- DL manuals
- QTech
- Network Hardware
- QSW-2900
- User Manual
QTech QSW-2900 User Manual
QTECH QSW-2900 Ethernet Switch
User’s Manual
Command Line Reference Manual
1. Accessing
Switch
Command
2. PortConfiguration Command
3. VLAN Configuration Command
4. Multicast Protocol Configuration
Command
5. ACL Configuration Command
6. QOS Configuration Command
7. STP Configuration Command
8. 802.1x Configuration Command
9. SNTP
Client
Configuration
Command
10. Syslog Configuration Command
11. SSH Configuration Command
12.
Switch Management and
Maintenance Command
Summary of QSW-2900
Page 1
Qtech qsw-2900 ethernet switch user’s manual command line reference manual 1. Accessing switch command 2. Portconfiguration command 3. Vlan configuration command 4. Multicast protocol configuration command 5. Acl configuration command 6. Qos configuration command 7. Stp configuration command 8. 802....
Page 2
12.5.12 snmp-server host use snmp-server host command to send notify by snmp server. Use no snmp-server host command to remove snmp server sending notifies. Snmp-server host host-addr [ version { 1
Page 3
C o n t e n t chapter 1 switch logging in command...................................................... 1-1 1.1 switch logging in command................................................................. 1-1 1.1.1 cls ......................................................................................
Page 4
2.1.7 priority.......................................................................................... 2-9 2.1.8 show description........................................................................ 2-11 2.1.9 show interface .........................................................................
Page 5
2.4.5 lacp port-priority......................................................................... 2-40 2.4.6 show lacp sys-id ........................................................................ 2-41 2.4.7 show lacp internal...................................................................... 2...
Page 6
3.3.8 show rewrite-outer-vlan ............................................................. 3-20 3.3.9 show vlan-swap......................................................................... 3-20 chapter 4 multicast protocol configuration command ............................... 4-1 4.1 static multic...
Page 7
4.3.1 cross-vlan multicast................................................................... 4-25 4.3.2 cross-vlan multicast................................................................... 4-26 4.3.3 show cross-vlan multicast ......................................................... 4-27 chapter...
Page 8
6.1.7 storm-control................................................................................ 6-8 chapter 7 stp configuration command..................................................... 7-1 7.1 stp configuration command................................................................ 7-1 7.1.1...
Page 9
7.2.11 spanning-tree mst config-digest-snooping............................... 7-30 chapter 8 802.1x configuration command ................................................ 8-1 8.1 domain configuration command .......................................................... 8-1 8.1.1 aaa......................
Page 10
8.3.9 dot1x timeout re-authperiod ...................................................... 8-34 8.3.10 dot1x user cut.......................................................................... 8-36 8.3.11 show dot1x............................................................................... 8-37 8.3...
Page 11
10.1.7 logging sequence-numbers ..................................................... 10-7 10.1.8 logging timestamps.................................................................. 10-7 10.1.9 logging monitor ........................................................................ 10-9 10.1.10 ter...
Page 12
12.1.4 copy running-config startup-config .......................................... 12-3 12.1.5 copy startup-config running-config .......................................... 12-4 12.1.6 show running-config ................................................................ 12-4 12.1.7 show startup-con...
Page 13
12.4.7 loopback ................................................................................ 12-33 12.4.8 vct run.................................................................................... 12-34 12.4.9 vct auto-run ...........................................................................
Page 14
12.5.6 show snmp engineid............................................................. 12-57 12.5.7 show snmp group .................................................................. 12-58 12.5.8 show snmp user .................................................................... 12-58 12.5.9 show sn...
Page 17
Chapter 1 switch logging in command 1.1 switch logging in command switch logging in command includes: cls configure terminal enable end exit help hostname interface muser quit show muser show username stop timeout username username change-password 1.1.1 cls 1-1.
Page 18
Use cls command to clear current screen displaying cls 【 command configuration mode 】 any configuration mode 【 example 】 !clear current screen displaying qtech>cls 1.1.2 configure terminal use configure terminal command to enter global configuration mode from privileged mode. Configure terminal 【 co...
Page 19
【 related command 】 exit , end 1.1.3 enable use enable command to enter privileged mode from user mode. Enable 【 command configuration mode 】 user mode 【 example 】 !enter from user mode to privileged mode qtech>enable qtech# 【 related command 】 exit , end 1.1.4 end use end command to be back from gl...
Page 20
Mode to privileged mode. End 【 command configuration mode 】 any configuration mode except user mode and privileged mode 【 usage 】 5 levels of command line configuration mode, from inferior to superior are: user mode privileged mode global configuration mode interface configuration mode, vlan configu...
Page 21
【 example 】 !back from global configuration mode to privileged mode qtech(config-if-ethernet-0/0/1)#end qtech# 【 related command 】 exit 1.1.5 exit use exit command to be back to inferior mode. For the user mode, exit. Exit 【 command configuration mode 】 any configuration mode 【 usage 】 use exit comm...
Page 22
Qtech(config-if-ethernet-0/0/1)#exit qtech(config)# 【 related command 】 end 1.1.6 help use help command to display command help information. Help 【 command configuration mode 】 any configuration mode 【 usage 】 use help command can display any command in current mode, and user can key in “?” at any m...
Page 24
!configure hostname to be switch-a qtech(config)#hostname switch-a switch-a (config)# 1.1.8 interface use interface command to enter interface configuration mode. Interface ethernet interface-num 【 parameter 】 interface-num:the number of the interface 【 command configuration mode 】 global configurat...
Page 26
When the authentication is successful, user’s privilege is normal. Only when the authentication reply message includes the field of “service-type”, and the value of it is “administrative”, the user is administrator. 【 example 】 !enable radius authentication with the way of pap qtech(config)#muser ra...
Page 27
【 example 】 !disconnect with the switch and exit qtech#quit 1.1.11 show muser use show muser command to display user’s authentication. Show muser 【 command configuration mode 】 any configuration mode 【 example 】 !display user’s authentication qtech(config)#show muser 1.1.12 show username use show us...
Page 29
【 command configuration mode 】 privileged mode 【 usage 】 only administrator can use this command 【 example 】 !force user “red” to disconnect with telnet qtech#stop red 1.1.14 timeout use timeout command to configure the overtime of user’s logging in. Use no timeout command to configure overtime to b...
Page 30
Default time is 20 minutes 【 command configuration mode 】 user mode, privileged mode 【 usage 】 if timeout command without parameter, it configures to be default time. No timeout command means non-overtime. Use no timeout command in telnet, if the user doesn’t exit and the net is smooth, telnet user ...
Page 31
Use username username privilege command to add a user or modify the privilege or password of the existed user. Use no username username privilege command to remove specified user. Username username [ privilege level ] { password encryption-type password } no username username 【 parameter 】 username:...
Page 32
Global configuration mode 【 usage 】 when inputting the privilege of the new user, 0 to 1 means ordinary user and 2 to 15 means administrator. If the privilege doesn’t configure, the default privilege is ordinary user. If inputting nothing to modify the privilege of existed user, the privilege doesn’...
Page 33
Administrator “admin” can use username change-password to modify the password of him and others, and other users can use this command to modify his own password. After inputting this command, user will be asked to input as following: original password, the username of the password needs modifying, n...
Page 34
1-18 !modify the password of user “red” to be 123456 qtech(config)#username change-password please input you login password : ****** please input username :red please input user new password :****** please input user comfirm password :****** chang user red password success..
Page 35
Chapter 2 port configuration command 2.1 ethernet interface configuration command ethernet interface configuration command includes: clear interface description duplex flow-control ingress acceptable-frame link-aggregation priority show description show interface show statistics interface shutdown s...
Page 37
The information of the interface includes: numbers of unicast, multicast and broadcast message etc. Using clear interface command in global mode, if the interface-num and slot-num are not assigned, the information of all interfaces is cleared. If the slot-num is assigned, the port information of the...
Page 38
Description description-list no description 【 parameter 】 description-list:port description string ranges from 1 to 32 characters 【 command configuration mode 】 interface configuration mode 【 example 】 !configure description string “red” for the ethernet 0/0/3 qtech(config-if-ethernet-0/0/3)#descrip...
Page 40
100 base-fx only supports full duplex. 【 example 】 !configure ethernet 0/5 port to full duplex qtech(config-if-ethernet-0/0/5)#duplex full 2.1.4 flow-control use flow-control command to enable flow control on the ethernet port. Use no flow-control command to disable flow control on the port. Flow-co...
Page 41
If the port is crowded, it needs controlling to avoid congestion and data loss. Use flow-control command to control the flow. 【 example 】 !enable flow control on ethernet 0/5 qtech(config-if-ethernet-0/0/5)#flow-control !disable flow control on ethernet 0/5 qtech(config-if-ethernet-0/0/5)#no flow-co...
Page 42
【 command configuration mode 】 interface configuration mode 【 usage 】 when ingress acceptable-frame enables, frame of other type are dropped. When ingress acceptable-frame disables, all types of frames are received. 【 example 】 !configure ethernet 0/0/5 only to receive tagged frame qtech(config-if-e...
Page 43
【 default 】 ingress filtering enables. 【 command configuration mode 】 interface configuration mode 【 usage 】 when interface ingress filtering enables, the frame with the vlan id being different from the vlan id of the interface which the frame is received will be dropped; when interface ingress filt...
Page 44
Use priority command to assign priority of the port. Use no priority command to restore default priority. Priority priority-value no priority 【 parameter 】 priority-value:ranges from 0 to 7 【 default 】 default priority-value is 0 【 command configuration mode 】 interface configuration mode 【 usage 】 ...
Page 45
Qtech(config-if-ethernet-0/0/3)#priority 1 2.1.8 show description use show description command to display interface description. Show description interface [ interface-list ] 【 parameter 】 interface-list:list of interfaces means many ethernet ports 【 command configuration mode 】 any configuration mo...
Page 46
Qtech(config)#show description interface ethernet 0/0/3 【 related command 】 description 2.1.9 show interface use show interface command to display port configuration. Show interface [ interface-num ] 【 parameter 】 interface-num:means ethernet port. Interface-num is in the form of interface-type + in...
Page 47
About all ports. If both port type and port number are specified, the command displays information about the specified port. 【 example 】 !display the configuration information of ethernet 0/0/1 qtech#show interface ethernet 0/0/1 2.1.10 show statistics interface use show statistics interface command...
Page 48
Any mode 【 usage 】 if port type and port number are not specified, the command displays statistic information about all ports. If both port type and port number are specified, the command displays statistic information about the specified port. 【 example 】 !display statustic information of ethernet ...
Page 49
【 command configuration mode 】 interface configuration mode 【 usage 】 use no shutdown command to enable an ethernet port after related parameter and protocol are configured. Disable a port and then enable it when there is a failure, which can recover the port. 【 example 】 !disable ethernet 0/0/1, th...
Page 50
【 parameter 】 10:means the port speed is 10mbps 100:means the port speed is 100mbps 10auto: means the maximum port speed is 10mbps,and duplex mode is auto-negotiation 100auto: means the maximum port speed is 100mbps,and duplex mode is auto-negotiation auto: means both port speed and duplex mode are ...
Page 51
Of half, full duplex and auto-negotiation mode. 100 base fx supports the speed of 100mbps and the duplex mode of full duplex. 【 example 】 !configure the speed of ethernet 0/0/1 to 100mbps qtech(config-if-ethernet-0/0/1)#speed 100 2.1.13 bandwidth-control use bandwidth-control command to control the ...
Page 52
Interface configuration mode 【 usage 】 use this command to restrict the ingress and egress bandwidth-control. 【 example 】 !configure the bandwidth-control of ethernet to be 10mbps qtech(config-if-fastethernet-1)# bandwidth-control ingress 10240 2.1.14 show bandwidth-control use this command to displ...
Page 53
【 example 】 qtech(config)#show bandwidth-control 2.1.15 switchport access use switchport access command to add current port to specified vlan, and the default vlan-id is configured to be the specified vlan. Use no switchport access command to remove current port from specified vlan, except vlan 1, a...
Page 54
【 usage 】 the precondition to use this command is the current port cannot be trunk port and the specified vlan must exist. 【 example 】 !add ethernet 0/0/1 to vlan 2. Vlan 2 exists, and ethernet 0/0/1 is not trunk port. Qtech(config-if-ethernet-0/0/1)#switchport access vlan 2 2.1.16 switchport mode u...
Page 55
【 default 】 default port mode is access port. 【 command configuration mode 】 interface configuration mode 【 usage 】 use switchport mode command to configure a port to be trunk port or access port. If a port configures to be a trunk port, the vlan mode changes untagged into tagged, and if a port conf...
Page 57
Qtech(config-if-ethernet-0/0/1)#switchport trunk allowed vlan 3,4,70-150 2.1.18 switchport trunk native vlan use switchport trunk native vlan command to configure the default vlan-id (pvid) of trunk port. Use no switchport trunk native vlan command to restore the default vlan-id. Switchport trunk na...
Page 58
Command on access port. This command configures a default vlan id for trunk port,and the vlan id must be valid, and the port must be in the vlan. When restoring the default vlan of the port, this port must be in vlan 1, or the configuration fails. 【 example 】 !configure default vlan id of trunk ethe...
Page 59
Access port can send message with tag vlan of this port 【 command configuration mode 】 interface configuration mode 【 usage 】 this command can only be used for access port. In interface configuration mode, configuration only can enable this port to send message with specified tag vlan, this vlan can...
Page 60
2.1.20 show statistics dynamic interface use show statistic dynamic interface command to display the statistic information of all interfaces. Show statistics dynamic interface 【 command configuration mode 】 any configuration mode 【 usage 】 statistic information refreshes automatically every 3 second...
Page 61
【 command configuration mode 】 any configuration mode 【 usage 】 receiving and sending rate and bandwidth utilization rate refresh every 3 seconds. 【 example 】 !display utilization interface of the port qtech#show utilization interface 2.2 interface mirror configuration command interface mirror confi...
Page 62
Use no mirror destination-interface command to remove mirror interface. Mirror destination-interface interface-num no mirror destination-interface interface-num 【 parameter 】 interface-num:means ethernet port. Interface-num is in the form of interface-type + interface-number. Interface-type is ether...
Page 64
Qtech(config)#mirror source-interface ethernet 0/0/1 to ethernet 0/0/12 both 2.2.3 show mirror use show mirror command to display system configuration of current mirror interface, including monitor port and mirrored port list. Show mirror 【 command configuration mode 】 any configuration mode 【 examp...
Page 65
2.3 port car configuration command port car configuration command includes: port-car port-car-open-time port-car-rate show port-car 2.3.1 port-car use port-car command to enable port car of global system or port. Use no port-car command to disable port car of global system or port. Port-car no port-...
Page 66
!enable port-car globally qtech(config)#port-car !enable port-car of ethernet 0/0/8 qtech(config-if-ethernet-0/0/8)#port-car 2.3.2 port-car-open-time use port-car-open-time command to configure the reopen time of the port shutdown by port-car. Use no port-car-open-time command to restore the default...
Page 67
【 command configuration mode 】 global configuration mode 【 example 】 !configure port-car-open-time to be 10 seconds qtech(config)#port-car-open-time 10 2.3.3 port-car-rate use port-car-rate command to configure the port-car-rate. Use no port-car-rate command to restore the default port-car-rate. Por...
Page 68
【 command configuration mode 】 global configuration mode 【 example 】 !configure port-car-rate to be 100 packet/second qtech(config)#port-car-rate 100 2.3.4 show port-car use show port-car command to display port-car information. Show port-car 【 command configuration mode 】 any configuration mode 【 e...
Page 69
Port recover time(second): : 480 port car rate(packet/second): : 300 port car enable port : e0/1,e0/2,e0/3,e0/4,e0/5,e0/6,e0/7,e0/8,e1/1. 2.4 port lacp configuration command port lacp configuration command includes: channel-group channel-group mode channel-group load-balance lacp system-priority lac...
Page 70
Channel-group channel-group-number no channel-group channel-group-number 【 parameter 】 channel-group-number:range from 0 to 5 【 default 】 non 【 command configuration mode 】 global configuration mode 【 example 】 !create channel group 1 qtech(config)#channel-group 1 2.4.2 channel-group mode use channe...
Page 71
No channel-group channel-group-number 【 parameter 】 channel-group-number:range from 0 to 5 【 default 】 non 【 command configuration mode 】 interface /interface group configuration mode 【 example 】 !add ethernet 0/0/3 to channel-group 3 and specify the port to be active mode qtech(config-if-ethernet-0...
Page 73
Use lacp system-priority command to configure lacp system priority. Use no lacp system-priority command to restore default priority. The redundancy influence made by lacp system and port priority shows: lacp providing redundancy system needs guarantee the consistency of the choosing redundancy for c...
Page 74
【 parameter 】 priority: range from 1 to 65535 【 default 】 default priority is 32768 【 command configuration mode 】 global configuration mode 【 example 】 !configure lacp system priority is 40000 qtech(config)#lacp system-priority 40000 2.4.5 lacp port-priority use lacp port-priority command to config...
Page 75
Priority: range from 1 to 65535 【 default 】 default priority is 128 【 command configuration mode 】 interface /interface group configuration mode 【 example 】 !configure lacp port-priority of ethernet 0/0/2 to be 12345 qtech(config-if-ethernet-0/0/2)#lacp port-priority 12345 2.4.6 show lacp sys-id use...
Page 76
【 default 】 non 【 command configuration mode 】 any configuration mode 【 example 】 !display lacp system id qtech(config)#show lacp sys-id 2.4.7 show lacp internal use show lacp interval command to display the information of group members, if the there is no keywords, all groups are displayed. Show la...
Page 77
Non 【 command configuration mode 】 any configuration mode 【 example 】 !such as: qtech#show lacp internal 2.4.8 show lacp neighbor use show lacp neighbor command to display the information of the neighbour port in the group. If there is no keyword, the neighbor ports of all the groups are displayed. ...
Page 78
Non 【 command configuration mode 】 any configuration mode 【 example 】 !such as: qtech#show lacp neighbor 2.5 port alarm configuration command port alarm configuration command includes: alarm all-packets alarm all-packets threshold show alarm all-packets 2.5.1 alarm all-packets use alarm all-packets ...
Page 79
No alarm all-packets 【 default 】 alarm all-packets enable 【 command configuration mode 】 global/interface configuration mode 【 example 】 ! enable global alarm all-packets qtech(config)#alarm all-packets !enable alarm all-packets of ethernet 0/0/8 qtech(config-if-ethernet-0/0/8)#alarm all-packets 2.5...
Page 80
【parameter】 exceed :exceed threshold. 100base ranges from 0 to 100 normal: normal threshold. 100base ranges from 0 to 100 【 default 】 100 base default exceed threshold is 85,normal threshold is 60 【 command configuration mode 】 interface configuration mode 【 usage 】 exceed > normal 【 example 】 !conf...
Page 81
Use show alarm all-packets command to display the information of global alarm all-packets. Show alarm all-packets 【 command configuration mode 】 any configuration mode 【 example 】 !display global alarm all-packets information qtech(config)#show alarm all-packets port alarm global status : enable por...
Page 82
Interface-num:list of ethernet ports to be added to or removed from a vlan. This keyword needed to be provided in the form of interface-type + interface-number. Interface-type is ethernet and interface-number is slot-num/port-num, in which slot-num is in the range of 0 to 2, and port-num is in the r...
Page 83
2-49 qtech(config)#show alarm all-packets interface ethernet 0/0/1 e0/1 port alarm information port alarm status : enable port alarm exceed threshold(mbps) : 85 port alarm normal threshold(mbps) : 60 total entries: 1..
Page 85
Chapter 3 vlan configuration command 3.1 vlan configuration vlan(virtual local area network) configuration includes: description show vlan switchport vlan 3.1.1 description use description command to assign a description string to the current vlan. Use no description command to delete the descriptio...
Page 86
【 command configuration mode 】 vlan configuration mode 【usage】 this command can assign a description to the current vlan. 【example】 !specify the description string of the current vlan as “market” qtech (config-if-vlan)#description market 3.1.2 show vlan use show vlan command to display the informati...
Page 87
【usage】 this command is used to display the information about the specified vlan, including vlan id, vlan description, and member ports. If the vlan with specified keyword exists, this command displays the information of the specified vlan. If no keyword is specified, this command displays the list ...
Page 88
Interface-list:list of ethernet ports to be added to or removed from a vlan. This keyword needed to be provided in the form of interface-type + interface-number. Interface-type is ethernet and interface-number is slot-num/port-num, in which slot-num is in the range of 0 to 2, and port-num is in the ...
Page 89
Other vlan id, or the removing fails. When removing interface from other vlans, if the pvid of the interface is the same as the vlan id, and the interface is also in vlan 1, the removing succeeds, and the pvid of the interface default to 1, or the removing fails 【 example 】 !add ethernet 1, 3, 4, 5,...
Page 91
Vlan will become vlan 1 after using the no vlan command. If the vlan to be removed exists in the multicast group, remove the related multicast group first. 【 example 】 !enter vlan 1 configuration view qtech(config)#vlan 1 3.2 gvrp configuration command gvrp command includes: gvrp show gvrp show gvrp...
Page 92
No gvrp 【 default 】 disable gvrp globally 【 command configuration mode 】 globally configuration mode, ethernet port configuration mode 【usage】 you can enable gvrp only on trunk ports. 【 example 】 !enable gvrp globally qtech(config)#gvrp !enable gvrp on ethernet port 8 qtech(config-if-ethernet-0/0/8)...
Page 93
Show gvrp 【 command configuration mode 】 any configuration mode 【 example 】 !display the information about gvrp globally qtech(config)#show gvrp gvrp state : enable 3.2.3 show gvrp interface use show gvrp interface command to display gvrp information on ethernet port. Show gvrp interface [ interface...
Page 94
Interfaces with the same type can be linked by to keyword, but the port number to the right of the to keyword must be larger than the one to the left of the keyword, and this argument only can be repeated for up to 3 times. 【 command configuration mode 】 any configuration mode 【 usage 】 interface-li...
Page 95
Other switches to learn. Garp permit vlan vlan-list no garp permit vlan [ vlan-list] 【 parameter 】 vlan-list:list of vlans to be entered or to be created and entered. The single vlan is in the range of 1 to 4094. The list is in the form of number, -, such as: 2, 5, 8, 10-20. 【 command configuration ...
Page 96
Show garp permit vlan 【command configuration mode】 global configuration mode 【 example 】 display current static vlan permitted learning by gvrp qtech(config)#show garp permit vlan 3.3 qinq command qinq command includes: dtag dtag mode dtag insert dtag passth-rough vlan-swap show dtag show vlan-swap ...
Page 97
No dtag 【 parameter 】 dtag:this is defaulted static qinq mode and it cannot be configured to ignore tag head of ingress packet. If vlan protocol number is not the same as the port configuration value or the port is configured to ignore tag head, there will be a new tag head between the 12 th and 13 ...
Page 99
Qtech(config-if-ethernet-0/1)#dtag mode customer 3.3.3 dtag insert use this command to configure the vlan tag head added in global qinq. Dtag insert [start vlan of the series vlan] [end vlan of the series vlan] [destination vlan ] no dtag insert [start vlan of the series vlan ] [end vlan of the seri...
Page 100
Qtech(config)dtag insert vlan1 vlan2 vlan3 3.3.4 dtag pass-through use this command to configure transparent transmission of dynamic qinq. Dtag pass-through [start vlan of the series vlan ] [end vlan of the series vlan] no dtag pass-through [start vlan of the series vlan ] [end vlan of the series vl...
Page 101
3.3.5 rewrite-outer-vlan use this command to configure interface outer vlan rewrite. Rewrite-outer-vlan start-inner-vid end-inner-vid [ outer-vlan outer-vid ] new-outer-vlan new-outer-vid no rewrite-outer-vlan start-inner-vid end-inner-vid [ outer-vlan outer-vid ] 【 parameter 】 start-inner-vid : sta...
Page 102
1~50,outer vlan id being 3 and new outer vlan id being 100 qtech(config-if-ethernet-0/1)#rewrite-outer-vlan 1 50 outer-vlan 3 new-outer-vlan 100 3.3.6 vlan-swap configure global vlan swap. Vlan-swap no vlan-swap vlan-swap [source vlanid] [switching vlan id ] 【 parameter 】 source vlanid:the vlan id t...
Page 103
Qtech(config)#vlan-swap vlan1 vlan2 3.3.7 show dtag display the qinq configurationof the switch. Show dtag show dtag insert show dtag pass-through 【 command configuration mode 】 global configuration mode 【example】 !Display the qinq configuration qtech(config)#show dtag display insert vlan of current...
Page 104
3.3.8 show rewrite-outer-vlan use this command to display rewrite-outer-vlan show rewrite-outer-vlan 【 command configuration mode 】 global configuration mode 【 example 】 display rewrite-outer-vlan qtech(config)#show rewrite-outer-vlan 3.3.9 show vlan-swap display vlan-swap of current switch. Show vl...
Page 105
3-21 qtech(config)#show vlan-swap.
Page 107: Command
Chapter 4 multicast protocol configuration command 4.1 static multicast configuration command static multicast configuration command includes: multicast mac-address multicast mac-address vlan interface show multicast 4.1.1 multicast mac-address use multicast mac-address command to create a multicast...
Page 108
Address, such as: 01:00:5e:**:**:** vlan-id:range from 1 to 4094 【 command configuration mode 】 global configuration mode 【 usage 】 to create multicast group, mac address should be multicast group address, and vlan-id must be existed. If there is no parameter in any multicast mac-address command, al...
Page 110
Command, and means all the interfaces of the multicast group in the no multicast mac-address vlan interface command. 【 command configuration mode 】 global configuration mode 【 example 】 !remove ethernet 0/2 from existed multicast group. Qtech(config)#no multicast mac-address 01:00:5e:01:02:03 vlan 1...
Page 111
【 command configuration mode 】 any configuration mode 【 usage 】 if mac-address is not specified, information of the entire multicast group is displayed. 【 example 】 !display the information of multicast group with the mac address to be 01:00:5e:01:02:03 qtech(config)#show multicast mac-address 01:00...
Page 112
Igmp port list dynamic port list total entries: 1. 4.2 igmp snooping and gmrp configuration command and gmrp configuration command includes: gmrp igmp-snooping igmp-snooping host-aging-time igmp-snooping max-response-time igmp-snooping fast-leave igmp-snooping group-limit igmp-snooping permit/deny g...
Page 113
Gmrp no gmrp 【 default 】 gmrp disables globally 【 command configuration mode 】 global configuration mode,interface configuration mode 【 usage 】 gmrp for a port must be enabling in trunk mode 【 example 】 !enable gmrp globally qtech(config)#gmrp !disable the gmrp of ethernet 0/3 qtech(config-if-ethern...
Page 114
Use igmp-snooping command to enable igmp snooping. Use no igmp-snooping command to disable igmp snooping. Igmp-snooping no igmp-snooping 【 default 】 igmp snooping disable 【 command configuration mode 】 global configuration mode 【 example 】 !enable igmp snooping qtech (config)#igmp-snooping 4.2.3 igm...
Page 115
Igmp-snooping host-aging-time seconds no igmp-snooping host-aging-time 【 command configuration mode 】 global configuration mode 【 parameter 】 seconds:range from 10 to 1000000 seconds 【 example 】 !configure host-aging-time of the dynamic multicast group learnt by igmp-snooping to be 10 seconds qtech(...
Page 116
【 command configuration mode 】 global configuration mode 【 parameter 】 seconds : range from 1 to 100 seconds. The default time is 10 seconds 【 usage 】 this command is effective when fast leave disables 【 example 】 ! configure the max-response-time of igmp-snooping is 99 seconds qtech(config)#igmp-sn...
Page 117
【 command configuration mode 】 interface configuration mode 【 default 】 fast-leave disables 【 example 】 !enable igmp-snooping fast-leave qtech(config-if-ethernet-0/1)#igmp-snooping fast-leave 4.2.6 igmp-snooping group-limit use igmp-snooping group-limit command to configure the number of the multica...
Page 118
【 example 】 ! configure the igmp-snooping group-limit to be 99 qtech(config-if-ethernet-0/1)#igmp-snooping group-limit 99 4.2.7 igmp-snooping permit/deny group use igmp-snooping permit/deny group command to configure the permit and deny group, and the learning regulations of the group which is not p...
Page 119
!configure the learning regulation of default group to allow all multicast group qtech(config)#igmp-snooping permit group all !configure ethernet 0/3 not to learn multicast 01:00:5e:00:01:01 qtech(config-if-ethernet-0/3)#igmp-snooping deny group 01:00:5e:00:01:01 4.2.8 igmp-snooping route-port forwa...
Page 120
! enable igmp-snooping route-port forward qtech(config)#igmp-snooping route-port forward 4.2.9 show gmrp use show gmrp command to display gmrp globally. Show gmrp 【 command configuration mode 】 any configuration mode 【 example 】 !display gmrp information globally qtech(config)#show gmrp gmrp state :...
Page 121
Interface-list:list of ethernet ports to be added to or removed from a vlan. This keyword needed to be provided in the form of interface-type + interface-number. Interface-type is ethernet and interface-number is slot-num/port-num, in which slot-num is in the range of 0 to 2, and port-num is in the ...
Page 122
Qtech(config)#show gmrp interface ethernet 0/1 to ethernet 0/3 ethernet 2/1 port gmrp status e0/1 enable e0/2 enable e0/3 enable e2/1 enable total entries: 4 4.2.11 garp permit multicast mac-address use garp permit multicast mac-address command to add configured static multicast group to gmrp to be ...
Page 123
【 command configuration mode 】 global configuration mode 【 example 】 ! Add multicast group 01:00:5e:00:01:01 vlan 1 to gmrp qtech(config)#garp permit multicast mac-address 01:00:5e:00:01:01 vlan 1 4.2.12 show garp permit multicast use show garp permit multicast command to display static multicast gr...
Page 124
4.2.13 show igmp-snooping use show igmp-snooping command to display the information of igmp snooping show igmp-snooping 【 command configuration mode 】 any configuration mode 【 example 】 !display igmp snooping information qtech(config)#show igmp-snooping 4.2.14 igmp-snooping route-port vlan vlanid in...
Page 125
Vlanid:id of existed vlan (between 1~4094) interface-list:list of ethernet ports to be added to or removed from a vlan. This keyword needed to be provided in the form of interface-type + interface-number. Interface-type is ethernet and interface-number is slot-num/port-num, in which slot-num is in t...
Page 126
Igmp-snooping route-port vlan 2 interface ethernet 0/1 4.2.15 no igmp-snooping router-port-age configure the aging of route port. It is defaulted to be aging. No igmp-snooping router-port-age igmp-snooping router-port-age 【 command configuration mode 】 any configuration mode 【 usage 】 it is defaulte...
Page 127
Configure igmp query source ip to demonstrate the destination ip to response to. It is defaulted to be 0.0.0.0 igmp-snooping general-query source-ip ipaddress no igmp-snooping general-query source-ip ipaddress 【 command configuration mode 】 any configuration mode 【 parameter 】 ipaddress :ip address ...
Page 128
Igmp-snooping query-max-respon second no igmp-snooping query-max-respon 【 command configuration mode 】 any configuration mode 【 parameter 】 seconds:1-255 which is used for max response time of igmp query packet. 【 example 】 !configure the max response after receiving query to be 150 qtech(config)# i...
Page 129
【 parameter 】 vlanid:id of existed vlan (between 1~4094) 【 command configuration mode 】 any configuration mode 【 example 】 !configure querier sending query to vlan 10 qtech(config)# igmp-snooping querier-vlan 10 4.2.19 igmp-snooping query-interval seconds configure interval of sending igmp query. It...
Page 130
【 parameter 】 seconds:1-30000s 【 example 】 !configure interval of sending igmp query to be 90s qtech(config)# igmp-snooping querier 90 4.2.20 igmp-snooping querier enable or disable querier sending igmp query packet. It is defaulted not to send. Igmp-snooping querier no igmp-snooping querier 【 comma...
Page 133
Interface configuration mode 【 example 】 !configure interface 3 to add tag head when transmitting multicast packet and vlanid to be 5 qtech(config-if-ethernet-0/5)#cross-vlan multicast tag vlan 5 4.3.3 show cross-vlan multicast use this command to display cross vlan configuration and specified inter...
Page 134
If interface is not specified, display cross vlan globally. 【 example 】 !display configuration of cross vlan multicast of e0/1 qtech(config)#show cross-vlan multicast interface ethernet 0/1 cross-vlan multicast : enabled. Port tag vlanid 0/1 false 0 total [1] item(s), printed [1] item(s). 4-28.
Page 136
Use absolute command to create absolute time range. Use no absolute command to delete the configuration of absolute time range. Absolute [ start time date ] [ end time date ] no absolute [ start time date ] [ end time date ] 【 parameter 】 start time date :optional choice. Configure the start absolut...
Page 137
【 usage 】 absolute time range can determine a large scale of effective time and restrict the time range of periodic time. Each time period can define 12 absolute time range. In the period of configuring absolute time and periodic time, only when the absolute time range is satisfied, periodic time ra...
Page 138
Qtech(config-timerange-tm2)#absolute end 22:00 12-10-2000 qtech(config-timerange-tm2)#exit !the following time range will be effective from 14:00 to 16:00 in each weekend from 20:00 december 31, 1999 to 20:00 december 10, 2000.(the configuration of periodic time range refers to periodic command.) qt...
Page 140
The same time, but the action of each accessing control list should not be conflict, if there is conflict (such as one is permit, the other is deny), the activation fails. 【 command configuration mode 】 global configuration mode 【example】 !activate accessing control list 1 and 200 at the same time. ...
Page 142
Access-list-number4:user-defined acl rules in the range of 300~399 permit:permit the packet which satisfied the condition passing. Deny:deny the packet which satisfied the condition passing. Time-range time-range-name :the name of time range whichh is optional parameter, and it will be efective in t...
Page 143
Numbers is in the range of 1~255;the name of names is in the range of icmp, igmp, tcp, udp, gre, ospf and ipinip. This parameter is used in extended acl. Established:means this rule is effective to the first syn packet after the successful connection of tcp. This is the optional parameter which appe...
Page 145
Tos tos :optional parameter which can be categoried according to tos, it is number or name which is in the range of 0~15. This parameter can be used in extended acl. [ cos vlan-pri ]: 802.1p priority which is in the range of 0~7. This parameter can be used in layer 2 acl. Ingress { { [ source-vlan-i...
Page 146
Means destination mac address and destination mac address wildcard. These two parametes can determine the range of destination mac address range, such as: when dest-mac-wildcard is 0:0:0:0:ff:ff,user is interested in the first 32 bit of source mac address (that is the bit position corresponded to th...
Page 147
Name of layer 2 interface, interface-num means one interface, cpu means cpu interface. This parameter can be used in user-determined acl. Instructions: followings are the parameter of no command. All:means all accessing list will be deleted (including number id and name id). Access-list-number:the a...
Page 148
【example】 !configure acl 1 to deny the packet with the source ip to be 192.168.3.1 qtech(config)#access-list 1 deny 192.168.3.1 0 !configure acl 100 to deny packet with the 0xff of tcp source port number to be 0 qtech(config)# access-list 100 deny tcp any 0 0xff any 5.1.4 access-list extended use ac...
Page 149
Config:means the configuration order of user when matching acl. Auto:means the configuration order of deep precedency when matching acl. Instruction: followings are the parameters of no command. All:means all accessing list will be deleted (including number id and name id). Access-list-number:the ac...
Page 151
!create an extended acl with the name to be example and specify the order to be deep precedency. Qtech(config)#access-list extended example match-order auto 5.1.5 access-list link use access-list link command to create a layer 2 acl with a name id and enter layer 2 acl configuration mode. Use no acc...
Page 152
Followings are the parameters of no command. All:means all accessing list will be deleted (including number id and name id). Access-list-number:the acl number to be deleted which is a number between 1~399 name access-list-name:the acl name to be deleted which is character string parameter with initi...
Page 155
Category rules of each subitem is different, and if a packet can match many rules, there must be a matching order. Use this command to specify the matching order, whether it is according to user configuration or deep precedency (precedent to match the rule with the small range). If it is not specifi...
Page 156
Subitem ] } 【 parameter 】 name : character string parameter with initial english letters (that is [a-z,a-z]) with any kind, excluding space and quotation mark; all、any are not allowed. Config:means the configuration order of user when matching acl. Auto:means the configuration order of deep preceden...
Page 157
Deletedinthe list. It is in the range of 0~127. If it is unspecified, all subitems will be deleted. 【 default 】 the default order is config order. 【 command configuration mode 】 global configuration mode 【 usage 】 this command creates a standard acl with the name of “name”. After entering the standa...
Page 158
Order. Once user specifies the matching order of an acl, it cannot be changed, unless delete all subitems of this acl before respecify the order. 【 example 】 !create a standard acl with the name to be example and specify the order to be deep precedency. Qtech(config)#access-list standard example mat...
Page 159
Config:means the configuration order of user when matching acl. Auto:means the configuration order of deep precedency when matching acl. Instruction: followings are the parameters of no command. All:means all accessing list will be deleted (including number id and name id). Access-list-number:the ac...
Page 163
Packet will ignore this rule. This parameter is used in standard or extended acl. Protocol:the protocol with the name of numbers and names. The name of numbers is in the range of 1~255;the name of names is in the range of icmp, igmp, tcp, udp, gre, ospf and ipinip. This parameter is used in extended...
Page 165
Dscp dscp :optional parameter which can be categoried according to dscp, it is number or name which is in the range of 0~63. This parameter can be used in extended acl. Tos tos :optional parameter which can be categoried according to tos, it is number or name which is in the range of 0~15. This para...
Page 167
Character string distilled from packet with rule-string defined by user itself to find the matched packet before handling. & means at most 20 rules can be defined. Ingress interface interface-num 、egress interface interface-num :the name of layer 2 interface, interface-num means one interface, cpu m...
Page 168
【 parameter 】 acl configuration mode (including 5 configuration modes as: standard, extended, layer 2, interface, user-defined) 【 parameter 】 entering acl configuration mode, user this command to establish an acl subitem. This command can be used repeatedly. Establish many subitems for an acl. There...
Page 169
Config acl subitem successfully! Qtech(config-std-nacl-example)# 5.1.10 periodic use periodic command to create periodic time range. Use no periodic command to delete periodic time range. Periodic days-of-the-week hh:mm:ss to [ day-of-the-week ] hh:mm:ss no periodic days-of-the-week hh:mm:ss to [ da...
Page 170
Friday); weekend(the time for rest, including saturday and sunday); daily(special character string which means all days, including 7 days of a week)。 day-of-the-week behind to:means the time period will not be effected in the day of week. It defines a time range with the day-of-the-week before to. T...
Page 171
The effective time of periodic time range is a week. According to the configuration, there are different expression, such as:the configuration of 8:00 to 18:00 in every weekday is: qtech(config-timerange-test)#periodic weekdays 8:00 to 18:00 or: qtech(config-timerange-test)#periodic monday tuesday w...
Page 172
!the time range is effective in 8:00 to 18:00 every day qtech(config)#time-range all_day qtech(config-timerange-all_day)#periodic daily 8:00 to 18:00 qtech(config-timerange-all_day)#exit !the time range is effective in 8:00 to 18:00 from every monday to friday qtech(config)#time-range 1to5 qtech(con...
Page 175
5.1.12 show access-list config statistic use show access-list config statistic command to display statistics information of acl. Show access-list config statistic 【 command configuration mode 】 any configuration mode 【 example 】 !display statistics information of acl. Qtech(config)#show access-list ...
Page 177
【 command configuration mode 】 any configuration mode 【 usage 】 this command is used to display acl runtime application information which includes acl name, subitem name and deliver status. If acl subitem has been delivered to hardware, the priority of acl subitem will be diaplayed. Priority value i...
Page 178
Displayed as 8,/,/,/,/,/,/,/,/,/,/,/ 【 example 】 !display runtime application of acl of all interfaces. Qtech#show access-list runtime all access-list std1 subitem 0 running (2,2,2,2,2,2,2,2,2,2,2,2) access-list std1 subitem 1 running (3,3,3,3,3,3,3,3,3,3,3,3) 5.1.14 show access-list runtime statist...
Page 179
Qtech(config)#show access-list runtime statistic access-list 1 access-list 200 : 1 rules access-list 2 : 2 rules access-list 202 : 2 rules access-list 10 access-list 210 : 1 rules access-list 11 access-list 210 : 1 rules access-list 12 access-list 210 : 1 rules total runtime rules : 8 rules 5.1.15 s...
Page 180
Time-range-name:the name of time range with initial english letters (that is [a-z,a-z]) with any kind which is in the range of 1 to 32 characters. 【 command configuration mode 】 any configuration mode 【 usage 】 show time-range command is used to display the configuration and status of current time p...
Page 181
Qtech(config)#show time-range name tm1 !Display statistic information of all time range: qtech(config)#show time-range statistic 5.1.16 time-range use time-range command to enter time-range configuration mode. Use no time-range command to delete configured time range. Time-range time-range-name no t...
Page 182
5-76 qtech(config)#time-range tm1 qtech(config-timerange-tm1)#.
Page 183
Chapter 6 qos configuration command 6.1 qos configuration command qos configuration command includes: queue-scheduler queue-scheduler cos-map show queue-scheduler show queue-scheduler cos-map 6.1.1 queue-scheduler use queue-scheduler command to configure queue-scheduler mode and parameter. Use no qu...
Page 184
Queue 1, that is the percentage of bandwidth of distribution;queue2-weight: means the weight of the queue 2, that is the percentage of bandwidth distribution; queue3-weight:means the weight of the queue 3, that is the percentage of bandwidth distribution. Wrr queue1-weight queue2-weight queue3-weigh...
Page 185
【 example 】 !configure queue-scheduler to be weighted round robin, and 4 weights to be 1, 3, 6, 9 qtech(config)#queue-scheduler wrr 1 3 6 9 6.1.2 queue-scheduler cos-map use queue-scheduler cos-map command to configure 4 queue numbers and cos-map to 8 packed-priority of ieee802.1p. Queue-scheduler c...
Page 186
Packed-priority: 0 0 1 1 2 2 3 3 【 command configuration mode 】 global configuration mode 【 usage 】 there are 4 default packed-priorities from 0 to 3. 3 is superlative. The superlative data in the buffer is preferential to send. 【example】 !configure packed-priority 1 to mapped priority 6 of ieee 802...
Page 187
Any configuration mode 【 example 】 !display the mode and parameter of the queue-scheduler qtech#show queue-scheduler queue scheduling mode: strict-priority 6.1.4 show queue-scheduler cos-map use show queue-scheduler cos-map command to display the queue-scheduler cos-map. Show queue-scheduler cos-map...
Page 189
Global configuration mode 【 example 】 !add ethernet 0/1, ethernet 0/3, ethernet 0/4, ethernet 0/5, ethernet 0/8 to be descendentisolation port. Qtech(config)#port-isolation ethernet 0/1 ethernet 0/3 to ethernet 0/5 ethernet 0/8 !remove ethernet 0/3, ethernet 0/4, ethernet 0/5, ethernet 0/8 from down...
Page 190
!display port-isolation information qtech(config)#show port-isolation 6.1.7 storm-control use storm-control command to configure broadcast/known multicast/unknown unicast/unknown multicast storm-control. Use show interface command to display storm-control information. Storm-control rate target-rate ...
Page 191
6-9 interface configuration mode 【 example 】 !configure storm-control rate of ethernet 0/5 to be 1mbps,and enable broadcast strom-control qtech(config-if-ethernet-0/5)#storm-control rate 1024 qtech(config-if-ethernet-0/5)#storm-control broadcast.
Page 193
Chapter 7 stp configuration command 7.1 stp configuration command stp(spanning tree protocol)configuration command includes: show spanning-tree interface spanning-tree spanning-tree cost spanning-tree forward-time spanning-tree hello-time spanning-tree max-age spanning-tree port-priority spanning-tr...
Page 194
Show spanning-tree interface [ interface-list ] show spanning-tree interface [ interface-list ] 【 parameter 】 interface-list:list of ethernet ports to be added to or removed from a vlan. This keyword needed to be provided in the form of interface-type + interface-number. Interface-type is ethernet a...
Page 195
【 example 】 !display the information of spanning-tree qtech#show spanning-tree interface ethernet 0/7 7.1.2 spanning-tree use spanning-tree command to enable stp globally or on a port. Use no spanning-tree command disable stp globally or on a port. Spanning-tree no spanning-tree 【 default 】 stp is e...
Page 196
Qtech(config)#spanning-tree !disable stp on ethernet 0/8 qtech(config-if-ethernet-0/8)#no spanning-tree 7.1.3 spanning-tree cost use spanning-tree cost command to configure the path cost of the current port in a specified spanning tree. Use no spanning-tree cost command to restore to the default pat...
Page 197
Interface configuration mode 【 usage 】 default cost is suggested to use. 【 example 】 !configure path cost of ethernet 0/8 to 20 qtech(config-if-ethernet-0/8)#spanning-tree cost 20 7.1.4 spanning-tree forward-time use spanning-tree forward-time command to configure the forward delay of the switch. Us...
Page 198
【 default 】 the default forward delay is 15 seconds 【 command configuration mode 】 global configuration mode 【 usage 】 when this switch is the root bridge, port state transition period is the forward delay time, which is determined by the diameter of the switched network. The longer the diameter is,...
Page 199
Use spanning-tree hello-time coammand to configure the hello time of the switch. Use no spanning-tree hello-time command to restore to the default hello time. Spanning-tree hello-time seconds no spanning-tree hello-time 【 parameter 】 seconds:hello time in seconds to be configured. This keyword range...
Page 200
Caution : hello time ≤ forwarddelay – 2 . 【 example 】 !configure hello time to 8 seconds qtech(config)#spanning-tree hello-time 8 7.1.6 spanning-tree max-age use spanning-tree max-age command to configure max age of the switch. Use no spanning-tree max-age command to restore to the default max age. ...
Page 201
Global configuration mode 【 usage 】 max age is used to configure the longest aging interval of stp. Dropping message when overtiming. The stp will be frequently accounts and take crowded network to be link fault, if the value is too small. If the value is too large, the link fault cannot be known ti...
Page 202
Spanning tree. Spanning-tree port-priority port-priority no spanning-tree port-priority 【 parameter 】 port-priority:configure the port priority. It ranges from 0 to 255 【 default 】 the default port priority of a port in any spanning tree is 128 【 command configuration mode 】 interface configuration ...
Page 203
Qtech(config-if-ethernet-0/1)#spanning-tree port-priority 64 7.1.8 spanning-tree mcheck when operation rstp protocol, and port is in the compatible mode. Use spanning-tree mcheck command to force the port sent rstp message. Spanning-tree mcheck 【 command configuration mode 】 interface configuration ...
Page 204
【 parameter 】 auto:network bridge auto-detect whether or not the link connected to the current ethernet port is a point-to-point link. Forcefalse:specifies that the link connected to the current ethernet port is not a point-to-point link. Forcetrue: specifies that the link connected to the current e...
Page 205
7.1.10 spanning-tree portfast use spanning-tree portfast command to configure the current port as an edge port. Spanning-tree portfast no spanning-tree portfast 【 default 】 all ethernet ports of a switch are non-edge ports. 【 command configuration mode 】 interface configuration mode 【 usage 】 edge p...
Page 206
7.1.11 spanning-tree transit-limit use spanning-tree transit-limit command to configure the maximum number of configuration bpdus the current port can transmit in each hello time. Spanning-tree transit-limit max-bpdus no spanning-tree transit-limit 【 parameter 】 max-bpdus:the number of bpdu ranges f...
Page 207
7.1.12 spanning-tree priority use spanning-tree priority command to configure the priority of the switch in the specified spanning tree. Use no spanning-tree priority command to restore to the default priority in the specified spanning tree. Spanning-tree priority bridge-priority no spanning-tree pr...
Page 209
Global configuration mode 【 example 】 !configure the switch to operation in stp-compatible mode qtech(config)#spanning-tree mode stp 7.1.14 spanning-tree remote-loop-detect use spanning-tree remote-loop-detect command to enable remote loop detect. Use no spanning-tree remote-loop-detect command to d...
Page 210
!enable spanning-tree remote-loop-detect interface of ethernet 0/1, and ethernet 0/3 qtech(config)#spanning-tree remote-loop-detect interface ethernet 0/1 ethernet 0/3 !disable remote-loop-detect of ethernet 0/1 qtech(config-if-ethernet-0/1)#no spanning-tree remote-loop-detect 7.1.15 clear spanning-...
Page 211
But the port number to the right of the to keyword must be larger than the one to the left of the keyword, and this argument only can be repeated for up to 3 times. 【 command configuration mode 】 global configuration mode 【 example 】 !clear spanning-tree information qtech(config)#clear spanning-tree...
Page 212
Spanning-tree mst link-type spanning-tree mst external cost spanning-tree mst instance cost spanning-tree mst instance port-priority show spanning-tree mst config-id show spanning-tree mst instance interface following commands: spanning-tree mst forward-time; spanning-tree mst hello-time; spanning-t...
Page 213
Spanning-tree portfast; spanning-tree point-to-point 7.2.1 spanning-tree mst max-hops use this command to configure max hop of mstp packet. Spanning-tree mst max-hops max-hops no spanning-tree mst max-hops 【 parameter 】 max-hops:hops of mstp packet which is in the range of 0-255. 【 default 】 it is d...
Page 214
Qtech(config)#spanning-tree mst max-hops 10 7.2.2 spanning-tree mst name use this command to configure name of mstp configuring mark. Spanning-tree mst name name no spanning-tree mst name 【 parameter 】 name:region name of mstp which is a part of mstp configuring mark is acharacter string of 32 bits....
Page 215
7.2.3 spanning-tree mst revision use this command to configure revision level of mstp. Spanning-tree mst revision revision-level no spanning-tree mst revision 【 parameter 】 revision-level:mstp revision level which is one of mstp and it is the integer number between 0 to 65535. 【 default 】 the defaul...
Page 216
Use spanning-tree mst instance command to configure the mapping relations between mstp instance and vlan. Spanning-tree mst instance instance-num vlan vlan-list no spanning-tree mst instance instance-num vlan vlan-list 【 parameter 】 instance-num:mstp instance number which is in the range of 1-15 vla...
Page 217
Qtech(config)#spanning-tree mst instance 2 vlan 2-7 7.2.5 spanning-tree mst instance instance-num priority use spanning-tree mst instance command to configure the priority of networkbridge in some mstp instance. Spanning-tree mst instance instance-num priority priority no spanning-tree mst instance ...
Page 218
!configure the priority of network bridge in instance 2 is 4096 qtech(config)#spanning-tree mst instance 2 priority 4096 7.2.6 spanning-tree mst external cost use spanning-tree mst external cost command to configure external cost of port. Spanning-tree mst external cost external-cost no spanning-tre...
Page 219
Qtech(config-if-ethernet-0/0/2)#spanning-tree mst external cost 200 7.2.7 spanning-tree mst instance cost use spanning-tree mst instance command to configure cost for port in each instance. Spanning-tree mst instance instance-num cost cost no spanning-tree mst instance instance-num cost 【 parameter ...
Page 220
!configure the cost for port 2 in instance 1 to be 200 qtech(config-if-ethernet-0/0/2)#spanning-tree mst instance 1 cost 200 7.2.8 spanning-tree mst instance port-priority use spanning-tree mst instance port-priority command to configure the priority of port in stp instance. Spanning-tree mst instan...
Page 221
!configure the priority of port 2 in instance 1 to be 16 qtech(config-if-ethernet-0/0/2)#spanning-tree mst instance 1 port-priority 16 7.2.9 show spanning-tree mst config-id use show spanning-tree mst config-id command to display mstp config-id. Mstp config-id includes: mstp revision level, mstp con...
Page 222
Show spanning-tree mst instance instance-num interface [interface-list ] 【 parameter 】 interface-num : list of ethernet ports to be added to or removed from a vlan. This keyword needed to be provided in the form of interface-type + interface-number. Interface-type is ethernet and interface-number is...
Page 223
7-31 no spanning-tree mst config-digest-snooping 【 default 】 disable 【 command configuration mode 】 interface configuration mode 【 example 】 !enable digest snooping of e0/0/1 qtech(config-if-ethernet-0/1)#spanning-tree mst config-digest-snooping.
Page 225
Chapter 8 802.1x configuration command 8.1 domain configuration command domainn configuration command includes: aaa access-limit default domain-name enable domain show domain radius host state 8.1.1 aaa use aaa command to enter aaa configuration mode aaa 【 command configuration mode 】 8-1.
Page 226
Global configuration mode 【 usage 】 enter aaa configuration mode to do related configuration 【 example 】 !enter aaa configuration mode qtech(config)#aaa qtech(config-aaa)# 8.1.2 access-limit use access-limit enable command to configure the maximum number of access user that can be contained in curre...
Page 227
【 default 】 disable,means no limitation 【 command configuration mode 】 domain configuration mode 【 usage 】 a domain can limit the maximum number of access user that can be contained in current domain. The related link with the domain is the domain name of the authenticate username must be the curren...
Page 228
!configure the maximum number of access user that can be contained in domain red.Com to 500 qtech(config-aaa-red.Com)#access-limit enable 500 8.1.3 default domain-name enbale use default domain-name enable command to configure a existed domain to be default domain. If the domain doesn’t exist, the c...
Page 229
Message, if the username goes without the domain name. After the default domain name is enabling, switch will add @ and default domain name to a username wothout a domain name to authenticate. To configure a default domain which must be existed, or the configuration fails. 【 example 】 !configure def...
Page 230
No domain domain-name 【 parameter 】 domain-name: the name of the domain ranges from 1 to 24 charaters, no difference in upper-case type and lower case letters, and without space. 【 command configuration mode 】 aaa configuration mode 【 usage 】 enter domain configuratuin mode to configure authtication...
Page 231
!create domain with the name of red.Com qtech(config-aaa)#domain red.Com qtech(config-aaa-red.Com)# !remove domain with the name of red.Com qtech(config-aaa)#no domain red.Com 【 related command 】 radius host, state 8.1.5 show domain use show domain command to display the configuration of the domain,...
Page 232
Any configuration mode 【 example 】 !display the configuration of red.Com qtech(config-aaa-red.Com)#show domain 8.1.6 radius host use radius host command to configure radius authtication and accounting. Radius host radius-scheme 【 parameter 】 radius-scheme: the name of radius authentication and accou...
Page 234
Domain configuration mode 【 usage 】 use state active command to activate domain before used. 【 example 】 !activate red.Com qtech(config-aaa-red.Com)#state active 【 related command 】 domain 8.2 radius server configuration command radius server configuration command includes: client-ip primary-ip radi...
Page 235
Realtime-account second-ip secret-key show radius host username-format 8.2.1 client-ip use this command to configure client ip of current radius server. Use the no command to remove the client ip. Client-ip client-ip no client-ip 【 parameter 】 client-ip:client ip address 【 default 】 it is defaulted ...
Page 236
Radius configuration mode 【 example 】 !configure radius client ip address to be 192.168.0.100 qtech(config-aaa-radius-red)#client-ip 192.168.0.100 !remove radius client ip address qtech(config-aaa-radius-red)#no client-ip 【 related command 】 radius host 8.2.2 primary-ip use this command to configure...
Page 237
Server-ip:primary ip address of radius server authentication-port:authentication port which is in the range of 1~65535 accounting-port:accounting port which is in the range of 1~65535 【 default 】 the default authentication port is 1812 and accounting port is 1813. 【 command configuration mode 】 radi...
Page 238
【 related command 】 radius host,second-ip 8.2.3 radius host use radius host command to create or choose a radius server for current domain. If radius server exists, enter it. Use the no command to remove radius server specified by radius-scheme. Radius host radius-scheme no radius radius-scheme 【 pa...
Page 239
Qtech(config-aaa)#radius host myscheme qtech(config-aaa-radius-myscheme)# 【 related command 】 radius host 8.2.4 realtime-account use realtime-account command to configure the real-time account, and the accounting interval. Use no realtime-account command to disable the real-time account. Realtime-ac...
Page 240
Radius configuration mode 【 example 】 !configure the real-time accounting interval of the radius server to be 30 minutes qtech(config-aaa-radius-red)#realtime-account interval 30 !disable the real-time accounting qtech(config-aaa-radius-red)#no realtime-account 8.2.5 second-ip use this command to co...
Page 241
Accounting-port:accounting port which is in the range of 1~65535 【 default 】 by default, the authentication port is 1812 and accounting port is 1813. 【 command configuration mode 】 radius configuration mode 【 example 】 !configure the second ip address of radius server red to be 192.168.0.200, authen...
Page 242
Use secret-key command to configure a shared key for the radius server. Use no secret-key command to restore the default shared key. Secret-key key-string no secret-key 【 parameter 】 key-string:shared key of 1 to 16 characters of strings 【 default 】 the default key is switch 【 command configuration ...
Page 243
!configure the shared key for the radius server with the name of red to be 12345 qtech(config-aaa-radius-red)#secret-key 12345 【 related command 】 radius host 8.2.7 show radius host use show radius host command to display radius server information, such as: primary ip address, second ip address, aut...
Page 244
【 example 】 !display radius server information qtech(config-aaa-radius-default)#show radius host 8.2.8 username-format use username-format command to configure the format of the usernames to be sent to radius servers. Username-format with-domain username-format without-domain 【 parameter 】 with-doma...
Page 245
【 usage 】 in application, some radius servers support username with domain name, butsome not, so according to the real situation to configure the radius server. 【 example 】 !configure the username sent to the radius server with the name of red not to carry domain name. Qtech(config-aaa-radius-red)#u...
Page 246
Dot1x eap-transfer dot1x max-user dot1x port-control dot1x re-authenticate dot1x re-authentication dot1x timeout re-authperiod dot1x user cut show dot1x show dot1x daemon show dot1x interface show dot1x session 8.3.1 dot1x use dot1x command to enable 802.1x. Use no dot1x command to disable 802.1x. D...
Page 247
【 default 】 802.1x disables 【 command configuration mode 】 global configuration mode 【 usage 】 802.1x configuration can be effective only after 802.1x is enable. Some command can be used after 802.1x enables. 【 example 】 !enable 802.1x qtech(config)#dot1x !disable 802.1x qtech(config)#no dot1x 8.3.2...
Page 248
Sending period. Dot1x daemon [ time time-value ] [interface interface-list] no dot1x daemon 【 parameter 】 time-value:the intervals of 802.1x daemon sending ranges from 10 to 600 seconds. Interface-list:list of ethernet ports to be added to or removed from a vlan. This keyword needed to be provided i...
Page 249
Send daemon is 60seconds. 【 command configuration mode 】 interface configuration mode, global configuration mode 【 usage 】 this command is effective after 802.1x enables. After 802.1x enables, configure according to the real situation. 【 example 】 !enable dot1x daemon on ethernet 0/5 with the period...
Page 250
!restore the default dot1x daemon configuration of ethernet 0/5 globally qtech(config)#no dot1x daemon interface ethernet 0/5 8.3.3 dot1x eap-finish after using dot1x eap-transfer command, 802.1 authentication message encapsulated by eap frame from user is sent to radius server after transfering to ...
Page 251
Radius server authentication message receiving way, authentication fails. 【 example 】 !configure authentication message tramsitting to be eap-finish qtech(config)#dot1x eap-finish 【 related command 】 dot1x eap-transfer 8.3.4 dot1x eap-transfer after using dot1x eap-transfer command, 802.1 authentica...
Page 252
Global configuration mode 【 usage 】 choose dot1x eap-finish or dot1x eap-transfer command according to radius server configuration. If authentication message transmitting way is different from radius server authentication message receiving way, authentication fails. 【 example 】 !configure authentica...
Page 253
No dot1x max-user 【 parameter 】 host-num:the integer between 1 and 16 【 default 】 the max-user of 100m ethernet port is 16 【 command configuration mode 】 interface configuration mode or global configuration mode 【 usage 】 this command is effective after 802.1x authentication. After 802.1x enables, m...
Page 254
!configure the max-user of ethernet 0/5 is 10 globally qtech(config)#dot1x max-user 10 interface ethernet 0/5 !restore the default max-user of ethernet 0/5 in interface configuration mode qtech(config-if-fastethernet-5)#no dot1x max-user !restore the default max-user of ethernet 0/5 globally qtech(c...
Page 255
Get the resource from the lan without authentication. Forceunauthorized:means forcing unauthorization. User of this type of interface cannot get the resource from the lan. 【 default 】 port control mode is auto by default. 【 command configuration mode 】 interface configuration mode or global configur...
Page 256
【 example 】 !ethernet 0/5 is radius server port. Configure port-control mode of ethernet 0/5 to be forceauthorized in interface configuration mode qtech(config-if-ethernet-0/5)#dot1x port-control forceauthorized !configure port-control mode of ethernet 0/5 to be forceauthorized globally. Qtech(confi...
Page 257
This command is effective after 802.1x authentication. 802.1x re-authenticate only supports the message transmitting way of dot1x eap-transfer. 【 example 】 !re-authenticate ethernet 0/5 in interface configuration mode qtech(config-if-ethernet-0/5)#dot1x re-authenticate !re-authenticate ethernet 0/5 ...
Page 258
【 command configuration mode 】 interface configuration mode, global configuration mode 【 usage 】 this command is effective after 802.1x authentication enables. 802.1x authentication only supports the message sending of dot1x eap-transfer. 【 example 】 !enable re-authentication of ethernet 0/5 qtech(c...
Page 259
Re-authperiod. Dot1x timeout re-authperiod seconds [ interface interface-num ] no dot1x timeout re-authperiod [ interface interface-num ] 【 parameter 】 seconds: 802.1x re-authperiod ranges from 1 to 65535 seconds interface-num:optional interface number 【 default 】 the default 802.1x re-authperiod is...
Page 260
【 example 】 !configure 802.1x re-authperiod of ethernet 0/3 to be 1800 qtech(config)#dot1x timeout re-authperiod 1800 interface ethernet 0/3 !restore all the re-authperiod to the default of 802.1x re-authperiod qtech(config)#no dot1x timeout re-authperiod 8.3.10 dot1x user cut use dot1x user cut com...
Page 261
【 example 】 !remove user with username of aaa@qtech.Com qtech(config)#dot1x user cut username aaa@qtech.Com 8.3.11 show dot1x use show dot1x command to display 802.1x authentication information, such as: 802.1x authentication is enable or not, which authentication is used. Show dot1x 【 command confi...
Page 262
8.3.12 show dot1x daemon use show dot1x daemon command to display 802.1x daemon configuration. Show dot1x daemon [ interface interface-num ] 【 parameter 】 interface-num:optioned interface number 【 command configuration mode 】 any configuration mode 【 example 】 !display the 802.1x daemon of all the p...
Page 263
Interface-num:optioned interface number 【 command configuration mode 】 any configuration mode 【 usage 】 use this command to display related information before configuration. Use show command to display the changes. 【 example 】 !display port-control, re-authentication, re-authperiod and max-user conf...
Page 264
8-40 【 parameter 】 interface-num:the interface number mac:the optioned mac-address 【 command configuration mode 】 any configuration mode 【 usage 】 use this command to display and detect the information of onlined user 【 example 】 !display all the onlined authentication users qtech(config)#show dot1x...
Page 265: Command
Chapter 9 sntp client configuration command 9.1 sntp client configuration command list sntp client configuration command includes: show sntp client sntp client sntp client authenticate sntp client authentication-key sntp client broadcastdelay sntp client mode sntp client multicast ttl sntp client po...
Page 266
Show sntp client 【command configuration mode 】 any configuration mode 【example】 !display the information about sntp client configuration and running qtech(config)#show sntp client 9.1.2 sntp client use sntp client command to enable sntp client. Use no sntp client command to disable sntp client. Sntp...
Page 267
【example】 !enable sntp client qtech(config)#sntp client 9.1.3 sntp client authenticate use sntp client authenticate command to enable md5 authentication of sntp client. Use no sntp client authenticate command to disable md5 authentication of sntp client. Sntp client authenticate no sntp client authe...
Page 268
Qtech(config)#sntp client authenticate 9.1.4 sntp client authentication-key use sntp client authentication-key command to configure md5 authentication-key. More than one authentication-key can be configured. Sntp client authentication-key number md5 value no sntp client authentication-key number 【 p...
Page 269
Sntp client authentication-key command configures it reliable or to be the key of unicast and anycast. 【 command configuration mode 】 global configuration mode 【 example 】 !configure sntp client md5 authentication-key, with the key id being 12,and the key being abc qtech(config)#sntp client authenti...
Page 270
Milliseconds:this keyword ranges from 1 to 9999 【 default 】 3 milliseconds 【 command configuration mode 】 global configuration mode 【 usage 】 transmission delay is necessary because client cannot time transmission delay and local time compensation in broadcast and multicast. 【 example 】 !configure b...
Page 272
【 command configuration mode 】 global configuration mode 【 example 】 !configure sntp client to operate in anycast qtech(config)#sntp client mode anycast 9.1.7 sntp client multicast ttl use sntp client multicast ttl command to configure ttl-value of multicast message. Use no sntp client multicast ttl...
Page 273
【 command configuration mode 】 global configuration mode 【 usage 】 this command should be effective by sending message through multicast address in anycast operation mode. In order to restrict the range of sending multicast message, ttl-value setting is suggested. 【example】 !configure tttl-value of ...
Page 274
【 parameter 】 seconds:resending interval ranges from 64 to 1024 seconds 【 default 】 1000 seconds 【 command configuration mode 】 global configuration mode 【 usage 】 sntp client sends requirement message regularly to the server in unicast and anycast operation mode. System time will be revised after r...
Page 275
Anycast operation mode. Use no sntp client retransmit command to configure sntp client not to retransmit requirement message. Sntp client retransmit times no sntp client retransmit 【 parameter 】 times:times of retransmit ranges from 1 to 10 【 default 】 non-retransmit(0) 【 command configuration mode ...
Page 276
Send requirement message and overtime retransmission. 【 example 】 !configure overtime retransmission to be twice qtech(config)#sntp client retransmit 2 9.1.10 sntp client retransmit-interval use sntp client retransmit-interval command to configure retransmit-interval of sntp client in unicast and an...
Page 277
Global configuration mode 【 usage 】 overtime retransmit system is used to guarantee reliable transmission of the requirement message. When there is no reply in retransmit-interval, the requirement message will be resent. 【 example 】 !configure retransmit-interval to be 10 seconds. Qtech(config)#sntp...
Page 278
Ip-address:means valid-server interface. Mainframe cannot be 0 wildcard:similar to reverse the mask 【 command configuration mode 】 global configuration mode 【 usage 】 in the mode of broadcast and multicast, sntp client checks time by receiving protocol messages sent by all servers. And it cannot fil...
Page 279
Sntp server command to remove server ip-address. Sntp server ip-address [ key number ] no sntp server 【 parameter 】 ip-address:server ip-address. Number: to encrypt message when sending requirement to server. Use the key-number to decipher the message when the reply is received. The key-number range...
Page 280
Qtech(config)#sntp server 192.168.0.100 9.1.13 sntp trusted-key use sntp trusted-key command to configure a trusted-key. Sntp trusted-key number no sntp trusted-key number 【 parameter 】 number:key id ranges from 1 to 4294967295 【 default 】 all key number is reliable 【 usage 】 in broadcast and multic...
Page 281
9-17 【 example 】 !configure trusted-key to be 12 qtech(config)#sntp trusted-key 12.
Page 283
Chapter 10 syslog configiration command 10.1 syslog configuration command syslog configuration command includes: show logging show logging buffered show logging flash show logging filter show debug logging on logging sequence-numbers logging timestamps logging monitor terminal monitor logging buffer...
Page 284
Upload logging 10.1.1 show logging use show logging command to display syslog configuration, state, and statistical information. Show logging 【 command configuration mode 】 any configuration mode 【 example 】 !display syslog configuration, state, and statistical information. Qtech(config)#show loggin...
Page 285
Xxx:means the name of the module. … means other modules are omitted. 【 command configuration mode 】 any configuration mode 【 usage 】 use keyword “level-list” to display the specified level information in list. If the “level-list” is not specified, the information of the higher level (the smaller the...
Page 286
Level:level of information ranges from 0 to 7 xxx:means the name of the module. … means other modules are omitted. 【 command configuration mode 】 any configuration mode 【 usage 】 use keyword “level-list” to display the specified level information in list. If the “level-list” is not specified, the in...
Page 287
【 parameter 】 monitor-no:means terminal number. 0 means console, and 1 to 5 means telnet terminal. Ip-address:ip address of log host(syslog server) 【 command configuration mode 】 any configuration mode 【 example 】 !display buffered filter log qtech(config)#show logging filter buffered 10.1.5 show de...
Page 288
【 example 】 !display the debug of module qtech(config)#show debug 10.1.6 logging use logging command to enable syslog. Use no logging command to disable syslog. Logging no logging 【 default 】 syslog enables 【 command configuration mode 】 global configuration mode 【 example 】 !enable syslog qtech(con...
Page 289
10.1.7 logging sequence-numbers use logging sequence-numbers command to configure global sequence number to be displayed in syslog. Use no logging sequence-numbers command to configure global sequence number not to be displayed in syslog. Logging sequence-numbers no logging sequence-numbers 【 defaul...
Page 292
【 default 】 all monitor logging disable. Filter regulations of all terminals are to allow all modules of all levels except level 6 to output information 【 command configuration mode 】 global configuration mode 【 usage 】 use keyword “level-list” to display the specified level information in list. If ...
Page 293
Output information qtech(config)#logging monitor 0 6 10.1.10 terminal monitor use terminal monitor command to enable current terminal information displaying. Use no terminal monitor command to disable current terminal information displaying. Terminal monitor no terminal monitor 【 default 】 current t...
Page 294
【 example 】 !enable current terminal information displaying qtech(config)#terminal monitor 10.1.11 logging buffered use logging buffered command to enable buffered logging and configure filter regulations. Use no logging buffered command to disable buffered logging and restore to default filter regu...
Page 295
【 default 】 all buffered logging enable. Filter regulations of all terminals are to allow all modules of levels 0 to 6 to output information 【 command configuration mode 】 global configuration mode 【 usage 】 use keyword “level-list” to display the specified level information in list. If the “level-l...
Page 296
To output information qtech(config)#logging buffered level-list 0 to 2 6 10.1.12 clear logging buffered use clear logging buffered command to clear buffered logging. Clear logging buffered 【 command configuration mode 】 any configuration mode 【 example 】 !clear buffered logging qtech(config)#clear l...
Page 298
Use keyword “level-list” to display the specified level information in list. If the “level-list” is not specified, the information of the higher level (the smaller the level number is, the higher the level is.) and the equal level will be displayed. 【 example 】 !disable flash logging qtech(config)#n...
Page 299
【 example 】 !clear flash logging qtech(config)#clear logging flash 10.1.15 logging host use logging host command to configure host ip address, and enable host logging, and configure filter regulation of syslog server. Use no logging host command to remove host ip address, disable host logging, and c...
Page 300
Ip-address:ip address of syslog server level:level of information ranges from 0 to 7 none:any level is not allowed. Xxx:means the name of the module. … means other modules are omitted. 【 default 】 all logging host enable. Filter regulations of all terminals are to allow all modules of levels 0 to 6 ...
Page 301
Level number is, the higher the level is.) and the equal level will be displayed. 【 example 】 !add a new logging host with the ip address of 1.1.1.1 qtech(config)#logging 1.1.1.1 !enable logging host 1.1.1.1 qtech(config)#logging host 1.1.1.1 !configure filter regulations of logging host 1.1.1.1 to ...
Page 302
Xxx:the name of logging facilities.… means other logging facilities are omitted. 【 default 】 default logging facility is localuse7 【 command configuration mode 】 global configuration mode 【 example 】 !configure logging facility to be localuse0 qtech(config)#logging facility localuse0 10.1.17 logging...
Page 303
Ip-address:fixed source ip address 【 default 】 not to use fixed source ip address 【 command configuration mode 】 global configuration mode 【 usage 】 the fixed source ip address must be the ip address of some port in facility to be configured, or configuration fails. If the fixed source ip address is...
Page 305
Global configuration mode 【 usage 】 use keyword “level-list” to display the specified level information in list. If the “level-list” is not specified, the information of the higher level (the smaller the level number is, the higher the level is.) and the equal level will be displayed. Configure trap...
Page 307
!enable debug of module vlan qtech(config)#debug vlan 10.1.20 upload logging use upload logging command to upload flash storage to ftp or tftp server. Upload logging tftp ip-address file-name upload logging ftp ip-address file-name user-name password 【 parameter 】 ip-address:ip address of server fil...
Page 308
10-26 !upload flash storage to tftp server 1.1.1.1,and saved file is aaa.Txt qtech(config)#upload logging tftp 1.1.1.1 aaa.Txt.
Page 309
Chapter 11 ssh configuration command 11.1 ssh configuration command list ssh configuration command includes: show ssh show keyfile ssh crypto key generate rsa crypto key zeroize rsa crypto key refresh load keyfile upload keyfile 11.1.1 show ssh use show ssh command to display ssh configuration infor...
Page 311
Disable 【 command configuration mode 】 global configuration mode 【 example 】 !enable ssh qtech(config)#ssh 11.1.4 crypto key generate rsa use crypto key generate rsa command to configure ssh to be generate rsa. Crypto key generate rsa 【 command configuration mode 】 privileged configuration mode 【 ex...
Page 312
11.1.5 crypto key zeroize rsa use crypto key zeroize rsa command to clear the keyfile in flash storage. Crypto key zeroize rsa 【 command configuration mode 】 privileged configuration mode 【 example 】 !clear keyfile in flash storage qtech#crypto key zeroize rsa 11.1.6 crypto key refresh use crypto ke...
Page 315
11-7 qtech#upload keyfile public tftp 1.1.1.1 pub.Txt.
Page 317: Command
Chapter 12 switch manage and maintenance command 12.1 configuration files management configuration files management includes: buildrun mode continue buildrun mode stop clear startup-config copy running-config startup-config copy startup-config running-config show running-config show startup-config 1...
Page 318
Buildrun mode continue 【 acaommand configuration mode 】 privileged mode 【 example 】 !configure buildrun mode to be continune qtech#buildrun mode continue 12.1.2 buildrun mode stop use buildrun mode stop command to configure buildrun mode to be stop. Buildrun mode stop 【 command configuration mode 】 ...
Page 319
12.1.3 clear startup-config use clear startup-config command to clear saved configuration. Clear startup-config 【 command configuration mode 】 privileged mode 【 usage 】 use this command to clear saved configuration and reboot switch. The switch will restore to original configuration. 【 example 】 !re...
Page 320
Privileged mode 【 example 】 !save current configuration qtech#copy running-config startup-config 12.1.5 copy startup-config running-config use copy startup-config running-config command to execute saved configuration, and executed configuration is the same as the saved one. Copy startup-config runni...
Page 321
Use show running-config command to display current configuration. Show running-config [ module-list ] 【 parameter 】 module-list : optional module. The module name can be changed with the version. 【 command configuration mode 】 any configuration mode 【 example 】 !display all configurations qtech#show...
Page 322
Module-list : optional module. The module name can be changed with the version. 【 command configuration mode 】 any configuration mode 【 example 】 !display all saved configuration qtech#show running-config !display saved configuration of garp and oam module qtech#show running-config garp oam 12.2 onl...
Page 323
Load configuration ftp load configuration tftp load configuration xmodem load whole-bootrom ftp load whole-bootrom tftp load whole-bootrom xmodem upload alarm ftp upload alarm tftp upload configuration ftp upload configuration tftp upload logging ftp upload logging tftp 12.2.1 load application ftp u...
Page 324
【 parameter 】 ftpserver-ip:ip address of ftp server filename:filename to be loaded username、userpassword:username and password of ftp server 【 command configuration mode 】 privileged mode 【 usage 】 open ftp server and set username, password and file download path before use this command. Reboot the ...
Page 325
Use load application tftp command to load application program by tftp protocol. Load application tftp tftpserver-ip filename 【 parameter 】 tftpserver-ip:ip address of tftp server filename:filename to be loaded 【 command configuration mode 】 privileged mode 【 usage 】 open tftp server and set file dow...
Page 326
Use load application xmodem command to load application program by xmodem protocol. Load application xmodem 【 command configuration mode 】 privileged mode 【 usage 】 choose “send” -> “send file” in super terminal, and input full path and filename of the file in filename dialog box, and choose xmodem ...
Page 327
Use load configuration ftp command to load configuration program by ftp protocol. Load configuration ftp ftpserver-ip filename username userpassword 【 parameter 】 ftpserver-ip:ip address of ftp server filename:filename to be loaded username、userpassword:username and password of ftp server 【 command ...
Page 328
!download configuration program abc to 192.168.0.100 by ftp qtech#load configuration ftp 192.168.0.100 abc username password 12.2.5 load configuration tftp use load configuration tftp command to load configuration program by tftp protocol. Load configuration tftp tftpserver-ip filename 【 parameter 】...
Page 329
【 example 】 !download configuration program abc to 192.168.0.100 by tftp qtech#load configuration ftp 192.168.0.100 abc 12.2.6 load configuration xmodem use load configuration xmodem command to load configuration program by xmodem protocol. Load configuration xmodem 【 command configuration mode 】 pr...
Page 330
【 example 】 !download configuration program by xmodem protocol qtech#load configuration xmodem 12.2.7 load whole-bootrom ftp use load whole-bootrom ftp command to load whole bootrom by ftp protocol. Load whole-bootrom ftp ftpserver-ip filename username userpassword 【 parameter 】 ftpserver-ip:ip addr...
Page 331
This command. 【 example 】 !download whole-bootrom abc to 192.168.0.100 by ftp qtech#load whole-bootrom ftp 192.168.0.100 abc username password 12.2.8 load whole-bootrom tftp use load whole-bootrom tftp command to load whole bootrom by tftp protocol. Load whole-bootrom tftp tftpserver-ip filename 【 p...
Page 332
【 example 】 !download whole-bootrom abc to 192.168.0.100 by tftp qtech#load whole-bootrom tftp 192.168.0.100 abc username password 12.2.9 load whole-bootrom xmodem use load whole-bootrom xmodem command to load whole bootrom by xmodem protocol. Load whole-bootrom xmodem 【 command configuration mode 】...
Page 333
!download whole bootrom by xmodem protocol qtech#load whole-bootrom xmodem 12.2.10 upload alarm ftp use upload alarm ftp command to upload alarm by ftp protocol. Upload alarm ftp ftpserver-ip filename username userpassword 【 parameter 】 ftpserver-ip:ip address of ftp server filename:filename to be u...
Page 334
Command. Alaram information saved when uploading is successful. 【 example 】 !upload alarm to 192.168.0.100 by ftp and saved as abc qtech#upload alarm ftp 192.168.0.100 abc username password 12.2.11 upload alarm tftp use upload alarm tftp command to upload alarm by tftp protocol. Upload alarm tftp tf...
Page 335
Open tftp server and set file upload path before using this command. Alaram information saved when uploading is successful. 【 example 】 !upload alarm to 192.168.0.100 by tftp and saved as abc 12.2.12 upload configuration ftp use upload configuration ftp command to upload configuration program by ftp...
Page 336
Privileged mode 【 usage 】 open ftp server and set username, password and file upload path before use this command. Configuration information saved when uploading is successful. 【 example 】 !upload configuration to 192.168.0.100 by ftp and saved as abc qtech#upload configuration ftp 192.168.0.100 abc...
Page 337
Windows operating system, con cannot be filename.) 【 command configuration mode 】 privileged mode 【 usage 】 open tftp server and set file upload path before using this command. Configuration information saved when uploading is successful. 【 example 】 !upload configuration to 192.168.0.100 by tftp an...
Page 338
Filename:filename to be uploaded which cannot be system keyword (such as in windows operating system, con cannot be filename.) username、userpassword:username and password of ftp server 【 command configuration mode 】 privileged mode 【 usage 】 open ftp server and set username, password and file upload...
Page 339
【 parameter 】 tftpserver-ip:ip address of tftp server filename:filename to be uploaded which cannot be system keyword (such as in windows operating system, con cannot be filename.) 【 command configuration mode 】 privileged mode 【 usage 】 open tftp server and set file upload path before using this co...
Page 340
Reboot switch command includes: reboot 12.3.1 reboot use reboot command to reboot switch. Reboot 【 command configuration mode 】 privileged mode 【 example 】 !reboot switch qtech#reboot 12.4 basic configuration and maintenance basic configuration and mainenance includes: bootp broadcast-suppression cl...
Page 341
Discard-bpdu dlf-forward ipaddress ipaddress vlan loopback mac-address-table mac-address-table aging-time mac-address-table learning ping show broadcast-suppression show clock show cpu show discard-bpdu show dlf-forward show ip show mac-address-table show mac-address-table aging-time show mac-addres...
Page 342
Use bootp command to enable bootp way to obtaining ip address. Use no bootp command to disable bootp. Bootp no bootp 【 default 】 bootp disables 【 usage 】 the way to obtain ip address are by bootp、dhcp、and manual operation. If bootp enables, the switch will obtainn the ip address by bootp, and dhcp o...
Page 343
Qtech(config)#bootp 12.4.2 clock set use clock set command to configure system clock. Clock set 【 parameter 】 hh:mm:ss:current time,hh ranges from 0 to 23,mm and ss range from 0 to 59 yyyy/mm/dd:means current year, month, and date. Yyyy ranges from 2000 to 2099,mm ranges from 1 to 12,and dd ranges f...
Page 344
【 example 】 !configure system clock to be 2001/01/01 0:0:0 qtech#clock set 0:0:0 2001/01/01 【 related command 】 show clock 12.4.3 dhcp use dhcp command to configure to enable dhcp to obtain ip address. Use no dhcp command to disable dhcp to obtain ip address. Dhcp no dhcp 【 default 】 not to obtain i...
Page 345
The way to obtain ip address are by bootp、dhcp、and manual operation. If dhcp enables, the switch will obtainn the ip address by dhcp, and bootp or manual operation will be error. If bootp is wanted, input no dhcp first,then input bootp. 【 example 】 !enable dhcp to obtainn ip address qtech(config)#dh...
Page 346
【 default 】 transmit unicast and multicast message. 【 usage 】 to suppress broadcast storm, and avoid network congestion can use this command to control whether to transmit destination unknown message. 【 command configuration mode 】 global configuration mode, interface configuration mode 【 example 】 ...
Page 347
Ip-address:system ip address mask:netmask gateway:if only ip address and netmask are configured, and gateway is not, the gateway will be default to be 0 【 default 】 not to obtain ip address by dhcp、bootp. 【 command configuration mode 】 global configuration mode 【 usage 】 the way to obtain ip address...
Page 348
!original way to obtain ip address is by dhcp. Change ip address by manual operation to be 192.168.0.100 qtech(config)#no dhcp qtech(config)#ipaddress 192.168.0.100 255.255.0.0 12.4.6 ipaddress vlan use ipaddress vlan command to configure and manage vlan. Ipaddress vlan vlan-id no ipaddress vlan vla...
Page 350
Qtech(config)#loopback external 12.4.8 vct run use vct run command to port vct test. Vct test for all the ports in global configuration mode. Vct test for current port in interface configuration mode. Vct run 【 command configuration mode 】 global configuration mode, interface configuration mode 【 ex...
Page 351
【 default 】 vct auto-run disables globally or on a port 【 command configuration mode 】 global configuration mode,interface configuration mode 【 example 】 !enable vct auto-run globally qtech(config)#vct auto-run !enable vct auto-run on ethernet 0/8 qtech(config-if-ethernet-0/8)#vct auto-run 12.4.10 s...
Page 353
Interface-num:number of interface for message outputting backhole:blackhole address table which is not aging, and will not be lost after switch rebooting. Message whose source or destination mac address is the same as this mac address will be dropped. Dynamic:dynamic address table which can be aging...
Page 355
!configure mac address aging time to be 600 seconds qtech(config)#mac-address-table age-time 600 12.4.13 mac-address-table learning use mac-address-table learning command to enable mac address learning. Use no mac-address-table learning command to disable mac address learning. When disabling, the me...
Page 356
Use mac-address-table learning mode command to modify ways of mac address learning. Ways of mac address learning includes: svl and ivl. Svl is shared vlan learning; and ivl is independent vlan learning. The default one is svl. This command cannot add to configuration files. Mac-address-table learnin...
Page 357
Packetsize:the length of message sending, with the unit of second timeout:the time of waiting for replying after message is sent,with the unit of second host:host ip address 【 command configuration mode 】 any configuration mode 【 usage 】 use this command to test whether the facility in the same net ...
Page 358
Flow allowed by switch. Show broadcast-suppression 【 command configuration mode 】 any configuration mode 【 example 】 !display the max number of the broadcast flow allowed by switch per second. Qtech(config)#show broadcast-suppression 12.4.17 show clock use show clock command to display system clock....
Page 359
2001/01/01 00:00:00 cct 8:00 【 related command 】 clock set 12.4.18 show cpu use show cpu command to display cpu use rate. The smaller the rate is, the busier the cpu is. Show cpu 【 command configuration mode 】 any configuration mode 【 example 】 !display cpu busy rate qtech(config)#show cpu 12.4.19 s...
Page 360
Show dlf-forward 【 command configuration mode 】 any configuration mode 【 example 】 !display onfiguration of message transmitting to unknown destination. Qtech(config)#show dlf-forward status about dlf packets forwarding forwarding unknown multicast packets : enable forwarding unknown unicast packets...
Page 362
Backhole:blackhole address table which is not aging, and will not be lost after switch rebooting. Message whose source or destination mac address is the same as this mac address will be dropped. Dynamic:dynamic address table which can be aging. Permanent:permanent address table which cannot be aging...
Page 363
Use show mac-address-table age-time command to display mac address aging time. Show mac-address-table age-time 【 command configuration mode 】 any configuration mode 【 example 】 !display mac address aging time. Qtech(config)#show mac-address-table aging-time 12.4.23 show mac-address-table learning us...
Page 364
!display mac address learning. Qtech(config)#show mac-address-table learning 12.4.24 show memory use show memory command to display memory usage. Show memory 【 command configuration mode 】 any configuration mode 【 example 】 !display memory usage qtech(config)#show memory 12.4.25 show system use show...
Page 365
【 example 】 !display system information qtech(config)#show system 12.4.26 show users use show users command to display the user information logged in. Show users 【 command configuration mode 】 any configuration mode 【 example 】 !display the user information logged in. Qtech (config)#show users 12.4....
Page 366
Any configuration mode 【 usage 】 the software information is different with different version. 【 example 】 !display system version qtech# show version 12.4.28 login-access-list telnet-limit use this command to restrict the number of telnet user (0-5) to enter privileged mode at the same time. Login-...
Page 367
Limit-no:the number of telnet user to enter privileged mode (0~5) 【 default 】 the max number is defaulted to be 5. 【 example 】 !configure only 1 telnet users can enter privileged mode qtech(config)# login-access-list telnet-limit 1 【 related command 】 show users 12.4.29 tracert use this command for ...
Page 368
Udpport:destination interface address for sending udp packet which is in the range of 1 to 65535 and defaulted to be 62929; first_ttl : initial ttl of sending packet which is in the range of 1 to 255 and defaulted to be 1; maximum_hops : the max ttl of sending packet which is in the range of 1 to 25...
Page 369
!the current ip address is 192.168.0.100 and tracert 192.168.0.200 qtech#tracert 192.168.0.200 12.5 snmp configuration snmp configuration command includes: show snmp community show snmp contact show snmp host show snmp notify show snmp location show snmp engineid show snmp group show snmp user show ...
Page 370
Snmp-server group snmp-server user snmp-server security-name 12.5.1 show snmp community use show snmp community command to display information of all snmp sever community list. Show snmp community 【 command configuration mode 】 any configuration mode 【 example 】 !display snmp community information q...
Page 371
Any configuration mode 【 usage 】 use this command when you need to contact to administrator 【 example 】 !display how to contact with administrator qtech(config)#show snmp contact 12.5.3 show snmp host use show snmp host command to display trap information of snmp server show snmp host 【 command conf...
Page 372
12.5.4 show snmp notify use show snmp notify command to display all notify information. Show snmp notify 【 command configuration mode 】 any configuration mode 【 example 】 !display all notify information qtech(config)#show snmp notify 12.5.5 show snmp location use show snmp location command to displa...
Page 374
12.5.7 show snmp group use show snmp group command to display group configuration. Show snmp group 【 command configuration mode 】 any configuration mode 【 usage 】 use this command to display configured group. 【 example 】 !display configured group qtech(config)# show snmp group 12.5.8 show snmp user ...
Page 375
【 usage 】 use this command to display configured user. 【 example 】 !display configured user qtech(config)# show snmp user 12.5.9 show snmp view use show snmp view command to display view configuration. Show snmp view 【 command configuration mode 】 any configuration mode 【 usage 】 use this command to...
Page 377
Excluding space. The default configuration view is iso. 【 command configuration mode 】 global configuration mode 【 usage 】 the community name in nosnmp-server community command should be existed. 【 example 】 !add community red,and configure privilege to be ro,and permit qtech(config)#snmp-server com...
Page 378
Administrator. Snmp-server contact syscontact no snmp-server contact 【 parameter 】 syscontact:contact way to administrator ranges from 1 to 255 printable characters. 【 default 】 “qtech moscow russia (http://www.Qtech.Ru)” 【 command configuration mode 】 global configuration mode 【 usage 】 use quotati...
Page 380
【 command configuration mode 】 global configuration mode 【 usage 】 community cannot be vacant in snmp-server host version command. Community name in no snmp-server host command must be the same as that in snmp-server host. 【 example 】 !configure trap in snmp server, the ip address is configured to b...
Page 381
Syslocation:the charater string of system location ranges from 1 to 255 printable characters. 【 command configuration mode 】 global configuration mode 【 usage 】 use quotation mark to quote space in charater string. 【 example 】 !configure system location to be sample syslocation factory。 qtech(config...
Page 382
Sysname:the charater string of system name ranges from 1 to 255 printable characters. 【 default 】 the default system name is“qtech” 【 command configuration mode 】 global configuration mode 【 usage 】 use quotation mark to quote space in charater string. 【 example 】 !configure system name to be qtech ...
Page 383
Snmp-server enable traps [ notificationtype-list ] no snmp-server enable traps [ notificationtype-list ] 【 parameter 】 notificationtype-list:notificationtype list defined by system. To enable or disable specified notification type by choose one or serval type. If the keyword is vacant, all types of ...
Page 385
【 usage 】 system cannot be sure whether the vlan and supervlan of the input vlan-id or supervlan-id are existed or not and whether they have interface and the ip address of interfaces are also not sure. 【 example 】 !configure trap source-address to be the ip address of interface 1 of vlan qtech(conf...
Page 386
System only supports printable characters of engine id which excludes space. Ip-address is remote engine ip address. Local ip address is not allowed to input. Port-number is remote engine port number. Default port number is 162 【 default 】 default local engine id is 134640000000000000000000 【 comman...
Page 387
Ip to be 1.1.1.1,and port number to be 888,and id to be 1234 qtech(config)# snmp-server engineid remote 1.1.1.1 udp-port 888 1234 !display local engine configuration qtech(config)# show snmp engineid local 12.5.18 snmp-server view use snmp-server view command to configure view. Snmp-server view view...
Page 388
【 command configuration mode 】 global configuration mode 【 usage 】 at most 64 views can be configured, and the sum of the number of characters in view name string and the number of oid nodes should not be more than 62. 【 example 】 !add view “view1”,and configure it to have a subtree “1.3.6.1” qtech(...
Page 390
Folowing groups are default to exist: (1) security model is v3,the security level is differentiated group initial ; (2) security model is v3,the security level is differentiated encrypt group initial 【 command configuration mode 】 global configuration mode 【 usage 】 at most 64 groups can be configur...
Page 392
Authpassword is authentication password. Unencrypted password ranges from 1 to 32 characters. To avoid disclosing, this password should be encrypted. To configured encrypted password needs client-side which supports encryption to encrypt password, and use encrypted cryptograph to do the configuratio...
Page 393
Ranes from 16 byte. 【 default 】 following users are default to exist: (1) initialmd5 ( required md5 authentication ), (2) initialsha ( required sha authentication ), (3) initialnone ( non- authentication ) 【 command configuration mode 】 global configuration mode 【 usage 】 at most 64 groups can be co...
Page 394
Qtech(config)# snmp-server user user2 grp2 auth md5 auth-password 1234 !add user “user3” for local engine to group “grp3”,and configure this user to use md5 authentication and des encryption with the auth-password to be 1234 and privpassword to be 4321 qtech(config)# snmp-server user user3 grp3 auth...
Page 396
Qtech(config)#login-access-list telnet 192.168.0.100 0.0.0.0 qtech(config)#no login-access-list telnet 0.0.0.0 255.255.255.255 12.6.2 show login-access-list use show login-access-list command to display all ip address allowed by web, snmp, telnet management system. Show login-access-list 【 command c...
Page 397
Show alarm cpu 12.7.1 alarm cpu use alarm cpu command to enable cpu alarm. Use no alarm cpu command to disable cpu alarm. Alarm cpu no alarm cpu 【 default 】 enable cpu alarm 【 command configuration mode 】 global configuration mode 【 example 】 !enable cpu alarm qtech(config)#alarm cpu 12.7.2 alarm cp...
Page 398
No alarm cpu 【 parameter 】 busy :cpu busy threshold ranges from 0 to 100 unbusy: cpu unbusy threshold ranges from 0 to 100 【 default 】 default cpu busy threshold is 90,and cpu unbusy threshold is 60 【 command configuration mode 】 global configuration mode 【 usage 】 busy > unbusy 【 example 】 !configu...
Page 399
Use show alarm cpu command to display cpu alarm information. Show alarm cpu 【 command configuration mode 】 any configuration mode 【 example 】 !display cpu alarm information qtech(config)#show alarm cpu cpu status alarm : enable cpu busy threshold(%) : 90 cpu unbusy threshold(%) : 60 cpu status : unb...
Page 400
Use anti-dos ip fragment command to configure maximum ip fragment message anti-dos ip fragment maxnum 【 parameter 】 maximum:maximum number 【 default 】 800 【 command configuration mode 】 global configuration mode 【 example 】 !configure maximum ip fragment message to be 30 qtech(config)#anti-dos ip fr...
Page 401
【 command configuration mode 】 any configuration mode 【 example 】 !display related information qtech(config)#show anti-dos 12-85.
Page 403
Global configuration mode 【 example 】 !enable global lldp qtech(config)#lldp 13.1.2 lldp hello-time use lldp hello-time command to configure lldp hello-time. Use no lldp hello -time command to restore to default lldp hello-time. Lldp hello-time 5-32768> no lldp hello -time 【 default 】 default lldp h...
Page 404
!configure lldp hello-time to be 20 seconds qtech(config)#lldp hello-time 20 13.1.3 lldp hold-time use lldp hold-time command to configure lldp hold-time. Use no lldp hold-time command to restore lldp hold-time. Lldp hold-time 2-10> no lldp hold-time 【 default 】 default lldp hold-time is 4 【 command...
Page 406
13-90 any configuration mode 【 example 】 !display lldp information of e 0/1 qtech(config)#show lldp interface ethernet 0/1.