timer 459

CLIcommand-privilege level 86display history-command 185super 776super password 778

Clusteradd-member 25administrator-address 27auto-build 43black-list add-mac 46black-list delete-mac 47build 55cluster 70cluster enable 71cluster switch-to 83cluster switch-to-sysname 84cluster-local-user 72cluster-mac 73cluster-mac syn-interval 74cluster-snmp-agent community 75cluster-snmp-agent group v3 77cluster-snmp-agent mib-view included 79cluster-snmp-agent usm-user v3 81delete-member 109display cluster 139display cluster base-topology 141display cluster black-list 142display cluster candidates 143display cluster current-topology 145display cluster members 147display ntdp single-device mac-address 251ftp cluster 362holdtime 381ip-pool 415logging-host 437management-vlan 460management-vlan synchronization enable 461nm-interface vlan-interface 481reboot member 585snmp-host 702tftp cluster get 793tftp cluster put 794timer 801topology accept 807topology restore-from 808


topology save-to 809tracemac 810

Configuration File Managementdisplay current-configuration 152display saved-configuration 290display startup 306display this 315reset saved-configuration 603save 643startup saved-configuration 716

D

DHCPaccounting domain 16address-check 26debugging dhcp-relay 98dhcp relay information enable 115dhcp relay information strategy 116dhcp-security static 117dhcp-server 118dhcp-server ip 119display dhcp-security 160display dhcp-server 161display dhcp-server intervace vlan-interface 163display dhcp-snooping 164, 165display dhcp-snooping trust 166, 167

DLDPdebugging DLDP 100

E

EADsecurity-policy-server 653

Ethernet Switchacl 21authentication-mode 40auto-execute command 44databits 93display user-interface 320display users 322free user-interface 359free web-users 360header 377history-command max-size 380idle-timeout 383ip http acl 414jumboframe enable 420lock 436parity 507protocol inbound 546screen-length 650send 656service-type 660set authentication password 663


shell 668snmp-agent community 676snmp-agent group 678snmp-agent usm-user 696speed 703stopbits 723sysname 780telnet 786user privilege level 824user-interface 822

F

File System Managementboot attribute-switch 48boot boot-loader 49boot boot-loader backup-attribute 51boot web-packege 53cd 59copy 87delete 105display boot-loader 132file prompt 356format 358local-user 433local-user password-display mode 435mkdir 470more 473move 474pwd 555rename 591reset recycle-bin 602rmdir 619startup bootrom-access enable 715undelete 820

FTPascii 35binary 45bye 57cd 60cdup 62close 69delete 107dir 122disconnect 125display ftp-server 176display ftp-user 177ftp 361ftp server 363ftp server enable 364ftp timeout 365get 370lcd 427ls 444mkdir 471open 504passive 508put 553


pwd 556quit 577remotehelp 588rename 592rmdir 620user 821verbose 825

G

GARP and GVRPdisplay garp statistics 178display garp timer 179display gvrp statistics 180display gvrp status 181garp timer 366garp timer leaveall 368gvrp 372gvrp registration 373reset garp statistics 596

I

IGMPdisplay igmp-snooping configuration 188display igmp-snooping group 189display igmp-snooping statistics 190display mac-address multicast static 239gmp-snooping fast-leave 386gmp-snooping max-response-time 391igmp host-join vlan 384igmp-snooping 385igmp-snooping group-limit 387igmp-snooping group-policy 388igmp-snooping host-aging-time 390igmp-snooping router-aging-time 392mac-address multicast interface vlan 449mac-address multicast vlan 450service-type multicast 662

Information Centerdisplay channel 137display info-center 191display logbuffer 232display logbuffer summary 234display trapbuffer 318info-center channel name 393info-center console channel 394info-center enable 395info-center logbuffer 396info-center monitor channel 397info-center snmp channel 398info-center source 399info-center synchronous 403info-center timestamp 404info-center trapbuffer 405reset logbuffer 599reset trapbuffer 611terminal debugging 787terminal logging 789


terminal monitor 790terminal trapping 791

L

Link Aggregationdisplay link-aggregation interface 224display link-aggregation summary 226display link-aggregation verbose 227lacp enable 423lacp port-priority 424lacp system-priority 425link-aggregation group agg-id description 429link-aggregation group agg-id mode 430port link-aggregation group 520

Loopback Detectiondisplay-loopback-detection 235

M

MAC Address Tabledisplay mac-address 236, 445display mac-address aging-time 238mac-address max-mac-count 447mac-address timer 452

Management VLANdebugging dhcp client 97description 113display bootp client 134display dhcp client 159display interface VLAN-interface 196display ip host 197display ip interface vlan-interface 198display ip routing-table 200display ip routing-table acl 201display ip routing-table ip address 204display ip routing-table ip address1 ip address2 208display ip routing-table ip-prefix 210display ip routing-table statistics 216display ip routing-table verbose 217interface VLAN-interface 409ip address 410ip address bootp-alloc 411ip address dhcp-alloc 412ip host 413shutdown 670

Mirroringdisplay mirroring-group 244mirroring group 464mirroring-group mirroring-port 465mirroring-group reflector-port 466mirroring-group remote-probe vlan 467mirroring-port 468monitor-port 472remote-probe vlan 587


MSTPactive region-configuration 24check region-configuration 63display stp 309display stp region-configuration 311instance 406region-name 586reset stp 607revision-level 617stp 724stp bpdu-protection 725stp bridge-diameter 726stp config-digest-snooping 727stp cost 729stp edged-port 730stp interface 732stp interface config-digest-snooping 734stp interface cost 736stp interface edged-port 738stp interface loop protection 740stp interface mcheck 742stp interface no-agreement-check 743stp interface point-to-point 744stp interface port priority 746stp interface root-protection 748stp interface transmit-limit 750stp loop-protection 752stp max-hops 753stp mcheck 754stp mode 755stp no-agreement-check 756stp pathcost-standard 757stp point-to-point 759stp port priority 761stp priority 762stp region-configuration 763stp root primary 764stp root secondary 767stp root-protection 766stp tc-protection 769stp timer forward-delay 771stp timer hello 773stp timer max-age 774stp timer-factor 770stp transmit-limit 775vlan-mapping modulo 832vlan-vpn tunnel 836

Multicast Protocoldisplay igmp-snooping configuration 188display igmp-snooping group 189display igmp-snooping statistics 190igmp-snooping 385igmp-snooping group-limit 387igmp-snooping group-policy 388igmp-snooping router-aging-time 392reset igmp-snooping statistics 597service-type multicast 662


N

NDPdisplay ndp 246ndp enable 478ndp timer aging 479ndp timer hello 480reset ndp statistics 600

Network Protocolarp check enable 31reset ip statistics 598

NTDPdisplay ntdp 249display ntdp device-list 250ntdp enable 482ntdp explore 483ntdp hop 484ntdp timer 485ntdp timer hop-delay 486ntdp timer port-delay 487

NTPdebugging ntp-service 101display ntp-service sessions 253display ntp-service status 255display ntp-service trace 256ntp-service access 488ntp-service authentication enable 490ntp-service authentication-keyid 491ntp-service broadcast-client 492ntp-service broadcast-server 493ntp-service in-interface disable 494ntp-service max-dynamic sessions 495ntp-service multicast-client 496ntp-service multicast-server 497ntp-service source-interface 499ntp-service unicast-peer 500ntp-service unicast-server 502

P

Password Controlpassword 509

Portam user-bind 28broadcast-suppression 54copy configuration 88description 111display am user-bind 127display brief interface 135display interface 193display isolate port 222display lacp system-id 223


display mac-address security 240display port 258display port-security 259duplex 351flow-control 357interface 408loopback-detection control enable 438loopback-detection enable 439loopback-detection interval-time 441loopback-detection per-vlan enable 442mac-address security 451mdi 462port access vlan 516port hybrid pvid vlan 517port hybrid vlan 518port isolate 519port link-type 521port trunk permit vlan 537port trunk pvid vlan 536port-security enable 522port-security intrusion-mode 523port-security max-mac-count 525port-security ntk-mode 527port-security OUI 529port-security port-mode 530port-security timer disableport 533port-security trap 534reset counters interface 594shutdown 669speed 704virtual-cable-test 826

Q

QoSapply qos-profile 29apply qos-profile interface 30display protocol-priority 262display qos cos-drop-precedence-map 263display qos cos-dscp-map 264display qos cos-local-precedence-map 265display qos dscp-cos-map 266display qos dscp-drop-precedence-map 267display qos dscp-dscp-map 268display qos dscp-local-precedence-map 269display qos-interface all 270display qos-interface priority-trust 272display qos-interface traffic-limit 273display qos-interface traffic-shape 274display qos-interface traffic-statistic 275display qos-profile 276display queue-scheduler 277packet-filter 505priority 542priority trust 543protocol-priority protocol-type 547qos cos-drop-precedence-map 557qos cos-dscp-map 559qos cos-local-precedence-map 561qos dscp-cos-map 563


qos dscp-drop-precedence-map 565qos dscp-dscp-map 567qos dscp-local-precedence-map 569qos-profile 571qos-profile port-based 572queue-scheduler 573reset traffic-limit 609reset traffic-statistic 610snmp-agent usm-user 694traffic shape 815traffic-limit 813traffic-statistic 816

R

RMONdisplay rmon alarm 282display rmon event 283display rmon eventlog 284display rmon prialarm 286display rmon statistics 287rmon alarm 621rmon event 623rmon history 624rmon prialarm 625rmon statistics 628

Routing Protocoldelete static-routes all 110display ip routing-table protocol 213display ip routing-table radix 215ip route-static 416, 418

S

SNMPdebugging snmp-agent 103display snmp-agent community 294display snmp-agent group 295display snmp-agent mib-view 296display snmp-agent statistics 298display snmp-agent sys-info 300display snmp-agent trap-list 301display snmp-agent usm-user 302enable snmp trap updown 352snmp-agent 675snmp-agent community 677snmp-agent group 680snmp-agent local-engineid 682snmp-agent log 683snmp-agent mib-view 684snmp-agent packet max-size 685snmp-agent sys-info 686snmp-agent target-host 687snmp-agent trap enable 689snmp-agent trap life 691snmp-agent trap queue-size 692snmp-agent trap source 693snmp-agent usm-user 698


SSHbye 56cd 58cdup 61dir 124display rsa local-key-pair public 288display rsa peer-public-key 289display ssh server 303display ssh server-info 304display ssh user-information 305exit 355get 369help 379ls 443, 444mkdir 469, 471peer-public-key end 511protocol inbound 545public-key-code begin 548, 549public-key-code end 550, 551put 552pwd 554quit 575, 576remove 589rename 590rmdir 618rsa local-key-pair create 629rsa local-key-pair destroy 631rsa peer-public-key 632, 633sftp 664sftp server enable 666sftp time-out 667ssh client assign rsa-key 705ssh client first-time enable 706ssh server authentication-retries 707ssh server timeout 708ssh user assign rsa-key 709ssh user authentication-type 710ssh user service-type 712ssh2 713

Static Routedelete static-routes all 110ip route-static 416

System Accessfree user-interface 359return 616service-type 658

System Maintenanceboot boot-loader 50boot bootrom 52clock datetime 65clock summer-time 66clock timezone 68debugging 95display boot-loader 133


display clock 138display cpu 151display device 158display diagnostic-information 168display fib 175display icmp statistics 186display ip socket 218display ip statistics 220display memory 243display schedule reboot 292display tcp statistics 312display tcp status 314display users 323display version 324language-mode 426ping 512quit 578reboot 584reset tcp statistics 608schedule reboot at 645schedule reboot delay 647sysname 781system-view 782tcp timer fin-timeout 783tcp timer syn-timeout 784tcp window 785terminal debugging 788tracert 811

System Managementdebugging 94, 95debugging ntp-service 101display cpu 292display rmon history 285display rmon prialarm 286display snmp-agent 293end-station polling ip-address 353execute 354mac-address max-mac-count 448snmp-agent usm-user 700

T

TFTPtftp get 795tftp put 796tftp-server 797

U

UDP Helperdebugging udp-helper 104display udp-helper server 319udp-helper enable 817udp-helper port 818udp-helper server 819

V

VLANdescription 112


display vlan 326name 475port 515vlan 828

VLAN-VPNdisplay port vlan-vpn 261vlan-vpn enable 834vlan-vpn tpid 835vlan-vpn uplink enable 837

Voice VLANdisplay vlan 325display voice vlan oui 328display voice vlan status 329voice vlan 838voice vlan aging 839voice vlan enable 840voice vlan mac-address 841voice vlan mode 842voice vlan security enable 843

Copyright © 2006-2007, 3Com Corporation. All rights reserved.

3COM SWITCH 4200G FAMILY QUICK REFERENCE GUIDE

Overview

This Command Reference applies to the following Switch 4200G models:

About the Command Line Interface

To use and navigate the command line interface of your unit, please refer to the following points for assistance:

■ When initially accessing the command line interface, press Enter when prompted. The User View menu for the unit displays. This is indicated by the chevron brackets around the name of the unit at the prompt, for example, <sw4200G>.

■ When in the System View menu, square brackets appear around the name of the unit at the prompt, for example, [sw4200G].

■ You must be in the System View menu to access the configurable CLI commands.

■ Some commands can be entered directly at any prompt from anywhere in the interface.

■ If you enter part of a command followed by a ? (with no space between), the CLI will show you all the commands that begin in that way.

■ The term ‘view’ may be used interchangeably with the term ‘menu’.

■ The undo command is placed before the command you wish to undo, for example, undo setauthentication password.

■ <CTRL-A> places the cursor back to the start of the command line.

■ Enter the first few characters of a command and press TAB to enter the full command without having to input the entire command (where there is only one command that starts with the entered characters).

■ Use the Up Arrow key at the prompt to repeat the previous command string.

■ Use the Delete key to delete the character after the cursor; the Backspace key deletes the character before the cursor.

■ When entering physical port numbers, Enter the port number as x/0/z, where x is the unit number and z is the physical port number.

Switch 4200G 12-Port (3CR17660-91)

Switch 4200G 24-Port (3CR17661-91)

Switch 4200G 48-Port FX (3CR17662-91)

Switch 4200G 1-Port 10Gigabit Module (XFP) (3C17666)

www.3Com.com Part Number: 10014917 Rev. AC Published: February 2007

2 3Com Switch 4200G Family Command Reference

Displaying Command Parameters

At the prompt, enter the name of the command followed by a space and ?. For example:

<sw4200G>boot ?

The following parameters are displayed:

attribute-switch Exchange the file main-attribute and backup-attribute.

boot-loader Select a file to boot at the next time

bootrom Update Bootrom

web-package Set web resource package

To specify boot loader, enter the command as follows:

<sw4200G>boot boot-loader ?

You only need to enter ? if parameters exist for the command.

Displaying Parent Menus

At the prompt, enter quit.

Displaying the User View Menu

Press <CTRL-Z>.

Obtaining Help

At the prompt, enter ?.

Further InformationFor further information about how to use the command line interface, refer to the Command Reference Guide and the Configuration Guide, which are both available as PDF documents on the CD that accompanied the unit.

Commands

access-limit

Use the access-limit command to set the maximum number of access users that can be contained in current ISP domain.

ISP Domain view

accounting

Use the accounting command to configure an accounting scheme for the current ISP domain.ISP Domain view

accounting domain

Use the accounting domain command to enable the DHCP accounting function.DHCP Address Pool view

accounting-on enable

Use the accounting-on enable command to enable user re-authentication upon device restart function.RADIUS Scheme view

accounting optional

Use the accounting optional command to open the accounting-optional switch.ISP Domain view

RADIUS Scheme view

3Com Switch 4200G Family 3 Command Reference

acl

Use the acl command to reference ACL and implement the ACL control to the TELNET users.User Interface view

acl

Use the acl command to define an ACL identified by a number, and enter the corresponding ACL View.System view

active region-configuration

Use the active region-configuration command to activate the settings of an MST (multiple spanning tree) region.

MST Region view

add-member

Use the add-member command to add a candidate device to a cluster.Cluster view

address-check

Use the address-check command to enable or disable DHCP relay security on a VLAN interface, so as to start or stop the validity check on user addresses under the VLAN interface.

VLAN Interface view

administrator-address

Use the administrator-address command to store the MAC address of the management device on a member device.

Cluster view

am user-bind

Use the am user-bind command to bind the MAC and IP addresses of a legal user to a specified port.System view

Ethernet Port view

apply qos-profile

Use the apply qos-profile command to manually apply the QoS profile to the current port.Ethernet Port view

apply qos-profile interface

Use the apply qos-profile interface command to manually apply a QoS profile to one or more consecutive ports.

System view

arp check enable

Use the arp check enable command to enable the ARP entry checking function, that is, to disable a switch from creating multicast MAC address ARP entries for MAC addresses learned.

System view

arp static

Use the arp static command to configure the static ARP mapping entries in the ARP mapping table.System view

arp timer aging

Use the arp timer aging command to configure the aging time for dynamic ARP mapping entries.System view

ascii

Use the ascii command to configure data transmission mode as ASCII mode.FTP Client view

attribute

Use the attribute command to configure attributes of a user whose service type is lan-access.Local User view

authentication

Use the authentication command to configure an authentication scheme for the current ISP domain.ISP Domain view

authentication-mode

Use the command authentication-mode to specify the authentication mode.User Interface view

authorization

Use the authorization none command to allow users in the current ISP domain to use network services without being authorized.

ISP Domain view


auto-build

Use the auto-build command to create a cluster automatically.Cluster view

auto-execute command

Use the auto-execute command command to set the command that is executed automatically after a user logs in.

User Interface view

binary

Use the binary command to specify that files be transferred in binary mode. That is, data is transferred in binary streams.

FTP Client view

black-list add-mac

Use the black-list add-mac command to add a device into the blacklist.Cluster view

black-list delete-mac

Use the black-list delete-mac command to delete a device from the blacklist.Cluster view

boot attribute-switch

Use the boot attribute-switch command to switch between the main and backup attribute for all the files or a specified type of files. This changes a file with the main attribute to one with the backup attribute, or vice versa.

User view

boot boot-loader

Use the boot boot-loader command to configure an app file to be of the main attribute. The app file specified by this command becomes the main startup file when the device starts the next time.

User view

boot boot-loader

Use the boot boot-loader command to specify the host software that will be adopted when the current switch or a specified switch in the fabric reboots next time.

User view

boot boot-loader backup-attribute

Use the boot boot-loader backup-attribute command to configure an app file to be of the backup attribute.

User view

boot bootrom

Use the boot bootrom command to update the BootROM.User view

boot web-package

Use the boot web-package command to configure a Web file to be of the main or backup attribute.User view

broadcast-suppression

Use the broadcast-suppression command to define the broadcast traffic ratio allowed on one port or each of the ports.

System view

build

Use the build command to configure a cluster with the current switch as the management device. Argument name specifies the name of the cluster.

Cluster view

bye

Use the bye command to terminate the connection to the remote SFTP server and return to system view.SFTP Client view

bye

Use the bye command to terminate the control connection and data connection with the remote FTP server and quit to user view.

FTP Client view

cd

Use the cd command to change the current path on the remote SFTP server.SFTP Client view


cd

Use the cd command to enter a specified directory on the Ethernet switch.User view

cd

Use the cd command to change the work path on the remote FTP server.FTP Client view

cdup

Use the cdup command to return to the upper directory.SFTP Client view

cdup

Use the cdup command to enter the parent directory.FTP Client view

check region-configuration

Use the check region-configuration command to display the configurations of the MST regions that are not activated.

MST Region view

clock datetime

Use the clock datetime command to set the current system time and date. User view

clock summer-time

Use the clock summer-time command to set the name, time range, and offset of the daylight saving time.User view

clock timezone

Use the clock timezone command to set local time zone information.User view

close

Use the close command to terminate an FTP connection without quitting FTP client view.FTP Client view

cluster

Use the cluster command to enter cluster view.System view

cluster enable

Use the cluster enable command to enable the cluster function on a switch.System view

cluster-local-user

Use the cluster-local-user command to configure a Web username and password for all cluster members.

Cluster view

cluster-mac

Use the cluster-mac command to configure a multicast MAC address for cluster management. Run this command only on the management device only.

Cluster view

cluster-mac syn-interval

Use the cluster-mac syn-interval command to set the interval for the management device to send multicast packets. This command can be executed on the management device only.

Cluster view

cluster-snmp-agent community

Use the cluster-snmp-agent community command to configure a SNMP community for a cluster to enable SNMP access.

Cluster view

cluster-snmp-agent group v3

Use the cluster-snmp-agent group command to configure a SNMP group for a cluster to map SNMP users to the SNMP view.

Cluster view

cluster-snmp-agent mib-view included

Use the cluster-snmp-agent mib-view command to create or update the information about the MIB view configured for a cluster.

Cluster view


cluster-snmp-agent usm-user v3

Use the cluster-snmp-agent usm-user v3 command to add an account to the SNMPV3 group configured for a cluster.

Cluster view

cluster switch-to

Use the cluster switch-to command to switch between the management device and member devices for configuration and management.

User view

cluster switch-to sysname

Use the cluster switch-to sysname command to switch between the master device and a member device.

User view

command-privilege level

Use the command-privilege level command to set the level of the specified command in a specified view.System view

copy

Use the copy command to copy a file.User view

copy configuration

Use the copy configuration command to copy the configuration of a specific port to other ports, to ensure consistent configuration.

System view

cut connection

Use the cut connection command to cut the connection a user or a category of users by force.System view

data-flow-format

Use the data-flow-format command to set the units of measure for the data flow sent to the RADIUS Server.

RADIUS Scheme view

databits

Use the databits command to set the databits for the user interface.User Interface view

debugging

Use the debugging command to enable the system debugging.User view

debugging

Use the debugging command to enable the system debugging.User view

debugging arp packet

Use the debugging arp packet command to enable ARP debugging.User view

debugging dhcp client

Use the debugging dhcp client command to enable debugging for the DHCP client/BOOTP client.User view

debugging dhcp-relay

Use the debugging dhcp-relay command to enable DHCP relay debugging.User view

debugging DLDP

Use the debugging dldp command to enable specific debugging for DLDP on all ports with DLDP enabled.User view

debugging ntp-service

Use the debugging ntp-service command to debug different NTP (network time protocol) services.User view

debugging radius

Use the debugging radius command to enable the debugging for RADIUS protocol.User view

debugging snmp-agent

Use the debugging snmp-agent command to enable SNMP Agent debugging.User view


debugging udp-helper

Use the debugging udp-helper command to enable UDP Helper debugging.User view

delete

Use the delete command to delete a specified file stored on a switch.User view

delete

Use the delete command to delete the specified file from the server.SFTP Client view

delete

Use the delete command to delete the specified remote file.FTP Client view

delete-member

Use the delete-member command to remove a member device from the cluster.Cluster view

delete static-routes all

Use the delete static-routes all command to delete all the static routes.System view

description

Use the description command to enter a description of an Ethernet port.Ethernet Port view

description

Use the description command to assign a description string for the VLAN.

Use the undo description command to restore the default description string.VLAN view

description

Use the description command to assign a description string to a VLAN or a VLAN interface.VLAN view

VLAN Interface view

description

Use the description command to define the description information of an ACL to describe the specific purpose of the ACL.

Basic ACL viewAdvanced ACL view

Layer 2 ACL view

dhcp relay information enable

Use the dhcp relay information enable command to enable option 82 supporting on a DHCP relay, through which you can enable the DHCP relay to insert option 82 into DHCP request packets sent to a DHCP server.

System view

dhcp relay information strategy

Use the dhcp relay information strategy command to instruct a DHCP relay to perform specified operations to DHCP request packets that carry option 82.

System view

dhcp-security static

Use the dhcp-security static command to configure a static user address entry.System view

dhcp-server

Use the dhcp-server command to map the current VLAN interface to a DHCP server group.VLAN Interface view

dhcp-server ip

Use the dhcp-server ip command to configure the DHCP server IP address(es) in a specified DHCP server group.

System view

dir

Use the dir command to display the information about the specified files or directories on a switch.User view


dir

Use the dir command to query specified files.FTP Client view

dir

Use the dir command to display the files in the specified directory.SFTP Client view

disconnect

Use the disconnect command to terminate a FTP connection without quitting FTP client view.FTP Client view

display acl

Use the display acl command to view the detailed configuration information of an ACL, including each rule and its number as well as the number and size in bytes of the data packets that match the statement.

Any view

display am user-bind

Use the display am command to view whether address management is enabled and to display IP address pool configuration.

Any view

display arp

Use the display arp command to display the ARP mapping table entries by entry type, or by a specified IP address.

Any view

display arp count

Use the display arp count command to display the number of the specified type of ARP mapping entries.Any view

display arp timer aging

Use the display arp timer aging command to view the current setting of the dynamic ARP aging timer.Any view

display boot-loader

Use the display boot-loader command to display the information about the app startup files of a switch, including the current app startup file name, the main and backup app startup files to be used when the switch starts the next time.

Any view

display boot-loader

Use the display boot-loader command to display the host software (.bin file) that will be adopted when the switch reboots.

Any view

display bootp client

Use the display bootp client command to display BOOTP client-related information, including the MAC address of the BOOTP client and the IP address obtained.

Any view

display brief interface

Use the display brief interface command to display the configuration information about one specific or all ports in brief, including the port type, connection state, connection rate, duplex attribute, link type and default VLAN ID.

Any view

display channel

Use the display channel command to display the details about the information channel.Any view

display clock

Use the display clock command to display the current date and time of the system, so that you can adjust them if they are wrong.

Any view

display cluster

Use the display cluster command to display the state and basic configuration information of the cluster that contains the current switch.

Any view

display cluster base-topology

Use the display cluster topology command to display the standard topology view of the cluster.Any view


display cluster black-list

Use the display cluster black-list command to display the current blacklist of the cluster.Any view

display cluster candidates

Use the display cluster candidates command to display candidate devices of a cluster.Any view

display cluster current-topology

Use the display cluster current topology command to display the current topology view or the topology path between two points.

Any view

display cluster members

Use the display cluster members command to display the information about cluster members.Any view

display connection

Use the display connection command to view the information for a specified connection type.Any view

display cpu

Use the display cpu command to display CPU usage of a specified switch.Any view

display current-configuration

Use the display current-configuration command to display the current configuration of a switch.Any view

display debugging

Use the display debugging command to display the enabled debugging on a specified device.Any view

display debugging habp

Use the display debugging habp command to display the state of HABP debugging.Any view

display device

Use the display device command to display the information, such as the module type and operating status, about each board (main board and sub-board) of a specified switch.

Any view

display dhcp client

Use the display dhcp client command to display the DHCP client-related information.Any view

display dhcp-security

Use the display dhcp-security command to display one or all user address entries, or a specified type of user address entries in the valid user address table of a DHCP server group.

Any view

display dhcp-server

Use the display dhcp-server command to display information about a specified DHCP server group.Any view

display dhcp-server interface vlan-interface

Use the display dhcp-server interface vlan-interface command to display information about the DHCP server group to which a VLAN interface is mapped.

Any view


Use the display dhcp-snooping command to display the user IP-MAC address mapping entries recorded by the DHCP snooping function.

Any view


Use the display dhcp-snooping command to display the correspondence between user IP addresses and MAC addresses recorded by the DHCP snooping function.

Any view


Use the display dhcp-snooping trust command to display the (enabled/disabled) state of the DHCP snooping function and the trusted ports.

Any view



Use the display dhcp-snooping trust command to display the DHCP-Snooping state and information on trusted ports.

Any view

display diagnostic-information

Use the display diagnostic-information command to display the system diagnostic information, or save the system diagnostic information to a file (with a suffix of "diag") in the flash memory.

Any view

display domain

Use the display domain command to view the configuration information of a specified ISP domain or display the summary information of all ISP domains.

Any view

display dot1x

Use the display dot1x command to view the relevant information of 802.1x.Any view

display fib

Use the display fib command to view the summary of the forwarding information base.Any view

display ftp-server

Use the display ftp-server command to display the FTP server-related settings of a switch when it operates as an FTP server.

You can use this command to verify FTP server-related configurations.Any view

display ftp-user

Use the display ftp-user command to display the settings of the current FTP user, including the user name, host IP address, port number, connection idle time, and authorized directory.

Any view

display garp statistics

Use the display garp statistics command to display the GARP statistics on specified (or all) ports.Any view

display garp timer

Use the display garp timer command to display the values of the GARP timers on specified or all ports.Any view

display gvrp statistics

Use the display gvrp statistics command to display the GVRP statistics about specified (or all) Trunk ports.

Any view

display gvrp status

Use the display gvrp status command to display the enable/disable status of global GVRP.Any view

display habp

Use the display habp command to display HABP configuration and status information.Any view

display habp table

Use the display habp table command to display the MAC address table maintained by HABP.Any view

display habp traffic

Use the display habp traffic command to display statistics on HABP packets.Any view

display history-command

Use the display history-command command to display history commands.Any view

display icmp statistics

Use the display icmp statistics command to view the statistics information about ICMP packets.Any view

display igmp-snooping configuration

Use the display igmp-snooping configuration command to display the configuration information about IGMP Snooping.

Any view


display igmp-snooping group

Use the display igmp-snooping group command to display information about the IP and MAC multicast groups under one VLAN (with vlan vlan-id) or all VLANs (without vlan vlan-id).

Any view

display igmp-snooping statistics

Use the display igmp-snooping statistics command to display the message statistics about IGMP Snooping.

Any view

display info-center

Use the display info-center command to display system log settings and memory buffer record statistics.Any view

display interface

Use the display interface command to view the configuration information on the selected interface.Any view

display interface VLAN-interface

Use the display interface vlan-interface command to display the information about the management VLAN interface, including the physical and link status, the format of the sent frames, the MAC address, IP address (and subnet mask), description string and MTU (maximum transmit unit) of the management VLAN.

Any view

display ip host

Use the display ip host command to display all host names and their corresponding IP addresses.Any view

display ip interface vlan-interface

Use the display ip interface vlan-interface command to view information on the specified interface.Any view

display ip routing-table

Use the display ip routing-table command to display the summary information about the routing table.Any view

display ip routing-table acl

Use the display ip routing-table acl command to display the routes permitted by the specified basic ACL.

Any view.

display ip routing-table ip-address

Use the display ip routing-table ip-address command to display the information about the routes leading to the destination.

Any view

display ip routing-table ip-address1 ip-address2

Use the display ip routing-table ip-address1 ip-address2 command to display the information about the routes with their destinations within the specified destination IP address range.

Any view

display ip routing-table ip-prefix

Use the display ip routing-table ip-prefix command to display the information about the routes matching a specified IP prefix list.

Any view

display ip routing-table protocol

Use the display ip routing-table protocol command to display the information about specific routes.Any view

display ip routing-table radix

Use the display ip routing-table radix command to view the route information in a hierarchical (tree) structure.

Any view

display ip routing-table statistics

Use the display ip routing-table statistics command to display the statistics of a routing table. Any view

display ip routing-table verbose

Use the display ip routing-table verbose command to display the detailed information about a routing table.

Any view


display ip socket

Use the display ip socket command to display the information about the sockets in the current system.Any view

display ip statistics

Use the display ip statistics command to view the statistics information about IP packets.Any view

display isolate port

Use the display isolate port command to display the information about the Ethernet ports added to an isolation group.

Any view

display lacp system-id

Use the display lacp system-id command to view actor system ID, including system priority and system MAC address.

Any view

display link-aggregation interface

Use the display link-aggregation interface command to display the link aggregation details about a specified port or port range.

Any view

Use the display link-aggregation interface command to display the link aggregation details about a specified port or port range, including:

display link-aggregation summary

Use the display link-aggregation summary command to display summary information of all aggregation groups, including device ID of the local end, aggregation group ID, aggregation group type, device ID of the remote end, number of the selected ports, number of the unselected ports, load sharing type and master port number.

Any view

display link-aggregation verbose

Use the display link-aggregation verbose command to display the details about a specified aggregation group.

Any view

display local-server statistics

Use the display local-server statistics command to view the statistics of all local RADIUS authentication server.

Any view

display local-user

Use the display local-user command to view information about all the local users or the specified one(s).

Any view

display logbuffer

Use the display logbuffer command to display the status of the log buffer and the records in the log buffer.

Any view

display logbuffer summary

Use the display logbuffer summary command to display the summary of the log buffer.Any view

display-loopback-detection

Use the display loopback-detection command to display the loopback detection status on the port.Any view

display mac-address

Use the display mac-address command to display MAC address table information. Any view

display mac-address aging-time

Use the display mac-address aging-time command to display the aging time of the dynamic entry in the MAC address table.

Any view

display mac-address multicast static

Use the display mac-address multicast static command to display the multicast MAC address entries manually configured on the switch, with each entry containing the following information: multicast MAC address, VLAN ID, MAC address state, port number(s), and aging time of each port.

Any view


display mac-address security

Use the display mac-address security command to display the information about Security MAC address.Any view

display mac-authentication

Use the display mac-authentication command to display global information about centralized MAC address authentication

Any view

display memory

Use the display memory command to display the memory usage of a specified switch.Any view

display mirroring-group

Use the display mirroring-group command to display the parameter settings of a port mirroring group.Any view

display ndp

Use the display ndp command to display global NDP configuration information, including the interval to send NDP packets, the holdtime of NDP information, and the information about the neighbors of all the ports.

Any view

display ntdp

Use the display ntdp command to display the global NTDP information. The information includes the range (in hop count) within which topology information is collected, the interval to collect topology information (the NTDP timer), the delay time for a device to forward topology-collection requests, the delay time for a topology-collection request to be forwarded through a port, and the time cost during the last topology collection.

Any view

display ntdp device-list

Use the display ntdp device-list command to display the device information collected through NTDP.Any view

display ntdp single-device mac-address

Use the display ntdp single-device mac-address h-h-h command to display the information about a specific device in detail.

Cluster view

display ntp-service sessions

Use the display ntp-service sessions command to display the status of all the sessions maintained by NTP (Network Time Protocol) service provided by the local equipment.

Any view

display ntp-service status

Use the command display ntp-service status to display the NTP service status.Any view.

display ntp-service trace

Use the display ntp-service trace command to display the brief information of each NTP time server along the time synchronization chain from the local device to the reference clock source.

Any view

display packet-filter

Use the display packet-filter command to view the application information of packet filtering, including the ACL name, rule names, and application status.

Any view

display port

Use the display port command to display all current ports with their type indicated.Any view

display port-security

Use the display port-security command to display the information about port security configuration (including global configuration and all or specific port configuration).

Any view

display port vlan-vpn

Use the display port vlan-vpn command to display the information about the VLAN VPN configuration of the current system, including current TPID value, VLAN-VPN ports, and VLAN-VPN uplink ports.

Any view


display protocol-priority

Use the display protocol-priority command to display the priority of protocol packets.Any view

display qos cos-drop-precedence-map

Use the display qos cos-drop-precedence-map command to display the "COS->Drop-precedence" mapping relationship.

Any view

display qos cos-dscp-map

Use the display qos cos-dscp-map command to display the "COS->DSCP" mapping relationship.Any view

display qos cos-local-precedence-map

Use the display qos cos-local-precedence-map command to view the COS–>Local-precedence map.Any view

display qos dscp-cos-map

Use the display qos dscp-cos-map command to display the "DSCP->802.1 priority" mapping relationship.Any view

display qos dscp-drop-precedence-map

Use the display qos dscp-drop-precedence-map command to display the "DSCP->Drop-precedence" mapping relationship.

Any view

display qos dscp-dscp-map

Use the display qos dscp-cos-map command to display the "DSCP->DSCP" mapping relationship.Any view

display qos dscp-local-precedence-map

Use the display qos dscp-local-precedence-map command to display the "DSCP->Local-precedence" mapping relationship.

Any view

display qos-interface all

Use the display qos-interface all command to display all the QoS settings of the port.Any view

display qos-interface priority-trust

Use the display qos-interface priority-trust command to display the precedence mapping mode of the switch.

Any view

display qos-interface traffic-limit

Use the display qos-interface traffic-limit command to view the traffic limit settings.Any view

display qos-interface traffic-shape

Use the display qos-interface traffic-shape command to view the parameter configurations of traffic shaping on the port.

Any view

display qos-interface traffic-statistic

Use the display qos-interface traffic-statistic command to view the traffic statistics.Any view

display qos-profile

Use the display qos-profile command to view the configurations of the QoS profile.Any view

display queue-scheduler

Use the display queue-scheduler command to view queue scheduling mode and corresponding parameters.

Any view

display radius

Use the display radius command to view the configuration information about all RADIUS schemes or a specified scheme.

Any view

display radius statistics

Use the display radius statistics command to view the statistics information about RADIUS packet.Any view


display rmon alarm

Use the display rmon alarm command to display the configuration of a specified alarm entry or all the alarm entries.

Any view

display rmon event

Use the display rmon event command to display the configuration of a specified event entry or all the event entries.

Any view

display rmon eventlog

Use the display rmon eventlog command to display the log of a specified event entry or all the event entries.

Any view

display rmon history

Use the display rmon history command to display the RMON history information about a specified port. The information about the latest sample, including utilization, the number of errors, the total number of packets and so on, is also displayed.

Any view

display rmon prialarm

Use the display rmon prialarm command to display the configuration of a specified extended alarm entry or all the extended alarm entries.

Any view

display rmon statistics

Use the display rmon statistics command to display the RMON statistics of a specified port.Any view

display rsa local-key-pair public

Use the display rsa local-key-pair public command to display the public key of the server host key pair. If no key pair is generated, the system prompts “%RSA keys not found”.

Any view

display rsa peer-public-key

Use the display rsa peer-public-key command to display the client public key of the specified RSA key pair. If no key name is specified, the command displays all public keys of the client

Any view

display saved-configuration

Use the display saved-configuration command to display the content of the main configuration file in the flash memory of a switch.

Any view

display schedule reboot

Use the display schedule reboot command to display information about scheduled reboot.Any view

display snmp-agent

Use the display snmp-agent command to view engine ID of the local or remote SNMP entity.Any view

display snmp-agent community

Use the display snmp-agent community command to view the information about the currently configured community names for SNMPv1 or SNMPv2c.

Any view

display snmp-agent group

Use the display snmp-agent group command to view group name, security model, state of various views and storage models.

Any view

display snmp-agent mib-view

The display snmp-agent mib-view command is used to view the MIB view configuration information of the current Ethernet switch.

Any view

display snmp-agent statistics

Use the display snmp-agent statistics command to view the statistics information about SNMP packets.

Any view


display snmp-agent sys-info

Use the display snmp-agent sys-info command to view the system information of SNMP configuration.Any view

display snmp-agent trap-list

Use the display snmp-agent trap-list command to display trap list information.Any view

display snmp-agent usm-user

Use the display snmp-agent usm-user command to view SNMP user information.Any view

display ssh server

Use the display ssh server command to display the status or session information about the SSH serverAny view

display ssh server-info

Use the display ssh server-info command to display the association between the server public keys configured on the client and the servers.

Any view

display ssh user-information

Use the display ssh user-information command to display information about the current SSH users, including user name, authentication mode, key name and authorized service types. If the username is specified, the command displays information about the specified user.

Any view

display startup

Use the display startup command to display the startup configuration of a switch, including the name of the current startup configuration file, the names of the main startup configuration file, and backup startup configuration file to be used when the switch starts the next time, and so on.

Any view

display stop-accounting-buffer

Use the display stop-accounting-buffer command to view the no-response stop-accounting request packets buffered in the device.

Any views

display stp

Use the display stp command to display the state and statistical information about one or all spanning trees.

Any view

display stp region-configuration

Use the display stp region-configuration command to display the MST region configuration.Any view

display tcp statistics

Use the display tcp statistics command to view the statistics information about TCP packets.Any view

display tcp status

Use the display tcp status command to view the TCP connection state.Any view

display this

Use the display this command to display the current configuration performed in the current view of the system.

Any view

display time-range

Use the display time-range command to view the configuration and status of the current time range. You will see the active or inactive state outputs respectively.

Any view

display trapbuffer

Use the display trapbuffer command to display the status of the trap buffer and the records in the trap buffer.

Any view

display udp-helper server

Use the display udp-helper server command to view the information of destination Helper server corresponding to the VLAN interface.

Any view


display user-interface

Use the display user-interface command to view information on a user interface.Any view

display users

Use the display users command to display the information about user interfaces. If you do not specify the all keyword, only the information about the current user interface is displayed.

Any view

display users

Use the display users command to display the status and configuration information about user terminal interfaces. Use the display users all command to view the information on all user terminal interfaces.

Any view

display version

Use the display version command to view the software version, issue date and the basic hardware configuration information.

Any view

display vlan

Use the display vlan command to display the ports operating in the manual/automatic mode in the current voice VLAN.

Any view

display vlan

Use the display vlan command to view related information about specified VLANs or all VLANs.Any view

display voice vlan oui

Use the display voice vlan oui command to display the currently supported OUI addresses and the related information.

Any view

display voice vlan status

Use the display voice vlan status command to display voice VLAN-related information, including voice VLAN operation mode, port mode (manual mode or automatic mode), and so on.

Any view

domain

Use the domain command to create an ISP domain and enter its view, or enter the view of an existing ISP domain, or configure the default ISP domain.

System view

dot1x

Use the dot1x command to enable 802.1x on the specified port or globally, (that is on the current device).System view

Ethernet Port view

dot1x authentication-method

Use the dot1x authentication-method command to set 802.1x authentication mode.System view

dot1x dhcp-launch

Use the dot1x dhcp-launch command to specify an 802.1x-enabled switch to launch the process to authenticate a supplicant system when the supplicant system applies for a dynamic IP address through DHCP.

System view

dot1x guest-vlan

Use the dot1x guest-vlan command to enable the Guest VLAN function for specified ports.System view

Ethernet Port view

dot1x max-user

Use the dot1x max-user command to set the maximum number of systems an Ethernet port can accommodate.

System viewEthernet Port view

dot1x port-control

Use the dot1x port-control command to specify the access control method for specified Ethernet ports.System view

Ethernet Port view


dot1x port-method

Use the dot1x port-method command to specify the access control method for specified Ethernet ports.Ethernet Port view

dot1x quiet-period

Use the dot1x quiet-period command to enable the quiet-period timer.System view

dot1x retry

Use the dot1x retry command to specify the maximum number of times a switch can transmit the authentication request frame to supplicant systems.

System view

dot1x retry-version-max

Use the dot1x retry-version-max command to set the maximum number of retries for a switch to send version request packets to an online supplicant system.

System view

dot1x timer

Use the dot1x timer command to set the 802.1x timers.System view

dot1x version-check

Use the dot1x version-check command to enable 802.1x client version checking for specified Ethernet ports.


duplex

Use the duplex command to set the port duplex attribute.Ethernet Port view

enable snmp trap updown

Use the enable snmp trap updown command to enable the port to send LINK UP and LINK DOWN Trap information.

System view

end-station polling ip-address

Use the end-station polling ip-address command to configure the IP address requiring periodic testing.System view

execute

Use the execute command to execute the specified batch file.System view

exit

Use the exit command to terminate the connection to the remote SFTP server and return to system view.

This command has the same function as the bye and quit commands.SFTP Client view

file prompt

Use the file prompt command to modify the prompt mode of file operations on the Switch. System view

flow-control

Use the flow-control command to enable port flow control, to avoid packet loss in the event of network congestion.

Ethernet Port view

format

Use the format command to format a storage device.User view

free user-interface

Use the free user-interface command to reset a specified user interface to its default settings. The user interface will be disconnected after the reset.

User view

free web-users

Use the free web-users command to disconnect a specified Web user or all Web users by force.User view

ftp

Use the ftp command to establish a control connection with an FTP server and enter FTP client view.User view


ftp cluster

Use the ftp cluster command to establish a control connection with a cluster FTP server. This command also leads you to FTP client view.

User view

ftp server

Use the ftp server command to configure an FTP server on the management device for the member devices in the cluster.

Use the undo ftp server command to remove the FTP server configured for the member devices in the cluster.

System view

ftp server enable

Use the ftp server enable command to enable FTP server and allow FTP users to log in.System view

ftp timeout

Use the ftp timeout command to configure connection timeout interval.System view

garp timer

Use the garp timer command to set the GARP Hold, Join or Leaver timer value on the current port.Ethernet Port view

garp timer leaveall

Use the garp timer leaveall command to set the GARP LeaveAll timer to a specified value.System view

get

Use the get command to download a remote file and save the file to the local device.SFTP Client view

get

Use the get command to download a remote file and save it as a local file.FTP Client view

gratuitous-arp learning enable

Use the gratuitous-arp-learning enable command to enable the gratuitous ARP packet learning function.

System view

gvrp

Use the gvrp command to enable GVRP globally (in system view) or on a port (in Ethernet port view).System view

Ethernet Port view

gvrp registration

Use the gvrp registration command to configure the GVRP registration type on a port.Ethernet Port view

habp enable

Use the habp enable command to enable HABP for a switch.System view

habp server vlan

Use the habp server vlan command to configure a switch to operate as an HABP server and HABP packets to be broadcast in specified VLAN.

System view

habp timer

Use the habp timer command to set the interval for a switch to send HABP request packets.System view

header

Use the header command to set the banners that are displayed when a user logs into a switch. The login banner is displayed on the terminal when the connection is established. And the session banner is displayed on the terminal if a user successfully logs in.

System view

help

Use the help command to get the help information about the specified or all SFTP client commands.SFTP Client view


history-command max-size

Use the history-command max-size command to set the size of the history command buffer.User Interface view

holdtime

Use the holdtime command to configure the holdtime of a switch.Cluster view

idle-cut

Use the idle-cut command to set the user idle-cut function in current ISP domain.ISP Domain view

idle-timeout

Use the idle-timeout command to configure the amount of time you want to allow a user interface to remain idle before it is disconnected.

User Interface view

igmp host-join vlan

Use the igmp host-join vlan command to configure a routing port to join to a multicast group.Ethernet Port view

igmp-snooping

Use the igmp-snooping command to enable or disable the IGMP Snooping.System view

VLAN view

igmp-snooping fast-leave

Use the igmp-snooping fast-leave command to enable IGMP fast leave processing.Ethernet Port view

igmp-snooping group-limit

Use the igmp-snooping group-limit command to set the maximum number of multicast groups the port can join.

Ethernet Port view

igmp-snooping group-policy

Use the igmp-snooping group-policy command to configure an IGMP Snooping filter ACL.System view

Ethernet Port view

igmp-snooping host-aging-time

Use the igmp-snooping host-aging-time command to set the aging time of multicast member ports.System view

igmp-snooping max-response-time

Use the igmp-snooping max-response-time command to configure the maximum query response time.System view

igmp-snooping router-aging-time

Use the igmp-snooping router-aging-time command to configure the aging time of the router port.System view

info-center channel name

Use the info-center channel name command to name the channel of the specified number.System view

info-center console channel

Use the info-center console channel command to enable information output to the console through a specified channel.

System view

info-center enable

Use the info-center enable command to enable the information center.System view

info-center logbuffer

Use the info-center logbuffer command to enable information output to the log buffer through the specified channel (you can also set the size of the log buffer in this command).

System view

info-center monitor channel

Use the info-center monitor channel command to enable information output to terminals through a specified channel.

System view


info-center snmp channel

Use the info-center snmp channel command to enable information output to the SNMP through a specified channel.

System view

info-center source

Use the info-center source command to add a record (that is, an information source) to an information channel.

System view

info-center synchronous

Use the info-center synchronous command to enable synchronous terminal output.System view

Use the info-center synchronous command to enable synchronous terminal output, so that if system information (such as log information) is output when the user is inputting, the command prompt and input information are echoed after the output (note that, the command prompt is echoed in command edit state but is not echoed in interactive state).

info-center timestamp

Use the info-center timestamp command to set the format of time stamp included in the log/trap/debug information or specify not to include time stamp in the information.

System view

info-center trapbuffer

Use the info-center trapbuffer command to enable information output to the trap buffer.System view

instance

Use the instance command to map specified VLANs to a specified spanning tree instance.MST Region view

interface

Use the command interface command to enter Ethernet port view. To configure parameters for a port, you must enter the port view first.

System view

interface VLAN-interface

Use the interface vlan-interface command to create a management VLAN interface and enter management VLAN interface view.

System view

ip address

Use the ip address command to assign an IP address (and mask) to a management VLAN interface.VLAN Interface view

ip address bootp-alloc

Use the ip address bootp-alloc command to configure VLAN interface to obtain IP address using BOOTP.

VLAN Interface view

ip address dhcp-alloc

Use the ip address dhcp-alloc command to configure VLAN interface to obtain an IP address using DHCP.

VLAN Interface view

ip host

Use the ip host command to configure a host name and the corresponding IP address for a switch.System view

ip http acl

Use the ip http acl command to apply an ACL to filter Web users.System view

User Interface view

ip-pool

Use the ip-pool command to configure a private IP address range for cluster members on the switch to be set as the management device.

Cluster view

ip route-static

Use the ip route-static command to configure a static route.


System view


ip route-static


System view

jumboframe enable

Use this command to allow jumbo frames to pass through the Ethernet port.Ethernet port view

key

Use the key command to specify a shared key for the RADIUS authentication/authorization packets or accounting packets.

RADIUS Scheme view

lacp enable

Use the lacp enable command to enable the LACP protocol on the current port.Ethernet Port view

lacp port-priority

Use the lacp port priority command to configure port priority value.Ethernet Port view

lacp system-priority

Use the lacp system-priority command to configure system priority value.System view

language-mode

Use the language-mode command to toggle between the language modes (that is, language environments) of the command line interface (CLI) to meet your requirement.

User view

lcd

Use the lcd command to display the local work directory on the FTP client.FTP Client view

level

Use the level command to set the priority level of the user.Local User view

link-aggregation group description

Use the link-aggregation group description command to set a description for an aggregation group.System view

link-aggregation group mode

Use the link-aggregation group mode command to create a manual or static aggregation group.System view

local-server

Use the local-server command to configure the parameters of local RADIUS server.System view

local-user

Use the local-user command to add a local user and enter local user view.System view

local-user password-display mode

Use the local-user password-display-mode command to set the password display mode of all users.System view

lock

Use the lock command to lock the current user interface and prevent unauthorized users from accessing it.User view

logging-host

Use the logging-host command to configure a public logging host on the management device for member devices.

Cluster view

loopback-detection control enable

Use the loopback-detection control enable command to enable loopback detection and control function for Trunk ports and Hybrid ports.

Ethernet Port view


loopback-detection enable

Use the loopback-detection enable command to enable the loopback detection function globally or for a specific port.


loopback-detection interval-time

Use the loopback-detection interval-time command to set the time interval for detecting the external loopback for a port.

System view

loopback-detection per-vlan enable

Use the loopback-detection per-vlan enable command to configure the system to run loopback detection on all VLANs for the Trunk and Hybrid ports.

Ethernet Port view

ls

Use the ls command to display the files in the specified directory.SFTP Client view

ls

Use the ls command to display the information about a specified remote file.FTP Client view

mac-address

Use the mac-address command to add/modify the MAC address table entry.System view

Port view

mac-address max-mac-count

Use the mac-address max-mac-count command to configure the maximum number of MAC addresses an Ethernet port can learn.

Ethernet Port view

mac-address max-mac-count 0

Use the mac-address max-mac-count0 command to disable a switch from learning MAC address in a VLAN.

VLAN view

mac-address multicast interface vlan

Use the mac-address multicast command to add a multicast MAC address entry.System view

mac-address multicast vlan

Use the mac-address multicast vlan command to add a multicast MAC address entry.Ethernet Port view

mac-address security

Use the mac-address security command to add Security MAC address manually.Ethernet Port view

System view

mac-address timer

Use the mac-address timer command to set the aging time for dynamic MAC address entries.System view

mac-authentication

Use the mac-authentication command to enable centralized MAC address authentication globally (current device) or on specified ports.


mac-authentication authmode

Use the mac-authentication authmode command to set MAC address authentication mode.System view

mac-authentication authpassword

Use the mac-authentication authpassword command to set a password for MAC address authentication when the fixed mode is adopted.

System view

mac-authentication authusername

Use the mac-authentication authusername command to set a user name when a switch authenticates users in fixed mode.

System view


mac-authentication domain

Use the mac-authentication domain command to configure an ISP domain for centralized MAC address authentication users.

System view

mac-authentication timer

Use the mac-authentication timer command to configure the timers used in centralized MAC address authentication.

System view

management-vlan

Use the management-vlan command to specify the management VLAN on the switch.System view

management-vlan synchronization enable

Use the management-vlan synchronization enable command to enable the management VLANs of the member devices of a cluster to be synchronized.

Cluster view

mdi

Use the mdi command to set port MDI attribute.Ethernet Port view

messenger

Use the messenger time command to enable or disable the messenger alert and configure the related parameters.

ISP Domain view

mirroring group

Use the mirroring-group command to configure the port mirroring group.System view

mirroring-group mirroring-port

Use the mirroring-group mirroring-port command to configure the monitored port.System view

mirroring-group reflector-port

Use the mirroring-group reflector-port command to configure a reflector port.System view

mirroring-group remote-probe vlan

Use the mirroring-group remote-probe vlan command to specify the remote-probe VLAN for a given mirroring group.

System view

mirroring-port

Use the mirroring-port command to configure a mirroring port.Ethernet Port view

mkdir

Use the mkdir command to create a directory on the remote SFTP server.SFTP Client view

mkdir

Use the mkdir command to create a directory in a specified directory of a specified storage device.User view

mkdir

Use the mkdir command to create a directory on the remote SFTP server.FTP Client view

monitor-port

Use the monitor-port command to configure the destination monitor port.Ethernet Port view

more

Use the more command to display the content of a specified file.User view

move

Use the move command to move a file to a specified directory. You can also assign a new name for the file.User view

name

Use the name command to set a name for the assigned VLAN.VLAN view


name

Use the name command to set a name for the assigned VLAN.VLAN view

nas-ip

Use the nas-ip command to set the source IP address used by the switch to send RADIUS packets.RADIUS Scheme view

ndp enable

Use the ndp enable command in system view to enable NDP globally on the switch. When being executed in Ethernet port view, this command enables NDP for an Ethernet port.


ndp timer aging

Use the ndp timer aging command to set how long a device will hold the NDP packets received from the local device. After the aging timer expires, the device will discard the received NDP neighbor node information.

System view

ndp timer hello

Use the ndp timer hello command to define how often to transmit the NDP packets.System view

nm-interface vlan-interface

Use the nm-interface vlan-interface command to configure an NMS interface of the management device.

Cluster view

ntdp enable

Use the ntdp enable command in system view to enable NTDP globally. When being executed in Ethernet port view, this command enables NTDP for an Ethernet port.


ntdp explore

Use the ntdp explore command to start topology information collection manually.User view

ntdp hop

Use the ntdp hop command to set a range (in terms of hop count) for topology information collection.System view

ntdp timer

Use the ntdp timer command to configure the interval to collect topology information.System view

ntdp timer hop-delay

Use the ntdp timer hop-delay command to set the delay time for a switch to forward topology-collection request packets.

System view

ntdp timer port-delay

Use the ntdp timer port-delay command to set the delay time for a switch to forward a received topology-collection request packet through its successive ports.

System view

Use the ntdp timer port-delay command to set the delay time for a switch to forward a received topology-collection request packet through its successive ports. A switch forwards received topology request packets to all its ports in turn. After forwarding a received topology-collection request packet through one port, the switch delays for specific period before it forwards the packet through the next port.

ntp-service access

Use the ntp-service access command to set the authority to access the local equipment.System view

ntp-service authentication enable

Use the ntp-service authentication enable command to enable the NTP-service authentication function.

System view

ntp-service authentication-keyid

Use the ntp-service authentication-keyid command to configure an NTP authentication key.System view


ntp-service broadcast-client

Use the ntp-service broadcast-client command to configure an Ethernet switch to operate in NTP broadcast client mode.

VLAN Interface view

ntp-service broadcast-server

Use the ntp-service broadcast-server command to configure NTP broadcast server mode.VLAN Interface view

ntp-service in-interface disable

Use the ntp-service in-interface disable command to disable an interface to receive NTP message.VLAN Interface view

ntp-service max-dynamic sessions

Use the ntp-service max-dynamic-sessions command to set how many sessions can be created locally.System view

ntp-service multicast-client

Use the ntp-service multicast-client command to configure an Ethernet switch to operate in NTP multicast client mode.

VLAN Interface view

ntp-service multicast-server

Use the ntp-service multicast-server command to configure an Ethernet switch to operate in NTP multicast server mode.

VLAN Interface view

ntp-service reliable authentication-keyid

Use the ntp-service reliable authentication-keyid command to specify an authentication key to be a trusted key.

System view

ntp-service source-interface

Use the ntp-service source-interface command to designate an interface to transmit NTP message.System view

ntp-service unicast-peer

Use the ntp-service unicast-peer command to be an active NTP peer.System view

ntp-service unicast-server

Use the ntp-service unicast-server command to configure an Ethernet switch to operate in NTP server mode.

System view

open

Use the open command to establish a control connection with an FTP server.FTP Client view

packet-filter

Use the packet-filter command to define the packet filter function in the QoS profile.QoS Profile view

packet-filter

Use the packet-filter command to apply ACL rules on the port to filter packets.Ethernet Port view

parity

Use the parity command to set the check mode of the user interface.User Interface view

passive

Use the passive command to set the data transmission mode to be passive mode.FTP Client view

password

Use the password command to configure or change the system login password for a user.Local User view

password

Use the password command to set a password for the local users.Local User View

peer-public-key end

Use the peer-public-key end command to return to system view from public key view.Public Key view


ping

Use the ping command to check the IP network connection and the reachability of the host.Any view

port

Using the port command, you can add one port or one group of ports to a VLAN.VLAN view

port access vlan

Use the port access vlan command to assign the access port to a specified VLAN.Ethernet Port view

port hybrid pvid vlan

Use the port hybrid pvid vlan command to configure the default VLAN ID of the hybrid port.Ethernet Port view

port hybrid vlan

Use the port hybrid vlan command to add the port to the specified VLAN(s). The port needs to have been made a hybrid port before you can do this. See the related command below.

Ethernet Port view

port isolate

Use the port isolate command to add an Ethernet port to the isolation group.Ethernet Port view

port link-aggregation group

Use the port link-aggregation group agg_id command to add an Ethernet port to a manual or static aggregation group.

Ethernet Port view

port link-type

Use the port link-type command to configure the link type of the Ethernet port.Ethernet Port view

port-security enable

Use the port-security enable command to enable port security.System view

port-security intrusion-mode

Use the port-security intrusion-mode command to set the action mode of the Intrusion Protection feature.

Ethernet Port view

port-security max-mac-count

Use the port-security max-mac-count command to set the maximum number of MAC addresses allowed to access the port.

Ethernet Port view

port-security ntk-mode

Use the port-security ntk-mode command to set the packet transmission mode of the Need to Know (NTK) feature.

Ethernet Port view

port-security OUI

Use the port-security OUI command to set an OUI value for authentication.System view

port-security port-mode

Use the port-security port-mode command to set the security mode of the port.Ethernet Port view

port-security timer disableport

Use the port-security timer disableport command to set the time during which the system temporarily disables a port.

System view

port-security trap

Use the port-security trap command to enable the sending of the specified type(s) of trap messages.System view

port trunk pvid vlan

Use the port trunk pvid vlan command to configure the default VLAN ID for a trunk port.Ethernet Port view


port trunk permit vlan

Use the port trunk permit vlan command to add a trunk port to one VLAN, a selection of VLANs, or all VLANs.

Ethernet Port view

primary accounting

Use the primary accounting command to set the IP address and port number for the primary accounting server.

RADIUS Scheme view

primary authentication

Use the primary authentication command to configure the IP address and port number for the primary RADIUS authentication/authorization server.

RADIUS Server Group view

priority

Use the priority command to set the priority of Ethernet port.Ethernet Port view

priority trust

Use the priority trust command to configure the precedence mapping mode on the port of the switch.Ethernet Port view

protocol inbound

Use the protocol inbound command to configure the protocols supported in the current user interface.VTY User Interface view

protocol inbound

Use the protocol inbound command to specify the protocols supported by the user interface.User Interface view

protocol-priority protocol-type

Use the protocol-priority command to set the global traffic priority that applies to a given protocol.System view


Use the public-key-code begin command to enter public key edit view and input the client public key.Public Key view


Use the public-key-code begin command to enter public key edit view and set server public keys.Public Key view

public-key-code end

Use the public-key-code end command to return from public key edit view to public key view and save the public keys you set.

Public Key Edit view

public-key-code end

Use the public-key-code end command to return from public key edit view to public key view and save the public keys you set.

Public Key Edit view

put

Use the put command to upload a local file to the remote SFTP server.SFTP Client view

put

Use the put command to upload a local file to the remote FTP server.FTP Client view

pwd

Use the pwd command to display the current directory on the SFTP server.SFTP Client view

pwd

Use the pwd command to display the current path. If the current path is not configured, an error occurs when you execute this command.

User view

pwd

Use the pwd command to display the current directory on the remote FTP Server.FTP Client view


qos cos-drop-precedence-map

Use the qos cos-drop-precedence-map command to configure the "COS->Drop-precedence" mapping relationship.

System view

qos cos-dscp-map

Use the qos cos-dscp-map command to configure the "COS->DSCP" mapping relationship.System view

qos cos-local-precedence-map

Use the qos cos-local-precedence-map command to configure the "COS->Local-precedence" mapping relationship.

System view

qos dscp-cos-map

Use the qos dscp-cos-map command to configure the "COS->802.1p priority" mapping relationship.System view

qos dscp-drop-precedence-map

Use the qos dscp-drop-precedence-map command to configure the "DSCP->Drop-precedence" mapping relationship.

System view

qos dscp-dscp-map

Use the qos dscp-dscp-map command to configure the "DSCP->DSCP" mapping relationship.System view

qos dscp-local-precedence-map

Use the qos dscp-local-precedence-map command to configure the "DSCP->Local-precedence" mapping relationship.

System view

qos-profile

Use the qos-profile command to create a QoS profile and enter the corresponding view.System view

qos-profile port-based

Use the qos-profile port-based command to configure the port-based application mode of QoS profiles on ports.

Ethernet Port view

queue-scheduler

Use the queue-scheduler command to set the queue-scheduling algorithm and parameters.System view

quit

Use the quit command to terminate the connection to the remote SSH server.User view

quit

Use the quit command to terminate the connection to the remote SFTP server and exit to system view.SFTP Client view

quit

Use the quit command to terminate FTP control connection and FTP data connection and quit to user view. This command has the same effect as that of the bye command.

FTP Client view

quit

Use the quit command to return from current view to lower level view, or exit the system if current view is user view.

Any view

radius nas-ip

Use the radius nas-ip command to set the source IP address used by the switch to send RADIUS packets.System view

radius-scheme

Use the radius-scheme command to specify the RADIUS scheme to be used by the current ISP domain.ISP Domain view

radius scheme

Use the radius scheme command to create a RADIUS scheme and enter its view.System view


radius trap

Use the radius trap command to enable the switch to send trap messages when its RADIUS authentication or accounting server turns down.

System view

reboot

Use the reboot command to restart an Ethernet switch.User view

reboot member

Use the reboot member command to reboot a specified member device on the management device.Cluster view

region-name

Use the region-name command to set an MST region name to a switch.MST Region view

remote-probe vlan

Use the remote-probe vlan enable command to enable the remote-probe port mirror port feature on the VLAN of the switch.

VLAN view

remotehelp

Use the remotehelp command to display help information about the FTP protocol command.FTP Client view

remove

Use the remove command to delete the specified file from the server.SFTP Client view

rename

Use the rename command to change the name of the specified file on the SFTP server.SFTP Client view

rename

Use the rename command to rename a file or a directory. If the target file name or directory name is the same with any existing file name or directory name, you will fail to rename a file.

User view

rename

Use the rename command to rename a file on a remote host.FTP Client view

reset arp

Use the reset arp command to remove information that is no longer required from the ARP mapping table.User view

reset counters interface

Use the reset counters interface command to clear the statistics of the port, preparing for a new statistics collection.

User view

reset dot1x statistics

Use the reset dot1x statistics command to clear the statistics of 802.1x.User view

reset garp statistics

Use the reset garp statistics command to clear the GARP statistics (such as the information about the packets received/sent/discarded by GVRP/GMRP) on specified (or all) ports.

User view

reset igmp-snooping statistics

Use the reset igmp-snooping statistics command to clear the IGMP Snooping statistics.User view

reset ip statistics

Use the reset ip statistics command to clear the IP statistics information.User view

reset logbuffer

Use the reset logbuffer command to clear information in the log buffer.User view

reset ndp statistics

Use the reset ndp statistics command to reset the NDP counters to clear the NDP statistics.User view


reset radius statistics

Use the reset radius statistics command to clear the statistics information about the RADIUS protocol.User view

reset recycle-bin

Use the reset recycle-bin command to completely delete file(s) in the recycle bin in the Flash.User view

reset saved-configuration

Use the reset saved-configuration command to delete the configuration file that is of the specified attribute from the Flash, including the main and backup configuration files to be used when the switch starts the next startup.

User view

reset stop-accounting-buffer

Use the reset stop-accounting-buffer command to delete the buffered no-response stop-accounting request packets.

User view

reset stp

Use the reset stp command to clear the STP statistics of specified Ethernet ports.User view

reset tcp statistics

Use the reset tcp statistics command to clear the TCP statistics information.User view

reset traffic-limit

Use the reset traffic-limit command to clear the statistics of the traffic policing matching with the specified ACL rules.

Ethernet Port view

reset traffic-statistic

Use the reset traffic-statistic command to clear the traffic statistics of the packets matching with the specified ACL rules.

Ethernet Port view

reset trapbuffer

Use the reset trapbuffer command to clear information in the trap buffer.User view

retry

Use the retry command to set the maximum number of transmission attempts of RADIUS requests.Detecting Group view

retry realtime-accounting

Use the retry realtime-accounting command to set the maximum allowed number of continuous no-response real-time accounting requests.

RADIUS Scheme view

retry stop-accounting

Use the retry stop-accounting command to set the maximum number of transmission attempts of the stop-accounting requests buffered due to no response.

RADIUS Scheme view

return

Use the return command to return to user view from any other view.System view or higher level views

revision-level

Use the revision-level command to set the MSTP revision level for a switch.MST Region view

rmdir

Use the rmdir command to delete the specified directory from the remote SFTP server.SFTP Client view

rmdir

Use the rmdir command to delete a directory.User view

Because only empty directories can be deleted, you need to delete the files in a directory before deleting it.


rmdir

Use the rmdir command to delete the specified directory from the remote FTP server.FTP Client view

You can only use this command to remove directories that are empty.

rmon alarm

Use the rmon alarm command to add an entry to the alarm table.System view

rmon event

Use the rmon event command to add an entry to the event table.System view

rmon history

Use the rmon history command to add an entry to the history control table.Ethernet Port view

rmon prialarm

Use the rmon prialarm command to add an entry to the extended RMON alarm table.System view

rmon statistics

Use the rmon statistics command to add an entry to the statistic table.Ethernet Port view

rsa local-key-pair create

Use the rsa local-key-pair create command to generate RSA key pairs, whose names are in the format of switch name plus _host, for example, S4200G_host.

System view

rsa local-key-pair destroy

Use the rsa local-key-pair destroy command to destroy all existing RSA key pairs at the server end.System view

rsa peer-public-key

Use the rsa peer-public-key command to enter public key view.System view

rsa peer-public-key

Use the rsa peer-public-key command to enter public key view.System view

rule (Advanced ACL)

Use the rule command to define an ACL rule.Advanced ACL view

rule (Basic ACL)

Use the rule command to define an ACL rule.Basic ACL view

rule comment

Use the rule comment command to define the comment string for an ACL rule.Advanced ACL view / Layer 2 ACL view

rule (Layer 2 ACL)

Use the rule command to define an ACL rule.Layer 2 ACL view

save

Use the save command to save the current configuration to a configuration file in the flash memory.Any view

schedule reboot at

Use the schedule reboot at command to schedule a reboot on the current switch and set the reboot date and time.

User view

schedule reboot delay

Use the schedule reboot delay command to schedule a reboot on the switch, and set the reboot waiting delay.

User view

scheme

Use the scheme command to configure the AAA scheme to used by the current ISP domain.ISP Domain view


screen-length

Use the screen-length command to set the number of lines the terminal screen can contain.User Interface view

secondary accounting

Use the secondary accounting command to set the IP address and port number of the secondary RADIUS accounting server.

RADIUS Scheme view

secondary authentication

Use the secondary authentication command to set the IP address and port number of the secondary RADIUS authentication/authorization server.

RADIUS Scheme view

security-policy-server

Use the security-policy-server command to set the IP address of a security policy server.RADIUS Scheme view

self-service-url

Use the self-service-url command to either enable or disable the self-service server location function.ISP Domain view

send

Use the send command to send messages to a specified user interface or all user interfaces.User view

server-type

Use the server-type command to configure the RADIUS server type supported by the Switch.RADIUS Scheme view

service-type

Use the command service-type to authorize a user access to the specified services.Local User view

service-type

Use the service-type command to specify the login type and the corresponding available command level.Local User view

service-type multicast

Use the service-type multicast command to set the current VLAN as a multicast VLAN.VLAN view

set authentication password

Use the set authentication password command to set the local password.User Interface view

sftp

Use the sftp command to establish a connection to the SFTP server and enter SFTP client view.System view

sftp server enable

Use the sftp server enable command to enable the secure FTP (SFTP) server.System view

sftp time-out

Use the sftp time-out command to set the timeout time for the SFTP user connection.System view

shell

Use the shell command to make terminal services available for the user interface.User Interface view

shutdown

Use the shutdown command to disable an Ethernet port.Ethernet Port view

shutdown

Use the shutdown command to disable the VLAN interface.VLAN Interface view

smarton

Use the smarton command to enable the SmartOn function for an Ethernet port with supplicant systems attached.

Ethernet Port view


smarton password

Use the smarton password command to set the password to be used by the SmartOn function.System view

smarton switchid

Use the smarton switchid command to set the switch ID.System view

smarton timer

Use the smarton timer command to set the supplicant timeout timer for SmartOn-enabled supplicant systems.

System view

snmp-agent

Use the snmp-agent command to enable SNMP Agent.System view


Use the snmp-agent community command to set a community name and to enable users to access the switch through SNMP. You can also optionally use this command to apply an ACL to filter network management users.

System view


Use the snmp-agent community command to set the community access name and enable access to SNMP.System view

snmp-agent group

Use the snmp-agent group command to configure a SNMP group. You can also optionally use this command to apply an ACL to filter network management users.

System view

snmp-agent group

Use the snmp-agent group command to configure a new SNMP group, that is, to map SNMP user to SNMP view.

snmp-agent local-engineid

Use the snmp-agent local-engineid command to set the engine ID of the local SNMP entity.System view

snmp-agent log

Use the snmp-agent log command to enable the logging function for network management.System view

snmp-agent mib-view

Use the snmp-agent mib-view command to create or update the view information, limiting the MIB objects to be accessed by the NMS.

System view

snmp-agent packet max-size

Use the snmp-agent packet max-size command to set the maximum size of SNMP packet that the Agent can send/receive.

System view

snmp-agent sys-info

Use the snmp-agent sys-info command to configure system information such as geographical location of the device, contact information for system maintenance and version information of running SNMP.

System view

snmp-agent target-host

Use the snmp-agent target-host command to command to configure destination of SNMP Trap packets.System view

snmp-agent trap enable

Use the snmp-agent trap enable command to enable the device to send Trap packets.System view

snmp-agent trap life

Use the snmp-agent trap life command to set aging time for Trap packets.System view

snmp-agent trap queue-size

Use the snmp-agent trap queue-size command to configure the information queue length of a Trap packet sent to the destination host.

System view


snmp-agent trap source

Use the snmp-agent trap source command to configure the source address for sending Trap messages.System view

snmp-agent usm-user

Use the snmp-agent usm-user command to add a new community name or, if you use the V3 parameter, a new user to an SNMP group.

System view

snmp-agent usm-user

Use the snmp-agent usm-user command to add a new user to an SNMP group. You can also optionally use this command to apply an ACL to filter network management users.

System view

snmp-agent usm-user

Use the snmp-agent usm-user command to add a new user to an SNMP group.System view

snmp-agent usm-user

Use the snmp-agent usm-user command to add a new community name or, if you use the V3 parameter, a new user to an SNMP group.

System view

snmp-host

Use the snmp-host command to configure an SNMP host for the member devices inside a cluster on the management device.

Cluster view

speed

Use the speed command to set the transmission speed of the user interface.User Interface view

speed

Use the speed command to configure the port rate.Ethernet Port view

ssh client assign rsa-key

Use the ssh client assign rsa-key command to specify on the client the public key for the server to be connected to guarantee the client can be connected to a reliable server.

System view

ssh client first-time enable

Use the ssh client first-time enable command to configure the client to run the initial authentication.System view

ssh server authentication-retries

Use the ssh server authentication-retries command to set authentication retry number for SSH connections.

System view

ssh server timeout

Use the ssh server timeout command to set authentication timeout time for SSH connections.System view

ssh user assign rsa-key

Use the ssh user assign rsa-key command to allocate public keys to SSH users.System view

ssh user authentication-type

Use the ssh user authentication-type command to define on the server the available authentication type for an SSH user.

System view

ssh user service-type

Use the ssh user service-type command to specify service type for a user.System view

ssh2

Use the ssh2 command to enable the connection between SSH client and server, define key exchange algorithm preference, encryption algorithm preference and HMAC algorithm preference on the server and client.

System view


startup bootrom-access enable

Use the startup bootrom-access enable command to specify a switch to prompt for the customized password before entering the BOOT menu.

User view

startup saved-configuration

Use the startup saved-configuration command to specify the main or backup configuration file for a switch to start the next time.

User view

state

Use the state command to configure the state of the current ISP domain/current user.ISP Domain view

Local User viewRADIUS view

state

Use the state command to configure the state of RADIUS server.RADIUS Scheme view

stop-accounting-buffer enable

Use the stop-accounting-buffer enable command to enable the switch to buffer the stop-accounting requests that bring no response.

RADIUS Scheme view

stopbits

Use the stopbits command to set the stop bits of the user interface.User Interface view

stp

Use the stp command to enable or disable MSTP globally or for a port.System view

Ethernet Port view

stp bpdu-protection

Use the stp bpdu-protection command to enable the BPDU protection function.System view

stp bridge-diameter

Use the stp bridge-diameter command to set the network diameter of a switched network, which is represented in terms of the maximum number of switches between any two terminals in a switched network.

System view

stp config-digest-snooping

Use the stp config-digest-snooping command to enable the digest snooping feature.Ethernet Port view

stp cost

Use the stp cost command to set the path cost of a port in a spanning tree instance.Ethernet Port view

stp edged-port

Use the stp edged-port command to configure the current Ethernet port as either an edge port or a non-edge port.

Ethernet Port view

stp interface

Use the stp interface command in system view to enable or disable MSTP for specified ports.System view

stp interface config-digest-snooping

Use the stp interface config-digest-snooping command to enable the digest snooping feature.System view

stp interface cost

Use the stp interface cost command to set the path cost of specified ports in a specified spanning tree instance.

System view

stp interface edged-port

Use the stp interface edged-port command to configure the specified Ethernet ports to be either edge ports or non-edge ports.

System view


stp interface loop protection

Use the stp interface loop-protection command to enable the loop prevention function.System view

stp interface mcheck

Use the stp interface mcheck command to perform the mCheck operation for specified ports.System view

stp interface no-agreement-check

Use the stp interface no-agreement-check command to enable the rapid transition feature on a specified port.

System view

stp interface point-to-point

Use the stp interface point-to-point command to specify whether the specified Ethernet ports are point-to-point links.

System view

stp interface port priority

Use the stp interface port priority command to set the port priority of specified ports in a spanning tree instance.

System view

stp interface root-protection

Use the stp interface root-protection command to enable the root protection function for specified ports.

System view

stp interface transmit-limit

Use the stp interface transmit-limit command to set the maximum number of BPDUs that each specified port can send within a Hello time interval.

System view

stp loop-protection

Use the stp loop-protection command to enable the loop prevention function for the current port.Ethernet Port view

stp max-hops

Use the stp max-hops command to set the maximum hop count of the MST region to which the switch belongs.

System view

stp mcheck

Use the stp mcheck command to perform the mCheck operation for the current port.Ethernet Port view

System view

stp mode

Use the stp mode command to set the MSTP operation mode of the switch.System view

stp no-agreement-check

Use the stp no-agreement-check command to enable the rapid transition feature on the current port.Ethernet Port view

stp pathcost-standard

Use the stp pathcost-standard command to set the standard used for calculating the default path costs of ports.

System view

stp point-to-point

Use the stp point-to-point command to specify whether the port must connect to point-to-point link.Ethernet Port view

stp port priority

Use the stp port priority command to set the priority of the current port in a specified spanning tree instance.

Ethernet Port view

stp priority

Use the stp priority command to set the priority of a switch in a spanning tree instance.System view


stp region-configuration

Use the stp region-configuration command to enter MST region view.System view

stp root primary

Use the stp root primary command to configure the current switch to be the root bridge of a specified spanning tree instance.

System view

stp root-protection

Use the stp root-protection command to enable the root protection function for the current port.Ethernet Port view

stp root secondary

Use the stp root secondary command to configure the current switch as a secondary root bridge of a specified spanning tree instance.

System view

stp tc-protection

Use the stp tc-protection command to enable or disable the TC-BPDU attack prevention function for the switch.

System view

stp timer-factor

Use the stp timer-factor command to set the timeout time of a switch in terms of the multiple of the Hello time.

System view

stp timer forward-delay

Use the stp timer forward-delay command to set the Forward delay for a switch.System view

stp timer hello

Use the stp timer hello command to set the Hello time for a switch.System view

stp timer max-age

Use the stp timer max-age command to set the maximum age of a switch.System view

stp transmit-limit

Use the stp transmit-limit command to set the maximum number of configuration BPDUs the current port can transmit within a Hello time.

Ethernet Port view

super

Use the super command to switch the current user level to the one identified by the level argument.User view

super password

Use the super password command to set the password for users to switch to a higher user level.System view

sysname

Use the sysname command to set a domain name for the switch.System view

sysname

Use the sysname command to set the system name of the Switch.System view

system-view

Enter system-view to enter the system view from the user view.User view

tcp timer fin-timeout

Use the tcp timer fin-timeout command to configure the TCP finwait timer.System view

tcp timer syn-timeout

Use the tcp timer syn-timeout command to configure the TCP synwait timer.System view


tcp window

Use the tcp window command to configure the size of the transmission and receiving buffers of the connection-oriented socket.

System view

telnet

Use the telnet command to log in to another Ethernet switch from the current switch via Telnet for remote management.

User view

terminal debugging

Use the terminal debugging command to configure to display the debugging information on the terminal.User view

terminal debugging

Use the terminal debugging command to configure to display the debugging information on the terminal.User view

terminal logging

Use the terminal logging command to enable log terminal display.User view

terminal monitor

Use the terminal monitor command to enable the debug/log/trap terminal display function.User view

terminal trapping

Use the terminal trapping command to enable terminal trap information display.User view

tftp

Use the tftp command to set the TFTP data transfer mode.System view

tftp cluster get

Use the tftp cluster get command to download a specified file from a cluster TFTP server.User view

tftp cluster put

Use the tftp put command to upload a specified file to a specified directory of a cluster TFTP server.User view

tftp get

Use the tftp get command to download a file from a TFTP server to this switch.User view

tftp put

Use the tftp put command to upload a file from the switch to the specified directory on the TFTP server.User view

tftp-server

Use the tftp-server command to configure a TFTP server for cluster members on the management device.

Cluster view

tftp-server acl

Use the tftp-server acl command to specify the ACL (Access Control List) adopted for the connection between a TFTP client and a TFTP server.

System view

time-range

Use the time-range command to define a time range.System view

timer

Use the timer command to set the interval to send handshake packets.Cluster view

timer

Use the timer command to set the response timeout time of RADIUS server (that is, the timeout time of the response timeout timer of RADIUS server).

RADIUS Scheme view

timer quiet

Use the timer quiet command to set the wait time for the primary server to restore the active state.RADIUS Scheme view



Use the timer realtime-accounting command to set the real-time accounting interval.RADIUS Scheme view

timer response-timeout

Use the timer response-timeout command to set the response timeout time of RADIUS servers.RADIUS Scheme view

topology accept

Use the topology accept command to confirm the current topology information of the cluster and save that as a standard topology.

Cluster view

topology restore-from

Use the topology restore-from command to obtain and restore the standard topology information from the local flash.

Cluster view

topology save-to

Use the topology save-to command to save the standard topology information into the local flash.Cluster view

tracemac

Use the tracemac command to locate a device by MAC address or IP address.Any view

tracert

Use the tracert command to trace the gateways the test packets passes through during its journey from the source to the destination.

Any view The tracert command is primarily used to check the network connectivity. It can also help you locate the trouble spot of the network.

traffic-limit

Use the traffic-limit command to use ACL rules in traffic identifying and traffic policing for the packet matching with the ACL rules and to set traffic policing parameters.

Ethernet Port view

traffic shape

Use the traffic-shape command to enable traffic shaping and send the packets out at an even rate.Ethernet Port view

traffic-statistic

Use the traffic-statistic command to use ACL rules in traffic identifying and perform traffic statistics on the packets matching with the ACL rules.

System view

udp-helper enable

Use the udp-helper enable command to enable the UDP Helper function.System view

udp-helper port

Use the udp-helper port command to configure the UDP port with relay function.System view

udp-helper server

Use the udp-helper server command to configure the relay destination server for UDP broadcast packets.VLAN Interface view

undelete

Use the undelete command to restore a deleted file.User view

user

Use the user command to switch to a specified user.FTP Client view

After logging into an FTP server, you can switch to another user by using the user command.

user-interface

Using user-interface command to enter one or more user interface views to perform configuration.System view

user-name-format

Use the user-name-format command to set the format of the user names to be sent to RADIUS server.RADIUS Scheme view


user privilege level

Use the user privilege level level command to configure the command level that a user can access from the specified user interface.

User Interface view

verbose

Use the verbose command to enable the verbose function, which displays execution and response information of other related commands.

FTP Client view

virtual-cable-test

Use the virtual-cable-test command to enable the system to test the cable connected to a specific port and to display the results.

Ethernet Port view

vlan

Use the vlan command to enter the VLAN view.System view

vlan-assignment-mode

Use the vlan-assignment-mode command to set the VLAN assignment mode on the switch.ISP Domain view

vlan-mapping modulo

Use the vlan-mapping modulo command to map VLANs to specific spanning tree instances.MST Region view

vlan-vpn enable

Use the vlan-vpn enable command to enable the VLAN-VPN function for a port.Ethernet Port view

vlan-vpn tpid

Use the vlan-vpn tpid command to set a TPID value for a port. The setting takes effect only when the VLAN-VPN or VLAN-VPN uplink function is enabled.

Ethernet Port view

vlan-vpn tunnel

Use the vlan-vpn tunnel command to enable the BPDU tunnel function.System view

vlan-vpn uplink enable

Use the vlan-vpn uplink enable command to configure a port to be a VLAN-VPN uplink port.Ethernet Port view

voice vlan

Use the voice vlan command to enable the voice VLAN function globally.System view

voice vlan aging

Use the voice vlan aging command to set the aging time for a voice VLAN.System view

voice vlan enable

Use the voice vlan enable command to enable the voice VLAN function for a port.Ethernet Port view

voice vlan mac-address

Use the voice vlan mac-address command to set a MAC address used for a voice VLAN to identify voice devices.

System view

voice vlan mode

Use the voice vlan mode auto command to configure an Ethernet port to operate in the automatic voice VLAN mode.

Ethernet Port view

voice vlan security enable

Use the voice vlan security enable command to enable the voice VLAN security mode.System view

Documents

3Com Switch 4200G Family Command Reference Guideh20628. · 3Com® Switch 4200G Family Command Reference Guide Switch 4200G 12-Port Switch 4200G 24-Port Switch 4200G 48-Port Part …